Permalink
Browse files

Improved HTML filtering for links.

  • Loading branch information...
corpsee committed Sep 14, 2018
1 parent ab6ba82 commit fa6dd34c458de61dc4e757d33fc726ffee00f13b
View
@@ -72,6 +72,7 @@
"pda/pheanstalk": "~3.1.0",
"guzzlehttp/guzzle": "~6.2.0",
"jasongrimes/paginator": "~1.0.0",
"voku/anti-xss": "~2.3.1",
"phpunit/phpunit": "~5.7.0",
"codeception/codeception": "~2.3.0",
"phpmd/phpmd": "~2.6.0",
View
@@ -0,0 +1,29 @@
<?php
namespace PHPCensor\Helper;
use voku\helper\AntiXSS;
class Template
{
/**
* @var AntiXSS
*/
static protected $antiXss = null;
/**
* @param string $string
*
* @return string
*/
static public function clean($string)
{
if (self::$antiXss === null) {
self::$antiXss = new AntiXSS();
}
$antiXss = self::$antiXss;
return $antiXss->xss_clean($string);
}
}
@@ -3,6 +3,7 @@
use PHPCensor\Helper\Lang;
use PHPCensor\Model\Build;
use PHPCensor\Model\BuildError;
use PHPCensor\Helper\Template;
/**
* @var Build $build
@@ -42,6 +43,6 @@ foreach ($errors as $error):
?>
</a>
</td>
<td class="visible-line-breaks"><?= htmlspecialchars(trim($error->getMessage())); ?></td>
<td class="visible-line-breaks"><?= Template::clean(trim($error->getMessage())); ?></td>
</tr>
<?php endforeach; ?>
@@ -3,6 +3,7 @@
use PHPCensor\Helper\Lang;
use PHPCensor\Model\Build;
use PHPCensor\Model\BuildError;
use PHPCensor\Helper\Template;
/**
* @var Build $build
@@ -120,7 +121,7 @@ use PHPCensor\Model\BuildError;
<tr>
<th><?= Lang::get('commit_message'); ?></th>
<td style="text-align: right">
<?= htmlspecialchars($build->getCommitMessage()); ?>
<?= Template::clean($build->getCommitMessage()); ?>
</td>
</tr>
</table>
@@ -1,4 +1,8 @@
<?php if (!empty($latest)): ?>
<?php
use PHPCensor\Helper\Template;
if (!empty($latest)): ?>
<?php
@@ -32,7 +36,7 @@
<?= $latest->getProject()->getTitle(); ?> #<?= $latest->getId(); ?> (<?= $statusText; ?>)
</h3>
<p>
<?php $latestCommitMessage = htmlspecialchars($latest->getCommitMessage()); ?>
<?php $latestCommitMessage = Template::clean($latest->getCommitMessage()); ?>
<?php if ($latestCommitMessage): ?>
<?= $latestCommitMessage; ?><br /><br />
<?php endif; ?>
@@ -1,10 +1,11 @@
<?php
use PHPCensor\Helper\AnsiConverter;
use PHPCensor\Helper\Template;
?>
<p style="margin: 10px; background: #fafafa">
<?= htmlspecialchars($build->getCommitMessage()); ?>
<?= Template::clean($build->getCommitMessage()); ?>
</p>
<pre class="ansi_color_bg_black ansi_color_fg_white" style="padding: 4px">
<?= AnsiConverter::convert($build->getLog()); ?>
@@ -1,3 +1,8 @@
<?php
use PHPCensor\Helper\Template;
?>
<p style="margin: 10px; background: #fafafa">
<?= htmlspecialchars($build->getCommitMessage()); ?>
<?= Template::clean($build->getCommitMessage()); ?>
</p>
@@ -1,6 +1,7 @@
<?php
use PHPCensor\Helper\Lang;
use PHPCensor\Helper\Template;
$currentUser = $this->getUser();
@@ -50,7 +51,7 @@ $currentUser = $this->getUser();
<?= $user->getEmail(); ?>
<?php endif; ?>
</td>
<td><?= htmlspecialchars($user->getName()); ?></td>
<td><?= Template::clean($user->getName()); ?></td>
<td><?= $status; ?></td>
<td>
<div class="btn-group btn-group-right">
@@ -2,6 +2,7 @@
use PHPCensor\Helper\Lang;
use PHPCensor\Model\Build;
use PHPCensor\Helper\Template;
/**
* @var Build[] $builds
@@ -115,7 +116,7 @@ use PHPCensor\Model\Build;
substr($build->getCommitId(), 0, 7),
$build->getCommitterEmail() ? ('(' . $build->getCommitterEmail() . ')') : ''
);
$buildCommitMessage = htmlspecialchars($build->getCommitMessage());
$buildCommitMessage = Template::clean($build->getCommitMessage());
if ($buildCommitMessage) {
echo '</p><p>';
echo $buildCommitMessage;

0 comments on commit fa6dd34

Please sign in to comment.