wamo/Qvitter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

html in source field is not safe

Browse Source
This commit is contained in:
Hannes Mannerheim 2016-09-01 22:55:04 +02:00
parent e83d89e99d
commit 632d5f1136
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
QvitterPlugin.php
View File

@ -522,6 +522,9 @@ class QvitterPlugin extends Plugin {
function onNoticeSimpleStatusArray($notice, &$twitter_status, $scoped) function onNoticeSimpleStatusArray($notice, &$twitter_status, $scoped)
{ {
// strip tags from source, we can't trust html here, because of gs bug
$twitter_status['source'] = htmlspecialchars(strip_tags($twitter_status['source']));
// groups // groups
$notice_groups = $notice->getGroups(); $notice_groups = $notice->getGroups();
$group_addressees = false; $group_addressees = false;