From: Michael Vogel Date: Sun, 16 Feb 2014 16:35:01 +0000 (+0100) Subject: parse url: Characters like < and > has to be escaped when showing the parsed output. X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=7cba752f8a3e3296340f733915526ffdfa66f1ef;p=friendica.git parse url: Characters like < and > has to be escaped when showing the parsed output. --- diff --git a/mod/parse_url.php b/mod/parse_url.php index cf52011f15..66ad1e57ce 100644 --- a/mod/parse_url.php +++ b/mod/parse_url.php @@ -327,12 +327,14 @@ function parse_url_content(&$a) { if($url && $title && $text) { + $title = str_replace(array("\r","\n"),array('',''),$title); + if($textmode) $text = '[quote]' . trim($text) . '[/quote]' . $br; - else - $text = '
' . trim($text) . '

'; - - $title = str_replace(array("\r","\n"),array('',''),$title); + else { + $text = '
' . htmlspecialchars(trim($text)) . '

'; + $title = htmlspecialchars($title); + } $result = sprintf($template,$url,($title) ? $title : $url,$text) . $str_tags; @@ -381,7 +383,7 @@ function parse_url_content(&$a) { if($textmode) $text = '[quote]'.trim($text).'[/quote]'; else - $text = '
'.trim($text).'
'; + $text = '
'.htmlspecialchars(trim($text)).'
'; } if($image) {