From 3b977c734c45cee541a68555acd9e14d252a4dcd Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 16 Jan 2020 14:43:34 +0100
Subject: [sysconfig] Screensaver: Sanitize easy mode colors
---
.../sysconfig/addmodule_screensaver.inc.php | 22 +++++++++++++++++-----
.../sysconfig/templates/screensaver-start.html | 8 ++++----
2 files changed, 21 insertions(+), 9 deletions(-)
diff --git a/modules-available/sysconfig/addmodule_screensaver.inc.php b/modules-available/sysconfig/addmodule_screensaver.inc.php
index 29711959..3d4fa68e 100644
--- a/modules-available/sysconfig/addmodule_screensaver.inc.php
+++ b/modules-available/sysconfig/addmodule_screensaver.inc.php
@@ -186,13 +186,18 @@ class Screensaver_Helper
$helperMode = Request::post('helper_mode', 'false', 'string');
if ($helperMode !== 'false') {
// Get all the helper variables and build the qss
- $bg_color_1 = Request::post('bg_color_1', '#443', 'string');
- $bg_color_2 = Request::post('bg_color_2', '#000', 'string');
- $label_color = Request::post('label_color', '#f64', 'string');
+ $bg_color_1 = Request::post('bg_color_1', '', 'string');
+ self::fixColor($bg_color_1, '#443');
+ $bg_color_2 = Request::post('bg_color_2', '', 'string');
+ self::fixColor($bg_color_2, '#000');
+ $label_color = Request::post('label_color', '', 'string');
+ self::fixColor($label_color, '#f64');
$label_size = Request::post('label_size', 10, 'int') . 'pt';
- $clock_color = Request::post('clock_color', '#999', 'string');
+ $clock_color = Request::post('clock_color', '', 'string');
+ self::fixColor($clock_color, '#999');
$clock_size = Request::post('clock_size', 20, 'int') . 'pt';
- $header_color = Request::post('header_color', 'inherit', 'string');
+ $header_color = Request::post('header_color', '', 'string');
+ self::fixColor($header_color, $label_color);
$header_size = Request::post('header_size', 20, 'int') . 'pt';
$session_data['qss'] = "#Saver {\n background: qlineargradient(spread:pad, x1:0, y1:0, x2:0, y2:1, stop:0 " .
@@ -203,6 +208,13 @@ class Screensaver_Helper
}
}
+ private static function fixColor(&$color, $fix)
+ {
+ if (!preg_match('/^#([0-9a-f]{3}|[0-6a-f]{6})$/i', $color)) {
+ $color = $fix;
+ }
+ }
+
public static function processScreensaverText(&$session_data, $name) {
/* Process post data from the Screensaver_Text */
$session_data['messages']['General'][$name] = Request::post('msg_value', '', 'string');
diff --git a/modules-available/sysconfig/templates/screensaver-start.html b/modules-available/sysconfig/templates/screensaver-start.html
index e3f55c63..ab1382bd 100644
--- a/modules-available/sysconfig/templates/screensaver-start.html
+++ b/modules-available/sysconfig/templates/screensaver-start.html
@@ -55,7 +55,7 @@
{{lang_screenSize}}
-
+
pt
@@ -68,7 +68,7 @@
{{lang_screenSize}}
-
+
pt
@@ -77,11 +77,11 @@
{{lang_screenColor}}
-
+
{{lang_screenSize}}
-
+
pt
--
cgit v1.2.3-55-g7522