From a64660a8264f6f4789cde97d64ed8c6a7742b3df Mon Sep 17 00:00:00 2001 From: Ioannis Tsimpidis <6756053+joomlabeat@users.noreply.github.com> Date: Sun, 5 Jul 2020 23:38:56 +0300 Subject: [PATCH] Further fix for Text Filtering when using Custom Blacklist Following up a recent PR that attempted to fix the Filtering of textarea element when using Custom Blacklist, that was always defaulting to disregarding the Custom BL, this PR improves this, because the call the JFilterInput was still forcing to clean up based on the default blacklist. Helpful resources: - https://stackoverflow.com/a/42729709/1739313 - https://api.joomla.org/cms-3/classes/Joomla.CMS.Filter.InputFilter.html#method_getInstance --- libraries/fabrik/fabrik/Helpers/Worker.php | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/libraries/fabrik/fabrik/Helpers/Worker.php b/libraries/fabrik/fabrik/Helpers/Worker.php index 3e93a323113..fa4a8fdda79 100644 --- a/libraries/fabrik/fabrik/Helpers/Worker.php +++ b/libraries/fabrik/fabrik/Helpers/Worker.php @@ -1620,7 +1620,18 @@ public static function getContentFilter() { // Remove the white-listed attributes from the black-list. $tags = array_diff($blackListTags, $whiteListTags); - $filter = JFilterInput::getInstance($tags, array_diff($blackListAttributes, $whiteListAttributes), 1, 1); + + // Here we want to seperate CBL from BL, in order to make the proper call to JFilterInput::getInstance + // This is because for CBL we want to pass the parameter $xssAuto as 0, so it will only perform the essential clean + // Otherwhise it will always perform the full blacklist cleanup + // Helpful resources: https://stackoverflow.com/a/42729709/1739313 + // https://api.joomla.org/cms-3/classes/Joomla.CMS.Filter.InputFilter.html#method_getInstance + // getInstance(array $tagsArray = array(), array $attrArray = array(), integer $tagsMethod, integer $attrMethod, integer $xssAuto = 1, integer $stripUSC = -1) : \Joomla\CMS\Filter\InputFilter + if ($filterType == 'CBL') { + $filter = JFilterInput::getInstance($tags, array_diff($blackListAttributes, $whiteListAttributes), 1, 1, 0); + } else { + $filter = JFilterInput::getInstance($tags, array_diff($blackListAttributes, $whiteListAttributes), 1, 1); + } } // White lists take third precedence. elseif ($whiteList)