Added escape method to Utils
This commit is contained in:
Wruczek
parent
a1eafee419
commit
7ac6d34e7b
|
|
@ -2,7 +2,6 @@
|
||||||
|
|
||||||
namespace Wruczek\TSWebsite\Utils\Language;
|
namespace Wruczek\TSWebsite\Utils\Language;
|
||||||
|
|
||||||
use function htmlspecialchars;
|
|
||||||
use Wruczek\PhpFileCache\PhpFileCache;
|
use Wruczek\PhpFileCache\PhpFileCache;
|
||||||
use Wruczek\TSWebsite\Utils\DatabaseUtils;
|
use Wruczek\TSWebsite\Utils\DatabaseUtils;
|
||||||
use Wruczek\TSWebsite\Utils\SingletonTait;
|
use Wruczek\TSWebsite\Utils\SingletonTait;
|
||||||
|
|
|
||||||
|
|
@ -165,13 +165,13 @@ class TemplateUtils {
|
||||||
}
|
}
|
||||||
} else if (is_string($parameter)) {
|
} else if (is_string($parameter)) {
|
||||||
// NEEDS to start with a space!
|
// NEEDS to start with a space!
|
||||||
$attributes = ' integrity="' . htmlspecialchars($parameter) . '" crossorigin="anonymous"';
|
$attributes = ' integrity="' . Utils::escape($parameter) . '" crossorigin="anonymous"';
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($resourceType === "stylesheet") {
|
if ($resourceType === "stylesheet") {
|
||||||
echo '<link rel="stylesheet" href="' . htmlspecialchars($url) . '"' . $attributes . '>';
|
echo '<link rel="stylesheet" href="' . Utils::escape($url) . '"' . $attributes . '>';
|
||||||
} else if ($resourceType === "script") {
|
} else if ($resourceType === "script") {
|
||||||
echo '<script src="' . htmlspecialchars($url) . '"' . $attributes . '></script>';
|
echo '<script src="' . Utils::escape($url) . '"' . $attributes . '></script>';
|
||||||
} else {
|
} else {
|
||||||
throw new \InvalidArgumentException("$resourceType is not a valid resource type");
|
throw new \InvalidArgumentException("$resourceType is not a valid resource type");
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -9,12 +9,21 @@ use Wruczek\TSWebsite\News\INewsStore;
|
||||||
/**
|
/**
|
||||||
* Class Utils
|
* Class Utils
|
||||||
* @package Wruczek\TSWebsite\Utils
|
* @package Wruczek\TSWebsite\Utils
|
||||||
* @author Wruczek 2017
|
* @author Wruczek 2017 - 2019
|
||||||
*/
|
*/
|
||||||
class Utils {
|
class Utils {
|
||||||
|
|
||||||
private function __construct() {}
|
private function __construct() {}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Escapes HTML characters with htmlspecialchars
|
||||||
|
* @param $string string String to be escaped
|
||||||
|
* @return string escaped string
|
||||||
|
*/
|
||||||
|
public static function escape($string) {
|
||||||
|
return htmlspecialchars((string) $string, ENT_QUOTES, "UTF-8");
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Strips the first line from string
|
* Strips the first line from string
|
||||||
* https://stackoverflow.com/a/7740485
|
* https://stackoverflow.com/a/7740485
|
||||||
|
|
@ -100,7 +109,7 @@ class Utils {
|
||||||
*/
|
*/
|
||||||
public static function getClientIp($useCfip = null) {
|
public static function getClientIp($useCfip = null) {
|
||||||
if ($useCfip === null) {
|
if ($useCfip === null) {
|
||||||
$useCfip = (bool) Config::get("usingcloudflare");
|
$useCfip = Config::get("usingcloudflare");
|
||||||
}
|
}
|
||||||
|
|
||||||
// If IPv6 localhost, return IPv4 localhost
|
// If IPv6 localhost, return IPv4 localhost
|
||||||
|
|
@ -108,7 +117,7 @@ class Utils {
|
||||||
return "127.0.0.1";
|
return "127.0.0.1";
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!empty($_SERVER["HTTP_CF_CONNECTING_IP"]) && $useCfip) {
|
if ($useCfip && !empty($_SERVER["HTTP_CF_CONNECTING_IP"])) {
|
||||||
return $_SERVER["HTTP_CF_CONNECTING_IP"];
|
return $_SERVER["HTTP_CF_CONNECTING_IP"];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,7 @@ namespace Wruczek\TSWebsite;
|
||||||
|
|
||||||
use function __get;
|
use function __get;
|
||||||
use TeamSpeak3;
|
use TeamSpeak3;
|
||||||
|
use Wruczek\TSWebsite\Utils\Utils;
|
||||||
|
|
||||||
class ViewerRenderer {
|
class ViewerRenderer {
|
||||||
|
|
||||||
