Sanitize categories and tags
This commit is contained in:
parent
2714560170
commit
d0c3f369aa
@ -62,18 +62,27 @@ class dbList extends dbJSON
|
||||
|
||||
public function generateKey($name)
|
||||
{
|
||||
return Text::cleanUrl($name);
|
||||
$key = Text::cleanUrl($name);
|
||||
if (empty($key)) {
|
||||
return false;
|
||||
}
|
||||
return $key;
|
||||
}
|
||||
|
||||
public function add($name)
|
||||
{
|
||||
$key = $this->generateKey($name);
|
||||
if( isset($this->db[$key]) ) {
|
||||
if ($key===false) {
|
||||
Log::set(__METHOD__.LOG_SEP.'Error when try to generate the key');
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isset($this->db[$key])) {
|
||||
Log::set(__METHOD__.LOG_SEP.'Error key already exist: '.$key);
|
||||
return false;
|
||||
}
|
||||
|
||||
$this->db[$key]['name'] = $name;
|
||||
$this->db[$key]['name'] = Sanitize::html($name);
|
||||
$this->db[$key]['list'] = array();
|
||||
|
||||
$this->sortAlphanumeric();
|
||||
@ -97,10 +106,10 @@ class dbList extends dbJSON
|
||||
{
|
||||
$newKey = $this->generateKey($newName);
|
||||
|
||||
$this->db[$newKey]['name'] = $newName;
|
||||
$this->db[$newKey]['name'] = Sanitize::html($newName);
|
||||
$this->db[$newKey]['list'] = $this->db[$oldKey]['list'];
|
||||
|
||||
// Remove the old category
|
||||
// Remove the old key
|
||||
if( $oldKey != $newKey ) {
|
||||
unset( $this->db[$oldKey] );
|
||||
}
|
||||
|
@ -13,36 +13,6 @@ if ($Login->role()!=='admin') {
|
||||
// Functions
|
||||
// ============================================================================
|
||||
|
||||
function add($category)
|
||||
{
|
||||
global $dbCategories;
|
||||
global $Language;
|
||||
global $Syslog;
|
||||
|
||||
if( Text::isEmpty($category) ) {
|
||||
Alert::set($Language->g('Category name is empty'), ALERT_STATUS_FAIL);
|
||||
return false;
|
||||
}
|
||||
|
||||
if( $dbCategories->add($category) ) {
|
||||
// Add to syslog
|
||||
$Syslog->add(array(
|
||||
'dictionaryKey'=>'new-category-created',
|
||||
'notes'=>$category
|
||||
));
|
||||
|
||||
// Create an alert
|
||||
Alert::set($Language->g('Category added'), ALERT_STATUS_OK);
|
||||
|
||||
// Redirect
|
||||
Redirect::page('categories');
|
||||
}
|
||||
else {
|
||||
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to create the category.');
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
// ============================================================================
|
||||
// Main before POST
|
||||
// ============================================================================
|
||||
@ -51,9 +21,9 @@ function add($category)
|
||||
// POST Method
|
||||
// ============================================================================
|
||||
|
||||
if( $_SERVER['REQUEST_METHOD'] == 'POST' )
|
||||
{
|
||||
add($_POST['category']);
|
||||
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||
createCategory($_POST['category']);
|
||||
Redirect::page('categories');
|
||||
}
|
||||
|
||||
// ============================================================================
|
||||
|
@ -2,6 +2,36 @@
|
||||
|
||||
class HTML {
|
||||
|
||||
// Returns HTML and Javascript code for the box TAGs when you create/edit content
|
||||
public static function tags($args) {
|
||||
global $L;
|
||||
|
||||
// Javascript
|
||||
$javascript = '<script>';
|
||||
$javascript .= file_get_contents(PATH_JS.'bludit-tags.js', true);
