Use htmlspecialchars on HTML inputs to format

This commit is contained in:
Joshua Ramon Enslin 2022-02-05 02:43:35 +01:00
parent cfcae5fb2b
commit 942de26411
Signed by: jrenslin
GPG Key ID: 46016F84501B70AE

View File

@ -52,12 +52,12 @@ final class MDMailFormat {
$input = trim($input);
$this->_msg_html .= "<h1 style='" . self::CSS_H1 . "'>";
$this->_msg_html .= "<h1 style='" . htmlspecialchars(self::CSS_H1) . "'>";
if ($this->use_logo === true) {
$this->_msg_html .= "<img style='" . self::CSS_LOGO . "' src=\"cid:mdlogo\" alt='' />";
$this->_msg_html .= "<img style='" . htmlspecialchars(self::CSS_LOGO) . "' src=\"cid:mdlogo\" alt='' />";
}
$this->_msg_html .= "<span style='" . self::CSS_H1_SPAN . "'>" . nl2br($input) . "</span></h1>";
$this->_msg_plain .= "{$input}
$this->_msg_html .= "<span style='" . htmlspecialchars(self::CSS_H1_SPAN) . "'>" . nl2br(htmlspecialchars($input)) . "</span></h1>";
$this->_msg_plain .= $input . "
===================
";
@ -74,8 +74,8 @@ final class MDMailFormat {
$input = trim($input);
$this->_msg_html .= "<h2 style='" . self::CSS_H2 . "'>" . nl2br($input) . "</h2>";
$this->_msg_plain .= "{$input}
$this->_msg_html .= "<h2 style='" . htmlspecialchars(self::CSS_H2) . "'>" . nl2br(htmlspecialchars($input)) . "</h2>";
$this->_msg_plain .= $input . "
-------------------
";
@ -92,10 +92,8 @@ final class MDMailFormat {
$input = trim($input);
$this->_msg_html .= "<p style='" . self::CSS_P . "'>" . nl2br($input) . "</p>";
$this->_msg_plain .= "
{$input}
";
$this->_msg_html .= "<p style='" . htmlspecialchars(self::CSS_P) . "'>" . nl2br(htmlspecialchars($input)) . "</p>";
$this->_msg_plain .= PHP_EOL . $input . PHP_EOL;
}
@ -111,10 +109,8 @@ final class MDMailFormat {
$input = trim($input);
$this->_msg_html .= "<a style='" . self::CSS_A_BUTTONLIKE . "' class='buttonLike' href='" . $href . "'>" . nl2br($input) . "</a>";
$this->_msg_plain .= "
{$input}: {$href}
";
$this->_msg_html .= "<a style='" . htmlspecialchars(self::CSS_A_BUTTONLIKE) . "' class='buttonLike' href='" . htmlspecialchars($href) . "'>" . nl2br(htmlspecialchars($input)) . "</a>";
$this->_msg_plain .= PHP_EOL . $input . ": " . $href . PHP_EOL;
}
@ -130,8 +126,8 @@ final class MDMailFormat {
$input = trim($input);
$this->_msg_html .= "<a style='" . self::CSS_A_NORMAL . "' href='" . $href . "'>" . nl2br($input) . "</a>";
$this->_msg_plain .= "{$input}: {$href}";
$this->_msg_html .= "<a style='" . htmlspecialchars(self::CSS_A_NORMAL) . "' href='" . htmlspecialchars($href) . "'>" . nl2br(htmlspecialchars($input)) . "</a>";
$this->_msg_plain .= $input . ": " . $href;
}
@ -141,7 +137,7 @@ final class MDMailFormat {
* @return void
*/
public function startUl():void {
$this->_msg_html .= "<ul style='" . self::CSS_UL . "'>";
$this->_msg_html .= "<ul style='" . htmlspecialchars(self::CSS_UL) . "'>";
