mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-01-17 20:58:30 +01:00
Code Issues Releases Wiki Activity
13,912 Commits 2 Branches 22 Tags
Commit Graph

459 Commits

Author SHA1 Message Date
Nick Liu
169efa09b9
e_parse::toAttributes(): New API to concatenate HTML attributes 
`e_parse::toAttributes()` is an expansion of the formerly private method
`e_form::attributes()`. Now, all client code can use
`e_parse::toAttributes()` to make it easy to concatenate variable-length
HTML attributes. Values are guaranteed to be encoded so that they cannot
escape an HTML attribute value.

All client code usages are encouraged to build HTML tags with this new
method to prevent cross-site scripting (XSS) attacks and prevent
breaking the HTML validity due to improperly escaped HTML attributes.

This new method is an extension to `e_parse::toAttribute()`, which
escaped one single HTML attribute value.
 2022-02-06 16:49:56 +01:00
Cameron
56bb8200a1 Corrected PHP 8.1 warnings. 2022-01-13 11:31:20 -08:00
Nick Liu
3f59b3bc14
Suppress uncaught Hybridauth exceptions in e_user_provider 
And add a check for those exceptions in
`social_ui::generateSocialLoginSection()`

Fixes: #4192
 2021-12-28 12:04:28 +01:00
Cameron
c96d64e275 Closes #618, #2599 Added simple options for including 'async' or 'defer' when using e107::js('header') and/or e107::js('footer'). 
Usage example: e107::js('footer', 'https://www.google.com/recaptcha/api.js?hl=en', ['defer','async']);
 2021-12-27 15:21:18 -08:00
Cameron
90108eab3c Checking of remote file-types during import and other cleanup. 2021-12-17 11:31:37 -08:00
Cameron
6f309bb326 e107 installation updated for PHP8.1. Bootstrap5 is now the default theme. Acceptance test updated. 2021-11-29 13:45:02 -08:00
Cameron
9d6a9611e2 PHP 8.1 fixes. 2021-11-25 10:18:53 -08:00
Cameron
98b8955185 Rolled back e_dateAlternateTest() Windows fix. 2021-11-25 09:13:14 -08:00
Cameron
4aa66c1732 strftime() added to php_compatibility_handler.php and all references updated. README updated. dateAlternativeTest updated to pass on Windows. (TBD) 2021-11-25 08:51:32 -08:00
Cameron
904cea1af4 Added missing file 2021-11-25 08:06:51 -08:00
Cameron
9fffa59a01 Fixes #4586, Fixes #2774, Fixes #49 - Workaround added for page dropdown navigation. Use {CPAGENAV: tmpl=dropdown} in page_template.php 2021-11-24 13:48:20 -08:00
Cameron
81cbe51228 Remove PHP Warnings. Next/Prev test added. 2021-11-24 13:08:04 -08:00
Cameron
f5dbec04ed Issue #4610 - Possible BC fix for outdated html attributes. 2021-11-24 11:07:52 -08:00
Cameron
35808e5eb9 Issue #4609 - Was still failing in earlier PHP versions. More tests added. 'empty' attribute added to news_render_type 2021-11-04 13:58:05 -07:00
Cameron
54cb89b87d Fix for <title> tag containing single or double quotes. Tests added. 2021-11-03 13:55:56 -07:00
Cameron
7930aba4ca Fixes #4609 - Quick fix for inconsistent drop-down behavior PHP7 -> PHP8. 2021-11-01 14:41:40 -07:00
Cameron
c3036f975c Issue #4609 - Test added for option_multi() to check for consistent behavior. 2021-11-01 14:23:57 -07:00
Cameron
9de838b93e Admin-ui type=dropdown tests added with 'multiple' option enabled. 2021-11-01 13:01:07 -07:00
Cameron
038d88aa2a Lazy loading added to bbcode images and avatar images by default. 2021-10-26 14:57:01 -07:00
Cameron
723974a0ba Fix for poorly formatted text emails derived from html tables. 2021-10-25 09:34:13 -07:00
Cameron
b91b1c36b0 Closes #4600, Fixes #4597 - Encoding of 'national characters' in TinyMce. 2021-10-19 09:10:32 -07:00
Cameron
236248503a Make sure FontAwesome still loads using CSS for TinyMce when using Bootstrap5. 2021-10-18 13:18:13 -07:00
Cameron
73dfbf0d74 Issue #4299 - PHP8 fatal error fixes 2021-10-17 08:43:07 -07:00
Cameron
d6b0391a2d Fixed corruption of carousel attributes and other 'data-' keys. Test added. 2021-10-14 08:08:43 -07:00
Cameron
78d72fa139 Added 'defer' to bootstrap5 and fontawesome5 <script> tags. 2021-10-12 08:00:41 -07:00
Cameron
0442ba138a addJs() method cleanup. Work-in-progress. 2021-10-11 19:06:03 -07:00
Cameron
7755dd1743 Added option for themes to load only the css or js portion of a library via theme.xml attribute. See bootstrap5/theme.xml for an example. 
Empty comments in glyphs removed due to conflict with Fontawesome JS. Tests updated.
 2021-10-11 12:33:59 -07:00
Nick Liu
840e818f40
e_form: Allow HTML attribute "value" keys with blank values 
Otherwise, something like `<option>Nope</option>` will get a value of
"Nope" instead of "" as in `<option value=''>Nope</option>`.
 2021-10-08 18:03:44 -05:00
Nick Liu
2fa9d10c57
e_form: Handle attribute HTML entities properly for most form elements 
The result is a much more consistent form experience with less fear that
some values put into an `e_form` method will break the web page.

