From 068c567b3da56543672123c5c9ebd248ae80e3c5 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sat, 16 Oct 2021 19:17:00 -0400 Subject: [PATCH] Move server block list HTML escaping to templating --- src/Module/Admin/Blocklist/Server.php | 13 ++++++++----- view/templates/friendica.tpl | 12 ++++++------ 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/src/Module/Admin/Blocklist/Server.php b/src/Module/Admin/Blocklist/Server.php index de31134db6..0bd195317c 100644 --- a/src/Module/Admin/Blocklist/Server.php +++ b/src/Module/Admin/Blocklist/Server.php @@ -40,20 +40,23 @@ class Server extends BaseAdmin if (!empty($_POST['page_blocklist_save'])) { // Add new item to blocklist + $domain = trim($_POST['newentry_domain']); + $blocklist = DI::config()->get('system', 'blocklist'); $blocklist[] = [ - 'domain' => Strings::escapeTags(trim($_POST['newentry_domain'])), - 'reason' => Strings::escapeTags(trim($_POST['newentry_reason'])) + 'domain' => $domain, + 'reason' => trim($_POST['newentry_reason']), ]; DI::config()->set('system', 'blocklist', $blocklist); + info(DI::l10n()->t('Server domain pattern added to blocklist.')); } else { // Edit the entries from blocklist $blocklist = []; foreach ($_POST['domain'] as $id => $domain) { // Trimming whitespaces as well as any lingering slashes - $domain = Strings::escapeTags(trim($domain, "\x00..\x1F/")); - $reason = Strings::escapeTags(trim($_POST['reason'][$id])); + $domain = trim($domain); + $reason = trim($_POST['reason'][$id]); if (empty($_POST['delete'][$id])) { $blocklist[] = [ 'domain' => $domain, @@ -97,7 +100,7 @@ class Server extends BaseAdmin '), '$addtitle' => DI::l10n()->t('Add new entry to block list'), '$newdomain' => ['newentry_domain', DI::l10n()->t('Server Domain Pattern'), '', DI::l10n()->t('The domain pattern of the new server to add to the block list. Do not include the protocol.'), DI::l10n()->t('Required'), '', ''], - '$newreason' => ['newentry_reason', DI::l10n()->t('Block reason'), '', DI::l10n()->t('The reason why you blocked this server domain pattern.'), DI::l10n()->t('Required'), '', ''], + '$newreason' => ['newentry_reason', DI::l10n()->t('Block reason'), '', DI::l10n()->t('The reason why you blocked this server domain pattern. This reason will be shown publicly in the server information page.'), DI::l10n()->t('Required'), '', ''], '$submit' => DI::l10n()->t('Add Entry'), '$savechanges' => DI::l10n()->t('Save changes to the blocklist'), '$currenttitle' => DI::l10n()->t('Current Entries in the Blocklist'), diff --git a/view/templates/friendica.tpl b/view/templates/friendica.tpl index f890a58a95..25f1d2b64b 100644 --- a/view/templates/friendica.tpl +++ b/view/templates/friendica.tpl @@ -12,7 +12,7 @@

{{$visible_addons.title nofilter}}

{{if $visible_addons.list}} -
{{$visible_addons.list nofilter}}
+
{{$visible_addons.list}}
{{/if}} {{if $tos}} @@ -21,20 +21,20 @@ {{if $block_list}}
-

{{$block_list.title nofilter}}

+

{{$block_list.title}}


- - + + {{foreach $block_list.list as $blocked}} - - + + {{/foreach}}
{{$block_list.header[0] nofilter}}{{$block_list.header[1] nofilter}}{{$block_list.header[0]}}{{$block_list.header[1]}}
{{$blocked.domain nofilter}}{{$blocked.reason nofilter}}{{$blocked.domain}}{{$blocked.reason}}