hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-13 13:03:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix #1622 : Sanitize captions display

Browse Source
This commit is contained in:
Romain Neutron
2013-12-17 11:29:30 +01:00
parent c788daa1e9
commit f0d632073b
11 changed files with 34 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lib/Alchemy/Phrasea/Application.php
View File

@@ -611,10 +611,24 @@ class Application extends SilexApplication
$twig->addFilter('base_from_coll', new \Twig_Filter_Function('phrasea::baseFromColl'));
$twig->addFilter('AppName', new \Twig_Filter_Function('Alchemy\Phrasea\Controller\Admin\ConnectedUsers::appName'));
$twig->addFilter(new \Twig_SimpleFilter('escapeSimpleQuote', function ($value) {
$ret = str_replace("'", "\'", $value);
$ret = str_replace("'", "\\'", $value);
return $ret;
}));
$twig->addFilter(new \Twig_SimpleFilter('thesaurus', function (\Twig_Environment $twig, $value) {
if (!$value instanceof \ThesaurusValue) {
return twig_escape_filter($twig, str_replace(array('[[em]]', '[[/em]]'), array('<em>', '</em>'), $value));
}
return "<a class=\"bounce\" onclick=\"bounce('" . $value->getField()->get_databox()->get_sbas_id() . "','"
. str_replace("'", "\\'", $value->getQuery())
. "', '"
. str_replace("'", "\\'", $value->getField()->get_name())
. "');return(false);\">"
. twig_escape_filter($twig, str_replace(array('[[em]]', '[[/em]]'), array('<em>', '</em>'), $value->getValue()))
. "</a>";
}, array('needs_environment' => true, 'is_safe' => array('html'))));
$twig->addFilter(new \Twig_SimpleFilter('escapeDoubleQuote', function ($value) {
return str_replace('"', '\"', $value);
}));

2
lib/Alchemy/Phrasea/SearchEngine/Phrasea/PhraseaEngine.php
View File

@@ -641,7 +641,7 @@ class PhraseaEngine implements SearchEngineInterface
if ($sxe && $sxe->description && $sxe->description->$name) {
$val = array();
foreach ($sxe->description->$name as $value) {
$val[] = str_replace(array('[[em]]', '[[/em]]'), array('<em>', '</em>'), (string) $value);
$val[] = (string) $value;
}
$separator = $field['separator'] ? $field['separator'][0] : '';
$val = implode(' ' . $separator . ' ', $val);

4
lib/Alchemy/Phrasea/SearchEngine/SphinxSearch/SphinxSearchEngine.php
View File

@@ -552,8 +552,8 @@ class SphinxSearchEngine implements SearchEngineInterface
}
$opts = array(
'before_match' => "<em>",
'after_match' => "</em>",
'before_match' => "[[em]]",
'after_match' => "[[/em]]",
);
$fields_to_send = array();

19
lib/classes/caption/Field/Value.php
View File

@@ -354,7 +354,7 @@ class caption_Field_Value implements cache_cacheableInterface
}
// ---------------- new code ----------------------
$cleanvalue = str_replace(array("<em>", "</em>", "'"), array("", "", "&apos;"), $value);
$cleanvalue = str_replace(array("[[em]]", "[[/em]]", "'"), array("", "", "&apos;"), $value);
list($term_noacc, $context_noacc) = $this->splitTermAndContext($cleanvalue);
$term_noacc = $this->app['unicode']->remove_indexer_chars($term_noacc);
@@ -388,21 +388,10 @@ class caption_Field_Value implements cache_cacheableInterface
}
if($bestnode)
{
list($term, $context) = $this->splitTermAndContext($value);
$term = str_replace(array("<em>", "</em>"), array("", ""), $term);
$context = str_replace(array("<em>", "</em>"), array("", ""), $context);
$qjs = $term;
if ($context) {
$qjs .= " [" . $context . "]";
}
list($term, $context) = $this->splitTermAndContext(str_replace(array("[[em]]", "[[/em]]"), array("", ""), $value));
$qjs = $term . ($context ? '['.$context.']' : '');
$value = "<a class=\"bounce\" onclick=\"bounce('" . $databox->get_sbas_id() . "','"
. str_replace("'", "\'", $qjs)
. "', '"
. str_replace("'", "\'", $this->databox_field->get_name())
. "');return(false);\">"
. $bestnode->getAttribute('v')
. "</a>";
$value = new ThesaurusValue($bestnode->getAttribute('v'), $this->databox_field, $qjs);
}
return $value;

