mirror of
https://github.com/alchemy-fr/Phraseanet.git
synced 2025-10-13 13:03:20 +00:00
Fix #1622 : Sanitize captions display
This commit is contained in:
Romain Neutron
@@ -611,10 +611,24 @@ class Application extends SilexApplication
|
||||
$twig->addFilter('base_from_coll', new \Twig_Filter_Function('phrasea::baseFromColl'));
|
||||
$twig->addFilter('AppName', new \Twig_Filter_Function('Alchemy\Phrasea\Controller\Admin\ConnectedUsers::appName'));
|
||||
$twig->addFilter(new \Twig_SimpleFilter('escapeSimpleQuote', function ($value) {
|
||||
$ret = str_replace("'", "\'", $value);
|
||||
$ret = str_replace("'", "\\'", $value);
|
||||
|
||||
return $ret;
|
||||
}));
|
||||
$twig->addFilter(new \Twig_SimpleFilter('thesaurus', function (\Twig_Environment $twig, $value) {
|
||||
if (!$value instanceof \ThesaurusValue) {
|
||||
return twig_escape_filter($twig, str_replace(array('[[em]]', '[[/em]]'), array('<em>', '</em>'), $value));
|
||||
}
|
||||
|
||||
return "<a class=\"bounce\" onclick=\"bounce('" . $value->getField()->get_databox()->get_sbas_id() . "','"
|
||||
. str_replace("'", "\\'", $value->getQuery())
|
||||
. "', '"
|
||||
. str_replace("'", "\\'", $value->getField()->get_name())
|
||||
. "');return(false);\">"
|
||||
. twig_escape_filter($twig, str_replace(array('[[em]]', '[[/em]]'), array('<em>', '</em>'), $value->getValue()))
|
||||
. "</a>";
|
||||
}, array('needs_environment' => true, 'is_safe' => array('html'))));
|
||||
|
||||
$twig->addFilter(new \Twig_SimpleFilter('escapeDoubleQuote', function ($value) {
|
||||
return str_replace('"', '\"', $value);
|
||||
}));
|
||||
|
||||
@@ -641,7 +641,7 @@ class PhraseaEngine implements SearchEngineInterface
|
||||
if ($sxe && $sxe->description && $sxe->description->$name) {
|
||||
$val = array();
|
||||
foreach ($sxe->description->$name as $value) {
|
||||
$val[] = str_replace(array('[[em]]', '[[/em]]'), array('<em>', '</em>'), (string) $value);
|
||||
$val[] = (string) $value;
|
||||
}
|
||||
$separator = $field['separator'] ? $field['separator'][0] : '';
|
||||
$val = implode(' ' . $separator . ' ', $val);
|
||||
|
||||
@@ -552,8 +552,8 @@ class SphinxSearchEngine implements SearchEngineInterface
|
||||
}
|
||||
|
||||
$opts = array(
|
||||
'before_match' => "<em>",
|
||||
'after_match' => "</em>",
|
||||
'before_match' => "[[em]]",
|
||||
'after_match' => "[[/em]]",
|
||||
);
|
||||
|
||||
$fields_to_send = array();
|
||||
|
||||
@@ -354,7 +354,7 @@ class caption_Field_Value implements cache_cacheableInterface
|
||||
}
|
||||
|
||||
// ---------------- new code ----------------------
|
||||
$cleanvalue = str_replace(array("<em>", "</em>", "'"), array("", "", "'"), $value);
|
||||
$cleanvalue = str_replace(array("[[em]]", "[[/em]]", "'"), array("", "", "'"), $value);
|
||||
|
||||
list($term_noacc, $context_noacc) = $this->splitTermAndContext($cleanvalue);
|
||||
$term_noacc = $this->app['unicode']->remove_indexer_chars($term_noacc);
|
||||
@@ -388,21 +388,10 @@ class caption_Field_Value implements cache_cacheableInterface
|
||||
}
|
||||
if($bestnode)
|
||||
{
|
||||
list($term, $context) = $this->splitTermAndContext($value);
|
||||
$term = str_replace(array("<em>", "</em>"), array("", ""), $term);
|
||||
$context = str_replace(array("<em>", "</em>"), array("", ""), $context);
|
||||
$qjs = $term;
|
||||
if ($context) {
|
||||
$qjs .= " [" . $context . "]";
|
||||
}
|
||||
list($term, $context) = $this->splitTermAndContext(str_replace(array("[[em]]", "[[/em]]"), array("", ""), $value));
|
||||
$qjs = $term . ($context ? '['.$context.']' : '');
|
||||
|
||||
$value = "<a class=\"bounce\" onclick=\"bounce('" . $databox->get_sbas_id() . "','"
|
||||
. str_replace("'", "\'", $qjs)
|
||||
. "', '"
|
||||
. str_replace("'", "\'", $this->databox_field->get_name())
|
||||
. "');return(false);\">"
|
||||
. $bestnode->getAttribute('v')
|
||||
. "</a>";
|
||||
$value = new ThesaurusValue($bestnode->getAttribute('v'), $this->databox_field, $qjs);
|
||||
}
|
||||
|
||||
return $value;
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% macro format_caption(record, highlight, searchEngine, includeBusiness) %}
