fix: title escape

This commit is contained in:
Baoshuo Ren 2023-02-14 18:52:31 +08:00
parent 1c2ac53a62
commit 45af08923c
Signed by: baoshuo
GPG Key ID: 00CB9680AB29F51A
5 changed files with 150 additions and 163 deletions

View File

@ -5,67 +5,57 @@ Auth::check() || redirectToLogin();
UOJContest::userCanCreateContest(Auth::user()) || UOJResponse::page403(); UOJContest::userCanCreateContest(Auth::user()) || UOJResponse::page403();
$time_form = new UOJForm('time'); $time_form = new UOJForm('time');
$time_form->addInput( $time_form->addInput('name', [
'name', 'label' => UOJLocale::get('contests::contest name'),
[ 'default_value' => 'New Contest',
'label' => UOJLocale::get('contests::contest name'), 'validator_php' => function ($name, &$vdata) {
'default_value' => 'New Contest', if ($name == '') {
'validator_php' => function ($name, &$vdata) { return '标题不能为空';
if ($name == '') { }
return '标题不能为空';
}
if (strlen($name) > 100) { if (strlen($name) > 100) {
return '标题过长'; return '标题过长';
} }
$name = HTML::escape($name); $name = HTML::escape($name);
if ($name === '') {
return '无效编码';
}
if ($name === '') { $vdata['name'] = $name;
return '无效编码';
}
$vdata['name'] = $name; return '';
},
]);
$time_form->addInput('start_time', [
'div_class' => 'mt-2',
'label' => UOJLocale::get('contests::start time'),
'default_value' => UOJTime::$time_now_str,
'validator_php' => function ($str, &$vdata) {
try {
$vdata['start_time'] = new DateTime($str);
} catch (Exception $e) {
return '无效时间格式';
}
return ''; return '';
}, },
] ]);
); $time_form->addInput('last_min', [
$time_form->addInput( 'div_class' => 'mt-2',
'start_time', 'label' => UOJLocale::get('contests::duration'),
[ 'default_value' => '180',
'div_class' => 'mt-2', 'help' => '单位为分钟。',
'label' => UOJLocale::get('contests::start time'), 'validator_php' => function ($str, &$vdata) {
'default_value' => UOJTime::$time_now_str, if (!validateUInt($str)) {
'validator_php' => function ($str, &$vdata) { return '必须为一个整数';
try { }
$vdata['start_time'] = new DateTime($str);
} catch (Exception $e) {
return '无效时间格式';
}
return ''; $vdata['last_min'] = $str;
},
]
);
$time_form->addInput(
'last_min',
[
'div_class' => 'mt-2',
'label' => UOJLocale::get('contests::duration'),
'default_value' => '180',
'help' => '单位为分钟。',
'validator_php' => function ($str, &$vdata) {
if (!validateUInt($str)) {
return '必须为一个整数';
}
$vdata['last_min'] = $str; return '';
},
return ''; ]);
},
]
);
$time_form->handle = function (&$vdata) { $time_form->handle = function (&$vdata) {
$start_time_str = $vdata['start_time']->format('Y-m-d H:i:s'); $start_time_str = $vdata['start_time']->format('Y-m-d H:i:s');

