From 4e5e02a979617253e536441a48a1e7d1dda3fbb0 Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Wed, 4 Dec 2024 06:38:45 -0800 Subject: [PATCH 01/14] Remove emoji symbols and pictographs from shortname Signed-off-by: Matt Friedman --- controller/manifest.php | 3 ++- event/listener.php | 3 ++- json/sanitizer.php | 15 +++++++++++++++ 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/controller/manifest.php b/controller/manifest.php index 26a42a0..f281813 100644 --- a/controller/manifest.php +++ b/controller/manifest.php @@ -15,6 +15,7 @@ use phpbb\language\language; use phpbb\path_helper; use phpbb\user; +use phpbb\webpushnotifications\json\sanitizer as json_sanitizer; use Symfony\Component\HttpFoundation\JsonResponse; use Symfony\Component\HttpFoundation\Response; @@ -65,7 +66,7 @@ public function handle(): JsonResponse $manifest = [ 'name' => $this->config['sitename'], - 'short_name' => $this->config['pwa_short_name'] ?: utf8_substr(preg_replace('/[^\x21-\x7E]/', '', html_entity_decode($this->config['sitename'], ENT_QUOTES, 'UTF-8')), 0, 12), + 'short_name' => $this->config['pwa_short_name'] ?: utf8_substr(preg_replace('/\s+/', '', json_sanitizer::strip_emoji($this->config['sitename'])), 0, 12), 'display' => 'standalone', 'orientation' => 'portrait', 'dir' => $this->language->lang('DIRECTION'), diff --git a/event/listener.php b/event/listener.php index 0f42528..4bccefa 100644 --- a/event/listener.php +++ b/event/listener.php @@ -18,6 +18,7 @@ use phpbb\template\template; use phpbb\user; use phpbb\webpushnotifications\form\form_helper; +use phpbb\webpushnotifications\json\sanitizer as json_sanitizer; use Symfony\Component\EventDispatcher\EventSubscriberInterface; /** @@ -353,6 +354,6 @@ protected function can_use_notifications() */ protected function get_shortname($name) { - return utf8_substr(preg_replace('/[^\x20-\x7E]/', '', $name), 0, 12); + return utf8_substr(preg_replace('/\s+/', '', json_sanitizer::strip_emoji($name)), 0, 12); } } diff --git a/json/sanitizer.php b/json/sanitizer.php index b8cd3b0..d08a233 100644 --- a/json/sanitizer.php +++ b/json/sanitizer.php @@ -51,4 +51,19 @@ public static function decode(string $json) : array $data = json_decode($json, true); return !empty($data) ? self::sanitize($data) : []; } + + /** + * Remove emoji from a string + * + * @param string $string + * @return string + */ + public static function strip_emoji(string $string) : string + { + return preg_replace( + '/[\x{1F000}-\x{1F9FF}]|[\x{2600}-\x{27FF}]/u', + '', + html_entity_decode($string, ENT_QUOTES, 'UTF-8') + ); + } } From 36fddbd77a3317e6d2adea44d8cc2ea6f1ba6921 Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Wed, 4 Dec 2024 07:13:34 -0800 Subject: [PATCH 02/14] Strengthen range of emoji characters Signed-off-by: Matt Friedman --- json/sanitizer.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/json/sanitizer.php b/json/sanitizer.php index d08a233..0169fcd 100644 --- a/json/sanitizer.php +++ b/json/sanitizer.php @@ -54,6 +54,10 @@ public static function decode(string $json) : array /** * Remove emoji from a string + * Basic emoji (U+1F300 to U+1F64F) + * Transport and map symbols (U+1F680 to U+1F6FF) + * Miscellaneous symbols and pictographs (U+1F300 to U+1F5FF) + * Additional emoji symbols (U+1F600 to U+1F64F) * * @param string $string * @return string @@ -61,7 +65,7 @@ public static function decode(string $json) : array public static function strip_emoji(string $string) : string { return preg_replace( - '/[\x{1F000}-\x{1F9FF}]|[\x{2600}-\x{27FF}]/u', + '/[\x{1F000}-\x{1F9FF}]|[\x{2600}-\x{27FF}]|[\x{1F300}-\x{1F64F}]|[\x{1F680}-\x{1F6FF}]/u', '', html_entity_decode($string, ENT_QUOTES, 'UTF-8') ); From 5a0c6c771058d45eed70bbad590fd53ee4d95cc0 Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Wed, 4 Dec 2024 07:14:21 -0800 Subject: [PATCH 03/14] Allow short name field to accept multibyte chars, just not emoji Signed-off-by: Matt Friedman --- event/listener.