baoshuo/S2OJ
baoshuo/S2OJ
1
1
Fork 0
mirror of https://github.com/renbaoshuo/S2OJ.git synced 2024-11-23 20:58:42 +00:00
Code Issues Actions Packages Releases Activity

feat: html tags in user motto

Browse Source
This commit is contained in:
Baoshuo Ren 2022-09-18 21:38:57 +08:00
parent bbe8110120
commit 5348d056f7
Signed by: baoshuo
GPG Key ID: 00CB9680AB29F51A
6 changed files with 28 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
web/app/controllers/user_info.php
View File

@ -14,7 +14,7 @@
<?php if (validateUsername($username) && ($user = queryUser($username))): ?>
<?php echoUOJPageHeader($user['username'] . ' - ' . UOJLocale::get('user profile')) ?>
<?php
$esc_email = HTML::escape($user['email']);
$esc_email = HTML::escape($user['email']);
$esc_qq = HTML::escape($user['qq'] != 0 ? $user['qq'] : 'Unfilled');
$esc_sex = HTML::escape($user['sex']);
$col_sex="color:blue";
@ -28,7 +28,7 @@
$esc_sex="";
$col_sex="color:black";
}
$esc_motto = HTML::escape($user['motto']);
$motto = addslashes($user['motto']);
?>
<div class="card border-info">
<h5 class="card-header bg-info"><?= UOJLocale::get('user profile') ?></h5>
@ -49,9 +49,16 @@
<p class="list-group-item-text"><?= $esc_qq ?></p>
</div>
<div class="list-group-item">
<h4 class="list-group-item-heading"><?= UOJLocale::get('motto') ?></h4>
<p class="list-group-item-text"><?= $esc_motto ?></p>
<h4 class="list-group-item-heading"><?= UOJLocale::get('motto') ?></h4><?php
$motto_id = uniqid("motto-{$user['username']}-");
$dom_sanitize_config = DOM_SANITIZE_CONFIG;
?>
<p class="list-group-item-text" id="<?= $motto_id ?>"></p>
<script type="text/javascript">
$(function() { $('#<?= $motto_id ?>').html(DOMPurify.sanitize('<?= $motto ?>', <?= $dom_sanitize_config ?>)); });
</script>
</div>
<?php if (isSuperUser($myUser)): ?>
<div class="list-group-item">
<h4 class="list-group-item-heading">register time</h4>

10
web/app/libs/uoj-html-lib.php
View File

@ -1,5 +1,7 @@
<?php
define('DOM_SANITIZE_CONFIG', "{ALLOWED_TAGS: ['a', 'b', 'i', 'u', 'em', 'strong', 'sub', 'sup', 'small', 'del'], ALLOWED_ATTR: ['href']}");
function uojHandleAtSign($str, $uri) {
$referrers = array();
$res = preg_replace_callback('/@(@|[a-zA-Z0-9_]{1,20})/', function($matches) use (&$referrers) {
@ -990,7 +992,13 @@ function echoRanklist($config = array()) {
echo '<tr>';
echo '<td>' . $user['rank'] . '</td>';
echo '<td>' . getUserLink($user['username']) . '</td>';
echo '<td>' . HTML::escape($user['motto']) . '</td>';
$motto_id = uniqid("motto-{$user['username']}-");
echo "<td id=\"$motto_id\"></td>";
$motto = addslashes($user['motto']);
$dom_sanitize_config = DOM_SANITIZE_CONFIG;
echo '<script type="text/javascript">';
echo "$(function() { $('#$motto_id').html(DOMPurify.sanitize('{$motto}', $dom_sanitize_config)); });";
echo '</script>';
echo '<td>' . $user['ac_num'] . '</td>';
echo '</tr>';

2
web/app/libs/uoj-validate-lib.php
View File

@ -17,7 +17,7 @@ function validateQQ($QQ) {
}
function validateMotto($motto) {
return is_string($motto) && ($len = mb_strlen($motto, 'UTF-8')) !== false && $len <= 50;
return is_string($motto) && ($len = mb_strlen($motto, 'UTF-8')) !== false && $len <= 1024;
}
function validateUInt($x) { // [0, 1000000000)

3
web/app/views/page-header.php
View File

@ -78,6 +78,9 @@
<!-- Color converter -->
<?= HTML::js_src('/js/color-converter.min.js') ?>
<!-- DOM Santizer -->
<?= HTML::js_src('/js/purify.min.js') ?>
<!-- uoj -->
<?= HTML::js_src('/js/uoj.js?v=2017.01.01') ?>

2
web/js/purify.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

4
web/js/uoj.js
View File

@ -232,8 +232,8 @@ function validateQQ(str) {
}
}
function validateMotto(str) {
if (str.length > 50) {
return '不能超过50字';
if (str.length > 1024) {
return '不能超过 1024 个字符。';
} else {
return '';
}