From: Alexander Ebert <ebert@woltlab.com>
Date: Thu, 1 Feb 2018 11:12:30 +0000 (+0100)
Subject: BBCode converters did not handle encoded HTML entities
X-Git-Tag: 3.1.0_RC_3~5^2~7
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=76c0a4b742bfb82d43ec2b6c8f3b5268e9e4e81b;p=GitHub%2FWoltLab%2FWCF.git

BBCode converters did not handle encoded HTML entities
---

diff --git a/wcfsetup/install/files/lib/system/html/metacode/converter/CodeMetacodeConverter.class.php b/wcfsetup/install/files/lib/system/html/metacode/converter/CodeMetacodeConverter.class.php
index 01b4035a76..6e06b599ab 100644
--- a/wcfsetup/install/files/lib/system/html/metacode/converter/CodeMetacodeConverter.class.php
+++ b/wcfsetup/install/files/lib/system/html/metacode/converter/CodeMetacodeConverter.class.php
@@ -61,7 +61,7 @@ class CodeMetacodeConverter extends AbstractMetacodeConverter {
 				break;
 		}
 		
-		$element->setAttribute('data-file', $file);
+		$element->setAttribute('data-file', StringUtil::decodeHTML($file));
 		$element->setAttribute('data-highlighter', $highlighter);
 		$element->setAttribute('data-line', $line);
 		
diff --git a/wcfsetup/install/files/lib/system/html/metacode/converter/ImgMetacodeConverter.class.php b/wcfsetup/install/files/lib/system/html/metacode/converter/ImgMetacodeConverter.class.php
index 8a1dfafa65..7d10e672f4 100644
--- a/wcfsetup/install/files/lib/system/html/metacode/converter/ImgMetacodeConverter.class.php
+++ b/wcfsetup/install/files/lib/system/html/metacode/converter/ImgMetacodeConverter.class.php
@@ -1,5 +1,6 @@
 <?php
 namespace wcf\system\html\metacode\converter;
+use wcf\util\StringUtil;
 
 /**
  * Converts img bbcode into `<img>`.
@@ -16,7 +17,7 @@ class ImgMetacodeConverter extends AbstractMetacodeConverter {
 	 */
 	public function convert(\DOMDocumentFragment $fragment, array $attributes) {
 		$element = $fragment->ownerDocument->createElement('img');
-		$element->setAttribute('src', $attributes[0]);
+		$element->setAttribute('src', StringUtil::decodeHTML($attributes[0]));
 		
 		if (isset($attributes[1]) && in_array($attributes[1], ['left', 'right'])) {
 			$element->setAttribute('class', 'messageFloatObject'.ucfirst($attributes[1]));
diff --git a/wcfsetup/install/files/lib/system/html/metacode/converter/QuoteMetacodeConverter.class.php b/wcfsetup/install/files/lib/system/html/metacode/converter/QuoteMetacodeConverter.class.php
index 88c6fe8220..d0df2135ec 100644
--- a/wcfsetup/install/files/lib/system/html/metacode/converter/QuoteMetacodeConverter.class.php
+++ b/wcfsetup/install/files/lib/system/html/metacode/converter/QuoteMetacodeConverter.class.php
@@ -1,5 +1,6 @@
 <?php
 namespace wcf\system\html\metacode\converter;
+use wcf\util\StringUtil;
 
 /**
  * Converts quote bbcode into `<woltlab-quote>`.
@@ -16,8 +17,8 @@ class QuoteMetacodeConverter extends AbstractMetacodeConverter {
 	 */
 	public function convert(\DOMDocumentFragment $fragment, array $attributes) {
 		$element = $fragment->ownerDocument->createElement('woltlab-quote');
-		$element->setAttribute('data-author', isset($attributes[0]) ? $attributes[0] : '');
-		$element->setAttribute('data-link', isset($attributes[1]) ? $attributes[1] : '');
+		$element->setAttribute('data-author', isset($attributes[0]) ? StringUtil::decodeHTML($attributes[0]) : '');
+		$element->setAttribute('data-link', isset($attributes[1]) ? StringUtil::decodeHTML($attributes[1]) : '');
 		$element->appendChild($fragment);
 		
 		return $element;
diff --git a/wcfsetup/install/files/lib/system/html/metacode/converter/SpoilerMetacodeConverter.class.php b/wcfsetup/install/files/lib/system/html/metacode/converter/SpoilerMetacodeConverter.class.php
index 9886aa447f..178a7ea817 100644
--- a/wcfsetup/install/files/lib/system/html/metacode/converter/SpoilerMetacodeConverter.class.php
+++ b/wcfsetup/install/files/lib/system/html/metacode/converter/SpoilerMetacodeConverter.class.php
@@ -17,7 +17,7 @@ class SpoilerMetacodeConverter extends AbstractMetacodeConverter {
 	 */
 	public function convert(\DOMDocumentFragment $fragment, array $attributes) {
 		$element = $fragment->ownerDocument->createElement('woltlab-spoiler');
-		$element->setAttribute('data-label', (!empty($attributes[0])) ? StringUtil::trim($attributes[0]) : '');
+		$element->setAttribute('data-label', (!empty($attributes[0])) ? StringUtil::trim(StringUtil::decodeHTML($attributes[0])) : '');
 		$element->appendChild($fragment);
 		
 		return $element;
diff --git a/wcfsetup/install/files/lib/system/html/metacode/converter/UrlMetacodeConverter.class.php b/wcfsetup/install/files/lib/system/html/metacode/converter/UrlMetacodeConverter.class.php
index 5d1f195fce..4e2ec3be9c 100644
--- a/wcfsetup/install/files/lib/system/html/metacode/converter/UrlMetacodeConverter.class.php
+++ b/wcfsetup/install/files/lib/system/html/metacode/converter/UrlMetacodeConverter.class.php
@@ -23,6 +23,8 @@ class UrlMetacodeConverter extends AbstractMetacodeConverter {
 			$href = $fragment->textContent;
 		}
 		
+		$href = StringUtil::decodeHTML($href);
+		
 		// check if the link is empty, use the href value instead
 		$useHrefAsValue = false;
 		if ($fragment->childNodes->length === 0) {