From b8095492ecad52a5326179cbab40dd7338a46f3a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Oct 2023 12:25:47 +0000 Subject: [PATCH 1/2] Updated build dependencies --- package.json | 2 +- yarn.lock | 151 +++++++++++++++++++++++++++++++++++++++++++-------- 2 files changed, 129 insertions(+), 24 deletions(-) diff --git a/package.json b/package.json index ba4be5e6..f77f7e32 100644 --- a/package.json +++ b/package.json @@ -36,7 +36,7 @@ "eslint": "^8.44.0", "eslint-plugin-editorconfig": "^4.0.3", "mini-css-extract-plugin": "^2.7.2", - "postcss": "^8.4.21", + "postcss": "^8.4.31", "postcss-loader": "^7.0.2", "prettier": "^2.8.3", "resolve-url-loader": "^5.0.0", diff --git a/yarn.lock b/yarn.lock index d8bfe00b..6a48d789 100644 --- a/yarn.lock +++ b/yarn.lock @@ -22,6 +22,14 @@ dependencies: "@babel/highlight" "^7.18.6" +"@babel/code-frame@^7.22.13": + version "7.22.13" + resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.22.13.tgz#e3c1c099402598483b7a8c46a721d1038803755e" + integrity sha512-XktuhWlJ5g+3TJXc5upd9Ks1HutSArik6jf2eAjYFyIOf4ej3RN+184cZbzDvbPnuTJIUhPKKJE3cIsYTiAT3w== + dependencies: + "@babel/highlight" "^7.22.13" + chalk "^2.4.2" + "@babel/compat-data@^7.17.7", "@babel/compat-data@^7.20.1", "@babel/compat-data@^7.20.5": version "7.20.14" resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.20.14.tgz#4106fc8b755f3e3ee0a0a7c27dde5de1d2b2baf8" @@ -66,6 +74,16 @@ "@jridgewell/gen-mapping" "^0.3.2" jsesc "^2.5.1" +"@babel/generator@^7.23.0": + version "7.23.0" + resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.23.0.tgz#df5c386e2218be505b34837acbcb874d7a983420" + integrity sha512-lN85QRR+5IbYrMWM6Y4pE/noaQtg4pNiqeNGX60eqOfo6gtEj6uw/JagelB8vVztSd7R6M5n1+PQkDbHbBRU4g== + dependencies: + "@babel/types" "^7.23.0" + "@jridgewell/gen-mapping" "^0.3.2" + "@jridgewell/trace-mapping" "^0.3.17" + jsesc "^2.5.1" + "@babel/helper-annotate-as-pure@^7.18.6": version "7.18.6" resolved "https://registry.yarnpkg.com/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.18.6.tgz#eaa49f6f80d5a33f9a5dd2276e6d6e451be0a6bb" @@ -131,6 +149,11 @@ resolved "https://registry.yarnpkg.com/@babel/helper-environment-visitor/-/helper-environment-visitor-7.18.9.tgz#0c0cee9b35d2ca190478756865bb3528422f51be" integrity sha512-3r/aACDJ3fhQ/EVgFy0hpj8oHyHpQc+LPtJoY9SzTThAsStm4Ptegq92vqKoE3vD706ZVFWITnMnxucw+S9Ipg== +"@babel/helper-environment-visitor@^7.22.20": + version "7.22.20" + resolved "https://registry.yarnpkg.com/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz#96159db61d34a29dba454c959f5ae4a649ba9167" + integrity sha512-zfedSIzFhat/gFhWfHtgWvlec0nqB9YEIVrpuwjruLlXfUSnA8cJB0miHKwqDnQ7d32aKo2xt88/xZptwxbfhA== + "@babel/helper-explode-assignable-expression@^7.18.6": version "7.18.6" resolved "https://registry.yarnpkg.com/@babel/helper-explode-assignable-expression/-/helper-explode-assignable-expression-7.18.6.tgz#41f8228ef0a6f1a036b8dfdfec7ce94f9a6bc096" @@ -146,6 +169,14 @@ "@babel/template" "^7.18.10" "@babel/types" "^7.19.0" +"@babel/helper-function-name@^7.23.0": + version "7.23.0" + resolved "https://registry.yarnpkg.com/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz#1f9a3cdbd5b2698a670c30d2735f9af95ed52759" + integrity sha512-OErEqsrxjZTJciZ4Oo+eoZqeW9UIiOcuYKRJA4ZAgV9myA+pOXhhmpfNCKjEH/auVfEYVFJ6y1Tc4r0eIApqiw== + dependencies: + "@babel/template" "^7.22.15" + "@babel/types" "^7.23.0" + "@babel/helper-hoist-variables@^7.18.6": version "7.18.6" resolved "https://registry.yarnpkg.com/@babel/helper-hoist-variables/-/helper-hoist-variables-7.18.6.tgz#d4d2c8fb4baeaa5c68b99cc8245c56554f926678" @@ -153,6 +184,13 @@ dependencies: "@babel/types" "^7.18.6" +"@babel/helper-hoist-variables@^7.22.5": + version "7.22.5" + resolved "https://registry.yarnpkg.com/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz#c01a007dac05c085914e8fb652b339db50d823bb" + integrity sha512-wGjk9QZVzvknA6yKIUURb8zY3grXCcOZt+/7Wcy8O2uctxhplmUPkOdlgoNhmdVee2c92JXbf1xpMtVNbfoxRw== + dependencies: + "@babel/types" "^7.22.5" + "@babel/helper-member-expression-to-functions@^7.20.7": version "7.20.7" resolved "https://registry.yarnpkg.com/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.20.7.tgz#a6f26e919582275a93c3aa6594756d71b0bb7f05" @@ -236,16 +274,33 @@ dependencies: "@babel/types" "^7.18.6" +"@babel/helper-split-export-declaration@^7.22.6": + version "7.22.6" + resolved "https://registry.yarnpkg.com/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz#322c61b7310c0997fe4c323955667f18fcefb91c" + integrity sha512-AsUnxuLhRYsisFiaJwvp1QF+I3KjD5FOxut14q/GzovUe6orHLesW2C7d754kRm53h5gqrz6sFl6sxc4BVtE/g== + dependencies: + "@babel/types" "^7.22.5" + "@babel/helper-string-parser@^7.19.4": version "7.19.4" resolved "https://registry.yarnpkg.com/@babel/helper-string-parser/-/helper-string-parser-7.19.4.tgz#38d3acb654b4701a9b77fb0615a96f775c3a9e63" integrity sha512-nHtDoQcuqFmwYNYPz3Rah5ph2p8PFeFCsZk9A/48dPc/rGocJ5J3hAAZ7pb76VWX3fZKu+uEr/FhH5jLx7umrw== +"@babel/helper-string-parser@^7.22.5": + version "7.22.5" + resolved "https://registry.yarnpkg.com/@babel/helper-string-parser/-/helper-string-parser-7.22.5.tgz#533f36457a25814cf1df6488523ad547d784a99f" + integrity sha512-mM4COjgZox8U+JcXQwPijIZLElkgEpO5rsERVDJTc2qfCDfERyob6k5WegS14SX18IIjv+XD+GrqNumY5JRCDw== + "@babel/helper-validator-identifier@^7.18.6", "@babel/helper-validator-identifier@^7.19.1": version "7.19.1" resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.19.1.tgz#7eea834cf32901ffdc1a7ee555e2f9c27e249ca2" integrity sha512-awrNfaMtnHUr653GgGEs++LlAvW6w+DcPrOliSMXWCKo597CwL5Acf/wWdNkf/tfEQE3mjkeD1YOVZOUV/od1w== +"@babel/helper-validator-identifier@^7.22.20": + version "7.22.20" + resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz#c4ae002c61d2879e724581d96665583dbc1dc0e0" + integrity sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A== + "@babel/helper-validator-option@^7.18.6": version "7.18.6" resolved "https://registry.yarnpkg.com/@babel/helper-validator-option/-/helper-validator-option-7.18.6.tgz#bf0d2b5a509b1f336099e4ff36e1a63aa5db4db8" @@ -279,11 +334,25 @@ chalk "^2.0.0" js-tokens "^4.0.0" -"@babel/parser@^7.20.13", "@babel/parser@^7.20.7": +"@babel/highlight@^7.22.13": + version "7.22.20" + resolved "https://registry.yarnpkg.com/@babel/highlight/-/highlight-7.22.20.tgz#4ca92b71d80554b01427815e06f2df965b9c1f54" + integrity sha512-dkdMCN3py0+ksCgYmGG8jKeGA/8Tk+gJwSYYlFGxG5lmhfKNoAy004YpLxpS1W2J8m/EK2Ew+yOs9pVRwO89mg== + dependencies: + "@babel/helper-validator-identifier" "^7.22.20" + chalk "^2.4.2" + js-tokens "^4.0.0" + +"@babel/parser@^7.20.7": version "7.20.15" resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.20.15.tgz#eec9f36d8eaf0948bb88c87a46784b5ee9fd0c89" integrity sha512-DI4a1oZuf8wC+oAJA9RW6ga3Zbe8RZFt7kD9i4qAspz3I/yHet1VvC3DiSy/fsUvv5pvJuNPh0LPOdCcqinDPg== +"@babel/parser@^7.22.15", "@babel/parser@^7.23.0": + version "7.23.0" + resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.23.0.tgz#da950e622420bf96ca0d0f2909cdddac3acd8719" + integrity sha512-vvPKKdMemU85V9WE/l5wZEmImpCtLqbnTvqDS2U1fJ96KrxoW7KrXhNsNCblQlg8Ck4b85yxdTyelsMUgFUXiw== + "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@^7.18.6": version "7.18.6" resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.18.6.tgz#da5b8f9a580acdfbe53494dba45ea389fb09a4d2" @@ -893,19 +962,28 @@ "@babel/parser" "^7.20.7" "@babel/types" "^7.20.7" -"@babel/traverse@^7.20.10", "@babel/traverse@^7.20.12", "@babel/traverse@^7.20.13", "@babel/traverse@^7.20.5", "@babel/traverse@^7.20.7": - version "7.20.13" - resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.20.13.tgz#817c1ba13d11accca89478bd5481b2d168d07473" - integrity sha512-kMJXfF0T6DIS9E8cgdLCSAL+cuCK+YEZHWiLK0SXpTo8YRj5lpJu3CDNKiIBCne4m9hhTIqUg6SYTAI39tAiVQ== +"@babel/template@^7.22.15": + version "7.22.15" + resolved "https://registry.yarnpkg.com/@babel/template/-/template-7.22.15.tgz#09576efc3830f0430f4548ef971dde1350ef2f38" + integrity sha512-QPErUVm4uyJa60rkI73qneDacvdvzxshT3kksGqlGWYdOTIUOwJ7RDUL8sGqslY1uXWSL6xMFKEXDS3ox2uF0w== dependencies: - "@babel/code-frame" "^7.18.6" - "@babel/generator" "^7.20.7" - "@babel/helper-environment-visitor" "^7.18.9" - "@babel/helper-function-name" "^7.19.0" - "@babel/helper-hoist-variables" "^7.18.6" - "@babel/helper-split-export-declaration" "^7.18.6" - "@babel/parser" "^7.20.13" - "@babel/types" "^7.20.7" + "@babel/code-frame" "^7.22.13" + "@babel/parser" "^7.22.15" + "@babel/types" "^7.22.15" + +"@babel/traverse@^7.20.10", "@babel/traverse@^7.20.12", "@babel/traverse@^7.20.13", "@babel/traverse@^7.20.5", "@babel/traverse@^7.20.7": + version "7.23.2" + resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.23.2.tgz#329c7a06735e144a506bdb2cad0268b7f46f4ad8" + integrity sha512-azpe59SQ48qG6nu2CzcMLbxUudtN+dOM9kDbUqGq3HXUJRlo7i8fvPoxQUzYgLZ4cMVmuZgm8vvBpNeRhd6XSw== + dependencies: + "@babel/code-frame" "^7.22.13" + "@babel/generator" "^7.23.0" + "@babel/helper-environment-visitor" "^7.22.20" + "@babel/helper-function-name" "^7.23.0" + "@babel/helper-hoist-variables" "^7.22.5" + "@babel/helper-split-export-declaration" "^7.22.6" + "@babel/parser" "^7.23.0" + "@babel/types" "^7.23.0" debug "^4.1.0" globals "^11.1.0" @@ -918,6 +996,15 @@ "@babel/helper-validator-identifier" "^7.19.1" to-fast-properties "^2.0.0" +"@babel/types@^7.22.15", "@babel/types@^7.22.5", "@babel/types@^7.23.0": + version "7.23.0" + resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.23.0.tgz#8c1f020c9df0e737e4e247c0619f58c68458aaeb" + integrity sha512-0oIyUfKoI3mSqMvsxBdclDwxXKXAUA8v/apZbc+iSyARYou1o8ZGDxbUYyLFoW2arqS2jDGqJuZvv1d/io1axg== + dependencies: + "@babel/helper-string-parser" "^7.22.5" + "@babel/helper-validator-identifier" "^7.22.20" + to-fast-properties "^2.0.0" + "@discoveryjs/json-ext@^0.5.0": version "0.5.7" resolved "https://registry.yarnpkg.com/@discoveryjs/json-ext/-/json-ext-0.5.7.tgz#1d572bfbbe14b7704e0ba0f39b74815b84870d70" @@ -1015,6 +1102,11 @@ resolved "https://registry.yarnpkg.com/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz#2203b118c157721addfe69d47b70465463066d78" integrity sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w== +"@jridgewell/resolve-uri@^3.1.0": + version "3.1.1" + resolved "https://registry.yarnpkg.com/@jridgewell/resolve-uri/-/resolve-uri-3.1.1.tgz#c08679063f279615a3326583ba3a90d1d82cc721" + integrity sha512-dSYZh7HhCDtCKm4QakX0xFpsRDqjjtZf/kjI/v3T3Nwt5r8/qz/M19F9ySyOqU94SXBmeG9ttTul+YnR4LOxFA== + "@jridgewell/set-array@^1.0.0", "@jridgewell/set-array@^1.0.1": version "1.1.2" resolved "https://registry.yarnpkg.com/@jridgewell/set-array/-/set-array-1.1.2.tgz#7c6cf998d6d20b914c0a55a91ae928ff25965e72" @@ -1033,6 +1125,11 @@ resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz#add4c98d341472a289190b424efbdb096991bb24" integrity sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw== +"@jridgewell/sourcemap-codec@^1.4.14": + version "1.4.15" + resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz#d7c6e6755c78567a951e04ab52ef0fd26de59f32" + integrity sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg== + "@jridgewell/trace-mapping@^0.3.14", "@jridgewell/trace-mapping@^0.3.9": version "0.3.17" resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.17.tgz#793041277af9073b0951a7fe0f0d8c4c98c36985" @@ -1041,6 +1138,14 @@ "@jridgewell/resolve-uri" "3.1.0" "@jridgewell/sourcemap-codec" "1.4.14" +"@jridgewell/trace-mapping@^0.3.17": + version "0.3.20" + resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.20.tgz#72e45707cf240fa6b081d0366f8265b0cd10197f" + integrity sha512-R8LcPeWZol2zR8mmH3JeKQ6QRCFb7XgUhV9ZlGhHLGyg4wpPiPZNQOOWhFZhxKw8u//yTbNGI42Bx/3paXEQ+Q== + dependencies: + "@jridgewell/resolve-uri" "^3.1.0" + "@jridgewell/sourcemap-codec" "^1.4.14" + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1": version "5.1.1-v1" resolved "https://registry.yarnpkg.com/@nicolo-ribaudo/eslint-scope-5-internals/-/eslint-scope-5-internals-5.1.1-v1.tgz#dbf733a965ca47b1973177dc0bb6c889edcfb129" @@ -1537,7 +1642,7 @@ caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001426, caniuse-lite@^1.0.30001449: resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001450.tgz#022225b91200589196b814b51b1bbe45144cf74f" integrity sha512-qMBmvmQmFXaSxexkjjfMvD5rnDL0+m+dUMZKoDYsGG8iZN29RuYh9eRoMvKsT6uMAWlyUUGDEQGJJYjzCIO9ew== -chalk@^2.0.0: +chalk@^2.0.0, chalk@^2.4.2: version "2.4.2" resolved "https://registry.yarnpkg.com/chalk/-/chalk-2.4.2.tgz#cd42541677a54333cf541a49108c1432b44c9424" integrity sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ== @@ -2575,10 +2680,10 @@ ms@2.1.2: resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009" integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w== -nanoid@^3.3.4: - version "3.3.4" - resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.4.tgz#730b67e3cd09e2deacf03c027c81c9d9dbc5e8ab" - integrity sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw== +nanoid@^3.3.6: + version "3.3.6" + resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.6.tgz#443380c856d6e9f9824267d960b4236ad583ea4c" + integrity sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA== natural-compare@^1.4.0: version "1.4.0" @@ -2975,12 +3080,12 @@ postcss-value-parser@^4.1.0, postcss-value-parser@^4.2.0: resolved "https://registry.yarnpkg.com/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz#723c09920836ba6d3e5af019f92bc0971c02e514" integrity sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ== -postcss@^8.2.14, postcss@^8.4.17, postcss@^8.4.19, postcss@^8.4.21: - version "8.4.21" - resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.21.tgz#c639b719a57efc3187b13a1d765675485f4134f4" - integrity sha512-tP7u/Sn/dVxK2NnruI4H9BG+x+Wxz6oeZ1cJ8P6G/PZY0IKk4k/63TDsQf2kQq3+qoJeLm2kIBUNlZe3zgb4Zg== +postcss@^8.2.14, postcss@^8.4.17, postcss@^8.4.19, postcss@^8.4.31: + version "8.4.31" + resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.31.tgz#92b451050a9f914da6755af352bdc0192508656d" + integrity sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ== dependencies: - nanoid "^3.3.4" + nanoid "^3.3.6" picocolors "^1.0.0" source-map-js "^1.0.2" From efda1ffc1ce59f02a7d237d9087adea26e73ec5f Mon Sep 17 00:00:00 2001 From: Igor Scheller Date: Mon, 4 Dec 2023 23:33:07 +0100 Subject: [PATCH 2/2] Escape text outputs in includes --- includes/controller/angeltypes_controller.php | 8 +-- includes/controller/rooms_controller.php | 2 +- includes/controller/shifts_controller.php | 9 ++- includes/controller/shifttypes_controller.php | 4 +- .../controller/user_angeltypes_controller.php | 4 +- includes/controller/users_controller.php | 6 +- includes/engelsystem.php | 2 +- includes/helper/message_helper.php | 29 +++++--- includes/pages/admin_free.php | 4 +- includes/pages/admin_groups.php | 10 +-- includes/pages/admin_shifts.php | 4 +- includes/pages/admin_user.php | 48 +++++++++---- includes/pages/guest_login.php | 6 +- includes/pages/user_shifts.php | 11 +-- includes/sys_form.php | 70 +++---------------- includes/sys_menu.php | 15 ++-- includes/sys_page.php | 54 -------------- includes/sys_template.php | 19 ++--- includes/view/AngelTypes_view.php | 31 +++++--- includes/view/PublicDashboard_view.php | 12 ++-- includes/view/Rooms_view.php | 12 ++-- includes/view/ShiftCalendarShiftRenderer.php | 6 +- includes/view/ShiftEntry_view.php | 14 ++-- includes/view/ShiftTypes_view.php | 10 +-- includes/view/Shifts_view.php | 24 ++++--- includes/view/UserAngelTypes_view.php | 6 +- includes/view/UserHintsRenderer.php | 4 +- includes/view/User_view.php | 52 ++++++++------ resources/views/emails/angeltype-added.twig | 4 +- .../views/emails/angeltype-confirmed.twig | 4 +- resources/views/pages/login.twig | 2 +- 31 files changed, 213 insertions(+), 273 deletions(-) diff --git a/includes/controller/angeltypes_controller.php b/includes/controller/angeltypes_controller.php index 3d820446..eced5a46 100644 --- a/includes/controller/angeltypes_controller.php +++ b/includes/controller/angeltypes_controller.php @@ -72,7 +72,7 @@ function angeltype_delete_controller() } return [ - sprintf(__('Delete angeltype %s'), $angeltype->name), + sprintf(__('Delete angeltype %s'), htmlspecialchars($angeltype->name)), AngelType_delete_view($angeltype), ]; } @@ -152,7 +152,7 @@ function angeltype_edit_controller() } return [ - sprintf(__('Edit %s'), $angeltype->name), + sprintf(__('Edit %s'), htmlspecialchars((string) $angeltype->name)), AngelType_edit_view($angeltype, $supporter_mode), ]; } @@ -193,7 +193,7 @@ function angeltype_controller() $isSupporter = !is_null($user_angeltype) && $user_angeltype->supporter; return [ - sprintf(__('Team %s'), $angeltype->name), + sprintf(__('Team %s'), htmlspecialchars($angeltype->name)), AngelType_view( $angeltype, $members, @@ -323,7 +323,7 @@ function angeltypes_list_controller() $angeltype->name = '' - . $angeltype->name + . htmlspecialchars($angeltype->name) . ''; $angeltype->actions = table_buttons($actions); diff --git a/includes/controller/rooms_controller.php b/includes/controller/rooms_controller.php index 2136565a..5fdca4a3 100644 --- a/includes/controller/rooms_controller.php +++ b/includes/controller/rooms_controller.php @@ -53,7 +53,7 @@ function room_controller(): array $shiftCalendarRenderer = shiftCalendarRendererByShiftFilter($shiftsFilter); return [ - $room->name, + htmlspecialchars($room->name), Room_view($room, $shiftsFilterRenderer, $shiftCalendarRenderer), ]; } diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php index fe3b8939..99bf0e53 100644 --- a/includes/controller/shifts_controller.php +++ b/includes/controller/shifts_controller.php @@ -194,7 +194,7 @@ function shift_edit_controller() foreach ($angeltypes as $angeltype_id => $angeltype_name) { $angel_types_spinner .= form_spinner( 'angeltype_count_' . $angeltype_id, - $angeltype_name, + htmlspecialchars($angeltype_name), $needed_angel_types[$angeltype_id] ); } @@ -213,7 +213,10 @@ function shift_edit_controller() form_text('start', __('Start:'), $start->format('Y-m-d H:i')), form_text('end', __('End:'), $end->format('Y-m-d H:i')), form_textarea('description', __('Additional description'), $description), - form_info('', __('This description is for single shifts, otherwise please use the description in shift type.')), + form_info( + '', + __('This description is for single shifts, otherwise please use the description in shift type.') + ), '

