bitPickups/ad-aures_castoPod
1
0
Fork 0
mirror of https://github.com/ad-aures/castopod.git synced 2026-04-12 03:06:43 +02:00
Code Issues Projects Releases Packages Wiki Activity

fix(security): add csrf filter + prevent xss attacks by escaping user input

Browse source 
- update CI4 to v4.1.9's stable production package
- update php and js dependencies to latest
This commit is contained in:
Yassine Doghri 2022-03-04 14:33:48 +00:00
commit cd2e1e1dc3
182 changed files with 4410 additions and 4214 deletions
Download patch file Download diff file Expand all files Collapse all files

5
app/Controllers/PostController.php
View file

@ -87,7 +87,6 @@ class PostController extends FediversePostController
if (! ($cachedView = cache($cacheName))) {
$data = [
// @phpstan-ignore-next-line
'metatags' => get_post_metatags($this->post),
'post' => $this->post,
'podcast' => $this->podcast,
@ -98,6 +97,7 @@ class PostController extends FediversePostController
helper('form');
return view('post/post', $data);
}
return view('post/post', $data, [
'cache' => DECADE,
'cache_name' => $cacheName,
@ -111,7 +111,7 @@ class PostController extends FediversePostController
{
$rules = [
'message' => 'required|max_length[500]',
'episode_url' => 'valid_url|permit_empty',
'episode_url' => 'valid_url_strict|permit_empty',
];
if (! $this->validate($rules)) {
@ -246,7 +246,6 @@ class PostController extends FediversePostController
if (! ($cachedView = cache($cacheName))) {
$data = [
// @phpstan-ignore-next-line
'metatags' => get_remote_actions_metatags($this->post, $action),
'podcast' => $this->podcast,
'actor' => $this->actor,