|
||||
$javascript .= '</script>';
|
||||
|
||||
// HTML
|
||||
$html = '<div id="bludit-tags" class="uk-form-row">';
|
||||
$html .= ' <input type="hidden" id="jstags" name="tags" value="">';
|
||||
$html .= ' <label for="jstagInput" class="uk-form-label">'.$args['label'].'</label>';
|
||||
|
||||
$html .= ' <div class="uk-form-controls">';
|
||||
$html .= ' <input id="jstagInput" type="text" class="uk-width-1-1" autocomplete="off">';
|
||||
$html .= ' <button id="jstagAdd" class="uk-button">'.$L->g('Add').'</button>';
|
||||
$html .= ' <div id="jstagList">';
|
||||
|
||||
foreach ($args['allTags'] as $tag) {
|
||||
$html .= ' <span data-tag="'.$tag.'" class="'.( in_array($tag, $args['selectedTags'])?'select':'unselect' ).'">'.$tag.'</span>';
|
||||
}
|
||||
|
||||
$html .= ' </div>';
|
||||
$html .= ' </div>';
|
||||
$html .= '</div>';
|
||||
|
||||
echo $html.$javascript;
|
||||
}
|
||||
|
||||
public static function title($args)
|
||||
{
|
||||
$id = empty($args['id']) ? '' : 'id="'.$args['id'].'"';
|
||||
@ -96,34 +126,7 @@ class HTML {
|
||||
echo $html;
|
||||
}
|
||||
|
||||
public static function tags($args)
|
||||
{
|
||||
global $L;
|
||||
// Javascript code
|
||||
include(PATH_JS.'bludit-tags.js');
|
||||
|
||||
$html = '<div id="bludit-tags" class="uk-form-row">';
|
||||
|
||||
$html .= '<input type="hidden" id="jstags" name="tags" value="">';
|
||||
|
||||
$html .= '<label for="jstagInput" class="uk-form-label">'.$args['label'].'</label>';
|
||||
|
||||
$html .= '<div class="uk-form-controls">';
|
||||
$html .= '<input id="jstagInput" type="text" class="uk-width-1-1" autocomplete="off">';
|
||||
$html .= '<button id="jstagAdd" class="uk-button">'.$L->g('Add').'</button>';
|
||||
|
||||
$html .= '<div id="jstagList">';
|
||||
|
||||
foreach($args['allTags'] as $tag) {
|
||||
$html .= '<span data-tag="'.$tag.'" class="'.( in_array($tag, $args['selectedTags'])?'select':'unselect' ).'">'.$tag.'</span>';
|
||||
}
|
||||
|
||||
$html .= '</div>';
|
||||
$html .= '</div>';
|
||||
$html .= '</div>';
|
||||
|
||||
echo $html;
|
||||
}
|
||||
|
||||
public static function formInputPassword($args)
|
||||
{
|
||||
|
@ -634,6 +634,34 @@ function editSettings($args) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Add a new category to the system
|
||||
// Returns TRUE is success added, FALSE otherwise
|
||||
function createCategory($category) {
|
||||
global $dbCategories;
|
||||
global $Language;
|
||||
global $Syslog;
|
||||
|
||||
if (Text::isEmpty($category)) {
|
||||
// Set an alert
|
||||
Alert::set($Language->g('Category name is empty'), ALERT_STATUS_FAIL);
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($dbCategories->add($category)) {
|
||||
// Add to syslog
|
||||
$Syslog->add(array(
|
||||
'dictionaryKey'=>'new-category-created',
|
||||
'notes'=>$category
|
||||
));
|
||||
|
||||
// Set an alert
|
||||
Alert::set($Language->g('Category added'), ALERT_STATUS_OK);
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
function editCategory($oldCategoryKey, $newCategory) {
|
||||
global $Language;
|
||||
global $dbPages;
|
||||
|
@ -81,4 +81,4 @@ class Sanitize {
|
||||
return 0;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
@ -123,6 +123,9 @@ class Text {
|
||||
return str_replace(array_keys($replace), array_values($replace), $text);
|
||||
}
|
||||
|
||||
