1
0
mirror of https://github.com/e107inc/e107.git synced 2025-10-24 11:16:22 +02:00
Commit Graph

602 Commits

Author SHA1 Message Date
Cameron
02a7e08902 Fixes #4750 - News image placeholder. Adds another news-grid layout. 2022-04-06 12:09:58 -07:00
Cameron
55980a29a8 Generated PHPDoc for all classes in e107_handlers where one was missing. toNumber() updated to always return int or float. 2022-04-04 10:54:24 -07:00
Cameron
7952e9188b Notify admins when script access is disabled. 2022-03-07 12:40:45 -08:00
Nick Liu
169efa09b9 e_parse::toAttributes(): New API to concatenate HTML attributes
`e_parse::toAttributes()` is an expansion of the formerly private method
`e_form::attributes()`. Now, all client code can use
`e_parse::toAttributes()` to make it easy to concatenate variable-length
HTML attributes. Values are guaranteed to be encoded so that they cannot
escape an HTML attribute value.

All client code usages are encouraged to build HTML tags with this new
method to prevent cross-site scripting (XSS) attacks and prevent
breaking the HTML validity due to improperly escaped HTML attributes.

This new method is an extension to `e_parse::toAttribute()`, which
escaped one single HTML attribute value.
2022-02-06 16:49:56 +01:00
Cameron
2097778cc5 Experimental schema template added to FAQs. 2022-02-04 13:26:52 -08:00
Cameron
c17b985441 Experimental schema template 2022-02-04 12:04:21 -08:00
Cameron
c3d65075d0 Extracted toGlyphEmbed() method from toGlyph() and fixed some backward compatibility issues. 2022-01-27 16:50:42 -08:00
Cameron
0d8f3e9086 PHPDoc fixes and code optimization. 2021-12-03 14:58:33 -08:00
Cameron
aff6daf590 Fixes #4628 - Static URLs containing /./ 2021-12-02 15:36:05 -08:00
Cameron
f2e5a033b8 Issue #4610 - More valid tags added. 2021-11-24 11:56:35 -08:00
Cameron
f5dbec04ed Issue #4610 - Possible BC fix for outdated html attributes. 2021-11-24 11:07:52 -08:00
Nick Liu
31ea9bf787 CI: Try to fix intermittent failures on e_parse::toImage()
Perhaps the first argument to `debug_backtrace()` should be `0` instead
of the default?
2021-11-23 16:30:30 -06:00
Nick Liu
fb420ccfb1 PHP 8.1: Fix some more null value issues
* `e_form::attributes()`
* `e_parse::toImage()`
2021-11-23 13:57:38 -06:00
Cameron
db6035f844 Experimental embedding of FA svg. 2021-11-15 13:51:01 -08:00
Cameron
038d88aa2a Lazy loading added to bbcode images and avatar images by default. 2021-10-26 14:57:01 -07:00
Cameron
7755dd1743 Added option for themes to load only the css or js portion of a library via theme.xml attribute. See bootstrap5/theme.xml for an example.
Empty comments in glyphs removed due to conflict with Fontawesome JS. Tests updated.
2021-10-11 12:33:59 -07:00
Nick Liu
19f48180dc Restore htmlspecialchars() for e_parse::filter(…, 'str')
Fixes regression from 20882920a0 where
data would get inserted into the database with literal quotation marks,
but e107 has always expected `"` and `'` to come directly from
the database
2021-10-06 13:06:31 -05:00
Cameron
5ecc0beca6 Issue #6 LANS added. Clear system cache before checking for updates. Extra checks to e_parse to avoid possible errors. 2021-09-28 08:13:27 -07:00
Nick Liu
f6d6d1b185 Deprecate e_parse::toJS()
`e_parse::toJS()`, documented with the description

> Convert text blocks which are to be embedded within JS

, does not protect strings from injections, which appears to be its
primary use.  Additionally, it performs multiple unrelated string
modifications:

* Replace Windows line breaks with a literal `\\n` (which would later be
  parsed as `\n` in JavaScript/JSON)
* Does not modify Unix line breaks (`\n`), which is inconsistent with
  the Windows line break behavior
* Removes HTML tags
* Replaces HTML entities as `htmlentities()` does

This method cannot be fixed because its usages are inconsistent.  Most
notably, some usages surround the method's output in single quotes while
others surround it with double quotes.  Strings cannot be JSON-encoded
without confounding quotation mark styles.

All core usages of `e_parse::toJS()` have been replaced with
alternatives, which are also documented in the method's DocBlock.

Fixes: #4546
2021-08-31 00:11:14 +02:00
Nick Liu
20882920a0 Fix all PHP 8.1 test failures
* `strftime()` has been replaced with a polyfill based on `DateTime`.
* Explicit type casts/assertions added where required by PHP 8.1
* `filter_var(…, FILTER_SANITIZE_STRING)` replaced with `strip_tags()`
  or HTML entity encoding of quotation marks, depending on a guess of
  what the intended "sanitization" was
* `http_build_query()` usage type mismatches fixed
* Removed usages of the `FILE_TEXT` constant
* To avoid breaking PHP 5.6 compatibility (function return types),
  `e_session_db` no longer implements `SessionHandlerInterface`.
  Instead, the alternative non-OOP invocation of
  `session_set_save_handler()` is used instead to apply the session
  handler.
* The shim for `strptime()` still calls the native function if available
  but now suppresses the deprecation warning.

