Skip to content

Commit 38dfb25

Browse files
nitriquesnitriques
committed
Sanitize Widget's values
This is required for Symphony 2.7.1 See symphonycms/symphonycms#2781 Picked from 63ae52b
1 parent 7bc680e commit 38dfb25

1 file changed

Lines changed: 19 additions & 13 deletions

File tree

extension.driver.php

Lines changed: 19 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -257,14 +257,14 @@ public function createRecipeDuplicatorTemplate($mode = '0', $position = '-1', $v
257257
$label = (!empty($values['name'])) ? $values['name'] : __('New Recipe');
258258
$header->appendChild(new XMLElement('h4', '<strong>' . $label . '</strong> <span class="type">' . $modes[$mode] . '</span>'));
259259
$li->appendChild($header);
260-
$li->appendChild(Widget::Input("jit_image_manipulation[recipes][{$position}][mode]", $mode, 'hidden'));
260+
$li->appendChild(Widget::Input("jit_image_manipulation[recipes][{$position}][mode]", General::sanitize($mode), 'hidden'));
261261

262262
$group = new XMLElement('div');
263263
$group->setAttribute('class', 'two columns');
264264

265265
// Name
266266
$label = Widget::Label(__('Name'), null, 'column');
267-
$label->appendChild(Widget::Input("jit_image_manipulation[recipes][{$position}][name]", $values['name']));
267+
$label->appendChild(Widget::Input("jit_image_manipulation[recipes][{$position}][name]", General::sanitize($values['name'])));
268268
if(is_array($error) && isset($error['missing'])) {
269269
$group->appendChild(Widget::Error($label, $error['missing']));
270270
}
@@ -275,7 +275,7 @@ public function createRecipeDuplicatorTemplate($mode = '0', $position = '-1', $v
275275
// Handle
276276
$label_text = $mode === 'regex' ? __('Regular Expression') : __('Handle') . '<i>e.g. /image/{handle}/path/to/my-image.jpg</i>';
277277
$label = Widget::Label(__($label_text), null, 'column');
278-
$label->appendChild(Widget::Input("jit_image_manipulation[recipes][{$position}][url-parameter]", $values['url-parameter']));
278+
$label->appendChild(Widget::Input("jit_image_manipulation[recipes][{$position}][url-parameter]", General::sanitize($values['url-parameter'])));
279279
if(is_array($error) && isset($error['invalid'])) {
280280
$group->appendChild(Widget::Error($label, $error['invalid']));
281281
}
@@ -290,10 +290,10 @@ public function createRecipeDuplicatorTemplate($mode = '0', $position = '-1', $v
290290
$group = new XMLElement('div');
291291
$group->setAttribute('class', 'two columns');
292292
$label = Widget::Label(__('Width'), null, 'column');
293-
$label->appendChild(Widget::Input("jit_image_manipulation[recipes][{$position}][width]", $values['width']));
293+
$label->appendChild(Widget::Input("jit_image_manipulation[recipes][{$position}][width]", General::sanitize($values['width'])));
294294
$group->appendChild($label);
295295
$label = Widget::Label(__('Height'), null, 'column');
296-
$label->appendChild(Widget::Input("jit_image_manipulation[recipes][{$position}][height]", $values['height']));
296+
$label->appendChild(Widget::Input("jit_image_manipulation[recipes][{$position}][height]", General::sanitize($values['height'])));
297297
$group->appendChild($label);
298298
$li->appendChild($group);
299299
}
@@ -307,15 +307,15 @@ public function createRecipeDuplicatorTemplate($mode = '0', $position = '-1', $v
307307
$group->appendChild($label);
308308
$label = Widget::Label(__('Background Color'), null, 'column');
309309
$label->appendChild(new XMLElement('i', __('Optional')));
310-
$label->appendChild(Widget::Input("jit_image_manipulation[recipes][{$position}][background]", $values['background']));
310+
$label->appendChild(Widget::Input("jit_image_manipulation[recipes][{$position}][background]", General::sanitize($values['background'])));
311311
$group->appendChild($label);
312312
$li->appendChild($group);
313313
}
314314

