1
0
mirror of https://github.com/e107inc/e107.git synced 2025-10-26 19:21:54 +01:00
Commit Graph

78 Commits

Author SHA1 Message Date
Nick Liu
f6d6d1b185 Deprecate e_parse::toJS()
`e_parse::toJS()`, documented with the description

> Convert text blocks which are to be embedded within JS

, does not protect strings from injections, which appears to be its
primary use.  Additionally, it performs multiple unrelated string
modifications:

* Replace Windows line breaks with a literal `\\n` (which would later be
  parsed as `\n` in JavaScript/JSON)
* Does not modify Unix line breaks (`\n`), which is inconsistent with
  the Windows line break behavior
* Removes HTML tags
* Replaces HTML entities as `htmlentities()` does

This method cannot be fixed because its usages are inconsistent.  Most
notably, some usages surround the method's output in single quotes while
others surround it with double quotes.  Strings cannot be JSON-encoded
without confounding quotation mark styles.

All core usages of `e_parse::toJS()` have been replaced with
alternatives, which are also documented in the method's DocBlock.

Fixes: #4546
2021-08-31 00:11:14 +02:00
Nick Liu
ecf6ab7acc show_emessage("ALERT", …): JSON type enforcement for alert() usages 2021-08-07 18:50:14 +02:00
Cameron
911d41a402 e107table class moved out of class2.php to e_render_class.php and renamed to e_render. BC fix added. 2021-01-18 08:52:10 -08:00
Cameron
5d0b8ff5e1 Fix for Bootstrap5 alert messages. 2020-12-31 16:29:25 -08:00
Cameron
601df26d51 Code optimization for speed and reduced memory usage. 2020-12-20 11:50:10 -08:00
Cameron
d51c3e07c6 Closes #4124, #3686 - News template loading behavior. Added alert-dismissible for BS4. 2020-05-01 13:40:07 -07:00
Cameron
cd01e8119b Fixes #3686 - BS4 alert not showing. 2020-05-01 13:15:19 -07:00
Cameron
326305f5f2 Removed old deprecated global $e107_debug. Cleaned up debug_handler.php (e107_debug class) 2020-04-26 13:32:18 -07:00
Cameron
5930e62c21 user batch export enabled. code cleanup. 2019-06-28 13:06:06 -07:00
Cameron
2250d3c2f3 New setIcon() method added to message handler. 2019-05-05 18:08:29 -07:00
Nick Liu
583d63620b Removed some old comments
Sorry about the cruft
2018-01-23 08:14:26 -06:00
Cameron
4a40104073 PHP7 fix for message_handler. Plugin Builder now includes specific keyword drop-down menu for use on e107.org 2016-04-12 19:56:29 -07:00
Cameron
abab23d37f Minor correction to last commit. 2016-03-14 19:43:39 -07:00
Cameron
e6f24c4e3c PHP Error fix. 2016-03-14 19:28:13 -07:00
Cameron
43db0d2ae4 Option to log critical errors added. ie. define('e_LOG_CRITICAL', true); 2016-03-14 19:17:37 -07:00
Cameron
694fc01b37 Fixes #1206 - Fixes missing icons in menu manager. 2015-10-18 09:05:58 -07:00
Cameron
cffb369751 Issue #1109, Fixes #830, Fixes #731, Fixes #710, Fixes #608, Fixes #1012 : v1 -> v2 Upgrade-Routine fixes (including forum plugin) 2015-08-24 17:39:28 -07:00
Cameron
e6ef1483da Issue #6 Language File Optimization. 2015-07-08 14:52:16 -07:00
Cameron
e1c11ad019 Improved handling of CRITICAL ERROR messages. 2015-05-16 19:06:13 -07:00
Cameron
002b24957a Added option to MessageHandler to hide 'close' button if required. 2015-03-31 06:27:47 -07:00
Cameron
027a74f5b0 Code cleanup 2015-02-15 02:37:36 -08:00
Cameron
e576370e57 Remove some references to deprecated functions/methods. 2015-02-14 23:34:15 -08:00
Cameron
ccc2f53eca Added support for custom titles in message handler. 2014-02-21 06:16:22 -08:00
Cameron
c3e93fb34d Issue #435 - More Bootstrap3 styling fixes. Login-menu shortcodes updated to v2 spec. 2013-12-21 06:23:22 -08:00
SecretR
