makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-07 20:08:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #73 from phpbb/ticket/security-283

Browse source 
[ticket/security-283] Use jQuery to generate HTML for page from page data
This commit is contained in:
Marc Alexander 2025-03-08 11:23:40 +01:00 committed by GitHub
commit cfa3a21e20
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 36 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
phpBB/adm/style/admin.js
View file

@ -5,7 +5,7 @@
/** /**
* Parse document block * Parse document block
*/ */
function parse_document(container) function parse_document(container)
{ {
var test = document.createElement('div'), var test = document.createElement('div'),
oldBrowser = (typeof test.style.borderRadius == 'undefined'); oldBrowser = (typeof test.style.borderRadius == 'undefined');
@ -90,7 +90,7 @@ function parse_document(container)
} }
}); });
} }
headersLength = headers.length; headersLength = headers.length;
// Add header text to each cell as <dfn> // Add header text to each cell as <dfn>
@ -121,8 +121,8 @@ function parse_document(container)
} }
if ((text.length && text !== '-') || cell.children().length) { if ((text.length && text !== '-') || cell.children().length) {
if (headers[column] != '') { if (headers[column].length) {
cell.prepend('<dfn style="display: none;">' + headers[column] + '</dfn>'); cell.prepend($("<dfn>").css('display', 'none').text(headers[column]));
} }
} }
else { else {
@ -143,7 +143,7 @@ function parse_document(container)
*/ */
container.find('table.responsive > tbody').each(function() { container.find('table.responsive > tbody').each(function() {
var items = $(this).children('tr'); var items = $(this).children('tr');
if (items.length == 0) if (!items.length)
{ {
$(this).parent('table:first').addClass('responsive-hide'); $(this).parent('table:first').addClass('responsive-hide');
} }
@ -157,7 +157,7 @@ function parse_document(container)
if ($this.html() == '&nbsp;') { if ($this.html() == '&nbsp;') {
$this.addClass('responsive-hide'); $this.addClass('responsive-hide');
} }
}); });
/** /**
@ -184,7 +184,7 @@ function parse_document(container)
var width = $body.width(), var width = $body.width(),
height = $this.height(); height = $this.height();
if (arguments.length == 0 && (!responsive || width <= lastWidth) && height <= maxHeight) { if (!arguments.length && (!responsive || width <= lastWidth) && height <= maxHeight) {
return; return;
} }

33
phpBB/adm/style/ajax.js
View file

@ -235,14 +235,20 @@ function submitPermissions() {
if ($alertBoxLink) { if ($alertBoxLink) {
// Remove forum_id[] from URL // Remove forum_id[] from URL
$alertBoxLink.attr('href', $alertBoxLink.attr('href').replace(/(&forum_id\[\]=[0-9]+)/g, '')); $alertBoxLink.attr('href', $alertBoxLink.attr('href').replace(/(&forum_id\[\]=[0-9]+)/g, ''));
var previousPageForm = '<form action="' + $alertBoxLink.attr('href') + '" method="post">'; const $previousPageForm = $('<form>').attr({
$.each(forumIds, function (key, value) { action: $alertBoxLink.attr('href'),
previousPageForm += '<input type="text" name="forum_id[]" value="' + value + '" />'; method: 'post'
});
$.each(forumIds, function (key, value) {
$previousPageForm.append($('<input>').attr({
type: 'text',
name: 'forum_id[]',
value: value
}));
}); });
previousPageForm += '</form>';
$alertBoxLink.on('click', function (e) { $alertBoxLink.on('click', function (e) {
var $previousPageForm = $(previousPageForm);
$('body').append($previousPageForm); $('body').append($previousPageForm);
e.preventDefault(); e.preventDefault();
$previousPageForm.submit(); $previousPageForm.submit();
@ -257,12 +263,19 @@ function submitPermissions() {
setTimeout(function () { setTimeout(function () {
// Create forum to submit using POST. This will prevent // Create forum to submit using POST. This will prevent
// exceeding the maximum length of URLs // exceeding the maximum length of URLs
var form = '<form action="' + res.REFRESH_DATA.url.replace(/(&forum_id\[\]=[0-9]+)/g, '') + '" method="post">'; const $form = $('<form>').attr({
$.each(forumIds, function (key, value) { action: res.REFRESH_DATA.url.replace(/(&forum_id\[\]=[0-9]+)/g, ''),
form += '<input type="text" name="forum_id[]" value="' + value + '" />'; method: 'post'
}); });
form += '</form>';
$form = $(form); $.each(forumIds, function (key, value) {
$form.append($('<input>').attr({
type: 'text',
name: 'forum_id[]',
value: value
}));
});
$('body').append($form); $('body').append($form);
// Hide the alert even if we refresh the page, in case the user // Hide the alert even if we refresh the page, in case the user

10
phpBB/styles/prosilver/template/forum_fn.js
View file

@ -650,7 +650,7 @@ function parseDocument($container) {
html = $children.html(); html = $children.html();
} }
$block.append((first ? '' : '<br />') + html); $block.append((first ? '' : '<br>') + html);
first = false; first = false;
}); });
@ -670,7 +670,7 @@ function parseDocument($container) {
// Find all headers, get contents // Find all headers, get contents
$list.prev('.topiclist').find('li.header dd').not('.mark').each(function() { $list.prev('.topiclist').find('li.header dd').not('.mark').each(function() {
headers.push($(this).text()); headers.push($("<div>").text($(this).text()).html());
headersLength++; headersLength++;
}); });
@ -707,7 +707,7 @@ function parseDocument($container) {
html = headers[i] + ': <strong>' + html + '</strong>'; html = headers[i] + ': <strong>' + html + '</strong>';
} }
$block.append((first ? '' : '<br />') + html); $block.append((first ? '' : '<br>') + html);
first = false; first = false;
}); });
@ -773,7 +773,9 @@ function parseDocument($container) {
} }
if ((text.length && text !== '-') || cell.children().length) { if ((text.length && text !== '-') || cell.children().length) {
cell.prepend('<dfn style="display: none;">' + headers[column] + '</dfn>'); if (headers[column].length) {
cell.prepend($("<dfn>").css('display', 'none').text(headers[column]));
}
} else { } else {
cell.addClass('empty'); cell.addClass('empty');
} }