315315
// regex mode
316316
if ($mode === 'regex') {
317317
$label = Widget::Label(__('JIT Parameter'));
318-
$label->appendChild(Widget::Input("jit_image_manipulation[recipes][{$position}][jit-parameter]", $values['jit-parameter']));
318+
$label->appendChild(Widget::Input("jit_image_manipulation[recipes][{$position}][jit-parameter]", General::sanitize($values['jit-parameter'])));
319319
$li->appendChild($label);
320320
}
321321

@@ -325,7 +325,7 @@ public function createRecipeDuplicatorTemplate($mode = '0', $position = '-1', $v
325325
if ($mode !== '0') {
326326
$label = Widget::Label(__('Image quality'), null, 'column');
327327
$label->appendChild(new XMLElement('i', __('Optional')));
328-
$label->appendChild(Widget::Input("jit_image_manipulation[recipes][{$position}][quality]", $values['quality']));
328+
$label->appendChild(Widget::Input("jit_image_manipulation[recipes][{$position}][quality]", General::sanitize($values['quality'])));
329329
$group->appendChild($label);
330330
}
331331
if ($mode !== 'regex') {
@@ -415,34 +415,40 @@ public function appendPreferences($context){
415415
// checkbox to disable regular rules
416416
$label = Widget::Label();
417417
$input = Widget::Input('settings[image][disable_regular_rules]', 'yes', 'checkbox');
418-
if(Symphony::Configuration()->get('disable_regular_rules', 'image') == 'yes') $input->setAttribute('checked', 'checked');
418+
if (Symphony::Configuration()->get('disable_regular_rules', 'image') == 'yes') {
419+
$input->setAttribute('checked', 'checked');
420+
}
419421
$label->setValue($input->generate() . ' ' . __('Disable dynamic URLs and use named recipes only'));
420422

421423
$group->appendChild($label);
422424

423425
// checkbox to disable up-scaling
424426
$label = Widget::Label();
425427
$input = Widget::Input('settings[image][disable_upscaling]', 'yes', 'checkbox');
426-
if (Symphony::Configuration()->get('disable_upscaling', 'image') == 'yes') $input->setAttribute('checked', 'checked');
428+
if (Symphony::Configuration()->get('disable_upscaling', 'image') == 'yes') {
429+
$input->setAttribute('checked', 'checked');
430+
}
427431
$label->setValue($input->generate() . ' ' . __('Disable upscaling of images beyond the original size'));
428432
$group->appendChild($label);
429433

430434
// checkbox to diable proxy transformation of images
431435
$label = Widget::Label();
432436
$input = Widget::Input('settings[image][disable_proxy_transform]', 'yes', 'checkbox');
433-
if (Symphony::Configuration()->get('disable_proxy_transform', 'image') == 'yes') $input->setAttribute('checked', 'checked');
437+
if (Symphony::Configuration()->get('disable_proxy_transform', 'image') == 'yes') {
438+
$input->setAttribute('checked', 'checked');
439+
}
434440
$label->setValue($input->generate() . ' ' . __('Prevent ISP proxy transformation'));
435441
$group->appendChild($label);
436442

437443
// text input to allow external request origins
438444
$label = Widget::Label(__('Add Cross-Origin Header'));
439-
$input = Widget::Input('settings[image][allow_origin]', Symphony::Configuration()->get('allow_origin', 'image'));
445+
$input = Widget::Input('settings[image][allow_origin]', General::sanitize(Symphony::Configuration()->get('allow_origin', 'image')));
440446
$label->appendChild($input);
441447
$group->appendChild($label);
442448

443449
// textarea for trusted sites
444450
$label = Widget::Label(__('Trusted Sites'));
445-
$label->appendChild(Widget::Textarea('jit_image_manipulation[trusted_external_sites]', 5, 50, $this->trusted()));
451+
$label->appendChild(Widget::Textarea('jit_image_manipulation[trusted_external_sites]', 5, 50, General::sanitize($this->trusted())));
446452

447453
$group->appendChild($label);
448454
$group->appendChild(new XMLElement('p', __('Leave empty to disable external linking. Single rule per line. Add * at end for wild card matching.'), array('class' => 'help')));

0 commit comments

Comments
 (0)