fix: title escape

2024-11-08 10:58:42 +00:00 · 2023-02-14 18:52:31 +08:00 · 2023-02-14 18:52:31 +08:00 · 45af08923c
commit 45af08923c
parent 1c2ac53a62
5 changed files with 150 additions and 163 deletions
--- a/web/app/controllers/add_contest.php
+++ b/web/app/controllers/add_contest.php
@ -5,67 +5,57 @@ Auth::check() || redirectToLogin();
 UOJContest::userCanCreateContest(Auth::user()) || UOJResponse::page403();
 $time_form = new UOJForm('time');
-$time_form->addInput(
+$time_form->addInput('name', [
-	'name',
+	'label' => UOJLocale::get('contests::contest name'),
-	[
+	'default_value' => 'New Contest',
-		'label' => UOJLocale::get('contests::contest name'),
+	'validator_php' => function ($name, &$vdata) {
-		'default_value' => 'New Contest',
+		if ($name == '') {
-		'validator_php' => function ($name, &$vdata) {
+			return '标题不能为空';
-			if ($name == '') {
+		}
 				return '标题不能为空';
 			}
-			if (strlen($name) > 100) {
+		if (strlen($name) > 100) {
-				return '标题过长';
+			return '标题过长';
-			}
+		}
-			$name = HTML::escape($name);
+		$name = HTML::escape($name);
 		if ($name === '') {
 			return '无效编码';
 		}
-			if ($name === '') {
+		$vdata['name'] = $name;
 				return '无效编码';
 			}
-			$vdata['name'] = $name;
+		return '';
 	},
 ]);
 $time_form->addInput('start_time', [
 	'div_class' => 'mt-2',
 	'label' => UOJLocale::get('contests::start time'),
 	'default_value' => UOJTime::$time_now_str,
 	'validator_php' => function ($str, &$vdata) {
 		try {
 			$vdata['start_time'] = new DateTime($str);
 		} catch (Exception $e) {
 			return '无效时间格式';
 		}
-			return '';
+		return '';
-		},
+	},
-	]
+]);
-);
+$time_form->addInput('last_min', [
-$time_form->addInput(
+	'div_class' => 'mt-2',
-	'start_time',
+	'label' => UOJLocale::get('contests::duration'),
-	[
+	'default_value' => '180',
-		'div_class' => 'mt-2',
+	'help' => '单位为分钟。',
-		'label' => UOJLocale::get('contests::start time'),
+	'validator_php' => function ($str, &$vdata) {
-		'default_value' => UOJTime::$time_now_str,
+		if (!validateUInt($str)) {
-		'validator_php' => function ($str, &$vdata) {
+			return '必须为一个整数';
-			try {
+		}
 				$vdata['start_time'] = new DateTime($str);
 			} catch (Exception $e) {
 				return '无效时间格式';
 			}
-			return '';
+		$vdata['last_min'] = $str;
 		},
 	]
 );
 $time_form->addInput(
 	'last_min',
 	[
 		'div_class' => 'mt-2',
 		'label' => UOJLocale::get('contests::duration'),
 		'default_value' => '180',
 		'help' => '单位为分钟。',
 		'validator_php' => function ($str, &$vdata) {
 			if (!validateUInt($str)) {
 				return '必须为一个整数';
 			}
-			$vdata['last_min'] = $str;
+		return '';
-
+	},
-			return '';
+]);
 		},
 	]
 );
 $time_form->handle = function (&$vdata) {
 	$start_time_str = $vdata['start_time']->format('Y-m-d H:i:s');
--- a/web/app/controllers/contest_manage.php
+++ b/web/app/controllers/contest_manage.php
@ -37,64 +37,55 @@ if (!isset($tabs_info[$cur_tab])) {
 if ($cur_tab == 'profile') {
 	$profile_form = new UOJForm('time');
-	$profile_form->addInput(
+	$profile_form->addInput('name',	[
-		'name',
+		'label' => '比赛标题',
-		[
+		'default_value' => HTML::unescape(UOJContest::info('name')),
-			'label' => '比赛标题',
+		'validator_php' => function ($name, &$vdata) {
-			'default_value' => UOJContest::info('name'),
+			if ($name == '') {
-			'validator_php' => function ($name, &$vdata) {