' . __('Needed angels') . '

', $angel_types_spinner, form_submit('submit', __('Save')), @@ -338,7 +341,7 @@ function shift_controller() } return [ - $shift->shiftType->name, + htmlspecialchars($shift->shiftType->name), Shift_view($shift, $shifttype, $room, $angeltypes, $shift_signup_state), ]; } diff --git a/includes/controller/shifttypes_controller.php b/includes/controller/shifttypes_controller.php index 0f1cdfe4..efd11988 100644 --- a/includes/controller/shifttypes_controller.php +++ b/includes/controller/shifttypes_controller.php @@ -33,7 +33,7 @@ function shifttype_delete_controller() } return [ - sprintf(__('Delete shifttype %s'), $shifttype->name), + sprintf(__('Delete shifttype %s'), htmlspecialchars($shifttype->name)), ShiftType_delete_view($shifttype), ]; } @@ -110,7 +110,7 @@ function shifttype_controller() $shifttype = ShiftType::findOrFail($request->input('shifttype_id')); return [ - $shifttype->name, + htmlspecialchars($shifttype->name), ShiftType_view($shifttype), ]; } diff --git a/includes/controller/user_angeltypes_controller.php b/includes/controller/user_angeltypes_controller.php index 7b43d19f..07d81dd6 100644 --- a/includes/controller/user_angeltypes_controller.php +++ b/includes/controller/user_angeltypes_controller.php @@ -39,7 +39,7 @@ function user_angeltypes_unconfirmed_hint() foreach ($unconfirmed_user_angeltypes as $user_angeltype) { $unconfirmed_links[] = '' . $user_angeltype->angelType->name + . '">' . htmlspecialchars($user_angeltype->angelType->name) . ' (+' . $user_angeltype->count . ')' . ''; } @@ -438,7 +438,7 @@ function user_angeltype_join_controller(AngelType $angeltype) } return [ - sprintf(__('Become a %s'), $angeltype->name), + sprintf(__('Become a %s'), htmlspecialchars($angeltype->name)), UserAngelType_join_view($user, $angeltype), ]; } diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php index 5ed7a7e6..0e2dbe73 100644 --- a/includes/controller/users_controller.php +++ b/includes/controller/users_controller.php @@ -91,7 +91,7 @@ function user_delete_controller() } return [ - sprintf(__('Delete %s'), $user_source->displayName), + sprintf(__('Delete %s'), htmlspecialchars($user_source->displayName)), User_delete_view($user_source), ]; } @@ -182,7 +182,7 @@ function user_edit_vouchers_controller() } return [ - sprintf(__('%s\'s vouchers'), $user_source->displayName), + sprintf(__('%s\'s vouchers'), htmlspecialchars($user_source->displayName)), User_edit_vouchers_view($user_source), ]; } @@ -244,7 +244,7 @@ function user_controller() } return [ - $user_source->displayName, + htmlspecialchars($user_source->displayName), User_view( $user_source, auth()->can('admin_user'), diff --git a/includes/engelsystem.php b/includes/engelsystem.php index b156c68a..0c368dc8 100644 --- a/includes/engelsystem.php +++ b/includes/engelsystem.php @@ -23,7 +23,7 @@ if ($app->get('config')->get('maintenance')) { http_response_code(503); $url = $app->get(UrlGeneratorInterface::class); $maintenance = file_get_contents(__DIR__ . '/../resources/views/layouts/maintenance.html'); - $maintenance = str_replace('%APP_NAME%', $app->get('config')->get('app_name'), $maintenance); + $maintenance = str_replace('%APP_NAME%', htmlspecialchars($app->get('config')->get('app_name')), $maintenance); $maintenance = str_replace('%ASSETS_PATH%', $url->to(''), $maintenance); echo $maintenance; die(); diff --git a/includes/helper/message_helper.php b/includes/helper/message_helper.php index 13526a63..d550fd44 100644 --- a/includes/helper/message_helper.php +++ b/includes/helper/message_helper.php @@ -17,11 +17,12 @@ function msg() * * @param string $msg * @param bool $immediately + * @param bool $immediatelyRaw * @return string */ -function info($msg, $immediately = false) +function info($msg, $immediately = false, $immediatelyRaw = false) { - return alert(NotificationType::INFORMATION, $msg, $immediately); + return alert(NotificationType::INFORMATION, $msg, $immediately, $immediatelyRaw); } /** @@ -29,11 +30,12 @@ function info($msg, $immediately = false) * * @param string $msg * @param bool $immediately + * @param bool $immediatelyRaw * @return string */ -function warning($msg, $immediately = false) +function warning($msg, $immediately = false, $immediatelyRaw = false) { - return alert(NotificationType::WARNING, $msg, $immediately); + return alert(NotificationType::WARNING, $msg, $immediately, $immediatelyRaw); } /** @@ -41,11 +43,12 @@ function warning($msg, $immediately = false) * * @param string $msg * @param bool $immediately + * @param bool $immediatelyRaw * @return string */ -function error($msg, $immediately = false) +function error($msg, $immediately = false, $immediatelyRaw = false) { - return alert(NotificationType::ERROR, $msg, $immediately); + return alert(NotificationType::ERROR, $msg, $immediately, $immediatelyRaw); } /** @@ -53,24 +56,27 @@ function error($msg, $immediately = false) * * @param string $msg * @param bool $immediately + * @param bool $immediatelyRaw * @return string */ -function success($msg, $immediately = false) +function success($msg, $immediately = false, $immediatelyRaw = false) { - return alert(NotificationType::MESSAGE, $msg, $immediately); + return alert(NotificationType::MESSAGE, $msg, $immediately, $immediatelyRaw); } /** * Renders an alert message with the given alert-* class or sets it in session * - * @see \Engelsystem\Controllers\HasUserNotifications - * * @param NotificationType $type * @param string $msg * @param bool $immediately + * @param bool $immediatelyRaw * @return string + * + * @see \Engelsystem\Controllers\HasUserNotifications + * */ -function alert(NotificationType $type, $msg, $immediately = false) +function alert(NotificationType $type, $msg, $immediately = false, $immediatelyRaw = false) { if (empty($msg)) { return ''; @@ -87,6 +93,7 @@ function alert(NotificationType $type, $msg, $immediately = false) ['danger', 'warning', 'info', 'success'], $type->value ); + $msg = $immediatelyRaw ? $msg : htmlspecialchars($msg); return ''; } diff --git a/includes/pages/admin_free.php b/includes/pages/admin_free.php index 7fd17faa..ff6859fe 100644 --- a/includes/pages/admin_free.php +++ b/includes/pages/admin_free.php @@ -100,9 +100,9 @@ function admin_free() 'name' => User_Nick_render($usr) . User_Pronoun_render($usr), 'shift_state' => User_shift_state_render($usr), 'last_shift' => User_last_shift_render($usr), - 'dect' => sprintf('%1$s', $usr->contact->dect), + 'dect' => sprintf('%1$s', htmlspecialchars((string) $usr->contact->dect)), 'email' => $usr->settings->email_human - ? sprintf('%1$s', $email) + ? sprintf('%1$s', htmlspecialchars((string) $email)) : icon('eye-slash'), 'actions' => auth()->can('admin_user') diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php index 5e46d5ba..6152475b 100644 --- a/includes/pages/admin_groups.php +++ b/includes/pages/admin_groups.php @@ -31,11 +31,11 @@ function admin_groups() $privileges_html = []; foreach ($privileges as $privilege) { - $privileges_html[] = $privilege['name']; + $privileges_html[] = htmlspecialchars($privilege['name']); } $groups_table[] = [ - 'name' => $group->name, + 'name' => htmlspecialchars($group->name), 'privileges' => join(', ', $privileges_html), 'actions' => button( page_link_to( @@ -72,15 +72,15 @@ function admin_groups() foreach ($privileges as $privilege) { $privileges_form[] = form_checkbox( 'privileges[]', - $privilege->description . ' (' . $privilege->name . ')', + htmlspecialchars($privilege->description . ' (' . $privilege->name . ')'), $privilege->selected != '', $privilege->id, - 'privilege-' . $privilege->name + 'privilege-' . htmlspecialchars($privilege->name) ); } $privileges_form[] = form_submit('submit', __('Save')); - $html .= page_with_title(__('Edit group') . ' ' . $group->name, [ + $html .= page_with_title(__('Edit group') . ' ' . htmlspecialchars($group->name), [ form( $privileges_form, page_link_to('admin_groups', ['action' => 'save', 'id' => $group->id]) diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php index 01cb7bdb..2cc92256 100644 --- a/includes/pages/admin_shifts.php +++ b/includes/pages/admin_shifts.php @@ -333,7 +333,7 @@ function admin_shifts() . Room_name_render(Room::find($shift['room_id'])), 'title' => ShiftType_name_render(ShiftType::find($shifttype_id)) - . ($shift['title'] ? '
' . $shift['title'] : ''), + . ($shift['title'] ? '
' . htmlspecialchars($shift['title']) : ''), 'needed_angels' => '', ]; foreach ($types as $type) { @@ -443,7 +443,7 @@ function admin_shifts() $angel_types .= '
' . form_spinner( 'angeltype_count_' . $type->id, - $type->name, + htmlspecialchars($type->name), $needed_angel_types[$type->id], [ 'radio-name' => 'angelmode', diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index b02d7473..71179006 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -48,7 +48,7 @@ function admin_user() $html .= ' ' . __('If the angel is active, it can claim a goodie. If goodie is set to \'Yes\', the angel already got their goodie.'); } } - $html .= '

