feat: html tags in user motto

2024-11-24 02:08:41 +00:00 · 2022-09-18 21:38:57 +08:00 · 2022-09-18 21:38:57 +08:00 · 5348d056f7
commit 5348d056f7
parent bbe8110120
6 changed files with 28 additions and 8 deletions
--- a/web/app/controllers/user_info.php
+++ b/web/app/controllers/user_info.php
@ -28,7 +28,7 @@
 			$esc_sex="";
 			$col_sex="color:black";
 		}
-	$esc_motto = HTML::escape($user['motto']);
+	$motto = addslashes($user['motto']);
 	?>
 	<div class="card border-info">
 		<h5 class="card-header bg-info"><?= UOJLocale::get('user profile') ?></h5>
@ -49,9 +49,16 @@
 							<p class="list-group-item-text"><?= $esc_qq ?></p>
 						</div>
 						<div class="list-group-item">
-							<h4 class="list-group-item-heading"><?= UOJLocale::get('motto') ?></h4>
+							<h4 class="list-group-item-heading"><?= UOJLocale::get('motto') ?></h4><?php
-							<p class="list-group-item-text"><?= $esc_motto ?></p>
+								$motto_id = uniqid("motto-{$user['username']}-");
 	$dom_sanitize_config = DOM_SANITIZE_CONFIG;
 	?>
 							<p class="list-group-item-text" id="<?= $motto_id ?>"></p>
 							<script type="text/javascript">
 								$(function() { $('#<?= $motto_id ?>').html(DOMPurify.sanitize('<?= $motto ?>', <?= $dom_sanitize_config ?>)); });
 							</script>
 						</div>
 						<?php if (isSuperUser($myUser)): ?>
 						<div class="list-group-item">
 							<h4 class="list-group-item-heading">register time</h4>
--- a/web/app/libs/uoj-html-lib.php
+++ b/web/app/libs/uoj-html-lib.php
@ -1,5 +1,7 @@
 <?php
 define('DOM_SANITIZE_CONFIG', "{ALLOWED_TAGS: ['a', 'b', 'i', 'u', 'em', 'strong', 'sub', 'sup', 'small', 'del'], ALLOWED_ATTR: ['href']}");
 function uojHandleAtSign($str, $uri) {
 	$referrers = array();
 	$res = preg_replace_callback('/@(@|[a-zA-Z0-9_]{1,20})/', function($matches) use (&$referrers) {
@ -990,7 +992,13 @@ function echoRanklist($config = array()) {
 		echo '<tr>';
 		echo '<td>' . $user['rank'] . '</td>';
 		echo '<td>' . getUserLink($user['username']) . '</td>';
-		echo '<td>' . HTML::escape($user['motto']) . '</td>';
+		$motto_id = uniqid("motto-{$user['username']}-");
 		echo "<td id=\"$motto_id\"></td>";
 		$motto = addslashes($user['motto']);
 		$dom_sanitize_config = DOM_SANITIZE_CONFIG;
 		echo '<script type="text/javascript">';
 		echo "$(function() { $('#$motto_id').html(DOMPurify.sanitize('{$motto}', $dom_sanitize_config)); });";
 		echo '</script>';
 		echo '<td>' . $user['ac_num'] . '</td>';
 		echo '</tr>';
--- a/web/app/libs/uoj-validate-lib.php
+++ b/web/app/libs/uoj-validate-lib.php
@ -17,7 +17,7 @@ function validateQQ($QQ) {
 }
 function validateMotto($motto) {
-	return is_string($motto) && ($len = mb_strlen($motto, 'UTF-8')) !== false && $len <= 50;
+	return is_string($motto) && ($len = mb_strlen($motto, 'UTF-8')) !== false && $len <= 1024;
 }
 function validateUInt($x) { // [0, 1000000000)
--- a/web/app/views/page-header.php
+++ b/web/app/views/page-header.php
@ -78,6 +78,9 @@
 		<!-- Color converter -->
 		<?= HTML::js_src('/js/color-converter.min.js') ?>
 		<!-- DOM Santizer -->
 		<?= HTML::js_src('/js/purify.min.js') ?>
 		<!-- uoj -->
 		<?= HTML::js_src('/js/uoj.js?v=2017.01.01') ?>
--- a/web/js/purify.min.js
+++ b/web/js/purify.min.js
--- a/web/js/uoj.js
+++ b/web/js/uoj.js
@ -232,8 +232,8 @@ function validateQQ(str) {
 	}
 }
 function validateMotto(str) {
-	if (str.length > 50) {
+	if (str.length > 1024) {
-		return '不能超过50字';
+		return '不能超过 1024 个字符。';
 	} else {
 		return '';
 	}