From e6b3924a5d30e622619fe88fbfef9b6f0b71c200 Mon Sep 17 00:00:00 2001 From: Mikael Nordfeldth Date: Fri, 2 Sep 2016 00:08:17 +0200 Subject: [PATCH] common_to_alphanumeric added, filtering Notice->source in classic layout --- lib/activityhandlerplugin.php | 5 +++++ lib/noticelistitem.php | 6 ++++-- lib/util.php | 9 +++++++++ 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/lib/activityhandlerplugin.php b/lib/activityhandlerplugin.php index c06f723a36..9ebcd8a218 100644 --- a/lib/activityhandlerplugin.php +++ b/lib/activityhandlerplugin.php @@ -556,6 +556,11 @@ abstract class ActivityHandlerPlugin extends Plugin if ($nli->notice->scope != 0 && $nli->notice->scope != 1) { $class .= ' limited-scope'; } + try { + $class .= ' notice-source-'.common_to_alphanumeric($this->notice->source); + } catch (Exception $e) { + // either source or what we filtered out was a zero-length string + } $nli->out->elementStart('li', array('class' => $class, 'id' => 'notice-' . $id)); } diff --git a/lib/noticelistitem.php b/lib/noticelistitem.php index 5c7efa5814..1a629cf372 100644 --- a/lib/noticelistitem.php +++ b/lib/noticelistitem.php @@ -229,8 +229,10 @@ class NoticeListItem extends Widget if ($this->notice->scope != 0 && $this->notice->scope != 1) { $class .= ' limited-scope'; } - if (!empty($this->notice->source)) { - $class .= ' notice-source-'.$this->notice->source; + try { + $class .= ' notice-source-'.common_to_alphanumeric($this->notice->source); + } catch (Exception $e) { + // either source or what we filtered out was a zero-length string } $id_prefix = (strlen($this->id_prefix) ? $this->id_prefix . '-' : ''); $this->out->elementStart($this->item_tag, array('class' => $class, diff --git a/lib/util.php b/lib/util.php index 985b3773df..aa0d5bfe76 100644 --- a/lib/util.php +++ b/lib/util.php @@ -581,6 +581,15 @@ function common_canonical_email($email) return $email; } +function common_to_alphanumeric($str) +{ + $filtered = preg_replace('/[^A-Za-z0-9]\s*/', '', $str); + if (strlen($filtered) < 1) { + throw new Exception('Filtered string was zero-length.'); + } + return $filtered; +} + function common_purify($html, array $args=array()) { require_once INSTALLDIR.'/extlib/HTMLPurifier/HTMLPurifier.auto.php'; -- 2.39.5