diff options
Diffstat (limited to 'modules-available/dozmod/pages/actionlog.inc.php')
-rw-r--r-- | modules-available/dozmod/pages/actionlog.inc.php | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/modules-available/dozmod/pages/actionlog.inc.php b/modules-available/dozmod/pages/actionlog.inc.php index abf617fc..182198c2 100644 --- a/modules-available/dozmod/pages/actionlog.inc.php +++ b/modules-available/dozmod/pages/actionlog.inc.php @@ -11,7 +11,7 @@ class SubPage User::assertPermission("actionlog.view"); self::$action = Request::get('action', '', 'string'); if (self::$action !== '' && self::$action !== 'showtarget' && self::$action !== 'showuser') { - Util::traceError('Invalid action for actionlog: "' . self::$action . '"'); + ErrorHandler::traceError('Invalid action for actionlog: "' . self::$action . '"'); } self::$uuid = Request::get('uuid', '', 'string'); } @@ -80,7 +80,19 @@ class SubPage ORDER BY al.dateline DESC LIMIT 500", array('uuid' => self::$uuid), true, false); } - private static function addImageHeader() + private static function mangleHtml($desc) + { + if (substr($desc, 0, 5) === '<html') { + $desc = strip_tags($desc, + '<strong><b><i><u><ul><li><font><span><p><div><hr><h1><h2><h3><h4><h5><h6>'); + $desc = preg_replace('/\b(on\w+|style)[\s\r\n]*=[\s\r\n]*(\'.*?\'|".*?"|[^\'"]\S*)/si', '', $desc); + } else { + $desc = nl2br(htmlspecialchars($desc)); + } + return $desc; + } + + private static function addImageHeader(): bool { $image = Database::queryFirst('SELECT o.userid AS ouserid, o.firstname AS ofirstname, o.lastname AS olastname, u.userid AS uuserid, u.firstname AS ufirstname, u.lastname AS ulastname, @@ -96,13 +108,13 @@ class SubPage // Mangle date and render $image['createtime_s'] = date('d.m.Y H:i', $image['createtime']); $image['updatetime_s'] = date('d.m.Y H:i', $image['updatetime']); - $image['descriptionHtml'] = nl2br(htmlspecialchars($image['description'])); + $image['descriptionHtml'] = self::mangleHtml($image['description']); Render::addTemplate('actionlog-image', $image); } return $image !== false; } - private static function addLectureHeader() + private static function addLectureHeader(): bool { $lecture = Database::queryFirst('SELECT o.userid AS ouserid, o.firstname AS ofirstname, o.lastname AS olastname, u.userid AS uuserid, u.firstname AS ufirstname, u.lastname AS ulastname, @@ -120,7 +132,8 @@ class SubPage $lecture['createtime_s'] = date('d.m.Y H:i', $lecture['createtime']); $lecture['updatetime_s'] = date('d.m.Y H:i', $lecture['updatetime']); $lecture['lastused_s'] = date('d.m.Y H:i', $lecture['lastused']); - $lecture['descriptionHtml'] = nl2br(htmlspecialchars($lecture['description'])); + + $lecture['descriptionHtml'] = self::mangleHtml($lecture['description']); Render::addTemplate('actionlog-lecture', $lecture); } return $lecture !== false; @@ -131,7 +144,7 @@ class SubPage // query action log $res = Database::simpleQuery($query, $params); $events = array(); - while ($row = $res->fetch(PDO::FETCH_ASSOC)) { + foreach ($res as $row) { $row['dateline_s'] = date('d.m.Y H:i', $row['dateline']); if (isset($row['imgname'])) { $row['targeturl'] = '?do=dozmod§ion=actionlog&action=showtarget&uuid=' . $row['targetid']; |