Skip to content

Commit

Permalink
Merge pull request ILIAS-eLearning#7562 from mjansenDatabay/hotfix/8/…
Browse files Browse the repository at this point in the history 
…41229

Poll/Block: Ensure proper input/output handling
  • Loading branch information
@schmitz-ilias
schmitz-ilias committed Jun 4, 2024
1 parent 010a037 commit 8b067eb
Show file tree
Hide file tree
Showing 6 changed files with 96 additions and 33 deletions.
24 changes: 17 additions & 7 deletions components/ILIAS/Block/classes/class.ilBlockGUI.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,16 @@ abstract public function getBlockType(): string;
*/
abstract protected function isRepositoryObject(): bool;

protected function specialCharsAsEntities(string $string): string
{
// Should be replaced by a proper refinery transformation once https://github.com/ILIAS-eLearning/ILIAS/pull/6314 is merged
return htmlspecialchars(
$string,
ENT_QUOTES | ENT_SUBSTITUTE,
'utf-8'
);
}

public function setData(array $a_data): void
{
$this->data = $a_data;
Expand Down Expand Up @@ -848,22 +858,22 @@ public function getHTMLNew(): string
switch ($this->getPresentation()) {
case self::PRES_SEC_LEG:
$panel = $this->factory->panel()->secondary()->legacy(
$this->getTitle(),
$this->specialCharsAsEntities($this->getTitle()),
$this->factory->legacy($this->getLegacyContent())
);
break;

case self::PRES_MAIN_LEG:
$panel = $this->factory->panel()->standard(
$this->getTitle(),
$this->specialCharsAsEntities($this->getTitle()),
$this->factory->legacy($this->getLegacyContent())
);
break;

case self::PRES_SEC_LIST:
$this->handleNavigation();
$panel = $this->factory->panel()->secondary()->listing(
$this->getTitle(),
$this->specialCharsAsEntities($this->getTitle()),
$this->getListItemGroups()
);
break;
Expand All @@ -872,7 +882,7 @@ public function getHTMLNew(): string
case self::PRES_MAIN_LIST:
$this->handleNavigation();
$panel = $this->factory->panel()->listing()->standard(
$this->getTitle(),
$this->specialCharsAsEntities($this->getTitle()),
$this->getListItemGroups()
);
break;
Expand All @@ -883,12 +893,12 @@ public function getHTMLNew(): string
($panel->getItemGroups() === [] || (count($panel->getItemGroups()) === 1 && $panel->getItemGroups()[0]->getItems() === []))) {
if ($this->getPresentation() === self::PRES_SEC_LIST) {
$panel = $this->factory->panel()->secondary()->legacy(
$this->getTitle(),
$this->specialCharsAsEntities($this->getTitle()),
$this->factory->legacy($this->getNoItemFoundContent())
);
} else {
$panel = $this->factory->panel()->standard(
$this->getTitle(),
$this->specialCharsAsEntities($this->getTitle()),
$this->factory->legacy($this->getNoItemFoundContent())
);
}
Expand Down Expand Up @@ -958,7 +968,7 @@ protected function getActionsForPanel(): ?Dropdown
$actions = $this->factory->dropdown()->standard($actions)
->withAriaLabel(sprintf(
$this->lng->txt('actions_for'),
htmlspecialchars($this->getTitle())
$this->specialCharsAsEntities($this->getTitle())
));
return $actions;
}
Expand Down
22 changes: 15 additions & 7 deletions components/ILIAS/Poll/classes/BlockGUI/Answers/class.ilPollAnswersRenderer.php
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
<?php

declare(strict_types=1);

