kiduc
/
bibiuc.com
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 59 Wiki Activity
Browse Source

Make sure to return htmlspecialchars

pull/436/head
danpros 4 years ago
parent
c069ecfdb9
commit
665ad9aa83
5 changed files with 29 additions and 30 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -17
      system/admin/views/config-custom.html.php
  2. +1
    -1
      system/admin/views/config-metatags.html.php
  3. +7
    -7
      system/admin/views/config-widget.html.php
  4. +5
    -5
      system/admin/views/config.html.php
  5. +15
    -0
      system/includes/functions.php

+ 1
- 17
system/admin/views/config-custom.html.php View File

@ -23,26 +23,10 @@
</tr> </tr>
<?php <?php
global $config_file; global $config_file;
$array = array(
"google.wmt" => "hallo",
);
$array = array();
if (file_exists($config_file)) { if (file_exists($config_file)) {
$array = parse_ini_file($config_file, true); $array = parse_ini_file($config_file, true);
} }
function valueMaker($value)
{
if (is_string($value))
return htmlspecialchars($value);
if ($value === true)
return "true";
if ($value === false)
return "false";
if ($value == false)
return "0";
return (string)$value;
}
$configList = json_decode(file_get_contents('content/data/configList.json', true)); $configList = json_decode(file_get_contents('content/data/configList.json', true));
foreach ($array as $key => $value) { foreach ($array as $key => $value) {
if (!in_array($key, $configList)) { if (!in_array($key, $configList)) {


+ 1
- 1
system/admin/views/config-metatags.html.php View File

@ -1,4 +1,4 @@
<?php
<?php
global $config_file; global $config_file;
$array = array(); $array = array();
if (file_exists($config_file)) { if (file_exists($config_file)) {


+ 7
- 7
system/admin/views/config-widget.html.php View File

@ -82,13 +82,13 @@
<div class="form-group row"> <div class="form-group row">
<label for="disqus.shortname" class="col-sm-2 col-form-label">Disqus shortname</label> <label for="disqus.shortname" class="col-sm-2 col-form-label">Disqus shortname</label>
<div class="col-sm-10"> <div class="col-sm-10">
<input type="text" name="-config-disqus.shortname" class="form-control" id="disqus.shortname" value="<?php echo config('disqus.shortname');?>" placeholder="htmly">
<input type="text" name="-config-disqus.shortname" class="form-control" id="disqus.shortname" value="<?php echo valueMaker(config('disqus.shortname'));?>" placeholder="htmly">
</div> </div>
</div> </div>
<div class="form-group row"> <div class="form-group row">
<label for="fb.appid" class="col-sm-2 col-form-label">Facebook App ID</label> <label for="fb.appid" class="col-sm-2 col-form-label">Facebook App ID</label>
<div class="col-sm-10"> <div class="col-sm-10">
<input type="text" name="-config-fb.appid" class="form-control" id="fb.appid" value="<?php echo config('fb.appid');?>" placeholder="12345abcde">
<input type="text" name="-config-fb.appid" class="form-control" id="fb.appid" value="<?php echo valueMaker(config('fb.appid'));?>" placeholder="12345abcde">
</div> </div>
</div> </div>
<br> <br>
@ -117,13 +117,13 @@
<div class="form-group row"> <div class="form-group row">
<label for="google.reCaptcha.public" class="col-sm-2 col-form-label">Site Key</label> <label for="google.reCaptcha.public" class="col-sm-2 col-form-label">Site Key</label>
<div class="col-sm-10"> <div class="col-sm-10">
<input type="text" name="-config-google.reCaptcha.public" class="form-control" id="google.reCaptcha.public" value="<?php echo config('google.reCaptcha.public');?>" placeholder="12345abcde">
<input type="text" name="-config-google.reCaptcha.public" class="form-control" id="google.reCaptcha.public" value="<?php echo valueMaker(config('google.reCaptcha.public'));?>" placeholder="12345abcde">
</div> </div>
</div> </div>
<div class="form-group row"> <div class="form-group row">
<label for="google.reCaptcha.private" class="col-sm-2 col-form-label">Secret Key</label> <label for="google.reCaptcha.private" class="col-sm-2 col-form-label">Secret Key</label>
<div class="col-sm-10"> <div class="col-sm-10">
<input type="text" name="-config-google.reCaptcha.private" class="form-control" id="google.reCaptcha.private" value="<?php echo config('google.reCaptcha.private');?>" placeholder="12345abcde">
<input type="text" name="-config-google.reCaptcha.private" class="form-control" id="google.reCaptcha.private" value="<?php echo valueMaker(config('google.reCaptcha.private'));?>" placeholder="12345abcde">
</div> </div>
</div> </div>
<br> <br>
@ -132,20 +132,20 @@
<div class="form-group row"> <div class="form-group row">
<label for="google.gtag.id" class="col-sm-2 col-form-label">Universal Analytics (gtag.js)</label> <label for="google.gtag.id" class="col-sm-2 col-form-label">Universal Analytics (gtag.js)</label>
<div class="col-sm-10"> <div class="col-sm-10">
<input type="text" name="-config-google.gtag.id" class="form-control" id="google.gtag.id" value="<?php echo config('google.gtag.id');?>" placeholder="12345abcde">
<input type="text" name="-config-google.gtag.id" class="form-control" id="google.gtag.id" value="<?php echo valueMaker(config('google.gtag.id'));?>" placeholder="12345abcde">
</div> </div>
</div> </div>
<div class="form-group row"> <div class="form-group row">
<label for="google.analytics.id" class="col-sm-2 col-form-label">Google Analytics (legacy)</label> <label for="google.analytics.id" class="col-sm-2 col-form-label">Google Analytics (legacy)</label>
<div class="col-sm-10"> <div class="col-sm-10">
<input type="text" name="-config-google.analytics.id" class="form-control" id="google.analytics.id" value="<?php echo config('google.analytics.id');?>" placeholder="12345abcde">
<input type="text" name="-config-google.analytics.id" class="form-control" id="google.analytics.id" value="<?php echo valueMaker(config('google.analytics.id'));?>" placeholder="12345abcde">
<small><em>This is legacy code. Usually new created analyics using gtag.js</em></small> <small><em>This is legacy code. Usually new created analyics using gtag.js</em></small>
</div> </div>
</div> </div>
<div class="form-group row"> <div class="form-group row">
<label for="google.wmt.id" class="col-sm-2 col-form-label">Google Search Console</label> <label for="google.wmt.id" class="col-sm-2 col-form-label">Google Search Console</label>
<div class="col-sm-10"> <div class="col-sm-10">
<input type="text" name="-config-google.wmt.id" class="form-control" id="google.wmt.id" value="<?php echo config('google.wmt.id');?>" placeholder="12345abcde">
<input type="text" name="-config-google.wmt.id" class="form-control" id="google.wmt.id" value="<?php echo valueMaker(config('google.wmt.id'));?>" placeholder="12345abcde">
<small><em>For google-site-verification meta</em></small> <small><em>For google-site-verification meta</em></small>
</div> </div>
</div> </div>


