projects / GitHub / WoltLab / WCF.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ae1fd86)
Enable the Sandbox for Templates Inside of BBCodes
authorAlexander Ebert <ebert@woltlab.com>
Sun, 23 Jun 2024 11:35:09 +0000 (13:35 +0200)
committerAlexander Ebert <ebert@woltlab.com>
Sun, 23 Jun 2024 11:35:09 +0000 (13:35 +0200)
See #5910

wcfsetup/install/files/lib/system/bbcode/AttachmentBBCode.class.php patch | blob | blame | history
wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteArticleBBCode.class.php patch | blob | blame | history
wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php patch | blob | blame | history
wcfsetup/install/files/lib/system/bbcode/WoltLabSuitePageBBCode.class.php patch | blob | blame | history

diff --git a/wcfsetup/install/files/lib/system/bbcode/AttachmentBBCode.class.php b/wcfsetup/install/files/lib/system/bbcode/AttachmentBBCode.class.php
index 7e63a7b363f7c05306cfd144447668eb2ee0af81..624177592d125feab22be899a009865c83d70da4 100644 (file)
--- a/wcfsetup/install/files/lib/system/bbcode/AttachmentBBCode.class.php
+++ b/wcfsetup/install/files/lib/system/bbcode/AttachmentBBCode.class.php
@@ -27,7 +27,7 @@ final class AttachmentBBCode extends AbstractBBCode
 
         $attachment = $this->getAttachment($attachmentID);
         if ($attachment === null) {
-            return WCF::getTPL()->fetch('shared_contentNotVisible');
+            return WCF::getTPL()->fetch('shared_contentNotVisible', sandbox: true);
         }
 
         $outputType = $parser->getOutputType();
@@ -251,7 +251,7 @@ final class AttachmentBBCode extends AbstractBBCode
         return WCF::getTPL()->fetch('shared_bbcode_attach_video', 'wcf', [
             'attachment' => $attachment,
             'attachmentIdentifier' => StringUtil::getRandomID(),
-        ]);
+        ], true);
     }
 
     private function showAudioPlayer(Attachment $attachment): string
@@ -259,7 +259,7 @@ final class AttachmentBBCode extends AbstractBBCode
         return WCF::getTPL()->fetch('shared_bbcode_attach_audio', 'wcf', [
             'attachment' => $attachment,
             'attachmentIdentifier' => StringUtil::getRandomID(),
-        ]);
+        ], true);
     }
 
     private function getAttachment(int $attachmentID): ?Attachment
diff --git a/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteArticleBBCode.class.php b/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteArticleBBCode.class.php
index 9fe0c499acc9394bcfe891e7843255816ba3e664..fcdbfdd084f1977dd5204070da6096554c387b06 100644 (file)
--- a/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteArticleBBCode.class.php
+++ b/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteArticleBBCode.class.php
@@ -32,7 +32,7 @@ final class WoltLabSuiteArticleBBCode extends AbstractBBCode
 
         $article = $this->getArticle($articleID);
         if ($article === null) {
-            return WCF::getTPL()->fetch('shared_contentNotVisible');
+            return WCF::getTPL()->fetch('shared_contentNotVisible', sandbox: true);
         }
 
         if (!$article->canRead()) {
diff --git a/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php b/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php
index f91c0b036be9115a081babe23e54cf747d8e4043..dbeebb58a3bd18664ebcc1da7e0c9f5a8278dc97 100644 (file)
--- a/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php
+++ b/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php
@@ -48,7 +48,7 @@ final class WoltLabSuiteMediaBBCode extends AbstractBBCode
         /** @var ViewableMedia $media */
         $media = MessageEmbeddedObjectManager::getInstance()->getObject('com.woltlab.wcf.media', $mediaID);
         if ($media === null) {
-            return WCF::getTPL()->fetch('shared_contentNotVisible');
+            return WCF::getTPL()->fetch('shared_contentNotVisible', sandbox: true);
         }
 
         if ($media->isAccessible()) {
@@ -77,7 +77,7 @@ final class WoltLabSuiteMediaBBCode extends AbstractBBCode
                         'media' => $media->getLocalizedVersion(MessageEmbeddedObjectManager::getInstance()->getActiveMessageLanguageID()),
                         'thumbnailSize' => $thumbnailSize,
                         'width' => $width,
-                    ]);
+                    ], true);
                 } elseif ($media->isVideo() || $media->isAudio()) {
                     return WCF::getTPL()->fetch('shared_bbcode_wsm', 'wcf', [
                         'mediaLink' => $media->getLink(),
@@ -85,7 +85,7 @@ final class WoltLabSuiteMediaBBCode extends AbstractBBCode
                         'float' => $float,
                         'media' => $media->getLocalizedVersion(MessageEmbeddedObjectManager::getInstance()->getActiveMessageLanguageID()),
                         'width' => 'auto',
-                    ]);
+                    ], true);
                 }
 
                 return StringUtil::getAnchorTag($media->getLink(), $media->getTitle());
diff --git a/wcfsetup/install/files/lib/system/bbcode/WoltLabSuitePageBBCode.class.php b/wcfsetup/install/files/lib/system/bbcode/WoltLabSuitePageBBCode.class.php
index 4284b4944828a16403911f85bc90afbb5f7dd594..1934e4e27f13668712578c298da9dd3eef9dcf6b 100644 (file)
--- a/wcfsetup/install/files/lib/system/bbcode/WoltLabSuitePageBBCode.class.php
+++ b/wcfsetup/install/files/lib/system/bbcode/WoltLabSuitePageBBCode.class.php
@@ -35,6 +35,6 @@ final class WoltLabSuitePageBBCode extends AbstractBBCode
             return StringUtil::getAnchorTag($page->getLink(), $title ?: $page->getTitle());
         }
 
-        return WCF::getTPL()->fetch('shared_contentNotVisible');
+        return WCF::getTPL()->fetch('shared_contentNotVisible', sandbox: true);
     }
 }
WoltLab Suite Core (previously WoltLab Community Framework)