summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--actions/twitapisearchatom.php9
-rw-r--r--classes/Notice.php2
-rw-r--r--lib/apiaction.php8
3 files changed, 13 insertions, 6 deletions
diff --git a/actions/twitapisearchatom.php b/actions/twitapisearchatom.php
index 6c740c490..51e8a8881 100644
--- a/actions/twitapisearchatom.php
+++ b/actions/twitapisearchatom.php
@@ -349,14 +349,17 @@ class TwitapisearchatomAction extends ApiAction
$ns = $notice->getSource();
if ($ns) {
if (!empty($ns->name) && !empty($ns->url)) {
- $source = '<a href="' . $ns->url . '" rel="nofollow">' . $ns->name . '</a>';
+ $source = '<a href="'
+ . htmlspecialchars($ns->url)
+ . '" rel="nofollow">'
+ . htmlspecialchars($ns->name)
+ . '</a>';
} else {
$source = $ns->code;
}
}
- $this->element("twitter:source", null,
- htmlentities($source));
+ $this->element("twitter:source", null, $source);
$this->elementStart('author');
diff --git a/classes/Notice.php b/classes/Notice.php
index 196501279..0dc7e10e7 100644
--- a/classes/Notice.php
+++ b/classes/Notice.php
@@ -1220,7 +1220,7 @@ class Notice extends Memcached_DataObject
$ns = $this->getSource();
if ($ns) {
if (!empty($ns->url)) {
- $noticeInfoAttr['source_link'] = htmlentities($ns->url);
+ $noticeInfoAttr['source_link'] = $ns->url;
}
}
diff --git a/lib/apiaction.php b/lib/apiaction.php
index f3efff402..68198effc 100644
--- a/lib/apiaction.php
+++ b/lib/apiaction.php
@@ -266,13 +266,17 @@ class ApiAction extends Action
$ns = $notice->getSource();
if ($ns) {
if (!empty($ns->name) && !empty($ns->url)) {
- $source = '<a href="' . $ns->url . '" rel="nofollow">' . $ns->name . '</a>';
+ $source = '<a href="'
+ . htmlspecialchars($ns->url)
+ . '" rel="nofollow">'
+ . htmlspecialchars($ns->name)
+ . '</a>';
} else {
$source = $ns->code;
}
}
- $twitter_status['source'] = htmlentities($source);
+ $twitter_status['source'] = $source;
$twitter_status['id'] = intval($notice->id);
$replier_profile = null;