Sanitize categories and tags

This commit is contained in:
Diego Najar 2017-11-01 19:38:56 +01:00
parent 2714560170
commit d0c3f369aa
8 changed files with 111 additions and 94 deletions

View File

@ -62,18 +62,27 @@ class dbList extends dbJSON
public function generateKey($name) public function generateKey($name)
{ {
return Text::cleanUrl($name); $key = Text::cleanUrl($name);
if (empty($key)) {
return false;
}
return $key;
} }
public function add($name) public function add($name)
{ {
$key = $this->generateKey($name); $key = $this->generateKey($name);
if( isset($this->db[$key]) ) { if ($key===false) {
Log::set(__METHOD__.LOG_SEP.'Error when try to generate the key');
return false;
}
if (isset($this->db[$key])) {
Log::set(__METHOD__.LOG_SEP.'Error key already exist: '.$key); Log::set(__METHOD__.LOG_SEP.'Error key already exist: '.$key);
return false; return false;
} }
$this->db[$key]['name'] = $name; $this->db[$key]['name'] = Sanitize::html($name);
$this->db[$key]['list'] = array(); $this->db[$key]['list'] = array();
$this->sortAlphanumeric(); $this->sortAlphanumeric();
@ -97,10 +106,10 @@ class dbList extends dbJSON
{ {
$newKey = $this->generateKey($newName); $newKey = $this->generateKey($newName);
$this->db[$newKey]['name'] = $newName; $this->db[$newKey]['name'] = Sanitize::html($newName);
$this->db[$newKey]['list'] = $this->db[$oldKey]['list']; $this->db[$newKey]['list'] = $this->db[$oldKey]['list'];
// Remove the old category // Remove the old key
if( $oldKey != $newKey ) { if( $oldKey != $newKey ) {
unset( $this->db[$oldKey] ); unset( $this->db[$oldKey] );
} }

View File

@ -13,36 +13,6 @@ if ($Login->role()!=='admin') {
// Functions // Functions
// ============================================================================ // ============================================================================
function add($category)
{
global $dbCategories;
global $Language;
global $Syslog;
if( Text::isEmpty($category) ) {
Alert::set($Language->g('Category name is empty'), ALERT_STATUS_FAIL);
return false;
}
if( $dbCategories->add($category) ) {
// Add to syslog
$Syslog->add(array(
'dictionaryKey'=>'new-category-created',
'notes'=>$category
));
// Create an alert
Alert::set($Language->g('Category added'), ALERT_STATUS_OK);
// Redirect
Redirect::page('categories');
}
else {
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to create the category.');
return false;
}
}
// ============================================================================ // ============================================================================
// Main before POST // Main before POST
// ============================================================================ // ============================================================================
@ -51,9 +21,9 @@ function add($category)
// POST Method // POST Method
// ============================================================================ // ============================================================================
if( $_SERVER['REQUEST_METHOD'] == 'POST' ) if ($_SERVER['REQUEST_METHOD'] == 'POST') {
{ createCategory($_POST['category']);
add($_POST['category']); Redirect::page('categories');
} }
// ============================================================================ // ============================================================================

View File

@ -2,6 +2,36 @@
class HTML { class HTML {
// Returns HTML and Javascript code for the box TAGs when you create/edit content
public static function tags($args) {
global $L;
// Javascript
$javascript = '<script>';
$javascript .= file_get_contents(PATH_JS.'bludit-tags.js', true);
$javascript .= '</script>';
// HTML
$html = '<div id="bludit-tags" class="uk-form-row">';
$html .= ' <input type="hidden" id="jstags" name="tags" value="">';
$html .= ' <label for="jstagInput" class="uk-form-label">'.$args['label'].'</label>';
$html .= ' <div class="uk-form-controls">';
$html .= ' <input id="jstagInput" type="text" class="uk-width-1-1" autocomplete="off">';
$html .= ' <button id="jstagAdd" class="uk-button">'.$L->g('Add').'</button>';
$html .= ' <div id="jstagList">';
foreach ($args['allTags'] as $tag) {
$html .= ' <span data-tag="'.$tag.'" class="'.( in_array($tag, $args['selectedTags'])?'select':'unselect' ).'">'.$tag.'</span>';
}
$html .= ' </div>';
$html .= ' </div>';
$html .= '</div>';
echo $html.$javascript;
}
public static function title($args) public static function title($args)
{ {
$id = empty($args['id']) ? '' : 'id="'.$args['id'].'"'; $id = empty($args['id']) ? '' : 'id="'.$args['id'].'"';
@ -96,34 +126,7 @@ class HTML {
echo $html; echo $html;
} }
public static function tags($args)
{
global $L;
// Javascript code
include(PATH_JS.'bludit-tags.js');
$html = '<div id="bludit-tags" class="uk-form-row">';
$html .= '<input type="hidden" id="jstags" name="tags" value="">';
$html .= '<label for="jstagInput" class="uk-form-label">'.$args['label'].'</label>';
$html .= '<div class="uk-form-controls">';
$html .= '<input id="jstagInput" type="text" class="uk-width-1-1" autocomplete="off">';
$html .= '<button id="jstagAdd" class="uk-button">'.$L->g('Add').'</button>';
$html .= '<div id="jstagList">';
foreach($args['allTags'] as $tag) {
$html .= '<span data-tag="'.$tag.'" class="'.( in_array($tag, $args['selectedTags'])?'select':'unselect' ).'">'.$tag.'</span>';
}
$html .= '</div>';
$html .= '</div>';
$html .= '</div>';
echo $html;
}
public static function formInputPassword($args) public static function formInputPassword($args)
{ {