View File

@ -37,64 +37,55 @@ if (!isset($tabs_info[$cur_tab])) {
if ($cur_tab == 'profile') { if ($cur_tab == 'profile') {
$profile_form = new UOJForm('time'); $profile_form = new UOJForm('time');
$profile_form->addInput( $profile_form->addInput('name', [
'name', 'label' => '比赛标题',
[ 'default_value' => HTML::unescape(UOJContest::info('name')),
'label' => '比赛标题', 'validator_php' => function ($name, &$vdata) {
'default_value' => UOJContest::info('name'), if ($name == '') {
'validator_php' => function ($name, &$vdata) { return '标题不能为空';
if ($name == '') { }
return '标题不能为空';
}
if (strlen($name) > 100) { if (strlen($name) > 100) {
return '标题过长'; return '标题过长';
} }
$name = HTML::escape($name); $name = HTML::escape($name);
if ($name === '') { if ($name === '') {
return '无效编码'; return '无效编码';
} }
$vdata['name'] = $name; $vdata['name'] = $name;
return ''; return '';
}, },
], ]);
); $profile_form->addInput('start_time', [
$profile_form->addInput( 'div_class' => 'mt-3',
'start_time', 'label' => '开始时间',
[ 'default_value' => UOJContest::info('start_time_str'),
'div_class' => 'mt-3', 'validator_php' => function ($start_time, &$vdata) {
'label' => '开始时间', try {
'default_value' => UOJContest::info('start_time_str'), $vdata['start_time'] = new DateTime($start_time);
'validator_php' => function ($start_time, &$vdata) { } catch (Exception $e) {
try { return '无效时间格式';
$vdata['start_time'] = new DateTime($start_time); }
} catch (Exception $e) { return '';
return '无效时间格式'; },
} ]);
return ''; $profile_form->addInput('last_min', [
}, 'div_class' => 'mt-3',
] 'label' => '时长',
); 'help' => '单位为分钟。',
$profile_form->addInput( 'default_value' => UOJContest::info('last_min'),
'last_min', 'validator_php' => function ($last_min, &$vdata) {
[ if (!validateUInt($last_min)) {
'div_class' => 'mt-3', return '必须为一个整数';
'label' => '时长', }
'help' => '单位为分钟。', $vdata['last_min'] = $last_min;
'default_value' => UOJContest::info('last_min'), return '';
'validator_php' => function ($last_min, &$vdata) { },
if (!validateUInt($last_min)) { ]);
return '必须为一个整数';
}
$vdata['last_min'] = $last_min;
return '';
},
]
);
$profile_form->handle = function (&$vdata) { $profile_form->handle = function (&$vdata) {
DB::update([ DB::update([
"update contests", "update contests",
@ -108,24 +99,24 @@ if ($cur_tab == 'profile') {
dieWithJsonData(['status' => 'success', 'message' => '修改成功']); dieWithJsonData(['status' => 'success', 'message' => '修改成功']);
}; };
$profile_form->setAjaxSubmit(<<<EOD $profile_form->setAjaxSubmit(<<<EOD
function(res) { function(res) {
if (res.status === 'success') { if (res.status === 'success') {
$('#result-alert') $('#result-alert')
.html('比赛信息修改成功!') .html('比赛信息修改成功!')
.addClass('alert-success') .addClass('alert-success')
.removeClass('alert-danger') .removeClass('alert-danger')
.show(); .show();
} else { } else {
$('#result-alert') $('#result-alert')
.html('比赛信息修改失败。' + (res.message || '')) .html('比赛信息修改失败。' + (res.message || ''))
.removeClass('alert-success') .removeClass('alert-success')
.addClass('alert-danger') .addClass('alert-danger')
.show(); .show();
} }
$(window).scrollTop(0); $(window).scrollTop(0);
} }
EOD); EOD);
$profile_form->runAtServer(); $profile_form->runAtServer();
} elseif ($cur_tab == 'problems') { } elseif ($cur_tab == 'problems') {
if (isset($_POST['submit-remove_problem']) && $_POST['submit-remove_problem'] == 'remove_problem') { if (isset($_POST['submit-remove_problem']) && $_POST['submit-remove_problem'] == 'remove_problem') {
@ -163,30 +154,27 @@ EOD);
} }
$add_problem_form = new UOJForm('add_problem'); $add_problem_form = new UOJForm('add_problem');
$add_problem_form->addInput( $add_problem_form->addInput('problem_id', [
'problem_id', 'label' => '题目 ID',
[ 'validator_php' => function ($problem_id, &$vdata) {
'label' => '题目 ID', $problem = UOJProblem::query($problem_id);
'validator_php' => function ($problem_id, &$vdata) { if (!$problem) {
$problem = UOJProblem::query($problem_id); return '题目不存在。';
if (!$problem) { }
return '题目不存在。';
}
if (!$problem->userCanManage(Auth::user())) { if (!$problem->userCanManage(Auth::user())) {
return "无权添加此题目。"; return "无权添加此题目。";
} }
if (UOJContest::cur()->hasProblem($problem)) { if (UOJContest::cur()->hasProblem($problem)) {
return "题目已经在本场比赛中。"; return "题目已经在本场比赛中。";
} }
$vdata['problem_id'] = $problem_id; $vdata['problem_id'] = $problem_id;
return ''; return '';
}, },
] ]);
);
$add_problem_form->addSelect('judge_config', [ $add_problem_form->addSelect('judge_config', [
'div_class' => 'mt-3', 'div_class' => 'mt-3',
'label' => '评测设置', 'label' => '评测设置',
@ -241,24 +229,24 @@ EOD);
$add_problem_form->config['submit_button']['text'] = '添加'; $add_problem_form->config['submit_button']['text'] = '添加';
$add_problem_form->config['submit_button']['class'] = 'btn btn-secondary mt-3'; $add_problem_form->config['submit_button']['class'] = 'btn btn-secondary mt-3';
$add_problem_form->setAjaxSubmit(<<<EOD $add_problem_form->setAjaxSubmit(<<<EOD
function(res) { function(res) {
if (res.status === 'success') { if (res.status === 'success') {
$('#result-alert') $('#result-alert')
.html('添加成功!' + (res.message || '')) .html('添加成功!' + (res.message || ''))
.addClass('alert-success') .addClass('alert-success')
.removeClass('alert-danger') .removeClass('alert-danger')
.show(); .show();
} else { } else {
$('#result-alert') $('#result-alert')
.html('添加失败。' + (res.message || '')) .html('添加失败。' + (res.message || ''))
.removeClass('alert-success') .removeClass('alert-success')
.addClass('alert-danger') .addClass('alert-danger')
.show(); .show();
} }
$(window).scrollTop(0); $(window).scrollTop(0);
} }
EOD); EOD);
$add_problem_form->runAtServer(); $add_problem_form->runAtServer();
} elseif ($cur_tab == 'managers') { } elseif ($cur_tab == 'managers') {
$managers_form = newAddDelCmdForm( $managers_form = newAddDelCmdForm(

