From: Cyperghost <olaf_schmitz_1@t-online.de>
Date: Mon, 17 Jun 2024 10:27:59 +0000 (+0200)
Subject: Check for disallowed BB codes in the content
X-Git-Tag: 6.0.16~2^2
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=55bec5c736f11289f17c29e8d1c131e54e540667;p=GitHub%2FWoltLab%2FWCF.git

Check for disallowed BB codes in the content
---

diff --git a/wcfsetup/install/files/acp/templates/articleAdd.tpl b/wcfsetup/install/files/acp/templates/articleAdd.tpl
index a718b08174..859988e75c 100644
--- a/wcfsetup/install/files/acp/templates/articleAdd.tpl
+++ b/wcfsetup/install/files/acp/templates/articleAdd.tpl
@@ -582,6 +582,8 @@
 									<small class="innerError">
 										{if $errorType == 'empty'}
 											{lang}wcf.global.form.error.empty{/lang}
+										{elseif $errorType == 'disallowedBBCodes'}
+											{lang}wcf.message.error.disallowedBBCodes{/lang}
 										{else}
 											{lang}wcf.acp.article.content.error.{@$errorType}{/lang}
 										{/if}
diff --git a/wcfsetup/install/files/lib/acp/form/ArticleAddForm.class.php b/wcfsetup/install/files/lib/acp/form/ArticleAddForm.class.php
index 5f46149f40..2a33ea849c 100644
--- a/wcfsetup/install/files/lib/acp/form/ArticleAddForm.class.php
+++ b/wcfsetup/install/files/lib/acp/form/ArticleAddForm.class.php
@@ -14,6 +14,7 @@ use wcf\data\smiley\SmileyCache;
 use wcf\data\user\User;
 use wcf\form\AbstractForm;
 use wcf\system\attachment\AttachmentHandler;
+use wcf\system\bbcode\BBCodeHandler;
 use wcf\system\cache\builder\ArticleCategoryLabelCacheBuilder;
 use wcf\system\exception\UserInputException;
 use wcf\system\html\input\HtmlInputProcessor;
@@ -424,6 +425,8 @@ class ArticleAddForm extends AbstractForm
             }
         }
 
+        $this->setDisallowedBBCodes();
+
         if ($this->isMultilingual) {
             foreach (LanguageFactory::getInstance()->getLanguages() as $language) {
                 // title
@@ -441,6 +444,12 @@ class ArticleAddForm extends AbstractForm
                     'com.woltlab.wcf.article.content',
                     0
                 );
+
+                $disallowedBBCodes = $this->htmlInputProcessors[$language->languageID]->validate();
+                if (!empty($disallowedBBCodes)) {
+                    WCF::getTPL()->assign('disallowedBBCodes', $disallowedBBCodes);
+                    throw new UserInputException('content', 'disallowedBBCodes');
+                }
             }
         } else {
             // title
@@ -454,6 +463,12 @@ class ArticleAddForm extends AbstractForm
 
             $this->htmlInputProcessors[0] = new HtmlInputProcessor();
             $this->htmlInputProcessors[0]->process($this->content[0], 'com.woltlab.wcf.article.content', 0);
+
+            $disallowedBBCodes = $this->htmlInputProcessors[0]->validate();
+            if (!empty($disallowedBBCodes)) {
+                WCF::getTPL()->assign('disallowedBBCodes', $disallowedBBCodes);
+                throw new UserInputException('content', 'disallowedBBCodes');
+            }
         }
 
         $this->validateLabelIDs();
@@ -616,6 +631,8 @@ class ArticleAddForm extends AbstractForm
                 }
             }
         }
+
+        $this->setDisallowedBBCodes();
     }
 
     /**
@@ -677,4 +694,14 @@ class ArticleAddForm extends AbstractForm
             'tmpHash' => $this->tmpHash,
         ]);
     }
+
+    protected function setDisallowedBBCodes(): void
+    {
+        BBCodeHandler::getInstance()->setDisallowedBBCodes(
+            \explode(
+                ',',
+                WCF::getSession()->getPermission('user.message.disallowedBBCodes')
+            )
+        );
+    }
 }