From 4ce320fc791f2ad4d848c45098214df92536ccde Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 25 Nov 2018 19:48:26 +0000 Subject: [PATCH] Contact search is now escaped --- mod/acl.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/mod/acl.php b/mod/acl.php index cb378dc27c..86eafe2902 100644 --- a/mod/acl.php +++ b/mod/acl.php @@ -127,7 +127,7 @@ function acl_content(App $a) $groups[] = [ 'type' => 'g', 'photo' => 'images/twopeople.png', - 'name' => htmlentities($g['name']), + 'name' => htmlspecialchars($g['name']), 'id' => intval($g['id']), 'uids' => array_map('intval', explode(',', $g['uids'])), 'link' => '', @@ -198,7 +198,7 @@ function acl_content(App $a) foreach ($r as $g) { $contacts[] = [ 'photo' => ProxyUtils::proxifyUrl($g['photo'], false, ProxyUtils::SIZE_MICRO), - 'name' => $g['name'], + 'name' => htmlspecialchars($g['name']), 'nick' => defaults($g, 'addr', $g['url']), 'network' => $g['network'], 'link' => $g['url'], @@ -220,7 +220,7 @@ function acl_content(App $a) $entry = [ 'type' => 'c', 'photo' => ProxyUtils::proxifyUrl($g['micro'], false, ProxyUtils::SIZE_MICRO), - 'name' => htmlentities($g['name']), + 'name' => htmlspecialchars($g['name']), 'id' => intval($g['id']), 'network' => $g['network'], 'link' => $g['url'], @@ -281,7 +281,7 @@ function acl_content(App $a) $unknown_contacts[] = [ 'type' => 'c', 'photo' => ProxyUtils::proxifyUrl($contact['micro'], false, ProxyUtils::SIZE_MICRO), - 'name' => htmlentities($contact['name']), + 'name' => htmlspecialchars($contact['name']), 'id' => intval($contact['cid']), 'network' => $contact['network'], 'link' => $contact['url'], -- 2.39.5