From: Alexander Ebert <ebert@woltlab.com>
Date: Sun, 23 Jun 2024 11:35:09 +0000 (+0200)
Subject: Enable the Sandbox for Templates Inside of BBCodes
X-Git-Tag: 6.1.0_Alpha_1~51
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=1eba6a44e6a6a6d9c51f893b6a63d0a2c159e78c;p=GitHub%2FWoltLab%2FWCF.git

Enable the Sandbox for Templates Inside of BBCodes

See #5910
---

diff --git a/wcfsetup/install/files/lib/system/bbcode/AttachmentBBCode.class.php b/wcfsetup/install/files/lib/system/bbcode/AttachmentBBCode.class.php
index 7e63a7b363..624177592d 100644
--- a/wcfsetup/install/files/lib/system/bbcode/AttachmentBBCode.class.php
+++ b/wcfsetup/install/files/lib/system/bbcode/AttachmentBBCode.class.php
@@ -27,7 +27,7 @@ final class AttachmentBBCode extends AbstractBBCode
 
         $attachment = $this->getAttachment($attachmentID);
         if ($attachment === null) {
-            return WCF::getTPL()->fetch('shared_contentNotVisible');
+            return WCF::getTPL()->fetch('shared_contentNotVisible', sandbox: true);
         }
 
         $outputType = $parser->getOutputType();
@@ -251,7 +251,7 @@ final class AttachmentBBCode extends AbstractBBCode
         return WCF::getTPL()->fetch('shared_bbcode_attach_video', 'wcf', [
             'attachment' => $attachment,
             'attachmentIdentifier' => StringUtil::getRandomID(),
-        ]);
+        ], true);
     }
 
     private function showAudioPlayer(Attachment $attachment): string
@@ -259,7 +259,7 @@ final class AttachmentBBCode extends AbstractBBCode
         return WCF::getTPL()->fetch('shared_bbcode_attach_audio', 'wcf', [
             'attachment' => $attachment,
             'attachmentIdentifier' => StringUtil::getRandomID(),
-        ]);
+        ], true);
     }
 
     private function getAttachment(int $attachmentID): ?Attachment
diff --git a/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteArticleBBCode.class.php b/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteArticleBBCode.class.php
index 9fe0c499ac..fcdbfdd084 100644
--- a/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteArticleBBCode.class.php
+++ b/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteArticleBBCode.class.php
@@ -32,7 +32,7 @@ final class WoltLabSuiteArticleBBCode extends AbstractBBCode
 
         $article = $this->getArticle($articleID);
         if ($article === null) {
-            return WCF::getTPL()->fetch('shared_contentNotVisible');
+            return WCF::getTPL()->fetch('shared_contentNotVisible', sandbox: true);
         }
 
         if (!$article->canRead()) {
diff --git a/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php b/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php
index f91c0b036b..dbeebb58a3 100644
--- a/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php
+++ b/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php
@@ -48,7 +48,7 @@ final class WoltLabSuiteMediaBBCode extends AbstractBBCode
         /** @var ViewableMedia $media */
         $media = MessageEmbeddedObjectManager::getInstance()->getObject('com.woltlab.wcf.media', $mediaID);
         if ($media === null) {
-            return WCF::getTPL()->fetch('shared_contentNotVisible');
+            return WCF::getTPL()->fetch('shared_contentNotVisible', sandbox: true);
         }
 
         if ($media->isAccessible()) {
@@ -77,7 +77,7 @@ final class WoltLabSuiteMediaBBCode extends AbstractBBCode
                         'media' => $media->getLocalizedVersion(MessageEmbeddedObjectManager::getInstance()->getActiveMessageLanguageID()),
                         'thumbnailSize' => $thumbnailSize,
                         'width' => $width,
-                    ]);
+                    ], true);
                 } elseif ($media->isVideo() || $media->isAudio()) {
                     return WCF::getTPL()->fetch('shared_bbcode_wsm', 'wcf', [
                         'mediaLink' => $media->getLink(),
@@ -85,7 +85,7 @@ final class WoltLabSuiteMediaBBCode extends AbstractBBCode
                         'float' => $float,
                         'media' => $media->getLocalizedVersion(MessageEmbeddedObjectManager::getInstance()->getActiveMessageLanguageID()),
                         'width' => 'auto',
-                    ]);
+                    ], true);
                 }
 
                 return StringUtil::getAnchorTag($media->getLink(), $media->getTitle());
diff --git a/wcfsetup/install/files/lib/system/bbcode/WoltLabSuitePageBBCode.class.php b/wcfsetup/install/files/lib/system/bbcode/WoltLabSuitePageBBCode.class.php
index 4284b49448..1934e4e27f 100644
--- a/wcfsetup/install/files/lib/system/bbcode/WoltLabSuitePageBBCode.class.php
+++ b/wcfsetup/install/files/lib/system/bbcode/WoltLabSuitePageBBCode.class.php
@@ -35,6 +35,6 @@ final class WoltLabSuitePageBBCode extends AbstractBBCode
             return StringUtil::getAnchorTag($page->getLink(), $title ?: $page->getTitle());
         }
 
-        return WCF::getTPL()->fetch('shared_contentNotVisible');
+        return WCF::getTPL()->fetch('shared_contentNotVisible', sandbox: true);
     }
 }