From 3c2e5e8ce77707ce0dc280a0ac1350c040e1e464 Mon Sep 17 00:00:00 2001 From: dignajar Date: Sat, 27 Jun 2015 20:28:22 -0300 Subject: [PATCH] Bug fixes --- admin/themes/default/css/default.css | 1 + admin/views/edit-page.php | 2 +- admin/views/edit-post.php | 2 +- kernel/abstract/filecontent.class.php | 3 ++- kernel/helpers/sanitize.class.php | 14 ++++++++++++++ kernel/page.class.php | 25 +++++++++++++++++++++---- kernel/post.class.php | 25 +++++++++++++++++++++---- themes/pure/php/home.php | 2 +- 8 files changed, 62 insertions(+), 12 deletions(-) diff --git a/admin/themes/default/css/default.css b/admin/themes/default/css/default.css index 3ad127ab..99ee389d 100644 --- a/admin/themes/default/css/default.css +++ b/admin/themes/default/css/default.css @@ -169,6 +169,7 @@ div.pluginBox { box-sizing: border-box; padding: 20px; width: 70%; + margin-bottom: 20px; } div.pluginBox p { diff --git a/admin/views/edit-page.php b/admin/views/edit-page.php index a04858f3..aceed016 100644 --- a/admin/views/edit-page.php +++ b/admin/views/edit-page.php @@ -11,7 +11,7 @@ Content HTML and Markdown code supported. - + vars['content'] = $implode; // Sanitize content. - $this->vars['content'] = Sanitize::html($implode); + //$this->vars['content'] = Sanitize::html($implode); } } diff --git a/kernel/helpers/sanitize.class.php b/kernel/helpers/sanitize.class.php index 2beb9e13..510c90e0 100644 --- a/kernel/helpers/sanitize.class.php +++ b/kernel/helpers/sanitize.class.php @@ -3,6 +3,8 @@ class Sanitize { // new + + // Convert special characters to HTML entities public static function html($text) { $flags = ENT_COMPAT; @@ -14,6 +16,18 @@ class Sanitize { return htmlspecialchars($text, $flags, CHARSET); } + // Convert special HTML entities back to characters + public static function htmlDecode($text) + { + $flags = ENT_COMPAT; + + if(defined('ENT_HTML5')) { + $flags = ENT_COMPAT|ENT_HTML5; + } + + return htmlspecialchars_decode($text, $flags); + } + public static function pathFile($path, $file) { $real = realpath($path.$file); diff --git a/kernel/page.class.php b/kernel/page.class.php index 8115a307..c638387f 100644 --- a/kernel/page.class.php +++ b/kernel/page.class.php @@ -16,14 +16,31 @@ class Page extends fileContent } // Returns the post content. - public function content() + // This content is markdown parser. + public function content($html=true) { - return $this->getField('content'); + // This content is not sanitized. + $content = $this->getField('content'); + + if($html) { + return $content; + } + + return Sanitize::html($content); } - public function contentRaw() + // Returns the post content. + // This content is not markdown parser. + public function contentRaw($html=true) { - return $this->getField('contentRaw'); + // This content is not sanitized. + $contentRaw = $this->getField('contentRaw'); + + if($html) { + return $contentRaw; + } + + return Sanitize::html($contentRaw); } public function description() diff --git a/kernel/post.class.php b/kernel/post.class.php index 8b785563..57bcb716 100644 --- a/kernel/post.class.php +++ b/kernel/post.class.php @@ -16,14 +16,31 @@ class Post extends fileContent } // Returns the post content. - public function content() + // This content is markdown parser. + public function content($html=true) { - return $this->getField('content'); + // This content is not sanitized. + $content = $this->getField('content'); + + if($html) { + return $content; + } + + return Sanitize::html($content); } - public function contentRaw() + // Returns the post content. + // This content is not markdown parser. + public function contentRaw($html=true) { - return $this->getField('contentRaw'); + // This content is not sanitized. + $contentRaw = $this->getField('contentRaw'); + + if($html) { + return $contentRaw; + } + + return Sanitize::html($contentRaw); } public function key() diff --git a/themes/pure/php/home.php b/themes/pure/php/home.php index 06263eb7..b7820a16 100644 --- a/themes/pure/php/home.php +++ b/themes/pure/php/home.php @@ -19,4 +19,4 @@ - + \ No newline at end of file