Skip to content

Commit

Permalink
Merge pull request #11927 from aembler/misc-fixes-020524
Browse files Browse the repository at this point in the history
Misc fixes 020524
  • Loading branch information
aembler committed Feb 5, 2024
2 parents 33eeca5 + fbde943 commit 59a0747
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 20 deletions.
10 changes: 5 additions & 5 deletions concrete/controllers/backend/file.php
Original file line number Diff line number Diff line change
Expand Up @@ -790,15 +790,15 @@ protected function checkRemoteURlsToImport(array $urls)
try {
$url = Url::createFromUrl($u);
} catch (RuntimeException $x) {
throw new UserMessageException(t('The URL "%s" is not valid: %s', $u, $x->getMessage()));
throw new UserMessageException(h(t('The URL "%s" is not valid: %s', $u, $x->getMessage())));
}
$scheme = (string)$url->getScheme();
if ($scheme === '') {
throw new UserMessageException(t('The URL "%s" is not valid.', $u));
throw new UserMessageException(h(t('The URL "%s" is not valid.', $u)));
}
$host = trim((string)$url->getHost());
if (in_array(strtolower($host), ['', '0', 'localhost'], true)) {
throw new UserMessageException(t('The URL "%s" is not valid.', $u));
throw new UserMessageException(h(t('The URL "%s" is not valid.', $u)));
}

// If we've already validated this hostname just skip it.
Expand All @@ -813,7 +813,7 @@ protected function checkRemoteURlsToImport(array $urls)

foreach ($ipFormatBlocks as $block) {
if (preg_match($block, $host) !== 0) {
throw new UserMessageException(t('The URL "%s" is not valid.', $u));
throw new UserMessageException(h(t('The URL "%s" is not valid.', $u)));
}
}

Expand All @@ -828,7 +828,7 @@ protected function checkRemoteURlsToImport(array $urls)
}

if ($ip !== null && $ip->getRangeType() !== IPRangeType::T_PUBLIC) {
throw new UserMessageException(t('The URL "%s" is not valid.', $u));
throw new UserMessageException(h(t('The URL "%s" is not valid.', $u)));
}

$validIps[$host] = $ip->toString();
Expand Down
6 changes: 3 additions & 3 deletions concrete/elements/groups/roles_list.php
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@
<input type="hidden" name="roles[<%=id%>][id]" value="<%=id%>" />

<td>
<input type="text" name="roles[<%=id%>][name]" value="<%=name%>" class="form-control ccm-role-name"
<input type="text" name="roles[<%=id%>][name]" value="<%-name%>" class="form-control ccm-role-name"
placeholder="<?php echo t("Please enter a role name..."); ?>"/>
</td>

Expand Down Expand Up @@ -162,13 +162,13 @@

var addRole = function (role) {
$rolesContainer.find("tbody").append(_.template($("#ccm-roles-row").html())(role));
$rolesContainer.find("select[name=defaultRole]").append($("<option/>").attr("value", role.id).html(role.name));
$rolesContainer.find("select[name=defaultRole]").append($("<option/>").attr("value", role.id).text(role.name));

var $row = $("#ccm-row-" + role.id);

$row.find(".ccm-role-name").change(function () {
var $option = $rolesContainer.find("select[name=defaultRole] option[value=" + role.id + "]");
$option.html($(this).val());
$option.text($(this).val());
});

$row.find(".ccm-remove-role").click(function () {
Expand Down
6 changes: 3 additions & 3 deletions concrete/views/dialogs/file/properties.php
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,15 @@
<legend><?= t('Basic Information'); ?></legend>
<div class="form-group">
<?= $form->label('title', t('Title')); ?>
<?= $form->text('title', $file->getTitle()); ?>
<?= $form->text('title', h($file->getTitle())); ?>
</div>
<div class="form-group">
<?= $form->label('description', t('Description')); ?>
<?= $form->textarea('description', $file->getDescription()); ?>
<?= $form->textarea('description', h($file->getDescription())); ?>
</div>
<div class="form-group">
<?= $form->label('tags', t('Tags')); ?>
<?= $form->textarea('tags', $file->getTags()); ?>
<?= $form->textarea('tags', h($file->getTags())); ?>
</div>
</fieldset>
<fieldset>
Expand Down
18 changes: 9 additions & 9 deletions tests/tests/Controller/Backend/FileTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -52,12 +52,12 @@ public function remoteUrlsToTry(): iterable
$integer = '2130706433';

// Test hexadecimal IPs get caught as local
yield ['https://' . $simpleIp, UserMessageException::class, '/The URL ".+?" is not valid./'];
yield ['https://' . $hex, UserMessageException::class, '/The URL ".+?" is not valid./'];
yield ['https://' . $octal, UserMessageException::class, '/The URL ".+?" is not valid./'];
yield ['https://' . $octal2, UserMessageException::class, '/The URL ".+?" is not valid./'];
yield ['https://' . $octal3, UserMessageException::class, '/The URL ".+?" is not valid./'];
yield ['https://' . $integer, UserMessageException::class, '/The URL ".+?" is not valid./'];
yield ['https://' . $simpleIp, UserMessageException::class, '/The URL &quot;.+?&quot; is not valid./'];
yield ['https://' . $hex, UserMessageException::class, '/The URL &quot;.+?&quot; is not valid./'];
yield ['https://' . $octal, UserMessageException::class, '/The URL &quot;.+?&quot; is not valid./'];
yield ['https://' . $octal2, UserMessageException::class, '/The URL &quot;.+?&quot; is not valid./'];
yield ['https://' . $octal3, UserMessageException::class, '/The URL &quot;.+?&quot; is not valid./'];
yield ['https://' . $integer, UserMessageException::class, '/The URL &quot;.+?&quot; is not valid./'];

// Remote IP
$simpleIp = '8.8.8.8';
Expand All @@ -69,11 +69,11 @@ public function remoteUrlsToTry(): iterable

// Test hexadecimal IPs get caught as local
yield ['http://' . $simpleIp]; // This is allowed because it's an external IP
yield ['http://' . $hex, UserMessageException::class, '/The URL ".+?" is not valid./'];
yield ['http://' . $hex, UserMessageException::class, '/The URL &quot;.+?&quot; is not valid./'];
yield ['http://' . $octal]; // This form is allowed because it at least converts properly in ip-lib
yield ['http://' . $octal2]; // Same as the first octal
yield ['http://' . $octal3, UserMessageException::class, '/The URL ".+?" is not valid./'];
yield ['http://' . $integer, UserMessageException::class, '/The URL ".+?" is not valid./'];
yield ['http://' . $octal3, UserMessageException::class, '/The URL &quot;.+?&quot; is not valid./'];
yield ['http://' . $integer, UserMessageException::class, '/The URL &quot;.+?&quot; is not valid./'];
}

}
Expand Down

0 comments on commit 59a0747

Please sign in to comment.