eliseuamaro/gnu-social
1
0
Fork 0
forked from GNUsocial/gnu-social
Code Issues Pull Requests Releases Wiki Activity

Ticket #2244: fix to interpretation of escaped HTML and plaintext Atom content on incoming OStatus messages.

Browse Source 
We were double-unescaping for <content type="html">, turning &lt;b&gt; escaped chars into literal tags (which then may get removed entirely by the HTML scrubber).
This commit is contained in:
Brion Vibber 2010-03-17 17:35:27 -07:00
parent 5d1295f233
commit 55a54d6f6a
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/activity.php
View File

@ -458,11 +458,14 @@ class ActivityUtils
// slavishly following http://atompub.org/rfc4287.html#rfc.section.4.1.3.3 // slavishly following http://atompub.org/rfc4287.html#rfc.section.4.1.3.3
if (empty($type) || $type == 'text') { if (empty($type) || $type == 'text') {
return $contentEl->textContent; // Plain text source -- let's turn it into HTML!
return htmlspecialchars($contentEl->textContent);
} else if ($type == 'html') { } else if ($type == 'html') {
$text = $contentEl->textContent; // The XML text decoding gives us an HTML string ready to roll.
return htmlspecialchars_decode($text, ENT_QUOTES); return $contentEl->textContent, ENT_QUOTES;
} else if ($type == 'xhtml') { } else if ($type == 'xhtml') {
// Embedded XHTML; we have to pull it out of the document tree,
// then serialize it back out to an HTML fragment string.
$divEl = ActivityUtils::child($contentEl, 'div', 'http://www.w3.org/1999/xhtml'); $divEl = ActivityUtils::child($contentEl, 'div', 'http://www.w3.org/1999/xhtml');
if (empty($divEl)) { if (empty($divEl)) {
return null; return null;