makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/14985] Decode HTML special chars in plain text columns

Browse source 
PHPBB3-14985
This commit is contained in:
JoshyPHP 2017-01-10 18:04:16 +01:00
parent 26c6cb819e
commit ef215f573e
2 changed files with 38 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
phpBB/phpbb/textformatter/data_access.php
View file

@ -81,11 +81,8 @@ class data_access
public function get_bbcodes() public function get_bbcodes()
{ {
$sql = 'SELECT bbcode_match, bbcode_tpl FROM ' . $this->bbcodes_table; $sql = 'SELECT bbcode_match, bbcode_tpl FROM ' . $this->bbcodes_table;
$result = $this->db->sql_query($sql);
$rows = $this->db->sql_fetchrowset($result);
$this->db->sql_freeresult($result);
return $rows; return $this->fetch_decoded_rowset($sql, ['bbcode_match']);
} }
/** /**
@ -101,11 +98,8 @@ class data_access
$sql = 'SELECT code, emotion, smiley_url, smiley_width, smiley_height $sql = 'SELECT code, emotion, smiley_url, smiley_width, smiley_height
FROM ' . $this->smilies_table . ' FROM ' . $this->smilies_table . '
ORDER BY display_on_posting DESC'; ORDER BY display_on_posting DESC';
$result = $this->db->sql_query($sql);
$rows = $this->db->sql_fetchrowset($result);
$this->db->sql_freeresult($result);
return $rows; return $this->fetch_decoded_rowset($sql, ['code', 'emotion', 'smiley_url']);
} }
/** /**
@ -116,11 +110,8 @@ class data_access
protected function get_styles() protected function get_styles()
{ {
$sql = 'SELECT style_id, style_path, style_parent_id, bbcode_bitfield FROM ' . $this->styles_table; $sql = 'SELECT style_id, style_path, style_parent_id, bbcode_bitfield FROM ' . $this->styles_table;
$result = $this->db->sql_query($sql);
$rows = $this->db->sql_fetchrowset($result);
$this->db->sql_freeresult($result);
return $rows; return $this->fetch_decoded_rowset($sql);
} }
/** /**
@ -219,10 +210,43 @@ class data_access
public function get_censored_words() public function get_censored_words()
{ {
$sql = 'SELECT word, replacement FROM ' . $this->words_table; $sql = 'SELECT word, replacement FROM ' . $this->words_table;
return $this->fetch_decoded_rowset($sql, ['word', 'replacement']);
}
/**
* Decode HTML special chars in given rowset
*
* @param array $rows Original rowset
* @param array $columns List of columns to decode
* @return array Decoded rowset
*/
protected function decode_rowset(array $rows, array $columns)
{
foreach ($rows as &$row)
{
foreach ($columns as $column)
{
$row[$column] = htmlspecialchars_decode($row[$column]);
}
}
return $rows;
}
/**
* Fetch all rows for given query and decode plain text columns
*
* @param string $sql SELECT query
* @param array $columns List of columns to decode
* @return array
*/
protected function fetch_decoded_rowset($sql, array $columns = [])
{
$result = $this->db->sql_query($sql); $result = $this->db->sql_query($sql);
$rows = $this->db->sql_fetchrowset($result); $rows = $this->db->sql_fetchrowset($result);
$this->db->sql_freeresult($result); $this->db->sql_freeresult($result);
return $rows; return $this->decode_rowset($rows, $columns);
} }
} }

3
phpBB/phpbb/textformatter/s9e/factory.php
View file

@ -333,8 +333,7 @@ class factory implements \phpbb\textformatter\cache_interface
$configurator->plugins->load('Censor', array('tagName' => 'censor:tag')); $configurator->plugins->load('Censor', array('tagName' => 'censor:tag'));
foreach ($censor as $row) foreach ($censor as $row)
{ {
// NOTE: words are stored as HTML, we need to decode them to plain text $configurator->Censor->add($row['word'], $row['replacement']);
$configurator->Censor->add(htmlspecialchars_decode($row['word']), htmlspecialchars_decode($row['replacement']));
} }
} }