chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Forum: add remove_xss

Browse Source
pull/3937/head^2
Julio Montoya 4 years ago
parent c7bf620fb3
commit 0d8c731a97
3 changed files with 21 additions and 22 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      main/forum/viewforum.php
  2. 16
      main/forum/viewforumcategory.php
  3. 21
      main/template/default/forum/list.tpl

6
main/forum/viewforum.php
Unescape View File

@ -140,7 +140,7 @@ if (!empty($groupId)) {
$interbreadcrumb[] = [
'url' => $forumUrl.'viewforumcategory.php?forumcategory='.$current_forum_category['cat_id']
.'&search='.Security::remove_XSS(urlencode($my_search)),
'name' => prepare4display($current_forum_category['cat_title']),
'name' => Security::remove_XSS(prepare4display($current_forum_category['cat_title'])),
];
$interbreadcrumb[] = [
'url' => '#',
@ -375,7 +375,7 @@ if (api_is_allowed_to_edit(false, true) ||
echo '</div>';
/* Display */
$titleForum = $current_forum['forum_title'];
$titleForum = Security::remove_XSS($current_forum['forum_title']);
$descriptionForum = $current_forum['forum_comment'];
$iconForum = Display::return_icon(
'forum_yellow.png',
@ -440,7 +440,7 @@ if (is_array($threads)) {
$linkPostForum = '<a href="viewthread.php?'.api_get_cidreq().'&forum='.$my_forum
."&thread={$row['thread_id']}&search="
.Security::remove_XSS(urlencode($my_search)).'">'
.$row['thread_title'].'</a>';
.Security::remove_XSS($row['thread_title']).'</a>';
$html = '';
$html .= '<div class="panel panel-default forum '.($row['thread_sticky'] ? 'sticky' : '').'">';
$html .= '<div class="panel-body">';

16
main/forum/viewforumcategory.php
Unescape View File

@ -126,8 +126,6 @@ echo $html;
$logInfo = [
'tool' => TOOL_FORUM,
'tool_id' => 0,
'tool_id_detail' => 0,
'action' => $action,
'info' => isset($_GET['content']) ? $_GET['content'] : '',
];
@ -181,7 +179,7 @@ if ($action != 'add') {
$forum_categories_list = [];
$forumId = $forum_category['cat_id'];
$forumTitle = $forum_category['cat_title'];
$forumTitle = Security::remove_XSS($forum_category['cat_title']);
$linkForumCategory = 'viewforumcategory.php?'.api_get_cidreq().'&forumcategory='.strval(intval($forumId));
$descriptionCategory = $forum_category['cat_comment'];
$icoCategory = Display::return_icon(
@ -271,15 +269,12 @@ if ($action != 'add') {
// you are teacher => show forum
if (api_is_allowed_to_edit(false, true)) {
//echo 'teacher';
$show_forum = true;
} else {
// you are not a teacher
//echo 'student';
// it is not a group forum => show forum
// (invisible forums are already left out see get_forums function)
if ($forum['forum_of_group'] == '0') {
//echo '-gewoon forum';
$show_forum = true;
} else {
// it is a group forum
@ -287,16 +282,13 @@ if ($action != 'add') {
// it is a group forum but it is public => show
if ($forum['forum_group_public_private'] == 'public') {
$show_forum = true;
//echo '-publiek';
} else {
// it is a group forum and it is private
//echo '-prive';
// it is a group forum and it is private but the user is member of the group
if (in_array($forum['forum_of_group'], $groups_of_user)) {
//echo '-is lid';
$show_forum = true;
} else {
//echo '-is GEEN lid';
$show_forum = false;
}
}
@ -360,14 +352,14 @@ if ($action != 'add') {
$html .= '<div class="col-md-9">';
$iconForum = Display::return_icon(
'forum_yellow.png',
get_lang($forum_category['cat_title']),
Security::remove_XSS(get_lang($forum_category['cat_title'])),
null,
ICON_SIZE_MEDIUM
);
$linkForum = Display::tag(
'a',
$forum['forum_title'].$session_displayed,
Security::remove_XSS($forum['forum_title']).$session_displayed,
[
'href' => 'viewforum.php?'.api_get_cidreq(true, false)."&gidReq={$forum['forum_of_group']}&forum={$forum['forum_id']}&search=".Security::remove_XSS(urlencode(isset($_GET['search']) ? $_GET['search'] : '')),
'class' => empty($forum['visibility']) ? 'text-muted' : null,
@ -382,7 +374,7 @@ if ($action != 'add') {
);
$html .= Display::tag(
'p',
strip_tags($forum['forum_comment']),
Security::remove_XSS(strip_tags($forum['forum_comment'])),
[
'class' => 'description',
]

21
main/template/default/forum/list.tpl
Unescape View File

@ -47,7 +47,7 @@
{% if fold_forum_categories %}
{% set panel_icon %}
<a href="{{ item.url }}" title="{{ item.title }}">
<a href="{{ item.url }}" title="{{ item.title | remove_xss }}">
<span class="open">{{ 'forum_blue.png'|img(32) }}</span>
</a>
{% endset %}
@ -62,7 +62,8 @@
{% set panel_title %}
<a href="{{ item.url }}" title="{{ item.title }}">
<span class="open">{{ 'forum_blue.png'|img(32) }}</span>
{{ item.title }}{{ item.icon_session }}
{{ item.title | remove_xss }}
{{ item.icon_session }}
</a>
{% for category_language_item in category_language_array %}
<span class="flag-icon flag-icon-{{ languages[category_language_item | lower] }}"></span>
@ -106,7 +107,13 @@
</div>
<h3 class="title">
{{ 'forum_yellow.png'|img(32) }}
<a href="{{ subitem.url }}" title="{{ subitem.title }}" class="{{ subitem.visibility != '1' ? 'text-muted': '' }}">{{ subitem.title }}</a>
<a
href="{{ subitem.url }}"
title="{{ subitem.title | remove_xss }}"
class="{{ subitem.visibility != '1' ? 'text-muted': '' }}"
>
{{ subitem.title | remove_xss }}
</a>
{% if subitem.forum_of_group != 0 %}
<a class="forum-goto" href="../group/group_space.php?{{ _p.web_cid_query }}&gidReq={{ subitem.forum_of_group }}">
{{ "forum.png"|img(22) }} {{ "GoTo"|get_lang }} {{ subitem.forum_group_title }}
@ -124,16 +131,16 @@
</div>
{% endif %}
<div class="description">
{{ subitem.description }}
{{ subitem.description | remove_xss }}
</div>
{{ subitem.last_post_text }}
{{ subitem.alert }}
{% if subitem.moderation is not empty %}
<span class="label label-warning">
{{ "PostsPendingModeration"|get_lang }}: {{ subitem.moderation }}
</span>
{{ "PostsPendingModeration"|get_lang }}: {{ subitem.moderation }}
</span>
{% endif %}
</div>
</div>

Write Preview
Loading…
Cancel
Save