From ecfbf317ae2ba703d31a58ee945eb4923527b33e Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Wed, 2 Aug 2023 16:58:14 +0200 Subject: [PATCH 1/3] Fix reference to username field in Contact::updateSelfFromUserID - Profile isn't updated with the display name in the account settings --- src/Model/Contact.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/Model/Contact.php b/src/Model/Contact.php index 3ca84515a9..17be0b0cfd 100644 --- a/src/Model/Contact.php +++ b/src/Model/Contact.php @@ -799,7 +799,7 @@ class Contact return false; } - $fields = ['uid', 'nickname', 'page-flags', 'account-type', 'prvkey', 'pubkey']; + $fields = ['uid', 'username', 'nickname', 'page-flags', 'account-type', 'prvkey', 'pubkey']; $user = DBA::selectFirst('user', $fields, ['uid' => $uid, 'account_expired' => false]); if (!DBA::isResult($user)) { return false; @@ -818,7 +818,7 @@ class Contact $url = DI::baseUrl() . '/profile/' . $user['nickname']; $fields = [ - 'name' => $profile['name'], + 'name' => $user['username'], 'nick' => $user['nickname'], 'avatar-date' => $self['avatar-date'], 'location' => Profile::formatLocation($profile), @@ -841,7 +841,6 @@ class Contact 'confirm' => DI::baseUrl() . '/dfrn_confirm/' . $user['nickname'], ]; - $avatar = Photo::selectFirst(['resource-id', 'type'], ['uid' => $uid, 'profile' => true]); if (DBA::isResult($avatar)) { if ($update_avatar) { From f984e385c89f53a4eeaf06642da856b5ed304688 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Wed, 2 Aug 2023 16:59:08 +0200 Subject: [PATCH 2/3] Escape HTML in system messages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Thanks to Laura Pîrcălăboiu for the report --- src/Module/Notifications/Ping.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/Module/Notifications/Ping.php b/src/Module/Notifications/Ping.php index 120035d557..e54bd577b2 100644 --- a/src/Module/Notifications/Ping.php +++ b/src/Module/Notifications/Ping.php @@ -52,6 +52,7 @@ use Friendica\Network\HTTPException; use Friendica\Protocol\Activity; use Friendica\Util\DateTimeFormat; use Friendica\Util\Profiler; +use Friendica\Util\Strings; use GuzzleHttp\Psr7\Uri; use Psr\Log\LoggerInterface; @@ -296,8 +297,8 @@ class Ping extends BaseModule $data['notifications'] = $navNotifications; $data['sysmsgs'] = [ - 'notice' => $this->systemMessages->flushNotices(), - 'info' => $this->systemMessages->flushInfos(), + 'notice' => array_map([Strings::class, 'escapeHtml'], $this->systemMessages->flushNotices()), + 'info' => array_map([Strings::class, 'escapeHtml'], $this->systemMessages->flushInfos()), ]; if (isset($_GET['callback'])) { From cc7fce3d363691774cd1f140588db351fa60e3db Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Wed, 2 Aug 2023 16:59:46 +0200 Subject: [PATCH 3/3] Escape HTML in display names for inclusion in syndication link tags MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Thanks to Laura Pîrcălăboiu for the report --- src/Module/Profile/Conversations.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Module/Profile/Conversations.php b/src/Module/Profile/Conversations.php index b53c2d1ab8..cda8f03f9b 100644 --- a/src/Module/Profile/Conversations.php +++ b/src/Module/Profile/Conversations.php @@ -103,10 +103,10 @@ class Conversations extends BaseProfile $this->page['htmlhead'] .= '' . "\n"; } - $this->page['htmlhead'] .= '' . "\n"; - $this->page['htmlhead'] .= '' . "\n"; - $this->page['htmlhead'] .= '' . "\n"; - $this->page['htmlhead'] .= '' . "\n"; + $this->page['htmlhead'] .= '' . "\n"; + $this->page['htmlhead'] .= '' . "\n"; + $this->page['htmlhead'] .= '' . "\n"; + $this->page['htmlhead'] .= '' . "\n"; $category = $datequery = $datequery2 = '';