$code = 403, $apidata['content-type']);
return;
}
-
- $message = Message::saveNew($user->id, $other->id, $content, $source);
+
+ $message = Message::saveNew($user->id, $other->id,
+ html_entity_decode($content, ENT_NOQUOTES, 'UTF-8'), $source);
if (is_string($message)) {
$this->server_error($message);
$nurl = common_local_url('shownotice', array('notice' => $notice->id));
$creator_uri = common_profile_uri($profile);
common_element_start('item', array('rdf:about' => $notice->uri));
- $title = $profile->nickname . ': ' . $notice->content;
+ $title = $profile->nickname . ': ' . common_xml_safe_str($notice->content);
common_element('title', NULL, $title);
common_element('link', NULL, $nurl);
common_element('description', NULL, $profile->nickname."'s status on ".common_exact_date($notice->created));
$profile = $notice->getProfile();
$twitter_status = array();
- $twitter_status['text'] = $notice->content;
+ $twitter_status['text'] = common_xml_safe_str($notice->content);
$twitter_status['truncated'] = 'false'; # Not possible on Laconica
$twitter_status['created_at'] = $this->date_twitter($notice->created);
$twitter_status['in_reply_to_status_id'] = ($notice->reply_to) ? intval($notice->reply_to) : NULL;
$server = common_config('site', 'server');
$entry = array();
-
- $entry['content'] = $profile->nickname . ': ' . $notice->content;
+
+ $entry['content'] = $profile->nickname . ': ' . common_xml_safe_str($notice->content);
$entry['title'] = $entry['content'];
$entry['link'] = common_local_url('shownotice', array('notice' => $notice->id));
$entry['published'] = common_date_iso8601($notice->created);
$entry['title'] = sprintf('Message from %s to %s',
$message->getFrom()->nickname, $message->getTo()->nickname);
- $entry['content'] = $message->content;
+ $entry['content'] = common_xml_safe_str($message->content);
$entry['link'] = $message->uri;
$entry['published'] = common_date_iso8601($message->created);
$entry['id'] = "tag:$server,2008:$entry[link]";
$entry['updated'] = $entry['published'];
# RSS Item specific
- $entry['description'] = $message->content;
+ $entry['description'] = $entry['content'];
$entry['pubDate'] = common_date_rfc2822($message->created);
$entry['guid'] = $entry['link'];
$to_profile = $message->getTo();
$twitter_dm['id'] = $message->id;
- $twitter_dm['sender_id'] = $message->from_profile;
- $twitter_dm['text'] = $message->content;
+ $twitter_dm['sender_id'] = $message->from_profile;
+ $twitter_dm['text'] = common_xml_safe_str($message->content);
$twitter_dm['recipient_id'] = $message->to_profile;
$twitter_dm['created_at'] = $this->date_twitter($message->created);
$twitter_dm['sender_screen_name'] = $from_profile->nickname;
}
return $source_name;
}
-
+
}
\ No newline at end of file
}
function common_render_text($text) {
- $r = htmlentities($text, ENT_NOQUOTES, 'UTF-8');
+ $r = htmlspecialchars($text);
$r = preg_replace('/[\x{0}-\x{8}\x{b}-\x{c}\x{e}-\x{19}]/', '', $r);
$r = preg_replace_callback('@https?://[^\]>\s]+@', 'common_render_uri_thingy', $r);
return '<a href="' . $uri . '" class="extlink">' . $uri . '</a>' . $trailer;
}
+function common_xml_safe_str($str) {
+ $xmlStr = htmlentities(iconv('UTF-8', 'UTF-8//IGNORE', $str), ENT_NOQUOTES, 'UTF-8');
+
+ // Replace control, formatting, and surrogate characters with '*', ala Twitter
+ return preg_replace('/[\p{Cc}\p{Cf}\p{Cs}]/u', '*', $str);
+}
+
function common_tag_link($tag) {
$canonical = common_canonical_tag($tag);
$url = common_local_url('tag', array('tag' => $canonical));