Merge pull request #12313 from MrPetovan/bug/12312-calendar-JS

Escape HTML in event mapping callback
This commit is contained in:
Philipp 2022-12-04 12:53:00 +01:00 committed by GitHub
commit 3d73c452df
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 69 additions and 62 deletions

View file

@ -152,7 +152,7 @@ class API extends BaseModule
$share = intval($request['share'] ?? 0); $share = intval($request['share'] ?? 0);
$isPreview = intval($request['preview'] ?? 0); $isPreview = intval($request['preview'] ?? 0);
$start = DateTimeFormat::convert($strStartDateTime ?? DBA::NULL_DATETIME, $this->timezone); $start = DateTimeFormat::convert($strStartDateTime ?? DBA::NULL_DATETIME, 'UTC', $this->timezone);
if (!$noFinish) { if (!$noFinish) {
$finish = DateTimeFormat::convert($strFinishDateTime ?? DBA::NULL_DATETIME, 'UTC', $this->timezone); $finish = DateTimeFormat::convert($strFinishDateTime ?? DBA::NULL_DATETIME, 'UTC', $this->timezone);
} else { } else {
@ -170,12 +170,12 @@ class API extends BaseModule
$type = 'event'; $type = 'event';
$params = [ $params = [
'summary' => $summary, 'summary' => $summary,
'description' => $desc, 'desc' => $desc,
'location' => $location, 'location' => $location,
'start' => $strStartDateTime, 'start' => $strStartDateTime,
'finish' => $strFinishDateTime, 'finish' => $strFinishDateTime,
'nofinish' => $noFinish, 'nofinish' => $noFinish,
]; ];
$action = empty($eventId) ? 'new' : 'edit/' . $eventId; $action = empty($eventId) ? 'new' : 'edit/' . $eventId;

View file

@ -234,13 +234,13 @@ class Form extends BaseModule
'start_text' 'start_text'
), ),
'$d_text' => $this->t('Description:'), '$t_text' => $this->t('Title (BBCode not allowed)') . ' <span class="required" title="' . $this->t('Required') . '">*</span>',
'$d_orig' => $d_orig,
'$l_text' => $this->t('Location:'),
'$l_orig' => $l_orig,
'$t_text' => $this->t('Title:') . ' <span class="required" title="' . $this->t('Required') . '">*</span>',
'$t_orig' => $t_orig, '$t_orig' => $t_orig,
'$summary' => ['summary', $this->t('Title:'), $t_orig, '', '*'], '$d_text' => $this->t('Description (BBCode allowed)'),
'$d_orig' => $d_orig,
'$l_text' => $this->t('Location (BBCode not allowed)'),
'$l_orig' => $l_orig,
'$summary' => ['summary', $this->t('Title (BBCode not allowed)'), $t_orig, '', '*'],
'$sh_text' => $this->t('Share this event'), '$sh_text' => $this->t('Share this event'),
'$share' => ['share', $this->t('Share this event'), $share_checked, '', $share_disabled], '$share' => ['share', $this->t('Share this event'), $share_checked, '', $share_disabled],
'$sh_checked' => $share_checked, '$sh_checked' => $share_checked,

View file

@ -34,6 +34,7 @@ use Friendica\Module\Response;
use Friendica\Network\HTTPException; use Friendica\Network\HTTPException;
use Friendica\Util\DateTimeFormat; use Friendica\Util\DateTimeFormat;
use Friendica\Util\Profiler; use Friendica\Util\Profiler;
use Friendica\Util\Strings;
use Psr\Log\LoggerInterface; use Psr\Log\LoggerInterface;
/** /**
@ -82,12 +83,12 @@ class Get extends \Friendica\BaseModule
return [ return [
'id' => $event['id'], 'id' => $event['id'],
'title' => $event['summary'], 'title' => Strings::escapeHtml($event['summary']),
'start' => DateTimeFormat::local($event['start']), 'start' => DateTimeFormat::local($event['start']),
'end' => DateTimeFormat::local($event['finish']), 'end' => DateTimeFormat::local($event['finish']),
'nofinish' => $event['nofinish'], 'nofinish' => $event['nofinish'],
'desc' => $event['desc'], 'desc' => Strings::escapeHtml($event['desc']),
'location' => $event['location'], 'location' => Strings::escapeHtml($event['location']),
'item' => $item, 'item' => $item,
]; ];
}, $events); }, $events);