// Convert invalid characters to valid characters for a URL
|
||||
// Characters that cannot be converted will be removed from the string
|
||||
// This function can return an empty string
|
||||
public static function cleanUrl($string, $separator='-')
|
||||
{
|
||||
if (EXTREME_FRIENDLY_URL) {
|
||||
|
@ -1,73 +1,65 @@
|
||||
<script>
|
||||
|
||||
function insertTag() {
|
||||
var newTag = sanitizeHTML( $("#jstagInput").val() );
|
||||
|
||||
var newTag = $("#jstagInput").val();
|
||||
|
||||
if(newTag.trim()=="") {
|
||||
if (newTag.trim()=="") {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Search if the tag exists
|
||||
var findTag = $("span[data-tag]").filter(function() {
|
||||
return $(this).attr('data-tag').toLowerCase() == newTag.toLowerCase();
|
||||
});
|
||||
|
||||
if( findTag.length > 0 ) {
|
||||
// If the tag exits select
|
||||
// If the tag doesn't exist, insert on the list and select
|
||||
if (findTag.length > 0) {
|
||||
findTag.removeClass("unselect").addClass("select");
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$("#jstagList").append("<span data-tag=\""+newTag+"\" class=\"select\">"+newTag+"</span>");
|
||||
}
|
||||
|
||||
// Clean the input.
|
||||
// Clean the input field
|
||||
$("#jstagInput").val("");
|
||||
|
||||
return newTag;
|
||||
}
|
||||
|
||||
$(document).ready(function() {
|
||||
|
||||
// Click on tag unselected.
|
||||
// Click on tag unselected
|
||||
$(document).on("click", ".unselect", function() {
|
||||
$(this).removeClass("unselect").addClass("select");
|
||||
});
|
||||
|
||||
// Click on tag selected.
|
||||
// Click on tag selected
|
||||
$(document).on("click", ".select", function() {
|
||||
$(this).removeClass("select").addClass("unselect");
|
||||
});
|
||||
|
||||
// Insert tag when click on the button "add".
|
||||
// Insert tag when click on the button "ADD"
|
||||
$(document).on("click", "#jstagAdd", function(e) {
|
||||
|
||||
// Prevent forum submit.
|
||||
// Prevent forum submit
|
||||
e.preventDefault();
|
||||
|
||||
insertTag();
|
||||
|
||||
});
|
||||
|
||||
// Insert tag when press enter key.
|
||||
// Insert tag when press enter key
|
||||
$("#jstagInput").keypress(function(e) {
|
||||
|
||||
if(e.which == 13) {
|
||||
if (e.which == 13) {
|
||||
insertTag();
|
||||
}
|
||||
|
||||
});
|
||||
|
||||
// Before form submit.
|
||||
// Before form submit
|
||||
$("form").submit(function(e) {
|
||||
|
||||
// For each span.select make an array then implode with comma glue.
|
||||
// For each span.select make an array then implode with comma glue
|
||||
var list = $("#jstagList > span.select").map(function() {
|
||||
return $(this).html();
|
||||
}).get().join(",");
|
||||
|
||||
// Insert the tags separated by comma in the input hiden field.
|
||||
// Insert the tags separated by comma in the input hidden field
|
||||
$("#jstags").val( list );
|
||||
|
||||
return true;
|
||||
});
|
||||
|
||||
});
|
||||
|
||||
</script>
|
||||
});
|
@ -53,4 +53,16 @@ function generateSlug(text, parentKey, currentKey, writeResponse) {
|
||||
});
|
||||
}
|
||||
|
||||
function sanitizeHTML(text) {
|
||||
var map = {
|
||||
'&': '&',
|
||||
'<': '<',
|
||||
'>': '>',
|
||||
'"': '"',
|
||||
"'": '''
|
||||
};
|
||||
|
||||
return text.replace(/[&<>"']/g, function(m) { return map[m]; });
|
||||
}
|
||||
|
||||
</script>
|
Loading…
Reference in New Issue
Block a user