+ 5
- 5
system/admin/views/config.html.php View File

@ -16,33 +16,33 @@
<div class="form-group row"> <div class="form-group row">
<label for="site.url" class="col-sm-2 col-form-label">Address (URL)</label> <label for="site.url" class="col-sm-2 col-form-label">Address (URL)</label>
<div class="col-sm-10"> <div class="col-sm-10">
<input type="text" name="-config-site.url" class="form-control" id="site.url" value="<?php echo config('site.url');?>" placeholder="https://www.htmly.com">
<input type="text" name="-config-site.url" class="form-control" id="site.url" value="<?php echo valueMaker(config('site.url'));?>" placeholder="https://www.htmly.com">
</div> </div>
</div> </div>
<div class="form-group row"> <div class="form-group row">
<label for="blog.title" class="col-sm-2 col-form-label">Blog title</label> <label for="blog.title" class="col-sm-2 col-form-label">Blog title</label>
<div class="col-sm-10"> <div class="col-sm-10">
<input type="text" name="-config-blog.title" class="form-control" id="blog.title" value="<?php echo config('blog.title');?>" placeholder="My HTMLy Blog">
<input type="text" name="-config-blog.title" class="form-control" id="blog.title" value="<?php echo valueMaker(config('blog.title'));?>" placeholder="My HTMLy Blog">
</div> </div>
</div> </div>
<div class="form-group row"> <div class="form-group row">
<label for="blog.tagline" class="col-sm-2 col-form-label">Tagline</label> <label for="blog.tagline" class="col-sm-2 col-form-label">Tagline</label>
<div class="col-sm-10"> <div class="col-sm-10">
<input type="text" name="-config-blog.tagline" class="form-control" id="blog.tagline" value="<?php echo config('blog.tagline');?>" placeholder="Databaseless PHP Blogging Platform">
<input type="text" name="-config-blog.tagline" class="form-control" id="blog.tagline" value="<?php echo valueMaker(config('blog.tagline'));?>" placeholder="Databaseless PHP Blogging Platform">
<small><em>In a few words, explain what this blog is about.</em></small> <small><em>In a few words, explain what this blog is about.</em></small>
</div> </div>
</div> </div>
<div class="form-group row"> <div class="form-group row">
<label for="blog.description" class="col-sm-2 col-form-label">Description</label> <label for="blog.description" class="col-sm-2 col-form-label">Description</label>
<div class="col-sm-10"> <div class="col-sm-10">
<textarea id="blog.description" name="-config-blog.description" class="form-control"><?php echo config('blog.description');?></textarea>
<textarea id="blog.description" name="-config-blog.description" class="form-control"><?php echo valueMaker(config('blog.description'));?></textarea>
<small><em>In one paragraph, tell us more about your blog.</em></small> <small><em>In one paragraph, tell us more about your blog.</em></small>
</div> </div>
</div> </div>
<div class="form-group row"> <div class="form-group row">
<label for="blog.copyright" class="col-sm-2 col-form-label">Copyright</label> <label for="blog.copyright" class="col-sm-2 col-form-label">Copyright</label>
<div class="col-sm-10"> <div class="col-sm-10">
<input type="text" name="-config-blog.copyright" class="form-control" id="blog.copyright" value="<?php echo config('blog.copyright');?>" placeholder="(c) Your name.">
<input type="text" name="-config-blog.copyright" class="form-control" id="blog.copyright" value="<?php echo valueMaker(config('blog.copyright'));?>" placeholder="(c) Your name.">
</div> </div>
</div> </div>
<div class="form-group row"> <div class="form-group row">


+ 15
- 0
system/includes/functions.php View File

@ -3321,3 +3321,18 @@ function format_date($date)
} }
} }
function valueMaker($value)
{
if (is_string($value))
return htmlspecialchars($value);
if ($value === true)
return "true";
if ($value === false)
return "false";
if ($value == false)
return "0";
return (string)$value;
}

Write Preview
Loading…
Cancel
Save