From 10588537b17696ac697b76f92e559ebbad873142 Mon Sep 17 00:00:00 2001
From: xiaomlove <i353856593@163.com>
Date: Tue, 27 Sep 2022 22:06:05 +0800
Subject: [PATCH] fix suggest xss + nfo view style default

---
 app/Models/Torrent.php             | 10 ++++++++--
 include/constants.php              |  2 +-
 include/functions.php              |  6 +++++-
 lang/chs/lang_settings.php         |  1 +
 lang/cht/lang_settings.php         |  1 +
 lang/en/lang_settings.php          |  1 +
 nexus/Install/settings.default.php |  1 +
 public/details.php                 |  4 ++--
 public/settings.php                | 14 +++++++++++++-
 public/torrents.php                |  2 +-
 public/viewnfo.php                 | 10 ++++++----
 11 files changed, 40 insertions(+), 12 deletions(-)

diff --git a/app/Models/Torrent.php b/app/Models/Torrent.php
index 49726ed1..5f259a8b 100644
--- a/app/Models/Torrent.php
+++ b/app/Models/Torrent.php
@@ -19,8 +19,6 @@ class Torrent extends NexusModel
         'times_completed', 'approval_status', 'banned', 'visible', 'pos_state_until',
     ];
 
-    private static $globalPromotionState;
-
     const VISIBLE_YES = 'yes';
     const VISIBLE_NO = 'no';
 
@@ -156,6 +154,14 @@ class Torrent extends NexusModel
         ],
     ];
 
+    const NFO_VIEW_STYLE_DOS = 'magic';
+    const NFO_VIEW_STYLE_WINDOWS = 'latin-1';
+
+    public static array $nfoViewStyles = [
+        self::NFO_VIEW_STYLE_DOS => ['text' => 'DOS-vy'],
+        self::NFO_VIEW_STYLE_WINDOWS => ['text' => 'Windows-vy'],
+    ];
+
     public function getPickInfoAttribute()
     {
         $info = self::$pickTypes[$this->picktype] ?? null;
diff --git a/include/constants.php b/include/constants.php
index 4bf2abdc..c16d9eb8 100644
--- a/include/constants.php
+++ b/include/constants.php
@@ -1,6 +1,6 @@
 <?php
 defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.7.28');
-defined('RELEASE_DATE') || define('RELEASE_DATE', '2022-09-26');
+defined('RELEASE_DATE') || define('RELEASE_DATE', '2022-09-27');
 defined('IN_TRACKER') || define('IN_TRACKER', false);
 defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP");
 defined('NEXUSPHPURL') || define("NEXUSPHPURL","https://nexusphp.org");
diff --git a/include/functions.php b/include/functions.php
index e3b80899..e7635662 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -3908,7 +3908,11 @@ function validusername($username)
 // Some Swedish Latin-1 letters collide with popular DOS glyphs. If these
 // characters are between ASCII-characters (a-zA-Z and more) they are
 // treated like the Swedish letters, otherwise like the DOS glyphs.
-function code($ibm_437, $swedishmagic = false) {
+function code($ibm_437, $view) {
+    $swedishmagic = false;
+    if ($view == "magic") {
+        $swedishmagic = true;
+    }
 $table437 = array("\200", "\201", "\202", "\203", "\204", "\205", "\206", "\207",
 "\210", "\211", "\212", "\213", "\214", "\215", "\216", "\217", "\220",
 "\221", "\222", "\223", "\224", "\225", "\226", "\227", "\230", "\231",
diff --git a/lang/chs/lang_settings.php b/lang/chs/lang_settings.php
index e87e3cc6..e79009f5 100644
--- a/lang/chs/lang_settings.php
+++ b/lang/chs/lang_settings.php
@@ -790,6 +790,7 @@ $lang_settings = array
     'text_zero_bonus_tag_note' => '。带此标签的种子为零魔种子',
     'row_upload_deny_approval_deny_count' => '拒绝发布审核不通过数',
     'text_upload_deny_approval_deny_count_note' => "当审核不通过的种子数大于等于此数值时，不允许发布。设置为 '0' 不使用此规则",
+    'row_nfo_view_style_default' => 'NFO 默认查看样式',
 );
 
