fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-03 16:51:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix #2231, #2232 inconsistent escaping of menu titles

Browse source
This commit is contained in:
Kijin Sung 2023-12-13 23:00:27 +09:00
parent 0d529ef682
commit ea15541d05
3 changed files with 17 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

22
modules/menu/menu.admin.controller.php
View file

@ -532,7 +532,7 @@ class MenuAdminController extends Menu
if(!$args->is_shortcut) $args->is_shortcut = 'Y';
if($request->menu_name_key) $args->name = $request->menu_name_key;
else $args->name = $request->menu_name;
else $args->name = escape($request->menu_name, true, true);
}
// type is module short cut
else if(is_numeric($request->shortcut_target))
@ -552,7 +552,7 @@ class MenuAdminController extends Menu
unset($args->group_srls);
}
$args->menu_srl = $request->menu_srl;
$args->name = $request->menu_name;
$args->name = escape($request->menu_name, true, true);
$args->parent_srl = $request->parent_srl;
$args->is_shortcut = $request->is_shortcut;
}
@ -561,15 +561,15 @@ class MenuAdminController extends Menu
{
$args = new stdClass();
$args->menu_srl = $request->menu_srl;
$args->name = $request->menu_name;
$args->name = escape($request->menu_name, true, true);
$args->parent_srl = $request->parent_srl;
$args->is_shortcut = $request->is_shortcut;
$args->url = '#';
}
$args->icon = trim($request->menu_icon ?? '') ?: '';
$args->icon = escape(trim($request->menu_icon ?? '') ?: '');
$args->class = trim(preg_replace('/[^a-z0-9\x20_-]/', '', $request->menu_class ?? ''));
$args->desc = trim($request->menu_desc ?? '') ?: '';
$args->desc = escape(trim($request->menu_desc ?? '') ?: '', true, true);
$args->menu_item_srl = getNextSequence();
$args->listorder = -1*$args->menu_item_srl;
@ -601,11 +601,11 @@ class MenuAdminController extends Menu
if(!$args->is_shortcut) $args->is_shortcut = 'N';
if($request->menu_name_key) $args->name = $request->menu_name_key;
else $args->name = $request->menu_name;
else $args->name = escape($request->menu_name, true, true);
$args->icon = trim($request->menu_icon ?? '') ?: '';
$args->icon = escape(trim($request->menu_icon ?? '') ?: '');
$args->class = trim(preg_replace('/[^a-z0-9\x20_-]/', '', $request->menu_class ?? ''));
$args->desc = trim($request->menu_desc ?? '') ?: '';
$args->desc = escape(trim($request->menu_desc ?? '') ?: '', true, true);
if($request->module_id && strncasecmp('http', $request->module_id, 4) === 0)
{
@ -786,12 +786,12 @@ class MenuAdminController extends Menu
}
else
{
$args->name = $request->menu_name;
$args->name = escape($request->menu_name, true, true);
}
$args->icon = trim($request->menu_icon ?? '') ?: '';
$args->icon = escape(trim($request->menu_icon ?? '') ?: '');
$args->class = trim(preg_replace('/[^a-z0-9\x20_-]/', '', $request->menu_class ?? ''));
$args->desc = trim($request->menu_desc ?? '') ?: '';
$args->desc = escape(trim($request->menu_desc ?? '') ?: '', true, true);
unset($args->group_srls);
$args->open_window = $request->menu_open_window;

8
modules/menu/tpl/sitemap.html
View file

@ -1745,7 +1745,7 @@ jQuery(function($){
var sMenuId = $._htMarkupActionParam.sMenuId;
var htInfo = htNodeInfo[sMenuId];
$(ev.target).find('.title').text(htInfo.sText);
$(ev.target).find('.title').text(htInfo.sText.escape(false).unescape());
$(ev.target).find('.title').attr('href', htInfo.href);
@ -1970,10 +1970,10 @@ jQuery(function($){
$(this).addClass('page');
}
$(this).find('#menuName').val(htInfo.sMenuNameKey.match(/\$user_lang->/) ? htInfo.sMenuNameKey : htInfo.sText);
$(this).find('#menuName').val(htInfo.sMenuNameKey.match(/\$user_lang->/) ? htInfo.sMenuNameKey : htInfo.sText.escape(false).unescape());
$(this).find('#menuIcon').val(htInfo.icon);
$(this).find('#menuClass').val(htInfo.class);
$(this).find('#menuDesc').val(htInfo.desc);
$(this).find('#menuDesc').val(htInfo.desc.escape(false).unescape());
//menu_name_key
$(this).find('#mid2').val(htInfo.url);
@ -1998,7 +1998,7 @@ jQuery(function($){
showMenuSelector($(this).find('._menuSelector_menuTreeContainer'));
}
}else{
$(this).find('._browserTitle').val(htInfo.browser_title);
$(this).find('._browserTitle').val(htInfo.browser_title.escape(false).unescape());
}
if(htInfo.open_window === "N"){

4
modules/module/module.controller.php
View file

@ -395,7 +395,7 @@ class ModuleController extends Module
{
$args->module_srl = getNextSequence();
}
$args->browser_title = escape(strip_tags($args->browser_title ?? ''), false, true);
$args->browser_title = escape($args->browser_title ?? '', false, true);
$args->description = isset($args->description) ? escape($args->description, false) : null;
if(!isset($args->skin) || $args->skin == '/USE_DEFAULT/')
{
@ -508,7 +508,7 @@ class ModuleController extends Module
}
}
$args->browser_title = escape(strip_tags($args->browser_title ?? $module_info->browser_title), false, true);
$args->browser_title = escape($args->browser_title ?? $module_info->browser_title, false, true);
$args->description = isset($args->description) ? escape($args->description, false) : null;
// default value