From 8f9088c8aa9a98bd8f7f324284c1436dbe69cb51 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 18 Nov 2020 13:42:23 +0100 Subject: [dozmod] Support html descriptions for VMs/lectures References #3732 --- modules-available/dozmod/pages/actionlog.inc.php | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/modules-available/dozmod/pages/actionlog.inc.php b/modules-available/dozmod/pages/actionlog.inc.php index abf617fc..eaa5218c 100644 --- a/modules-available/dozmod/pages/actionlog.inc.php +++ b/modules-available/dozmod/pages/actionlog.inc.php @@ -80,6 +80,18 @@ class SubPage ORDER BY al.dateline DESC LIMIT 500", array('uuid' => self::$uuid), true, false); } + private static function mangleHtml($desc) + { + if (substr($desc, 0, 5) === '

  • '); + $desc = preg_replace('/\b(on\w+|style)[\s\r\n]*=[\s\r\n]*(\'.*?\'|".*?"|[^\'"]\S*)/si', '', $desc); + } else { + $desc = nl2br(htmlspecialchars($desc)); + } + return $desc; + } + private static function addImageHeader() { $image = Database::queryFirst('SELECT o.userid AS ouserid, o.firstname AS ofirstname, o.lastname AS olastname, @@ -96,7 +108,7 @@ class SubPage // Mangle date and render $image['createtime_s'] = date('d.m.Y H:i', $image['createtime']); $image['updatetime_s'] = date('d.m.Y H:i', $image['updatetime']); - $image['descriptionHtml'] = nl2br(htmlspecialchars($image['description'])); + $image['descriptionHtml'] = self::mangleHtml($image['description']); Render::addTemplate('actionlog-image', $image); } return $image !== false; @@ -120,7 +132,8 @@ class SubPage $lecture['createtime_s'] = date('d.m.Y H:i', $lecture['createtime']); $lecture['updatetime_s'] = date('d.m.Y H:i', $lecture['updatetime']); $lecture['lastused_s'] = date('d.m.Y H:i', $lecture['lastused']); - $lecture['descriptionHtml'] = nl2br(htmlspecialchars($lecture['description'])); + + $lecture['descriptionHtml'] = self::mangleHtml($lecture['description']); Render::addTemplate('actionlog-lecture', $lecture); } return $lecture !== false; -- cgit v1.2.3-55-g7522