No XSS
This commit is contained in:
Diogo Cordeiro
parent
6943eee623
commit
42bfb78184
@ -144,7 +144,7 @@ ToSelector::fillActivity($this, $act, $options);
|
|||||||
|
|
||||||
$actobj = new ActivityObject();
|
$actobj = new ActivityObject();
|
||||||
$actobj->type = ActivityObject::NOTE;
|
$actobj->type = ActivityObject::NOTE;
|
||||||
$actobj->content = $content; //common_render_content($content, $actor_profile, $inReplyTo);
|
$actobj->content = strip_tags($content,'<p><b><i><u><a><ul><ol><li>');
|
||||||
|
|
||||||
// Finally add the activity object to our activity
|
// Finally add the activity object to our activity
|
||||||
$act->objects[] = $actobj;
|
$act->objects[] = $actobj;
|
||||||
|
|||||||
@ -36,7 +36,7 @@ try {
|
|||||||
ActivityPubReturn::error("Invalid Object specified.");
|
ActivityPubReturn::error("Invalid Object specified.");
|
||||||
}
|
}
|
||||||
Fave::addNew($actor_profile, $object_notice);
|
Fave::addNew($actor_profile, $object_notice);
|
||||||
ActivityPubReturn::answer(Activitypub_like::like_to_array($data->actor, $object_notice));
|
ActivityPubReturn::answer(Activitypub_like::like_to_array($data->actor, $data->object));
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
ActivityPubReturn::error($e->getMessage(), 403);
|
ActivityPubReturn::error($e->getMessage(), 403);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -76,11 +76,11 @@ case "Follow":
|
|||||||
Activitypub_accept::accept_to_array(
|
Activitypub_accept::accept_to_array(
|
||||||
Activitypub_follow::follow_to_array(
|
Activitypub_follow::follow_to_array(
|
||||||
$actor_profile->getUrl(),
|
$actor_profile->getUrl(),
|
||||||
$object_profile->getUrl()
|
$object_profile->getUrl()
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
} else {
|
} else {
|
||||||
ActivityPubReturn::error("You are not following this person already.", 409);
|
ActivityPubReturn::error("You are not following this person already.", 409);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user