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/event/listener.php b/event/listener.php index 4bccefa..8934b4b 100644 --- a/event/listener.php +++ b/event/listener.php @@ -226,15 +226,15 @@ public function validate_pwa_options($event) $short_name = $event['cfg_array']['pwa_short_name']; - // Do not allow multibyte characters or emoji - if (strlen($short_name) !== mb_strlen($short_name, 'UTF-8')) + // Do not allow emoji + if (preg_match('/[\x{1F000}-\x{1F9FF}]|[\x{2600}-\x{27FF}]|[\x{1F300}-\x{1F64F}]|[\x{1F680}-\x{1F6FF}]|[\x{2700}-\x{27BF}]|[\x{FE00}-\x{FE0F}]/u', $short_name)) { $this->add_error($event, 'PWA_SHORT_NAME_INVALID'); return; } // Do not allow strings longer than 12 characters - if (strlen($short_name) > 12) + if (mb_strlen($short_name, 'UTF-8') > 12) { $this->add_error($event, 'PWA_SHORT_NAME_INVALID'); return; From a30a204d58ca5adf2fe0f0d05d43d82a78b8d718 Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Wed, 4 Dec 2024 07:22:39 -0800 Subject: [PATCH 04/14] Use emoji regex as constant Signed-off-by: Matt Friedman --- event/listener.php | 2 +- json/sanitizer.php | 13 ++++++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/event/listener.php b/event/listener.php index 8934b4b..1459250 100644 --- a/event/listener.php +++ b/event/listener.php @@ -227,7 +227,7 @@ public function validate_pwa_options($event) $short_name = $event['cfg_array']['pwa_short_name']; // Do not allow emoji - if (preg_match('/[\x{1F000}-\x{1F9FF}]|[\x{2600}-\x{27FF}]|[\x{1F300}-\x{1F64F}]|[\x{1F680}-\x{1F6FF}]|[\x{2700}-\x{27BF}]|[\x{FE00}-\x{FE0F}]/u', $short_name)) + if (preg_match(json_sanitizer::EMOJI_REGEX, $short_name)) { $this->add_error($event, 'PWA_SHORT_NAME_INVALID'); return; diff --git a/json/sanitizer.php b/json/sanitizer.php index 0169fcd..2ea9890 100644 --- a/json/sanitizer.php +++ b/json/sanitizer.php @@ -53,19 +53,26 @@ public static function decode(string $json) : array } /** - * Remove emoji from a string - * Basic emoji (U+1F300 to U+1F64F) + * regex for emoji + * Basic emoji (U+1F000 to U+1F9FF) * Transport and map symbols (U+1F680 to U+1F6FF) * Miscellaneous symbols and pictographs (U+1F300 to U+1F5FF) * Additional emoji symbols (U+1F600 to U+1F64F) * + * @var string + */ + public const EMOJI_REGEX = '/[\x{1F000}-\x{1F9FF}]|[\x{2600}-\x{27FF}]|[\x{1F300}-\x{1F64F}]|[\x{1F680}-\x{1F6FF}]|[\x{1F600}-\x{1F64F}]/u'; + + /** + * Remove emoji from a string + * * @param string $string * @return string */ public static function strip_emoji(string $string) : string { return preg_replace( - '/[\x{1F000}-\x{1F9FF}]|[\x{2600}-\x{27FF}]|[\x{1F300}-\x{1F64F}]|[\x{1F680}-\x{1F6FF}]/u', + self::EMOJI_REGEX, '', html_entity_decode($string, ENT_QUOTES, 'UTF-8') ); From d0a0cb7f568690813c5fdd0359d1fdfdcd3e8398 Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Wed, 4 Dec 2024 07:48:29 -0800 Subject: [PATCH 05/14] Allow emoji in manifest shortname Signed-off-by: Matt Friedman --- controller/manifest.php | 3 +-- event/listener.php | 10 +------ json/sanitizer.php | 26 ------------------- .../en/webpushnotifications_common_acp.php | 2 +- 4 files changed, 3 insertions(+), 38 deletions(-) diff --git a/controller/manifest.php b/controller/manifest.php index f281813..39c4576 100644 --- a/controller/manifest.php +++ b/controller/manifest.php @@ -15,7 +15,6 @@ use phpbb\language\language; use phpbb\path_helper; use phpbb\user; -use phpbb\webpushnotifications\json\sanitizer as json_sanitizer; use Symfony\Component\HttpFoundation\JsonResponse; use Symfony\Component\HttpFoundation\Response; @@ -66,7 +65,7 @@ public function handle(): JsonResponse $manifest = [ 'name' => $this->config['sitename'], - 'short_name' => $this->config['pwa_short_name'] ?: utf8_substr(preg_replace('/\s+/', '', json_sanitizer::strip_emoji($this->config['sitename'])), 0, 12), + 'short_name' => $this->config['pwa_short_name'] ?: utf8_substr(html_entity_decode($this->config['sitename'], ENT_QUOTES, 'UTF-8'), 0, 12), 'display' => 'standalone', 'orientation' => 'portrait', 'dir' => $this->language->lang('DIRECTION'), diff --git a/event/listener.php b/event/listener.php index 1459250..c602db1 100644 --- a/event/listener.php +++ b/event/listener.php @@ -18,7 +18,6 @@ use phpbb\template\template; use phpbb\user; use phpbb\webpushnotifications\form\form_helper; -use phpbb\webpushnotifications\json\sanitizer as json_sanitizer; use Symfony\Component\EventDispatcher\EventSubscriberInterface; /** @@ -226,13 +225,6 @@ public function validate_pwa_options($event) $short_name = $event['cfg_array']['pwa_short_name']; - // Do not allow emoji - if (preg_match(json_sanitizer::EMOJI_REGEX, $short_name)) - { - $this->add_error($event, 'PWA_SHORT_NAME_INVALID'); - return; - } - // Do not allow strings longer than 12 characters if (mb_strlen($short_name, 'UTF-8') > 12) { @@ -354,6 +346,6 @@ protected function can_use_notifications() */ protected function get_shortname($name) { - return utf8_substr(preg_replace('/\s+/', '', json_sanitizer::strip_emoji($name)), 0, 12); + return utf8_substr(html_entity_decode($name, ENT_QUOTES, 'UTF-8'), 0, 12); } } diff --git a/json/sanitizer.php b/json/sanitizer.php index 2ea9890..b8cd3b0 100644 --- a/json/sanitizer.php +++ b/json/sanitizer.php @@ -51,30 +51,4 @@ public static function decode(string $json) : array $data = json_decode($json, true); return !empty($data) ? self::sanitize($data) : []; } - - /** - * regex for emoji - * Basic emoji (U+1F000 to U+1F9FF) - * Transport and map symbols (U+1F680 to U+1F6FF) - * Miscellaneous symbols and pictographs (U+1F300 to U+1F5FF) - * Additional emoji symbols (U+1F600 to U+1F64F) - * - * @var string - */ - public const EMOJI_REGEX = '/[\x{1F000}-\x{1F9FF}]|[\x{2600}-\x{27FF}]|[\x{1F300}-\x{1F64F}]|[\x{1F680}-\x{1F6FF}]|[\x{1F600}-\x{1F64F}]/u'; - - /** - * Remove emoji from a string - * - * @param string $string - * @return string - */ - public static function strip_emoji(string $string) : string - { - return preg_replace( - self::EMOJI_REGEX, - '', - html_entity_decode($string, ENT_QUOTES, 'UTF-8') - ); - } } diff --git a/language/en/webpushnotifications_common_acp.php b/language/en/webpushnotifications_common_acp.php index 27aac0c..4e408ef 100644 --- a/language/en/webpushnotifications_common_acp.php +++ b/language/en/webpushnotifications_common_acp.php @@ -41,7 +41,7 @@ 'PWA_SETTINGS' => 'Progressive web application options', 'PWA_SHORT_NAME' => 'Short site name', 'PWA_SHORT_NAME_EXPLAIN' => 'Your site name in 12 characters or fewer, which may be used as a label for an icon on a mobile device’s home screen. (If this field is left empty, the first 12 characters of the Site name will be used.)', - 'PWA_SHORT_NAME_INVALID' => '“Short site name” contains illegal characters or exceeds the 12 character limit.', + 'PWA_SHORT_NAME_INVALID' => '“Short site name” exceeds the 12 character limit.', 'PWA_ICON_SMALL' => 'Small mobile device icon', 'PWA_ICON_SMALL_EXPLAIN' => 'File name of a 192px x 192px PNG image. This file must be uploaded to your board’s icons directory.', 'PWA_ICON_LARGE' => 'Large mobile device icon', From 7a461dd3fe0aeec531bdeb7ff2bf5a7f4b268d29 Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Wed, 4 Dec 2024 08:19:34 -0800 Subject: [PATCH 06/14] Allow emoji in short name to be saved to DB Signed-off-by: Matt Friedman --- event/listener.php | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/event/listener.php b/event/listener.php index c602db1..8db0155 100644 --- a/event/listener.php +++ b/event/listener.php @@ -85,6 +85,7 @@ public static function getSubscribedEvents() 'core.ucp_display_module_before' => 'load_language', 'core.acp_main_notice' => 'compatibility_notice', 'core.acp_board_config_edit_add' => 'acp_pwa_options', + 'core.acp_board_config_emoji_enabled'=> 'acp_pwa_allow_emoji', 'core.validate_config_variable' => 'validate_pwa_options', 'core.help_manager_add_block_after' => 'wpn_faq', ]; @@ -170,6 +171,24 @@ public function acp_pwa_options($event) } } + /** + * Allow PWA short name ACP field to accept emoji characters + * + * @param \phpbb\event\data $event + * @return void + */ + public function acp_pwa_allow_emoji($event) + { + if (in_array('pwa_short_name', $event['config_name_ary'], true)) + { + return; + } + + $config_name_ary = $event['config_name_ary']; + $config_name_ary[] = 'pwa_short_name'; + $event['config_name_ary'] = $config_name_ary; + } + /** * Return HTML for PWA icon name settings * @@ -223,7 +242,7 @@ public function validate_pwa_options($event) return; } - $short_name = $event['cfg_array']['pwa_short_name']; + $short_name = html_entity_decode($event['cfg_array']['pwa_short_name'], ENT_QUOTES, 'UTF-8'); // Do not allow strings longer than 12 characters if (mb_strlen($short_name, 'UTF-8') > 12) @@ -339,7 +358,7 @@ protected function can_use_notifications() } /** - * Get short name from a string (strip out multibyte characters and trim to 12 characters) + * Get short name from a string (decode any entities and trim to 12 characters) * * @param string $name * @return string 12 max characters string From 67cb0ab2b337312e227fb59e528621faeea07546 Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Wed, 4 Dec 2024 08:39:56 -0800 Subject: [PATCH 07/14] html decode configs with possible emojis for PWA Signed-off-by: Matt Friedman --- controller/manifest.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/controller/manifest.php b/controller/manifest.php index 39c4576..2625564 100644 --- a/controller/manifest.php +++ b/controller/manifest.php @@ -63,9 +63,13 @@ public function handle(): JsonResponse $board_path = $this->config['force_server_vars'] ? $this->config['script_path'] : $this->path_helper->get_web_root_path(); $board_url = generate_board_url(); + // Emoji fixer-uppers + $sitename = html_entity_decode($this->config['sitename'], ENT_QUOTES, 'UTF-8'); + $pwa_short_name = html_entity_decode($this->config['pwa_short_name'], ENT_QUOTES, 'UTF-8'); + $manifest = [ - 'name' => $this->config['sitename'], - 'short_name' => $this->config['pwa_short_name'] ?: utf8_substr(html_entity_decode($this->config['sitename'], ENT_QUOTES, 'UTF-8'), 0, 12), + 'name' => $sitename, + 'short_name' => $pwa_short_name ?: utf8_substr($sitename, 0, 12), 'display' => 'standalone', 'orientation' => 'portrait', 'dir' => $this->language->lang('DIRECTION'), From f5a43aa1b9c7dc094280fce0339dd406e6885056 Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Wed, 4 Dec 2024 09:32:22 -0800 Subject: [PATCH 08/14] Rename get_shortname to trim_shortname --- event/listener.