maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

enhanced themefile validation for non-default themes

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2023-01-25 13:09:06 +01:00
parent 47938c5082
commit 492cd288bc
5 changed files with 23 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/Froxlor/Ajax/Ajax.php
View File

@@ -162,7 +162,7 @@ class Ajax
$content = preg_replace("/[\r\n]+/", " ", strip_tags($item->description)); $content = preg_replace("/[\r\n]+/", " ", strip_tags($item->description));
$content = substr($content, 0, 150) . "..."; $content = substr($content, 0, 150) . "...";
$items .= UI::twig()->render($this->theme . '/user/newsfeeditem.html.twig', [ $items .= UI::twig()->render(UI::validateThemeTemplate('/user/newsfeeditem.html.twig', $this->theme), [
'link' => $link, 'link' => $link,
'title' => $title, 'title' => $title,
'date' => $date, 'date' => $date,
@@ -201,7 +201,7 @@ class Ajax
$result['last_update_check'] = $uc_data['ts']; $result['last_update_check'] = $uc_data['ts'];
$result['channel'] = Settings::Get('system.update_channel'); $result['channel'] = Settings::Get('system.update_channel');
$result_rendered = UI::twig()->render($this->theme . '/misc/version_top.html.twig', $result); $result_rendered = UI::twig()->render(UI::validateThemeTemplate('/misc/version_top.html.twig', $this->theme), $result);
return $this->jsonResponse($result_rendered); return $this->jsonResponse($result_rendered);
} catch (Exception $e) { } catch (Exception $e) {
// don't display anything if just not allowed due to permissions // don't display anything if just not allowed due to permissions

2
lib/Froxlor/Api/Api.php
View File

@@ -117,6 +117,6 @@ class Api
private function stripcslashesDeep($value) private function stripcslashesDeep($value)
{ {
return is_array($value) ? array_map([$this, 'stripcslashesDeep'], $value) : stripcslashes($value); return is_array($value) ? array_map([$this, 'stripcslashesDeep'], $value) : (!empty($value) ? stripcslashes($value) : null);
} }
} }

12
lib/Froxlor/Config/ConfigDisplay.php
View File

@@ -148,7 +148,7 @@ class ConfigDisplay
if ($lasttype != '' && $lasttype != $_action['type']) { if ($lasttype != '' && $lasttype != $_action['type']) {
$commands = trim($commands); $commands = trim($commands);
$numbrows = count(explode("\n", $commands)); $numbrows = count(explode("\n", $commands));
$configpage .= UI::twig()->render(self::$theme . '/settings/conf/command.html.twig', [ $configpage .= UI::twig()->render(UI::validateThemeTemplate('/settings/conf/command.html.twig', self::$theme), [
'commands' => $commands, 'commands' => $commands,
'numbrows' => $numbrows 'numbrows' => $numbrows
]); ]);
@@ -182,7 +182,7 @@ class ConfigDisplay
$commands = trim($commands_pre); $commands = trim($commands_pre);
if ($commands != "") { if ($commands != "") {
$numbrows = count(explode("\n", $commands)); $numbrows = count(explode("\n", $commands));
$commands_pre = UI::twig()->render(self::$theme . '/settings/conf/command.html.twig', [ $commands_pre = UI::twig()->render(UI::validateThemeTemplate('/settings/conf/command.html.twig', self::$theme), [
'commands' => $commands, 'commands' => $commands,
'numbrows' => $numbrows 'numbrows' => $numbrows
]); ]);
@@ -190,12 +190,12 @@ class ConfigDisplay
$commands = trim($commands_post); $commands = trim($commands_post);
if ($commands != "") { if ($commands != "") {
$numbrows = count(explode("\n", $commands)); $numbrows = count(explode("\n", $commands));
$commands_post = UI::twig()->render(self::$theme . '/settings/conf/command.html.twig', [ $commands_post = UI::twig()->render(UI::validateThemeTemplate('/settings/conf/command.html.twig', self::$theme), [
'commands' => $commands, 'commands' => $commands,
'numbrows' => $numbrows 'numbrows' => $numbrows
]); ]);
} }
$configpage .= UI::twig()->render(self::$theme . '/settings/conf/fileblock.html.twig', [ $configpage .= UI::twig()->render(UI::validateThemeTemplate('/settings/conf/fileblock.html.twig', self::$theme), [
'realname' => $realname, 'realname' => $realname,
'commands_pre' => $commands_pre, 'commands_pre' => $commands_pre,
'commands_file' => $commands_file, 'commands_file' => $commands_file,
@@ -210,7 +210,7 @@ class ConfigDisplay
$commands = trim($commands); $commands = trim($commands);
if ($commands != '') { if ($commands != '') {
$numbrows = count(explode("\n", $commands)); $numbrows = count(explode("\n", $commands));
$configpage .= UI::twig()->render(self::$theme . '/settings/conf/command.html.twig', [ $configpage .= UI::twig()->render(UI::validateThemeTemplate('/settings/conf/command.html.twig', self::$theme), [
'commands' => $commands, 'commands' => $commands,
'numbrows' => $numbrows 'numbrows' => $numbrows
]); ]);
@@ -233,7 +233,7 @@ class ConfigDisplay
$file_content = htmlspecialchars($file_content); $file_content = htmlspecialchars($file_content);
$numbrows = count(explode("\n", $file_content)); $numbrows = count(explode("\n", $file_content));
//eval("\$files=\"" . \Froxlor\UI\Template::getTemplate("configfiles/configfiles_file") . "\";"); //eval("\$files=\"" . \Froxlor\UI\Template::getTemplate("configfiles/configfiles_file") . "\";");
$files = UI::twig()->render(self::$theme . '/settings/conf/file.html.twig', [ $files = UI::twig()->render(UI::validateThemeTemplate('/settings/conf/file.html.twig', self::$theme), [
'distro_editor' => self::$editor, 'distro_editor' => self::$editor,
'realname' => $realname, 'realname' => $realname,
'numbrows' => $numbrows, 'numbrows' => $numbrows,

