Skip to content

Commit

Permalink
Merge branch 'master' into feature/introduce-tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@mystralkk
mystralkk committed Nov 6, 2016
2 parents d7af0ea + 4f282df commit ee8b446
Show file tree
Hide file tree
Showing 24 changed files with 3,047 additions and 3,011 deletions.
33 changes: 17 additions & 16 deletions plugins/calendar/functions.inc
View file
Expand Up @@ -419,11 +419,12 @@ function plugin_savesubmission_calendar($A)
$retval = '';

$A['title'] = strip_tags(COM_checkWords($A['title']));
$A['title'] = GLText::removeUtf8Icons($A['title']);
$A['start_year'] = COM_applyFilter($A['start_year'], true);
$A['start_month'] = COM_applyFilter($A['start_month'], true);
$A['start_day'] = COM_applyFilter($A['start_day'], true);

// check for missing textfields
// check for missing text fields
if (empty($A['title']) || empty($A['start_month']) || empty($A['start_day']) || empty($A['start_year'])) {
$retval .= COM_showMessageText($LANG12[23], $LANG12[22])
. plugin_submit_calendar($A['calendar_type']);
Expand Down Expand Up @@ -472,23 +473,23 @@ function plugin_savesubmission_calendar($A)
$A['description'] = (isset($A['description']) ? $A['description'] : '');
$A['event_type'] = (isset($A['event_type']) ? $A['event_type'] : '');

if ($A['url'] == 'http://') {
if ($A['url'] === 'http://' || $A['url'] === 'https://') {
// remove default entry now to avoid false spam reports
$A['url'] = '';
}

// pseudo-formatted event description for the spam check
$spamcheck = '';
$spamCheck = '';
if (empty($A['url'])) {
$spamcheck .= $A['title'];
$spamCheck .= $A['title'];
} else {
$spamcheck .= COM_createLink($A['title'], $A['url']);
$spamCheck .= COM_createLink($A['title'], $A['url']);
}
$spamcheck .= '<br' . XHTML . '>' . $A['location'] . '<br' . XHTML . '>'
$spamCheck .= '<br' . XHTML . '>' . $A['location'] . '<br' . XHTML . '>'
. $A['address1'] . '<br' . XHTML . '>' . $A['address2']
. '<br' . XHTML . '>' . $A['city'] . ', ' . $A['zipcode']
. '<br' . XHTML . '>' . $A['description'] . '</p>';
$result = PLG_checkforSpam($spamcheck, $_CONF['spamx']);
$result = PLG_checkforSpam($spamCheck, $_CONF['spamx']);
if ($result > 0) {
COM_updateSpeedlimit('submit');
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
Expand All @@ -505,15 +506,15 @@ function plugin_savesubmission_calendar($A)

// Remove any autotags the user doesn't have permission to use
$A['description'] = PLG_replaceTags($A['description'], '', true);
$A['description'] = DB_escapeString(htmlspecialchars(COM_checkWords($A['description'])));
$A['address1'] = DB_escapeString(strip_tags(COM_checkWords($A['address1'])));
$A['address2'] = DB_escapeString(strip_tags(COM_checkWords($A['address2'])));
$A['city'] = DB_escapeString(strip_tags(COM_checkWords($A['city'])));
$A['zipcode'] = DB_escapeString(strip_tags(COM_checkWords($A['zipcode'])));
$A['state'] = DB_escapeString(strip_tags(COM_checkWords($A['state'])));
$A['location'] = DB_escapeString(strip_tags(COM_checkWords($A['location'])));
$A['event_type'] = DB_escapeString(strip_tags(COM_checkWords($A['event_type'])));
$A['title'] = DB_escapeString($A['title']);
$A['description'] = DB_escapeString(htmlspecialchars(GLText::removeUtf8Icons(COM_checkWords($A['description']))));
$A['address1'] = DB_escapeString(GLText::removeUtf8Icons(strip_tags(COM_checkWords($A['address1']))));
$A['address2'] = DB_escapeString(GLText::removeUtf8Icons(strip_tags(COM_checkWords($A['address2']))));
$A['city'] = DB_escapeString(GLText::removeUtf8Icons(strip_tags(COM_checkWords($A['city']))));
$A['zipcode'] = DB_escapeString(GLText::removeUtf8Icons(strip_tags(COM_checkWords($A['zipcode']))));
$A['state'] = DB_escapeString(GLText::removeUtf8Icons(strip_tags(COM_checkWords($A['state']))));
$A['location'] = DB_escapeString(GLText::removeUtf8Icons(strip_tags(COM_checkWords($A['location']))));
$A['event_type'] = DB_escapeString(GLText::removeUtf8Icons(strip_tags(COM_checkWords($A['event_type']))));
$A['title'] = DB_escapeString(GLText::removeUtf8Icons($A['title']));

