Purify forum icons

NamelessMC · Aug 28, 2021 · 2c01512 · 2c01512
1 parent 6dd1d50
commit 2c01512
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/modules/Forum/classes/Forum.php b/modules/Forum/classes/Forum.php
@@ -40,7 +40,7 @@ public function listAllForums($groups = array(0), $user_id = null) {
                 if ($this->forumExist($forum->id, $groups)) {
                     $return[$forum->id]['description'] = Output::getClean($forum->forum_description);
                     $return[$forum->id]['title'] = Output::getClean($forum->forum_title);
-                    $return[$forum->id]['icon'] = htmlspecialchars_decode($forum->icon);
+                    $return[$forum->id]['icon'] = Output::getPurified(Output::getDecoded($forum->icon));
 
                     // Get subforums
                     $forums = $this->_db->orderWhere('forums', 'parent = ' . $forum->id, 'forum_order', 'ASC')->results();
@@ -50,7 +50,7 @@ public function listAllForums($groups = array(0), $user_id = null) {
                                 $return[$forum->id]['subforums'][$item->id] = $item;
                                 $return[$forum->id]['subforums'][$item->id]->forum_title = Output::getClean($item->forum_title);
                                 $return[$forum->id]['subforums'][$item->id]->forum_description = Output::getClean($item->forum_description);
-                                $return[$forum->id]['subforums'][$item->id]->icon = htmlspecialchars_decode($item->icon);
+                                $return[$forum->id]['subforums'][$item->id]->icon = Output::getPurified(Output::getDecoded($item->icon));
                                 $return[$forum->id]['subforums'][$item->id]->link = URL::build('/forum/view/' . $item->id . '-' . $this->titleToURL($item->forum_title));
                                 $return[$forum->id]['subforums'][$item->id]->redirect_to = Output::getClean(htmlspecialchars_decode($item->redirect_url));
 

diff --git a/modules/Forum/pages/forum/view_forum.php b/modules/Forum/pages/forum/view_forum.php
@@ -237,7 +237,7 @@
                     'topics' => $subforum_topics,
                     'link' => URL::build('/forum/view/' . $subforum->id . '-' . $forum->titleToURL($subforum->forum_title)),
                     'latest_post' => $latest_post,
-                    'icon' => Output::getDecoded($subforum->icon),
+                    'icon' => Output::getPurified(Output::getDecoded($subforum->icon)),
                     'redirect' => $subforum->redirect_forum
                 );
             }
@@ -261,7 +261,7 @@
     $smarty->assign('SUBFORUMS', $subforum_array);
     $smarty->assign('SUBFORUM_LANGUAGE', $forum_language->get('forum', 'subforums'));
     $smarty->assign('FORUM_TITLE', Output::getPurified(htmlspecialchars_decode($forum_query->forum_title)));
-    $smarty->assign('FORUM_ICON', htmlspecialchars_decode($forum_query->icon));
+    $smarty->assign('FORUM_ICON', Output::getPurified(Output::getDecoded($forum_query->icon)));
     $smarty->assign('STICKY_TOPICS', $forum_language->get('forum', 'sticky_topics'));
 
     // Can the user post here?