Twitter-compatible API - properly encode and decode UTF-8 HTML entities

darcs-hash:20081103211653-462f3-58a0ad41ab0426c21aceb04b4a91dc52559018d0.gz

2 files changed, 5 insertions, 8 deletions

diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php
index 68d6bb622..539a0b1b3 100644
--- a/actions/twitapistatuses.php
+++ b/actions/twitapistatuses.php
@@ -193,10 +193,10 @@ class TwitapistatusesAction extends TwitterapiAction {
 
 		# FriendFeed's SUP protocol
 		# Also added RSS and Atom feeds
-		
+
 		$suplink = common_local_url('sup', NULL, $user->id);
 		header('X-SUP-ID: '.$suplink);
-		
+
 		# XXX: since
 
 		$notice = $user->getNotices((($page-1)*20), $count, $since_id, $before_id);
@@ -234,10 +234,6 @@ class TwitapistatusesAction extends TwitterapiAction {
 			return;
 		}
 
-		foreach ($_POST as $p => $v) {
-			common_debug("_POST: $p = $v");
-		}
-
 		$this->auth_user = $apidata['user'];
 		$user = $this->auth_user;
 		$status = $this->trimmed('status');
@@ -298,7 +294,8 @@ class TwitapistatusesAction extends TwitterapiAction {
 				}
 			}
 
-			$notice = Notice::saveNew($user->id, $status, $source, 1, $reply_to);
+			$notice = Notice::saveNew($user->id, html_entity_decode($status, ENT_NOQUOTES, 'UTF-8'),
+				$source, 1, $reply_to);
 
 			if (is_string($notice)) {
 				$this->server_error($notice);
diff --git a/lib/util.php b/lib/util.php
index 44c75156c..88841d3f6 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -708,7 +708,7 @@ function common_render_content($text, $notice) {
 }
 
 function common_render_text($text) {
-	$r = htmlspecialchars($text);
+	$r = htmlentities($text, ENT_NOQUOTES, 'UTF-8');
 
 	$r = preg_replace('/[\x{0}-\x{8}\x{b}-\x{c}\x{e}-\x{19}]/', '', $r);
 	$r = preg_replace_callback('@https?://[^\]>\s]+@', 'common_render_uri_thingy', $r);