$A['url'] = DB_escapeString(COM_sanitizeUrl($A['url']));

Expand Down
27 changes: 18 additions & 9 deletions plugins/staticpages/services.inc.php
View file
Expand Up @@ -52,9 +52,9 @@
/**
* Submit static page. The page is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @param array $args Contains all the data provided by the client
* @param string $output OUTPUT parameter containing the returned text
* @param string $svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_staticpages($args, &$output, &$svc_msg)
Expand Down Expand Up @@ -203,7 +203,7 @@ function service_submit_staticpages($args, &$output, &$svc_msg)

return PLG_RET_ERROR;
}

if (empty($args['sp_content'])) {
$svc_msg['error_desc'] = 'No content';

Expand Down Expand Up @@ -356,7 +356,7 @@ function service_submit_staticpages($args, &$output, &$svc_msg)
$sp_onlastupdate = 1;
} else {
$sp_onlastupdate = 0;
}
}
if ($sp_nf == 'on') {
$sp_nf = 1;
} else {
Expand Down Expand Up @@ -393,19 +393,28 @@ function service_submit_staticpages($args, &$output, &$svc_msg)
if ($_SP_CONF['filter_html'] == 1) {
$sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
}
$sp_content = GLText::removeUtf8Icons($sp_content);

$sp_title = strip_tags($sp_title);
$sp_title = GLText::removeUtf8Icons($sp_title);
$sp_page_title = strip_tags($sp_page_title);
$sp_page_title = GLText::removeUtf8Icons($sp_page_title);
$sp_label = strip_tags($sp_label);
$sp_label = GLText::removeUtf8Icons($sp_label);

$meta_description = strip_tags($meta_description);
$meta_description = GLText::removeUtf8Icons($meta_description);
$meta_keywords = strip_tags($meta_keywords);
$meta_keywords = GLText::removeUtf8Icons($meta_keywords);
$sp_help = GLText::removeUtf8Icons($sp_help);

$sp_content = DB_escapeString($sp_content);
$sp_title = DB_escapeString($sp_title);
$sp_page_title = DB_escapeString($sp_page_title);
$sp_label = DB_escapeString($sp_label);
$meta_description = DB_escapeString($meta_description);
$meta_keywords = DB_escapeString($meta_keywords);
$sp_help = DB_escapeString($sp_help);

// If user does not have php edit perms, then set php flag to 0.
if (($_SP_CONF['allow_php'] != 1) || !SEC_hasRights('staticpages.PHP')) {
Expand Down Expand Up @@ -499,14 +508,14 @@ function service_submit_staticpages($args, &$output, &$svc_msg)
}

// Retrieve created date
$datecreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '$sp_id'");
if ($datecreated == '') {
$datecreated = date('Y-m-d H:i:s');
$dateCreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '$sp_id'");
if ($dateCreated == '') {
$dateCreated = date('Y-m-d H:i:s');
}

DB_save($_TABLES['staticpage'], 'sp_id,sp_title,sp_page_title, sp_content,created,modified,sp_hits,sp_format,sp_onmenu,sp_onhits,sp_onlastupdate,sp_label,commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag,cache_time,owner_id,group_id,'
. 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_where,sp_inblock,postmode',
"'$sp_id','$sp_title','$sp_page_title','$sp_content','$datecreated',NOW(),$sp_hits,'$sp_format',$sp_onmenu,$sp_onhits,$sp_onlastupdate,'$sp_label','$commentcode','$meta_description','$meta_keywords',$template_flag,'$template_id',$draft_flag,$cache_time,$owner_id,$group_id,"
"'$sp_id','$sp_title','$sp_page_title','$sp_content','$dateCreated',NOW(),$sp_hits,'$sp_format',$sp_onmenu,$sp_onhits,$sp_onlastupdate,'$sp_label','$commentcode','$meta_description','$meta_keywords',$template_flag,'$template_id',$draft_flag,$cache_time,$owner_id,$group_id,"
. "$perm_owner,$perm_group,$perm_members,$perm_anon,'$sp_php','$sp_nf',$sp_centerblock,'$sp_help',$sp_where,"
. "'$sp_inblock','$postmode'");

Expand Down

0 comments on commit ee8b446

Please sign in to comment.