Sanitize theme path items
- Sanitize theme style/color/scheme path items
This commit is contained in:
parent
6aac84dc8e
commit
b529c03a20
9 changed files with 65 additions and 50 deletions
|
|
@ -2,7 +2,7 @@
|
|||
### A bootstrap based theme for friendica
|
||||
This Theme was started as an experiment to give the user a good looking and modern theme for friendica.
|
||||
|
||||
I conentrated on 3 topics:
|
||||
I concentrated on 3 topics:
|
||||
|
||||
1. A Modern, mobile friendly UI with bootstrap and awesome font
|
||||
2. Try to get a new UX for friendica (e.g. use modals where it seems to be useful)
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@
|
|||
*/
|
||||
|
||||
use Friendica\Core\PConfig;
|
||||
use Friendica\Util\Strings;
|
||||
|
||||
function get_scheme_info($scheme)
|
||||
{
|
||||
|
|
@ -28,6 +29,8 @@ function get_scheme_info($scheme)
|
|||
$scheme = PConfig::get(local_user(), 'frio', 'scheme', PConfig::get(local_user(), 'frio', 'schema'));
|
||||
}
|
||||
|
||||
$scheme = Strings::sanitizeFilePathItem($scheme);
|
||||
|
||||
$info = [
|
||||
'name' => $scheme,
|
||||
'description' => '',
|
||||
|
|
|
|||
|
|
@ -5,9 +5,11 @@
|
|||
|
||||
use Friendica\Core\Config;
|
||||
use Friendica\Core\PConfig;
|
||||
use Friendica\Util\Strings;
|
||||
|
||||
require_once 'view/theme/frio/php/PHPColors/Color.php';
|
||||
|
||||
$scheme = '';
|
||||
$schemecss = '';
|
||||
$schemecssfile = false;
|
||||
$scheme_modified = 0;
|
||||
|
|
@ -67,9 +69,7 @@ if (!empty($_REQUEST['scheme'])) {
|
|||
$scheme = $_REQUEST['scheme'];
|
||||
}
|
||||
|
||||
// Sanitize the data.
|
||||
$scheme = !empty($scheme) ? basename($scheme) : '';
|
||||
|
||||
$scheme = Strings::sanitizeFilePathItem($scheme);
|
||||
|
||||
if (($scheme) && ($scheme != '---')) {
|
||||
if (file_exists('view/theme/frio/scheme/' . $scheme . '.php')) {
|
||||
|
|
|
|||
|
|
@ -26,6 +26,8 @@ if ($quattro_align === false) {
|
|||
$quattro_align = $site_quattro_align;
|
||||
}
|
||||
|
||||
$color = \Friendica\Util\Strings::sanitizeFilePathItem($color);
|
||||
|
||||
if (file_exists("$THEMEPATH/$color/style.css")) {
|
||||
echo file_get_contents("$THEMEPATH/$color/style.css");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,8 @@ if (empty($style)) {
|
|||
$stylecss = '';
|
||||
$modified = '';
|
||||
|
||||
$style = \Friendica\Util\Strings::sanitizeFilePathItem($style);
|
||||
|
||||
foreach (['style', $style] as $file) {
|
||||
$stylecssfile = $THEMEPATH . DIRECTORY_SEPARATOR . $file .'.css';
|
||||
if (file_exists($stylecssfile)) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue