diff options
Diffstat (limited to 'modules-available/dozmod/pages')
-rw-r--r-- | modules-available/dozmod/pages/actionlog.inc.php | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/modules-available/dozmod/pages/actionlog.inc.php b/modules-available/dozmod/pages/actionlog.inc.php index abf617fc..eaa5218c 100644 --- a/modules-available/dozmod/pages/actionlog.inc.php +++ b/modules-available/dozmod/pages/actionlog.inc.php @@ -80,6 +80,18 @@ class SubPage ORDER BY al.dateline DESC LIMIT 500", array('uuid' => self::$uuid), true, false); } + private static function mangleHtml($desc) + { + if (substr($desc, 0, 5) === '<html') { + $desc = strip_tags($desc, + '<strong><b><i><u><ul><li><font><span><p><div><hr><h1><h2><h3><h4><h5><h6>'); + $desc = preg_replace('/\b(on\w+|style)[\s\r\n]*=[\s\r\n]*(\'.*?\'|".*?"|[^\'"]\S*)/si', '', $desc); + } else { + $desc = nl2br(htmlspecialchars($desc)); + } + return $desc; + } + private static function addImageHeader() { $image = Database::queryFirst('SELECT o.userid AS ouserid, o.firstname AS ofirstname, o.lastname AS olastname, @@ -96,7 +108,7 @@ class SubPage // Mangle date and render $image['createtime_s'] = date('d.m.Y H:i', $image['createtime']); $image['updatetime_s'] = date('d.m.Y H:i', $image['updatetime']); - $image['descriptionHtml'] = nl2br(htmlspecialchars($image['description'])); + $image['descriptionHtml'] = self::mangleHtml($image['description']); Render::addTemplate('actionlog-image', $image); } return $image !== false; @@ -120,7 +132,8 @@ class SubPage $lecture['createtime_s'] = date('d.m.Y H:i', $lecture['createtime']); $lecture['updatetime_s'] = date('d.m.Y H:i', $lecture['updatetime']); $lecture['lastused_s'] = date('d.m.Y H:i', $lecture['lastused']); - $lecture['descriptionHtml'] = nl2br(htmlspecialchars($lecture['description'])); + + $lecture['descriptionHtml'] = self::mangleHtml($lecture['description']); Render::addTemplate('actionlog-lecture', $lecture); } return $lecture !== false; |