Skip to content

Commit

Permalink
Fixed issue #09655: Less Then operator yields rendering error
Browse files Browse the repository at this point in the history 
Dev: purify HTML leaving only EM class, span and a.
Dev: Maybe an EM function ?
  • Loading branch information
@Shnoulle
Shnoulle committed Jun 11, 2015
1 parent 2e2e37b commit 95d019c
Show file tree
Hide file tree
Showing 4 changed files with 63 additions and 46 deletions.
63 changes: 26 additions & 37 deletions application/helpers/expressions/em_core_helper.php
View file
Expand Up @@ -1532,43 +1532,22 @@ public function GetPrettyPrintString()
$descriptor .= ': ';
}

if (version_compare(phpversion(), "5.2.3")>=0)
$messages[] = $descriptor . htmlspecialchars($question,ENT_QUOTES,'UTF-8',false);
if ($ansList != '')
{
// 4th parameter to htmlspecialchars only became available in PHP version 5.2.3
$messages[] = $descriptor . htmlspecialchars($question,ENT_QUOTES,'UTF-8',false);
if ($ansList != '')
{
$messages[] = htmlspecialchars($ansList,ENT_QUOTES,'UTF-8',false);
}
if ($code != '') {
if ($token[2] == 'SGQA' && preg_match('/^INSERTANS:/',$token[0])) {
$shown = $this->GetVarAttribute($token[0], 'shown', '');
$messages[] = 'value=[' . htmlspecialchars($code,ENT_QUOTES,'UTF-8',false) . '] '
. htmlspecialchars($shown,ENT_QUOTES,'UTF-8',false);
}
else {
$messages[] = 'value=' . htmlspecialchars($code,ENT_QUOTES,'UTF-8',false);
}
}
$messages[] = htmlspecialchars($ansList,ENT_QUOTES,'UTF-8',false);
}
else
{
$messages[] = $descriptor . htmlspecialchars($question,ENT_QUOTES,'UTF-8');
if ($ansList != '')
{
$messages[] = htmlspecialchars($ansList,ENT_QUOTES,'UTF-8');
if ($code != '') {
if ($token[2] == 'SGQA' && preg_match('/^INSERTANS:/',$token[0])) {
$shown = $this->GetVarAttribute($token[0], 'shown', '');
$messages[] = 'value=[' . htmlspecialchars($code,ENT_QUOTES,'UTF-8',false) . '] '
. htmlspecialchars($shown,ENT_QUOTES,'UTF-8',false);
}
if ($code != '') {
if ($token[2] == 'SGQA' && preg_match('/^INSERTANS:/',$token[0])) {
$shown = $this->GetVarAttribute($token[0], 'shown', '');
$messages[] = 'value=[' . htmlspecialchars($code,ENT_QUOTES,'UTF-8') . '] '
. htmlspecialchars($shown,ENT_QUOTES,'UTF-8');
}
else {
$messages[] = 'value=' . htmlspecialchars($code,ENT_QUOTES,'UTF-8');
}
else {
$messages[] = 'value=' . htmlspecialchars($code,ENT_QUOTES,'UTF-8',false);
}
}

if ($this->groupSeq == -1 || $groupSeq == -1 || $questionSeq == -1 || $this->questionSeq == -1) {
$class = 'em-var-static';
}
Expand All @@ -1589,12 +1568,15 @@ public function GetPrettyPrintString()
$message = implode('; ',$messages);
$message = str_replace(array('{','}'), array('{ ', ' }'), $message);

$stringParts[] = "<span title='" . $message . "' class='em-var {$class}'";
if ($this->hyperlinkSyntaxHighlighting && isset($gid) && isset($qid) && $qid>0) {
if ($this->hyperlinkSyntaxHighlighting && isset($gid) && isset($qid) && $qid>0)
{
$editlink = Yii::app()->getController()->createUrl('admin/survey/sa/view/surveyid/' . $this->sid . '/gid/' . $gid . '/qid/' . $qid);
$stringParts[] = " data-link='{$editlink}'";
$stringParts[] = "<a title='{$message}' class='em-var {$class}' href='{$editlink}' >";
}
else
{
$stringParts[] = "<span title='" . $message . "' class='em-var {$class}' >";
}
$stringParts[] = ">";
if ($this->sgqaNaming)
{
$sgqa = substr($jsName,4);
Expand All @@ -1609,7 +1591,14 @@ public function GetPrettyPrintString()
{
$stringParts[] = $displayName;
}
$stringParts[] = "</span>";
if ($this->hyperlinkSyntaxHighlighting && isset($gid) && isset($qid) && $qid>0)
{
$stringParts[] = "</a>";
}
else
{
$stringParts[] = "</span>";
}
}
break;
case 'ASSIGN':
Expand Down
29 changes: 29 additions & 0 deletions application/helpers/viewHelper.php
View file
Expand Up @@ -225,4 +225,33 @@ public static function purified($sHtml){
$oPurifier = new CHtmlPurifier();
return $oPurifier->purify($sHtml);
}
/**
* Show clean string, leaving ONLY tag for Expression
* @param string : Html to clean
* @return string
*/
public static function stripTagsEM($sHtml)
{
$oPurifier = new CHtmlPurifier();
$oPurifier->options = array(
'HTML.Allowed'=>'span[title|class],a[class|title|href]',
'Attr.AllowedClasses'=>array(
'em-expression',
'em-haveerror',
'em-var-string',
'em-function',
'em-var-static',
'em-var-before',
'em-var-after',
'em-var-inpage',
'em-var-error',
'.em-error',
),
'URI.AllowedSchemes'=>array( // Maybe only local ?
'http' => true,
'https' => true,
)
);
return $oPurifier->purify($sHtml);
}
}
8 changes: 4 additions & 4 deletions application/views/admin/survey/Question/questionbar_view.php
View file
Expand Up @@ -163,15 +163,15 @@
<tr><td><strong>
<?php eT("Question:"); ?></strong></td><td>
<?php
templatereplace(FlattenText($qrrow['question']),array(),$aReplacementData,'Unspecified', false ,$qid);
echo LimeExpressionManager::GetLastPrettyPrintExpression();
templatereplace($qrrow['question'],array(),$aReplacementData,'Unspecified', false ,$qid);
echo viewHelper::stripTagsEM(LimeExpressionManager::GetLastPrettyPrintExpression());
?></td></tr>
<tr><td><strong>
<?php eT("Help:"); ?></strong></td><td>
<?php
if (trim($qrrow['help'])!=''){
templatereplace(FlattenText($qrrow['help']),array(),$aReplacementData,'Unspecified', false ,$qid);
echo LimeExpressionManager::GetLastPrettyPrintExpression();
templatereplace($qrrow['help'],array(),$aReplacementData,'Unspecified', false ,$qid);
echo viewHelper::stripTagsEM(LimeExpressionManager::GetLastPrettyPrintExpression());
} ?>
</td></tr>
<?php if ($qrrow['preg'])
Expand Down
9 changes: 4 additions & 5 deletions scripts/admin/expression.js
View file
Expand Up @@ -2,11 +2,10 @@
* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GNU/GPL License v2 or later
*/
$(document).ready(function(){
// Open the link if there are data-link
$('[data-link]').on('click',function(){
window.open($(this).data('link'));
});
// Tooltip inside em-var
$(".em-expression").tooltip();
});

$(document).on('click','.em-expression a',function(e){
e.preventDefault();
window.open($(this).attr('href'));
});

0 comments on commit 95d019c

Please sign in to comment.