Escape user names in notifications
- The HTML notification message interpolation is unfiltered by the template # Conflicts: # mod/ping.php
This commit is contained in:
parent
b2c4116357
commit
bbd3e44bb2
40
mod/ping.php
40
mod/ping.php
|
@ -133,7 +133,7 @@ function ping_init(App $a)
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
$notifs = ping_get_notifications(local_user());
|
$notifications = ping_get_notifications(local_user());
|
||||||
|
|
||||||
$condition = ["`unseen` AND `uid` = ? AND NOT `origin` AND (`vid` != ? OR `vid` IS NULL)",
|
$condition = ["`unseen` AND `uid` = ? AND NOT `origin` AND (`vid` != ? OR `vid` IS NULL)",
|
||||||
local_user(), Verb::getID(Activity::FOLLOW)];
|
local_user(), Verb::getID(Activity::FOLLOW)];
|
||||||
|
@ -263,8 +263,8 @@ function ping_init(App $a)
|
||||||
$data['birthdays'] = $birthdays;
|
$data['birthdays'] = $birthdays;
|
||||||
$data['birthdays-today'] = $birthdays_today;
|
$data['birthdays-today'] = $birthdays_today;
|
||||||
|
|
||||||
if (DBA::isResult($notifs)) {
|
if (DBA::isResult($notifications)) {
|
||||||
foreach ($notifs as $notif) {
|
foreach ($notifications as $notif) {
|
||||||
if ($notif['seen'] == 0) {
|
if ($notif['seen'] == 0) {
|
||||||
$sysnotify_count ++;
|
$sysnotify_count ++;
|
||||||
}
|
}
|
||||||
|
@ -277,14 +277,14 @@ function ping_init(App $a)
|
||||||
$notif = [
|
$notif = [
|
||||||
'id' => 0,
|
'id' => 0,
|
||||||
'href' => DI::baseUrl() . '/notifications/intros/' . $intro['id'],
|
'href' => DI::baseUrl() . '/notifications/intros/' . $intro['id'],
|
||||||
'name' => $intro['name'],
|
'name' => BBCode::convert($intro['name']),
|
||||||
'url' => $intro['url'],
|
'url' => $intro['url'],
|
||||||
'photo' => $intro['photo'],
|
'photo' => $intro['photo'],
|
||||||
'date' => $intro['datetime'],
|
'date' => $intro['datetime'],
|
||||||
'seen' => false,
|
'seen' => false,
|
||||||
'message' => DI::l10n()->t('{0} wants to be your friend'),
|
'message' => DI::l10n()->t('{0} wants to be your friend'),
|
||||||
];
|
];
|
||||||
$notifs[] = $notif;
|
$notifications[] = $notif;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -314,7 +314,7 @@ function ping_init(App $a)
|
||||||
'seen' => false,
|
'seen' => false,
|
||||||
'message' => DI::l10n()->t('{0} and %d others requested registration', count($regs) - 1),
|
'message' => DI::l10n()->t('{0} and %d others requested registration', count($regs) - 1),
|
||||||
];
|
];
|
||||||
$notifs[] = $notif;
|
$notifications[] = $notif;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -337,28 +337,16 @@ function ping_init(App $a)
|
||||||
}
|
}
|
||||||
return ($adate < $bdate) ? 1 : -1;
|
return ($adate < $bdate) ? 1 : -1;
|
||||||
};
|
};
|
||||||
usort($notifs, $sort_function);
|
usort($notifications, $sort_function);
|
||||||
|
|
||||||
if (DBA::isResult($notifs)) {
|
array_walk($notifications, function (&$notification) {
|
||||||
foreach ($notifs as $notif) {
|
if (empty($notification['photo'])) {
|
||||||
$contact = Contact::getByURL($notif['url'], false, ['micro', 'id', 'avatar']);
|
$contact = Contact::getByURL($notification['url'], false, ['micro', 'id', 'avatar']);
|
||||||
$notif['photo'] = Contact::getMicro($contact, $notif['photo']);
|
$notification['photo'] = Contact::getMicro($contact, $notif['photo']);
|
||||||
|
|
||||||
$local_time = DateTimeFormat::local($notif['date']);
|
|
||||||
|
|
||||||
$notifications[] = [
|
|
||||||
'id' => $notif['id'],
|
|
||||||
'href' => $notif['href'],
|
|
||||||
'name' => $notif['name'],
|
|
||||||
'url' => $notif['url'],
|
|
||||||
'photo' => $notif['photo'],
|
|
||||||
'date' => Temporal::getRelativeDate($notif['date']),
|
|
||||||
'message' => $notif['message'],
|
|
||||||
'seen' => $notif['seen'],
|
|
||||||
'timestamp' => strtotime($local_time)
|
|
||||||
];
|
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
$notification['timestamp'] = DateTimeFormat::local($notification['date']);
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
$sysmsgs = [];
|
$sysmsgs = [];
|
||||||
|
|
Loading…
Reference in New Issue
Block a user