From 588590bd2c0346e2465ff8f1930580d76a3bf068 Mon Sep 17 00:00:00 2001
From: Yassine Doghri <yassine@doghri.fr>
Date: Sun, 23 Jan 2022 16:53:23 +0000
Subject: [PATCH] fix(xml-editor): escape xml editor's content + restyle form
sections to prevent overflowing
---
app/Views/Components/Forms/Section.php | 6 +++---
app/Views/Components/Forms/XMLEditor.php | 10 ++++++++--
themes/cp_admin/_partials/_user_info.php | 2 +-
themes/cp_admin/episode/create.php | 6 +++---
themes/cp_admin/episode/delete.php | 2 +-
themes/cp_admin/episode/edit.php | 8 ++++----
themes/cp_admin/episode/embed.php | 2 +-
themes/cp_admin/episode/publish.php | 2 +-
themes/cp_admin/episode/publish_edit.php | 2 +-
themes/cp_admin/episode/unpublish.php | 2 +-
themes/cp_admin/podcast/create.php | 2 +-
themes/cp_admin/podcast/edit.php | 6 +++---
themes/cp_admin/podcast/import.php | 2 +-
themes/cp_admin/settings/general.php | 4 ++--
themes/cp_admin/settings/theme.php | 2 +-
15 files changed, 32 insertions(+), 26 deletions(-)
diff --git a/app/Views/Components/Forms/Section.php b/app/Views/Components/Forms/Section.php
index cf7367448e..eedd05a5cf 100644
--- a/app/Views/Components/Forms/Section.php
+++ b/app/Views/Components/Forms/Section.php
@@ -16,13 +16,13 @@ class Section extends Component
public function render(): string
{
- $subtitle = $this->subtitle === null ? '' : '<p class="text-sm clear-left text-skin-muted ' . $this->subtitleClass . '">' . $this->subtitle . '</p>';
+ $subtitle = $this->subtitle === null ? '' : '<p class="text-sm text-skin-muted ' . $this->subtitleClass . '">' . $this->subtitle . '</p>';
return <<<HTML
- <fieldset class="w-full p-8 bg-elevated border-3 border-subtle rounded-xl {$this->class}">
+ <fieldset class="w-full p-8 bg-elevated border-3 flex flex-col items-start border-subtle rounded-xl {$this->class}">
<Heading tagName="legend" class="float-left">{$this->title}</Heading>
{$subtitle}
- <div class="flex flex-col gap-4 py-4 clear-left">{$this->slot}</div>
+ <div class="flex flex-col w-0 min-w-full gap-4 py-4">{$this->slot}</div>
</fieldset>
HTML;
}
diff --git a/app/Views/Components/Forms/XMLEditor.php b/app/Views/Components/Forms/XMLEditor.php
index c3ec19ba30..fded20019d 100644
--- a/app/Views/Components/Forms/XMLEditor.php
+++ b/app/Views/Components/Forms/XMLEditor.php
@@ -14,11 +14,17 @@ class XMLEditor extends FormComponent
'class' => 'textarea',
];
+ protected string $content = '';
+
+ public function setContent(string $value): void
+ {
+ $this->content = htmlspecialchars_decode($value);
+ }
+
public function render(): string
{
- $content = $this->slot;
$this->attributes['slot'] = 'textarea';
- $textarea = form_textarea($this->attributes, $content);
+ $textarea = form_textarea($this->attributes, $this->content);
return <<<HTML
<xml-editor>{$textarea}</time-ago>
diff --git a/themes/cp_admin/_partials/_user_info.php b/themes/cp_admin/_partials/_user_info.php
index eafb73b4e9..613aea146c 100644
--- a/themes/cp_admin/_partials/_user_info.php
+++ b/themes/cp_admin/_partials/_user_info.php
@@ -26,7 +26,7 @@
<dt class="text-sm font-medium leading-5 text-skin-muted">
<?= lang('User.form.permissions') ?>
</dt>