|
|
@ -77,7 +78,7 @@ EOD;
|
||||||
$this->add(
|
$this->add(
|
||||||
$html,
|
$html,
|
||||||
$this->getIcon("server_green.svg"),
|
$this->getIcon("server_green.svg"),
|
||||||
htmlspecialchars($this->serverInfo["virtualserver_name"]),
|
Utils::escape($this->serverInfo["virtualserver_name"]),
|
||||||
$suffixIcons
|
$suffixIcons
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
@ -99,8 +100,8 @@ EOD;
|
||||||
$path = "api/geticon.php?iconid=" . (int) $name;
|
$path = "api/geticon.php?iconid=" . (int) $name;
|
||||||
}
|
}
|
||||||
|
|
||||||
$ttip = $tooltip ? ' data-toggle="tooltip" title="' . htmlspecialchars($tooltip) . '"' : "";
|
$ttip = $tooltip ? ' data-toggle="tooltip" title="' . Utils::escape($tooltip) . '"' : "";
|
||||||
return '<img class="icon" src="' . $path . '" alt="' . htmlspecialchars($alt) . '"' . $ttip . '>';
|
return '<img class="icon" src="' . $path . '" alt="' . Utils::escape($alt) . '"' . $ttip . '>';
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -162,7 +163,7 @@ EOD;
|
||||||
$channel->getId(),
|
$channel->getId(),
|
||||||
$channel->isSpacer() ? "" : ' tabindex="0"',
|
$channel->isSpacer() ? "" : ' tabindex="0"',
|
||||||
$channelIcon,
|
$channelIcon,
|
||||||
htmlspecialchars($channelDisplayName),
|
Utils::escape($channelDisplayName),
|
||||||
$suffixIcons
|
$suffixIcons
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
@ -222,7 +223,7 @@ EOD;
|
||||||
$clientName = implode(" ", $beforeName); // prefix groups
|
$clientName = implode(" ", $beforeName); // prefix groups
|
||||||
$clientName .= " {$client["client_nickname"]} "; // nickname
|
$clientName .= " {$client["client_nickname"]} "; // nickname
|
||||||
$clientName .= implode(" ", $afterName); // suffix groups
|
$clientName .= implode(" ", $afterName); // suffix groups
|
||||||
$clientName = htmlspecialchars(trim($clientName)); // trim and sanitize
|
$clientName = Utils::escape(trim($clientName)); // trim and sanitize
|
||||||
|
|
||||||
$this->add(
|
$this->add(
|
||||||
$html,
|
$html,
|
||||||
|
|
@ -286,7 +287,7 @@ EOD;
|
||||||
}
|
}
|
||||||
|
|
||||||
if($client["client_away"]) {
|
if($client["client_away"]) {
|
||||||
return $this->getIcon("away.svg", htmlspecialchars($client["client_away_message"]) ?: __get("VIEWER_CLIENT_AWAY"));
|
return $this->getIcon("away.svg", Utils::escape($client["client_away_message"]) ?: __get("VIEWER_CLIENT_AWAY"));
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!$client["client_output_hardware"]) {
|
if(!$client["client_output_hardware"]) {
|
||||||
|
|
@ -340,7 +341,7 @@ EOD;
|
||||||
// to show the group with a "broken-image" icons.
|
// to show the group with a "broken-image" icons.
|
||||||
}
|
}
|
||||||
|
|
||||||
$html .= $this->getIcon($icon, htmlspecialchars($group["name"]));
|
$html .= $this->getIcon($icon, Utils::escape($group["name"]));
|
||||||
}
|
}
|
||||||
|
|
||||||
if($client["client_icon_id"]) {
|
if($client["client_icon_id"]) {
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,7 @@ use Wruczek\TSWebsite\Config;
|
||||||
use Wruczek\TSWebsite\ServerIconCache;
|
use Wruczek\TSWebsite\ServerIconCache;
|
||||||
use Wruczek\TSWebsite\Utils\CsrfUtils;
|
use Wruczek\TSWebsite\Utils\CsrfUtils;
|
||||||
use Wruczek\TSWebsite\Utils\Language\LanguageUtils;
|
use Wruczek\TSWebsite\Utils\Language\LanguageUtils;
|
||||||
|
use Wruczek\TSWebsite\Utils\Utils;
|
||||||
|
|
||||||
session_name("tswebsite_sessionid");
|
session_name("tswebsite_sessionid");
|
||||||
|
|
||||||
|
|
@ -71,7 +72,7 @@ if(!isset($_SESSION["userlanguageid"])) {
|
||||||
try {
|
try {
|
||||||
return LanguageUtils::i()->translate($identifier, $args);
|
return LanguageUtils::i()->translate($identifier, $args);
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
return "(unknown translation for " . htmlspecialchars($identifier) . ")";
|
return "(unknown translation for " . Utils::escape($identifier) . ")";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue