fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-02 01:52:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

Clean up HTML filtering and emoji encoding #2631

Browse source
This commit is contained in:
Kijin Sung 2025-12-17 17:53:39 +09:00
parent 307661b57b
commit cc17bbe05a
4 changed files with 46 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

22
modules/comment/comment.controller.php
View file

@ -677,23 +677,26 @@ class CommentController extends Comment
} }
// if use editor of nohtml, Remove HTML tags from the contents. // if use editor of nohtml, Remove HTML tags from the contents.
if(!$manual_inserted || isset($obj->allow_html) || isset($obj->use_html)) if (!$manual_inserted || isset($obj->allow_html) || isset($obj->use_html))
{ {
$obj->content = EditorModel::converter($obj, 'comment'); $obj->content = EditorModel::converter($obj, 'comment');
} }
// remove iframe and script if not a top administrator on the session. // remove iframe and script if not a top administrator on the session.
if($logged_info->is_admin != 'Y') if ($logged_info->is_admin !== 'Y')
{ {
$obj->content = removeHackTag($obj->content); $obj->content = Rhymix\Framework\Filters\HTMLFilter::clean((string)$obj->content);
}
if (config('db.master.charset') !== 'utf8mb4')
{
$obj->content = utf8_mbencode($obj->content);
} }
$obj->content = utf8_mbencode($obj->content);
// Set other flags.
if (isset($obj->notify_message) && $obj->notify_message !== 'Y') if (isset($obj->notify_message) && $obj->notify_message !== 'Y')
{ {
$obj->notify_message = 'N'; $obj->notify_message = 'N';
} }
if (isset($obj->is_secret) && $obj->is_secret !== 'Y') if (isset($obj->is_secret) && $obj->is_secret !== 'Y')
{ {
$obj->is_secret = 'N'; $obj->is_secret = 'N';
@ -1042,11 +1045,14 @@ class CommentController extends Comment
// remove iframe and script if not a top administrator on the session // remove iframe and script if not a top administrator on the session
$logged_info = Context::get('logged_info'); $logged_info = Context::get('logged_info');
if($logged_info->is_admin != 'Y') if ($logged_info->is_admin !== 'Y')
{ {
$obj->content = removeHackTag($obj->content); $obj->content = Rhymix\Framework\Filters\HTMLFilter::clean((string)$obj->content);
}
if (config('db.master.charset') !== 'utf8mb4')
{
$obj->content = utf8_mbencode($obj->content);
} }
$obj->content = utf8_mbencode($obj->content);
// begin transaction // begin transaction
$oDB = DB::getInstance(); $oDB = DB::getInstance();

11
modules/communication/communication.controller.php
View file

@ -184,9 +184,12 @@ class CommunicationController extends communication
{ {
// Encode the title and content. // Encode the title and content.
$title = escape($title, false); $title = escape($title, false);
$content = removeHackTag($content); $content = Rhymix\Framework\Filters\HTMLFilter::clean((string)$content);
$title = utf8_mbencode($title); if (config('db.master.charset') !== 'utf8mb4')
$content = utf8_mbencode($content); {
$title = utf8_mbencode($title);
$content = utf8_mbencode($content);
}
$message_srl = $temp_srl ?: getNextSequence(); $message_srl = $temp_srl ?: getNextSequence();
$related_srl = getNextSequence(); $related_srl = getNextSequence();
@ -309,7 +312,7 @@ class CommunicationController extends communication
$mail_content = vsprintf('From: %s<br><hr><br>%s<br><hr><br>%s<br><a href="%s" target="_blank">%s</a>', [ $mail_content = vsprintf('From: %s<br><hr><br>%s<br><hr><br>%s<br><a href="%s" target="_blank">%s</a>', [
$sender->nick_name, $sender->nick_name,
utf8_mbencode(removeHackTag($content)), utf8_mbencode(Rhymix\Framework\Filters\HTMLFilter::clean((string)$content)),
Context::getSiteTitle(), Context::getSiteTitle(),
$view_url, $view_url, $view_url, $view_url,
]); ]);

34
modules/document/document.controller.php
View file

@ -811,24 +811,31 @@ class DocumentController extends Document
} }
// if use editor of nohtml, Remove HTML tags from the contents. // if use editor of nohtml, Remove HTML tags from the contents.
if(!$manual_inserted || isset($obj->allow_html) || isset($obj->use_html)) if (!$manual_inserted || isset($obj->allow_html) || isset($obj->use_html))
{ {
$obj->content = EditorModel::converter($obj, 'document'); $obj->content = EditorModel::converter($obj, 'document');
} }
// Remove iframe and script if not a top adminisrator in the session. // Remove iframe and script if not a top adminisrator in the session.
if($logged_info->is_admin != 'Y') if ($logged_info->is_admin !== 'Y')
{ {
$obj->content = removeHackTag($obj->content); $obj->content = Rhymix\Framework\Filters\HTMLFilter::clean((string)$obj->content);
}
// Fix encoding of non-BMP UTF-8 characters.
if (config('db.master.charset') !== 'utf8mb4')
{
$obj->title = utf8_mbencode($obj->title);
$obj->content = utf8_mbencode($obj->content);
} }
// An error appears if both log-in info and user name don't exist. // An error appears if both log-in info and user name don't exist.
if(!$logged_info->member_srl && !$obj->nick_name) return new BaseObject(-1, 'msg_invalid_request'); if (!$logged_info->member_srl && !$obj->nick_name)
{
// Fix encoding of non-BMP UTF-8 characters. return new BaseObject(-1, 'msg_invalid_request');
$obj->title = utf8_mbencode($obj->title); }
$obj->content = utf8_mbencode($obj->content);
// Set lang_code to the current user's language
$obj->lang_code = Context::getLangType(); $obj->lang_code = Context::getLangType();
// begin transaction // begin transaction
@ -1167,14 +1174,17 @@ class DocumentController extends Document
} }
// Remove iframe and script if not a top adminisrator in the session. // Remove iframe and script if not a top adminisrator in the session.
if($logged_info->is_admin != 'Y') if ($logged_info->is_admin !== 'Y')
{ {
$obj->content = removeHackTag($obj->content); $obj->content = Rhymix\Framework\Filters\HTMLFilter::clean((string)$obj->content);
} }
// Fix encoding of non-BMP UTF-8 characters. // Fix encoding of non-BMP UTF-8 characters.
$obj->title = utf8_mbencode($obj->title); if (config('db.master.charset') !== 'utf8mb4')
$obj->content = utf8_mbencode($obj->content); {
$obj->title = utf8_mbencode($obj->title);
$obj->content = utf8_mbencode($obj->content);
}
// Begin transaction // Begin transaction
$oDB = DB::getInstance(); $oDB = DB::getInstance();

7
modules/document/document.view.php
View file

@ -55,11 +55,10 @@ class DocumentView extends Document
throw new Rhymix\Framework\Exceptions\SecurityViolation; throw new Rhymix\Framework\Exceptions\SecurityViolation;
} }
$content = Context::get('content'); $content = (string)Context::get('content');
if (Context::get('logged_info')->is_admin !== 'Y')
if(Context::get('logged_info')->is_admin != 'Y')
{ {
$content = removeHackTag($content); $content = Rhymix\Framework\Filters\HTMLFilter::clean($content);
} }
// Editor converter // Editor converter