/**
* This file is part of ILIAS, a powerful learning management system
* published by ILIAS open source e-Learning e.V.
Expand All @@ -16,16 +14,23 @@
* https://www.ilias.de
* https://github.com/ILIAS-eLearning
*
********************************************************************
*/
*********************************************************************/

declare(strict_types=1);

use ILIAS\Refinery\Factory as Refinery;

class ilPollAnswersRenderer
{
protected ilLanguage $lng;
protected Refinery $refinery;

public function __construct(ilLanguage $lng)
{
public function __construct(
ilLanguage $lng,
Refinery $refinery
) {
$this->lng = $lng;
$this->refinery = $refinery;
}

public function render(
Expand Down Expand Up @@ -98,7 +103,10 @@ protected function renderAnswer(
}
}
$tpl->setVariable("VALUE_ANSWER", $id);
$tpl->setVariable("TXT_ANSWER_VOTE", nl2br($answer));
$tpl->setVariable(
"TXT_ANSWER_VOTE",
$this->refinery->encode()->htmlSpecialCharsAsEntities()->transform(nl2br($answer))
);
$tpl->parseCurrentBlock();
}
}
21 changes: 14 additions & 7 deletions components/ILIAS/Poll/classes/BlockGUI/Results/class.ilPollResultsRenderer.php
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
<?php

declare(strict_types=1);

/**
* This file is part of ILIAS, a powerful learning management system
* published by ILIAS open source e-Learning e.V.
Expand All @@ -16,17 +14,23 @@
* https://www.ilias.de
* https://github.com/ILIAS-eLearning
*
********************************************************************
*/
*********************************************************************/

declare(strict_types=1);

use ILIAS\Refinery\Factory as Refinery;

class ilPollResultsRenderer
{
protected int $ref_id;
protected Refinery $refinery;

public function __construct(
int $ref_id
int $ref_id,
Refinery $refinery
) {
$this->ref_id = $ref_id;
$this->refinery = $refinery;
}

public function render(
Expand Down Expand Up @@ -54,7 +58,7 @@ protected function renderPieChart(
foreach ($results->getOrderedAnswerIds() as $id) {
$chart_data->addPiePoint(
(int) round($results->getAnswerPercentage($id)),
nl2br($results->getAnswerText($id))
$this->refinery->encode()->htmlSpecialCharsAsEntities()->transform(nl2br($results->getAnswerText($id)))
);
}

Expand All @@ -79,7 +83,10 @@ protected function renderBarChart(
$pbar->setCurrent(round($results->getAnswerPercentage($id)));
$pbar->setCaption('(' . $results->getAnswerTotal($id) . ')');
$tpl->setVariable("PERC_ANSWER_RESULT", $pbar->render());
$tpl->setVariable("TXT_ANSWER_RESULT", nl2br($results->getAnswerText($id)));
$tpl->setVariable(
"TXT_ANSWER_RESULT",
$this->refinery->encode()->htmlSpecialCharsAsEntities()->transform(nl2br($results->getAnswerText($id)))
);
$tpl->parseCurrentBlock();
}
}
Expand Down
18 changes: 14 additions & 4 deletions components/ILIAS/Poll/classes/BlockGUI/class.ilPollBlockGUI.php
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
<?php

declare(strict_types=1);

/**
* This file is part of ILIAS, a powerful learning management system
* published by ILIAS open source e-Learning e.V.
Expand All @@ -19,8 +17,11 @@
********************************************************************
*/

declare(strict_types=1);

use ILIAS\UI\Factory as UIFactory;
use ILIAS\UI\Renderer as UIRenderer;
use ILIAS\Refinery\Factory as Refinery;

/**
* BlockGUI class for polls.
Expand All @@ -36,6 +37,7 @@ class ilPollBlockGUI extends ilBlockGUI
protected bool $new_rendering = true;
protected UIFactory $ui_factory;
protected UIRenderer $ui_renderer;
protected Refinery $refinery;
protected ilPollStateInfo $state;
protected ilPollCommentsHandler $comments;

Expand All @@ -49,6 +51,7 @@ public function __construct()
$this->access = $DIC->access();
$this->ui_factory = $DIC->ui()->factory();
$this->ui_renderer = $DIC->ui()->renderer();
$this->refinery = $DIC->refinery();

parent::__construct();

