diff --git a/include/compat.inc.php b/include/compat.inc.php index fb82c7bb..357bba28 100644 --- a/include/compat.inc.php +++ b/include/compat.inc.php @@ -497,6 +497,9 @@ if (function_exists('date_default_timezone_get')) { * native encoded strings containing umlauts. This wrapper should to be used in the core until PHP 5.6 fixes the bug. */ function serendipity_specialchars($string, $flags = null, $encoding = LANG_CHARSET, $double_encode = true) { + if (!is_string($string)) { + return ''; + } if ($flags == null) { if (defined('ENT_HTML401')) { // Added with PHP 5.4.x @@ -520,6 +523,9 @@ function serendipity_specialchars($string, $flags = null, $encoding = LANG_CHARS * see serendipity_specialchars */ function serendipity_entities($string, $flags = null, $encoding = LANG_CHARSET, $double_encode = true) { + if (!is_string($string)) { + return ''; + } if ($flags == null) { if (defined('ENT_HTML401')) { // Added with PHP 5.4.x @@ -539,6 +545,9 @@ function serendipity_entities($string, $flags = null, $encoding = LANG_CHARSET, * serendipity_specialchars */ function serendipity_entity_decode($string, $flags = null, $encoding = LANG_CHARSET) { + if (!is_string($string)) { + return ''; + } if ($flags == null) { # NOTE: ENT_SUBSTITUTE does not exist for this function, and the documentation does not specify that it will # ever echo empty strings on charset errors diff --git a/include/functions_comments.inc.php b/include/functions_comments.inc.php index 49e3b376..8c01e79b 100644 --- a/include/functions_comments.inc.php +++ b/include/functions_comments.inc.php @@ -363,8 +363,8 @@ function serendipity_printComments($comments, $parentid = 0, $depth = 0, $trace if ($parentid === VIEWMODE_LINEAR || !isset($comment['parent_id']) || $comment['parent_id'] == $parentid) { $i++; - $comment['comment'] = serendipity_specialchars(strip_tags($comment['body'])); - $comment['url'] = strip_tags($comment['url']); + $comment['comment'] = (is_string($comment['body']) ? serendipity_specialchars(strip_tags($comment['body'])) : ''); + $comment['url'] = (is_string($comment['url']) ? strip_tags($comment['url']) : ''); $comment['link_delete'] = $serendipity['baseURL'] . 'comment.php?serendipity[delete]=' . $comment['id'] . '&serendipity[entry]=' . $comment['entry_id'] . '&serendipity[type]=comments&' . $formToken; /* Fix invalid cases in protocoll part */ diff --git a/include/functions_routing.inc.php b/include/functions_routing.inc.php index 09523d04..cd89a3d8 100644 --- a/include/functions_routing.inc.php +++ b/include/functions_routing.inc.php @@ -339,7 +339,7 @@ function serveEntry($matches) { if (!empty($serendipity['POST']['submit']) && !isset($_REQUEST['serendipity']['csuccess'])) { $comment['url'] = $serendipity['POST']['url']; - $comment['comment'] = trim($serendipity['POST']['comment']); + $comment['comment'] = (is_string($serendipity['POST']['comment']) ? trim($serendipity['POST']['comment']) : ''); $comment['name'] = $serendipity['POST']['name']; $comment['email'] = $serendipity['POST']['email']; $comment['subscribe'] = $serendipity['POST']['subscribe'];