summaryrefslogtreecommitdiff
path: root/lib/util.php
diff options
context:
space:
mode:
authorZach Copley <zach@status.net>2010-03-01 14:58:06 -0800
committerZach Copley <zach@status.net>2010-03-01 14:58:06 -0800
commita5dc5f9c62aec5021b31e7f202edf2de3462b6ba (patch)
treebf1c46327d1e01af669770858b86dba3fbffd940 /lib/util.php
parent04c4facba9230f40726c5891dcac21d928fbb2ab (diff)
Upgrade XML output scrubbing to better deal with newline and a few other chars
Diffstat (limited to 'lib/util.php')
-rw-r--r--lib/util.php24
1 files changed, 22 insertions, 2 deletions
diff --git a/lib/util.php b/lib/util.php
index d12a7920d..7a170a5f5 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -809,8 +809,28 @@ function common_shorten_links($text)
function common_xml_safe_str($str)
{
- // Neutralize control codes and surrogates
- return preg_replace('/[\p{Cc}\p{Cs}]/u', '*', $str);
+ // Replace common eol and extra whitespace input chars
+ $unWelcome = array(
+ "\t", // tab
+ "\n", // newline
+ "\r", // cr
+ "\0", // null byte eos
+ "\x0B" // vertical tab
+ );
+
+ $replacement = array(
+ ' ', // single space
+ ' ',
+ '', // nothing
+ '',
+ ' '
+ );
+
+ $str = str_replace($unWelcome, $replacement, $str);
+
+ // Neutralize any additional control codes and UTF-16 surrogates
+ // (Twitter uses '*')
+ return preg_replace('/[\p{Cc}\p{Cs}]/u', '*', $str);
}
function common_tag_link($tag)