PageTemplate/Fixup
* Don't try to be smart with the helper methods as they are used to escape user input.
This commit is contained in:
Sarjuuk
parent
c6d92031c5
commit
e675a8f953
5 changed files with 23 additions and 17 deletions
|
|
@ -207,27 +207,27 @@ class PageTemplate
|
|||
return Cfg::get($name);
|
||||
}
|
||||
|
||||
private function json(mixed $var, int $jsonFlags = 0x0) : string
|
||||
private function json(mixed $var, int $jsonFlags = 0x0, bool $varRef = false) : string
|
||||
{
|
||||
if (is_string($var) && $this->$var)
|
||||
$var = $this->$var;
|
||||
if (!is_string($var))
|
||||
return preg_replace('/script\s*\>/i', 'scr"+"ipt>', Util::toJSON($var, $jsonFlags) ?: "{}");
|
||||
|
||||
return preg_replace('/script\s*\>/i', 'scr"+"ipt>', Util::toJSON($var, $jsonFlags) ?: "{}");
|
||||
return preg_replace('/script\s*\>/i', 'scr"+"ipt>', Util::toJSON($varRef ? $this->$var : $var, $jsonFlags) ?: "{}");
|
||||
}
|
||||
|
||||
private function escHTML(string $var) : string|array
|
||||
private function escHTML(string $var, bool $varRef = false) : string|array
|
||||
{
|
||||
return Util::htmlEscape($this->$var ?? $var);
|
||||
return Util::htmlEscape($varRef ? $this->$var : $var);
|
||||
}
|
||||
|
||||
private function escJS(string $var) : string|array
|
||||
private function escJS(string $var, bool $varRef = false) : string|array
|
||||
{
|
||||
return Util::jsEscape($this->$var ?? $var);
|
||||
return Util::jsEscape($varRef ? $this->$var : $var);
|
||||
}
|
||||
|
||||
private function ucFirst(string $var) : string
|
||||
private function ucFirst(string $var, bool $varRef = false) : string
|
||||
{
|
||||
return Util::ucFirst($this->$var ?? $var);
|
||||
return Util::ucFirst($varRef ? $this->$var : $var);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -239,8 +239,11 @@ abstract class Util
|
|||
return 'b'.$_;
|
||||
}
|
||||
|
||||
public static function htmlEscape($data)
|
||||
public static function htmlEscape(string|array|null $data) : string|array
|
||||
{
|
||||
if (empty($data)) // null, '', [] and not "0"
|
||||
return '';
|
||||
|
||||
if (is_array($data))
|
||||
{
|
||||
foreach ($data as &$v)
|
||||
|
|
@ -252,8 +255,11 @@ abstract class Util
|
|||
return htmlspecialchars($data, ENT_QUOTES | ENT_DISALLOWED | ENT_HTML5, 'utf-8');
|
||||
}
|
||||
|
||||
public static function jsEscape($data)
|
||||
public static function jsEscape(string|array|null $data) : string|array
|
||||
{
|
||||
if (empty($data)) // null, '', [] and not "0"
|
||||
return '';
|
||||
|
||||
if (is_array($data))
|
||||
{
|
||||
foreach ($data as &$v)
|
||||
|
|
|
|||
|
|
@ -30,10 +30,10 @@ if (($this->lvTabs && count($this->lvTabs)) || $this->charactersLvData || $this-
|
|||
echo $this->lvTabs;
|
||||
|
||||
if ($this->charactersLvData):
|
||||
echo ' us_addCharactersTab('.$this->json('charactersLvData').');'.PHP_EOL;
|
||||
echo ' us_addCharactersTab('.$this->json('charactersLvData', varRef: true).');'.PHP_EOL;
|
||||
endif;
|
||||
if ($this->profilesLvData):
|
||||
echo ' us_addProfilesTab('.$this->json('profilesLvData').');'.PHP_EOL;
|
||||
echo ' us_addProfilesTab('.$this->json('profilesLvData', varRef: true).');'.PHP_EOL;
|
||||
endif;
|
||||
if ($this->contribute & CONTRIBUTE_CO):
|
||||
echo " new Listview({template: 'comment', id: 'comments', name: LANG.tab_comments".($this->lvTabs ? ", tabs: ".$this->lvTabs->__tabVar : '').", parent: 'lv-generic', data: lv_comments});".PHP_EOL;
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ if ($this->contribute & CONTRIBUTE_VI):
|
|||
endif;
|
||||
|
||||
if ($this->gPageInfo):
|
||||
echo " var g_pageInfo = ".$this->json('gPageInfo').";\n";
|
||||
echo " var g_pageInfo = ".$this->json('gPageInfo', varRef: true).";\n";
|
||||
|
||||
// set by ItemBaseEndpoint
|
||||
if ($this->user::isLoggedIn() && !empty($this->redButtons[BUTTON_EQUIP])):
|
||||
|
|
@ -27,7 +27,7 @@ if ($this->pageTemplate):
|
|||
if ($this->locale->value && $this->pageTemplate['pageName'] != 'home'):
|
||||
echo " Locale.set(".$this->locale->value.");\n";
|
||||
endif;
|
||||
echo " PageTemplate.set(".$this->json('pageTemplate').");\n";
|
||||
echo " PageTemplate.set(".$this->json('pageTemplate', varRef: true).");\n";
|
||||
endif;
|
||||
echo " PageTemplate.init();\n";
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
?>
|
||||
<div id="h1-icon-generic" class="h1-icon"></div>
|
||||
<script type="text/javascript">
|
||||
$WH.ge('h1-icon-generic').appendChild(Icon.createUser(<?=substr($this->json('userIcon'), 1, -1); ?>));
|
||||
$WH.ge('h1-icon-generic').appendChild(Icon.createUser(<?=substr($this->json('userIcon', varRef: true), 1, -1); ?>));
|
||||
</script>
|
||||
<h1 class="h1-icon"><?=$this->h1; ?></h1>
|
||||
<?php else: ?>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue