Skip to content

Commit

Permalink
Merge pull request from GHSA-cpxc-67rc-c775
Browse files Browse the repository at this point in the history 
fix security/advisories/GHSA-cpxc-67rc-c775
  • Loading branch information
baserproject committed Aug 25, 2020
2 parents 16a7b3c + 4acde16 commit 7f4b905
Show file tree
Hide file tree
Showing 8 changed files with 56 additions and 80 deletions.
4 changes: 2 additions & 2 deletions app/webroot/theme/admin-third/Elements/admin/content_fields.php
View file
Expand Up @@ -88,7 +88,7 @@

<div class="bca-section bca-section__post-top">
<span class="bca-post__url">
<a href="<?php echo $fullUrl ?>" class="bca-text-url" target="_blank" data-toggle="tooltip"
<a href="<?php echo h($fullUrl) ?>" class="bca-text-url" target="_blank" data-toggle="tooltip"
data-placement="top" title="<?php echo __d('baser', '公開URLを開きます') ?>"><i class="bca-icon--globe"></i><?php echo urldecode($fullUrl) ?></a>
<?php echo $this->BcForm->button('', [
'id' => 'BtnCopyUrl',
Expand Down Expand Up @@ -119,7 +119,7 @@
<?php echo $this->BcForm->error('Content.name') ?>
<?php echo $this->BcForm->error('Content.parent_id') ?>
<span class="bca-post__url">
<?php echo $linkedFullUrl ?>
<?php echo h($linkedFullUrl) ?>
</span>
</td>
</tr>
Expand Down
2 changes: 1 addition & 1 deletion app/webroot/theme/admin-third/Elements/admin/content_info.php
View file
Expand Up @@ -35,7 +35,7 @@
<li class="bca-list__item"><span><?php echo __d('baser', 'タイプ') ?></span>
<?php if(!$this->BcForm->value('Content.alias_id')): ?>
<?php if(!empty($this->BcContents->settings[$this->BcForm->value('Content.type')])): ?>
<?php echo $this->BcContents->settings[$this->BcForm->value('Content.type')]['title'] ?>
<?php echo h($this->BcContents->settings[$this->BcForm->value('Content.type')]['title']) ?>
<?php else: ?>
<?php echo __d('baser', 'デフォルト') ?>
<?php endif ?>
Expand Down
6 changes: 3 additions & 3 deletions app/webroot/theme/admin-third/Elements/admin/content_options.php
View file
Expand Up @@ -36,9 +36,9 @@
<?php echo $this->BcForm->input('Content.description', ['type' => 'textarea', 'cols' => 36, 'rows' => 4,'data-input-text-size' => 'full-counter']) ?>
<?php else: ?>
<?php if($this->BcForm->value('Content.exclude_search')): ?>
<?php echo $this->BcForm->value('Content.description') ?>
<?php echo h($this->BcForm->value('Content.description')) ?>
<?php else: ?>
<?php echo $this->BcBaser->siteConfig['description'] ?>
<?php echo h($this->BcBaser->siteConfig['description']) ?>
<?php endif ?>
<?php echo $this->BcForm->hidden('Content.description') ?>
<?php endif ?>
Expand All @@ -64,7 +64,7 @@
<small>[<?php echo __d('baser', '作成日') ?>]</small> <?php echo $this->BcForm->input('Content.created_date', ['type' => 'dateTimePicker', 'size' => 12, 'maxlength' => 10]) ?> 
<small>[<?php echo __d('baser', '更新日') ?>]</small> <?php echo $this->BcForm->input('Content.modified_date', ['type' => 'dateTimePicker', 'size' => 12, 'maxlength' => 10]) ?>
<?php else: ?>
<?php echo $this->BcText->arrayValue($this->BcForm->value('Content.author_id'), $authors) ?> 
<?php echo h($this->BcText->arrayValue($this->BcForm->value('Content.author_id'), $authors)) ?> 