Expand Down Expand Up @@ -196,12 +199,19 @@ protected function initContentRenderer(): ilPollContentRenderer
$this->lng,
$this->ui_factory,
$this->ui_renderer,
$this->refinery,
$this->state,
$this->comments,
$answers,
new ilPollAnswersRenderer($this->lng),
new ilPollAnswersRenderer(
$this->lng,
$this->refinery
),
$results,
new ilPollResultsRenderer($this->getRefId())
new ilPollResultsRenderer(
$this->getRefId(),
$this->refinery
)
);
}

Expand Down
18 changes: 14 additions & 4 deletions components/ILIAS/Poll/classes/BlockGUI/class.ilPollContentRenderer.php
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
<?php

declare(strict_types=1);

/**
* This file is part of ILIAS, a powerful learning management system
* published by ILIAS open source e-Learning e.V.
Expand All @@ -19,8 +17,11 @@
********************************************************************
*/

declare(strict_types=1);

use ILIAS\UI\Factory as UIFactory;
use ILIAS\UI\Renderer as UIRenderer;
use ILIAS\Refinery\Factory as Refinery;

class ilPollContentRenderer
{
Expand All @@ -33,11 +34,13 @@ class ilPollContentRenderer
protected ilLanguage $lng;
protected UIFactory $ui_factory;
protected UIRenderer $ui_renderer;
protected Refinery $refinery;

public function __construct(
ilLanguage $lng,
UIFactory $ui_factory,
UIRenderer $ui_renderer,
Refinery $refinery,
ilPollStateInfo $availability,
ilPollCommentsHandler $comments,
ilPollAnswersHandler $answers,
Expand All @@ -48,6 +51,7 @@ public function __construct(
$this->lng = $lng;
$this->ui_factory = $ui_factory;
$this->ui_renderer = $ui_renderer;
$this->refinery = $refinery;
$this->state = $availability;
$this->comments = $comments;
$this->answers = $answers;
Expand Down Expand Up @@ -219,7 +223,10 @@ protected function renderQuestion(
string $text,
?string $img_path
): void {
$tpl->setVariable("TXT_QUESTION", nl2br(trim($text)));
$tpl->setVariable(
"TXT_QUESTION",
$this->refinery->encode()->htmlSpecialCharsAsEntities()->transform(nl2br(trim($text)))
);
if ($img_path) {
$tpl->setVariable(
"URL_IMAGE",
Expand Down Expand Up @@ -300,7 +307,10 @@ protected function renderDescription(
): void {
$description = trim($description);
if ($description) {
$tpl->setVariable("TXT_DESC", nl2br($description));
$tpl->setVariable(
"TXT_DESC",
$this->refinery->encode()->htmlSpecialCharsAsEntities()->transform(nl2br($description))
);
}
}

Expand Down
26 changes: 22 additions & 4 deletions components/ILIAS/Poll/classes/class.ilPollDataSet.php
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
<?php

declare(strict_types=1);

/**
* This file is part of ILIAS, a powerful learning management system
* published by ILIAS open source e-Learning e.V.
Expand All @@ -16,8 +14,9 @@
* https://www.ilias.de
* https://github.com/ILIAS-eLearning
*
********************************************************************
*/
*********************************************************************/

declare(strict_types=1);

/**
* Poll Dataset class
Expand Down Expand Up @@ -180,6 +179,24 @@ public function importRecord(
ilImportMapping $a_mapping,
string $a_schema_version
): void {
$a_rec = $this->stripTags(
$a_rec,
[
'Id',
'MaxAnswers',
'ResultSort',
'NonAnon',
'ShowResultsAs',
'ShowComments',
'ViewResults',
'Period',
'PeriodBegin',
'PeriodEnd',
'PollId',
'pos',
]
);

switch ($a_entity) {
case "poll":
// container copy
Expand All @@ -190,6 +207,7 @@ public function importRecord(
$newObj->create();
}

/** @var ilObjPoll $newObj */
$newObj->setTitle((string) ($a_rec["Title"] ?? ''));
$newObj->setDescription((string) ($a_rec["Description"]));
if ((int) $a_rec["MaxAnswers"]) {
Expand Down

0 comments on commit 8b067eb

Please sign in to comment.