TheRON/core
1
0
Fork 0
mirror of https://framagit.org/hubzilla/core.git synced 2026-06-21 00:52:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix missing return from translate_scope function

Browse Source 
Also make sure the output is escaped wherever this function is used.
This commit is contained in:
Harald Eilertsen
2025-09-10 18:34:34 +02:00
parent 330c8ca890
commit b31123ae2f
4 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Zotlabs/Module/Lockview.php
View File

@@ -110,7 +110,7 @@ class Lockview extends Controller {
// as unknown specific recipients. The sender will have the visibility list and will fall through to the
// next section.
echo '<div class="dropdown-item-text">' . translate_scope((!$item['public_policy']) ? 'specific' : $item['public_policy']) . '</div>';
echo '<div class="dropdown-item-text">' . escape_tags(translate_scope((!$item['public_policy']) ? 'specific' : $item['public_policy'])) . '</div>';
killme();
}

2
Zotlabs/Module/Profiles.php
View File

@@ -841,7 +841,7 @@ class Profiles extends \Zotlabs\Web\Controller {
'$alt' => t('Profile Image'),
'$profile_name' => $rr['profile_name'],
'$visible' => (($rr['is_default'])
? '<strong>' . translate_scope(map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_profile'))) . '</strong>'
? '<strong>' . escape_tags(translate_scope(map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_profile')))) . '</strong>'
: '<a href="' . z_root() . '/profperm/' . $rr['id'] . '" />' . t('Edit visibility') . '</a>')
));
}

5
include/items.php
View File

@@ -1272,7 +1272,7 @@ function map_scope($scope, $strip = false) {
* @param string $scope
* @return string translated string describing the scope
*/
function translate_scope($scope) {
function translate_scope($scope): string {
if(! $scope || $scope === 'public')
return t('Visible to anybody on the internet.');
if(strpos($scope,'self') === 0)
@@ -1289,6 +1289,9 @@ function translate_scope($scope) {
return t('Visible to approved connections.');
if(strpos($scope,'specific') === 0)
return t('Visible to specific connections.');
// Fall through and return untranslated scope
return $scope;
}
/**

2
view/tpl/profile_edit.tpl
View File

@@ -42,7 +42,7 @@
<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
{{if $is_default}}
<div class="section-content-info-wrapper">{{$default}}</div>
<div class="section-content-info-wrapper">{{$default | escape:'html'}}</div>
{{/if}}
<div class="panel-group" id="profile-edit-wrapper" role="tablist" aria-multiselectable="true">