 ?>
diff --git a/lang/cht/lang_settings.php b/lang/cht/lang_settings.php
index e0190c52..ee0df495 100644
--- a/lang/cht/lang_settings.php
+++ b/lang/cht/lang_settings.php
@@ -790,6 +790,7 @@ $lang_settings = array
     'text_zero_bonus_tag_note' => '。帶此標簽的種子為零魔種子',
     'row_upload_deny_approval_deny_count' => '拒絕發布審核不通過數',
     'text_upload_deny_approval_deny_count_note' => "當審核不通過的種子數大於等於此數值時，不允許發布。設置為 '0' 不使用此規則",
+    'row_nfo_view_style_default' => 'NFO 默認查看樣式',
 );
 
 ?>
diff --git a/lang/en/lang_settings.php b/lang/en/lang_settings.php
index d83efd55..10168383 100644
--- a/lang/en/lang_settings.php
+++ b/lang/en/lang_settings.php
@@ -790,6 +790,7 @@ $lang_settings = array
     'text_zero_bonus_tag_note' => '. Torrents with this tag are zero bonus torrents',
     'row_upload_deny_approval_deny_count' => 'Refuse to upload approval deny count',
     'text_upload_deny_approval_deny_count_note' => "When the number of torrents approval deny is greater than or equal to this value, publishing is not allowed. Set to '0' to not use this rule",
+    'row_nfo_view_style_default' => 'NFO view style default',
 );
 
 ?>
diff --git a/nexus/Install/settings.default.php b/nexus/Install/settings.default.php
index 1b45c121..99330be6 100644
--- a/nexus/Install/settings.default.php
+++ b/nexus/Install/settings.default.php
@@ -347,6 +347,7 @@ return array (
       'claim_reach_standard_uploaded' => \App\Models\Claim::STANDARD_UPLOADED_TIMES,
       'approval_status_icon_enabled' => 'no',
       'approval_status_none_visible' => 'yes',
+      'nfo_view_style_default' => \App\Models\Torrent::NFO_VIEW_STYLE_DOS,
   ),
   'attachment' =>
   array (
diff --git a/public/details.php b/public/details.php
index 5ed0672c..9aa204f6 100644
--- a/public/details.php
+++ b/public/details.php
@@ -300,10 +300,10 @@ JS;
 
 		if (user_can('viewnfo') && $CURUSER['shownfo'] != 'no' && $row["nfosz"] > 0){
 			if (!$nfo = $Cache->get_value('nfo_block_torrent_id_'.$id)){
-				$nfo = code($row["nfo"], $view == "magic");
+				$nfo = code($row["nfo"], get_setting('torrent.nfo_view_style_default'));
 				$Cache->cache_value('nfo_block_torrent_id_'.$id, $nfo, 604800);
 			}
-			tr("<a href=\"javascript: klappe_news('nfo')\"><img class=\"plus\" src=\"pic/trans.gif\" alt=\"Show/Hide\" id=\"picnfo\" title=\"".$lang_details['title_show_or_hide']."\" /> ".$lang_details['text_nfo']."</a><br /><a href=\"viewnfo.php?id=".$row['id']."\" class=\"sublink\">". $lang_details['text_view_nfo']. "</a>", "<div id='knfo' style=\"display: none;\"><pre style=\"font-size:10pt; font-family: 'Courier New', monospace;\">".$nfo."</pre></div>\n", 1);
+			tr("<a href=\"javascript: klappe_news('nfo')\"><img class=\"plus\" src=\"pic/trans.gif\" alt=\"Show/Hide\" id=\"picnfo\" title=\"".$lang_details['title_show_or_hide']."\" /> ".$lang_details['text_nfo']."</a><br /><a href=\"viewnfo.php?id=".$row['id']."\" class=\"sublink\">". $lang_details['text_view_nfo']. "</a>", "<div id='knfo' style=\"display: none;\"><pre style=\"font-size:10pt; font-family: 'Courier New', monospace;white-space: break-spaces\">".$nfo."</pre></div>\n", 1);
 		}
 
