Fix an issue with escaping auxialiary css file, a=chris
Fix an issue with escaping auxialiary css file, a=chris
diff --git a/src/controllers/AdminController.php b/src/controllers/AdminController.php
index 8f1f94015..7ddaa6b52 100755
--- a/src/controllers/AdminController.php
+++ b/src/controllers/AdminController.php
@@ -500,8 +500,8 @@ class AdminController extends Controller implements CrawlConstants
'SIDEBAR_COLOR', 'TOPBAR_COLOR'];
foreach ($this->model("profile")->profile_fields as $field) {
if (isset($_REQUEST[$field])) {
- if ($field != "ROBOT_DESCRIPTION" &&
- $field != "PROXY_SERVERS") {
+ if (!in_array($field, ["ROBOT_DESCRIPTION", "PROXY_SERVERS",
+ "AUXILIARY_CSS"])) {
if (in_array($field, $color_fields)) {
$clean_value =
$this->clean($_REQUEST[$field], "color");
@@ -520,7 +520,7 @@ class AdminController extends Controller implements CrawlConstants
$profile[$field] = $data[$field];
if ($field == "PROXY_SERVERS") {
$proxy_array = preg_split("/(\s)+/", $clean_value);
- $profile[$field] =$this->convertArrayLines(
+ $profile[$field] = $this->convertArrayLines(
$proxy_array, "|Z|", true);
}
}
diff --git a/src/controllers/Controller.php b/src/controllers/Controller.php
index e1cae5cbf..147d559b7 100755
--- a/src/controllers/Controller.php
+++ b/src/controllers/Controller.php
@@ -879,7 +879,7 @@ abstract class Controller
$value2 = str_replace("&", "&", $value);
// -CP REMEMBER TO CK THIS!!!!!
$value2 = mb_convert_encoding($value2, "UTF-8");
- $clean_value = $value2 ;
+ $clean_value = $value2;
$clean_value = @htmlspecialchars($value2, ENT_QUOTES,
"UTF-8");
} else {
diff --git a/src/controllers/components/SystemComponent.php b/src/controllers/components/SystemComponent.php
index 5ad4fe58e..482a55307 100755
--- a/src/controllers/components/SystemComponent.php
+++ b/src/controllers/components/SystemComponent.php
@@ -1103,6 +1103,8 @@ EOD;
$data[$field] = $default;
}
}
+ $data["AUXILIARY_CSS"] = $parent->clean($data["AUXILIARY_CSS"],
+ "string");
return $data;
}
/**
diff --git a/src/views/elements/AppearanceElement.php b/src/views/elements/AppearanceElement.php
index 468bae37b..533b2c6af 100644
--- a/src/views/elements/AppearanceElement.php
+++ b/src/views/elements/AppearanceElement.php
@@ -169,7 +169,7 @@ class AppearanceElement extends Element
</div>
<div class="top-margin"><label for="auxiliary-css"><?=
tl('appearance_element_auxiliary_css') ?></label>
- <textarea class="short-text-area" id="auxiliary-css"
+ <textarea class="tall-text-area" id="auxiliary-css"
name="AUXILIARY_CSS" ><?=
$data['AUXILIARY_CSS'] ?></textarea></div>
<div class="center">