From 55a54d6f6a98e02e204a59ebb7e6f9ea9d99ab5b Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@pobox.com>
Date: Wed, 17 Mar 2010 17:35:27 -0700
Subject: [PATCH] Ticket #2244: fix to interpretation of escaped HTML and
 plaintext Atom content on incoming OStatus messages. We were
 double-unescaping for <content type="html">, turning &lt;b&gt; escaped chars
 into literal tags (which then may get removed entirely by the HTML scrubber).

---
 lib/activity.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/activity.php b/lib/activity.php
index d84eabf7c4..d7e13052d4 100644
--- a/lib/activity.php
+++ b/lib/activity.php
@@ -458,11 +458,14 @@ class ActivityUtils
             // slavishly following http://atompub.org/rfc4287.html#rfc.section.4.1.3.3
 
             if (empty($type) || $type == 'text') {
-                return $contentEl->textContent;
+                // Plain text source -- let's turn it into HTML!
+                return htmlspecialchars($contentEl->textContent);
             } else if ($type == 'html') {
-                $text = $contentEl->textContent;
-                return htmlspecialchars_decode($text, ENT_QUOTES);
+                // The XML text decoding gives us an HTML string ready to roll.
+                return $contentEl->textContent, ENT_QUOTES;
             } else if ($type == 'xhtml') {
+                // Embedded XHTML; we have to pull it out of the document tree,
+                // then serialize it back out to an HTML fragment string.
                 $divEl = ActivityUtils::child($contentEl, 'div', 'http://www.w3.org/1999/xhtml');
                 if (empty($divEl)) {
                     return null;
-- 
2.39.2