diff options
| -rw-r--r-- | actions/twitapisearchatom.php | 9 | ||||
| -rw-r--r-- | classes/Notice.php | 2 | ||||
| -rw-r--r-- | lib/apiaction.php | 8 |
3 files changed, 13 insertions, 6 deletions
diff --git a/actions/twitapisearchatom.php b/actions/twitapisearchatom.php index 6c740c490..51e8a8881 100644 --- a/actions/twitapisearchatom.php +++ b/actions/twitapisearchatom.php @@ -349,14 +349,17 @@ class TwitapisearchatomAction extends ApiAction $ns = $notice->getSource(); if ($ns) { if (!empty($ns->name) && !empty($ns->url)) { - $source = '<a href="' . $ns->url . '" rel="nofollow">' . $ns->name . '</a>'; + $source = '<a href="' + . htmlspecialchars($ns->url) + . '" rel="nofollow">' + . htmlspecialchars($ns->name) + . '</a>'; } else { $source = $ns->code; } } - $this->element("twitter:source", null, - htmlentities($source)); + $this->element("twitter:source", null, $source); $this->elementStart('author'); diff --git a/classes/Notice.php b/classes/Notice.php index b3cfb2813..875bcaa02 100644 --- a/classes/Notice.php +++ b/classes/Notice.php @@ -1221,7 +1221,7 @@ class Notice extends Memcached_DataObject $ns = $this->getSource(); if ($ns) { if (!empty($ns->url)) { - $noticeInfoAttr['source_link'] = htmlentities($ns->url); + $noticeInfoAttr['source_link'] = $ns->url; } } diff --git a/lib/apiaction.php b/lib/apiaction.php index 2608be227..42aa08ef7 100644 --- a/lib/apiaction.php +++ b/lib/apiaction.php @@ -319,13 +319,17 @@ class ApiAction extends Action $ns = $notice->getSource(); if ($ns) { if (!empty($ns->name) && !empty($ns->url)) { - $source = '<a href="' . $ns->url . '" rel="nofollow">' . $ns->name . '</a>'; + $source = '<a href="' + . htmlspecialchars($ns->url) + . '" rel="nofollow">' + . htmlspecialchars($ns->name) + . '</a>'; } else { $source = $ns->code; } } - $twitter_status['source'] = htmlentities($source); + $twitter_status['source'] = $source; $twitter_status['id'] = intval($notice->id); $replier_profile = null; |