beenull/m1k1oblog
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix url escape.

Browse source
This commit is contained in:
Miroslav Šedivý 2022-01-15 20:07:35 +01:00
parent 6f5e59f140
commit 5651c47b1d
1 changed files with 8 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
index.php
View file

@ -13,12 +13,6 @@ if(empty($_SESSION['token'])){
function escape($str) { function escape($str) {
return htmlspecialchars($str, ENT_QUOTES, 'UTF-8'); return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
} }
function encodeURIComponent($str) {
return rawurlencode($str);
}
function encodeURI($str) {
return implode('/', array_map('rawurlencode', explode('/', $str)));
}
//$.ajaxSetup({headers:{'Csrf-Token':'token'}}); //$.ajaxSetup({headers:{'Csrf-Token':'token'}});
@ -50,7 +44,7 @@ if(!empty($styles)){
} }
$styles = array_unique($styles); $styles = array_unique($styles);
$styles = array_map('encodeURI', $styles); $styles = array_map('escape', $styles);
$styles_html = '<link href="'.implode('" rel="stylesheet" type="text/css"/>'.PHP_EOL.'<link href="', $styles).'" rel="stylesheet" type="text/css"/>'.PHP_EOL; $styles_html = '<link href="'.implode('" rel="stylesheet" type="text/css"/>'.PHP_EOL.'<link href="', $styles).'" rel="stylesheet" type="text/css"/>'.PHP_EOL;
} }
@ -63,14 +57,14 @@ if(!empty($scripts)){
} }
$scripts = array_unique($scripts); $scripts = array_unique($scripts);
$scripts = array_map('encodeURI', $scripts); $scripts = array_map('escape', $scripts);
$scripts_html = '<script src="'.implode('" type="text/javascript"></script>'.PHP_EOL.'<script src="', $scripts).'" type="text/javascript"></script>'.PHP_EOL; $scripts_html = '<script src="'.implode('" type="text/javascript"></script>'.PHP_EOL.'<script src="', $scripts).'" type="text/javascript"></script>'.PHP_EOL;
} }
// Use version suffix in URLs to prevent cache // Use version suffix in URLs to prevent cache
$versionSuffix = ''; $versionSuffix = '';
if (Config::get_safe("version", false)) { if (Config::get_safe("version", false)) {
$versionSuffix = '?v='.encodeURIComponent(Config::get("version")); $versionSuffix = '?v='.rawurlencode(Config::get("version"));
} }
?><!DOCTYPE html> ?><!DOCTYPE html>
@ -85,7 +79,7 @@ if (Config::get_safe("version", false)) {
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" /> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<link href="static/styles/main.css<?php echo $versionSuffix?>" rel="stylesheet" type="text/css" /> <link href="static/styles/main.css<?php echo $versionSuffix?>" rel="stylesheet" type="text/css" />
<link href="static/styles/<?php echo encodeURI(Config::get_safe("theme", "theme01")); ?>.css<?php echo $versionSuffix?>" rel="stylesheet" type="text/css" /> <link href="static/styles/<?php echo rawurlencode(Config::get_safe("theme", "theme01")); ?>.css<?php echo $versionSuffix?>" rel="stylesheet" type="text/css" />
<link href="https://fonts.googleapis.com/css?family=Open+Sans&amp;subset=all" rel="stylesheet"> <link href="https://fonts.googleapis.com/css?family=Open+Sans&amp;subset=all" rel="stylesheet">
@ -187,7 +181,7 @@ if (Config::get_safe("version", false)) {
<div class="modal-body drop_space"> <div class="modal-body drop_space">
<div class="e_drag"><span><?php echo __("Drag photos here"); ?></span></div> <div class="e_drag"><span><?php echo __("Drag photos here"); ?></span></div>
<div class="e_drop"><span><?php echo __("Drop photos here"); ?></span></div> <div class="e_drop"><span><?php echo __("Drop photos here"); ?></span></div>
<img src="<?php echo encodeURI(Config::get("pic_small")); ?>" width="40" height="40" class="e_profile"> <img src="<?php echo escape(Config::get("pic_small")); ?>" width="40" height="40" class="e_profile">
<!--<div class="e_text" contenteditable="true"></div>--> <!--<div class="e_text" contenteditable="true"></div>-->
<div class="t_area"> <div class="t_area">
<textarea class="e_text" placeholder="<?php echo __("What's on your mind?"); ?>"></textarea> <textarea class="e_text" placeholder="<?php echo __("What's on your mind?"); ?>"></textarea>
@ -299,7 +293,7 @@ if (Config::get_safe("version", false)) {
<a class="button"><?php echo __("Show hidden content"); ?></a> <a class="button"><?php echo __("Show hidden content"); ?></a>
</div> </div>
<div class="b_header"> <div class="b_header">
<img src="<?php echo encodeURI(Config::get("pic_small")); ?>" width="40" height="40" class="b_profile"> <img src="<?php echo escape(Config::get("pic_small")); ?>" width="40" height="40" class="b_profile">
<div class="b_desc"> <div class="b_desc">
<div class="b_sharer"> <div class="b_sharer">
<span class="b_name"><?php echo escape(Config::get("name")); ?></span><span class="b_options"> - </span><span class="b_feeling"></span><span class="b_with"> <?php echo __("with"); ?> </span><span class="b_persons"></span><span class="b_here"> <?php echo __("here:"); ?> </span><span class="b_location"></span> <span class="b_name"><?php echo escape(Config::get("name")); ?></span><span class="b_options"> - </span><span class="b_feeling"></span><span class="b_with"> <?php echo __("with"); ?> </span><span class="b_persons"></span><span class="b_here"> <?php echo __("here:"); ?> </span><span class="b_location"></span>
@ -329,9 +323,9 @@ if (Config::get_safe("version", false)) {
<div class="cover"> <div class="cover">
<?php echo $header; ?> <?php echo $header; ?>
<div class="overlay"></div> <div class="overlay"></div>
<?php echo (Config::get_safe("cover", false) ? '<img src="'.encodeURI(Config::get("cover")).'">' : (empty($header) ? '<div style="padding-bottom: 37%;"></div>' : '')); ?> <?php echo (Config::get_safe("cover", false) ? '<img src="'.escape(Config::get("cover")).'">' : (empty($header) ? '<div style="padding-bottom: 37%;"></div>' : '')); ?>
<div class="profile"> <div class="profile">
<img src="<?php echo encodeURI(Config::get("pic_big")); ?>"> <img src="<?php echo escape(Config::get("pic_big")); ?>">
</div> </div>
<div class="name"><?php echo escape(Config::get("name")); ?></div> <div class="name"><?php echo escape(Config::get("name")); ?></div>
</div> </div>