escape brackets in alt tags from remote sources.

2024-09-20 06:55:19 +00:00 · 2022-06-07 00:25:27 -07:00 · 2022-06-07 00:25:27 -07:00 · 4780df8a63
commit 4780df8a63
parent 3518f5f2de
1 changed files with 1 additions and 0 deletions
--- a/Code/Lib/Activity.php
+++ b/Code/Lib/Activity.php
@ -4049,6 +4049,7 @@ class Activity
                if (self::media_not_in_body($a['href'], $item['body'])) {
                    if (isset($a['name']) && $a['name']) {
                        $alt = htmlspecialchars($a['name'], ENT_QUOTES);
+                        $alt = str_replace(['[', ']'], ['%5b', '%5d'], $alt);
                        $item['body'] .= "\n\n" . '[img alt="' . $alt . '"]' . $a['href'] . '[/img]';
                    } else {
                        $item['body'] .= "\n\n" . '[img]' . $a['href'] . '[/img]';