View file

@ -8,7 +8,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: 2022.12-dev\n" "Project-Id-Version: 2022.12-dev\n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2022-12-03 21:11+0000\n" "POT-Creation-Date: 2022-12-04 06:41-0500\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@ -2151,9 +2151,8 @@ msgstr ""
#: src/Content/Widget/VCard.php:104 src/Model/Event.php:82 #: src/Content/Widget/VCard.php:104 src/Model/Event.php:82
#: src/Model/Event.php:109 src/Model/Event.php:471 src/Model/Event.php:958 #: src/Model/Event.php:109 src/Model/Event.php:471 src/Model/Event.php:958
#: src/Model/Profile.php:373 src/Module/Calendar/Event/Form.php:239 #: src/Model/Profile.php:373 src/Module/Contact/Profile.php:369
#: src/Module/Contact/Profile.php:369 src/Module/Directory.php:147 #: src/Module/Directory.php:147 src/Module/Notifications/Introductions.php:187
#: src/Module/Notifications/Introductions.php:187
#: src/Module/Profile/Profile.php:186 #: src/Module/Profile/Profile.php:186
msgid "Location:" msgid "Location:"
msgstr "" msgstr ""
@ -3295,7 +3294,7 @@ msgstr ""
msgid "Contact information and Social Networks" msgid "Contact information and Social Networks"
msgstr "" msgstr ""
#: src/Model/User.php:212 src/Model/User.php:1100 #: src/Model/User.php:212 src/Model/User.php:1102
msgid "SERIOUS ERROR: Generation of security keys failed." msgid "SERIOUS ERROR: Generation of security keys failed."
msgstr "" msgstr ""
@ -3307,134 +3306,134 @@ msgstr ""
msgid "Not enough information to authenticate" msgid "Not enough information to authenticate"
msgstr "" msgstr ""
#: src/Model/User.php:750 #: src/Model/User.php:752
msgid "Password can't be empty" msgid "Password can't be empty"
msgstr "" msgstr ""
#: src/Model/User.php:792 #: src/Model/User.php:794
msgid "Empty passwords are not allowed." msgid "Empty passwords are not allowed."
msgstr "" msgstr ""
#: src/Model/User.php:796 #: src/Model/User.php:798
msgid "" msgid ""
"The new password has been exposed in a public data dump, please choose " "The new password has been exposed in a public data dump, please choose "
"another." "another."
msgstr "" msgstr ""
#: src/Model/User.php:800 #: src/Model/User.php:802
msgid "The password length is limited to 72 characters." msgid "The password length is limited to 72 characters."
msgstr "" msgstr ""
#: src/Model/User.php:804 #: src/Model/User.php:806
msgid "" msgid ""
"The password can't contain accentuated letters, white spaces or colons (:)" "The password can't contain accentuated letters, white spaces or colons (:)"
msgstr "" msgstr ""
#: src/Model/User.php:983 #: src/Model/User.php:985
msgid "Passwords do not match. Password unchanged." msgid "Passwords do not match. Password unchanged."
msgstr "" msgstr ""
#: src/Model/User.php:990 #: src/Model/User.php:992
msgid "An invitation is required." msgid "An invitation is required."
msgstr "" msgstr ""
#: src/Model/User.php:994 #: src/Model/User.php:996
msgid "Invitation could not be verified." msgid "Invitation could not be verified."
msgstr "" msgstr ""
#: src/Model/User.php:1002 #: src/Model/User.php:1004
msgid "Invalid OpenID url" msgid "Invalid OpenID url"
msgstr "" msgstr ""
#: src/Model/User.php:1015 src/Security/Authentication.php:241 #: src/Model/User.php:1017 src/Security/Authentication.php:241
msgid "" msgid ""
"We encountered a problem while logging in with the OpenID you provided. " "We encountered a problem while logging in with the OpenID you provided. "
"Please check the correct spelling of the ID." "Please check the correct spelling of the ID."
