From e7599d49b0ece7ceef3a4e8d334782cc3df98be8 Mon Sep 17 00:00:00 2001
From: Thorsten Rinne
Date: Tue, 11 Apr 2023 06:47:28 +0200
Subject: [PATCH] fix: cleanup content before sending it to the user
---
phpmyfaq/faq.php | 2 ++
phpmyfaq/src/phpMyFAQ/Helper/FaqHelper.php | 21 +++++++++++++++++++++
tests/phpMyFAQ/Helper/FaqHelperTest.php | 10 ++++++++++
3 files changed, 33 insertions(+)
diff --git a/phpmyfaq/faq.php b/phpmyfaq/faq.php
index 578ae55a8e..bb7cf27b94 100644
--- a/phpmyfaq/faq.php
+++ b/phpmyfaq/faq.php
@@ -105,6 +105,8 @@
$answer = $faqHelper->renderMarkupContent($faq->faqRecord['content']);
}
+$answer = $faqHelper->cleanUpContent($answer);
+
// Rewrite URL fragments
$currentUrl = htmlspecialchars("//{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}", ENT_QUOTES, 'UTF-8');
$answer = $faqHelper->rewriteUrlFragments($answer, $currentUrl);
diff --git a/phpmyfaq/src/phpMyFAQ/Helper/FaqHelper.php b/phpmyfaq/src/phpMyFAQ/Helper/FaqHelper.php
index cd8dc505a8..c482b1a712 100644
--- a/phpmyfaq/src/phpMyFAQ/Helper/FaqHelper.php
+++ b/phpmyfaq/src/phpMyFAQ/Helper/FaqHelper.php
@@ -17,6 +17,7 @@
namespace phpMyFAQ\Helper;
+use DOMDocument;
use Exception;
use ParsedownExtra;
use phpMyFAQ\Category;
@@ -226,4 +227,24 @@ public function createFaqUrl(FaqEntity $faqEntity, int $categoryId): string
$faqEntity->getLanguage()
);
}
+
+ /**
+ * Remove
';
+ $expectedOutput = 'Some text
';
+
+ $actualOutput = $this->faqHelper->cleanUpContent($content);
+
+ $this->assertEquals($expectedOutput, $actualOutput);
+ }
}