- <dd class="max-w-xl mt-1 text-sm leading-5">
+ <dd class="w-full max-w-xl mt-1 text-sm leading-5">
<?= implode(', ', $user->permissions) ?>
</dd>
</div>
diff --git a/themes/cp_admin/episode/create.php b/themes/cp_admin/episode/create.php
index 90eb4b7f84..bfc2d6115b 100644
--- a/themes/cp_admin/episode/create.php
+++ b/themes/cp_admin/episode/create.php
@@ -11,7 +11,7 @@
<?= $this->section('content') ?>
-<form action="<?= route_to('episode-create', $podcast->id) ?>" method="POST" enctype="multipart/form-data" class="flex flex-col max-w-xl mt-6 gap-y-8">
+<form action="<?= route_to('episode-create', $podcast->id) ?>" method="POST" enctype="multipart/form-data" class="flex flex-col w-full max-w-xl mt-6 gap-y-8">
<?= csrf_field() ?>
@@ -53,14 +53,14 @@
<div class="flex flex-col gap-x-2 gap-y-4 md:flex-row">
<Forms.Field
- class="flex-1 w-0"
+ class="flex-1 w-full"
name="season_number"
label="<?= lang('Episode.form.season_number') ?>"
type="number"
value="<?= $currentSeasonNumber ?>"
/>
<Forms.Field
- class="flex-1 w-0"
+ class="flex-1 w-full"
name="episode_number"
label="<?= lang('Episode.form.episode_number') ?>"
type="number"
diff --git a/themes/cp_admin/episode/delete.php b/themes/cp_admin/episode/delete.php
index 35a327eb0e..786ae3ff2a 100644
--- a/themes/cp_admin/episode/delete.php
+++ b/themes/cp_admin/episode/delete.php
@@ -10,7 +10,7 @@
<?= $this->section('content') ?>
-<form action="<?= route_to('episode-delete', $podcast->id, $episode->id) ?>" method="POST" class="flex flex-col max-w-xl mx-auto">
+<form action="<?= route_to('episode-delete', $podcast->id, $episode->id) ?>" method="POST" class="flex flex-col w-full max-w-xl mx-auto">
<?= csrf_field() ?>
<Alert variant="danger" glyph="alert" class="font-semibold"><?= lang('Episode.delete_form.disclaimer') ?></Alert>
diff --git a/themes/cp_admin/episode/edit.php b/themes/cp_admin/episode/edit.php
index 86a5bc9856..8f2cbb19b0 100644
--- a/themes/cp_admin/episode/edit.php
+++ b/themes/cp_admin/episode/edit.php
@@ -15,7 +15,7 @@
<?= $this->section('content') ?>
-<form id="episode-edit-form" action="<?= route_to('episode-edit', $podcast->id, $episode->id) ?>" method="POST" enctype="multipart/form-data" class="flex flex-col max-w-xl mt-6 gap-y-8">
+<form id="episode-edit-form" action="<?= route_to('episode-edit', $podcast->id, $episode->id) ?>" method="POST" enctype="multipart/form-data" class="flex flex-col w-full max-w-xl mt-6 gap-y-8">
<?= csrf_field() ?>
@@ -57,14 +57,14 @@
<div class="flex flex-col gap-x-2 gap-y-4 md:flex-row">
<Forms.Field
- class="flex-1 w-0"
+ class="flex-1 w-full"
name="season_number"
label="<?= lang('Episode.form.season_number') ?>"
type="number"
value="<?= $episode->season_number ?>"
/>
<Forms.Field
- class="flex-1 w-0"
+ class="flex-1 w-full"
name="episode_number"
label="<?= lang('Episode.form.episode_number') ?>"
type="number"
@@ -267,7 +267,7 @@
name="custom_rss"
label="<?= lang('Episode.form.custom_rss') ?>"
hint="<?= lang('Episode.form.custom_rss_hint') ?>"
- value="<?= $episode->custom_rss_string ?>"
+ content="<?= esc($episode->custom_rss_string) ?>"
/>
</Forms.Section>
diff --git a/themes/cp_admin/episode/embed.php b/themes/cp_admin/episode/embed.php