View File

@ -32,7 +32,7 @@ if ($cur_tab == 'profile') {
$update_profile_form = new UOJForm('update_profile'); $update_profile_form = new UOJForm('update_profile');
$update_profile_form->addInput('name', [ $update_profile_form->addInput('name', [
'label' => '名称', 'label' => '名称',
'default_value' => UOJGroup::info('title'), 'default_value' => HTML::unescape(UOJGroup::info('title')),
'validator_php' => function ($title, &$vdata) { 'validator_php' => function ($title, &$vdata) {
if ($title == '') { if ($title == '') {
return '名称不能为空'; return '名称不能为空';

View File

@ -26,7 +26,7 @@ if ($cur_tab == 'profile') {
$update_profile_form = new UOJForm('update_profile'); $update_profile_form = new UOJForm('update_profile');
$update_profile_form->addInput('name', [ $update_profile_form->addInput('name', [
'label' => '标题', 'label' => '标题',
'default_value' => UOJList::info('title'), 'default_value' => HTML::unescape(UOJList::info('title')),
'validator_php' => function ($title, &$vdata) { 'validator_php' => function ($title, &$vdata) {
if ($title == '') { if ($title == '') {
return '标题不能为空'; return '标题不能为空';

View File

@ -11,6 +11,15 @@ class HTML {
return htmlspecialchars($str); return htmlspecialchars($str);
} }
} }
public static function unescape(?string $str) {
if ($str === null) {
return '';
} else {
return htmlspecialchars_decode($str);
}
}
public static function stripTags($str) { public static function stripTags($str) {
return strip_tags($str); return strip_tags($str);
} }