2
lib/Froxlor/UI/Callbacks/Text.php
View File

@@ -92,7 +92,7 @@ class Text
$result = $attributes['fields']; $result = $attributes['fields'];
$apikey_data = include Froxlor::getInstallDir() . '/lib/formfields/formfield.api_key.php'; $apikey_data = include Froxlor::getInstallDir() . '/lib/formfields/formfield.api_key.php';
$body = UI::twig()->render(UI::getTheme() . '/user/inline-form.html.twig', [ $body = UI::twig()->render(UI::validateThemeTemplate('/user/inline-form.html.twig'), [
'formaction' => $linker->getLink(['section' => 'index', 'page' => 'apikeys']), 'formaction' => $linker->getLink(['section' => 'index', 'page' => 'apikeys']),
'formdata' => $apikey_data['apikey'], 'formdata' => $apikey_data['apikey'],
'editid' => $attributes['fields']['id'] 'editid' => $attributes['fields']['id']

18
lib/Froxlor/UI/Panel/UI.php
View File

@@ -260,7 +260,18 @@ class UI
*/ */
public static function twigBuffer($name, array $context = []) public static function twigBuffer($name, array $context = [])
{ {
$template_file = self::getTheme() . '/' . $name; $template_file = self::validateThemeTemplate($name);
self::$twigbuf[] = [
$template_file => $context
];
}
public static function validateThemeTemplate(string $name, string $theme = "") {
if (empty(trim($theme))) {
$theme = self::getTheme();
}
$template_file = $theme . '/' . $name;
if (!file_exists(Froxlor::getInstallDir() . '/templates/' . $template_file)) { if (!file_exists(Froxlor::getInstallDir() . '/templates/' . $template_file)) {
PhpHelper::phpErrHandler(E_USER_WARNING, "Template '" . $template_file . "' could not be found, trying fallback theme", __FILE__, __LINE__); PhpHelper::phpErrHandler(E_USER_WARNING, "Template '" . $template_file . "' could not be found, trying fallback theme", __FILE__, __LINE__);
$template_file = self::$default_theme . '/'. $name; $template_file = self::$default_theme . '/'. $name;
@@ -268,10 +279,7 @@ class UI
PhpHelper::phpErrHandler(E_USER_ERROR, "Unknown template '" . $template_file . "'", __FILE__, __LINE__); PhpHelper::phpErrHandler(E_USER_ERROR, "Unknown template '" . $template_file . "'", __FILE__, __LINE__);
} }
} }
return $template_file;
self::$twigbuf[] = [
$template_file => $context
];
} }
public static function getTheme() public static function getTheme()