c17a88e1a2 Missing alert-warning css class (bootstrap) in system messages 2013-10-25 12:23:20 +03:00
Cameron
e5e5c1d12c New notify script added to front end. You can test with forum 'quick reply' for now. 2013-06-21 01:26:30 -07:00
Cameron
7c8bfff0e3 Close button dismiss added. 2013-06-20 02:06:49 -07:00
Cameron
6cd9edea4d Close button added to message alerts. 2013-06-20 02:03:34 -07:00
Cameron
0ebd25252f Merge pull request #228 from Deltik/master
[security] Protection for exposed emails, Message-Handler constants etc. Thank you Deltik
2013-05-10 16:21:38 -07:00
Deltik
bd69875675 Bad SQL fix in model_class.php ; eMessage class constants created 2013-05-09 22:48:27 -05:00
SecretR
29e19a5387 Leftover debug 2013-05-07 16:28:31 +03:00
SecretR
69d48aaaf7 Fixed #154: PHP warning on message_handler 2013-05-07 16:25:47 +03:00
Cameron
883e4eb0c8 Message Handler enhancement - render specific types. 2013-03-03 20:53:08 -08:00
SecretR
af8c9af775 Attempt to output unique only messages when saving prefs (new eMessage
feature)
2013-02-27 19:50:24 +02:00
Cameron
7de272bcfe Message handler updated to bootstrap css standard 2013-02-05 12:35:02 -08:00
Cameron
87e225fc36 New language file types: English_global.php (for plugin.xml terms) and English_log.php (for admin-log terms). Auto-detected when present and loaded automatically when needed. 2012-12-12 18:46:34 -08:00
Cameron
df2a903e62 Upgrade Fixes and notice removals. 2012-12-07 15:16:42 -08:00
Cameron
29f23c05ea Some method naming cleanup. 2012-12-06 20:34:57 -08:00
Cameron
d0eb844488 Minor fixes. 2012-12-05 21:30:17 -08:00
Cameron
5b4982f4a1 Message Handler updated to use sprite images see: s-message-icon 2012-12-05 19:29:09 -08:00
CaMer0n
feb9a79aa0 Fix for duplicate messages and plugin install issue. 2012-11-13 21:40:29 +00:00
secretr
455cf3c68a - menu parameters temporary UI solution
- various minor fixes and improvements (menu manager)
- message handler wont accept emtpy messages now
2012-05-04 17:56:21 +00:00
CaMer0n
f1cc288878 More work on admin->downloads. Now uses media-manager for images. 2012-04-20 07:28:53 +00:00
secretr
f7532e6351 Minor fixes and improvements 2011-11-25 17:36:40 +00:00
secretr
645d2dda6d Mass changes (work in progress - related beta testing and feedback highly appreciated)
- New session handler - appropriate changes made at important core areas (language handler, chap login related)
- Overall better COOKIE handling (on both server and client side) - cookies respect now installation path, domain (based on language settings)
- Introduced Security Levels (see session handler constants/docs), security level option could be added to install routine now
- Security level printed on Administration info panel, appropriate lans added (subject of discussion)
- e_TOKEN security part of session handling now - logic depends depends on security level (TODO - POST_REFERER removal)
- e_print, e_dump debug functions added (for quick and nice debug view via site output), native overall FirePhp support planned
- a lot of minor bugfixes
2010-10-26 07:41:20 +00:00
e107steved
6df2cbd7e9 Documentation tweaks, remove functions supported in PHP5 2010-05-28 22:10:20 +00:00
secretr
4ff7c24d39 EONE-29 (issue): logMessage(), logSuccess(), logError(), flushMessages() methods added (admin_log handler)
admin log is called on preferences save now
2010-04-12 17:14:04 +00:00
secretr
8476797fa0 EONE-29 (issue): Add aliases to eMessage handler: addInfo(), addError(), addWarning(), addDebug(), addSuccess() 2010-04-12 11:28:58 +00:00
secretr
4fecfffddd svn keywords added (v0.8) 2010-02-10 18:18:01 +00:00
e107steved
1234bf86bb Bugtracker #4734 - get rid of deprecated <center> 2009-12-21 22:31:04 +00:00