mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-06 06:38:00 +02:00
Code Issues Releases Wiki Activity

Fix for toEmail() method encoding of quotes.

Browse Source
This commit is contained in:
Cameron
2015-05-21 21:49:32 -07:00
parent 02e0f7c548
commit de3f80f9ab
3 changed files with 38 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
e107_handlers/e_parse_class.php
View File

@@ -519,7 +519,7 @@ class e_parse extends e_parser
$data = $this->preFilter($data); // used by bb_xxx.php toDB() functions. bb_code.php toDB() allows us to properly bypass HTML cleaning below. $data = $this->preFilter($data); // used by bb_xxx.php toDB() functions. bb_code.php toDB() allows us to properly bypass HTML cleaning below.
// if(strlen($data) != strlen(strip_tags($data))) // html tags present. // strip_tags() doesn't function doesnt look for unclosed '>'. // if(strlen($data) != strlen(strip_tags($data))) // html tags present. // strip_tags() doesn't function doesnt look for unclosed '>'.
if((strpos($data,'[html]') !== false || htmlentities($data, ENT_NOQUOTES,'UTF-8') != $data || preg_match('#(?<=<)\w+(?=[^<]*?>)#', $data)) && strpos($mod, 'no_html') === false) if(($this->isHtml($data)) && strpos($mod, 'no_html') === false)
{ {
$this->isHtml = true; $this->isHtml = true;
$data = $this->cleanHtml($data); // sanitize all html. $data = $this->cleanHtml($data); // sanitize all html.
@@ -2579,7 +2579,17 @@ class e_parse extends e_parser
} }
$text = (strtolower($mods) != "rawtext") ? $this->replaceConstants($text, "full") : $text; $text = (strtolower($mods) != "rawtext") ? $this->replaceConstants($text, "full") : $text;
$text = $this->toHTML($text, TRUE, $mods);
if($this->isHtml($text))
{
$text = str_replace(array("[html]","[/html]"), "", $text);
$text = html_entity_decode( $text, ENT_COMPAT, 'UTF-8');
}
else
{
$text = $this->toHTML($text, true, $mods);
}
return $text; return $text;
} }
@@ -3148,6 +3158,27 @@ class e_parser
} }
/**
* Check if a string is HTML
* @param $text
* @return bool
*/
function isHtml($text)
{
if(strpos($text,'[html]') !== false || htmlentities($text, ENT_NOQUOTES,'UTF-8') != $text || preg_match('#(?<=<)\w+(?=[^<]*?>)#', $text))
{
return true;
}
else
{
return false;
}
}
/** /**
* Check if a file is an video or not. * Check if a file is an video or not.
* @param $file string * @param $file string
@@ -3404,8 +3435,8 @@ TMPL;
print_a($toAtt); print_a($toAtt);
// toEmail // toEmail
$toEmail = $tp->toEmail($text); $toEmail = $tp->toEmail($dbText);
echo "<h3>User-input &gg; toEmail(\$text)</h3>"; echo "<h3>User-input &gg; toEmail(\$text) <small>from DB</small></h3>";
print_a($toEmail); print_a($toEmail);

2
e107_handlers/mail.php
View File

@@ -1054,6 +1054,8 @@ class e107Email extends PHPMailer
public function MsgHTML($message, $basedir = '') public function MsgHTML($message, $basedir = '')
{ {
$tp = e107::getParser(); $tp = e107::getParser();
$message = $tp->toEmail($message, false, 'rawtext');
preg_match_all("/(src|background)=([\"\'])(.*)\\2/Ui", $message, $images); // Modified to accept single quotes as well preg_match_all("/(src|background)=([\"\'])(.*)\\2/Ui", $message, $images); // Modified to accept single quotes as well
if(isset($images[3]) && ($this->previewMode === false)) if(isset($images[3]) && ($this->previewMode === false))

2
e107_handlers/notify_class.php
View File

@@ -405,7 +405,7 @@ class notify
"; ";
$shortcodes = array( $shortcodes = array(
'NEWS_URL' => e107::getUrl()->create('news/view/item', $data,'full=1'), 'NEWS_URL' => e107::getUrl()->create('news/view/item', $data,'full=1&encode=0'),
'NEWS_TITLE' => $tp->toHtml($data['news_title']), 'NEWS_TITLE' => $tp->toHtml($data['news_title']),
'NEWS_SUMMARY' => $tp->toEmail($data['news_summary']), 'NEWS_SUMMARY' => $tp->toEmail($data['news_summary']),
'NEWS_AUTHOR' => $tp->toHtml($author) 'NEWS_AUTHOR' => $tp->toHtml($author)