feat: html tags in user motto

This commit is contained in:
Baoshuo Ren 2022-09-18 21:38:57 +08:00
parent bbe8110120
commit 5348d056f7
Signed by: baoshuo
GPG Key ID: 00CB9680AB29F51A
6 changed files with 28 additions and 8 deletions

View File

@ -14,7 +14,7 @@
<?php if (validateUsername($username) && ($user = queryUser($username))): ?> <?php if (validateUsername($username) && ($user = queryUser($username))): ?>
<?php echoUOJPageHeader($user['username'] . ' - ' . UOJLocale::get('user profile')) ?> <?php echoUOJPageHeader($user['username'] . ' - ' . UOJLocale::get('user profile')) ?>
<?php <?php
$esc_email = HTML::escape($user['email']); $esc_email = HTML::escape($user['email']);
$esc_qq = HTML::escape($user['qq'] != 0 ? $user['qq'] : 'Unfilled'); $esc_qq = HTML::escape($user['qq'] != 0 ? $user['qq'] : 'Unfilled');
$esc_sex = HTML::escape($user['sex']); $esc_sex = HTML::escape($user['sex']);
$col_sex="color:blue"; $col_sex="color:blue";
@ -28,7 +28,7 @@
$esc_sex=""; $esc_sex="";
$col_sex="color:black"; $col_sex="color:black";
} }
$esc_motto = HTML::escape($user['motto']); $motto = addslashes($user['motto']);
?> ?>
<div class="card border-info"> <div class="card border-info">
<h5 class="card-header bg-info"><?= UOJLocale::get('user profile') ?></h5> <h5 class="card-header bg-info"><?= UOJLocale::get('user profile') ?></h5>
@ -49,9 +49,16 @@
<p class="list-group-item-text"><?= $esc_qq ?></p> <p class="list-group-item-text"><?= $esc_qq ?></p>
</div> </div>
<div class="list-group-item"> <div class="list-group-item">
<h4 class="list-group-item-heading"><?= UOJLocale::get('motto') ?></h4> <h4 class="list-group-item-heading"><?= UOJLocale::get('motto') ?></h4><?php
<p class="list-group-item-text"><?= $esc_motto ?></p> $motto_id = uniqid("motto-{$user['username']}-");
$dom_sanitize_config = DOM_SANITIZE_CONFIG;
?>
<p class="list-group-item-text" id="<?= $motto_id ?>"></p>
<script type="text/javascript">
$(function() { $('#<?= $motto_id ?>').html(DOMPurify.sanitize('<?= $motto ?>', <?= $dom_sanitize_config ?>)); });
</script>
</div> </div>
<?php if (isSuperUser($myUser)): ?> <?php if (isSuperUser($myUser)): ?>
<div class="list-group-item"> <div class="list-group-item">
<h4 class="list-group-item-heading">register time</h4> <h4 class="list-group-item-heading">register time</h4>

View File

@ -1,5 +1,7 @@
<?php <?php
define('DOM_SANITIZE_CONFIG', "{ALLOWED_TAGS: ['a', 'b', 'i', 'u', 'em', 'strong', 'sub', 'sup', 'small', 'del'], ALLOWED_ATTR: ['href']}");
function uojHandleAtSign($str, $uri) { function uojHandleAtSign($str, $uri) {
$referrers = array(); $referrers = array();
$res = preg_replace_callback('/@(@|[a-zA-Z0-9_]{1,20})/', function($matches) use (&$referrers) { $res = preg_replace_callback('/@(@|[a-zA-Z0-9_]{1,20})/', function($matches) use (&$referrers) {
@ -990,7 +992,13 @@ function echoRanklist($config = array()) {
echo '<tr>'; echo '<tr>';
echo '<td>' . $user['rank'] . '</td>'; echo '<td>' . $user['rank'] . '</td>';
echo '<td>' . getUserLink($user['username']) . '</td>'; echo '<td>' . getUserLink($user['username']) . '</td>';
echo '<td>' . HTML::escape($user['motto']) . '</td>'; $motto_id = uniqid("motto-{$user['username']}-");
echo "<td id=\"$motto_id\"></td>";
$motto = addslashes($user['motto']);
$dom_sanitize_config = DOM_SANITIZE_CONFIG;
echo '<script type="text/javascript">';
echo "$(function() { $('#$motto_id').html(DOMPurify.sanitize('{$motto}', $dom_sanitize_config)); });";
echo '</script>';
echo '<td>' . $user['ac_num'] . '</td>'; echo '<td>' . $user['ac_num'] . '</td>';
echo '</tr>'; echo '</tr>';

View File

@ -17,7 +17,7 @@ function validateQQ($QQ) {
} }
function validateMotto($motto) { function validateMotto($motto) {
return is_string($motto) && ($len = mb_strlen($motto, 'UTF-8')) !== false && $len <= 50; return is_string($motto) && ($len = mb_strlen($motto, 'UTF-8')) !== false && $len <= 1024;
} }
function validateUInt($x) { // [0, 1000000000) function validateUInt($x) { // [0, 1000000000)

View File

@ -78,6 +78,9 @@
<!-- Color converter --> <!-- Color converter -->
<?= HTML::js_src('/js/color-converter.min.js') ?> <?= HTML::js_src('/js/color-converter.min.js') ?>
<!-- DOM Santizer -->
<?= HTML::js_src('/js/purify.min.js') ?>
<!-- uoj --> <!-- uoj -->
<?= HTML::js_src('/js/uoj.js?v=2017.01.01') ?> <?= HTML::js_src('/js/uoj.js?v=2017.01.01') ?>

2
web/js/purify.min.js vendored Normal file

File diff suppressed because one or more lines are too long

View File

@ -232,8 +232,8 @@ function validateQQ(str) {
} }
} }
function validateMotto(str) { function validateMotto(str) {
if (str.length > 50) { if (str.length > 1024) {
return '不能超过50字'; return '不能超过 1024 个字符。';
} else { } else {
return ''; return '';
} }