Move server block list HTML escaping to templating

This commit is contained in:
Hypolite Petovan 2021-10-16 19:17:00 -04:00
parent edcfeaf66d
commit 068c567b3d
2 changed files with 14 additions and 11 deletions

View file

@ -40,20 +40,23 @@ class Server extends BaseAdmin
if (!empty($_POST['page_blocklist_save'])) {
// Add new item to blocklist
$domain = trim($_POST['newentry_domain']);
$blocklist = DI::config()->get('system', 'blocklist');
$blocklist[] = [
'domain' => Strings::escapeTags(trim($_POST['newentry_domain'])),
'reason' => Strings::escapeTags(trim($_POST['newentry_reason']))
'domain' => $domain,
'reason' => trim($_POST['newentry_reason']),
];
DI::config()->set('system', 'blocklist', $blocklist);
info(DI::l10n()->t('Server domain pattern added to blocklist.'));
} else {
// Edit the entries from blocklist
$blocklist = [];
foreach ($_POST['domain'] as $id => $domain) {
// Trimming whitespaces as well as any lingering slashes
$domain = Strings::escapeTags(trim($domain, "\x00..\x1F/"));
$reason = Strings::escapeTags(trim($_POST['reason'][$id]));
$domain = trim($domain);
$reason = trim($_POST['reason'][$id]);
if (empty($_POST['delete'][$id])) {
$blocklist[] = [
'domain' => $domain,
@ -97,7 +100,7 @@ class Server extends BaseAdmin
</ul>'),
'$addtitle' => DI::l10n()->t('Add new entry to block list'),
'$newdomain' => ['newentry_domain', DI::l10n()->t('Server Domain Pattern'), '', DI::l10n()->t('The domain pattern of the new server to add to the block list. Do not include the protocol.'), DI::l10n()->t('Required'), '', ''],
'$newreason' => ['newentry_reason', DI::l10n()->t('Block reason'), '', DI::l10n()->t('The reason why you blocked this server domain pattern.'), DI::l10n()->t('Required'), '', ''],
'$newreason' => ['newentry_reason', DI::l10n()->t('Block reason'), '', DI::l10n()->t('The reason why you blocked this server domain pattern. This reason will be shown publicly in the server information page.'), DI::l10n()->t('Required'), '', ''],
'$submit' => DI::l10n()->t('Add Entry'),
'$savechanges' => DI::l10n()->t('Save changes to the blocklist'),
'$currenttitle' => DI::l10n()->t('Current Entries in the Blocklist'),

View file

@ -12,7 +12,7 @@
<p>{{$visible_addons.title nofilter}}</p>
{{if $visible_addons.list}}
<div style="margin-left: 25px; margin-right: 25px; margin-bottom: 25px;">{{$visible_addons.list nofilter}}</div>
<div style="margin-left: 25px; margin-right: 25px; margin-bottom: 25px;">{{$visible_addons.list}}</div>
{{/if}}
{{if $tos}}
@ -21,20 +21,20 @@
{{if $block_list}}
<div id="about_blocklist">
<p>{{$block_list.title nofilter}}</p>
<p>{{$block_list.title}}</p>
<br>
<table class="table">
<thead>
<tr>
<th>{{$block_list.header[0] nofilter}}</th>
<th>{{$block_list.header[1] nofilter}}</th>
<th>{{$block_list.header[0]}}</th>
<th>{{$block_list.header[1]}}</th>
</tr>
</thead>
<tbody>
{{foreach $block_list.list as $blocked}}
<tr>
<td>{{$blocked.domain nofilter}}</td>
<td>{{$blocked.reason nofilter}}</td>
<td>{{$blocked.domain}}</td>
<td>{{$blocked.reason}}</td>
</tr>
{{/foreach}}
</tbody>