r31k
/
bludit
2
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Sanitize categories and tags

This commit is contained in:
Diego Najar 2017-11-01 19:38:56 +01:00
parent 2714560170
commit d0c3f369aa
8 changed files with 111 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
bl-kernel/abstract/dblist.class.php
View File

@ -62,18 +62,27 @@ class dbList extends dbJSON
public function generateKey($name)
{
return Text::cleanUrl($name);
$key = Text::cleanUrl($name);
if (empty($key)) {
return false;
}
return $key;
}
public function add($name)
{
$key = $this->generateKey($name);
if( isset($this->db[$key]) ) {
if ($key===false) {
Log::set(__METHOD__.LOG_SEP.'Error when try to generate the key');
return false;
}
if (isset($this->db[$key])) {
Log::set(__METHOD__.LOG_SEP.'Error key already exist: '.$key);
return false;
}
$this->db[$key]['name'] = $name;
$this->db[$key]['name'] = Sanitize::html($name);
$this->db[$key]['list'] = array();
$this->sortAlphanumeric();
@ -97,10 +106,10 @@ class dbList extends dbJSON
{
$newKey = $this->generateKey($newName);
$this->db[$newKey]['name'] = $newName;
$this->db[$newKey]['name'] = Sanitize::html($newName);
$this->db[$newKey]['list'] = $this->db[$oldKey]['list'];
// Remove the old category
// Remove the old key
if( $oldKey != $newKey ) {
unset( $this->db[$oldKey] );
}

36
bl-kernel/admin/controllers/new-category.php
View File

@ -13,36 +13,6 @@ if ($Login->role()!=='admin') {
// Functions
// ============================================================================
function add($category)
{
global $dbCategories;
global $Language;
global $Syslog;
if( Text::isEmpty($category) ) {
Alert::set($Language->g('Category name is empty'), ALERT_STATUS_FAIL);
return false;
}
if( $dbCategories->add($category) ) {
// Add to syslog
$Syslog->add(array(
'dictionaryKey'=>'new-category-created',
'notes'=>$category
));
// Create an alert
Alert::set($Language->g('Category added'), ALERT_STATUS_OK);
// Redirect
Redirect::page('categories');
}
else {
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to create the category.');
return false;
}
}
// ============================================================================
// Main before POST
// ============================================================================
@ -51,9 +21,9 @@ function add($category)
// POST Method
// ============================================================================
if( $_SERVER['REQUEST_METHOD'] == 'POST' )
{
add($_POST['category']);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
createCategory($_POST['category']);
Redirect::page('categories');
}
// ============================================================================

57
bl-kernel/admin/themes/default/init.php
View File

@ -2,6 +2,36 @@
class HTML {
// Returns HTML and Javascript code for the box TAGs when you create/edit content
public static function tags($args) {
global $L;
// Javascript
$javascript = '<script>';
$javascript .= file_get_contents(PATH_JS.'bludit-tags.js', true);
$javascript .= '</script>';
// HTML
$html = '<div id="bludit-tags" class="uk-form-row">';
$html .= ' <input type="hidden" id="jstags" name="tags" value="">';
$html .= ' <label for="jstagInput" class="uk-form-label">'.$args['label'].'</label>';
$html .= ' <div class="uk-form-controls">';
$html .= ' <input id="jstagInput" type="text" class="uk-width-1-1" autocomplete="off">';
$html .= ' <button id="jstagAdd" class="uk-button">'.$L->g('Add').'</button>';
$html .= ' <div id="jstagList">';
foreach ($args['allTags'] as $tag) {
$html .= ' <span data-tag="'.$tag.'" class="'.( in_array($tag, $args['selectedTags'])?'select':'unselect' ).'">'.$tag.'</span>';
}
$html .= ' </div>';
$html .= ' </div>';
$html .= '</div>';
echo $html.$javascript;
}
public static function title($args)
{
$id = empty($args['id']) ? '' : 'id="'.$args['id'].'"';
@ -96,34 +126,7 @@ class HTML {
echo $html;
}
public static function tags($args)
{
global $L;
// Javascript code
include(PATH_JS.'bludit-tags.js');
$html = '<div id="bludit-tags" class="uk-form-row">';
$html .= '<input type="hidden" id="jstags" name="tags" value="">';
$html .= '<label for="jstagInput" class="uk-form-label">'.$args['label'].'</label>';
$html .= '<div class="uk-form-controls">';
$html .= '<input id="jstagInput" type="text" class="uk-width-1-1" autocomplete="off">';
$html .= '<button id="jstagAdd" class="uk-button">'.$L->g('Add').'</button>';
$html .= '<div id="jstagList">';
foreach($args['allTags'] as $tag) {
$html .= '<span data-tag="'.$tag.'" class="'.( in_array($tag, $args['selectedTags'])?'select':'unselect' ).'">'.$tag.'</span>';
}
$html .= '</div>';
$html .= '</div>';
$html .= '</div>';
echo $html;
}
public static function formInputPassword($args)
{

