From 84024d2d984c3536e51cdeb157035bf891f4c20a Mon Sep 17 00:00:00 2001 From: Banana Date: Sat, 12 Sep 2020 11:08:46 +0200 Subject: [PATCH] fixed bug #8. Simple js check and extended validation on server side --- ChangeLog | 7 +++++++ VERSION | 2 +- webroot/asset/js/editlink.js | 22 ++++++++++++++++++---- webroot/index.php | 2 +- webroot/lib/summoner.class.php | 22 ++++++++++++++++------ webroot/view/editlink.php | 4 ++-- 6 files changed, 45 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index e3c7358..12c3bc9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,11 @@ +version x.x.x - Darkmere () + + + Fixed bug #8 It is possible to add empty tags and categories. + Special chars check done on server side. JS has problems with unicode. + + version 2.5.1 - Caves of Circe (2020-03-22) + + Bugfix release version 2.5 - Winnowing Hall (2020-03-21) diff --git a/VERSION b/VERSION index 7ad5403..3826dab 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.5.1 - Caves of Circe +2.5.x - Darkmere diff --git a/webroot/asset/js/editlink.js b/webroot/asset/js/editlink.js index 49cb769..6c10433 100644 --- a/webroot/asset/js/editlink.js +++ b/webroot/asset/js/editlink.js @@ -32,7 +32,9 @@ function addTag(e,targetStartString) { let listBox = document.getElementById(targetStartString + '-listbox'); let newTagTemplate = document.getElementById(targetStartString + '-template'); - if(saveInput && listBox && elem && newTagTemplate) { + let checkString = _checkForSpaceString(elem.value,'nospace'); + + if(saveInput && listBox && elem && newTagTemplate && checkString) { let toAdd = elem.value; let newSaveValue = _appendToCommaString(saveInput.value,toAdd); @@ -127,7 +129,19 @@ function _fillTagTemplate(el,newTagString,targetStartString) { let aEl = el.querySelector('a'); aEl.setAttribute('onclick', "removeTag('"+newTagString+"','"+targetStartString+"');"); - - return el; -} \ No newline at end of file +} + +/** + * simple check if the string is empty or contains whitespace chars + * @param stringTocheck + * @returns {boolean} + * @private + */ +function _checkForSpaceString(stringTocheck) { + let check = stringTocheck.replace(/\s/gm,''); + if(check === stringTocheck && check.length > 0) { + return true; + } + return false; +} diff --git a/webroot/index.php b/webroot/index.php index ee27602..7b6be3c 100644 --- a/webroot/index.php +++ b/webroot/index.php @@ -32,7 +32,7 @@ ini_set('error_reporting',-1); // E_ALL & E_STRICT # time settings date_default_timezone_set('Europe/Berlin'); -define('DEBUG',false); +define('DEBUG',true); ## check request $_urlToParse = filter_var($_SERVER['QUERY_STRING'],FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); diff --git a/webroot/lib/summoner.class.php b/webroot/lib/summoner.class.php index 845b8ba..ecb8c53 100644 --- a/webroot/lib/summoner.class.php +++ b/webroot/lib/summoner.class.php @@ -385,34 +385,44 @@ class Summoner { */ static function prepareTagOrCategoryStr($string) { $ret = array(); + $_ret = array(); $string = trim($string, ", "); if(strstr($string, ",")) { $_t = explode(",", $string); - foreach($_t as $new) { - $ret[$new] = $new; + foreach($_t as $n) { + $_ret[$n] = $n; } unset($_t); - unset($new); + unset($n); - foreach($ret as $e) { + foreach($_ret as $e) { if(strstr($e, " ")) { unset($ret[$e]); $_t = explode(" ", $e); foreach($_t as $new) { $new = trim($new); - if(!empty($new)) { + $_c = self::validate($new,'nospace'); + if(!empty($new) && $_c === true) { $ret[$new] = $new; } } } + else { + $new = trim($e); + $_c = self::validate($new,'nospace'); + if(!empty($new) && $_c === true) { + $ret[$new] = $new; + } + } } } else { $_t = explode(" ", $string); foreach($_t as $new) { $new = trim($new); - if(!empty($new)) { + $_c = self::validate($new,'nospace'); + if(!empty($new) && $_c === true) { $ret[$new] = $new; } } diff --git a/webroot/view/editlink.php b/webroot/view/editlink.php index 73b7b7b..712b7bf 100644 --- a/webroot/view/editlink.php +++ b/webroot/view/editlink.php @@ -177,7 +177,7 @@ -

Enter a new one or select an existing from the suggested and press enter.

+

Enter a new one or select an existing from the suggested and press enter. Special chars check after save!

@@ -214,7 +214,7 @@ -

Enter a new one or select an existing from the suggested and press enter.

+

Enter a new one or select an existing from the suggested and press enter. Special chars check after save!

-- 2.39.5