+				return '标题不能为空';
-				if ($name == '') {
+			}
 					return '标题不能为空';
 				}
-				if (strlen($name) > 100) {
+			if (strlen($name) > 100) {
-					return '标题过长';
+				return '标题过长';
-				}
+			}
-				$name = HTML::escape($name);
+			$name = HTML::escape($name);
-				if ($name === '') {
+			if ($name === '') {
-					return '无效编码';
+				return '无效编码';
-				}
+			}
-				$vdata['name'] = $name;
+			$vdata['name'] = $name;
-				return '';
+			return '';
-			},
+		},
-		],
+	]);
-	);
+	$profile_form->addInput('start_time', [
-	$profile_form->addInput(
+		'div_class' => 'mt-3',
-		'start_time',
+		'label' => '开始时间',
-		[
+		'default_value' => UOJContest::info('start_time_str'),
-			'div_class' => 'mt-3',
+		'validator_php' => function ($start_time, &$vdata) {
-			'label' => '开始时间',
+			try {
-			'default_value' => UOJContest::info('start_time_str'),
+				$vdata['start_time'] = new DateTime($start_time);
-			'validator_php' => function ($start_time, &$vdata) {
+			} catch (Exception $e) {
-				try {
+				return '无效时间格式';
-					$vdata['start_time'] = new DateTime($start_time);
+			}
-				} catch (Exception $e) {
+			return '';
-					return '无效时间格式';
+		},
-				}
+	]);
-				return '';
+	$profile_form->addInput('last_min', [
-			},
+		'div_class' => 'mt-3',
-		]
+		'label' => '时长',
-	);
+		'help' => '单位为分钟。',
-	$profile_form->addInput(
+		'default_value' => UOJContest::info('last_min'),
-		'last_min',
+		'validator_php' => function ($last_min, &$vdata) {
-		[
+			if (!validateUInt($last_min)) {
-			'div_class' => 'mt-3',
+				return '必须为一个整数';
-			'label' => '时长',
+			}
-			'help' => '单位为分钟。',
+			$vdata['last_min'] = $last_min;
-			'default_value' => UOJContest::info('last_min'),
+			return '';
-			'validator_php' => function ($last_min, &$vdata) {
+		},
-				if (!validateUInt($last_min)) {
+	]);
 					return '必须为一个整数';
 				}
 				$vdata['last_min'] = $last_min;
 				return '';
 			},
 		]
 	);
 	$profile_form->handle = function (&$vdata) {
 		DB::update([
 			"update contests",
@ -108,24 +99,24 @@ if ($cur_tab == 'profile') {
 		dieWithJsonData(['status' => 'success', 'message' => '修改成功']);
 	};
 	$profile_form->setAjaxSubmit(<<<EOD
-function(res) {
+		function(res) {
-	if (res.status === 'success') {
+			if (res.status === 'success') {
-		$('#result-alert')
+				$('#result-alert')
-			.html('比赛信息修改成功！')
+					.html('比赛信息修改成功！')
-			.addClass('alert-success')
+					.addClass('alert-success')
-			.removeClass('alert-danger')
+					.removeClass('alert-danger')
-			.show();
+					.show();
-	} else {
+			} else {
-		$('#result-alert')
+				$('#result-alert')
-			.html('比赛信息修改失败。' + (res.message || ''))
+					.html('比赛信息修改失败。' + (res.message || ''))
-			.removeClass('alert-success')
+					.removeClass('alert-success')
-			.addClass('alert-danger')
+					.addClass('alert-danger')
-			.show();
+					.show();
-	}
+			}
-	$(window).scrollTop(0);
+			$(window).scrollTop(0);
-}
+		}
-EOD);
+	EOD);
 	$profile_form->runAtServer();
 } elseif ($cur_tab == 'problems') {
 	if (isset($_POST['submit-remove_problem']) && $_POST['submit-remove_problem'] == 'remove_problem') {
@ -163,30 +154,27 @@ EOD);
 	}
 	$add_problem_form = new UOJForm('add_problem');
-	$add_problem_form->addInput(
+	$add_problem_form->addInput('problem_id', [
-		'problem_id',
