From b2666e779434f08e2984c781892f808cdfb64d09 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Mon, 16 Nov 2020 18:18:11 -0500 Subject: [PATCH] Escape user name in introduction fields help text - HTML help text aren't escaped in the template # Conflicts: # src/Module/Notifications/Introductions.php --- src/Module/Notifications/Introductions.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/Module/Notifications/Introductions.php b/src/Module/Notifications/Introductions.php index bd0445b07..2a8a6ef44 100644 --- a/src/Module/Notifications/Introductions.php +++ b/src/Module/Notifications/Introductions.php @@ -23,6 +23,7 @@ namespace Friendica\Module\Notifications; use Friendica\Content\ContactSelector; use Friendica\Content\Nav; +use Friendica\Content\Text\BBCode; use Friendica\Core\Protocol; use Friendica\Core\Renderer; use Friendica\Database\DBA; @@ -124,9 +125,11 @@ class Introductions extends BaseNotifications $knowyou = ''; } + $convertedName = BBCode::convert($notification->getName()); + $helptext = DI::l10n()->t('Shall your connection be bidirectional or not?'); - $helptext2 = DI::l10n()->t('Accepting %s as a friend allows %s to subscribe to your posts, and you will also receive updates from them in your news feed.', $notification->getName(), $notification->getName()); - $helptext3 = DI::l10n()->t('Accepting %s as a subscriber allows them to subscribe to your posts, but you will not receive updates from them in your news feed.', $notification->getName()); + $helptext2 = DI::l10n()->t('Accepting %s as a friend allows %s to subscribe to your posts, and you will also receive updates from them in your news feed.', $convertedName, $convertedName); + $helptext3 = DI::l10n()->t('Accepting %s as a subscriber allows them to subscribe to your posts, but you will not receive updates from them in your news feed.', $convertedName); $friend = ['duplex', DI::l10n()->t('Friend'), '1', $helptext2, true]; $follower = ['duplex', DI::l10n()->t('Subscriber'), '0', $helptext3, false];