Event-Federation/wordpress-activitypub
Event-Federation/wordpress-activitypub
7
1
Fork 0
Code Issues 3 Pull requests Projects Releases Wiki Activity Actions

Add missing output escaping

Browse source
This commit is contained in:
Alex Kirk 2023-07-18 06:30:06 +02:00
parent 0f54ea465e
commit ab6aefe446
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
includes/class-mention.php
View file

@ -27,8 +27,12 @@ class Mention {
public static function the_content( $the_content ) {
$protected_tags = array();
$protect = function( $m ) use ( &$protected_tags ) {
$c = count( $protected_tags );
$c = \rand( 100000, 999999 );
$protect = '!#!#PROTECT' . $c . '#!#!';
while ( isset( $protected_tags[ $protect ] ) ) {
$c = \rand( 100000, 999999 );
$protect = '!#!#PROTECT' . $c . '#!#!';
}
$protected_tags[ $protect ] = $m[0];
return $protect;
};
@ -78,8 +82,7 @@ class Mention {
if ( ! empty( $metadata['preferredUsername'] ) ) {
$username = $metadata['preferredUsername'];
}
$username = '@<span>' . $username . '</span>';
return \sprintf( '<a rel="mention" class="u-url mention" href="%s">%s</a>', $metadata['url'], $username );
return \sprintf( '<a rel="mention" class="u-url mention" href="%s">@<span>%s</span></a>', esc_url( $metadata['url'] ), esc_html( $username ) );
}
return $result[0];