index 099b40b8a6..16057d97f2 100644
--- a/themes/cp_admin/episode/embed.php
+++ b/themes/cp_admin/episode/embed.php
@@ -24,7 +24,7 @@
<?php endforeach; ?>
</div>
-<iframe name="embed" id="embed" class="w-full max-w-xl mt-6 h-36" frameborder="0" scrolling="no" style="width: 100%; overflow: hidden;" src="<?= $episode->embed_url ?>"></iframe>
+<iframe name="embed" id="embed" class="w-full max-w-xl mt-6 h-28" frameborder="0" scrolling="no" style="width: 100%; overflow: hidden;" src="<?= $episode->embed_url ?>"></iframe>
<div class="flex items-center mt-8 gap-x-2">
<Forms.Textarea readonly="true" class="w-full max-w-xl" name="iframe" rows="2" value="<?= esc("<iframe width=\"100%\" height=\"280\" frameborder=\"0\" scrolling=\"no\" style=\"width: 100%; height: 280px; overflow: hidden;\" src=\"{$episode->embed_url}\"></iframe>") ?>" />
diff --git a/themes/cp_admin/episode/publish.php b/themes/cp_admin/episode/publish.php
index 26d22f6a31..09c3212d2a 100644
--- a/themes/cp_admin/episode/publish.php
+++ b/themes/cp_admin/episode/publish.php
@@ -18,7 +18,7 @@
],
) ?>
-<form action="<?= route_to('episode-publish', $podcast->id, $episode->id) ?>" method="POST" class="flex flex-col items-start max-w-xl mx-auto" data-submit="validate-message">
+<form action="<?= route_to('episode-publish', $podcast->id, $episode->id) ?>" method="POST" class="flex flex-col items-start w-full max-w-lg mx-auto mt-4" data-submit="validate-message">
<?= csrf_field() ?>
<input type="hidden" name="client_timezone" value="UTC" />
diff --git a/themes/cp_admin/episode/publish_edit.php b/themes/cp_admin/episode/publish_edit.php
index 0e63bc71ad..efe4d586f9 100644
--- a/themes/cp_admin/episode/publish_edit.php
+++ b/themes/cp_admin/episode/publish_edit.php
@@ -18,7 +18,7 @@
],
) ?>
-<form action="<?= route_to('episode-publish_edit', $podcast->id, $episode->id) ?>" method="POST" class="flex flex-col items-start max-w-xl mx-auto" data-submit="validate-message">
+<form action="<?= route_to('episode-publish_edit', $podcast->id, $episode->id) ?>" method="POST" class="flex flex-col items-start w-full max-w-lg mx-auto mt-4" data-submit="validate-message">
<?= csrf_field() ?>
<input type="hidden" name="client_timezone" value="UTC" />
<input type="hidden" name="post_id" value="<?= $post->id ?>" />
diff --git a/themes/cp_admin/episode/unpublish.php b/themes/cp_admin/episode/unpublish.php
index a6d420822e..e0fb7aa8aa 100644
--- a/themes/cp_admin/episode/unpublish.php
+++ b/themes/cp_admin/episode/unpublish.php
@@ -10,7 +10,7 @@
<?= $this->section('content') ?>
-<form action="<?= route_to('episode-unpublish', $podcast->id, $episode->id) ?>" method="POST" class="flex flex-col max-w-xl mx-auto">
+<form action="<?= route_to('episode-unpublish', $podcast->id, $episode->id) ?>" method="POST" class="flex flex-col max-w-lg mx-auto">
<?= csrf_field() ?>
<Alert variant="danger" glyph="alert" class="font-semibold"><?= lang('Episode.unpublish_form.disclaimer') ?></Alert>
diff --git a/themes/cp_admin/podcast/create.php b/themes/cp_admin/podcast/create.php
index 938121c10b..f42576cbef 100644
--- a/themes/cp_admin/podcast/create.php
+++ b/themes/cp_admin/podcast/create.php
