From bc9e3b1843b2b663fae76d13be071769e9413ff5 Mon Sep 17 00:00:00 2001
From: Mikael Nordfeldth <mmn@hethane.se>
Date: Sat, 3 Oct 2015 23:51:06 +0200
Subject: [PATCH] Remove XSS attack vector in JoinListItem

---
 plugins/Activity/lib/joinlistitem.php | 26 --------------------------
 1 file changed, 26 deletions(-)

diff --git a/plugins/Activity/lib/joinlistitem.php b/plugins/Activity/lib/joinlistitem.php
index 6e3dbcf62a..5a481f767a 100644
--- a/plugins/Activity/lib/joinlistitem.php
+++ b/plugins/Activity/lib/joinlistitem.php
@@ -46,30 +46,4 @@ if (!defined('STATUSNET')) {
  */
 class JoinListItem extends SystemListItem
 {
-    function showContent()
-    {
-        $notice = $this->nli->notice;
-        $out    = $this->nli->out;
-
-        $mem = Group_member::getKV('uri', $notice->uri);
-
-        if (!empty($mem)) {
-            $out->elementStart('div', 'join-activity');
-            $profile = $mem->getMember();
-            $group = $mem->getGroup();
-
-            // TRANS: Text for "joined list" item in activity plugin.
-            // TRANS: %1$s is a profile URL, %2$s is a profile name,
-            // TRANS: %3$s is a group home URL, %4$s is a group name.
-            $out->raw(sprintf(_m('<a href="%1$s">%2$s</a> joined the group <a href="%3$s">%4$s</a>.'),
-                                $profile->profileurl,
-                                $profile->getBestName(),
-                                $group->homeUrl(),
-                                $group->getBestName()));
-
-            $out->elementEnd('div');
-        } else {
-            parent::showContent();
-        }
-    }
 }
-- 
2.39.5