<small>[<?php echo __d('baser', '作成日') ?>]</small> <?php echo $this->BcTime->format('Y/m/d H:i', $this->BcForm->value('Content.created_date')) ?> 
<small>[<?php echo __d('baser', '更新日') ?>]</small> <?php echo $this->BcTime->format('Y/m/d H:i', $this->BcForm->value('Content.modified_date')) ?>
Expand Down
6 changes: 3 additions & 3 deletions app/webroot/theme/admin-third/Elements/admin/content_related.php
View file
Expand Up @@ -72,13 +72,13 @@
<tr<?php echo $class ?> id="Row<?php echo $relatedContent['Site']['id'] ?>">
<td class="cel2 bca-table-listup__tbody-td"><?php echo h($relatedContent['Site']['display_name']) ?></td>
<td class="cel3 bca-table-listup__tbody-td">
<?php echo $this->BcText->arrayValue($relatedContent['Site']['main_site_id'], $sites, $mainSiteDisplayName) ?>
<?php echo h($this->BcText->arrayValue($relatedContent['Site']['main_site_id'], $sites, $mainSiteDisplayName)) ?>
</td>
<td class="cel4 bca-table-listup__tbody-td">
<?php if(!empty($relatedContent['Content'])): ?>
<?php echo $relatedContent['Content']['title'] ?>
<?php echo h($relatedContent['Content']['title']) ?>
<?php if(!empty($relatedContent['Content'])): ?>
<small><?php echo $this->BcContents->settings[$relatedContent['Content']['type']]['title'] ?></small>
<small><?php echo h($this->BcContents->settings[$relatedContent['Content']['type']]['title']) ?></small>
<?php endif ?>
<?php else: ?>
<small><?php echo __d('baser', '未登録')?></small>
Expand Down
4 changes: 2 additions & 2 deletions app/webroot/theme/admin-third/Elements/admin/contents/index_list_tree.php
View file
Expand Up @@ -39,7 +39,7 @@
$open = false;
if(!empty($this->BcContents->settings[$type]['icon'])) {
if(!empty($this->BcContents->settings[$type]['url']['icon'])) {
$icon = $this->BcContents->settings[$type]['url']['icon'];
$icon = $this->BcContents->settings[$type]['url']['icon'];
} else {
$icon = $this->BcContents->settings[$type]['icon'];
}
Expand Down Expand Up @@ -82,7 +82,7 @@
"manageDisabled":"<?php echo $manageDisabled ?>",
"deleteDisabled":"<?php echo $deleteDisabled ?>"
}'<?php if($open): ?> class="jstree-open"<?php endif ?>>
<span><?php echo h($data['Content']['title']) ?></span>
<?php echo h($data['Content']['title']) ?>
<?php if(!empty($data['children'])): ?>
<?php $this->BcBaser->element('admin/contents/index_list_tree', ['datas' => $data['children']]) ?>
<?php endif ?>
Expand Down
56 changes: 22 additions & 34 deletions app/webroot/theme/admin-third/js/admin/libs/jquery.bcTree.js
View file
Expand Up @@ -14,7 +14,7 @@

(function($){
$.bcTree = {

/**
* リンクをクリックする際にShiftキーを押しているかどうか
*/
Expand All @@ -31,12 +31,12 @@
contextmenuAddOnly: false,

/**
* 設定 BcManageContent より値を取得
* 設定 BcManageContent より値を取得
*/
settings: [],

/**
* ドラッグターゲット
* ドラッグターゲット
*/
dropTarget: null,

Expand All @@ -46,17 +46,17 @@
dragTarget: null,

/**
* ツリー構造のDOM(jQueryオブジェクト)
* ツリー構造のDOM(jQueryオブジェクト)
*/
treeDom: null,

/**
* jsTree実体
* jsTree実体
*/
jsTree: null,

/**
* 一覧を表示した時間
* 一覧を表示した時間
*/
listDisplayed: null,

Expand All @@ -67,7 +67,7 @@

/**
* ノードを移動する場合の直前のポジション
*/
*/
beforePosition: null,

/**
Expand Down Expand Up @@ -97,7 +97,7 @@
},

/**
* ツリーを読み込む
* ツリーを読み込む
*/
load: function () {
if(!$.bcTree._inited) {
Expand Down Expand Up @@ -136,15 +136,15 @@
},

/**
* ツリーを初期化する
* ツリーを初期化する
*/
_init: function() {

$.bcTree.settings = $.parseJSON($("#BcManageContent").val());
$.bcTree.treeDom = $('#ContentsTreeList');
$.bcTree.createTree();
$.bcTree.jsTree = $.bcTree.treeDom.jstree(true);

