No XSS

2018-08-01 01:32:41 +01:00 · 2018-08-01 01:32:41 +01:00 · 42bfb78184
commit 42bfb78184
parent 6943eee623
3 changed files with 5 additions and 5 deletions
--- a/actions/inbox/Create.php
+++ b/actions/inbox/Create.php
@ -144,7 +144,7 @@ ToSelector::fillActivity($this, $act, $options);

 $actobj = new ActivityObject();
 $actobj->type = ActivityObject::NOTE;
-$actobj->content = $content; //common_render_content($content, $actor_profile, $inReplyTo);
+$actobj->content = strip_tags($content,'<p><b><i><u><a><ul><ol><li>');

 // Finally add the activity object to our activity
 $act->objects[] = $actobj;
--- a/actions/inbox/Like.php
+++ b/actions/inbox/Like.php
@ -36,7 +36,7 @@ try {
        ActivityPubReturn::error("Invalid Object specified.");
    }
    Fave::addNew($actor_profile, $object_notice);
-    ActivityPubReturn::answer(Activitypub_like::like_to_array($data->actor, $object_notice));
+    ActivityPubReturn::answer(Activitypub_like::like_to_array($data->actor, $data->object));
 } catch (Exception $e) {
    ActivityPubReturn::error($e->getMessage(), 403);
 }