Skip to content

Commit

Permalink
Escaped the html of the user not found message (from the cookie). And…
Browse files Browse the repository at this point in the history 
… escaped all the html when displaying values in the debug bar.

------
Escapado el html del mensaje de usuario no encontrado (de la cookie). Y escapado todo el html al mostrar valores en la barra de debug.
  • Loading branch information
@NeoRazorX
NeoRazorX committed May 4, 2022
1 parent c34b559 commit 23ab1b9
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 61 deletions.
2 changes: 1 addition & 1 deletion Core/App/AppController.php
View file
Expand Up @@ -318,7 +318,7 @@ private function cookieAuth(User &$user)
return false;
}

ToolBox::i18nLog()->warning('login-user-not-found', ['%nick%' => $cookieNick]);
ToolBox::i18nLog()->warning('login-user-not-found', ['%nick%' => htmlspecialchars($cookieNick)]);
return false;
}

Expand Down
71 changes: 11 additions & 60 deletions Core/Base/Debug/DebugBar.php
View file
Expand Up @@ -41,17 +41,11 @@ class DebugBar extends DumbBar
*/
private static $init = [];

/**
* @param string $task
*/
public static function end(string $task = '')
{
self::$end[$task] = microtime(true);
}

/**
* @return string
*/
public function render(): string
{
$items = [];
Expand All @@ -65,38 +59,23 @@ public function render(): string
return '<div class="debugbar"><ul>' . $this->renderItems($items) . '</ul>' . $this->renderSections($items) . '</div>';
}

/**
* @return string
*/
public function renderHead(): string
{
return '<link rel="stylesheet" href="' . FS_ROUTE . '/Dinamic/Assets/CSS/debugbar.css" />'
. '<script src="' . FS_ROUTE . '/Dinamic/Assets/JS/DebugBar.js"></script>';
}

/**
* @param string $task
*/
public static function start(string $task = '')
{
self::$init[$task] = microtime(true);
}

/**
* @param array $items
* @param string $label
* @param array $data
* @param bool $counter
*/
private function addItem(array &$items, string $label, array $data, bool $counter = false)
{
$key = 1 + count($items);
$items[$key] = ['label' => $label, 'data' => $data, 'counter' => $counter];
}

/**
* @param array $items
*/
private function addItemAssets(array &$items)
{
foreach (['css', 'js'] as $type) {
Expand All @@ -108,9 +87,6 @@ private function addItemAssets(array &$items)
}
}

/**
* @param array $items
*/
private function addItemInputs(array &$items)
{
$inputs = [
Expand All @@ -128,20 +104,17 @@ private function addItemInputs(array &$items)
$data = [];
foreach ($rows as $key => $value) {
if (is_array($value)) {
$data[] = [htmlspecialchars($key), json_encode($value)];
$data[] = [$key, json_encode($value)];
continue;
}

$data[] = [htmlspecialchars($key), htmlspecialchars($value)];
$data[] = [$key, $value];
}

$this->addItem($items, $label, $data, true);
}
}

/**
* @param array $items
*/
private function addItemLogs(array &$items)
{
$channels = [];
Expand Down Expand Up @@ -169,9 +142,6 @@ private function addItemLogs(array &$items)
}
}

/**
* @param array $items
*/
private function addItemMemory(array &$items)
{
$usage = memory_get_usage();
Expand All @@ -186,9 +156,6 @@ private function addItemMemory(array &$items)
$this->addItem($items, $label, $data);
}

/**
* @param array $items
*/
private function addItemTimer(array &$items)
{
$totalTime = microtime(true) - self::$init[''];
Expand All @@ -207,9 +174,6 @@ private function addItemTimer(array &$items)
$this->addItem($items, $label, $data);
}

/**
* @param array $items
*/
private function addItemTranslations(array &$items)
{
$i18n = new Translator();
Expand All @@ -220,22 +184,19 @@ private function addItemTranslations(array &$items)
}
}

/**
* @param int $size
*
* @return string
*/
private function getSize(int $size): string
{
$unit = ['b', 'kb', 'mb', 'gb', 'tb', 'pb'];
return round($size / pow(1024, ($i = floor(log($size, 1024)))), 2) . $unit[$i];
}

/**
* @param array $items
*
* @return string
*/
private function noHtml(string $string): string
{
return str_replace(
['<', '>', '"', "'"], ['&lt;', '&gt;', '&quot;', '&#39;'], $string
);
}

private function renderItems(array $items): string
{
$html = '<li class="debugbar-item debugbar-minimize">'
Expand All @@ -254,11 +215,6 @@ private function renderItems(array $items): string
return $html;
}

/**
* @param array $items
*
* @return string
*/
private function renderSections(array $items): string
{
$html = '';
Expand All @@ -271,25 +227,20 @@ private function renderSections(array $items): string
return $html;
}

/**
* @param array $data
*
* @return string
*/
private function renderTable(array $data): string
{
$html = '';
$count = 0;
foreach ($data as $row) {
$count++;
if (false === is_array($row)) {
$html .= '<tr><td>' . $row . '</td></tr>';
$html .= '<tr><td>' . $this->noHtml($row) . '</td></tr>';
continue;
}

$html .= '<tr><td>#' . $count . '</td>';
foreach ($row as $cell) {
$html .= is_array($cell) ? '<td>' . var_export($cell, true) . '</td>' : '<td>' . $cell . '</td>';
$html .= is_array($cell) ? '<td>' . var_export($cell, true) . '</td>' : '<td>' . $this->noHtml($cell) . '</td>';
}
$html .= '</tr>';
}
Expand Down

0 comments on commit 23ab1b9

Please sign in to comment.