 	if ($imdb_id && $showextinfo['imdb'] == 'yes' && $CURUSER['showimdb'] != 'no')
diff --git a/public/settings.php b/public/settings.php
index 453dc372..7b70aa36 100644
--- a/public/settings.php
+++ b/public/settings.php
@@ -156,7 +156,8 @@ elseif($action == 'savesettings_torrent') 	// save account
         'twoupbecome','twoupfreebecome', 'twouphalfleechbecome','normalbecome','uploaderdouble','deldeadtorrent', 'randomthirtypercentdown',
         'thirtypercentleechbecome', 'expirethirtypercentleech', 'sticky_first_level_background_color', 'sticky_second_level_background_color',
         'download_support_passkey', 'claim_enabled', 'claim_torrent_ttl', 'claim_torrent_user_counts_up_limit', 'claim_user_torrent_counts_up_limit', 'claim_remove_deduct_user_bonus',
-        'claim_give_up_deduct_user_bonus', 'claim_bonus_multiplier', 'claim_reach_standard_seed_time', 'claim_reach_standard_uploaded', 'approval_status_icon_enabled', 'approval_status_none_visible'
+        'claim_give_up_deduct_user_bonus', 'claim_bonus_multiplier', 'claim_reach_standard_seed_time', 'claim_reach_standard_uploaded', 'approval_status_icon_enabled', 'approval_status_none_visible',
+        'nfo_view_style_default',
     );
 	$validConfig = apply_filter('setting_valid_config', $validConfig);
 	GetVar($validConfig);
@@ -710,6 +711,17 @@ elseif ($action == 'torrentsettings')
     yesorno($lang_settings['row_download_support_passkey'], 'download_support_passkey', $TORRENT["download_support_passkey"], $lang_settings['text_download_support_passkey_note']);
     yesorno($lang_settings['row_approval_status_icon_enabled'], 'approval_status_icon_enabled', $TORRENT["approval_status_icon_enabled"], $lang_settings['text_approval_status_icon_enabled_note']);
     yesorno($lang_settings['row_approval_status_none_visible'], 'approval_status_none_visible', $TORRENT["approval_status_none_visible"], $lang_settings['text_approval_status_none_visible_note']);
+
+    $nfoViewStyleRadio = '';
+    $name = 'nfo_view_style_default';
+    foreach (\App\Models\Torrent::$nfoViewStyles as $style => $info) {
+        $nfoViewStyleRadio .= sprintf(
+            '<label><input type="radio" name="%s" value="%s"%s>%s</label>',
+            $name, $style, $TORRENT[$name] == $style ? ' checked' : '', $info['text']
+        );
+    }
+    tr($lang_settings['row_' . $name], $nfoViewStyleRadio, 1);
+
     yesorno($lang_settings['row_promotion_rules'], 'prorules', $TORRENT["prorules"], $lang_settings['text_promotion_rules_note']);
 	tr($lang_settings['row_random_promotion'], $lang_settings['text_random_promotion_note_one']."<ul><li><input type='text' style=\"width: 50px\" name=randomhalfleech value='".(isset($TORRENT["randomhalfleech"]) ? $TORRENT["randomhalfleech"] : 5 )."'>".$lang_settings['text_halfleech_chance_becoming']."</li><li><input type='text' style=\"width: 50px\" name=randomfree value='".(isset($TORRENT["randomfree"]) ? $TORRENT["randomfree"] : 2 )."'>".$lang_settings['text_free_chance_becoming']."</li><li><input type='text' style=\"width: 50px\" name=randomtwoup value='".(isset($TORRENT["randomtwoup"]) ? $TORRENT["randomtwoup"] : 2 )."'>".$lang_settings['text_twoup_chance_becoming']."</li><li><input type='text' style=\"width: 50px\" name=randomtwoupfree value='".(isset($TORRENT["randomtwoupfree"]) ? $TORRENT["randomtwoupfree"] : 1 )."'>".$lang_settings['text_freetwoup_chance_becoming']."</li><li><input type='text' style=\"width: 50px\" name=randomtwouphalfdown value='".(isset($TORRENT["randomtwouphalfdown"]) ? $TORRENT["randomtwouphalfdown"] : 0 )."'>".$lang_settings['text_twouphalfleech_chance_becoming']."</li><li><input type='text' style=\"width: 50px\" name=randomthirtypercentdown value='".(isset($TORRENT["randomthirtypercentdown"]) ? $TORRENT["randomthirtypercentdown"] : 0 )."'>".$lang_settings['text_thirtypercentleech_chance_becoming']."</li></ul>".$lang_settings['text_random_promotion_note_two'], 1);