'; + $html .= '

'; $html .= '
' . "\n"; @@ -57,20 +57,32 @@ function admin_user() $html .= '' . "\n"; $html .= '' . "\n"; $html .= '' . "\n"; - $html .= ' ' . "\n"; + $html .= ' ' . "\n"; $html .= ' ' . "\n"; if (config('enable_user_name')) { - $html .= ' ' . "\n"; - $html .= ' ' . "\n"; + $html .= ' ' . "\n"; + $html .= ' ' . "\n"; } - $html .= ' ' . "\n"; + $html .= ' ' . "\n"; if (config('enable_dect')) { - $html .= ' ' . "\n"; + $html .= ' ' . "\n"; } if ($user_source->settings->email_human) { - $html .= ' ' . "\n"; + $html .= ' ' . "\n"; } if ($goodie_tshirt) { $html .= '
' . __('Nickname') . '' . '
' . __('Nickname') . '' + . '' + . '
' . __('Last login') . '

' . ($user_source->last_login_at ? $user_source->last_login_at->format(__('Y-m-d H:i')) : '-') . '

' . __('Prename') . '' . '
' . __('Last name') . '' . '
' . __('Prename') . '' + . '' + . '
' . __('Last name') . '' + . '' + . '
' . __('Mobile') . '' . '
' . __('Mobile') . '' + . '' + . '
' . __('DECT') . '' . '
' . __('DECT') . '' + . '' + . '
' . __('settings.profile.email') . '' . '
' . __('settings.profile.email') . '' + . '' + . '
' . __('user.shirt_size') . '' @@ -120,11 +132,11 @@ function admin_user() $html .= '
' . "\n" . ''; $html .= '' . "\n"; - $html .= '' . "\n" . '
' . "\n"; + $html .= '' . "\n" . '
' . "\n"; $html .= '' . "\n"; $html .= '
'; - $html .= '
'; + $html .= '
'; $html .= form_info('', __('Please visit the angeltypes page or the users profile to manage the users angeltypes.')); @@ -133,14 +145,18 @@ function admin_user() . '" method="post">' . "\n"; $html .= form_csrf(); $html .= '' . "\n"; - $html .= ' ' . "\n"; - $html .= ' ' . "\n"; + $html .= ' ' . "\n"; + $html .= ' ' . "\n"; - $html .= '
' . __('Password') . '' . '
' . __('Confirm password') . '' . '
' . __('Password') . '' + . '' + . '
' . __('Confirm password') . '' + . '' + . '
' . "\n" . '
' . "\n"; + $html .= '' . "\n" . '
' . "\n"; $html .= '' . "\n"; $html .= ''; - $html .= '
'; + $html .= '
'; /** @var Group $my_highest_group */ $my_highest_group = $user->groups()->orderByDesc('id')->first(); @@ -168,7 +184,9 @@ function admin_user() $html .= '
' . 'selected ? ' checked="checked"' : '') - . ' />
'; + . ' />
'; } $html .= '
'; @@ -176,7 +194,7 @@ function admin_user() $html .= '' . "\n"; $html .= ''; - $html .= '
'; + $html .= '
'; } $html .= buttons([ diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index 851e7670..c391f676 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -86,7 +86,7 @@ function guest_register() if ($angel_type->hide_register) { continue; } - $angel_types[$angel_type->id] = $angel_type->name + $angel_types[$angel_type->id] = htmlspecialchars($angel_type->name) . ($angel_type->restricted ? ' (' . __('Requires introduction') . ')' : ''); if (!$angel_type->restricted) { $selected_angel_types[] = $angel_type->id; @@ -436,7 +436,7 @@ function guest_register() 'email_shiftinfo', __( 'settings.profile.email_shiftinfo', - [config('app_name')] + [htmlspecialchars(config('app_name'))] ), $email_shiftinfo ), @@ -459,7 +459,7 @@ function guest_register() form_checkbox( 'email_goody', __('To receive vouchers, give consent that nick, email address, worked hours and shirt size will be stored until the next similar event.') - . (config('privacy_email') ? ' ' . __('To withdraw your approval, send an email to %1$s.', [config('privacy_email')]) : ''), + . (config('privacy_email') ? ' ' . __('To withdraw your approval, send an email to %1$s.', [htmlspecialchars(config('privacy_email'))]) : ''), $email_goody ) : '', ]), diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index d1b7a08f..841ff8f2 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -377,15 +377,6 @@ function ical_hint() . '

