diff options
Diffstat (limited to 'perllib/FixMyStreet/DB')
| -rw-r--r-- | perllib/FixMyStreet/DB/Result/Comment.pm | 6 | ||||
| -rw-r--r-- | perllib/FixMyStreet/DB/Result/ModerationOriginalData.pm | 6 | ||||
| -rw-r--r-- | perllib/FixMyStreet/DB/Result/Problem.pm | 17 | ||||
| -rw-r--r-- | perllib/FixMyStreet/DB/Result/User.pm | 4 |
4 files changed, 21 insertions, 12 deletions
diff --git a/perllib/FixMyStreet/DB/Result/Comment.pm b/perllib/FixMyStreet/DB/Result/Comment.pm index 1ffcc7b40..99c5b6dab 100644 --- a/perllib/FixMyStreet/DB/Result/Comment.pm +++ b/perllib/FixMyStreet/DB/Result/Comment.pm @@ -101,6 +101,7 @@ __PACKAGE__->load_components("+FixMyStreet::DB::RABXColumn"); __PACKAGE__->rabx_column('extra'); use Moo; +use FixMyStreet::Template::SafeString; use namespace::clean -except => [ 'meta' ]; use FixMyStreet::Template; @@ -201,7 +202,7 @@ sub moderation_filter { =head2 meta_line Returns a string to be used on a report update, describing some of the metadata -about an update +about an update. Can include HTML. =cut @@ -225,6 +226,7 @@ sub meta_line { } else { $body = $self->user->body; } + $body = FixMyStreet::Template::html_filter($body); if ($body eq 'Bromley Council') { $body = "$body <img src='/cobrands/bromley/favicon.png' alt=''>"; } elsif ($body eq 'Royal Borough of Greenwich') { @@ -259,7 +261,7 @@ sub meta_line { $meta .= ', ' . _( 'and a defect raised' ); } - return $meta; + return FixMyStreet::Template::SafeString->new($meta); }; sub problem_state_processed { diff --git a/perllib/FixMyStreet/DB/Result/ModerationOriginalData.pm b/perllib/FixMyStreet/DB/Result/ModerationOriginalData.pm index 18d2a7683..1805e1fd2 100644 --- a/perllib/FixMyStreet/DB/Result/ModerationOriginalData.pm +++ b/perllib/FixMyStreet/DB/Result/ModerationOriginalData.pm @@ -74,6 +74,7 @@ __PACKAGE__->belongs_to( # DO NOT MODIFY THIS OR ANYTHING ABOVE! md5sum:FLKiZELcfBcc9VwHU2MZYQ use Moo; +use FixMyStreet::Template::SafeString; use Text::Diff; use Data::Dumper; @@ -147,11 +148,12 @@ sub compare_photo { push @deleted, $diff->Items(1); push @added, $diff->Items(2); } - return (join ', ', map { + my $s = (join ', ', map { "<del style='background-color:#fcc'>$_</del>"; } @deleted) . (join ', ', map { "<ins style='background-color:#cfc'>$_</ins>"; } @added); + return FixMyStreet::Template::SafeString->new($s); } sub compare_extra { @@ -212,7 +214,7 @@ sub string_diff { $string .= $inserted; } } - return $string; + return FixMyStreet::Template::SafeString->new($string); } 1; diff --git a/perllib/FixMyStreet/DB/Result/Problem.pm b/perllib/FixMyStreet/DB/Result/Problem.pm index 97f0666e0..4b52cd11d 100644 --- a/perllib/FixMyStreet/DB/Result/Problem.pm +++ b/perllib/FixMyStreet/DB/Result/Problem.pm @@ -201,6 +201,8 @@ use Moo; use namespace::clean -except => [ 'meta' ]; use Utils; use FixMyStreet::Map::FMS; +use FixMyStreet::Template; +use FixMyStreet::Template::SafeString; use LWP::Simple qw($ua); use RABX; use URI; @@ -669,16 +671,16 @@ sub body { my $cache = $problem->result_source->schema->cache; return $cache->{bodies}{$problem->external_body} //= $c->model('DB::Body')->find({ id => $problem->external_body }); } else { - $body = $problem->external_body; + $body = FixMyStreet::Template::html_filter($problem->external_body); } } else { my $bodies = $problem->bodies; my @body_names = sort map { my $name = $_->name; if ($c and FixMyStreet->config('AREA_LINKS_FROM_PROBLEMS')) { - '<a href="' . $_->url . '">' . $name . '</a>'; + '<a href="' . $_->url . '">' . FixMyStreet::Template::html_filter($name) . '</a>'; } else { - $name; + FixMyStreet::Template::html_filter($name); } } values %$bodies; if ( scalar @body_names > 2 ) { @@ -688,7 +690,7 @@ sub body { $body = join( _(' and '), @body_names); } } - return $body; + return FixMyStreet::Template::SafeString->new($body); } @@ -778,17 +780,20 @@ sub can_display_external_id { return 0; } +# This can return HTML and is safe, so returns a FixMyStreet::Template::SafeString sub duration_string { my ( $problem, $c ) = @_; my $body = $c->cobrand->call_hook(link_to_council_cobrand => $problem) || $problem->body($c); my $handler = $c->cobrand->call_hook(get_body_handler_for_problem => $problem); if ( $handler && $handler->call_hook('is_council_with_case_management') ) { - return sprintf(_('Received by %s moments later'), $body); + my $s = sprintf(_('Received by %s moments later'), $body); + return FixMyStreet::Template::SafeString->new($s); } return unless $problem->whensent; - return sprintf(_('Sent to %s %s later'), $body, + my $s = sprintf(_('Sent to %s %s later'), $body, Utils::prettify_duration($problem->whensent->epoch - $problem->confirmed->epoch, 'minute') ); + return FixMyStreet::Template::SafeString->new($s); } sub local_coords { diff --git a/perllib/FixMyStreet/DB/Result/User.pm b/perllib/FixMyStreet/DB/Result/User.pm index 9554bbe7e..4f46fcfe2 100644 --- a/perllib/FixMyStreet/DB/Result/User.pm +++ b/perllib/FixMyStreet/DB/Result/User.pm @@ -449,8 +449,8 @@ sub has_permission_to { return 0 unless $available{$permission_type}; return 1 if $self->is_superuser; - return 0 if !$body_ids || (ref $body_ids && !@$body_ids); - $body_ids = [ $body_ids ] unless ref $body_ids; + return 0 if !$body_ids || (ref $body_ids eq 'ARRAY' && !@$body_ids); + $body_ids = [ $body_ids ] unless ref $body_ids eq 'ARRAY'; my %body_ids = map { $_ => 1 } @$body_ids; foreach (@{$self->body_permissions}) { |