From 1b71b963d7ba2a5a61c0a4221cbed769f71e837c Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Fri, 2 Dec 2022 19:36:57 -0500 Subject: [PATCH 1/5] Fix description not being populated in event form when there's a validation error --- src/Module/Calendar/Event/API.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/Module/Calendar/Event/API.php b/src/Module/Calendar/Event/API.php index 174c0b3afc..f8ddaf40bd 100644 --- a/src/Module/Calendar/Event/API.php +++ b/src/Module/Calendar/Event/API.php @@ -170,12 +170,12 @@ class API extends BaseModule $type = 'event'; $params = [ - 'summary' => $summary, - 'description' => $desc, - 'location' => $location, - 'start' => $strStartDateTime, - 'finish' => $strFinishDateTime, - 'nofinish' => $noFinish, + 'summary' => $summary, + 'desc' => $desc, + 'location' => $location, + 'start' => $strStartDateTime, + 'finish' => $strFinishDateTime, + 'nofinish' => $noFinish, ]; $action = empty($eventId) ? 'new' : 'edit/' . $eventId; From 349436a77a3ff41b54c1828b90fcfad1a89aaab7 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Fri, 2 Dec 2022 19:37:39 -0500 Subject: [PATCH 2/5] Fix event start time not being properly converted to UTC - This was triggering unexpected time comparison errors --- src/Module/Calendar/Event/API.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Module/Calendar/Event/API.php b/src/Module/Calendar/Event/API.php index f8ddaf40bd..ab9a5b5772 100644 --- a/src/Module/Calendar/Event/API.php +++ b/src/Module/Calendar/Event/API.php @@ -152,7 +152,7 @@ class API extends BaseModule $share = intval($request['share'] ?? 0); $isPreview = intval($request['preview'] ?? 0); - $start = DateTimeFormat::convert($strStartDateTime ?? DBA::NULL_DATETIME, $this->timezone); + $start = DateTimeFormat::convert($strStartDateTime ?? DBA::NULL_DATETIME, 'UTC', $this->timezone); if (!$noFinish) { $finish = DateTimeFormat::convert($strFinishDateTime ?? DBA::NULL_DATETIME, 'UTC', $this->timezone); } else { From 2f42606c43fb24a1b61a24df19e713fae7bfa7be Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Fri, 2 Dec 2022 19:40:39 -0500 Subject: [PATCH 3/5] Add information about BBCode availability in event fields --- src/Module/Calendar/Event/Form.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/Module/Calendar/Event/Form.php b/src/Module/Calendar/Event/Form.php index 2e8dec7faa..74877f0afd 100644 --- a/src/Module/Calendar/Event/Form.php +++ b/src/Module/Calendar/Event/Form.php @@ -234,13 +234,13 @@ class Form extends BaseModule 'start_text' ), - '$d_text' => $this->t('Description:'), - '$d_orig' => $d_orig, - '$l_text' => $this->t('Location:'), - '$l_orig' => $l_orig, - '$t_text' => $this->t('Title:') . ' *', + '$t_text' => $this->t('Title (BBCode not allowed)') . ' *', '$t_orig' => $t_orig, - '$summary' => ['summary', $this->t('Title:'), $t_orig, '', '*'], + '$d_text' => $this->t('Description (BBCode allowed)'), + '$d_orig' => $d_orig, + '$l_text' => $this->t('Location (BBCode not allowed)'), + '$l_orig' => $l_orig, + '$summary' => ['summary', $this->t('Title (BBCode not allowed)'), $t_orig, '', '*'], '$sh_text' => $this->t('Share this event'), '$share' => ['share', $this->t('Share this event'), $share_checked, '', $share_disabled], '$sh_checked' => $share_checked, From a0752b1161ca75b23612a3304caf03c355cfd187 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Fri, 2 Dec 2022 19:41:46 -0500 Subject: [PATCH 4/5] Escape HTML in event mapping callback - This prevents arbitrary Javascript from being executed from the calendar view --- src/Module/Calendar/Event/Get.