mirror of
https://github.com/linuxserver/Heimdall.git
synced 2025-11-02 05:57:48 +09:00
Escape search queries and add setting value on edit
This commit is contained in:
Chris Hunt
@@ -18,6 +18,9 @@ class SearchController extends Controller
|
|||||||
$requestprovider = $request->input('provider');
|
$requestprovider = $request->input('provider');
|
||||||
$query = $request->input('q');
|
$query = $request->input('q');
|
||||||
|
|
||||||
|
// Sanitize the query to prevent XSS
|
||||||
|
$query = htmlspecialchars($query, ENT_QUOTES, 'UTF-8');
|
||||||
|
|
||||||
// Validate the presence and non-emptiness of the query parameter
|
// Validate the presence and non-emptiness of the query parameter
|
||||||
if (!$query || trim($query) === '') {
|
if (!$query || trim($query) === '') {
|
||||||
abort(400, 'Missing or empty query parameter');
|
abort(400, 'Missing or empty query parameter');
|
||||||
|
|||||||
@@ -45,6 +45,7 @@ class SettingsController extends Controller
|
|||||||
if (! is_null($setting)) {
|
if (! is_null($setting)) {
|
||||||
return view('settings.edit')->with([
|
return view('settings.edit')->with([
|
||||||
'setting' => $setting,
|
'setting' => $setting,
|
||||||
|
'value' => $setting->value,
|
||||||
]);
|
]);
|
||||||
} else {
|
} else {
|
||||||
$route = route('settings.list', []);
|
$route = route('settings.list', []);
|
||||||
|
|||||||
@@ -121,7 +121,7 @@ abstract class Search
|
|||||||
$output .= '<option value="'.$key.'"'.$selected.'>'.$searchprovider['name'].'</option>';
|
$output .= '<option value="'.$key.'"'.$selected.'>'.$searchprovider['name'].'</option>';
|
||||||
}
|
}
|
||||||
$output .= '</select>';
|
$output .= '</select>';
|
||||||
$output .= '<input type="text" name="q" value="'.(Input::get('q') ?? '').'" class="homesearch" autofocus placeholder="'.__('app.settings.search').'..." />';
|
$output .= '<input type="text" name="q" value="'.e(Input::get('q') ?? '').'" class="homesearch" autofocus placeholder="'.__('app.settings.search').'..." />';
|
||||||
$output .= '<button type="submit">'.ucwords(__('app.settings.search')).'</button>';
|
$output .= '<button type="submit">'.ucwords(__('app.settings.search')).'</button>';
|
||||||
$output .= '</div>';
|
$output .= '</div>';
|
||||||
$output .= '</form>';
|
$output .= '</form>';
|
||||||
|
|||||||
@@ -150,38 +150,38 @@ class Setting extends Model
|
|||||||
switch ($this->type) {
|
switch ($this->type) {
|
||||||
case 'image':
|
case 'image':
|
||||||
$value = '';
|
$value = '';
|
||||||
if (isset($this->value) && ! empty($this->value)) {
|
if (isset($this->value) && !empty($this->value)) {
|
||||||
$value .= '<a class="setting-view-image" href="'.
|
$value .= '<a class="setting-view-image" href="' .
|
||||||
asset('storage/'.$this->value).
|
asset('storage/' . $this->value) .
|
||||||
'" title="'.
|
'" title="' .
|
||||||
__('app.settings.view').
|
__('app.settings.view') .
|
||||||
'" target="_blank"><img src="'.
|
'" target="_blank"><img src="' .
|
||||||
asset('storage/'.
|
asset('storage/' .
|
||||||
$this->value).
|
$this->value) .
|
||||||
'" /></a>';
|
'" /></a>';
|
||||||
}
|
}
|
||||||
$value .= '<input type="file" name="value" class="form-control" />';
|
$value .= '<input type="file" name="value" class="form-control" />';
|
||||||
if (isset($this->value) && ! empty($this->value)) {
|
if (isset($this->value) && !empty($this->value)) {
|
||||||
$value .= '<a class="settinglink" href="'.
|
$value .= '<a class="settinglink" href="' .
|
||||||
route('settings.clear', $this->id).
|
route('settings.clear', $this->id) .
|
||||||
'" title="'.
|
'" title="' .
|
||||||
__('app.settings.remove').
|
__('app.settings.remove') .
|
||||||
'">'.
|
'">' .
|
||||||
__('app.settings.reset').
|
__('app.settings.reset') .
|
||||||
'</a>';
|
'</a>';
|
||||||
}
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
case 'boolean':
|
case 'boolean':
|
||||||
$checked = false;
|
$checked = false;
|
||||||
if (isset($this->value) && (bool) $this->value === true) {
|
if (isset($this->value) && (bool)$this->value === true) {
|
||||||
$checked = true;
|
$checked = true;
|
||||||
}
|
}
|
||||||
$set_checked = ($checked) ? ' checked="checked"' : '';
|
$set_checked = ($checked) ? ' checked="checked"' : '';
|
||||||
$value = '
|
$value = '
|
||||||
<input type="hidden" name="value" value="0" />
|
<input type="hidden" name="value" value="0" />
|
||||||
<label class="switch">
|
<label class="switch">
|
||||||
<input type="checkbox" name="value" value="1"'.$set_checked.' />
|
<input type="checkbox" name="value" value="1"' . $set_checked . ' />
|
||||||
<span class="slider round"></span>
|
<span class="slider round"></span>
|
||||||
</label>';
|
</label>';
|
||||||
|
|
||||||
@@ -193,15 +193,15 @@ class Setting extends Model
|
|||||||
}
|
}
|
||||||
$value = '<select name="value" class="form-control">';
|
$value = '<select name="value" class="form-control">';
|
||||||
foreach ($options as $key => $opt) {
|
foreach ($options as $key => $opt) {
|
||||||
$value .= '<option value="'.$key.'" '.(($this->value == $key) ? 'selected' : '').'>'.__($opt).'</option>';
|
$value .= '<option value="' . $key . '" ' . (($this->value == $key) ? 'selected' : '') . '>' . __($opt) . '</option>';
|
||||||
}
|
}
|
||||||
$value .= '</select>';
|
$value .= '</select>';
|
||||||
break;
|
break;
|
||||||
case 'textarea':
|
case 'textarea':
|
||||||
$value = '<textarea name="value" class="form-control" cols="44" rows="15"></textarea>';
|
$value = '<textarea name="value" class="form-control" cols="44" rows="15">' . htmlspecialchars($this->value, ENT_QUOTES, 'UTF-8') . '</textarea>';
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
$value = '<input type="text" name="value" class="form-control" />';
|
$value = '<input type="text" name="value" class="form-control" value="' . htmlspecialchars($this->value, ENT_QUOTES, 'UTF-8') . '" />';
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ use Illuminate\Support\Facades\Facade;
|
|||||||
|
|
||||||
return [
|
return [
|
||||||
|
|
||||||
'version' => '2.7.2',
|
'version' => '2.7.3',
|
||||||
|
|
||||||
'appsource' => env('APP_SOURCE', 'https://appslist.heimdall.site/'),
|
'appsource' => env('APP_SOURCE', 'https://appslist.heimdall.site/'),
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user