keith/friendica
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Escape HTML in system messages

Browse source 
- Thanks to Laura Pîrcălăboiu for the report
This commit is contained in:
Hypolite Petovan 2023-08-02 16:59:08 +02:00
parent ecfbf317ae
commit f984e385c8
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/Module/Notifications/Ping.php
View file

@ -52,6 +52,7 @@ use Friendica\Network\HTTPException;
use Friendica\Protocol\Activity; use Friendica\Protocol\Activity;
use Friendica\Util\DateTimeFormat; use Friendica\Util\DateTimeFormat;
use Friendica\Util\Profiler; use Friendica\Util\Profiler;
use Friendica\Util\Strings;
use GuzzleHttp\Psr7\Uri; use GuzzleHttp\Psr7\Uri;
use Psr\Log\LoggerInterface; use Psr\Log\LoggerInterface;
@ -296,8 +297,8 @@ class Ping extends BaseModule
$data['notifications'] = $navNotifications; $data['notifications'] = $navNotifications;
$data['sysmsgs'] = [ $data['sysmsgs'] = [
'notice' => $this->systemMessages->flushNotices(), 'notice' => array_map([Strings::class, 'escapeHtml'], $this->systemMessages->flushNotices()),
'info' => $this->systemMessages->flushInfos(), 'info' => array_map([Strings::class, 'escapeHtml'], $this->systemMessages->flushInfos()),
]; ];
if (isset($_GET['callback'])) { if (isset($_GET['callback'])) {