@@ -14,7 +14,7 @@
<?= $this->section('content') ?>
-<form action="<?= route_to('podcast-create') ?>" method="POST" enctype='multipart/form-data' class="flex flex-col max-w-xl gap-y-6">
+<form action="<?= route_to('podcast-create') ?>" method="POST" enctype='multipart/form-data' class="flex flex-col w-full max-w-xl gap-y-6">
<?= csrf_field() ?>
<Forms.Section
diff --git a/themes/cp_admin/podcast/edit.php b/themes/cp_admin/podcast/edit.php
index 7d9c1be5a0..428a6dded0 100644
--- a/themes/cp_admin/podcast/edit.php
+++ b/themes/cp_admin/podcast/edit.php
@@ -36,7 +36,7 @@
</div>
</div>
-<div class="flex flex-col max-w-xl gap-y-6">
+<div class="flex flex-col w-full max-w-xl gap-y-6">
<Forms.Section
title="<?= lang('Podcast.form.identity_section_title') ?>"
@@ -217,8 +217,8 @@
as="XMLEditor"
name="custom_rss"
label="<?= lang('Podcast.form.custom_rss') ?>"
- value="<?= $podcast->custom_rss_string ?>"
- hint="<?= lang('Podcast.form.custom_rss_hint') ?>" />
+ hint="<?= lang('Podcast.form.custom_rss_hint') ?>"
+ content="<?= esc($podcast->custom_rss_string) ?>" />
</Forms.Section>
diff --git a/themes/cp_admin/podcast/import.php b/themes/cp_admin/podcast/import.php
index e7abcf463b..bd2ee7750a 100644
--- a/themes/cp_admin/podcast/import.php
+++ b/themes/cp_admin/podcast/import.php
@@ -12,7 +12,7 @@
<Alert glyph="alert" variant="danger" class="max-w-xl"><?= lang('PodcastImport.warning') ?></Alert>
-<form action="<?= route_to('podcast-import') ?>" method="POST" enctype='multipart/form-data' class="flex flex-col max-w-xl mt-6 gap-y-8">
+<form action="<?= route_to('podcast-import') ?>" method="POST" enctype='multipart/form-data' class="flex flex-col w-full max-w-xl mt-6 gap-y-8">
<?= csrf_field() ?>
<Forms.Section
diff --git a/themes/cp_admin/settings/general.php b/themes/cp_admin/settings/general.php
index 7c6a4a51be..396008ceb5 100644
--- a/themes/cp_admin/settings/general.php
+++ b/themes/cp_admin/settings/general.php
@@ -57,7 +57,7 @@
</form>
-<form action="<?= route_to('settings-images-regenerate') ?>" method="POST" class="flex flex-col max-w-xl gap-y-4">
+<form action="<?= route_to('settings-images-regenerate') ?>" method="POST" class="flex flex-col w-full max-w-xl gap-y-4">
<?= csrf_field() ?>
<Forms.Section
@@ -70,7 +70,7 @@
</form>
-<form action="<?= route_to('settings-housekeeping-run') ?>" method="POST" class="flex flex-col max-w-xl gap-y-4">
+<form action="<?= route_to('settings-housekeeping-run') ?>" method="POST" class="flex flex-col w-full max-w-xl gap-y-4">
<?= csrf_field() ?>
<Forms.Section
diff --git a/themes/cp_admin/settings/theme.php b/themes/cp_admin/settings/theme.php
index 6c43b91842..93d321f317 100644
--- a/themes/cp_admin/settings/theme.php
+++ b/themes/cp_admin/settings/theme.php
@@ -10,7 +10,7 @@
<?= $this->section('content') ?>
-<form action="<?= route_to('settings-theme') ?>" method="POST" class="flex flex-col max-w-xl gap-y-4" enctype="multipart/form-data">
+<form action="<?= route_to('settings-theme') ?>" method="POST" class="flex flex-col w-full max-w-xl gap-y-4" enctype="multipart/form-data">
<?= csrf_field() ?>
<Forms.Section
title="<?= lang('Settings.theme.accent_section_title') ?>"
--
GitLab