* `e_db_pdo` explicitly asks for `PDO::ATTR_STRINGIFY_FETCHES` to
  maintain consistent behavior with past versions of PHP.
* `e_db_mysql` explicitly sets `mysqli_report(MYSQLI_REPORT_OFF)` to
  maintain consistent behavior with past versions of PHP.

* Removed pointless random number generator seed from `banner` plugin
* Workaround for `COUNT(*)` SQL query in
  `validatorClass::dbValidateArray()` without a proper API for avoiding
  SQL injection
2021-09-04 15:06:19 +02:00
Cameron
c4f76c3687 Issue #4270 - perform all webp conversion checks within e_thumbnail class. WebP conversion now works with SEF media URLS. 2021-06-18 09:31:45 -07:00
Cameron
7302803a75 Issue #4270 Added .webp browser-support detection. Media-Manager "Convert to webp during render" can now be safely enabled and will temporarily fallback to the regular image if the browser does not support webp images. 2021-06-18 08:43:53 -07:00
Cameron
1ae7e3a2ed Bootstrap5 fix for video ratio. 2021-06-03 13:45:07 -07:00
Nick Liu
ce7f3b5d56 Add: e_parse::toFlatArray() and e_parse::fromFlatArray()
Utility functions to convert multi-dimensional arrays to slash-delimited
single-dimensional arrays and vice versa
2021-04-17 02:56:12 -05:00
Cameron
8f7ab86413 Fixes #4486 - Invalid attributes not being fully filtered. 2021-04-12 11:13:37 -07:00
Cameron
444d8d6dc0 Issue #4486 - iframe accepted attributes updated 2021-04-12 11:01:58 -07:00
Cameron
cb95b4b243 Hero cleanup for Bootstrap5. Switched to placeholder images. Admin-ui type 'image' now loads remote URLs correctly. 2021-02-26 10:13:07 -08:00
Cameron
46b6927447 Fixes #4403 - Parsing of [code]. Test added. 2021-02-19 16:07:12 -08:00
Cameron
49932534da Installation tweaks/fixes. 2021-02-05 19:57:53 -08:00
Cameron
2337b075a8 Fixes #4346 - TinyMce parser issue. Hide side-panel help icon on legacy admin theme. 2021-02-05 18:31:54 -08:00
Cameron
d1f997ee2c Fix for multi-dimensional field saving. 2021-02-02 16:09:22 -08:00
Cameron
0b1a84068f toGlyph() additional tests, Media-Manager includes bootstrap5 when detected and backward compatibility. 2021-01-31 13:09:53 -08:00
Cameron
2dedc8719f FontAwesome 5 added to admin area and bootstrap3 theme. $tp->toIcon() supports SVG sizing 2x, 3x etc. 2021-01-30 19:21:23 -08:00
Cameron
17a9aa2822 New e107::isCompatible() method added for checking plugins/themes are compatible with the current version of e107.
New parser method stripBlockTags($html) to remove p, div etc.
{CPAGEBODY: strip=blocks} shortcode option added (uses the method above)
2021-01-23 14:20:51 -08:00
Cameron
b19f9ffbc3 Frontend scripts tests. (may break some things) 2021-01-19 18:52:56 -08:00
Cameron
f091709847 Issue #4352 - Canonical added for page, forum and download. Replaced some e_PAGETITLE with e107::title() 2021-01-19 09:50:02 -08:00
Cameron
809146ef6a Removed a method specific to PHP versions earlier than 5.4 . Additional parser tests added. 2021-01-18 10:27:41 -08:00
Cameron
419a0e727a Fix for HTML used on text_truncate(). Ignore setcookie() in CLI mode. 2021-01-18 07:40:17 -08:00
Cameron
b94acc09e2 More parser tests. 2021-01-15 14:24:28 -08:00
Cameron
14fac98f56 toHTML modifier processing moved to a new method. 2021-01-15 13:20:38 -08:00
Cameron
136093b4de toHTML modifiers test added. 2021-01-15 12:47:26 -08:00
Cameron
497e7279b6 toHTML modifiers extracted to new method. 2021-01-15 10:59:52 -08:00
Cameron
13517e83a8 Multibyte utf8 method tests and fixes. 2021-01-15 09:03:07 -08:00
Cameron
8cfb8d80cc e_parse cleanup 2021-01-14 18:30:32 -08:00
Cameron
2dac1ef3a4 Merged e_parse and e_parser classes 2021-01-14 17:32:08 -08:00
Cameron
d51f5cb936 Legacy textparse class removed. Separate emote and profanity classes. 2021-01-14 17:26:15 -08:00
Cameron
1a3054c041 Removed old code from parser. 2021-01-14 14:50:16 -08:00
Cameron
62d6341303 Bbcode test and parser cleanup. 2021-01-14 14:46:49 -08:00
Cameron
ca471b31db PHP8 Fix for search.php . e_HTTP fix for CLI mode. 2021-01-13 11:20:58 -08:00
Cameron
c8ba5fe30a Shortcode tests for list_new, pm, rss_menu, signin and simpleParse() 2021-01-08 17:00:23 -08:00