mirror of
https://github.com/nuxsmin/sysPass.git
synced 2026-03-04 23:54:08 +01:00
fix: Return safe url for accounts. (#1839)
Signed-off-by: Rubén D <nuxsmin@syspass.org>
This commit is contained in:
@@ -1,4 +1,27 @@
|
||||
<?php
|
||||
/*
|
||||
* sysPass
|
||||
*
|
||||
* @author nuxsmin
|
||||
* @link https://syspass.org
|
||||
* @copyright 2012-2022, Rubén Domínguez nuxsmin@$syspass.org
|
||||
*
|
||||
* This file is part of sysPass.
|
||||
*
|
||||
* sysPass is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* sysPass is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @var callable $_getvar
|
||||
* @var ThemeIcons $icons
|
||||
@@ -253,11 +276,8 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
|
||||
class="mdl-textfield__input mdl-color-text--indigo-400"
|
||||
rows="3" id="notes"
|
||||
name="notes"
|
||||
maxlength="5000" <?php echo $_getvar('readonly'); ?>>
|
||||
<?php echo $gotData
|
||||
? htmlspecialchars($accountData->getNotes(), ENT_QUOTES)
|
||||
: ''; ?>
|
||||
</textarea>
|
||||
maxlength="5000" <?php echo $_getvar('readonly'); ?>><?php echo $gotData
|
||||
? htmlspecialchars($accountData->getNotes(), ENT_QUOTES) : ''; ?></textarea>
|
||||
<label class="mdl-textfield__label"
|
||||
for="notes"><?php echo __('Notes about the account'); ?></label>
|
||||
</div>
|
||||
|
||||
@@ -1,4 +1,27 @@
|
||||
<?php
|
||||
/*
|
||||
* sysPass
|
||||
*
|
||||
* @author nuxsmin
|
||||
* @link https://syspass.org
|
||||
* @copyright 2012-2022, Rubén Domínguez nuxsmin@$syspass.org
|
||||
*
|
||||
* This file is part of sysPass.
|
||||
*
|
||||
* sysPass is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* sysPass is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @var ThemeIcons $icons
|
||||
* @var callable $_getvar
|
||||
@@ -102,9 +125,12 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
|
||||
<div class="field-url field-text label-field">
|
||||
<div class="field-name"><?php echo __('URL / IP'); ?></div>
|
||||
<?php if ($accountSearchItem->isUrlIslink()): ?>
|
||||
<a href="<?php echo urlencode($accountSearchData->getUrl()); ?>"
|
||||
<a href="<?php echo $accountSearchItem->getSafeUrl(); ?>"
|
||||
target="_blank"
|
||||
title="<?php printf(__('Open link to: %s'), htmlspecialchars($accountSearchData->getUrl(), ENT_QUOTES)); ?>">
|
||||
title="<?php printf(
|
||||
__('Open link to: %s'),
|
||||
htmlspecialchars($accountSearchData->getUrl(), ENT_QUOTES)
|
||||
); ?>">
|
||||
<?php echo htmlspecialchars($accountSearchItem->getShortUrl(), ENT_QUOTES); ?>
|
||||
</a>
|
||||
<?php else: ?>
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
<?php
|
||||
/**
|
||||
/*
|
||||
* sysPass
|
||||
*
|
||||
* @author nuxsmin
|
||||
* @link https://syspass.org
|
||||
* @copyright 2012-2019, Rubén Domínguez nuxsmin@$syspass.org
|
||||
* @author nuxsmin
|
||||
* @link https://syspass.org
|
||||
* @copyright 2012-2022, Rubén Domínguez nuxsmin@$syspass.org
|
||||
*
|
||||
* This file is part of sysPass.
|
||||
*
|
||||
@@ -19,7 +19,7 @@
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
|
||||
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
namespace SP\Html;
|
||||
@@ -176,4 +176,19 @@ final class Html
|
||||
// Replace tags, then new lines, tabs and return chars, and then 2 or more spaces
|
||||
return trim(preg_replace(['/<[^>]*>/', '/[\n\t\r]+/', '/\s{2,}/'], ' ', $text));
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $url
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public static function getSafeUrl(string $url): string
|
||||
{
|
||||
if (preg_match('#^((?:https?|ftp|ssh|rdp)://[\w._-]+/)(.*)#', $url, $urlParts)
|
||||
&& count($urlParts) === 3) {
|
||||
return $urlParts[1].urlencode($urlParts[2]);
|
||||
}
|
||||
|
||||
return urlencode($url);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
<?php
|
||||
/**
|
||||
/*
|
||||
* sysPass
|
||||
*
|
||||
* @author nuxsmin
|
||||
* @link https://syspass.org
|
||||
* @copyright 2012-2019, Rubén Domínguez nuxsmin@$syspass.org
|
||||
* @author nuxsmin
|
||||
* @link https://syspass.org
|
||||
* @copyright 2012-2022, Rubén Domínguez nuxsmin@$syspass.org
|
||||
*
|
||||
* This file is part of sysPass.
|
||||
*
|
||||
@@ -19,7 +19,7 @@
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
|
||||
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
namespace SP\Services\Account;
|
||||
@@ -202,7 +202,7 @@ final class AccountSearchItem
|
||||
*/
|
||||
public function getShortUrl()
|
||||
{
|
||||
return Html::truncate($this->accountSearchVData->getUrl(), $this->textMaxLength);
|
||||
return Html::truncate($this->getSafeUrl(), $this->textMaxLength);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -210,7 +210,15 @@ final class AccountSearchItem
|
||||
*/
|
||||
public function isUrlIslink()
|
||||
{
|
||||
return preg_match('#^\w+://#i', $this->accountSearchVData->getUrl());
|
||||
return preg_match('#^\w+://#', $this->accountSearchVData->getUrl());
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string
|
||||
*/
|
||||
public function getSafeUrl()
|
||||
{
|
||||
return Html::getSafeUrl($this->accountSearchVData->getUrl());
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
/*
|
||||
* sysPass
|
||||
*
|
||||
* @author nuxsmin
|
||||
* @link https://syspass.org
|
||||
* @copyright 2012-2019, Rubén Domínguez nuxsmin@$syspass.org
|
||||
* @author nuxsmin
|
||||
* @link https://syspass.org
|
||||
* @copyright 2012-2022, Rubén Domínguez nuxsmin@$syspass.org
|
||||
*
|
||||
* This file is part of sysPass.
|
||||
*
|
||||
@@ -20,7 +20,7 @@
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
|
||||
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
namespace SP\Services\Install;
|
||||
@@ -60,9 +60,9 @@ final class Installer extends Service
|
||||
/**
|
||||
* sysPass' version and build number
|
||||
*/
|
||||
const VERSION = [3, 2, 5];
|
||||
const VERSION = [3, 2, 6];
|
||||
const VERSION_TEXT = '3.2';
|
||||
const BUILD = 22060401;
|
||||
const BUILD = 22061601;
|
||||
|
||||
/**
|
||||
* @var DatabaseSetupInterface
|
||||
|
||||
Reference in New Issue
Block a user