 	tr($lang_settings['row_large_torrent_promotion'], $lang_settings['text_torrent_larger_than']."<input type='text' style=\"width: 50px\" name=largesize value='".(isset($TORRENT["largesize"]) ? $TORRENT["largesize"] : 20 )."'>".$lang_settings['text_gb_promoted_to']."<select name=largepro>".promotion_selection((isset($TORRENT['largepro']) ? $TORRENT['largepro'] : 2), 1)."</select>".$lang_settings['text_by_system_upon_uploading']."<br />".$lang_settings['text_large_torrent_promotion_note'], 1);
diff --git a/public/torrents.php b/public/torrents.php
index d83b43fe..4ab1e8b7 100644
--- a/public/torrents.php
+++ b/public/torrents.php
@@ -1129,7 +1129,7 @@ if (!$Cache->get_page()){
 	$hotsearch = "";
 	while ($searchrow = mysql_fetch_assoc($searchres))
 	{
-		$hotsearch .= "<a href=\"".htmlspecialchars("?search=" . rawurlencode($searchrow["keywords"]) . "&notnewword=1")."\"><u>" . $searchrow["keywords"] . "</u></a>&nbsp;&nbsp;";
+		$hotsearch .= "<a href=\"".htmlspecialchars("?search=" . rawurlencode($searchrow["keywords"]) . "&notnewword=1")."\"><u>" . htmlspecialchars($searchrow["keywords"]) . "</u></a>&nbsp;&nbsp;";
 		$hotcount += mb_strlen($searchrow["keywords"],"UTF-8");
 		if ($hotcount > 60)
 			break;
diff --git a/public/viewnfo.php b/public/viewnfo.php
index c63fcd91..9efee758 100644
--- a/public/viewnfo.php
+++ b/public/viewnfo.php
@@ -27,12 +27,14 @@ if ($view == "latin-1" || $view == "fonthack") {
 // Do not convert from ibm-437, read bytes as is.
 // NOTICE: TBSource specifies Latin-1 encoding in include/bittorrent.php:
 // stdhead()
-$nfo = htmlspecialchars(($a["nfo"]));
+//$nfo = htmlspecialchars(($a["nfo"]));
+$nfo = code($a["nfo"], $view);
 }
 else {
 // Convert from ibm-437 to html unicode entities.
 // take special care of Swedish letters if in magic view.
-$nfo = code($a["nfo"], $view == "magic");
+//$nfo = code($a["nfo"], $view == "magic");
+$nfo = code($a["nfo"], $view);
 }
 
 stdhead($lang_viewnfo['head_view_nfo']);
@@ -65,14 +67,14 @@ if ($view == "fonthack") {
 // Please notice: MS LineDraw's glyphs are included in the Courier New font
 // as of Courier New version 2.0, but uses the correct mappings instead.
 // http://support.microsoft.com/kb/q179422/
-print("<pre style=\"font-size:10pt; font-family: 'MS LineDraw', 'Terminal', monospace;\">");
+print("<pre style=\"font-size:10pt; font-family: 'MS LineDraw', 'Terminal', monospace;white-space: break-spaces\">");
 }
 else {
 // IE6.0 need to know which font to use, Mozilla can figure it out in its own
 // (windows firefox at least)
 // Anything else than 'Courier New' looks pretty broken.
 // 'Lucida Console', 'FixedSys'
-print("<pre style=\"font-size:10pt; font-family: 'Courier New', monospace;\">");
+print("<pre style=\"font-size:10pt; font-family: 'Courier New', monospace;white-space: break-spaces\">");
 }
 // Writes the (eventually modified) nfo data to output, first formating urls.
 print(format_urls($nfo));