function testSanitizeHtml() { $result = CoreUtils::sanitizeHtml('<script>alert("XSS")</script><a href="/#hax">Click me</a>'); self::assertEquals('<script>alert("XSS")</script><a href="/#hax">Click me</a>', $result); $result = CoreUtils::sanitizeHtml('Text<b>Bold</b><i>Italic</i><strong>Strong</strong><em>Emphasis</em>Text'); self::assertEquals('Text<b>Bold</b><i>Italic</i><strong>Strong</strong><em>Emphasis</em>Text', $result); }
$data = array('ishuman' => $EQG, 'cm_favme' => null); $label = (new Input('label', 'string', array(Input::IN_RANGE => [4, 70], Input::CUSTOM_ERROR_MESSAGES => array(Input::ERROR_MISSING => 'Appearance name is missing', Input::ERROR_RANGE => 'Appearance name must be beetween @min and @max characters long'))))->out(); CoreUtils::checkStringValidity($label, "Appearance name", INVERSE_PRINTABLE_ASCII_PATTERN); if (!$creating) { $CGDb->where('id', $Appearance['id'], '!='); } $dupe = $CGDb->where('ishuman', $data['ishuman'])->where('label', $label)->getOne('appearances'); if (!empty($dupe)) { $eqg_url = $EQG ? '/eqg' : ''; Response::fail("An appearance <a href='/cg{$eqg_url}/v/{$dupe['id']}' target='_blank'>already esists</a> in the " . ($EQG ? 'EQG' : 'Pony') . ' guide with this exact name. Consider adding an identifier in backets or choosing a different name.'); } $data['label'] = $label; $notes = (new Input('notes', 'text', array(Input::IS_OPTIONAL => true, Input::IN_RANGE => $creating || $Appearance['id'] !== 0 ? [null, 1000] : null, Input::CUSTOM_ERROR_MESSAGES => array(Input::ERROR_RANGE => 'Appearance notes cannot be longer than @max characters'))))->out(); if (isset($notes)) { CoreUtils::checkStringValidity($notes, "Appearance notes", INVERSE_PRINTABLE_ASCII_PATTERN); $notes = CoreUtils::sanitizeHtml($notes); if ($creating || $notes !== $Appearance['notes']) { $data['notes'] = $notes; } } else { $data['notes'] = null; } $cm_favme = (new Input('cm_favme', 'string', array(Input::IS_OPTIONAL => true)))->out(); if (isset($cm_favme)) { try { $Image = new ImageProvider($cm_favme, array('fav.me', 'dA')); CoreUtils::checkDeviationInClub($Image->id, true); $data['cm_favme'] = $Image->id; } catch (MismatchedProviderException $e) { Response::fail('The vector must be on DeviantArt, ' . $e->getActualProvider() . ' links are not allowed'); } catch (Exception $e) {