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/Module/Calendar/Event/Get.php b/src/Module/Calendar/Event/Get.php index 9bb86a7232..9ed2045f50 100644 --- a/src/Module/Calendar/Event/Get.php +++ b/src/Module/Calendar/Event/Get.php @@ -34,6 +34,7 @@ use Friendica\Module\Response; use Friendica\Network\HTTPException; use Friendica\Util\DateTimeFormat; use Friendica\Util\Profiler; +use Friendica\Util\Strings; use Psr\Log\LoggerInterface; /** @@ -82,12 +83,12 @@ class Get extends \Friendica\BaseModule return [ 'id' => $event['id'], - 'title' => $event['summary'], + 'title' => Strings::escapeHtml($event['summary']), 'start' => DateTimeFormat::local($event['start']), 'end' => DateTimeFormat::local($event['finish']), 'nofinish' => $event['nofinish'], - 'desc' => $event['desc'], - 'location' => $event['location'], + 'desc' => Strings::escapeHtml($event['desc']), + 'location' => Strings::escapeHtml($event['location']), 'item' => $item, ]; }, $events); From 82c2e686d710a8845f228676c379f786afea8fd0 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Fri, 2 Dec 2022 19:46:23 -0500 Subject: [PATCH 5/5] Updating main translation file after updating a few strings --- view/lang/C/messages.po | 98 ++++++++++++++++++++++------------------- 1 file changed, 52 insertions(+), 46 deletions(-) diff --git a/view/lang/C/messages.po b/view/lang/C/messages.po index ffc7680a3b..294256fd9a 100644 --- a/view/lang/C/messages.po +++ b/view/lang/C/messages.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: 2022.12-dev\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-12-03 21:11+0000\n" +"POT-Creation-Date: 2022-12-04 06:41-0500\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -2151,9 +2151,8 @@ msgstr "" #: src/Content/Widget/VCard.php:104 src/Model/Event.php:82 #: src/Model/Event.php:109 src/Model/Event.php:471 src/Model/Event.php:958 -#: src/Model/Profile.php:373 src/Module/Calendar/Event/Form.php:239 -#: src/Module/Contact/Profile.php:369 src/Module/Directory.php:147 -#: src/Module/Notifications/Introductions.php:187 +#: src/Model/Profile.php:373 src/Module/Contact/Profile.php:369 +#: src/Module/Directory.php:147 src/Module/Notifications/Introductions.php:187 #: src/Module/Profile/Profile.php:186 msgid "Location:" msgstr "" @@ -3295,7 +3294,7 @@ msgstr "" msgid "Contact information and Social Networks" msgstr "" -#: src/Model/User.php:212 src/Model/User.php:1100 +#: src/Model/User.php:212 src/Model/User.php:1102 msgid "SERIOUS ERROR: Generation of security keys failed." msgstr "" @@ -3307,134 +3306,134 @@ msgstr "" msgid "Not enough information to authenticate" msgstr "" -#: src/Model/User.php:750 +#: src/Model/User.php:752 msgid "Password can't be empty" msgstr "" -#: src/Model/User.php:792 +#: src/Model/User.php:794 msgid "Empty passwords are not allowed." msgstr "" -#: src/Model/User.php:796 +#: src/Model/User.php:798 msgid "" "The new password has been exposed in a public data dump, please choose " "another." msgstr "" -#: src/Model/User.php:800 +#: src/Model/User.php:802 msgid "The password length is limited to 72 characters." msgstr "" -#: src/Model/User.php:804 +#: src/Model/User.php:806 msgid "" "The password can't contain accentuated letters, white spaces or colons (:)" msgstr "" -#: src/Model/User.php:983 +#: src/Model/User.php:985 msgid "Passwords do not match. Password unchanged." msgstr "" -#: src/Model/User.php:990 +#: src/Model/User.php:992 msgid "An invitation is required." msgstr "" -#: src/Model/User.php:994 +#: src/Model/User.php:996 msgid "Invitation could not be verified." msgstr "" -#: src/Model/User.php:1002 +#: src/Model/User.php:1004 msgid "Invalid OpenID url" msgstr "" -#: src/Model/User.php:1015 src/Security/Authentication.php:241 +#: src/Model/User.php:1017 src/Security/Authentication.php:241 msgid "" "We encountered a problem while logging in with the OpenID you provided. " "Please check the correct spelling of the ID." msgstr "" -#: src/Model/User.php:1015 src/Security/Authentication.php:241 +#: src/Model/User.php:1017 src/Security/Authentication.php:241 msgid "The error message was:" msgstr "" -#: src/Model/User.php:1021 +#: src/Model/User.php:1023 msgid "Please enter the required information." msgstr "" -#: src/Model/User.php:1035 +#: src/Model/User.php:1037 #, php-format msgid "" "system.username_min_length (%s) and system.username_max_length (%s) are " "excluding each other, swapping values." msgstr "" -#: src/Model/User.php:1042 +#: src/Model/User.php:1044 #, php-format msgid "Username should be at least %s character." msgid_plural "Username should be at least %s characters." msgstr[0] "" msgstr[1] "" -#: src/Model/User.php:1046 +#: src/Model/User.php:1048 #, php-format msgid "Username should be at most %s character." msgid_plural "Username should be at most %s characters." msgstr[0] "" msgstr[1] "" -#: src/Model/User.php:1054 +#: src/Model/User.php:1056 msgid "That doesn't appear to be your full (First Last) name." msgstr "" -#: src/Model/User.php:1059 +#: src/Model/User.php:1061 msgid "Your email domain is not among those allowed on this site." msgstr "" -#: src/Model/User.php:1063 +#: src/Model/User.php:1065 msgid "Not a valid email address." msgstr "" -#: src/Model/User.php:1066 +#: src/Model/User.php:1068 msgid "The nickname was blocked from registration by the nodes admin." msgstr "" -#: src/Model/User.php:1070 src/Model/User.php:1076 +#: src/Model/User.php:1072 src/Model/User.php:1078 msgid "Cannot use that email." msgstr "" -#: src/Model/User.php:1082 +#: src/Model/User.php:1084 msgid "Your nickname can only contain a-z, 0-9 and _." msgstr "" -#: src/Model/User.php:1090 src/Model/User.php:1147 +#: src/Model/User.php:1092 src/Model/User.php:1149 msgid "Nickname is already registered. Please choose another." msgstr "" -#: src/Model/User.php:1134 src/Model/User.php:1138 +#: src/Model/User.php:1136 src/Model/User.php:1140 msgid "An error occurred during registration. Please try again." msgstr "" -#: src/Model/User.php:1161 +#: src/Model/User.php:1163 msgid "An error occurred creating your default profile. Please try again." msgstr "" -#: src/Model/User.php:1168 +#: src/Model/User.php:1170 msgid "An error occurred creating your self contact. Please try again." msgstr "" -#: src/Model/User.php:1173 +#: src/Model/User.php:1175 msgid "Friends" msgstr "" -#: src/Model/User.php:1177 +#: src/Model/User.php:1179 msgid "" "An error occurred creating your default contact group. Please try again." msgstr "" -#: src/Model/User.php:1216 +#: src/Model/User.php:1218 msgid "Profile Photos" msgstr "" -#: src/Model/User.php:1409 +#: src/Model/User.php:1411 #, php-format msgid "" "\n" @@ -3442,7 +3441,7 @@ msgid "" "\t\t\tthe administrator of %2$s has set up an account for you." msgstr "" -#: src/Model/User.php:1412 +#: src/Model/User.php:1414 #, php-format msgid "" "\n" @@ -3480,12 +3479,12 @@ msgid "" "\t\tThank you and welcome to %4$s." msgstr "" -#: src/Model/User.php:1445 src/Model/User.php:1552 +#: src/Model/User.php:1447 src/Model/User.php:1554 #, php-format msgid "Registration details for %s" msgstr "" -#: src/Model/User.php:1465 +#: src/Model/User.php:1467 #, php-format msgid "" "\n" @@ -3501,12 +3500,12 @@ msgid "" "\t\t" msgstr "" -#: src/Model/User.php:1484 +#: src/Model/User.php:1486 #, php-format msgid "Registration at %s" msgstr "" -#: src/Model/User.php:1508 +#: src/Model/User.php:1510 #, php-format msgid "" "\n" @@ -3515,7 +3514,7 @@ msgid "" "\t\t\t" msgstr "" -#: src/Model/User.php:1516 +#: src/Model/User.php:1518 #, php-format msgid "" "\n" @@ -5492,7 +5491,7 @@ msgid "Event Starts:" msgstr "" #: src/Module/Calendar/Event/Form.php:209 -#: src/Module/Calendar/Event/Form.php:241 src/Module/Debug/Probe.php:59 +#: src/Module/Calendar/Event/Form.php:237 src/Module/Debug/Probe.php:59 #: src/Module/Install.php:207 src/Module/Install.php:240 #: src/Module/Install.php:245 src/Module/Install.php:264 #: src/Module/Install.php:275 src/Module/Install.php:280 @@ -5523,14 +5522,17 @@ msgstr "" msgid "Event Finishes:" msgstr "" -#: src/Module/Calendar/Event/Form.php:237 src/Module/Profile/Profile.php:164 -#: src/Module/Settings/Profile/Index.php:247 -msgid "Description:" +#: src/Module/Calendar/Event/Form.php:237 +#: src/Module/Calendar/Event/Form.php:243 +msgid "Title (BBCode not allowed)" +msgstr "" + +#: src/Module/Calendar/Event/Form.php:239 +msgid "Description (BBCode allowed)" msgstr "" #: src/Module/Calendar/Event/Form.php:241 -#: src/Module/Calendar/Event/Form.php:243 -msgid "Title:" +msgid "Location (BBCode not allowed)" msgstr "" #: src/Module/Calendar/Event/Form.php:244 @@ -8239,6 +8241,10 @@ msgid_plural "%d years old" msgstr[0] "" msgstr[1] "" +#: src/Module/Profile/Profile.php:164 src/Module/Settings/Profile/Index.php:247 +msgid "Description:" +msgstr "" + #: src/Module/Profile/Profile.php:226 msgid "Forums:" msgstr ""