Remember to purify HTML...

author Mikael Nordfeldth <mmn@hethane.se>

Sat, 5 Dec 2015 14:56:50 +0000 (15:56 +0100)

committer Mikael Nordfeldth <mmn@hethane.se>

Sat, 5 Dec 2015 14:56:50 +0000 (15:56 +0100)
author Mikael Nordfeldth <mmn@hethane.se>
Sat, 5 Dec 2015 14:56:50 +0000 (15:56 +0100)
committer Mikael Nordfeldth <mmn@hethane.se>
Sat, 5 Dec 2015 14:56:50 +0000 (15:56 +0100)
diff --git a/classes/Notice.php b/classes/Notice.php

index 8f4d63c8927a6a4e7e5809c4ea44a65b6b8bba43..6fe2e4c76ad6e9dfee40f509932792dc13f9a499 100644 (file)
--- a/classes/Notice.php
+++ b/classes/Notice.php
@@ -814,7 +814,7 @@ class Notice extends Managed_DataObject
          // Use the local user's shortening preferences, if applicable.
          $stored->rendered = $actor->isLocal()
                                  ? $actor->shortenLinks($act->content)
-                                : $act->content;
+                                : common_purify($act->content);
          $stored->content = common_strip_html($stored->rendered);
  
          // Maybe a missing act-time should be fatal if the actor is not local?
author	Mikael Nordfeldth <mmn@hethane.se>
	Sat, 5 Dec 2015 14:56:50 +0000 (15:56 +0100)
committer	Mikael Nordfeldth <mmn@hethane.se>
	Sat, 5 Dec 2015 14:56:50 +0000 (15:56 +0100)