2
templates/web/common/caption_templates/answer.html.twig
View File

@@ -1,6 +1,6 @@
{% macro format_caption(record, highlight, searchEngine, includeBusiness) %}
{% for value in record.get_caption().get_highlight_fields(highlight, null, searchEngine, includeBusiness) %}
<div class="desc{% if loop.index is odd %}im{% endif %}pair"><b>{{ value.label }}</b> : {{value.value|raw}}</div>
<div class="desc{% if loop.index is odd %}im{% endif %}pair"><b>{{ value.label }}</b> : {{ value.value | thesaurus }}</div>
{% endfor %}
{% if app['authentication'].getUser().getPrefs('technical_display') == 'group' %}
<hr/>

2
templates/web/common/caption_templates/basket_element.html.twig
View File

@@ -1,5 +1,5 @@
{% macro format_caption(record, highlight, searchEngine, includeBusiness) %}
{% for value in record.get_caption().get_highlight_fields(highlight, null, searchEngine, includeBusiness) %}
<div class="desc{% if loop.index is odd %}im{% endif %}pair"><b>{{ value.label }}</b> : {{value.value|raw}}</div>
<div class="desc{% if loop.index is odd %}im{% endif %}pair"><b>{{ value.label }}</b> : {{ value.value | thesaurus }}</div>
{% endfor %}
{% endmacro %}

2
templates/web/common/caption_templates/internal_publi.html.twig
View File

@@ -1,6 +1,6 @@
{% macro format_caption(record, highlight, searchEngine, includeBusiness) %}
{% for value in record.get_caption().get_highlight_fields(highlight, null, searchEngine, includeBusiness) %}
<div class="desc{% if loop.index is odd %}im{% endif %}pair"><b>{{ value.label }}</b> : {{value.value|raw}}</div>
<div class="desc{% if loop.index is odd %}im{% endif %}pair"><b>{{ value.label }}</b> : {{ value.value | thesaurus }}</div>
{% endfor %}
{% if app['authentication'].getUser().getPrefs('technical_display') == 'group' %}
<hr/>

2
templates/web/common/caption_templates/lazaret.html.twig
View File

@@ -1,6 +1,6 @@
{% macro format_caption(record, highlight, searchEngine, includeBusiness) %}
{% for value in record.get_caption().get_highlight_fields(highlight, null, searchEngine, includeBusiness) %}
<div class="desc{% if loop.index is odd %}im{% endif %}pair"><b>{{ value.label }}</b> : {{value.value|raw}}</div>
<div class="desc{% if loop.index is odd %}im{% endif %}pair"><b>{{ value.label }}</b> : {{ value.value | thesaurus }}</div>
{% endfor %}
{% if app['authentication'].getUser().getPrefs('technical_display') == 'group' %}
<hr/>

2
templates/web/common/caption_templates/overview.html.twig
View File

@@ -1,5 +1,5 @@
{% macro format_caption(record, highlight, searchEngine, includeBusiness) %}
{% for value in record.get_caption().get_highlight_fields(highlight, null, searchEngine, includeBusiness) %}
<div><b>{{ value.label }}</b> : {{value.value|raw}}</div>
<div><b>{{ value.label }}</b> : {{ value.value }}</div>
{% endfor %}
{% endmacro %}

2
templates/web/common/caption_templates/preview.html.twig
View File

@@ -1,5 +1,5 @@
{% macro format_caption(record, highlight, searchEngine, includeBusiness) %}
{% for value in record.get_caption().get_highlight_fields(highlight, null, searchEngine, includeBusiness) %}
<div class="desc{% if loop.index is odd %}im{% endif %}pair"><b>{{ value.label }}</b> : {{value.value|raw}}</div>
<div class="desc{% if loop.index is odd %}im{% endif %}pair"><b>{{ value.label }}</b> : {{ value.value | thesaurus }}</div>
{% endfor %}
{% endmacro %}

2
tests/Alchemy/Tests/Phrasea/SearchEngine/SearchEngineAbstractTest.php
View File

@@ -754,7 +754,7 @@ abstract class SearchEngineAbstractTest extends \PhraseanetPHPUnitAuthenticatedA
$found = false;
foreach (self::$searchEngine->excerpt($query_string, $fields, $foundRecord) as $field) {
if (strpos($field, '<em>') !== false && strpos($field, '</em>') !== false) {
if (strpos($field, '[[em]]') !== false && strpos($field, '[[/em]]') !== false) {
$found = true;
break;
}