mirror of
https://github.com/Oreolek/ifhub.club.git
synced 2024-06-26 03:30:48 +03:00
fix XSS
This commit is contained in:
Mzhelskiy Maxim
parent
4e88e56f56
commit
b30cb2b879
|
|
@ -619,7 +619,7 @@ class ActionProfile extends Action {
|
|||
/**
|
||||
* Экранируем текст и добавляем запись в БД
|
||||
*/
|
||||
$oNote->setText(htmlspecialchars($oNote->getText()));
|
||||
$oNote->setText(htmlspecialchars(strip_tags($oNote->getText())));
|
||||
if ($this->User_SaveNote($oNote)) {
|
||||
$this->Viewer_AssignAjax('sText',$oNote->getText());
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@
|
|||
</td>
|
||||
<td>
|
||||
{strip}
|
||||
<a href="{router page='talk'}read/{$oTalk->getId()}/" class="js-title-talk" title="{$oTalk->getTextLast()|strip_tags|truncate:100:'...'}">
|
||||
<a href="{router page='talk'}read/{$oTalk->getId()}/" class="js-title-talk" title="{$oTalk->getTextLast()|strip_tags|truncate:100:'...'|escape:'html'}">
|
||||
{if $oTalkUserAuthor->getCommentCountNew() or !$oTalkUserAuthor->getDateLast()}
|
||||
<strong>{$oTalk->getTitle()|escape:'html'}</strong>
|
||||
{else}
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
{assign var="oTopic" value=$oComment->getTarget()}
|
||||
{assign var="oBlog" value=$oTopic->getBlog()}
|
||||
|
||||
<li class="js-title-comment" title="{$oComment->getText()|strip_tags|trim|truncate:100:'...'}">
|
||||
<li class="js-title-comment" title="{$oComment->getText()|strip_tags|trim|truncate:100:'...'|escape:'html'}">
|
||||
<a href="{$oUser->getUserWebPath()}"><img src="{$oUser->getProfileAvatarPath(48)}" alt="avatar" class="avatar" /></a>
|
||||
|
||||
<a href="{$oUser->getUserWebPath()}" class="author">{$oUser->getLogin()}</a> →
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
{assign var="oUser" value=$oTopic->getUser()}
|
||||
{assign var="oBlog" value=$oTopic->getBlog()}
|
||||
|
||||
<li class="js-title-topic" title="{$oTopic->getText()|strip_tags|trim|truncate:150:'...'}">
|
||||
<li class="js-title-topic" title="{$oTopic->getText()|strip_tags|trim|truncate:150:'...'|escape:'html'}">
|
||||
<a href="{$oUser->getUserWebPath()}"><img src="{$oUser->getProfileAvatarPath(48)}" alt="avatar" class="avatar" /></a>
|
||||
|
||||
<a href="{$oUser->getUserWebPath()}" class="author">{$oUser->getLogin()}</a> →
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@
|
|||
<a href="{$oUserList->getUserWebPath()}"><img src="{$oUserList->getProfileAvatarPath(24)}" alt="avatar" class="avatar" /></a>
|
||||
<p class="username word-wrap"><a href="{$oUserList->getUserWebPath()}">{$oUserList->getLogin()}</a>
|
||||
{if $oUserNote}
|
||||
<i class="icon-comment js-infobox" title="{$oUserNote->getText()}"></i>
|
||||
<i class="icon-comment js-infobox" title="{$oUserNote->getText()|escape:'html'}"></i>
|
||||
{/if}
|
||||
</p>
|
||||
</td>
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@
|
|||
<td>
|
||||
{if $oUserCurrent}
|
||||
{if $oUserNote}
|
||||
<button type="button" class="button button-action button-action-note js-infobox" title="{$oUserNote->getText()}"><i class="icon-synio-comments-green"></i></button>
|
||||
<button type="button" class="button button-action button-action-note js-infobox" title="{$oUserNote->getText()|escape:'html'}"><i class="icon-synio-comments-green"></i></button>
|
||||
{/if}
|
||||
<a href="{router page='talk'}add/?talk_users={$oUserList->getLogin()}"><button type="submit" class="button button-action button-action-send-message"><i class="icon-synio-send-message"></i><span>{$aLang.user_write_prvmsg}</span></button></a>
|
||||
{/if}
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@
|
|||
</td>
|
||||
<td class="cell-title">
|
||||
{strip}
|
||||
<a href="{router page='talk'}read/{$oTalk->getId()}/" class="js-title-talk" title="{$oTalk->getTextLast()|strip_tags|truncate:100:'...'}">
|
||||
<a href="{router page='talk'}read/{$oTalk->getId()}/" class="js-title-talk" title="{$oTalk->getTextLast()|strip_tags|truncate:100:'...'|escape:'html'}">
|
||||
{if $oTalkUserAuthor->getCommentCountNew() or !$oTalkUserAuthor->getDateLast()}
|
||||
<strong>{$oTalk->getTitle()|escape:'html'}</strong>
|
||||
{else}
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
{assign var="oTopic" value=$oComment->getTarget()}
|
||||
{assign var="oBlog" value=$oTopic->getBlog()}
|
||||
|
||||
<li class="js-title-comment" title="{$oComment->getText()|strip_tags|trim|truncate:100:'...'}">
|
||||
<li class="js-title-comment" title="{$oComment->getText()|strip_tags|trim|truncate:100:'...'|escape:'html'}">
|
||||
<p>
|
||||
<a href="{$oUser->getUserWebPath()}" class="author">{$oUser->getLogin()}</a>
|
||||
<time datetime="{date_format date=$oComment->getDate() format='c'}" title="{date_format date=$oComment->getDate() format="j F Y, H:i"}">
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
{assign var="oUser" value=$oTopic->getUser()}
|
||||
{assign var="oBlog" value=$oTopic->getBlog()}
|
||||
|
||||
<li class="js-title-comment" title="{$oTopic->getText()|strip_tags|trim|truncate:150:'...'}">
|
||||
<li class="js-title-topic" title="{$oTopic->getText()|strip_tags|trim|truncate:150:'...'|escape:'html'}">
|
||||
<p>
|
||||
<a href="{$oUser->getUserWebPath()}" class="author">{$oUser->getLogin()}</a>
|
||||
<time datetime="{date_format date=$oTopic->getDateAdd() format='c'}" title="{date_format date=$oTopic->getDateAdd() format="j F Y, H:i"}">
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@
|
|||
<td>
|
||||
{if $oUserCurrent}
|
||||
{if $oUserNote}
|
||||
<button type="button" class="button button-action button-action-note js-infobox" title="{$oUserNote->getText()}"><i class="icon-synio-comments-green"></i></button>
|
||||
<button type="button" class="button button-action button-action-note js-infobox" title="{$oUserNote->getText()|escape:'html'}"><i class="icon-synio-comments-green"></i></button>
|
||||
{/if}
|
||||
<a href="{router page='talk'}add/?talk_users={$oUserList->getLogin()}"><button type="submit" class="button button-action button-action-send-message"><i class="icon-synio-send-message"></i><span>{$aLang.user_write_prvmsg}</span></button></a>
|
||||
{/if}
|
||||
|
|
|
|||
Loading…
Reference in a new issue