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/event/listener.php b/event/listener.php index 8db0155..abc98b4 100644 --- a/event/listener.php +++ b/event/listener.php @@ -144,7 +144,7 @@ public function pwa_manifest() $this->template->assign_vars([ 'U_MANIFEST_URL' => $this->controller_helper->route('phpbb_webpushnotifications_manifest_controller'), 'U_TOUCH_ICON' => $this->config['pwa_icon_small'], - 'SHORT_SITE_NAME' => $this->config['pwa_short_name'] ?: $this->get_shortname($this->config['sitename']), + 'SHORT_SITE_NAME' => $this->config['pwa_short_name'] ?: $this->trim_shortname($this->config['sitename']), ]); } @@ -210,7 +210,7 @@ public function pwa_icon_name($value, $key) */ public function pwa_short_sitename($value, $key) { - $placeholder = $this->get_shortname($this->config['sitename']); + $placeholder = $this->trim_shortname($this->config['sitename']); return ''; } @@ -358,12 +358,12 @@ protected function can_use_notifications() } /** - * Get short name from a string (decode any entities and trim to 12 characters) + * Trim short name from a string to 12 characters * * @param string $name * @return string 12 max characters string */ - protected function get_shortname($name) + protected function trim_shortname($name) { return utf8_substr(html_entity_decode($name, ENT_QUOTES, 'UTF-8'), 0, 12); } From cdecbbdda94efe99aba96d6235746ce1d33e6f66 Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Wed, 4 Dec 2024 09:33:17 -0800 Subject: [PATCH 09/14] Extract decode entities into a method in the listener --- event/listener.php | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/event/listener.php b/event/listener.php index abc98b4..edd0d7b 100644 --- a/event/listener.php +++ b/event/listener.php @@ -210,7 +210,7 @@ public function pwa_icon_name($value, $key) */ public function pwa_short_sitename($value, $key) { - $placeholder = $this->trim_shortname($this->config['sitename']); + $placeholder = $this->trim_shortname($this->decode_entities($this->config['sitename'])); return ''; } @@ -242,7 +242,7 @@ public function validate_pwa_options($event) return; } - $short_name = html_entity_decode($event['cfg_array']['pwa_short_name'], ENT_QUOTES, 'UTF-8'); + $short_name = $this->decode_entities($event['cfg_array']['pwa_short_name']); // Do not allow strings longer than 12 characters if (mb_strlen($short_name, 'UTF-8') > 12) @@ -365,6 +365,17 @@ protected function can_use_notifications() */ protected function trim_shortname($name) { - return utf8_substr(html_entity_decode($name, ENT_QUOTES, 'UTF-8'), 0, 12); + return utf8_substr($name, 0, 12); + } + + /** + * Decode entities, used primarily to fix emoji for display + * + * @param $text + * @return string Decoded string + */ + protected function decode_entities($text) + { + return html_entity_decode($text, ENT_QUOTES, 'UTF-8'); } } From 8575f6f3d5fd07a5f2d8b2993f2b5b03ad2eb145 Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Wed, 4 Dec 2024 10:58:47 -0800 Subject: [PATCH 10/14] Fix tests --- tests/event/listener_test.php | 35 ++++++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/tests/event/listener_test.php b/tests/event/listener_test.php index 1bcb393..714d547 100644 --- a/tests/event/listener_test.php +++ b/tests/event/listener_test.php @@ -149,6 +149,7 @@ public function test_getSubscribedEvents() 'core.ucp_display_module_before', 'core.acp_main_notice', 'core.acp_board_config_edit_add', + 'core.acp_board_config_emoji_enabled', 'core.validate_config_variable', 'core.help_manager_add_block_after', ], array_keys(\phpbb\webpushnotifications\event\listener::getSubscribedEvents())); @@ -376,7 +377,6 @@ public function test_acp_pwa_options($mode, $display_vars, $expected_keys) $keys = array_keys($display_vars['vars']); self::assertEquals($expected_keys, $keys); - } public function validate_pwa_options_data() @@ -420,6 +420,21 @@ public function validate_pwa_options_data() [ 'pwa_options:string', ['pwa_short_name' => 'foo❤️'], + [], + ], + [ + 'pwa_options:string', + ['pwa_short_name' => 'Фаны phpBB'], + [], + ], + [ + 'pwa_options:string', + ['pwa_short_name' => 'Фаны phpBB Board'], + ['PWA_SHORT_NAME_INVALID'], + ], + [ + 'pwa_options:string', + ['pwa_short_name' => 'foo❤️bar foo bar'], ['PWA_SHORT_NAME_INVALID'], ], [ @@ -472,6 +487,24 @@ public function test_validate_pwa_options($validate, $cfg_array, $expected_error self::assertEquals($expected_error, $error); } + public function test_acp_pwa_allow_emoji() + { + $config_name_ary = ['foo']; + $expected = ['foo', 'pwa_short_name']; + + $this->set_listener(); + + $dispatcher = new \phpbb\event\dispatcher(); + $dispatcher->addListener('core.acp_board_config_emoji_enabled', [$this->listener, 'acp_pwa_allow_emoji']); + + $event_data = ['config_name_ary']; + $event_data_after = $dispatcher->trigger_event('core.acp_board_config_emoji_enabled', compact($event_data)); + + extract($event_data_after, EXTR_OVERWRITE); + + self::assertEquals($expected, $config_name_ary); + } + public function test_wpn_faq() { $this->language->add_lang('webpushnotifications_faq', 'phpbb/webpushnotifications'); From 638d338cd8cb7aa0e395f5dfeea1e0d95d6c0522 Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Wed, 4 Dec 2024 21:16:14 -0800 Subject: [PATCH 11/14] Use utf8 strlen --- event/listener.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/event/listener.php b/event/listener.php index edd0d7b..0f7af88 100644 --- a/event/listener.php +++ b/event/listener.php @@ -245,7 +245,7 @@ public function validate_pwa_options($event) $short_name = $this->decode_entities($event['cfg_array']['pwa_short_name']); // Do not allow strings longer than 12 characters - if (mb_strlen($short_name, 'UTF-8') > 12) + if (utf8_strlen($short_name) > 12) { $this->add_error($event, 'PWA_SHORT_NAME_INVALID'); return; From f22aba3fc343939295e3a2a1fbfafe55693b8a92 Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Thu, 5 Dec 2024 07:29:40 -0800 Subject: [PATCH 12/14] Fix quotes in html decode entities uses --- controller/manifest.php | 5 +++-- event/listener.php | 16 +++------------- ext.php | 13 +++++++++++++ ucp/controller/webpush.php | 5 +++-- 4 files changed, 22 insertions(+), 17 deletions(-) diff --git a/controller/manifest.php b/controller/manifest.php index 2625564..05058f8 100644 --- a/controller/manifest.php +++ b/controller/manifest.php @@ -15,6 +15,7 @@ use phpbb\language\language; use phpbb\path_helper; use phpbb\user; +use phpbb\webpushnotifications\ext; use Symfony\Component\HttpFoundation\JsonResponse; use Symfony\Component\HttpFoundation\Response; @@ -64,8 +65,8 @@ public function handle(): JsonResponse $board_url = generate_board_url(); // Emoji fixer-uppers - $sitename = html_entity_decode($this->config['sitename'], ENT_QUOTES, 'UTF-8'); - $pwa_short_name = html_entity_decode($this->config['pwa_short_name'], ENT_QUOTES, 'UTF-8'); + $sitename = ext::decode_entities($this->config['sitename'], ENT_QUOTES); + $pwa_short_name = ext::decode_entities($this->config['pwa_short_name'], ENT_QUOTES); $manifest = [ 'name' => $sitename, diff --git a/event/listener.php b/event/listener.php index 0f7af88..6aea0e5 100644 --- a/event/listener.php +++ b/event/listener.php @@ -17,6 +17,7 @@ use phpbb\notification\manager; use phpbb\template\template; use phpbb\user; +use phpbb\webpushnotifications\ext; use phpbb\webpushnotifications\form\form_helper; use Symfony\Component\EventDispatcher\EventSubscriberInterface; @@ -210,7 +211,7 @@ public function pwa_icon_name($value, $key) */ public function pwa_short_sitename($value, $key) { - $placeholder = $this->trim_shortname($this->decode_entities($this->config['sitename'])); + $placeholder = $this->trim_shortname(ext::decode_entities($this->config['sitename'])); return ''; } @@ -242,7 +243,7 @@ public function validate_pwa_options($event) return; } - $short_name = $this->decode_entities($event['cfg_array']['pwa_short_name']); + $short_name = ext::decode_entities($event['cfg_array']['pwa_short_name'], ENT_QUOTES); // Do not allow strings longer than 12 characters if (utf8_strlen($short_name) > 12) @@ -367,15 +368,4 @@ protected function trim_shortname($name) { return utf8_substr($name, 0, 12); } - - /** - * Decode entities, used primarily to fix emoji for display - * - * @param $text - * @return string Decoded string - */ - protected function decode_entities($text) - { - return html_entity_decode($text, ENT_QUOTES, 'UTF-8'); - } } diff --git a/ext.php b/ext.php index 2211923..bb19ddc 100644 --- a/ext.php +++ b/ext.php @@ -124,4 +124,17 @@ protected function result() return false; } + + /** + * Decode entities, used primarily to fix emoji for display + * + * @param string $text + * @param int $flags Uses ENT_NOQUOTES to leave single and double quotes encoded by default + * @param string $encoding + * @return string Decoded string + */ + public static function decode_entities($text, $flags = ENT_NOQUOTES, $encoding = 'UTF-8') + { + return html_entity_decode($text, $flags, $encoding); + } } diff --git a/ucp/controller/webpush.php b/ucp/controller/webpush.php index 08b3961..78f7d40 100644 --- a/ucp/controller/webpush.php +++ b/ucp/controller/webpush.php @@ -16,6 +16,7 @@ use phpbb\exception\http_exception; use phpbb\language\language; use phpbb\notification\manager; +use phpbb\webpushnotifications\ext; use phpbb\webpushnotifications\form\form_helper; use phpbb\webpushnotifications\json\sanitizer as json_sanitizer; use phpbb\path_helper; @@ -240,8 +241,8 @@ private function get_notification_data(string $notification_data): string return json_encode([ 'heading' => $this->config['sitename'], - 'title' => strip_tags(html_entity_decode($notification->get_title(), ENT_NOQUOTES, 'UTF-8')), - 'text' => strip_tags(html_entity_decode($notification->get_reference(), ENT_NOQUOTES, 'UTF-8')), + 'title' => strip_tags(ext::decode_entities($notification->get_title())), + 'text' => strip_tags(ext::decode_entities($notification->get_reference())), 'url' => htmlspecialchars_decode($notification->get_url()), 'avatar' => $this->prepare_avatar($notification->get_avatar()), ]); From 5562c033bbe24631666de96053274d4a39e3efa7 Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Thu, 5 Dec 2024 08:01:59 -0800 Subject: [PATCH 13/14] Fix trimming of site name with html entities --- event/listener.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/event/listener.php b/event/listener.php index 6aea0e5..982c65a 100644 --- a/event/listener.php +++ b/event/listener.php @@ -211,7 +211,7 @@ public function pwa_icon_name($value, $key) */ public function pwa_short_sitename($value, $key) { - $placeholder = $this->trim_shortname(ext::decode_entities($this->config['sitename'])); + $placeholder = $this->trim_shortname($this->config['sitename']); return ''; } @@ -366,6 +366,6 @@ protected function can_use_notifications() */ protected function trim_shortname($name) { - return utf8_substr($name, 0, 12); + return htmlspecialchars(utf8_substr(ext::decode_entities($name, ENT_QUOTES), 0, 12), ENT_QUOTES, 'UTF-8'); } } From dd44ba1483b0c83fd567bf461766c61989261892 Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Thu, 5 Dec 2024 08:10:02 -0800 Subject: [PATCH 14/14] Refactor trim method for readability --- event/listener.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/event/listener.php b/event/listener.php index 982c65a..43e90a1 100644 --- a/event/listener.php +++ b/event/listener.php @@ -366,6 +366,8 @@ protected function can_use_notifications() */ protected function trim_shortname($name) { - return htmlspecialchars(utf8_substr(ext::decode_entities($name, ENT_QUOTES), 0, 12), ENT_QUOTES, 'UTF-8'); + $decoded = ext::decode_entities($name, ENT_QUOTES); + $trimmed = utf8_substr($decoded, 0, 12); + return htmlspecialchars($trimmed, ENT_QUOTES, 'UTF-8'); } }