dangerous values in usernames for shared messages from diaspora are now encoded.

author Michael Vogel <icarus@dabo.de>

Mon, 2 Dec 2013 19:26:57 +0000 (20:26 +0100)

committer Michael Vogel <icarus@dabo.de>

Mon, 2 Dec 2013 19:26:57 +0000 (20:26 +0100)
author Michael Vogel <icarus@dabo.de>
Mon, 2 Dec 2013 19:26:57 +0000 (20:26 +0100)
committer Michael Vogel <icarus@dabo.de>
Mon, 2 Dec 2013 19:26:57 +0000 (20:26 +0100)
diff --git a/include/diaspora.php b/include/diaspora.php

index 0deb3cc2bb86222ec9aa153f98d51b698ef9bafb..abc518cd59edc2c3930e4153c2f3997d3f8b0f26 100755 (executable)
--- a/include/diaspora.php
+++ b/include/diaspora.php
@@ -1041,10 +1041,10 @@ function diaspora_reshare($importer,$xml,$msg) {
         $datarray['owner-link'] = $contact['url'];
         $datarray['owner-avatar'] = ((x($contact,'thumb')) ? $contact['thumb'] : $contact['photo']);
         if (!intval(get_config('system','wall-to-wall_share'))) {
-               $prefix = "[share author='".str_replace("'", "&#039;",$person['name']).
+               $prefix = "[share author='".str_replace(array("'", "[", "]"), array("&#x27;", "&#x5B;", "&#x5D;"),$person['name']).
                                 "' profile='".$person['url'].
                                 "' avatar='".((x($person,'thumb')) ? $person['thumb'] : $person['photo']).
-                               "' link='".$orig_url."']";
+                               "' link='".str_replace(array("'", "[", "]"), array("&#x27;", "&#x5B;", "&#x5D;"),$orig_url)."']";
                 $datarray['author-name'] = $contact['name'];
                 $datarray['author-link'] = $contact['url'];
                 $datarray['author-avatar'] = $contact['thumb'];
author	Michael Vogel <icarus@dabo.de>
	Mon, 2 Dec 2013 19:26:57 +0000 (20:26 +0100)
committer	Michael Vogel <icarus@dabo.de>
	Mon, 2 Dec 2013 19:26:57 +0000 (20:26 +0100)