msgstr "" msgstr ""
#: src/Model/User.php:1015 src/Security/Authentication.php:241 #: src/Model/User.php:1017 src/Security/Authentication.php:241
msgid "The error message was:" msgid "The error message was:"
msgstr "" msgstr ""
#: src/Model/User.php:1021 #: src/Model/User.php:1023
msgid "Please enter the required information." msgid "Please enter the required information."
msgstr "" msgstr ""
#: src/Model/User.php:1035 #: src/Model/User.php:1037
#, php-format #, php-format
msgid "" msgid ""
"system.username_min_length (%s) and system.username_max_length (%s) are " "system.username_min_length (%s) and system.username_max_length (%s) are "
"excluding each other, swapping values." "excluding each other, swapping values."
msgstr "" msgstr ""
#: src/Model/User.php:1042 #: src/Model/User.php:1044
#, php-format #, php-format
msgid "Username should be at least %s character." msgid "Username should be at least %s character."
msgid_plural "Username should be at least %s characters." msgid_plural "Username should be at least %s characters."
msgstr[0] "" msgstr[0] ""
msgstr[1] "" msgstr[1] ""
#: src/Model/User.php:1046 #: src/Model/User.php:1048
#, php-format #, php-format
msgid "Username should be at most %s character." msgid "Username should be at most %s character."
msgid_plural "Username should be at most %s characters." msgid_plural "Username should be at most %s characters."
msgstr[0] "" msgstr[0] ""
msgstr[1] "" msgstr[1] ""
#: src/Model/User.php:1054 #: src/Model/User.php:1056
msgid "That doesn't appear to be your full (First Last) name." msgid "That doesn't appear to be your full (First Last) name."
msgstr "" msgstr ""
#: src/Model/User.php:1059 #: src/Model/User.php:1061
msgid "Your email domain is not among those allowed on this site." msgid "Your email domain is not among those allowed on this site."
msgstr "" msgstr ""
#: src/Model/User.php:1063 #: src/Model/User.php:1065
msgid "Not a valid email address." msgid "Not a valid email address."
msgstr "" msgstr ""
#: src/Model/User.php:1066 #: src/Model/User.php:1068
msgid "The nickname was blocked from registration by the nodes admin." msgid "The nickname was blocked from registration by the nodes admin."
msgstr "" msgstr ""
#: src/Model/User.php:1070 src/Model/User.php:1076 #: src/Model/User.php:1072 src/Model/User.php:1078
msgid "Cannot use that email." msgid "Cannot use that email."
msgstr "" msgstr ""
#: src/Model/User.php:1082 #: src/Model/User.php:1084
msgid "Your nickname can only contain a-z, 0-9 and _." msgid "Your nickname can only contain a-z, 0-9 and _."
msgstr "" msgstr ""
#: src/Model/User.php:1090 src/Model/User.php:1147 #: src/Model/User.php:1092 src/Model/User.php:1149
msgid "Nickname is already registered. Please choose another." msgid "Nickname is already registered. Please choose another."
msgstr "" msgstr ""
#: src/Model/User.php:1134 src/Model/User.php:1138 #: src/Model/User.php:1136 src/Model/User.php:1140
msgid "An error occurred during registration. Please try again." msgid "An error occurred during registration. Please try again."
msgstr "" msgstr ""
#: src/Model/User.php:1161 #: src/Model/User.php:1163
msgid "An error occurred creating your default profile. Please try again." msgid "An error occurred creating your default profile. Please try again."
msgstr "" msgstr ""
#: src/Model/User.php:1168 #: src/Model/User.php:1170
msgid "An error occurred creating your self contact. Please try again." msgid "An error occurred creating your self contact. Please try again."
msgstr "" msgstr ""