$.bcTree.jsTree.settings.core.force_text = true;
$.bcTree.treeDom.bind("move_node.jstree", function(e, data){
$.bcTree.beforeParentId = data.old_parent;
$.bcTree.beforePosition = data.old_position;
Expand Down Expand Up @@ -176,7 +176,7 @@
} else {
$.bcTree.openUrl($.baseUrl + '/' + $.bcTree.config.adminPrefix + '/contents/edit_alias/' + data.contentId);
}
}
}
}
});

Expand Down Expand Up @@ -212,7 +212,7 @@
},

/**
* ツリーを破棄する
* ツリーを破棄する
*/
destroy: function() {
if($.bcTree.treeDom) {
Expand All @@ -235,7 +235,7 @@
},

/**
* ツリー構造を生成する
* ツリー構造を生成する
*/
createTree: function() {
// ツリービュー生成
Expand Down Expand Up @@ -282,7 +282,7 @@
},
"state": {
"key": 'jstree-' + $("#ViewSettingSiteId").val(),
"events": "open_all.jstree close_all.jstree changed.jstree open_node.jstree close_node.jstree check_node.jstree uncheck_node.jstree"
"events": "open_all.jstree close_all.jstree changed.jstree open_node.jstree close_node.jstree check_node.jstree uncheck_node.jstree"
},
"contextmenu": {
"show_at_node": false,
Expand Down Expand Up @@ -601,7 +601,7 @@
}
} else {
if(!val.addDisabled) {
addMenu['Etc']['submenu'][i] = $.bcTree.createMenu(val, parent, data, counter);
addMenu['Etc']['submenu'][i] = $.bcTree.createMenu(val, parent, data, counter);
}
}
counter++;
Expand Down Expand Up @@ -693,7 +693,7 @@
// TODO D&Dの際、子コンテンツのURLを返却し全てのコンテンツの確認ができるようにする
// =====================================================================================================
if(disableCheck) {
node.data.jstree.contentFullUrl = false;
node.data.jstree.contentFullUrl = false;
}

$(this).find('div.jstree-wholerow').each(function(){
Expand Down Expand Up @@ -1076,22 +1076,10 @@
if (first === undefined) {
first = false;
}
var oldTitle = defaultTitle
.replace(/^<span>/, '')
.replace(/<\/span>$/, '')
.replace(/&amp;/g, '&')
.replace(/&quot;/g, '"')
.replace(/&#039;/g, "'")
.replace(/&lt;/g, '<')
.replace(/&gt;/g, '>');
var oldTitle = defaultTitle;
$.bcTree.jsTree.edit(node, oldTitle, function (editNode) {
var newTitle = editNode.text;
$.bcTree.jsTree.rename_node(editNode, newTitle.replace(/&/g,'&amp;')
.replace(/"/g,'&quot;')
.replace(/'/g,'&#039;')
.replace(/</g,'&lt;')
.replace(/>/g,'&gt;')
);
$.bcTree.jsTree.rename_node(editNode, newTitle);
if (oldTitle === newTitle) {
return false;
}
Expand Down Expand Up @@ -1161,7 +1149,7 @@

/**
* コンテンツを並び替える
*
*
* @param e
* @param data
*/
Expand Down Expand Up @@ -1253,7 +1241,7 @@

/**
* 外部よりメニューを表示する
*
*
* @param e
* @returns {boolean}
*/
Expand All @@ -1270,7 +1258,7 @@

/**
* Shift / Ctrl キーの押印状態を更新する
*
*
* @param e
*/
updateShiftAndCtrlOnAnchor: function(e) {
Expand All @@ -1293,4 +1281,4 @@
}

};
})(jQuery);
})(jQuery);
2 changes: 1 addition & 1 deletion lib/Baser/View/Elements/admin/contents/index_list_tree.php
View file
Expand Up @@ -74,7 +74,7 @@
"manageDisabled":"<?php echo $manageDisabled ?>",
"deleteDisabled":"<?php echo $deleteDisabled ?>"
}'<?php if($open): ?> class="jstree-open"<?php endif ?>>
<span><?php echo h($data['Content']['title']) ?></span>
<?php echo h($data['Content']['title']) ?>
<?php if(!empty($data['children'])): ?>
<?php $this->BcBaser->element('admin/contents/index_list_tree', ['datas' => $data['children']]) ?>
<?php endif ?>
Expand Down

0 comments on commit 7f4b905

Please sign in to comment.