Skip to content

Commit

Permalink
refactor: improved codebase, added more escaping
Browse files Browse the repository at this point in the history
  • Loading branch information
@thorsten
thorsten committed Mar 21, 2024
1 parent b6a080f commit c0edbb7
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 29 deletions.
52 changes: 27 additions & 25 deletions phpmyfaq/admin/assets/src/content/markdown.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
*
* @package phpMyFAQ
* @author Thorsten Rinne <thorsten@phpmyfaq.de>
* @copyright 2023 phpMyFAQ Team
* @copyright 2023-2024 phpMyFAQ Team
* @license https://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
* @link https://www.phpmyfaq.de
* @since 2023-03-05
Expand All @@ -21,7 +21,7 @@ export const handleMarkdownForm = () => {
// Store the height of the textarea
if (answer) {
if (answerHeight !== 'undefined') {
answer.style.height = parseInt(answerHeight);
answer.style.height = answerHeight;
}

answer.addEventListener('mouseup', (event) => {
Expand All @@ -33,33 +33,35 @@ export const handleMarkdownForm = () => {
if (markdownTabs) {
const tab = document.querySelector('a[data-markdown-tab="preview"]');

tab.addEventListener('shown.bs.tab', (event) => {
tab.addEventListener('shown.bs.tab', async () => {
const preview = document.getElementById('markdown-preview');
preview.style.height = answer.style.height;

fetch(window.location.pathname + 'api/content/markdown', {
method: 'POST',
headers: {
Accept: 'application/json, text/plain, */*',
'Content-Type': 'application/json',
},
body: JSON.stringify({
text: answer.value,
}),
})
.then(async (response) => {
if (response.ok) {
return response.json();
}
throw new Error('Network response was not ok: ', { cause: { response } });
})
.then((response) => {
preview.innerHTML = response.success;
})
.catch(async (error) => {
const errorMessage = await error.cause.response.json();
console.error(errorMessage);
try {
const response = await fetch(window.location.pathname + 'api/content/markdown', {
method: 'POST',
headers: {
Accept: 'application/json, text/plain, */*',
'Content-Type': 'application/json',
},
body: JSON.stringify({
text: answer.value,
}),
});

if (!response.ok) {
throw new Error('Network response was not ok');
}

const responseData = await response.json();
preview.innerHTML = responseData.success;
} catch (error) {
if (error instanceof Error) {
console.error(error);
} else {
console.error('Unknown error:', error);
}
}
});
}
};
2 changes: 1 addition & 1 deletion phpmyfaq/src/phpMyFAQ/Rating.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@ public function check(int $id, string $ip): bool
"SELECT id FROM %sfaqvoting WHERE artikel = %d AND (ip = '%s' AND datum > '%s')",
Database::getTablePrefix(),
$id,
$ip,
$this->configuration->getDb()->escape($ip),
$check
);
return !$this->configuration->getDb()->numRows($this->configuration->getDb()->query($query));
Expand Down
6 changes: 3 additions & 3 deletions phpmyfaq/src/phpMyFAQ/StopWords.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ public function update(int $id, string $word): bool
$sql = sprintf(
$sql,
$this->getTableName(),
$word,
$this->configuration->getDb()->escape($word),
$id,
$this->language
);
Expand Down Expand Up @@ -118,7 +118,7 @@ public function match(string $word): bool
$sql = sprintf(
"SELECT id FROM %s WHERE LOWER(stopword) = LOWER('%s') AND lang = '%s'",
$this->getTableName(),
$word,
$this->configuration->getDb()->escape($word),
$this->language
);

Expand All @@ -139,7 +139,7 @@ public function getByLang(string $lang = null, bool $wordsOnly = false): array
$sql = sprintf(
"SELECT id, lang, LOWER(stopword) AS stopword FROM %s WHERE lang = '%s'",
$this->getTableName(),
$lang
$this->configuration->getDb()->escape($lang)
);

$result = $this->configuration->getDb()->query($sql);
Expand Down

0 comments on commit c0edbb7

Please sign in to comment.