Escape user names in notifications
- The HTML notification message interpolation is unfiltered by the template # Conflicts: # mod/ping.php
This commit is contained in:
parent
b2c4116357
commit
bbd3e44bb2
1 changed files with 14 additions and 26 deletions
40
mod/ping.php
40
mod/ping.php
|
@ -133,7 +133,7 @@ function ping_init(App $a)
|
|||
exit();
|
||||
}
|
||||
|
||||
$notifs = ping_get_notifications(local_user());
|
||||
$notifications = ping_get_notifications(local_user());
|
||||
|
||||
$condition = ["`unseen` AND `uid` = ? AND NOT `origin` AND (`vid` != ? OR `vid` IS NULL)",
|
||||
local_user(), Verb::getID(Activity::FOLLOW)];
|
||||
|
@ -263,8 +263,8 @@ function ping_init(App $a)
|
|||
$data['birthdays'] = $birthdays;
|
||||
$data['birthdays-today'] = $birthdays_today;
|
||||
|
||||
if (DBA::isResult($notifs)) {
|
||||
foreach ($notifs as $notif) {
|
||||
if (DBA::isResult($notifications)) {
|
||||
foreach ($notifications as $notif) {
|
||||
if ($notif['seen'] == 0) {
|
||||
$sysnotify_count ++;
|
||||
}
|
||||
|
@ -277,14 +277,14 @@ function ping_init(App $a)
|
|||
$notif = [
|
||||
'id' => 0,
|
||||
'href' => DI::baseUrl() . '/notifications/intros/' . $intro['id'],
|
||||
'name' => $intro['name'],
|
||||
'name' => BBCode::convert($intro['name']),
|
||||
'url' => $intro['url'],
|
||||
'photo' => $intro['photo'],
|
||||
'date' => $intro['datetime'],
|
||||
'seen' => false,
|
||||
'message' => DI::l10n()->t('{0} wants to be your friend'),
|
||||
];
|
||||
$notifs[] = $notif;
|
||||
$notifications[] = $notif;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -314,7 +314,7 @@ function ping_init(App $a)
|
|||
'seen' => false,
|
||||
'message' => DI::l10n()->t('{0} and %d others requested registration', count($regs) - 1),
|
||||
];
|
||||
$notifs[] = $notif;
|
||||
$notifications[] = $notif;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -337,28 +337,16 @@ function ping_init(App $a)
|
|||
}
|
||||
return ($adate < $bdate) ? 1 : -1;
|
||||
};
|
||||
usort($notifs, $sort_function);
|
||||
usort($notifications, $sort_function);
|
||||
|
||||
if (DBA::isResult($notifs)) {
|
||||
foreach ($notifs as $notif) {
|
||||
$contact = Contact::getByURL($notif['url'], false, ['micro', 'id', 'avatar']);
|
||||
$notif['photo'] = Contact::getMicro($contact, $notif['photo']);
|
||||
|
||||
$local_time = DateTimeFormat::local($notif['date']);
|
||||
|
||||
$notifications[] = [
|
||||
'id' => $notif['id'],
|
||||
'href' => $notif['href'],
|
||||
'name' => $notif['name'],
|
||||
'url' => $notif['url'],
|
||||
'photo' => $notif['photo'],
|
||||
'date' => Temporal::getRelativeDate($notif['date']),
|
||||
'message' => $notif['message'],
|
||||
'seen' => $notif['seen'],
|
||||
'timestamp' => strtotime($local_time)
|
||||
];
|
||||
array_walk($notifications, function (&$notification) {
|
||||
if (empty($notification['photo'])) {
|
||||
$contact = Contact::getByURL($notification['url'], false, ['micro', 'id', 'avatar']);
|
||||
$notification['photo'] = Contact::getMicro($contact, $notif['photo']);
|
||||
}
|
||||
}
|
||||
|
||||
$notification['timestamp'] = DateTimeFormat::local($notification['date']);
|
||||
});
|
||||
}
|
||||
|
||||
$sysmsgs = [];
|
||||
|
|
Loading…
Reference in a new issue