fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-03 08:41:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

Clean up HTML filtering and emoji encoding #2631

Browse source
This commit is contained in:
Kijin Sung 2025-12-17 17:53:39 +09:00
parent 307661b57b
commit cc17bbe05a
4 changed files with 46 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

22
modules/comment/comment.controller.php
View file

@ -677,23 +677,26 @@ class CommentController extends Comment
}
// if use editor of nohtml, Remove HTML tags from the contents.
if(!$manual_inserted || isset($obj->allow_html) || isset($obj->use_html))
if (!$manual_inserted || isset($obj->allow_html) || isset($obj->use_html))
{
$obj->content = EditorModel::converter($obj, 'comment');
}
// remove iframe and script if not a top administrator on the session.
if($logged_info->is_admin != 'Y')
if ($logged_info->is_admin !== 'Y')
{
$obj->content = removeHackTag($obj->content);
$obj->content = Rhymix\Framework\Filters\HTMLFilter::clean((string)$obj->content);
}
if (config('db.master.charset') !== 'utf8mb4')
{
$obj->content = utf8_mbencode($obj->content);
}
$obj->content = utf8_mbencode($obj->content);
// Set other flags.
if (isset($obj->notify_message) && $obj->notify_message !== 'Y')
{
$obj->notify_message = 'N';
}
if (isset($obj->is_secret) && $obj->is_secret !== 'Y')
{
$obj->is_secret = 'N';
@ -1042,11 +1045,14 @@ class CommentController extends Comment
// remove iframe and script if not a top administrator on the session
$logged_info = Context::get('logged_info');
if($logged_info->is_admin != 'Y')
if ($logged_info->is_admin !== 'Y')
{
$obj->content = removeHackTag($obj->content);
$obj->content = Rhymix\Framework\Filters\HTMLFilter::clean((string)$obj->content);
}
if (config('db.master.charset') !== 'utf8mb4')
{
$obj->content = utf8_mbencode($obj->content);
}
$obj->content = utf8_mbencode($obj->content);
// begin transaction
$oDB = DB::getInstance();

11
modules/communication/communication.controller.php
View file

@ -184,9 +184,12 @@ class CommunicationController extends communication
{
// Encode the title and content.
$title = escape($title, false);
$content = removeHackTag($content);
$title = utf8_mbencode($title);
$content = utf8_mbencode($content);
$content = Rhymix\Framework\Filters\HTMLFilter::clean((string)$content);
if (config('db.master.charset') !== 'utf8mb4')
{
$title = utf8_mbencode($title);
$content = utf8_mbencode($content);
}
$message_srl = $temp_srl ?: getNextSequence();
$related_srl = getNextSequence();
@ -309,7 +312,7 @@ class CommunicationController extends communication
$mail_content = vsprintf('From: %s<br><hr><br>%s<br><hr><br>%s<br><a href="%s" target="_blank">%s</a>', [
$sender->nick_name,
utf8_mbencode(removeHackTag($content)),
utf8_mbencode(Rhymix\Framework\Filters\HTMLFilter::clean((string)$content)),
Context::getSiteTitle(),
$view_url, $view_url,
]);

34
modules/document/document.controller.php
View file

@ -811,24 +811,31 @@ class DocumentController extends Document
}
// if use editor of nohtml, Remove HTML tags from the contents.
if(!$manual_inserted || isset($obj->allow_html) || isset($obj->use_html))
if (!$manual_inserted || isset($obj->allow_html) || isset($obj->use_html))
{
$obj->content = EditorModel::converter($obj, 'document');
}
// Remove iframe and script if not a top adminisrator in the session.
if($logged_info->is_admin != 'Y')
if ($logged_info->is_admin !== 'Y')
{
$obj->content = removeHackTag($obj->content);
$obj->content = Rhymix\Framework\Filters\HTMLFilter::clean((string)$obj->content);
}
// Fix encoding of non-BMP UTF-8 characters.
if (config('db.master.charset') !== 'utf8mb4')
{
$obj->title = utf8_mbencode($obj->title);
$obj->content = utf8_mbencode($obj->content);
}
// An error appears if both log-in info and user name don't exist.
if(!$logged_info->member_srl && !$obj->nick_name) return new BaseObject(-1, 'msg_invalid_request');
// Fix encoding of non-BMP UTF-8 characters.
$obj->title = utf8_mbencode($obj->title);
$obj->content = utf8_mbencode($obj->content);
if (!$logged_info->member_srl && !$obj->nick_name)
{
return new BaseObject(-1, 'msg_invalid_request');
}
// Set lang_code to the current user's language
$obj->lang_code = Context::getLangType();
// begin transaction
@ -1167,14 +1174,17 @@ class DocumentController extends Document
}
// Remove iframe and script if not a top adminisrator in the session.
if($logged_info->is_admin != 'Y')
if ($logged_info->is_admin !== 'Y')
{
$obj->content = removeHackTag($obj->content);
$obj->content = Rhymix\Framework\Filters\HTMLFilter::clean((string)$obj->content);
}
// Fix encoding of non-BMP UTF-8 characters.
$obj->title = utf8_mbencode($obj->title);
$obj->content = utf8_mbencode($obj->content);
if (config('db.master.charset') !== 'utf8mb4')
{
$obj->title = utf8_mbencode($obj->title);
$obj->content = utf8_mbencode($obj->content);
}
// Begin transaction
$oDB = DB::getInstance();

7
modules/document/document.view.php
View file

@ -55,11 +55,10 @@ class DocumentView extends Document
throw new Rhymix\Framework\Exceptions\SecurityViolation;
}
$content = Context::get('content');
if(Context::get('logged_info')->is_admin != 'Y')
$content = (string)Context::get('content');
if (Context::get('logged_info')->is_admin !== 'Y')
{
$content = removeHackTag($content);
$content = Rhymix\Framework\Filters\HTMLFilter::clean($content);
}
// Editor converter