' . $user->api_key . '

'; } -/** - * @param array $array - * @return array - */ -function get_ids_from_array($array) -{ - return $array['id']; -} - /** * @param array $items * @param array $selected @@ -418,7 +409,7 @@ function make_select($items, $selected, $name, $title = null, $ownSelect = []) $htmlItems[] = '
' . '' + . '>' . (!isset($i['enabled']) || $i['enabled'] ? '' : icon('mortarboard-fill')) . '
'; } diff --git a/includes/sys_form.php b/includes/sys_form.php index 2ef208a5..fae7988a 100644 --- a/includes/sys_form.php +++ b/includes/sys_form.php @@ -128,14 +128,15 @@ function form_checkbox($name, $label, $selected, $value = 'checked', $html_id = } return '
' - . '
'; } /** - * Rendert einen Radio + * Renders a radio button * * @param string $name * @param string $label @@ -232,26 +233,6 @@ function form_text($name, $label, $value, $disabled = false, $maxlength = null, ); } -/** - * Renders a text input with placeholder instead of label. - * - * @param string $name Input name - * @param string $placeholder Placeholder - * @param string $value The value - * @param boolean $disabled Is the field enabled? - * @return string - */ -function form_text_placeholder($name, $placeholder, $value, $disabled = false) -{ - $disabled = $disabled ? ' disabled="disabled"' : ''; - return form_element( - '', - '' - ); -} - /** * Rendert ein Formular-Emailfeld * @@ -277,22 +258,6 @@ function form_email($name, $label, $value, $disabled = false, $autocomplete = nu ); } -/** - * Rendert ein Formular-Dateifeld - * - * @param string $name - * @param string $label - * @return string - */ -function form_file($name, $label) -{ - return form_element( - $label, - sprintf('', $name), - 'form_' . $name - ); -} - /** * Rendert ein Formular-Passwortfeld * @@ -308,7 +273,7 @@ function form_password($name, $label, $autocomplete, $disabled = false) return form_element( $label, sprintf( - '', + '', $name, config('min_password_length'), $autocomplete, @@ -318,25 +283,6 @@ function form_password($name, $label, $autocomplete, $disabled = false) ); } -/** - * Renders a password input with placeholder instead of label. - * - * @param string $name - * @param string $placeholder - * @param bool $disabled - * @return string - */ -function form_password_placeholder($name, $placeholder, $disabled = false) -{ - $disabled = $disabled ? ' disabled="disabled"' : ''; - return form_element( - '', - '', - 'form_' . $name - ); -} - /** * Rendert ein Formular-Textfeld * @@ -463,9 +409,13 @@ function html_select_key($dom_id, $name, $rows, $selected, $selectText = '') } foreach ($rows as $key => $row) { if (($key == $selected) || ($row === $selected)) { - $html .= ''; + $html .= ''; } else { - $html .= ''; + $html .= ''; } } $html .= ''; diff --git a/includes/sys_menu.php b/includes/sys_menu.php index 815c604c..35b96a1b 100644 --- a/includes/sys_menu.php +++ b/includes/sys_menu.php @@ -76,15 +76,22 @@ function make_navigation() } $title = ((array) $options)[0]; - $menu[] = toolbar_item_link(page_link_to($menu_page), '', $title, $menu_page == $page); + $menu[] = toolbar_item_link( + page_link_to($menu_page), + '', + $title, + $menu_page == $page + ); } $menu = make_room_navigation($menu); $admin_menu = []; $admin_pages = [ - // path => name - // path => [name, permission] + // Examples: + // path => name, + // path => [name, permission], + 'admin_arrive' => 'Arrive angels', 'admin_active' => 'Active angels', 'users' => ['All Angels', 'admin_user'], @@ -111,7 +118,7 @@ function make_navigation() $title = ((array) $options)[0]; $admin_menu[] = toolbar_dropdown_item( page_link_to($menu_page), - __($title), + htmlspecialchars(__($title)), $menu_page == $page ); } diff --git a/includes/sys_page.php b/includes/sys_page.php index a5eb7142..b0e7b492 100644 --- a/includes/sys_page.php +++ b/includes/sys_page.php @@ -2,9 +2,7 @@ use Engelsystem\Helpers\Carbon; use Engelsystem\Http\Exceptions\HttpTemporaryRedirect; -use Engelsystem\Models\BaseModel; use Engelsystem\ValidationResult; -use Illuminate\Support\Collection; /** * Provide page/request helper functions @@ -63,41 +61,6 @@ function throw_redirect($url) throw new HttpTemporaryRedirect($url); } -/** - * Echoes given output and dies. - * - * @param string $output String to display - */ -function raw_output($output = '') -{ - echo $output; - die(); -} - -/** - * Helper function for transforming list of entities into array for select boxes. - * - * @param array|Collection $data The data array - * @param string $key_name name of the column to use as id/key - * @param string $value_name name of the column to use as displayed value - * - * @return array|Collection - */ -function select_array($data, $key_name, $value_name) -{ - if ($data instanceof Collection) { - return $data->mapWithKeys(function (BaseModel $model) use ($key_name, $value_name) { - return [$model->{$key_name} => $model->{$value_name}]; - }); - } - - $return = []; - foreach ($data as $value) { - $return[$value[$key_name]] = $value[$value_name]; - } - return $return; -} - /** * Returns an int[] from given request param name. * @@ -185,23 +148,6 @@ function strip_request_item($name, $default_value = null) return $default_value; } -/** - * Returns REQUEST value or default value (null) if not set. - * - * @param string $name - * @param string|null $default_value - * @return mixed|null - */ -function strip_request_tags($name, $default_value = null) -{ - $request = request(); - if ($request->has($name)) { - return strip_tags($request->input($name)); - } - - return $default_value; -} - /** * Testet, ob der angegebene REQUEST Wert ein Integer ist, bzw. * eine ID sein könnte. diff --git a/includes/sys_template.php b/includes/sys_template.php index bad1cf2a..56df96e2 100644 --- a/includes/sys_template.php +++ b/includes/sys_template.php @@ -72,17 +72,6 @@ function tabs($tabs, $selected = 0) ]); } -/** - * Display muted (grey) text. - * - * @param string $text - * @return string - */ -function mute($text) -{ - return '' . $text . ''; -} - /** * Renders a bootstrap label with given content and class. * @@ -188,7 +177,7 @@ function toolbar_item_link($href, $icon, $label, $active = false) return '
  • ' . '' . ($icon != '' ? ' ' : '') - . $label + . htmlspecialchars($label) . '' . '
    • '; } @@ -196,11 +185,11 @@ function toolbar_item_link($href, $icon, $label, $active = false) function toolbar_dropdown_item(string $href, string $label, bool $active, string $icon = null): string { return strtr( - '
  • {icon} {label}
    • ', + '
  • {icon} {label}
    • ', [ '{href}' => $href, '{icon}' => $icon === null ? '' : '', - '{label}' => $label, + '{label}' => htmlspecialchars($label), '{active}' => $active ? ' active' : '', '{aria}' => $active ? ' aria-current="page"' : '', ] @@ -235,7 +224,7 @@ EOT; $template, [ '{class}' => $active ? ' active' : '', - '{label}' => $label, + '{label}' => htmlspecialchars($label), '{submenu}' => join("\n", $submenu), ] ); diff --git a/includes/view/AngelTypes_view.php b/includes/view/AngelTypes_view.php index 290e93ae..81e6bfd5 100644 --- a/includes/view/AngelTypes_view.php +++ b/includes/view/AngelTypes_view.php @@ -26,7 +26,7 @@ function AngelType_name_render(AngelType $angeltype, $plain = false) } return '' - . ($angeltype->restricted ? icon('mortarboard-fill') : '') . $angeltype->name + . ($angeltype->restricted ? icon('mortarboard-fill') : '') . htmlspecialchars($angeltype->name) . ''; } @@ -60,7 +60,7 @@ function AngelType_render_membership(AngelType $user_angeltype) */ function AngelType_delete_view(AngelType $angeltype) { - return page_with_title(sprintf(__('Delete angeltype %s'), $angeltype->name), [ + return page_with_title(sprintf(__('Delete angeltype %s'), htmlspecialchars($angeltype->name)), [ info(sprintf(__('Do you want to delete angeltype %s?'), $angeltype->name), true), form([ buttons([ @@ -80,14 +80,14 @@ function AngelType_delete_view(AngelType $angeltype) */ function AngelType_edit_view(AngelType $angeltype, bool $supporter_mode) { - return page_with_title(sprintf(__('Edit %s'), $angeltype->name), [ + return page_with_title(sprintf(__('Edit %s'), htmlspecialchars((string) $angeltype->name)), [ buttons([ button(page_link_to('angeltypes'), icon('person-lines-fill') . __('Angeltypes'), 'back'), ]), msg(), form([ $supporter_mode - ? form_info(__('Name'), $angeltype->name) + ? form_info(__('Name'), htmlspecialchars($angeltype->name)) : form_text('name', __('Name'), $angeltype->name), $supporter_mode ? form_info(__('Requires introduction'), $angeltype->restricted ? __('Yes') : __('No')) @@ -244,7 +244,7 @@ function AngelType_view_members(AngelType $angeltype, $members, $admin_user_ange foreach ($members as $member) { $member->name = User_Nick_render($member) . User_Pronoun_render($member); if (config('enable_dect')) { - $member['dect'] = $member->contact->dect; + $member['dect'] = htmlspecialchars((string) $member->contact->dect); } if ($angeltype->requires_driver_license) { $member['wants_to_drive'] = icon_bool($member->license->wantsToDrive()); @@ -405,7 +405,7 @@ function AngelType_view( ShiftCalendarRenderer $shiftCalendarRenderer, $tab ) { - return page_with_title(sprintf(__('Team %s'), $angeltype->name), [ + return page_with_title(sprintf(__('Team %s'), htmlspecialchars($angeltype->name)), [ AngelType_view_buttons($angeltype, $user_angeltype, $admin_angeltypes, $supporter, $user_driver_license, $user), msg(), tabs([ @@ -465,7 +465,7 @@ function AngelType_view_info( $info[] = '