View File

@ -634,6 +634,34 @@ function editSettings($args) {
return false; return false;
} }
// Add a new category to the system
// Returns TRUE is success added, FALSE otherwise
function createCategory($category) {
global $dbCategories;
global $Language;
global $Syslog;
if (Text::isEmpty($category)) {
// Set an alert
Alert::set($Language->g('Category name is empty'), ALERT_STATUS_FAIL);
return false;
}
if ($dbCategories->add($category)) {
// Add to syslog
$Syslog->add(array(
'dictionaryKey'=>'new-category-created',
'notes'=>$category
));
// Set an alert
Alert::set($Language->g('Category added'), ALERT_STATUS_OK);
return true;
}
return false;
}
function editCategory($oldCategoryKey, $newCategory) { function editCategory($oldCategoryKey, $newCategory) {
global $Language; global $Language;
global $dbPages; global $dbPages;

View File

@ -123,6 +123,9 @@ class Text {
return str_replace(array_keys($replace), array_values($replace), $text); return str_replace(array_keys($replace), array_values($replace), $text);
} }
// Convert invalid characters to valid characters for a URL
// Characters that cannot be converted will be removed from the string
// This function can return an empty string
public static function cleanUrl($string, $separator='-') public static function cleanUrl($string, $separator='-')
{ {
if (EXTREME_FRIENDLY_URL) { if (EXTREME_FRIENDLY_URL) {

View File

@ -1,73 +1,65 @@
<script>
function insertTag() { function insertTag() {
var newTag = sanitizeHTML( $("#jstagInput").val() );
var newTag = $("#jstagInput").val(); if (newTag.trim()=="") {
if(newTag.trim()=="") {
return true; return true;
} }
// Search if the tag exists
var findTag = $("span[data-tag]").filter(function() { var findTag = $("span[data-tag]").filter(function() {
return $(this).attr('data-tag').toLowerCase() == newTag.toLowerCase(); return $(this).attr('data-tag').toLowerCase() == newTag.toLowerCase();
}); });
if( findTag.length > 0 ) { // If the tag exits select
// If the tag doesn't exist, insert on the list and select
if (findTag.length > 0) {
findTag.removeClass("unselect").addClass("select"); findTag.removeClass("unselect").addClass("select");
} } else {
else {
$("#jstagList").append("<span data-tag=\""+newTag+"\" class=\"select\">"+newTag+"</span>"); $("#jstagList").append("<span data-tag=\""+newTag+"\" class=\"select\">"+newTag+"</span>");
} }
// Clean the input. // Clean the input field
$("#jstagInput").val(""); $("#jstagInput").val("");
return newTag;
} }
$(document).ready(function() { $(document).ready(function() {
// Click on tag unselected. // Click on tag unselected
$(document).on("click", ".unselect", function() { $(document).on("click", ".unselect", function() {
$(this).removeClass("unselect").addClass("select"); $(this).removeClass("unselect").addClass("select");
}); });
// Click on tag selected. // Click on tag selected
$(document).on("click", ".select", function() { $(document).on("click", ".select", function() {
$(this).removeClass("select").addClass("unselect"); $(this).removeClass("select").addClass("unselect");
}); });
// Insert tag when click on the button "add". // Insert tag when click on the button "ADD"
$(document).on("click", "#jstagAdd", function(e) { $(document).on("click", "#jstagAdd", function(e) {
// Prevent forum submit
// Prevent forum submit.
e.preventDefault(); e.preventDefault();
insertTag(); insertTag();
}); });
// Insert tag when press enter key. // Insert tag when press enter key
$("#jstagInput").keypress(function(e) { $("#jstagInput").keypress(function(e) {
if (e.which == 13) {
if(e.which == 13) {
insertTag(); insertTag();
} }
}); });
// Before form submit. // Before form submit
$("form").submit(function(e) { $("form").submit(function(e) {
// For each span.select make an array then implode with comma glue
// For each span.select make an array then implode with comma glue.
var list = $("#jstagList > span.select").map(function() { var list = $("#jstagList > span.select").map(function() {
return $(this).html(); return $(this).html();
}).get().join(","); }).get().join(",");
// Insert the tags separated by comma in the input hiden field. // Insert the tags separated by comma in the input hidden field
$("#jstags").val( list ); $("#jstags").val( list );
return true;
}); });
}); });
</script>

View File

@ -53,4 +53,16 @@ function generateSlug(text, parentKey, currentKey, writeResponse) {
}); });
} }
function sanitizeHTML(text) {
var map = {
'&': '&amp;',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#039;'
};
return text.replace(/[&<>"']/g, function(m) { return map[m]; });
}
</script> </script>