Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/bugs-5879' into bugs-5880
Browse files Browse the repository at this point in the history
  • Loading branch information
@jazzsequence
jazzsequence committed May 10, 2023
2 parents 6bee6ed + 99f4652 commit 77f0832
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 4 deletions.
22 changes: 20 additions & 2 deletions php/pantheon/utils.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@

use \Symfony\Component\Filesystem\Filesystem;
use \Symfony\Component\Finder\Finder;
use \Pantheon\Utils as Pantheon;

class Utils {
static $fs;
Expand Down Expand Up @@ -60,8 +59,27 @@ public static function sanitize_data($data, $sanitizer_function = 'htmlspecialch
array_map('self::sanitize_data', array_values((array)$data))
);
return is_object( $data ) ? (object)$sanitized_data : $sanitized_data;
} elseif ( is_integer($data) ) {
} elseif ( is_integer( $data ) ) {
return (string)$data;
} elseif ( is_string( $data ) ) {
if ( ! empty( $data ) ) {
$dom = new \DOMDocument;
$dom->loadHTML( $data );
$anchors = $dom->getElementsByTagName('a');

// Bail if our string does not only contain an anchor tag.
if ( 0 === $anchors->length ) {;
return $sanitizer_function($data);
}

$href = $anchors[0]->getAttribute('href');
$sanitized_href = call_user_func($sanitizer_function, $href);
$sanitized_link_text = call_user_func($sanitizer_function, $anchors[0]->textContent);

// Rebuild anchor tags to ensure there are no injected attributes.
$rebuilt_link = '<a href="' . $sanitized_href . ' target="_blank"">' . $sanitized_link_text . '</a>';
return $rebuilt_link;
}
}

return $sanitizer_function($data);
Expand Down
8 changes: 6 additions & 2 deletions php/pantheon/views/table.php
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,13 @@
<?php

use Pantheon\Utils; ?>

<table class='table table-condensed'>
<thead>
<tr>
<?php if(isset($headers)): ?>
<?php foreach ($headers as $header): ?>
<th><?php echo $header; ?></th>
<th><?php echo Utils::sanitize_data( $header ); ?></th>
<?php endforeach; ?>
<?php endif; ?>
</tr>
Expand All @@ -12,7 +16,7 @@
<?php foreach($rows as $row): ?>
<tr class="<?php if(isset($row['class'])) { echo $row['class']; } ?>">
<?php foreach($row['data'] as $values): ?>
<td><?php echo $values; ?></td>
<td><?php echo Utils::sanitize_data( $values ); ?></td>
<?php endforeach; ?>
</tr>
<?php endforeach; ?>
Expand Down

0 comments on commit 77f0832

Please sign in to comment.