enhanced themefile validation for non-default themes
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
@@ -162,7 +162,7 @@ class Ajax
|
||||
$content = preg_replace("/[\r\n]+/", " ", strip_tags($item->description));
|
||||
$content = substr($content, 0, 150) . "...";
|
||||
|
||||
$items .= UI::twig()->render($this->theme . '/user/newsfeeditem.html.twig', [
|
||||
$items .= UI::twig()->render(UI::validateThemeTemplate('/user/newsfeeditem.html.twig', $this->theme), [
|
||||
'link' => $link,
|
||||
'title' => $title,
|
||||
'date' => $date,
|
||||
@@ -201,7 +201,7 @@ class Ajax
|
||||
$result['last_update_check'] = $uc_data['ts'];
|
||||
$result['channel'] = Settings::Get('system.update_channel');
|
||||
|
||||
$result_rendered = UI::twig()->render($this->theme . '/misc/version_top.html.twig', $result);
|
||||
$result_rendered = UI::twig()->render(UI::validateThemeTemplate('/misc/version_top.html.twig', $this->theme), $result);
|
||||
return $this->jsonResponse($result_rendered);
|
||||
} catch (Exception $e) {
|
||||
// don't display anything if just not allowed due to permissions
|
||||
|
||||
@@ -117,6 +117,6 @@ class Api
|
||||
|
||||
private function stripcslashesDeep($value)
|
||||
{
|
||||
return is_array($value) ? array_map([$this, 'stripcslashesDeep'], $value) : stripcslashes($value);
|
||||
return is_array($value) ? array_map([$this, 'stripcslashesDeep'], $value) : (!empty($value) ? stripcslashes($value) : null);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -148,7 +148,7 @@ class ConfigDisplay
|
||||
if ($lasttype != '' && $lasttype != $_action['type']) {
|
||||
$commands = trim($commands);
|
||||
$numbrows = count(explode("\n", $commands));
|
||||
$configpage .= UI::twig()->render(self::$theme . '/settings/conf/command.html.twig', [
|
||||
$configpage .= UI::twig()->render(UI::validateThemeTemplate('/settings/conf/command.html.twig', self::$theme), [
|
||||
'commands' => $commands,
|
||||
'numbrows' => $numbrows
|
||||
]);
|
||||
@@ -182,7 +182,7 @@ class ConfigDisplay
|
||||
$commands = trim($commands_pre);
|
||||
if ($commands != "") {
|
||||
$numbrows = count(explode("\n", $commands));
|
||||
$commands_pre = UI::twig()->render(self::$theme . '/settings/conf/command.html.twig', [
|
||||
$commands_pre = UI::twig()->render(UI::validateThemeTemplate('/settings/conf/command.html.twig', self::$theme), [
|
||||
'commands' => $commands,
|
||||
'numbrows' => $numbrows
|
||||
]);
|
||||
@@ -190,12 +190,12 @@ class ConfigDisplay
|
||||
$commands = trim($commands_post);
|
||||
if ($commands != "") {
|
||||
$numbrows = count(explode("\n", $commands));
|
||||
$commands_post = UI::twig()->render(self::$theme . '/settings/conf/command.html.twig', [
|
||||
$commands_post = UI::twig()->render(UI::validateThemeTemplate('/settings/conf/command.html.twig', self::$theme), [
|
||||
'commands' => $commands,
|
||||
'numbrows' => $numbrows
|
||||
]);
|
||||
}
|
||||
$configpage .= UI::twig()->render(self::$theme . '/settings/conf/fileblock.html.twig', [
|
||||
$configpage .= UI::twig()->render(UI::validateThemeTemplate('/settings/conf/fileblock.html.twig', self::$theme), [
|
||||
'realname' => $realname,
|
||||
'commands_pre' => $commands_pre,
|
||||
'commands_file' => $commands_file,
|
||||
@@ -210,7 +210,7 @@ class ConfigDisplay
|
||||
$commands = trim($commands);
|
||||
if ($commands != '') {
|
||||
$numbrows = count(explode("\n", $commands));
|
||||
$configpage .= UI::twig()->render(self::$theme . '/settings/conf/command.html.twig', [
|
||||
$configpage .= UI::twig()->render(UI::validateThemeTemplate('/settings/conf/command.html.twig', self::$theme), [
|
||||
'commands' => $commands,
|
||||
'numbrows' => $numbrows
|
||||
]);
|
||||
@@ -233,7 +233,7 @@ class ConfigDisplay
|
||||
$file_content = htmlspecialchars($file_content);
|
||||
$numbrows = count(explode("\n", $file_content));
|
||||
//eval("\$files=\"" . \Froxlor\UI\Template::getTemplate("configfiles/configfiles_file") . "\";");
|
||||
$files = UI::twig()->render(self::$theme . '/settings/conf/file.html.twig', [
|
||||
$files = UI::twig()->render(UI::validateThemeTemplate('/settings/conf/file.html.twig', self::$theme), [
|
||||
'distro_editor' => self::$editor,
|
||||
'realname' => $realname,
|
||||
'numbrows' => $numbrows,
|
||||
|
||||
@@ -92,7 +92,7 @@ class Text
|
||||
$result = $attributes['fields'];
|
||||
$apikey_data = include Froxlor::getInstallDir() . '/lib/formfields/formfield.api_key.php';
|
||||
|
||||
$body = UI::twig()->render(UI::getTheme() . '/user/inline-form.html.twig', [
|
||||
$body = UI::twig()->render(UI::validateThemeTemplate('/user/inline-form.html.twig'), [
|
||||
'formaction' => $linker->getLink(['section' => 'index', 'page' => 'apikeys']),
|
||||
'formdata' => $apikey_data['apikey'],
|
||||
'editid' => $attributes['fields']['id']
|
||||
|
||||
@@ -260,7 +260,18 @@ class UI
|
||||
*/
|
||||
public static function twigBuffer($name, array $context = [])
|
||||
{
|
||||
$template_file = self::getTheme() . '/' . $name;
|
||||
$template_file = self::validateThemeTemplate($name);
|
||||
|
||||
self::$twigbuf[] = [
|
||||
$template_file => $context
|
||||
];
|
||||
}
|
||||
|
||||
public static function validateThemeTemplate(string $name, string $theme = "") {
|
||||
if (empty(trim($theme))) {
|
||||
$theme = self::getTheme();
|
||||
}
|
||||
$template_file = $theme . '/' . $name;
|
||||
if (!file_exists(Froxlor::getInstallDir() . '/templates/' . $template_file)) {
|
||||
PhpHelper::phpErrHandler(E_USER_WARNING, "Template '" . $template_file . "' could not be found, trying fallback theme", __FILE__, __LINE__);
|
||||
$template_file = self::$default_theme . '/'. $name;
|
||||
@@ -268,10 +279,7 @@ class UI
|
||||
PhpHelper::phpErrHandler(E_USER_ERROR, "Unknown template '" . $template_file . "'", __FILE__, __LINE__);
|
||||
}
|
||||
}
|
||||
|
||||
self::$twigbuf[] = [
|
||||
$template_file => $context
|
||||
];
|
||||
return $template_file;
|
||||
}
|
||||
|
||||
public static function getTheme()
|
||||
|
||||
Reference in New Issue
Block a user