Don't strip characters from direct messages
This commit is contained in:
parent
540efef63e
commit
012d5a4722
|
@ -1,6 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
use Engelsystem\Database\DB;
|
use Engelsystem\Database\DB;
|
||||||
|
use Engelsystem\Models\User\User;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns Message id array
|
* Returns Message id array
|
||||||
|
@ -26,7 +27,6 @@ function Message($message_id)
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* TODO: use validation functions, return new message id
|
|
||||||
* send message
|
* send message
|
||||||
*
|
*
|
||||||
* @param int $receiver_user_id User ID of Receiver
|
* @param int $receiver_user_id User ID of Receiver
|
||||||
|
@ -36,32 +36,21 @@ function Message($message_id)
|
||||||
function Message_send($receiver_user_id, $text)
|
function Message_send($receiver_user_id, $text)
|
||||||
{
|
{
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
|
$receiver = User::find($receiver_user_id);
|
||||||
|
|
||||||
$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($text));
|
if (empty($text) || !$receiver || $receiver->id == $user->id) {
|
||||||
$receiver_user_id = preg_replace('/([^\d]{1,})/ui', '', strip_tags($receiver_user_id));
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
if (
|
return DB::insert('
|
||||||
($text != '' && is_numeric($receiver_user_id))
|
|
||||||
&& count(DB::select('
|
|
||||||
SELECT `id`
|
|
||||||
FROM `users`
|
|
||||||
WHERE `id` = ?
|
|
||||||
AND NOT `id` = ?
|
|
||||||
LIMIT 1
|
|
||||||
', [$receiver_user_id, $user->id])) > 0
|
|
||||||
) {
|
|
||||||
return DB::insert('
|
|
||||||
INSERT INTO `Messages` (`Datum`, `SUID`, `RUID`, `Text`)
|
INSERT INTO `Messages` (`Datum`, `SUID`, `RUID`, `Text`)
|
||||||
VALUES(?, ?, ?, ?)
|
VALUES(?, ?, ?, ?)
|
||||||
',
|
',
|
||||||
[
|
[
|
||||||
time(),
|
time(),
|
||||||
$user->id,
|
$user->id,
|
||||||
$receiver_user_id,
|
$receiver->id,
|
||||||
$text
|
$text
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
}
|
|
||||||
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -88,7 +88,7 @@ function user_messages()
|
||||||
'timestamp' => date('Y-m-d H:i', $message['Datum']),
|
'timestamp' => date('Y-m-d H:i', $message['Datum']),
|
||||||
'from' => User_Nick_render($sender_user_source),
|
'from' => User_Nick_render($sender_user_source),
|
||||||
'to' => User_Nick_render($receiver_user_source),
|
'to' => User_Nick_render($receiver_user_source),
|
||||||
'text' => str_replace("\n", '<br />', $message['Text'])
|
'text' => nl2br(htmlspecialchars($message['Text']))
|
||||||
];
|
];
|
||||||
|
|
||||||
if ($message['RUID'] == $user->id) {
|
if ($message['RUID'] == $user->id) {
|
||||||
|
@ -167,7 +167,6 @@ function user_messages()
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'send':
|
case 'send':
|
||||||
// @TODO: Validation?
|
|
||||||
if (Message_send($request->input('to'), $request->input('text'))) {
|
if (Message_send($request->input('to'), $request->input('text'))) {
|
||||||
redirect(page_link_to('user_messages'));
|
redirect(page_link_to('user_messages'));
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -197,6 +197,7 @@ function strip_request_item_nl($name, $default_value = null)
|
||||||
{
|
{
|
||||||
$request = request();
|
$request = request();
|
||||||
if ($request->has($name)) {
|
if ($request->has($name)) {
|
||||||
|
// Only allow letters, symbols, punctuation, separators, numbers and newlines without html tags
|
||||||
return preg_replace(
|
return preg_replace(
|
||||||
"/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui",
|
"/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui",
|
||||||
'',
|
'',
|
||||||
|
@ -214,6 +215,7 @@ function strip_request_item_nl($name, $default_value = null)
|
||||||
*/
|
*/
|
||||||
function strip_item($item)
|
function strip_item($item)
|
||||||
{
|
{
|
||||||
|
// Only allow letters, symbols, punctuation, separators and numbers without html tags
|
||||||
return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+]{1,})/ui", '', strip_tags($item));
|
return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+]{1,})/ui", '', strip_tags($item));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue