summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorBrion Vibber <brion@pobox.com>2010-03-17 17:35:27 -0700
committerBrion Vibber <brion@pobox.com>2010-03-17 17:35:27 -0700
commit55a54d6f6a98e02e204a59ebb7e6f9ea9d99ab5b (patch)
tree8023b165be740e014f5e56aec24d411f814e844e /lib
parent5d1295f233327d0a7f8dfdc2557ecaa923006a64 (diff)
Ticket #2244: fix to interpretation of escaped HTML and plaintext Atom content on incoming OStatus messages.
We were double-unescaping for <content type="html">, turning &lt;b&gt; escaped chars into literal tags (which then may get removed entirely by the HTML scrubber).
Diffstat (limited to 'lib')
-rw-r--r--lib/activity.php9
1 files changed, 6 insertions, 3 deletions
diff --git a/lib/activity.php b/lib/activity.php
index d84eabf7c..d7e13052d 100644
--- a/lib/activity.php
+++ b/lib/activity.php
@@ -458,11 +458,14 @@ class ActivityUtils
// slavishly following http://atompub.org/rfc4287.html#rfc.section.4.1.3.3
if (empty($type) || $type == 'text') {
- return $contentEl->textContent;
+ // Plain text source -- let's turn it into HTML!
+ return htmlspecialchars($contentEl->textContent);
} else if ($type == 'html') {
- $text = $contentEl->textContent;
- return htmlspecialchars_decode($text, ENT_QUOTES);
+ // The XML text decoding gives us an HTML string ready to roll.
+ return $contentEl->textContent, ENT_QUOTES;
} else if ($type == 'xhtml') {
+ // Embedded XHTML; we have to pull it out of the document tree,
+ // then serialize it back out to an HTML fragment string.
$divEl = ActivityUtils::child($contentEl, 'div', 'http://www.w3.org/1999/xhtml');
if (empty($divEl)) {
return null;