|
||||
{% for value in record.get_caption().get_highlight_fields(highlight, null, searchEngine, includeBusiness) %}
|
||||
<div class="desc{% if loop.index is odd %}im{% endif %}pair"><b>{{ value.label }}</b> : {{value.value|raw}}</div>
|
||||
<div class="desc{% if loop.index is odd %}im{% endif %}pair"><b>{{ value.label }}</b> : {{ value.value | thesaurus }}</div>
|
||||
{% endfor %}
|
||||
{% if app['authentication'].getUser().getPrefs('technical_display') == 'group' %}
|
||||
<hr/>
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% macro format_caption(record, highlight, searchEngine, includeBusiness) %}
|
||||
{% for value in record.get_caption().get_highlight_fields(highlight, null, searchEngine, includeBusiness) %}
|
||||
<div class="desc{% if loop.index is odd %}im{% endif %}pair"><b>{{ value.label }}</b> : {{value.value|raw}}</div>
|
||||
<div class="desc{% if loop.index is odd %}im{% endif %}pair"><b>{{ value.label }}</b> : {{ value.value | thesaurus }}</div>
|
||||
{% endfor %}
|
||||
{% endmacro %}
|
||||
{% endmacro %}
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
{% macro format_caption(record, highlight, searchEngine, includeBusiness) %}
|
||||
{% for value in record.get_caption().get_highlight_fields(highlight, null, searchEngine, includeBusiness) %}
|
||||
<div class="desc{% if loop.index is odd %}im{% endif %}pair"><b>{{ value.label }}</b> : {{value.value|raw}}</div>
|
||||
<div class="desc{% if loop.index is odd %}im{% endif %}pair"><b>{{ value.label }}</b> : {{ value.value | thesaurus }}</div>
|
||||
{% endfor %}
|
||||
{% if app['authentication'].getUser().getPrefs('technical_display') == 'group' %}
|
||||
<hr/>
|
||||
{% include 'common/technical_datas.html.twig' %}
|
||||
{% endif %}
|
||||
{% endmacro %}
|
||||
{% endmacro %}
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
{% macro format_caption(record, highlight, searchEngine, includeBusiness) %}
|
||||
{% for value in record.get_caption().get_highlight_fields(highlight, null, searchEngine, includeBusiness) %}
|
||||
<div class="desc{% if loop.index is odd %}im{% endif %}pair"><b>{{ value.label }}</b> : {{value.value|raw}}</div>
|
||||
<div class="desc{% if loop.index is odd %}im{% endif %}pair"><b>{{ value.label }}</b> : {{ value.value | thesaurus }}</div>
|
||||
{% endfor %}
|
||||
{% if app['authentication'].getUser().getPrefs('technical_display') == 'group' %}
|
||||
<hr/>
|
||||
{% include 'common/technical_datas.html.twig' %}
|
||||
{% endif %}
|
||||
{% endmacro %}
|
||||
{% endmacro %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% macro format_caption(record, highlight, searchEngine, includeBusiness) %}
|
||||
{% for value in record.get_caption().get_highlight_fields(highlight, null, searchEngine, includeBusiness) %}
|
||||
<div><b>{{ value.label }}</b> : {{value.value|raw}}</div>
|
||||
<div><b>{{ value.label }}</b> : {{ value.value }}</div>
|
||||
{% endfor %}
|
||||
{% endmacro %}
|
||||
{% endmacro %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% macro format_caption(record, highlight, searchEngine, includeBusiness) %}
|
||||
{% for value in record.get_caption().get_highlight_fields(highlight, null, searchEngine, includeBusiness) %}
|
||||
<div class="desc{% if loop.index is odd %}im{% endif %}pair"><b>{{ value.label }}</b> : {{value.value|raw}}</div>
|
||||
<div class="desc{% if loop.index is odd %}im{% endif %}pair"><b>{{ value.label }}</b> : {{ value.value | thesaurus }}</div>
|
||||
{% endfor %}
|
||||
{% endmacro %}
|
||||
{% endmacro %}
|
||||
|
||||
@@ -754,7 +754,7 @@ abstract class SearchEngineAbstractTest extends \PhraseanetPHPUnitAuthenticatedA
|
||||
|
||||
$found = false;
|
||||
foreach (self::$searchEngine->excerpt($query_string, $fields, $foundRecord) as $field) {
|
||||
if (strpos($field, '<em>') !== false && strpos($field, '</em>') !== false) {
|
||||
if (strpos($field, '[[em]]') !== false && strpos($field, '[[/em]]') !== false) {
|
||||
$found = true;
|
||||
break;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user