    ' . __('Description') . '

    '; $parsedown = new Parsedown(); if ($angeltype->description != '') { - $info[] = $parsedown->parse($angeltype->description); + $info[] = $parsedown->parse(htmlspecialchars($angeltype->description)); } list($supporters, $members_confirmed, $members_unconfirmed) = AngelType_view_members( @@ -539,9 +539,20 @@ function AngelType_view_info( function AngelTypes_render_contact_info(AngelType $angeltype) { $info = [ - __('Name') => [$angeltype->contact_name, $angeltype->contact_name], - __('DECT') => config('enable_dect') ? [sprintf('%1$s', $angeltype->contact_dect), $angeltype->contact_dect] : null, - __('E-Mail') => [sprintf('%1$s', $angeltype->contact_email), $angeltype->contact_email], + __('Name') => [ + htmlspecialchars($angeltype->contact_name), + htmlspecialchars($angeltype->contact_name), + ], + __('DECT') => config('enable_dect') + ? [ + sprintf('%1$s', htmlspecialchars($angeltype->contact_dect)), + htmlspecialchars($angeltype->contact_dect), + ] + : null, + __('E-Mail') => [ + sprintf('%1$s', htmlspecialchars($angeltype->contact_email)), + htmlspecialchars($angeltype->contact_email), + ], ]; $contactInfo = []; foreach ($info as $name => $data) { diff --git a/includes/view/PublicDashboard_view.php b/includes/view/PublicDashboard_view.php index a39946bf..b77d9152 100644 --- a/includes/view/PublicDashboard_view.php +++ b/includes/view/PublicDashboard_view.php @@ -19,7 +19,9 @@ function public_dashboard_view($stats, $free_shifts, $important_news) if ($important_news->isNotEmpty()) { $first_news = $important_news->first(); $news = div('alert alert-warning text-center', [ - '' . $first_news->title . '', + '' + . '' . htmlspecialchars($first_news->title) . '' + . '', ]); } @@ -93,17 +95,17 @@ function public_dashboard_shift_render($shift) $panel_body = icon('clock-history') . $shift['start'] . ' - ' . $shift['end']; $panel_body .= ' (' . $shift['duration'] . ' h)'; - $panel_body .= '
    ' . icon('list-task') . $shift['shifttype_name']; + $panel_body .= '
    ' . icon('list-task') . htmlspecialchars($shift['shifttype_name']); if (!empty($shift['title'])) { - $panel_body .= ' (' . $shift['title'] . ')'; + $panel_body .= ' (' . htmlspecialchars($shift['title']) . ')'; } - $panel_body .= '
    ' . icon('pin-map-fill') . $shift['room_name']; + $panel_body .= '
    ' . icon('pin-map-fill') . htmlspecialchars($shift['room_name']); foreach ($shift['needed_angels'] as $needed_angels) { $panel_body .= '
    ' . icon('person') . '' - . $needed_angels['need'] . ' × ' . $needed_angels['angeltype_name'] + . $needed_angels['need'] . ' × ' . htmlspecialchars($needed_angels['angeltype_name']) . ''; } diff --git a/includes/view/Rooms_view.php b/includes/view/Rooms_view.php index f1ba4c4c..2693b901 100644 --- a/includes/view/Rooms_view.php +++ b/includes/view/Rooms_view.php @@ -24,13 +24,13 @@ function Room_view(Room $room, ShiftsFilterRenderer $shiftsFilterRenderer, Shift if ($room->description) { $description = '

    ' . __('Description') . '

    '; $parsedown = new Parsedown(); - $description .= $parsedown->parse($room->description); + $description .= $parsedown->parse(htmlspecialchars($room->description)); } $dect = ''; if (config('enable_dect') && $room->dect) { $dect = heading(__('Contact'), 3) - . description([__('DECT') => sprintf('%1$s', $room->dect)]); + . description([__('DECT') => sprintf('%1$s', htmlspecialchars($room->dect))]); } $tabs = []; @@ -39,7 +39,7 @@ function Room_view(Room $room, ShiftsFilterRenderer $shiftsFilterRenderer, Shift '
    ' . '' . '
    ', - $room->map_url + htmlspecialchars($room->map_url) ); } @@ -57,7 +57,7 @@ function Room_view(Room $room, ShiftsFilterRenderer $shiftsFilterRenderer, Shift $selected_tab = count($tabs) - 1; } - return page_with_title(icon('pin-map-fill') . $room->name, [ + return page_with_title(icon('pin-map-fill') . htmlspecialchars($room->name), [ $assignNotice, auth()->can('admin_rooms') ? buttons([ button( @@ -79,8 +79,8 @@ function Room_view(Room $room, ShiftsFilterRenderer $shiftsFilterRenderer, Shift function Room_name_render(Room $room) { if (auth()->can('view_rooms')) { - return '' . icon('pin-map-fill') . $room->name . ''; + return '' . icon('pin-map-fill') . htmlspecialchars($room->name) . ''; } - return icon('pin-map-fill') . $room->name; + return icon('pin-map-fill') . htmlspecialchars($room->name); } diff --git a/includes/view/ShiftCalendarShiftRenderer.php b/includes/view/ShiftCalendarShiftRenderer.php index 3ab89147..5caa8976 100644 --- a/includes/view/ShiftCalendarShiftRenderer.php +++ b/includes/view/ShiftCalendarShiftRenderer.php @@ -29,7 +29,7 @@ class ShiftCalendarShiftRenderer { $info_text = ''; if ($shift->title != '') { - $info_text = icon('info-circle') . $shift->title . '
    '; + $info_text = icon('info-circle') . htmlspecialchars($shift->title) . '
    '; } list($shift_signup_state, $shifts_row) = $this->renderShiftNeededAngeltypes( $shift, @@ -199,7 +199,7 @@ class ShiftCalendarShiftRenderer : $inner_text . '
    ' . button( page_link_to('user_angeltypes', ['action' => 'add', 'angeltype_id' => $angeltype->id]), - sprintf(__('Become %s'), $angeltype->name), + sprintf(__('Become %s'), htmlspecialchars($angeltype->name)), 'btn-sm' ), // Shift collides or user is already signed up: No signup allowed @@ -262,7 +262,7 @@ class ShiftCalendarShiftRenderer } $shift_heading = $shift->start->format('H:i') . ' ‐ ' . $shift->end->format('H:i') . ' — ' - . $shift->shiftType->name; + . htmlspecialchars($shift->shiftType->name); if ($needed_angeltypes_count > 0) { $shift_heading = '' . $needed_angeltypes_count . ' ' . $shift_heading; diff --git a/includes/view/ShiftEntry_view.php b/includes/view/ShiftEntry_view.php index 31242b46..4d8f33f9 100644 --- a/includes/view/ShiftEntry_view.php +++ b/includes/view/ShiftEntry_view.php @@ -19,7 +19,7 @@ function ShiftEntry_delete_view_admin(Shift $shift, AngelType $angeltype, User $ return page_with_title(ShiftEntry_delete_title(), [ info(sprintf( __('Do you want to sign off %s from shift %s from %s to %s as %s?'), - User_Nick_render($signoff_user), + $signoff_user->displayName, $shift->shiftType->name, $shift->start->format(__('Y-m-d H:i')), $shift->end->format(__('Y-m-d H:i')), @@ -92,7 +92,7 @@ function ShiftEntry_create_view_admin( ) { $start = $shift->start->format(__('Y-m-d H:i')); return page_with_title( - ShiftEntry_create_title() . ': ' . $shift->shiftType->name + ShiftEntry_create_title() . ': ' . htmlspecialchars($shift->shiftType->name) . ' %c', [ Shift_view_header($shift, $room), @@ -120,7 +120,7 @@ function ShiftEntry_create_view_supporter(Shift $shift, Room $room, AngelType $a { $start = $shift->start->format(__('Y-m-d H:i')); return page_with_title( - ShiftEntry_create_title() . ': ' . $shift->shiftType->name + ShiftEntry_create_title() . ': ' . htmlspecialchars($shift->shiftType->name) . ' %c', [ Shift_view_header($shift, $room), @@ -149,7 +149,7 @@ function ShiftEntry_create_view_user(Shift $shift, Room $room, AngelType $angelt { $start = $shift->start->format(__('Y-m-d H:i')); return page_with_title( - ShiftEntry_create_title() . ': ' . $shift->shiftType->name + ShiftEntry_create_title() . ': ' . htmlspecialchars($shift->shiftType->name) . ' %c', [ Shift_view_header($shift, $room), @@ -218,9 +218,9 @@ function ShiftEntry_edit_view( form([ form_info(__('Angel:'), User_Nick_render($angel)), form_info(__('Date, Duration:'), $date), - form_info(__('Location:'), $location), - form_info(__('Title:'), $title), - form_info(__('Type:'), $type), + form_info(__('Location:'), htmlspecialchars($location)), + form_info(__('Title:'), htmlspecialchars($title)), + form_info(__('Type:'), htmlspecialchars($type)), $comment, join('', $freeload_form), form_submit('submit', __('Save')), diff --git a/includes/view/ShiftTypes_view.php b/includes/view/ShiftTypes_view.php index 4f2a7b07..f19f883e 100644 --- a/includes/view/ShiftTypes_view.php +++ b/includes/view/ShiftTypes_view.php @@ -10,7 +10,7 @@ use Illuminate\Support\Collection; function ShiftType_name_render(ShiftType $shifttype) { if (auth()->can('shifttypes')) { - return '' . $shifttype->name . ''; + return '' . htmlspecialchars($shifttype->name) . ''; } return $shifttype->name; } @@ -21,7 +21,7 @@ function ShiftType_name_render(ShiftType $shifttype) */ function ShiftType_delete_view(ShiftType $shifttype) { - return page_with_title(sprintf(__('Delete shifttype %s'), $shifttype->name), [ + return page_with_title(sprintf(__('Delete shifttype %s'), htmlspecialchars($shifttype->name)), [ info(sprintf(__('Do you want to delete shifttype %s?'), $shifttype->name), true), form([ buttons([ @@ -67,7 +67,7 @@ function ShiftType_view(ShiftType $shifttype) { $parsedown = new Parsedown(); $title = $shifttype->name; - return page_with_title($title, [ + return page_with_title(htmlspecialchars($title), [ msg(), buttons([ button(page_link_to('shifttypes'), shifttypes_title(), 'back'), @@ -81,7 +81,7 @@ function ShiftType_view(ShiftType $shifttype) ), ]), heading(__('Description'), 2), - $parsedown->parse($shifttype->description), + $parsedown->parse(htmlspecialchars($shifttype->description)), ], true); } @@ -95,7 +95,7 @@ function ShiftTypes_list_view($shifttypes) $shifttype->name = '' - . $shifttype->name + . htmlspecialchars($shifttype->name) . ''; $shifttype->actions = table_buttons([ button( diff --git a/includes/view/Shifts_view.php b/includes/view/Shifts_view.php index 5e27dc0f..e0c99b53 100644 --- a/includes/view/Shifts_view.php +++ b/includes/view/Shifts_view.php @@ -24,8 +24,8 @@ function Shift_view_header(Shift $shift, Room $room) '

    ' . __('Title') . '

    ', '

    ' . ($shift->url != '' - ? '' . $shift->title . '' - : $shift->title) + ? '' . htmlspecialchars($shift->title) . '' + : htmlspecialchars($shift->title)) . '

    ', ]), div('col-sm-3 col-xs-6', [ @@ -98,7 +98,7 @@ function Shift_signup_button_render(Shift $shift, AngelType $angeltype) page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype->id]), sprintf( __('Become %s'), - $angeltype->name + htmlspecialchars($angeltype->name) ) ); } @@ -170,8 +170,15 @@ function Shift_view(Shift $shift, ShiftType $shifttype, Room $room, $angeltypes_ $buttons = [ $shift_admin ? button(shift_edit_link($shift), icon('pencil') . __('edit')) : '', $shift_admin ? button(shift_delete_link($shift), icon('trash') . __('delete')) : '', - $admin_shifttypes ? button(shifttype_link($shifttype), $shifttype->name) : '', - $admin_rooms ? button(room_link($room), icon('pin-map-fill') . $room->name) : '', + $admin_shifttypes + ? button(shifttype_link($shifttype), htmlspecialchars($shifttype->name)) + : '', + $admin_rooms + ? button( + room_link($room), + icon('pin-map-fill') . htmlspecialchars($room->name) + ) + : '', ]; } $buttons[] = button(user_link(auth()->user()->id), ' ' . __('My shifts')); @@ -185,8 +192,8 @@ function Shift_view(Shift $shift, ShiftType $shifttype, Room $room, $angeltypes_ ]), div('col-sm-6', [ '

    ' . __('Description') . '

    ', - $parsedown->parse($shifttype->description), - $parsedown->parse($shift->description), + $parsedown->parse(htmlspecialchars($shifttype->description)), + $parsedown->parse(htmlspecialchars($shift->description)), ]), ]); @@ -197,7 +204,8 @@ function Shift_view(Shift $shift, ShiftType $shifttype, Room $room, $angeltypes_ $start = $shift->start->format(__('Y-m-d H:i')); return page_with_title( - $shift->shiftType->name . ' %c', + htmlspecialchars($shift->shiftType->name) + . ' %c', $content ); } diff --git a/includes/view/UserAngelTypes_view.php b/includes/view/UserAngelTypes_view.php index e50e1f04..9f41b86a 100644 --- a/includes/view/UserAngelTypes_view.php +++ b/includes/view/UserAngelTypes_view.php @@ -138,7 +138,7 @@ function UserAngelType_add_view(AngelType $angeltype, $users_source, $user_id) { $users = []; foreach ($users_source as $user_source) { - $users[$user_source->id] = User_Nick_render($user_source); + $users[$user_source->id] = $user_source->displayName; } return page_with_title(__('Add user to angeltype'), [ @@ -151,7 +151,7 @@ function UserAngelType_add_view(AngelType $angeltype, $users_source, $user_id) ), ]), form([ - form_info(__('Angeltype'), $angeltype->name), + form_info(__('Angeltype'), htmlspecialchars($angeltype->name)), form_checkbox('auto_confirm_user', __('Confirm user'), true), form_select('user_id', __('User'), $users, $user_id), form_submit('submit', __('Add')), @@ -166,7 +166,7 @@ function UserAngelType_add_view(AngelType $angeltype, $users_source, $user_id) */ function UserAngelType_join_view($user, AngelType $angeltype) { - return page_with_title(sprintf(__('Become a %s'), $angeltype->name), [ + return page_with_title(sprintf(__('Become a %s'), htmlspecialchars($angeltype->name)), [ msg(), info(sprintf( __('Do you really want to add %s to %s?'), diff --git a/includes/view/UserHintsRenderer.php b/includes/view/UserHintsRenderer.php index 55c65595..4a06686f 100644 --- a/includes/view/UserHintsRenderer.php +++ b/includes/view/UserHintsRenderer.php @@ -20,9 +20,9 @@ class UserHintsRenderer if (!empty($hint)) { if ($important) { $this->important = true; - $this->hints[] = error($hint, true); + $this->hints[] = error($hint, true, true); } else { - $this->hints[] = info($hint, true); + $this->hints[] = info($hint, true, true); } } } diff --git a/includes/view/User_view.php b/includes/view/User_view.php index 97ea6c0c..d9a553e3 100644 --- a/includes/view/User_view.php +++ b/includes/view/User_view.php @@ -92,9 +92,9 @@ function Users_view( foreach ($users as $user) { $u = []; $u['name'] = User_Nick_render($user) . User_Pronoun_render($user); - $u['first_name'] = $user->personalData->first_name; - $u['last_name'] = $user->personalData->last_name; - $u['dect'] = sprintf('%1$s', $user->contact->dect); + $u['first_name'] = htmlspecialchars((string) $user->personalData->first_name); + $u['last_name'] = htmlspecialchars((string) $user->personalData->last_name); + $u['dect'] = sprintf('%1$s', htmlspecialchars((string) $user->contact->dect)); $u['arrived'] = icon_bool($user->state->arrived); if (config('enable_voucher')) { $u['got_voucher'] = $user->state->got_voucher; @@ -273,7 +273,7 @@ function User_view_shiftentries($needed_angel_type) { $shift_info = '
    ' . $needed_angel_type['name'] . ': '; + . '">' . htmlspecialchars($needed_angel_type['name']) . ': '; $shift_entries = []; foreach ($needed_angel_type['users'] as $user_shift) { @@ -299,9 +299,9 @@ function User_view_shiftentries($needed_angel_type) */ function User_view_myshift(Shift $shift, $user_source, $its_me) { - $shift_info = '' . $shift->shiftType->name . ''; + $shift_info = '' . htmlspecialchars($shift->shiftType->name) . ''; if ($shift->title) { - $shift_info .= '
    ' . $shift->title . ''; + $shift_info .= '
    ' . htmlspecialchars($shift->title) . ''; } foreach ($shift->needed_angeltypes as $needed_angel_type) { $shift_info .= User_view_shiftentries($needed_angel_type); @@ -320,7 +320,7 @@ function User_view_myshift(Shift $shift, $user_source, $its_me) ]; if ($its_me) { - $myshift['comment'] = $shift->user_comment; + $myshift['comment'] = htmlspecialchars($shift->user_comment); } if ($shift->freeloaded) { @@ -329,7 +329,9 @@ function User_view_myshift(Shift $shift, $user_source, $its_me) . '

    '; if (auth()->can('user_shifts_admin')) { $myshift['comment'] .= '
    ' - . '

    ' . __('Freeloaded') . ': ' . $shift->freeloaded_comment . '

    '; + . '

    ' + . __('Freeloaded') . ': ' . htmlspecialchars($shift->freeloaded_comment) + . '

    '; } else { $myshift['comment'] .= '

    ' . __('Freeloaded') . '

    '; } @@ -454,7 +456,7 @@ function User_view_worklog(Worklog $worklog, $admin_user_worklog_privilege) 'duration' => sprintf('%.2f', $worklog->hours) . ' h', 'room' => '', 'shift_info' => __('Work log entry'), - 'comment' => $worklog->comment . '
    ' + 'comment' => htmlspecialchars($worklog->comment) . '
    ' . sprintf( __('Added by %s at %s'), User_Nick_render($worklog->creator), @@ -616,8 +618,8 @@ function User_view( config('enable_dect') && $user_source->contact->dect ? heading( icon('phone') - . ' ' - . $user_source->contact->dect + . ' ' + . htmlspecialchars($user_source->contact->dect) . '' ) : '', @@ -625,8 +627,8 @@ function User_view( $user_source->settings->mobile_show ? heading( icon('phone') - . ' ' - . $user_source->contact->mobile + . ' ' + . htmlspecialchars($user_source->contact->mobile) . '' ) : '' @@ -647,18 +649,19 @@ function User_view( ($its_me || $admin_user_privilege) ? '

    ' . __('Shifts') . '

    ' : '', $myshifts_table, ($its_me && $nightShiftsConfig['enabled'] && $goodie_enabled) ? info( - icon('info-circle') . sprintf( - __('Your night shifts between %d and %d am count twice.'), + sprintf( + icon('info-circle') . __('Your night shifts between %d and %d am count twice.'), $nightShiftsConfig['start'], $nightShiftsConfig['end'] ), + true, true ) : '', $its_me && count($shifts) == 0 ? error(sprintf( __('Go to the shifts table to sign yourself up for some shifts.'), page_link_to('user_shifts') - ), true) + ), true, true) : '', $its_me ? ical_hint() : '', ] @@ -788,7 +791,7 @@ function User_angeltypes_render($user_angeltypes) $class = 'text-warning'; } $output[] = '' - . ($angeltype->pivot->supporter ? icon('patch-check') : '') . $angeltype->name + . ($angeltype->pivot->supporter ? icon('patch-check') : '') . htmlspecialchars($angeltype->name) . ''; } return div('col-md-2', [ @@ -805,7 +808,7 @@ function User_groups_render($user_groups) { $output = []; foreach ($user_groups as $group) { - $output[] = __($group->name); + $output[] = __(htmlspecialchars($group->name)); } return div('col-md-2', [ @@ -825,9 +828,11 @@ function User_oauth_render(User $user) $output = []; foreach ($user->oauth as $oauth) { $output[] = __( - isset($config[$oauth->provider]['name']) - ? $config[$oauth->provider]['name'] - : Str::ucfirst($oauth->provider) + htmlspecialchars( + isset($config[$oauth->provider]['name']) + ? $config[$oauth->provider]['name'] + : Str::ucfirst($oauth->provider) + ) ); } @@ -968,7 +973,10 @@ function render_user_tshirt_hint() function render_user_dect_hint() { $user = auth()->user(); - if ($user->state->arrived && config('enable_dect') && !$user->contact->dect) { + if ( + $user->state->arrived + && config('enable_dect') && !$user->contact->dect + ) { $text = __('You need to specify a DECT phone number in your settings! If you don\'t have a DECT phone, just enter \'-\'.'); return render_profile_link($text); } diff --git a/resources/views/emails/angeltype-added.twig b/resources/views/emails/angeltype-added.twig index 5ce3fc83..a66a4eb3 100644 --- a/resources/views/emails/angeltype-added.twig +++ b/resources/views/emails/angeltype-added.twig @@ -3,9 +3,9 @@ {% set url=url('/angeltypes', {'action': 'view', 'angeltype_id': angeltype.id}) %} {% block introduction %} -{{ __('notification.angeltype.added.introduction', [angeltype.name, url])|raw }} +{{ __('notification.angeltype.added.introduction', [angeltype.name|e, url])|raw }} {% endblock %} {% block message %} -{{ __('notification.angeltype.added.text', [angeltype.name, url])|raw }} +{{ __('notification.angeltype.added.text', [angeltype.name|e, url])|raw }} {% endblock %} diff --git a/resources/views/emails/angeltype-confirmed.twig b/resources/views/emails/angeltype-confirmed.twig index 1fd2d0b1..8f2c3e17 100644 --- a/resources/views/emails/angeltype-confirmed.twig +++ b/resources/views/emails/angeltype-confirmed.twig @@ -3,9 +3,9 @@ {% set url=url('/angeltypes', {'action': 'view', 'angeltype_id': angeltype.id}) %} {% block introduction %} -{{ __('notification.angeltype.confirmed.introduction', [angeltype.name, url])|raw }} +{{ __('notification.angeltype.confirmed.introduction', [angeltype.name|e, url])|raw }} {% endblock %} {% block message %} -{{ __('notification.angeltype.confirmed.text', [angeltype.name, url])|raw }} +{{ __('notification.angeltype.confirmed.text', [angeltype.name|e, url])|raw }} {% endblock %} diff --git a/resources/views/pages/login.twig b/resources/views/pages/login.twig index 27400ffc..1d50401a 100644 --- a/resources/views/pages/login.twig +++ b/resources/views/pages/login.twig @@ -7,7 +7,7 @@
    -

    {{ __('Welcome to the %s!', [config('name') ~ m.angel() ~ (config('app_name')|upper) ])|raw }}

    +

    {{ __('Welcome to the %s!', [config('name')|e ~ m.angel() ~ (config('app_name')|upper|e) ])|raw }}