#: src/Model/User.php:1173 #: src/Model/User.php:1175
msgid "Friends" msgid "Friends"
msgstr "" msgstr ""
#: src/Model/User.php:1177 #: src/Model/User.php:1179
msgid "" msgid ""
"An error occurred creating your default contact group. Please try again." "An error occurred creating your default contact group. Please try again."
msgstr "" msgstr ""
#: src/Model/User.php:1216 #: src/Model/User.php:1218
msgid "Profile Photos" msgid "Profile Photos"
msgstr "" msgstr ""
#: src/Model/User.php:1409 #: src/Model/User.php:1411
#, php-format #, php-format
msgid "" msgid ""
"\n" "\n"
@ -3442,7 +3441,7 @@ msgid ""
"\t\t\tthe administrator of %2$s has set up an account for you." "\t\t\tthe administrator of %2$s has set up an account for you."
msgstr "" msgstr ""
#: src/Model/User.php:1412 #: src/Model/User.php:1414
#, php-format #, php-format
msgid "" msgid ""
"\n" "\n"
@ -3480,12 +3479,12 @@ msgid ""
"\t\tThank you and welcome to %4$s." "\t\tThank you and welcome to %4$s."
msgstr "" msgstr ""
#: src/Model/User.php:1445 src/Model/User.php:1552 #: src/Model/User.php:1447 src/Model/User.php:1554
#, php-format #, php-format
msgid "Registration details for %s" msgid "Registration details for %s"
msgstr "" msgstr ""
#: src/Model/User.php:1465 #: src/Model/User.php:1467
#, php-format #, php-format
msgid "" msgid ""
"\n" "\n"
@ -3501,12 +3500,12 @@ msgid ""
"\t\t" "\t\t"
msgstr "" msgstr ""
#: src/Model/User.php:1484 #: src/Model/User.php:1486
#, php-format #, php-format
msgid "Registration at %s" msgid "Registration at %s"
msgstr "" msgstr ""
#: src/Model/User.php:1508 #: src/Model/User.php:1510
#, php-format #, php-format
msgid "" msgid ""
"\n" "\n"
@ -3515,7 +3514,7 @@ msgid ""
"\t\t\t" "\t\t\t"
msgstr "" msgstr ""
#: src/Model/User.php:1516 #: src/Model/User.php:1518
#, php-format #, php-format
msgid "" msgid ""
"\n" "\n"
@ -5492,7 +5491,7 @@ msgid "Event Starts:"
msgstr "" msgstr ""
#: src/Module/Calendar/Event/Form.php:209 #: src/Module/Calendar/Event/Form.php:209
#: src/Module/Calendar/Event/Form.php:241 src/Module/Debug/Probe.php:59 #: src/Module/Calendar/Event/Form.php:237 src/Module/Debug/Probe.php:59
#: src/Module/Install.php:207 src/Module/Install.php:240 #: src/Module/Install.php:207 src/Module/Install.php:240
#: src/Module/Install.php:245 src/Module/Install.php:264 #: src/Module/Install.php:245 src/Module/Install.php:264
#: src/Module/Install.php:275 src/Module/Install.php:280 #: src/Module/Install.php:275 src/Module/Install.php:280
@ -5523,14 +5522,17 @@ msgstr ""
msgid "Event Finishes:" msgid "Event Finishes:"
msgstr "" msgstr ""
#: src/Module/Calendar/Event/Form.php:237 src/Module/Profile/Profile.php:164 #: src/Module/Calendar/Event/Form.php:237
#: src/Module/Settings/Profile/Index.php:247 #: src/Module/Calendar/Event/Form.php:243
msgid "Description:" msgid "Title (BBCode not allowed)"
msgstr ""
#: src/Module/Calendar/Event/Form.php:239
msgid "Description (BBCode allowed)"
msgstr "" msgstr ""
#: src/Module/Calendar/Event/Form.php:241 #: src/Module/Calendar/Event/Form.php:241
#: src/Module/Calendar/Event/Form.php:243 msgid "Location (BBCode not allowed)"
msgid "Title:"
msgstr "" msgstr ""
#: src/Module/Calendar/Event/Form.php:244 #: src/Module/Calendar/Event/Form.php:244
@ -8239,6 +8241,10 @@ msgid_plural "%d years old"
msgstr[0] "" msgstr[0] ""
msgstr[1] "" msgstr[1] ""
#: src/Module/Profile/Profile.php:164 src/Module/Settings/Profile/Index.php:247
msgid "Description:"
msgstr ""
#: src/Module/Profile/Profile.php:226 #: src/Module/Profile/Profile.php:226
msgid "Forums:" msgid "Forums:"
msgstr "" msgstr ""