Revert "Forms: add input filtering for file paths to Validator class"

This reverts commit b2fd0a0.
GibbonEdu · May 19, 2024 · 527960e · 527960e
1 parent 0147918
commit 527960e
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 15 deletions.
diff --git a/src/Data/Validator.php b/src/Data/Validator.php
@@ -80,8 +80,8 @@ public function sanitize($input, $allowableTags = [], $utf8_encode = true)
 
         // Check allowable fields for URLs
         foreach ($allowableTags as $field => $value) {
-            if (is_string($value) && (strtoupper($value) == 'URL' || strtoupper($value) == 'PATH')) {
-                $urls[$field] = strtoupper($value) == 'URL';
+            if (is_string($value) && strtoupper($value) == 'URL') {
+                $urls[$field] = $field;
             }
         }
 
@@ -98,10 +98,10 @@ public function sanitize($input, $allowableTags = [], $utf8_encode = true)
                 $value = preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F]/', '', $value);
                 $value = preg_replace('/\\\\+0+/', '', $value);
 
-                if (isset($urls[$field])) {
+                if (!empty($urls[$field])) {
                     // Sanitize URL
-                    $value = $this->sanitizeUrl($value, $urls[$field]);
-                } elseif (isset($allowableTags[$field])) {
+                    $value = $this->sanitizeUrl($value);
+                } elseif (!empty($allowableTags[$field])) {
                     // Sanitize HTML
                     if (strtoupper($allowableTags[$field]) == 'RAW') {
                         $output[$field] = $value;
@@ -194,7 +194,7 @@ public function sanitizeRichText($value)
      * @param string $url
      * @return string
      */
-    public function sanitizeUrl($url, $protocol = true)
+    public function sanitizeUrl($url)
     {
         if ($url === '') return $url;
 
@@ -205,7 +205,7 @@ public function sanitizeUrl($url, $protocol = true)
         $url = str_replace("'", '&#039;', $url);
 
         // If there is no protocol, add a default one
-        if ($protocol && mb_stripos($url, '://') === false) {
+        if (mb_stripos($url, '://') === false) {
             $url = 'https://'.$url;
         }
 

diff --git a/src/Forms/Input/FileUpload.php b/src/Forms/Input/FileUpload.php
@@ -22,7 +22,6 @@
 namespace Gibbon\Forms\Input;
 
 use Gibbon\Services\Format;
-use Gibbon\Data\Validator;
 
 /**
  * TextField
@@ -197,14 +196,12 @@ protected function getElement()
 
             foreach ($this->attachments as $attachmentName => $attachmentPath) {
 
-                $attachmentPath = (new Validator(''))->sanitizeUrl($attachmentPath, false);
-
                 if (!empty($attachmentPath)) {
                     $output .= '<div class="input-box rounded-sm standardWidth">';
 
                     $output .= '<div class="inline-label">';
                     $output .= __('Current attachment:').'<br/>';
-                    $output .= '<a target="_blank" rel="noopener noreferrer" href="'.$this->absoluteURL.urlencode($attachmentPath).'">'.basename($attachmentPath).'</a>';
+                    $output .= '<a target="_blank" rel="noopener noreferrer" href="'.$this->absoluteURL.$attachmentPath.'">'.basename($attachmentPath).'</a>';
 
                     global $session;
                     $absolutePath = $session->get('absolutePath');
@@ -214,7 +211,7 @@ protected function getElement()
 
                     $output .= '</div>';
 
-                    $output .=  "<a download class='inline-button' href='".$this->absoluteURL.urlencode($attachmentPath)."'><img title='".__('Download')."' src='./themes/Default/img/download.png'/></a>";
+                    $output .=  "<a download class='inline-button' href='".$this->absoluteURL.$attachmentPath."'><img title='".__('Download')."' src='./themes/Default/img/download.png'/></a>";
 
                     if ($this->canDelete) {
                         $attachmentNameEscaped = str_replace(['[', ']'], ['\\\\[', '\\\\]'], $attachmentName);

diff --git a/src/Services/Format.php b/src/Services/Format.php
@@ -892,13 +892,13 @@ public static function photo($path, $size = 75, $class = 'inline-block shadow bg
 
         $path = (string) $path;
         if (preg_match('/^http[s]*/', $path)) {
-            return sprintf('<img class="%1$s" src="%2$s">', $class, urlencode($path));
+            return sprintf('<img class="%1$s" src="%2$s">', $class, $path);
         } else {
             if (empty($path) or file_exists(static::$settings['absolutePath'].'/'.$path) == false) {
                 $path = '/themes/'.static::$settings['gibbonThemeName'].'/img/anonymous_240_square.jpg';
             }
 
-            return sprintf('<img class="%1$s" src="%2$s">', $class, static::$settings['absoluteURL'].'/'.urlencode($path));
+            return sprintf('<img class="%1$s" src="%2$s">', $class, static::$settings['absoluteURL'].'/'.$path);
         }
     }
 
@@ -944,7 +944,7 @@ public static function userPhoto($path, $size = 75, $class = '')
             $path = '/themes/'.static::$settings['gibbonThemeName'].'/img/anonymous_'.$imageSize.'.jpg';
         }
 
-        return sprintf('<img class="%1$s" src="%2$s">', $class, static::$settings['absoluteURL'].'/'.urlencode($path));
+        return sprintf('<img class="%1$s" src="%2$s">', $class, static::$settings['absoluteURL'].'/'.$path);
     }
 
     /**