diff options
author | Evan Prodromou <evan@prodromou.name> | 2008-05-29 13:34:00 -0400 |
---|---|---|
committer | Evan Prodromou <evan@prodromou.name> | 2008-05-29 13:34:00 -0400 |
commit | fb3029d74e5552641d005079de422e762e7ac73b (patch) | |
tree | f9f041a288c70bd251f3a4739a0895efb168f3ce | |
parent | 85aeafe34a33ebc6d0e54560b52749caf44195f2 (diff) |
special chars for raw links in atlinks
darcs-hash:20080529173400-84dde-f0883200a6dac50a3d9022cef82816339f9dd84c.gz
-rw-r--r-- | lib/util.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/util.php b/lib/util.php index 5ed632b7b..eac9ed9cc 100644 --- a/lib/util.php +++ b/lib/util.php @@ -365,7 +365,7 @@ function common_at_link($sender_id, $nickname) { $recipient->whereAdd('EXISTS (SELECT subscribed from subscription where subscriber = '.$sender_id.' and subscribed = id)', 'AND'); $recipient->whereAdd('nickname = "' . trim($nickname) . '"', 'AND'); if ($recipient->find(TRUE)) { - return '<a href="'.$recipient->profileurl.'" class="atlink tolistenee">'.$nickname.'</a>'; + return '<a href="'.htmlspecialchars($recipient->profileurl).'" class="atlink tolistenee">'.$nickname.'</a>'; } # Try to find profiles that listen to this profile and that have this nickname $recipient = new Profile(); @@ -373,7 +373,7 @@ function common_at_link($sender_id, $nickname) { $recipient->whereAdd('EXISTS (SELECT subscriber from subscription where subscribed = '.$sender_id.' and subscriber = id)', 'AND'); $recipient->whereAdd('nickname = "' . trim($nickname) . '"', 'AND'); if ($recipient->find(TRUE)) { - return '<a href="'.$recipient->profileurl.'" class="atlink tolistener">'.$nickname.'</a>'; + return '<a href="'.htmlspecialchars($recipient->profileurl).'" class="atlink tolistener">'.$nickname.'</a>'; } # If this is a local user, try to find a local user with that nickname. $sender = User::staticGet($sender_id); @@ -381,7 +381,7 @@ function common_at_link($sender_id, $nickname) { $recipient_user = User::staticGet('nickname', $nickname); if ($recipient_user) { $recipient = $recipient->getProfile(); - return '<a href="'.$recipient->profileurl.'" class="atlink usertouser">'.$nickname.'</a>'; + return '<a href="'.htmlspecialchars($recipient->profileurl).'" class="atlink usertouser">'.$nickname.'</a>'; } } # Otherwise, no links. @messages from local users to remote users, |