28
bl-kernel/functions.php
View File

@ -634,6 +634,34 @@ function editSettings($args) {
return false;
}
// Add a new category to the system
// Returns TRUE is success added, FALSE otherwise
function createCategory($category) {
global $dbCategories;
global $Language;
global $Syslog;
if (Text::isEmpty($category)) {
// Set an alert
Alert::set($Language->g('Category name is empty'), ALERT_STATUS_FAIL);
return false;
}
if ($dbCategories->add($category)) {
// Add to syslog
$Syslog->add(array(
'dictionaryKey'=>'new-category-created',
'notes'=>$category
));
// Set an alert
Alert::set($Language->g('Category added'), ALERT_STATUS_OK);
return true;
}
return false;
}
function editCategory($oldCategoryKey, $newCategory) {
global $Language;
global $dbPages;

3
bl-kernel/helpers/text.class.php
View File

@ -123,6 +123,9 @@ class Text {
return str_replace(array_keys($replace), array_values($replace), $text);
}
// Convert invalid characters to valid characters for a URL
// Characters that cannot be converted will be removed from the string
// This function can return an empty string
public static function cleanUrl($string, $separator='-')
{
if (EXTREME_FRIENDLY_URL) {

46
bl-kernel/js/bludit-tags.js
View File

@ -1,73 +1,65 @@
<script>
function insertTag() {
var newTag = sanitizeHTML( $("#jstagInput").val() );
var newTag = $("#jstagInput").val();
if(newTag.trim()=="") {
if (newTag.trim()=="") {
return true;
}
// Search if the tag exists
var findTag = $("span[data-tag]").filter(function() {
return $(this).attr('data-tag').toLowerCase() == newTag.toLowerCase();
});
if( findTag.length > 0 ) {
// If the tag exits select
// If the tag doesn't exist, insert on the list and select
if (findTag.length > 0) {
findTag.removeClass("unselect").addClass("select");
}
else {
} else {
$("#jstagList").append("<span data-tag=\""+newTag+"\" class=\"select\">"+newTag+"</span>");
}
// Clean the input.
// Clean the input field
$("#jstagInput").val("");
return newTag;
}
$(document).ready(function() {
// Click on tag unselected.
// Click on tag unselected
$(document).on("click", ".unselect", function() {
$(this).removeClass("unselect").addClass("select");
});
// Click on tag selected.
// Click on tag selected
$(document).on("click", ".select", function() {
$(this).removeClass("select").addClass("unselect");
});
// Insert tag when click on the button "add".
// Insert tag when click on the button "ADD"
$(document).on("click", "#jstagAdd", function(e) {
// Prevent forum submit.
// Prevent forum submit
e.preventDefault();
insertTag();
});
// Insert tag when press enter key.
// Insert tag when press enter key
$("#jstagInput").keypress(function(e) {
if(e.which == 13) {
if (e.which == 13) {
insertTag();
}
});
// Before form submit.
// Before form submit
$("form").submit(function(e) {
// For each span.select make an array then implode with comma glue.
// For each span.select make an array then implode with comma glue
var list = $("#jstagList > span.select").map(function() {
return $(this).html();
}).get().join(",");
// Insert the tags separated by comma in the input hiden field.
// Insert the tags separated by comma in the input hidden field
$("#jstags").val( list );
return true;
});
});
</script>

12
bl-kernel/js/functions.php
View File

@ -53,4 +53,16 @@ function generateSlug(text, parentKey, currentKey, writeResponse) {
});
}
function sanitizeHTML(text) {
var map = {
'&': '&amp;',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#039;'
};
return text.replace(/[&<>"']/g, function(m) { return map[m]; });
}
</script>