}
// RENAME photo album
- $newalbum = Strings::escapeTags(trim($_POST['albumname']));
+ $newalbum = trim($_POST['albumname']);
if ($newalbum != $album) {
Photo::update(['album' => $newalbum], ['album' => $album, 'uid' => $page_owner_uid]);
// Update the photo albums cache
use Friendica\Model\Post;
use Friendica\Model\Tag;
use Friendica\Protocol\Activity;
-use Friendica\Util\Strings;
use Friendica\Util\XML;
use Friendica\Worker\Delivery;
return;
}
- $term = Strings::escapeTags(trim($_GET['term']));
+ $term = trim($_GET['term']);
// no commas allowed
- $term = str_replace([',',' '],['','_'],$term);
+ $term = str_replace([',',' ', '<', '>'],['','_', '', ''], $term);
if (!$term) {
return;
}
- $item_id = ((DI::args()->getArgc() > 1) ? Strings::escapeTags(trim(DI::args()->getArgv()[1])) : 0);
+ $item_id = ((DI::args()->getArgc() > 1) ? trim(DI::args()->getArgv()[1]) : 0);
Logger::notice('tagger: tag ' . $term . ' item ' . $item_id);
*/
public static function performContactSearch($search, $prefix = '')
{
- $a = DI::app();
$config = DI::config();
$type = Search::TYPE_ALL;
$recipients = !empty($_POST['recipients']) ? explode("\n", $_POST['recipients']) : [];
- $message = !empty($_POST['message']) ? Strings::escapeTags(trim($_POST['message'])) : '';
+ $message = !empty($_POST['message']) ? Strings::escapeHtml(trim($_POST['message'])) : '';
$total = 0;
$invitation_only = false;
use Friendica\DI;
use Friendica\Module\BaseSearch;
use Friendica\Module\Security\Login;
-use Friendica\Util\Strings;
/**
* Directory search module
return Login::form();
}
- $search = Strings::escapeTags(trim(rawurldecode($_REQUEST['search'] ?? '')));
+ $search = trim(rawurldecode($_REQUEST['search'] ?? ''));
if (empty(DI::page()['aside'])) {
DI::page()['aside'] = '';
use Friendica\Model\Tag;
use Friendica\Module\BaseSearch;
use Friendica\Network\HTTPException;
-use Friendica\Util\Strings;
class Index extends BaseSearch
{
public static function content(array $parameters = [])
{
- $search = (!empty($_GET['q']) ? Strings::escapeTags(trim(rawurldecode($_GET['q']))) : '');
+ $search = (!empty($_GET['q']) ? trim(rawurldecode($_GET['q'])) : '');
if (DI::config()->get('system', 'block_public') && !Session::isAuthenticated()) {
throw new HTTPException\ForbiddenException(DI::l10n()->t('Public access denied.'));
$tag = false;
if (!empty($_GET['tag'])) {
$tag = true;
- $search = '#' . Strings::escapeTags(trim(rawurldecode($_GET['tag'])));
+ $search = '#' . trim(rawurldecode($_GET['tag']));
}
// contruct a wrapper for the search header
use Friendica\Core\Search;
use Friendica\Database\DBA;
use Friendica\DI;
-use Friendica\Util\Strings;
class Saved extends BaseModule
{
public static function init(array $parameters = [])
{
$action = DI::args()->get(2, 'none');
- $search = Strings::escapeTags(trim(rawurldecode($_GET['term'] ?? '')));
+ $search = trim(rawurldecode($_GET['term'] ?? ''));
$return_url = $_GET['return_url'] ?? Search::getSearchPath($search);
return !empty($hexCode) ? @preg_match("/^[a-f0-9]{2,}$/i", $hexCode) && !(strlen($hexCode) & 1) : false;
}
- /**
- * This is our primary input filter.
- *
- * Use this on any text input where angle chars are not valid or permitted
- * They will be replaced with safer brackets. This may be filtered further
- * if these are not allowed either.
- *
- * @param string $string Input string
- * @return string Filtered string
- * @deprecated since 2020.09 Please use Smarty default HTML escaping for templates or htmlspecialchars() otherwise
- */
- public static function escapeTags($string)
- {
- return str_replace(["<", ">"], ['[', ']'], $string);
- }
-
/**
* Use this on "body" or "content" input where angle chars shouldn't be removed,
* and allow them to be safely displayed.
{
$invalidstring='<submit type="button" onclick="alert(\'failed!\');" />';
- $validstring = Strings::escapeTags($invalidstring);
$escapedString = Strings::escapeHtml($invalidstring);
- self::assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);
self::assertEquals(
"<submit type="button" onclick="alert('failed!');" />",
$escapedString
<div id="directory-search-wrapper">
<form id="directory-search-form" action="{{$search_mod}}" method="get">
- <span class="dirsearch-desc">{{$desc nofilter}}</span>
+ <span class="dirsearch-desc">{{$desc}}</span>
<input type="text" name="search" id="directory-search" class="search-input" onfocus="this.select();" value="{{$search}}" />
<input type="submit" name="submit" id="directory-search-submit" value="{{$submit}}" class="button" />
</form>
<div class="col-md-2"></div>
<div class="col-md-8 ">
<div class="form-group form-group-search">
- <input type="text" name="search" id="directory-search" class="search-input form-control form-search" onfocus="this.select();" value="{{$search}}" placeholder="{{$desc nofilter}}"/>
+ <input type="text" name="search" id="directory-search" class="search-input form-control form-search" onfocus="this.select();" value="{{$search}}" placeholder="{{$desc}}"/>
<button class="btn btn-default btn-sm form-button-search" type="submit" id="directory-search-submit">{{$submit}}</button>
</div>
</div>