diff options
| author | Matthieu Aubry <mattab@users.noreply.github.com> | 2018-03-23 06:53:39 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-03-23 06:53:39 +0300 |
| commit | ab3272e35e4ffc953fff93c5ea34a824c17af3dd (patch) | |
| tree | 037b8ffe42044809dcd0d4193308fa6f6779cc26 | |
| parent | 9e4853d70b87fcdd0965d1cbde65491514b88dc9 (diff) | |
Opt-out iframe customiser: accept " character in fontFamily (#12494)
| -rw-r--r-- | plugins/CoreAdminHome/OptOutManager.php | 10 | ||||
| -rw-r--r-- | plugins/PrivacyManager/angularjs/opt-out-customizer/opt-out-customizer.controller.js | 2 |
2 files changed, 6 insertions, 6 deletions
diff --git a/plugins/CoreAdminHome/OptOutManager.php b/plugins/CoreAdminHome/OptOutManager.php index c52a95e8dd..d7829e9962 100644 --- a/plugins/CoreAdminHome/OptOutManager.php +++ b/plugins/CoreAdminHome/OptOutManager.php @@ -219,10 +219,10 @@ class OptOutManager private function optOutStyling() { - $cssfontsize = Common::getRequestVar('fontSize', false, 'string'); - $cssfontcolour = Common::getRequestVar('fontColor', false, 'string'); - $cssfontfamily = Common::getRequestVar('fontFamily', false, 'string'); - $cssbackgroundcolor = Common::getRequestVar('backgroundColor', false, 'string'); + $cssfontsize = Common::unsanitizeInputValue(Common::getRequestVar('fontSize', false, 'string')); + $cssfontcolour = Common::unsanitizeInputValue(Common::getRequestVar('fontColor', false, 'string')); + $cssfontfamily = Common::unsanitizeInputValue(Common::getRequestVar('fontFamily', false, 'string')); + $cssbackgroundcolor = Common::unsanitizeInputValue(Common::getRequestVar('backgroundColor', false, 'string')); $cssbody = 'body { '; $hexstrings = array( @@ -241,7 +241,7 @@ class OptOutManager throw new \Exception("The URL parameter fontSize value of '$cssfontsize' is not valid. Expected value is for example '15pt', '1.2em' or '13px'.\n"); } - if ($cssfontfamily && (preg_match("/^[a-zA-Z-\ ,]+$/", $cssfontfamily))) { + if ($cssfontfamily && (preg_match('/^[a-zA-Z-\ ,\'"]+$/', $cssfontfamily))) { $cssbody .= 'font-family: ' . $cssfontfamily . '; '; } else if ($cssfontfamily) { throw new \Exception("The URL parameter fontFamily value of '$cssfontfamily' is not valid. Expected value is for example 'sans-serif' or 'Monaco, monospace'.\n"); diff --git a/plugins/PrivacyManager/angularjs/opt-out-customizer/opt-out-customizer.controller.js b/plugins/PrivacyManager/angularjs/opt-out-customizer/opt-out-customizer.controller.js index aa8f97b18b..9bc4a6f32f 100644 --- a/plugins/PrivacyManager/angularjs/opt-out-customizer/opt-out-customizer.controller.js +++ b/plugins/PrivacyManager/angularjs/opt-out-customizer/opt-out-customizer.controller.js @@ -29,7 +29,7 @@ }; vm.onUpdate = function () { if (vm.piwikurl) { - var value = vm.piwikurl + "index.php?module=CoreAdminHome&action=optOut&language=" + vm.language + "&backgroundColor=" + vm.backgroundColor.substr(1) + "&fontColor=" + vm.fontColor.substr(1) + "&fontSize=" + vm.fontSizeWithUnit + "&fontFamily=" + vm.fontFamily; + var value = vm.piwikurl + "index.php?module=CoreAdminHome&action=optOut&language=" + vm.language + "&backgroundColor=" + vm.backgroundColor.substr(1) + "&fontColor=" + vm.fontColor.substr(1) + "&fontSize=" + vm.fontSizeWithUnit + "&fontFamily=" + encodeURIComponent(vm.fontFamily); var isAnimationAlreadyRunning = $('.optOutCustomizer pre').queue('fx').length > 0; if (value !== vm.iframeUrl && !isAnimationAlreadyRunning) { $('.optOutCustomizer pre').effect("highlight", {}, 1500); |