fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-03 08:41:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix double escaping of document and comment summary

Browse source
This commit is contained in:
Kijin Sung 2025-09-09 15:24:54 +09:00
parent 173bed7c2a
commit 3c3e510c2e
2 changed files with 30 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

15
modules/comment/comment.item.php
View file

@ -466,10 +466,12 @@ class CommentItem extends BaseObject
$content = trim(utf8_normalize_spaces(html_entity_decode(strip_tags($content))));
if($strlen)
{
$content = cut_str($content, $strlen, '...');
$content = escape(cut_str($content, $strlen, '...'), false);
}
else
{
$content = escape($content);
}
$content = escape($content);
if ($content === '')
{
@ -511,9 +513,12 @@ class CommentItem extends BaseObject
$content = trim(utf8_normalize_spaces(html_entity_decode(strip_tags($content))));
if($strlen)
{
$content = cut_str($content, $strlen, '...');
return escape(cut_str($content, $strlen, '...'), false);
}
else
{
return escape($content);
}
return escape($content);
}
/**

31
modules/document/document.item.php
View file

@ -634,10 +634,12 @@ class DocumentItem extends BaseObject
$content = trim(utf8_normalize_spaces(html_entity_decode(strip_tags($content))));
if($strlen)
{
$content = cut_str($content, $strlen, '...');
return escape(cut_str($content, $strlen, '...'), false);
}
else
{
return escape($content);
}
return escape($content);
}
function getContentText($strlen = 0)
@ -653,17 +655,22 @@ class DocumentItem extends BaseObject
}
$content = preg_replace('!(</p>|</div>|<br)!i', ' $1', $this->get('content'));
$content = preg_replace_callback('/<(object|param|embed)[^>]*/is', array($this, '_checkAllowScriptAccess'), $content);
$content = preg_replace_callback('/<object[^>]*>/is', array($this, '_addAllowScriptAccess'), $content);
//$content = preg_replace_callback('/<(object|param|embed)[^>]*/is', array($this, '_checkAllowScriptAccess'), $content);
//$content = preg_replace_callback('/<object[^>]*>/is', array($this, '_addAllowScriptAccess'), $content);
$content = trim(utf8_normalize_spaces(html_entity_decode(strip_tags($content))));
if($strlen)
{
$content = trim(utf8_normalize_spaces(html_entity_decode(strip_tags($content))));
$content = cut_str($content, $strlen, '...');
return escape(cut_str($content, $strlen, '...'), false);
}
else
{
return escape($content);
}
return escape($content);
}
/**
* @deprecated
*/
function _addAllowScriptAccess($m)
{
if($this->allowscriptaccessList[$this->allowscriptaccessKey] == 1)
@ -674,6 +681,9 @@ class DocumentItem extends BaseObject
return $m[0];
}
/**
* @deprecated
*/
function _checkAllowScriptAccess($m)
{
if($m[1] == 'object')
@ -806,8 +816,7 @@ class DocumentItem extends BaseObject
// Truncate string
$content = cut_str($content, $str_size, $tail);
return escape($content);
return escape($content, false);
}
function getRegdate($format = 'Y.m.d H:i:s', $conversion = true)