fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-27 22:33:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

Add getContentPlainText() and fix improper escaping in getContentText()

Browse source
This commit is contained in:
Kijin Sung 2017-07-11 17:08:48 +09:00
parent 8998c752a5
commit aa7dc75f56
2 changed files with 64 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

39
modules/document/document.item.php
View file

@ -484,8 +484,34 @@ class documentItem extends Object
if($this->get('title_bold')=='Y') $attrs[] = "font-weight:bold;";
if($this->get('title_color') && $this->get('title_color') != 'N') $attrs[] = "color:#".$this->get('title_color');
if(count($attrs)) return sprintf("<span style=\"%s\">%s</span>", implode(';',$attrs), htmlspecialchars($title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
else return htmlspecialchars($title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
if(count($attrs))
{
return sprintf("<span style=\"%s\">%s</span>", implode(';', $attrs), escape($title, false));
}
else
{
return escape($title, false);
}
}
function getContentPlainText($strlen = 0)
{
if(!$this->document_srl) return;
if($this->isSecret() && !$this->isGranted() && !$this->isAccessible()) return lang('msg_is_secret');
$result = $this->_checkAccessibleFromStatus();
if($result && Context::getSessionStatus())
{
$this->setAccessible();
}
$content = $this->get('content');
$content = trim(utf8_normalize_spaces(html_entity_decode(strip_tags($content))));
if($strlen)
{
$content = cut_str($content, $strlen, '...');
}
return escape($content);
}
function getContentText($strlen = 0)
@ -504,9 +530,12 @@ class documentItem extends Object
$content = preg_replace_callback('/<(object|param|embed)[^>]*/is', array($this, '_checkAllowScriptAccess'), $content);
$content = preg_replace_callback('/<object[^>]*>/is', array($this, '_addAllowScriptAccess'), $content);
if($strlen) return cut_str(strip_tags($content),$strlen,'...');
return htmlspecialchars($content);
if($strlen)
{
$content = trim(utf8_normalize_spaces(html_entity_decode(strip_tags($content))));
$content = cut_str($content, $strlen, '...');
}
return escape($content);
}
function _addAllowScriptAccess($m)