eliseuamaro
/
gnu-social
forked from GNUsocial/gnu-social
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Scrub all atom output with common_xml_safe_str()

This commit is contained in:
Zach Copley 2010-03-12 01:12:30 +00:00
parent 7cdcb89dc9
commit 78f0d6bbd2
4 changed files with 37 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
classes/Notice.php
View File

@ -1151,7 +1151,7 @@ class Notice extends Memcached_DataObject
$xs->elementEnd('source'); $xs->elementEnd('source');
} }
$xs->element('title', null, $this->content); $xs->element('title', null, common_xml_safe_str($this->content));
if ($author) { if ($author) {
$xs->raw($profile->asAtomAuthor()); $xs->raw($profile->asAtomAuthor());
@ -1227,7 +1227,11 @@ class Notice extends Memcached_DataObject
} }
} }
$xs->element('content', array('type' => 'html'), $this->rendered); $xs->element(
'content',
array('type' => 'html'),
common_xml_safe_str($this->rendered)
);
$tag = new Notice_tag(); $tag = new Notice_tag();
$tag->notice_id = $this->id; $tag->notice_id = $this->id;

8
classes/User_group.php
View File

@ -379,7 +379,7 @@ class User_group extends Memcached_DataObject
} }
$xs->element('title', null, $this->nickname); $xs->element('title', null, $this->nickname);
$xs->element('summary', null, $this->description); $xs->element('summary', null, common_xml_safe_str($this->description));
$xs->element('link', array('rel' => 'alternate', $xs->element('link', array('rel' => 'alternate',
'href' => $this->permalink())); 'href' => $this->permalink()));
@ -389,7 +389,11 @@ class User_group extends Memcached_DataObject
$xs->element('published', null, common_date_w3dtf($this->created)); $xs->element('published', null, common_date_w3dtf($this->created));
$xs->element('updated', null, common_date_w3dtf($this->modified)); $xs->element('updated', null, common_date_w3dtf($this->modified));
$xs->element('content', array('type' => 'html'), $this->description); $xs->element(
'content',
array('type' => 'html'),
common_xml_safe_str($this->description)
);
$xs->elementEnd('entry'); $xs->elementEnd('entry');

23
lib/activity.php
View File

@ -78,7 +78,7 @@ class PoCoAddress
if (!empty($this->formatted)) { if (!empty($this->formatted)) {
$xs = new XMLStringer(true); $xs = new XMLStringer(true);
$xs->elementStart('poco:address'); $xs->elementStart('poco:address');
$xs->element('poco:formatted', null, $this->formatted); $xs->element('poco:formatted', null, common_xml_safe_str($this->formatted));
$xs->elementEnd('poco:address'); $xs->elementEnd('poco:address');
return $xs->getString(); return $xs->getString();
} }
@ -279,7 +279,7 @@ class PoCo
); );
if (!empty($this->note)) { if (!empty($this->note)) {
$xs->element('poco:note', null, $this->note); $xs->element('poco:note', null, common_xml_safe_str($this->note));
} }
if (!empty($this->address)) { if (!empty($this->address)) {
@ -805,7 +805,6 @@ class ActivityObject
return $object; return $object;
} }
function asString($tag='activity:object') function asString($tag='activity:object')
{ {
$xs = new XMLStringer(true); $xs = new XMLStringer(true);
@ -817,16 +816,28 @@ class ActivityObject
$xs->element(self::ID, null, $this->id); $xs->element(self::ID, null, $this->id);
if (!empty($this->title)) { if (!empty($this->title)) {
$xs->element(self::TITLE, null, $this->title); $xs->element(
self::TITLE,
null,
common_xml_safe_str($this->title)
);
} }
if (!empty($this->summary)) { if (!empty($this->summary)) {
$xs->element(self::SUMMARY, null, $this->summary); $xs->element(
self::SUMMARY,
null,
common_xml_safe_str($this->summary)
);
} }
if (!empty($this->content)) { if (!empty($this->content)) {
// XXX: assuming HTML content here // XXX: assuming HTML content here
$xs->element(ActivityUtils::CONTENT, array('type' => 'html'), $this->content); $xs->element(
ActivityUtils::CONTENT,
array('type' => 'html'),
common_xml_safe_str($this->content)
);
} }
if (!empty($this->link)) { if (!empty($this->link)) {

12
lib/apiaction.php
View File

@ -743,8 +743,12 @@ class ApiAction extends Action
function showTwitterAtomEntry($entry) function showTwitterAtomEntry($entry)
{ {
$this->elementStart('entry'); $this->elementStart('entry');
$this->element('title', null, $entry['title']); $this->element('title', null, common_xml_safe_str($entry['title']));
$this->element('content', array('type' => 'html'), $entry['content']); $this->element(
'content',
array('type' => 'html'),
common_xml_safe_str($entry['content'])
);
$this->element('id', null, $entry['id']); $this->element('id', null, $entry['id']);
$this->element('published', null, $entry['published']); $this->element('published', null, $entry['published']);
$this->element('updated', null, $entry['updated']); $this->element('updated', null, $entry['updated']);
@ -859,7 +863,7 @@ class ApiAction extends Action
$this->initDocument('atom'); $this->initDocument('atom');
$this->element('title', null, $title); $this->element('title', null, common_xml_safe_str($title));
$this->element('id', null, $id); $this->element('id', null, $id);
$this->element('link', array('href' => $link, 'rel' => 'alternate', 'type' => 'text/html'), null); $this->element('link', array('href' => $link, 'rel' => 'alternate', 'type' => 'text/html'), null);
@ -869,7 +873,7 @@ class ApiAction extends Action
} }
$this->element('updated', null, common_date_iso8601('now')); $this->element('updated', null, common_date_iso8601('now'));
$this->element('subtitle', null, $subtitle); $this->element('subtitle', null, common_xml_safe_str($subtitle));
if (is_array($group)) { if (is_array($group)) {
foreach ($group as $g) { foreach ($group as $g) {