This commit covers the most common uses of `e_form` with HTML attribute
quoting via `e_form::attributes()`.
 2021-10-06 20:14:51 -05:00
Nick Liu
19f48180dc
Restore htmlspecialchars() for e_parse::filter(…, 'str') 
Fixes regression from 20882920a0b68937570264949512acc0c4841dbd where
data would get inserted into the database with literal quotation marks,
but e107 has always expected `&quot;` and `&#39;` to come directly from
the database
 2021-10-06 13:06:31 -05:00
Nick Liu
010492b67e
Stub e_date::convert_date() in e_parse_shortcodeTest 
Prevents this flaky error:

---------
1) e_parse_shortcodeTest: Forum shortcodes
 Test  tests/unit/e_parse_shortcodeTest.php:testForumShortcodes
{INFO} != sc_info()
Failed asserting that two strings are equal.
- Expected | + Actual
@@ @@
'Welcome e107-cli<br />There are no new posts since your last visit.<br />
You last visited at  <br />
-			It is now Tuesday 28 September 2021 - 16:25:39'
+			It is now Tuesday 28 September 2021 - 16:25:38'
#1  /__w/e107/e107/e107_tests/tests/unit/e_parse_shortcodeTest.php:1656
#2  /__w/e107/e107/e107_tests/tests/unit/e_parse_shortcodeTest.php:1147
#3  e_parse_shortcodeTest->testForumShortcodes
#4  {closure}
 2021-09-28 12:27:09 -05:00
Cameron
06e88e5fb7 Linkwords plugin update. 
Fixes issue with admin preferences not being respected or no linking occurring.
Prefs now moved out of core and into plugin prefs.
Test page added to admin area.
Relationship field added.
e_tohtml.php deprecated in favor of e_parse.php
Tests updated.
 2021-09-28 08:56:54 -07:00
Cameron
320287f6ad Fix PHP error on some legacy themes that are missing meta-data. e107_tests composer update. 2021-09-27 10:45:06 -07:00
Nick Liu
45bce2a7aa
#4572: e_form: No htmlspecialchars() on "other" attributes 
Fixes: #4572

Discussion:
https://github.com/e107inc/e107/pull/4554#issuecomment-926113601
 2021-09-23 16:12:52 -05:00
Nick Liu
64cd796605
Update test dependencies 
Fixes: #4551
 2021-09-04 15:08:15 +02:00
Cameron
f173b59672 Closes #4539 2021-08-13 10:58:42 -07:00
Cameron
64e705ced0 {SITELINKS_ALT} fix and test. 2021-08-07 12:26:23 -07:00
Cameron
c4f76c3687 Issue #4270 - perform all webp conversion checks within e_thumbnail class. WebP conversion now works with SEF media URLS. 2021-06-18 09:31:45 -07:00
Cameron
7302803a75 Issue #4270 Added .webp browser-support detection. Media-Manager "Convert to webp during render" can now be safely enabled and will temporarily fallback to the regular image if the browser does not support webp images. 2021-06-18 08:43:53 -07:00
Cameron
5652fd2bd9
Merge pull request #4515 from Deltik/fix/4512 
#4512: faqs_shortcodes::sc_faq_count(): Return blank string instead of 0
 2021-06-14 16:55:10 -07:00
Cameron
0deb235ee7 Unit test fixes. 2021-06-14 16:51:43 -07:00
Cameron
4e75903292 Fix for empty image. 2021-06-13 12:59:01 -07:00
Nick Liu
7cef4264c6
#4512: faqs_shortcodes::sc_faq_count(): Return blank string instead of 0 
Previously incorrect null coalesce returns 0 instead of a blank string

Fixes: #4512
 2021-06-07 21:52:36 -05:00
Nick Liu
cdde5ef86b
db_table_adminTest::testGet_current_table(): Alias utf8mb3 => utf8 
MySQL 8.0 compatibility

Ideally, we'd be using utf8mb4 everywhere, but alas...
 2021-04-22 20:57:28 -05:00
Cameron
e5ff5f53c8 Issue #550 - Expanded filetypes.xml display in admin preferences area to include Admin and Main admin perms. Additional defaults for admin and mainadmin added to filetypes.xml during installation. 2021-04-21 16:48:04 -07:00
Cameron
098660d38a Issue #550 - filetypes.xml now used by media-manager. 2021-04-21 11:51:53 -07:00
Nick Liu
dc3ac65a70
Fix implementation of e_front_model::sanitize() 
Handles recursive data field validation now
 2021-04-17 02:57:10 -05:00
Nick Liu
ce7f3b5d56
Add: e_parse::toFlatArray() and e_parse::fromFlatArray() 
Utility functions to convert multi-dimensional arrays to slash-delimited
single-dimensional arrays and vice versa
 2021-04-17 02:56:12 -05:00
Nick Liu
bdc5c20df2
pluginsTest::testPluginScripts(): Standard sort file order 2021-04-16 15:46:14 -05:00
Nick Liu
d83c31fb8c
Stub e_date::computeLapse() in e_parse_shortcodeTest 
Prevents this flaky error:

---------
1) e_parse_shortcodeTest: User shortcodes
 Test  tests/unit/e_parse_shortcodeTest.php:testUserShortcodes
{USER_DAYSREGGED} != sc_user_daysregged()
Failed asserting that two strings are equal.
- Expected | + Actual
@@ @@
-'3 years, 2 months, 1 day, 5 hours, 17 minutes, 16 seconds ago'
+'3 years, 2 months, 1 day, 5 hours, 17 minutes, 15 seconds ago'
#1  /__w/e107/e107/e107_tests/tests/unit/e_parse_shortcodeTest.php:1591
#2  /__w/e107/e107/e107_tests/tests/unit/e_parse_shortcodeTest.php:767
 2021-04-13 15:12:39 -05:00