$this->_msg_plain .= PHP_EOL;
}
@ -163,7 +159,7 @@ final class MDMailFormat {
* @return void
*/
public function startOl():void {
$this->_msg_html .= "<ol style='" . self::CSS_OL . "'>";
$this->_msg_html .= "<ol style='" . htmlspecialchars(self::CSS_OL) . "'>";
$this->_msg_plain .= PHP_EOL;
}
@ -190,7 +186,7 @@ final class MDMailFormat {
$input = trim($input);
$this->_msg_html .= "<li>{$input}</li>";
$this->_msg_html .= "<li>" . htmlspecialchars($input) . "</li>";
$this->_msg_plain .= PHP_EOL . "- {$input}";
}
@ -235,7 +231,7 @@ final class MDMailFormat {
* @return void
*/
public function appendHr():void {
$this->_msg_html .= "<hr style='" . self::CSS_HR . "' />";
$this->_msg_html .= "<hr style='" . htmlspecialchars(self::CSS_HR) . "' />";
$this->_msg_plain .= PHP_EOL . "----------" . PHP_EOL;
}
@ -249,7 +245,7 @@ final class MDMailFormat {
*/
public function appendInlineText(string $input):void {
$input = trim($input);
$this->_msg_html .= $input . " ";
$this->_msg_html .= htmlspecialchars($input) . " ";
$this->_msg_plain .= $input . " ";
}
@ -272,17 +268,17 @@ final class MDMailFormat {
<meta http-equiv=”X-UA-Compatible” content=”IE=edge” />
<meta name=”viewport” content=”width=device-width, initial-scale=1.0 />
<style>
a.buttonLike { ' . self::CSS_A_BUTTONLIKE . ' }
a.buttonLike:hover { ' . self::CSS_A_BUTTONLIKE_HOVER . ' }
p { ' . self::CSS_P . ' }
ul { ' . self::CSS_UL . ' }
ol { ' . self::CSS_OL . ' }
hr { ' . self::CSS_HR . ' }
#footer { ' . self::CSS_FOOTER . ' }
#footer a { ' . self::CSS_A_FOOTER . ' }
#footer a:hover { ' . self::CSS_A_FOOTER_HOVER . ' }
h1 img { ' . self::CSS_LOGO . ' }
h1 span { ' . self::CSS_H1_SPAN . ' }
a.buttonLike { ' . htmlspecialchars(self::CSS_A_BUTTONLIKE) . ' }
a.buttonLike:hover { ' . htmlspecialchars(self::CSS_A_BUTTONLIKE_HOVER) . ' }
p { ' . htmlspecialchars(self::CSS_P) . ' }
ul { ' . htmlspecialchars(self::CSS_UL) . ' }
ol { ' . htmlspecialchars(self::CSS_OL) . ' }
hr { ' . htmlspecialchars(self::CSS_HR) . ' }
#footer { ' . htmlspecialchars(self::CSS_FOOTER) . ' }
#footer a { ' . htmlspecialchars(self::CSS_A_FOOTER) . ' }
#footer a:hover { ' . htmlspecialchars(self::CSS_A_FOOTER_HOVER) . ' }
h1 img { ' . htmlspecialchars(self::CSS_LOGO) . ' }
h1 span { ' . htmlspecialchars(self::CSS_H1_SPAN) . ' }
</style>
</head>
<body>
@ -292,8 +288,8 @@ final class MDMailFormat {
$output .= trim($this->_msg_html);
$output .= '
<div id="footer" style="' . self::CSS_FOOTER . '">
<a style="' . self::CSS_A_FOOTER . '" href="' . MD_CONF_EMAIL::MAIL_TOOL_LINK . '">' . MD_CONF_EMAIL::MAIL_TOOL_NAME . '</a>
<div id="footer" style="' . htmlspecialchars(self::CSS_FOOTER) . '">
<a style="' . htmlspecialchars(self::CSS_A_FOOTER) . '" href="' . htmlspecialchars(MD_CONF_EMAIL::MAIL_TOOL_LINK) . '">' . htmlspecialchars(MD_CONF_EMAIL::MAIL_TOOL_NAME) . '</a>
</div>
</div>
</div>