lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-14 12:30:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

migrate custom field management to filament

Browse Source 
fix xss
This commit is contained in:
NekoCH
2025-12-28 22:36:52 +08:00
parent f18fa80eac
commit 00ec3d5e8d
11 changed files with 235 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
nexus/Field/Field.php
View File

@@ -55,14 +55,13 @@ class Field
public function getTypeHuman($type)
{
global $lang_fields;
$map = [
self::TYPE_TEXT => $lang_fields['field_type_text'],
self::TYPE_TEXTAREA => $lang_fields['field_type_textarea'],
self::TYPE_RADIO => $lang_fields['field_type_radio'],
self::TYPE_CHECKBOX => $lang_fields['field_type_checkbox'],
self::TYPE_SELECT => $lang_fields['field_type_select'],
self::TYPE_IMAGE => $lang_fields['field_type_image'],
self::TYPE_TEXT => nexus_trans('field.type.text'),
self::TYPE_TEXTAREA => nexus_trans('field.type.textarea'),
self::TYPE_RADIO => nexus_trans('field.type.radio'),
self::TYPE_CHECKBOX => nexus_trans('field.type.checkbox'),
self::TYPE_SELECT => nexus_trans('field.type.select'),
self::TYPE_IMAGE => nexus_trans('field.type.image'),
];
return $map[$type] ?? '';
}
@@ -439,7 +438,7 @@ JS;
$customFieldDisplay = $field['display'];
$customFieldDisplay = str_replace("<%{$field['name']}.label%>", $field['label'], $customFieldDisplay);
$customFieldDisplay = str_replace("<%{$field['name']}.value%>", $contentNotFormatted, $customFieldDisplay);
$rowByRowHtml .= tr($field['label'], format_comment($customFieldDisplay, false), 1);
$rowByRowHtml .= tr($field['label'], format_comment($customFieldDisplay), 1);
} else {
$contentFormatted = $this->formatCustomFieldValue($field, true);
$rowByRowHtml .= tr($field['label'], $contentFormatted, 1);
@@ -463,13 +462,13 @@ JS;
switch ($customFieldWithValue['type']) {
case self::TYPE_TEXT:
case self::TYPE_TEXTAREA:
$result .= $doFormatComment ? format_comment($fieldValue, false) : $fieldValue;
$result .= $doFormatComment ? format_comment($fieldValue) : $fieldValue;
break;
case self::TYPE_IMAGE:
if (substr($fieldValue, 0, 4) == 'http') {
$result .= $doFormatComment ? formatImg($fieldValue, true, 700, 0, "attach{$customFieldWithValue['id']}") : $fieldValue;
} else {
$result .= $doFormatComment ? format_comment($fieldValue, false) : $fieldValue;
$result .= $doFormatComment ? format_comment($fieldValue) : $fieldValue;
}
break;
case self::TYPE_RADIO: