summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--actions/twitapidirect_messages.php5
-rw-r--r--lib/rssaction.php2
-rw-r--r--lib/twitterapi.php16
-rw-r--r--lib/util.php9
4 files changed, 20 insertions, 12 deletions
diff --git a/actions/twitapidirect_messages.php b/actions/twitapidirect_messages.php
index a31d18a5c..d6eaf844e 100644
--- a/actions/twitapidirect_messages.php
+++ b/actions/twitapidirect_messages.php
@@ -133,8 +133,9 @@ class Twitapidirect_messagesAction extends TwitterapiAction {
$code = 403, $apidata['content-type']);
return;
}
-
- $message = Message::saveNew($user->id, $other->id, $content, $source);
+
+ $message = Message::saveNew($user->id, $other->id,
+ html_entity_decode($content, ENT_NOQUOTES, 'UTF-8'), $source);
if (is_string($message)) {
$this->server_error($message);
diff --git a/lib/rssaction.php b/lib/rssaction.php
index 76859a876..0152f25bc 100644
--- a/lib/rssaction.php
+++ b/lib/rssaction.php
@@ -123,7 +123,7 @@ class Rss10Action extends Action {
$nurl = common_local_url('shownotice', array('notice' => $notice->id));
$creator_uri = common_profile_uri($profile);
common_element_start('item', array('rdf:about' => $notice->uri));
- $title = $profile->nickname . ': ' . $notice->content;
+ $title = $profile->nickname . ': ' . common_xml_safe_str($notice->content);
common_element('title', NULL, $title);
common_element('link', NULL, $nurl);
common_element('description', NULL, $profile->nickname."'s status on ".common_exact_date($notice->created));
diff --git a/lib/twitterapi.php b/lib/twitterapi.php
index d4b6fff4f..378716eaa 100644
--- a/lib/twitterapi.php
+++ b/lib/twitterapi.php
@@ -60,7 +60,7 @@ class TwitterapiAction extends Action {
$profile = $notice->getProfile();
$twitter_status = array();
- $twitter_status['text'] = $notice->content;
+ $twitter_status['text'] = common_xml_safe_str($notice->content);
$twitter_status['truncated'] = 'false'; # Not possible on Laconica
$twitter_status['created_at'] = $this->date_twitter($notice->created);
$twitter_status['in_reply_to_status_id'] = ($notice->reply_to) ? intval($notice->reply_to) : NULL;
@@ -91,8 +91,8 @@ class TwitterapiAction extends Action {
$server = common_config('site', 'server');
$entry = array();
-
- $entry['content'] = $profile->nickname . ': ' . $notice->content;
+
+ $entry['content'] = $profile->nickname . ': ' . common_xml_safe_str($notice->content);
$entry['title'] = $entry['content'];
$entry['link'] = common_local_url('shownotice', array('notice' => $notice->id));
$entry['published'] = common_date_iso8601($notice->created);
@@ -115,14 +115,14 @@ class TwitterapiAction extends Action {
$entry['title'] = sprintf('Message from %s to %s',
$message->getFrom()->nickname, $message->getTo()->nickname);
- $entry['content'] = $message->content;
+ $entry['content'] = common_xml_safe_str($message->content);
$entry['link'] = $message->uri;
$entry['published'] = common_date_iso8601($message->created);
$entry['id'] = "tag:$server,2008:$entry[link]";
$entry['updated'] = $entry['published'];
# RSS Item specific
- $entry['description'] = $message->content;
+ $entry['description'] = $entry['content'];
$entry['pubDate'] = common_date_rfc2822($message->created);
$entry['guid'] = $entry['link'];
@@ -137,8 +137,8 @@ class TwitterapiAction extends Action {
$to_profile = $message->getTo();
$twitter_dm['id'] = $message->id;
- $twitter_dm['sender_id'] = $message->from_profile;
- $twitter_dm['text'] = $message->content;
+ $twitter_dm['sender_id'] = $message->from_profile;
+ $twitter_dm['text'] = common_xml_safe_str($message->content);
$twitter_dm['recipient_id'] = $message->to_profile;
$twitter_dm['created_at'] = $this->date_twitter($message->created);
$twitter_dm['sender_screen_name'] = $from_profile->nickname;
@@ -569,5 +569,5 @@ class TwitterapiAction extends Action {
}
return $source_name;
}
-
+
} \ No newline at end of file
diff --git a/lib/util.php b/lib/util.php
index 88841d3f6..23abb1426 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -708,7 +708,7 @@ function common_render_content($text, $notice) {
}
function common_render_text($text) {
- $r = htmlentities($text, ENT_NOQUOTES, 'UTF-8');
+ $r = htmlspecialchars($text);
$r = preg_replace('/[\x{0}-\x{8}\x{b}-\x{c}\x{e}-\x{19}]/', '', $r);
$r = preg_replace_callback('@https?://[^\]>\s]+@', 'common_render_uri_thingy', $r);
@@ -745,6 +745,13 @@ function common_render_uri_thingy($matches) {
return '<a href="' . $uri . '" class="extlink">' . $uri . '</a>' . $trailer;
}
+function common_xml_safe_str($str) {
+ $xmlStr = htmlentities(iconv('UTF-8', 'UTF-8//IGNORE', $str), ENT_NOQUOTES, 'UTF-8');
+
+ // Replace control, formatting, and surrogate characters with '*', ala Twitter
+ return preg_replace('/[\p{Cc}\p{Cf}\p{Cs}]/u', '*', $str);
+}
+
function common_tag_link($tag) {
$canonical = common_canonical_tag($tag);
$url = common_local_url('tag', array('tag' => $canonical));