From 49932534daac56164a7391236a904dcb61f28845 Mon Sep 17 00:00:00 2001 From: Cameron Date: Fri, 5 Feb 2021 19:57:53 -0800 Subject: [PATCH] Installation tweaks/fixes. --- e107_handlers/e_parse_class.php | 82 +++++++++++++++++++------------- e107_themes/bootstrap3/theme.xml | 2 +- install.php | 25 +++++----- 3 files changed, 60 insertions(+), 49 deletions(-) diff --git a/e107_handlers/e_parse_class.php b/e107_handlers/e_parse_class.php index 4973d6e6b..36b6f4d86 100644 --- a/e107_handlers/e_parse_class.php +++ b/e107_handlers/e_parse_class.php @@ -258,46 +258,19 @@ class e_parse private $nodesToDisableSC = array(); private $pathList = array(); - private $allowedAttributes = array( - 'default' => array('id', 'style', 'class', 'title', 'lang', 'accesskey'), - 'img' => array('src', 'alt', 'width', 'height'), - 'a' => array('href', 'target', 'rel'), - 'script' => array('type', 'src', 'language', 'async'), - 'iframe' => array('src', 'frameborder', 'width', 'height'), - 'input' => array('type', 'name', 'value'), - 'form' => array('action', 'method', 'target'), - 'audio' => array('src', 'controls', 'autoplay', 'loop', 'muted', 'preload'), - 'video' => array('autoplay', 'controls', 'height', 'loop', 'muted', 'poster', 'preload', 'src', 'width'), - 'td' => array('colspan', 'rowspan'), - 'th' => array('colspan', 'rowspan'), - 'col' => array('span'), - 'embed' => array('src', 'wmode', 'type', 'width', 'height'), - 'x-bbcode' => array('alt'), - 'label' => array('for'), - 'source' => array('media', 'sizes', 'src', 'srcset', 'type'), + private $allowedAttributes = array(); - ); - private $badAttrValues = array('javascript[\s]*?:', 'alert\(', 'vbscript[\s]*?:', 'data:text\/html', 'mhtml[\s]*?:', 'data:[\s]*?image'); + private $badAttrValues = array(); - private $replaceAttrValues = array( - 'default' => array() - ); + private $replaceAttrValues = array(); - private $allowedTags = array('html', 'body', 'div', 'a', 'img', 'table', 'tr', 'td', 'th', 'tbody', 'thead', 'colgroup', 'b', - 'i', 'pre', 'code', 'strong', 'u', 'em', 'ul', 'ol', 'li', 'img', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'p', - 'div', 'pre', 'section', 'article', 'blockquote', 'hgroup', 'aside', 'figure', 'figcaption', 'abbr', 'span', 'audio', 'video', 'source', 'br', - 'small', 'caption', 'noscript', 'hr', 'section', 'iframe', 'sub', 'sup', 'cite', 'x-bbcode', 'label' - ); - private $scriptTags = array('script', 'applet', 'form', 'input', 'button', 'embed', 'object', 'ins', 'select', 'textarea'); //allowed when $pref['post_script'] is enabled. + private $allowedTags = array(); + private $scriptTags = array(); - private $scriptAttributes = array('onclick', 'onchange', 'onblur', 'onload', 'onfocus', 'onkeydown', 'onkeypress', 'onkeyup', - 'ondblclick', 'onmousedown', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', - 'onwheel', 'oncopy', 'oncut', 'onpaste' - ); - - private $blockTags = array('p', 'pre', 'div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'blockquote'); // element includes its own line-break. + private $scriptAttributes = array(); + private $blockTags = array(); private $scriptAccess = false; // nobody. @@ -3413,6 +3386,47 @@ class e_parse $this->e_SuperMods[$key]['context'] = $key; } + $this->allowedTags = array('html', 'body', 'div', 'a', 'img', 'table', 'tr', 'td', 'th', 'tbody', 'thead', 'colgroup', 'b', + 'i', 'pre', 'code', 'strong', 'u', 'em', 'ul', 'ol', 'li', 'img', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'p', + 'section', 'article', 'blockquote', 'hgroup', 'aside', 'figure', 'figcaption', 'abbr', 'span', 'audio', 'video', 'source', 'br', + 'small', 'caption', 'noscript', 'hr', 'section', 'iframe', 'sub', 'sup', 'cite', 'x-bbcode', 'label' + ); + + $this->scriptTags = array('script', 'applet', 'form', 'input', 'button', 'embed', 'object', 'ins', 'select', 'textarea'); //allowed when $pref['post_script'] is enabled. + + $this->allowedAttributes = array( + 'default' => array('id', 'style', 'class', 'title', 'lang', 'accesskey'), + 'img' => array('src', 'alt', 'width', 'height'), + 'a' => array('href', 'target', 'rel'), + 'script' => array('type', 'src', 'language', 'async'), + 'iframe' => array('src', 'frameborder', 'width', 'height'), + 'input' => array('type', 'name', 'value'), + 'form' => array('action', 'method', 'target'), + 'audio' => array('src', 'controls', 'autoplay', 'loop', 'muted', 'preload'), + 'video' => array('autoplay', 'controls', 'height', 'loop', 'muted', 'poster', 'preload', 'src', 'width'), + 'td' => array('colspan', 'rowspan'), + 'th' => array('colspan', 'rowspan'), + 'col' => array('span'), + 'embed' => array('src', 'wmode', 'type', 'width', 'height'), + 'x-bbcode' => array('alt'), + 'label' => array('for'), + 'source' => array('media', 'sizes', 'src', 'srcset', 'type'), + + ); + + $this->scriptAttributes = array('onclick', 'onchange', 'onblur', 'onload', 'onfocus', 'onkeydown', 'onkeypress', 'onkeyup', + 'ondblclick', 'onmousedown', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', + 'onwheel', 'oncopy', 'oncut', 'onpaste' + ); + + $this->blockTags = array('p', 'pre', 'div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'blockquote'); // element includes its own line-break. + + $this->badAttrValues = array('javascript[\s]*?:', 'alert\(', 'vbscript[\s]*?:', 'data:text\/html', 'mhtml[\s]*?:', 'data:[\s]*?image'); + + $this->replaceAttrValues = array( + 'default' => array() + ); + } /** diff --git a/e107_themes/bootstrap3/theme.xml b/e107_themes/bootstrap3/theme.xml index 57afac4c0..cb91c4743 100644 --- a/e107_themes/bootstrap3/theme.xml +++ b/e107_themes/bootstrap3/theme.xml @@ -16,7 +16,7 @@ clean - preview_frontend.webp + preview_frontend.png diff --git a/install.php b/install.php index 6a28a9444..84be2b77a 100644 --- a/install.php +++ b/install.php @@ -56,7 +56,7 @@ class installLog static function errorHandler($errno=null, $errstr=null, $errfile=null, $errline=null) { - $error = "Error on line $errline in file ".$errfile." : ".$errstr; + $error = "Error on line ".$errline." in file ".$errfile." : ".$errstr; switch($errno) { @@ -84,10 +84,15 @@ class installLog self::add($error, "debug"); break; default: - self::add($error, "warn"); + if(!empty($errno)) + { + self::add($error, "warn"); + } + } + return true; } @@ -133,6 +138,8 @@ set_exception_handler(array('installLog','exceptionHandler')); set_error_handler(array('installLog',"errorHandler")); register_shutdown_function(array('installLog',"errorHandler")); + + /*define("e_UC_PUBLIC", 0); define("e_UC_MAINADMIN", 250); define("e_UC_READONLY", 251); @@ -527,10 +534,8 @@ class e_install $this->stage = 1; installLog::clear(); installLog::add('Stage 1 started'); - // installLog::add('Stage 1 started'); - $this->template->SetTag("installation_heading", LANINS_001); $this->template->SetTag("stage_pre", LANINS_002); $this->template->SetTag("stage_num", LANINS_003); @@ -1313,6 +1318,7 @@ class e_install $themeInfo = $this->get_theme_xml($val); + $opts[$val] = array( 'title' =>vartrue($themeInfo['@attributes']['name']), 'category' => vartrue($themeInfo['category']), @@ -1320,6 +1326,7 @@ class e_install 'description' => vartrue($themeInfo['info']) ); + /* $title = vartrue($themeInfo['@attributes']['name']); $category = vartrue($themeInfo['category']); $preview = e_THEME.$val."/".$themeInfo['thumbnail']; @@ -2168,16 +2175,6 @@ if($this->pdo == true) if (!$this->dbqry($sql_table)) { installLog::add("Query Failed in ".$filename." : ".$sql_table, 'error'); - /* if($this->debug) - { - echo "

filename

"; - var_dump($filename); - - echo "

sql_table

"; - var_dump($sql_table); - echo "

result[0]

"; - var_dump($result[0]); - }*/ return nl2br(LANINS_061."\n\n".LANINS_083."\n".e107::getDb()->getLastErrorText().""); } }