Nemcio/Grav-Admin-Plugin
1
0
Fork 0
mirror of https://github.com/getgrav/grav-plugin-admin.git synced 2026-05-06 07:17:16 +02:00
Code Issues Packages Projects Releases Activity

Fixed unescaped messages in JSON responses

Browse Source
This commit is contained in:
Matias Griese
2021-11-03 12:42:27 +02:00
parent c8a4a111df
commit 6463135bf0
4 changed files with 33 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
classes/plugin/AdminController.php
View File

@@ -288,7 +288,7 @@ class AdminController extends AdminBaseController
$debugger = $this->grav['debugger'];
$debugger->addException($e);
$this->admin->json_response = ['status' => 'error', 'message' => $e->getMessage()];
$this->admin->json_response = ['status' => 'error', 'message' => htmlspecialchars($e->getMessage(), ENT_QUOTES | ENT_HTML5, 'UTF-8')];
return false;
}
@@ -407,7 +407,7 @@ class AdminController extends AdminBaseController
$debugger = $this->grav['debugger'];
$debugger->addException($e);
$json_response = ['status' => 'error', 'message' => $e->getMessage()];
$json_response = ['status' => 'error', 'message' => htmlspecialchars($e->getMessage(), ENT_QUOTES | ENT_HTML5, 'UTF-8')];
}
$this->sendJsonResponse($json_response);
@@ -490,7 +490,7 @@ class AdminController extends AdminBaseController
$debugger = $this->grav['debugger'];
$debugger->addException($e);
$json_response = ['status' => 'error', 'message' => $e->getMessage()];
$json_response = ['status' => 'error', 'message' => htmlspecialchars($e->getMessage(), ENT_QUOTES | ENT_HTML5, 'UTF-8')];
}
$this->sendJsonResponse($json_response);
@@ -540,7 +540,7 @@ class AdminController extends AdminBaseController
$this->admin->json_response = [
'status' => 'error',
'message' => $this->admin::translate('PLUGIN_ADMIN.AN_ERROR_OCCURRED') . '. ' . $e->getMessage()
'message' => $this->admin::translate('PLUGIN_ADMIN.AN_ERROR_OCCURRED') . '. ' . htmlspecialchars($e->getMessage(), ENT_QUOTES | ENT_HTML5, 'UTF-8')
];
return true;
@@ -917,7 +917,7 @@ class AdminController extends AdminBaseController
$debugger = $this->grav['debugger'];
$debugger->addException($e);
$this->admin->json_response = ['status' => 'error', 'message' => $e->getMessage()];
$this->admin->json_response = ['status' => 'error', 'message' => htmlspecialchars($e->getMessage(), ENT_QUOTES | ENT_HTML5, 'UTF-8')];
return false;
}
@@ -961,7 +961,7 @@ class AdminController extends AdminBaseController
$debugger = $this->grav['debugger'];
$debugger->addException($e);
$this->admin->json_response = ['status' => 'error', 'message' => $e->getMessage()];
$this->admin->json_response = ['status' => 'error', 'message' => htmlspecialchars($e->getMessage(), ENT_QUOTES | ENT_HTML5, 'UTF-8')];
return false;
}
@@ -1004,7 +1004,7 @@ class AdminController extends AdminBaseController
$debugger = $this->grav['debugger'];
$debugger->addException($e);
$this->admin->json_response = ['status' => 'error', 'message' => $e->getMessage()];
$this->admin->json_response = ['status' => 'error', 'message' => htmlspecialchars($e->getMessage(), ENT_QUOTES | ENT_HTML5, 'UTF-8')];
return false;
}
@@ -1059,7 +1059,7 @@ class AdminController extends AdminBaseController
$msg = Utils::contains($msg, '401 Unauthorized') ? "ERROR: License key for this resource is invalid." : $msg;
$msg = Utils::contains($msg, '404 Not Found') ? "ERROR: Resource not found" : $msg;
$this->admin->json_response = ['status' => 'error', 'message' => $msg];
$this->admin->json_response = ['status' => 'error', 'message' => htmlspecialchars($msg, ENT_QUOTES | ENT_HTML5, 'UTF-8')];
return false;
}
@@ -1133,7 +1133,7 @@ class AdminController extends AdminBaseController
$debugger = $this->grav['debugger'];
$debugger->addException($e);
$json_response = ['status' => 'error', 'message' => $e->getMessage()];
$json_response = ['status' => 'error', 'message' => htmlspecialchars($e->getMessage(), ENT_QUOTES | ENT_HTML5, 'UTF-8')];
$this->sendJsonResponse($json_response, 200);
}
@@ -2068,7 +2068,7 @@ class AdminController extends AdminBaseController
$debugger = $this->grav['debugger'];
$debugger->addException($e);
$this->admin->json_response = ['status' => 'error', 'message' => $e->getMessage()];
$this->admin->json_response = ['status' => 'error', 'message' => htmlspecialchars($e->getMessage(), ENT_QUOTES | ENT_HTML5, 'UTF-8')];
return false;
}
@@ -2225,7 +2225,7 @@ class AdminController extends AdminBaseController
$this->admin->json_response = [
'status' => 'error',
'message' => sprintf($this->admin::translate('PLUGIN_ADMIN.FILEUPLOAD_UNABLE_TO_UPLOAD'),
$filename, 'Bad filename')
htmlspecialchars($filename, ENT_QUOTES | ENT_HTML5, 'UTF-8'), 'Bad filename')
];
return false;
@@ -2453,7 +2453,7 @@ class AdminController extends AdminBaseController
if (!$result) {
$this->admin->json_response = [
'status' => 'error',
'message' => $this->admin::translate('PLUGIN_ADMIN.FILE_COULD_NOT_BE_DELETED') . ': ' . $filename
'message' => $this->admin::translate('PLUGIN_ADMIN.FILE_COULD_NOT_BE_DELETED') . ': ' . htmlspecialchars($filename, ENT_QUOTES | ENT_HTML5, 'UTF-8')
];
return false;
@@ -2474,7 +2474,7 @@ class AdminController extends AdminBaseController
if (!$result) {
$this->admin->json_response = [
'status' => 'error',
'message' => $this->admin::translate('PLUGIN_ADMIN.FILE_COULD_NOT_BE_DELETED') . ': ' . $filename
'message' => $this->admin::translate('PLUGIN_ADMIN.FILE_COULD_NOT_BE_DELETED') . ': ' . htmlspecialchars($filename, ENT_QUOTES | ENT_HTML5, 'UTF-8')
];
return false;
@@ -2489,7 +2489,7 @@ class AdminController extends AdminBaseController
if (!$found) {
$this->admin->json_response = [
'status' => 'error',
'message' => $this->admin::translate('PLUGIN_ADMIN.FILE_NOT_FOUND') . ': ' . $filename
'message' => $this->admin::translate('PLUGIN_ADMIN.FILE_NOT_FOUND') . ': ' . htmlspecialchars($filename, ENT_QUOTES | ENT_HTML5, 'UTF-8')
];
return false;
@@ -2500,7 +2500,7 @@ class AdminController extends AdminBaseController
$this->admin->json_response = [
'status' => 'success',
'message' => $this->admin::translate('PLUGIN_ADMIN.FILE_DELETED') . ': ' . $filename
'message' => $this->admin::translate('PLUGIN_ADMIN.FILE_DELETED') . ': ' . htmlspecialchars($filename, ENT_QUOTES | ENT_HTML5, 'UTF-8')
];
return true;