+		'label' => '题目 ID',
-		[
+		'validator_php' => function ($problem_id, &$vdata) {
-			'label' => '题目 ID',
+			$problem = UOJProblem::query($problem_id);
-			'validator_php' => function ($problem_id, &$vdata) {
+			if (!$problem) {
-				$problem = UOJProblem::query($problem_id);
+				return '题目不存在。';
-				if (!$problem) {
+			}
 					return '题目不存在。';
 				}
-				if (!$problem->userCanManage(Auth::user())) {
+			if (!$problem->userCanManage(Auth::user())) {
-					return "无权添加此题目。";
+				return "无权添加此题目。";
-				}
+			}
-				if (UOJContest::cur()->hasProblem($problem)) {
+			if (UOJContest::cur()->hasProblem($problem)) {
-					return "题目已经在本场比赛中。";
+				return "题目已经在本场比赛中。";
-				}
+			}
-				$vdata['problem_id'] = $problem_id;
+			$vdata['problem_id'] = $problem_id;
-				return '';
+			return '';
-			},
+		},
-		]
+	]);
 	);
 	$add_problem_form->addSelect('judge_config', [
 		'div_class' => 'mt-3',
 		'label' => '评测设置',
@ -241,24 +229,24 @@ EOD);
 	$add_problem_form->config['submit_button']['text'] = '添加';
 	$add_problem_form->config['submit_button']['class'] = 'btn btn-secondary mt-3';
 	$add_problem_form->setAjaxSubmit(<<<EOD
-function(res) {
+		function(res) {
-	if (res.status === 'success') {
+			if (res.status === 'success') {
-		$('#result-alert')
+				$('#result-alert')
-			.html('添加成功！' + (res.message || ''))
+					.html('添加成功！' + (res.message || ''))
-			.addClass('alert-success')
+					.addClass('alert-success')
-			.removeClass('alert-danger')
+					.removeClass('alert-danger')
-			.show();
+					.show();
-	} else {
+			} else {
-		$('#result-alert')
+				$('#result-alert')
-			.html('添加失败。' + (res.message || ''))
+					.html('添加失败。' + (res.message || ''))
-			.removeClass('alert-success')
+					.removeClass('alert-success')
-			.addClass('alert-danger')
+					.addClass('alert-danger')
-			.show();
+					.show();
-	}
+			}
-	$(window).scrollTop(0);
+			$(window).scrollTop(0);
-}
+		}
-EOD);
+	EOD);
 	$add_problem_form->runAtServer();
 } elseif ($cur_tab == 'managers') {
 	$managers_form = newAddDelCmdForm(
--- a/web/app/controllers/group_manage.php
+++ b/web/app/controllers/group_manage.php
@ -32,7 +32,7 @@ if ($cur_tab == 'profile') {
 	$update_profile_form = new UOJForm('update_profile');
 	$update_profile_form->addInput('name', [
 		'label' => '名称',
-		'default_value' => UOJGroup::info('title'),
+		'default_value' => HTML::unescape(UOJGroup::info('title')),
 		'validator_php' => function ($title, &$vdata) {
 			if ($title == '') {
 				return '名称不能为空';
--- a/web/app/controllers/list_manage.php
+++ b/web/app/controllers/list_manage.php
@ -26,7 +26,7 @@ if ($cur_tab == 'profile') {
 	$update_profile_form = new UOJForm('update_profile');
 	$update_profile_form->addInput('name', [
 		'label' => '标题',
-		'default_value' => UOJList::info('title'),
+		'default_value' => HTML::unescape(UOJList::info('title')),
 		'validator_php' => function ($title, &$vdata) {
 			if ($title == '') {
 				return '标题不能为空';
--- a/web/app/models/HTML.php
+++ b/web/app/models/HTML.php
@ -11,6 +11,15 @@ class HTML {
 			return htmlspecialchars($str);
 		}
 	}
 	public static function unescape(?string $str) {
 		if ($str === null) {
 			return '';
 		} else {
 			return htmlspecialchars_decode($str);
 		}
 	}
 	public static function stripTags($str) {
 		return strip_tags($str);
 	}