From e675a8f953b2232ce40530bcb44ab791589940fa Mon Sep 17 00:00:00 2001
From: Sarjuuk <junkdump@gmx.net>
Date: Mon, 26 Jan 2026 20:01:26 +0100
Subject: [PATCH] PageTemplate/Fixup  * Don't try to be smart with the helper
 methods as they are used to escape user input.

---
 includes/components/pagetemplate.class.php | 20 ++++++++++----------
 includes/utilities.php                     | 10 ++++++++--
 template/bricks/lvTabs.tpl.php             |  4 ++--
 template/bricks/pageTemplate.tpl.php       |  4 ++--
 template/pages/user.tpl.php                |  2 +-
 5 files changed, 23 insertions(+), 17 deletions(-)

diff --git a/includes/components/pagetemplate.class.php b/includes/components/pagetemplate.class.php
index ca81af86..4f4a1dc6 100644
--- a/includes/components/pagetemplate.class.php
+++ b/includes/components/pagetemplate.class.php
@@ -207,27 +207,27 @@ class PageTemplate
         return Cfg::get($name);
     }
 
-    private function json(mixed $var, int $jsonFlags = 0x0) : string
+    private function json(mixed $var, int $jsonFlags = 0x0, bool $varRef = false) : string
     {
-        if (is_string($var) && $this->$var)
-            $var = $this->$var;
+        if (!is_string($var))
+            return preg_replace('/script\s*\>/i', 'scr"+"ipt>', Util::toJSON($var, $jsonFlags) ?: "{}");
 
-        return preg_replace('/script\s*\>/i', 'scr"+"ipt>', Util::toJSON($var, $jsonFlags) ?: "{}");
+        return preg_replace('/script\s*\>/i', 'scr"+"ipt>', Util::toJSON($varRef ? $this->$var : $var, $jsonFlags) ?: "{}");
     }
 
-    private function escHTML(string $var) : string|array
+    private function escHTML(string $var, bool $varRef = false) : string|array
     {
-        return Util::htmlEscape($this->$var ?? $var);
+        return Util::htmlEscape($varRef ? $this->$var : $var);
     }
 
-    private function escJS(string $var) : string|array
+    private function escJS(string $var, bool $varRef = false) : string|array
     {
-        return Util::jsEscape($this->$var ?? $var);
+        return Util::jsEscape($varRef ? $this->$var : $var);
     }
 
-    private function ucFirst(string $var) : string
+    private function ucFirst(string $var, bool $varRef = false) : string
     {
-        return Util::ucFirst($this->$var ?? $var);
+        return Util::ucFirst($varRef ? $this->$var : $var);
     }
 
 
diff --git a/includes/utilities.php b/includes/utilities.php
index 07681181..fd9e8789 100644
--- a/includes/utilities.php
+++ b/includes/utilities.php
@@ -239,8 +239,11 @@ abstract class Util
         return 'b'.$_;
     }
 
-    public static function htmlEscape($data)
+    public static function htmlEscape(string|array|null $data) : string|array
     {
+        if (empty($data))                                   // null, '', [] and not "0"
+            return '';
+
         if (is_array($data))
         {
             foreach ($data as &$v)
@@ -252,8 +255,11 @@ abstract class Util
         return htmlspecialchars($data, ENT_QUOTES | ENT_DISALLOWED | ENT_HTML5, 'utf-8');
     }
 
-    public static function jsEscape($data)
+    public static function jsEscape(string|array|null $data) : string|array
     {
+        if (empty($data))                                   // null, '', [] and not "0"
+            return '';
+
         if (is_array($data))
         {
             foreach ($data as &$v)
diff --git a/template/bricks/lvTabs.tpl.php b/template/bricks/lvTabs.tpl.php
index 8ed8e9bd..9745b9a1 100644
--- a/template/bricks/lvTabs.tpl.php
+++ b/template/bricks/lvTabs.tpl.php
@@ -30,10 +30,10 @@ if (($this->lvTabs && count($this->lvTabs)) || $this->charactersLvData || $this-
     echo $this->lvTabs;
 
     if ($this->charactersLvData):
-        echo '                us_addCharactersTab('.$this->json('charactersLvData').');'.PHP_EOL;
+        echo '                us_addCharactersTab('.$this->json('charactersLvData', varRef: true).');'.PHP_EOL;
     endif;
     if ($this->profilesLvData):
-        echo '                us_addProfilesTab('.$this->json('profilesLvData').');'.PHP_EOL;
+        echo '                us_addProfilesTab('.$this->json('profilesLvData', varRef: true).');'.PHP_EOL;
     endif;
     if ($this->contribute & CONTRIBUTE_CO):
         echo "                new Listview({template: 'comment', id: 'comments', name: LANG.tab_comments".($this->lvTabs ? ", tabs: ".$this->lvTabs->__tabVar : '').", parent: 'lv-generic', data: lv_comments});".PHP_EOL;
diff --git a/template/bricks/pageTemplate.tpl.php b/template/bricks/pageTemplate.tpl.php
index 55e92482..7934d751 100644
--- a/template/bricks/pageTemplate.tpl.php
+++ b/template/bricks/pageTemplate.tpl.php
@@ -15,7 +15,7 @@ if ($this->contribute & CONTRIBUTE_VI):
 endif;
 
 if ($this->gPageInfo):
-    echo "                var g_pageInfo = ".$this->json('gPageInfo').";\n";
+    echo "                var g_pageInfo = ".$this->json('gPageInfo', varRef: true).";\n";
 
     // set by ItemBaseEndpoint
     if ($this->user::isLoggedIn() && !empty($this->redButtons[BUTTON_EQUIP])):
@@ -27,7 +27,7 @@ if ($this->pageTemplate):
     if ($this->locale->value && $this->pageTemplate['pageName'] != 'home'):
         echo "                Locale.set(".$this->locale->value.");\n";
     endif;
-    echo "                PageTemplate.set(".$this->json('pageTemplate').");\n";
+    echo "                PageTemplate.set(".$this->json('pageTemplate', varRef: true).");\n";
 endif;
     echo "                PageTemplate.init();\n";
 
diff --git a/template/pages/user.tpl.php b/template/pages/user.tpl.php
index d1605f84..3e4190da 100644
--- a/template/pages/user.tpl.php
+++ b/template/pages/user.tpl.php
@@ -24,7 +24,7 @@
 ?>
                 <div id="h1-icon-generic" class="h1-icon"></div>
                 <script type="text/javascript">
-                    $WH.ge('h1-icon-generic').appendChild(Icon.createUser(<?=substr($this->json('userIcon'), 1, -1); ?>));
+                    $WH.ge('h1-icon-generic').appendChild(Icon.createUser(<?=substr($this->json('userIcon', varRef: true), 1, -1); ?>));
                 </script>
                 <h1 class="h1-icon"><?=$this->h1; ?></h1>
 <?php else: ?>