diff options
Diffstat (limited to 'perllib/FixMyStreet')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Admin.pm | 6 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Admin/Bodies.pm | 1 | ||||
| -rw-r--r-- | perllib/FixMyStreet/Cobrand/TfL.pm | 12 | ||||
| -rw-r--r-- | perllib/FixMyStreet/Map/Bromley.pm | 2 | ||||
| -rw-r--r-- | perllib/FixMyStreet/Template.pm | 17 |
5 files changed, 35 insertions, 3 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm index 64cc9eaaf..c1afccdfd 100644 --- a/perllib/FixMyStreet/App/Controller/Admin.pm +++ b/perllib/FixMyStreet/App/Controller/Admin.pm @@ -557,7 +557,8 @@ sub update_extra_fields : Private { if ($behaviour eq 'question') { $meta->{required} = $c->get_param("metadata[$i].required") ? 'true' : 'false'; $meta->{variable} = 'true'; - $meta->{description} = $c->get_param("metadata[$i].description"); + my $desc = $c->get_param("metadata[$i].description"); + $meta->{description} = FixMyStreet::Template::sanitize($desc); $meta->{datatype} = $c->get_param("metadata[$i].datatype"); if ( $meta->{datatype} eq "singlevaluelist" ) { @@ -579,7 +580,8 @@ sub update_extra_fields : Private { } } elsif ($behaviour eq 'notice') { $meta->{variable} = 'false'; - $meta->{description} = $c->get_param("metadata[$i].description"); + my $desc = $c->get_param("metadata[$i].description"); + $meta->{description} = FixMyStreet::Template::sanitize($desc); $meta->{disable_form} = $c->get_param("metadata[$i].disable_form") ? 'true' : 'false'; } elsif ($behaviour eq 'hidden') { $meta->{automated} = 'hidden_field'; diff --git a/perllib/FixMyStreet/App/Controller/Admin/Bodies.pm b/perllib/FixMyStreet/App/Controller/Admin/Bodies.pm index ea03b146f..3b7739966 100644 --- a/perllib/FixMyStreet/App/Controller/Admin/Bodies.pm +++ b/perllib/FixMyStreet/App/Controller/Admin/Bodies.pm @@ -286,6 +286,7 @@ sub update_contact : Private { # Special form disabling form if ($c->get_param('disable')) { my $msg = $c->get_param('disable_message'); + $msg = FixMyStreet::Template::sanitize($msg); $errors{category} = _('Please enter a message') unless $msg; my $meta = { code => '_fms_disable_', diff --git a/perllib/FixMyStreet/Cobrand/TfL.pm b/perllib/FixMyStreet/Cobrand/TfL.pm index cc4b4f345..797b872a4 100644 --- a/perllib/FixMyStreet/Cobrand/TfL.pm +++ b/perllib/FixMyStreet/Cobrand/TfL.pm @@ -25,6 +25,18 @@ sub is_council { 0 } sub abuse_reports_only { 1 } sub send_questionnaires { 0 } +sub disambiguate_location { + my $self = shift; + my $string = shift; + + return { + %{ $self->SUPER::disambiguate_location() }, + town => "London", + }; +} + +sub get_geocoder { 'OSM' } + sub category_change_force_resend { 1 } sub do_not_reply_email { shift->feature('do_not_reply_email') } diff --git a/perllib/FixMyStreet/Map/Bromley.pm b/perllib/FixMyStreet/Map/Bromley.pm index 595c83f6d..518382fc0 100644 --- a/perllib/FixMyStreet/Map/Bromley.pm +++ b/perllib/FixMyStreet/Map/Bromley.pm @@ -10,7 +10,7 @@ use base 'FixMyStreet::Map::FMS'; use strict; sub map_tile_base { - '-', "https://%sfix.bromley.gov.uk/tilma/%d/%d/%d.png"; + '-', "//%stilma.mysociety.org/bromley/%d/%d/%d.png"; } 1; diff --git a/perllib/FixMyStreet/Template.pm b/perllib/FixMyStreet/Template.pm index 84faeb562..afab83e41 100644 --- a/perllib/FixMyStreet/Template.pm +++ b/perllib/FixMyStreet/Template.pm @@ -6,6 +6,7 @@ use warnings; use FixMyStreet; use mySociety::Locale; use Attribute::Handlers; +use HTML::Scrubber; use FixMyStreet::Template::SafeString; use FixMyStreet::Template::Context; use FixMyStreet::Template::Stash; @@ -135,4 +136,20 @@ sub html_paragraph : Filter('html_para') { return FixMyStreet::Template::SafeString->new($text); } +sub sanitize { + my $text = shift; + + my %allowed_tags = map { $_ => 1 } qw( p ul ol li br b i strong em ); + my $scrubber = HTML::Scrubber->new( + rules => [ + %allowed_tags, + a => { href => qr{^(http|/|tel)}i, style => 1, target => qr/^_blank$/, title => 1 }, + font => { color => 1 }, + span => { style => 1 }, + ] + ); + $text = $scrubber->scrub($text); + return $text; +} + 1; |