Skip to content

Commit 18486ea

Browse files
landofcoderlandofcoder
committed
updated
1 parent 3d8b59e commit 18486ea

File tree

3 files changed

+530
-442
lines changed

3 files changed

+530
-442
lines changed

Block/Search/Result.php

Lines changed: 11 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,18 @@
11
<?php
22
/**
33
* Venustheme
4-
*
4+
*
55
* NOTICE OF LICENSE
6-
*
6+
*
77
* This source file is subject to the Venustheme.com license that is
88
* available through the world-wide-web at this URL:
99
* http://www.venustheme.com/license-agreement.html
10-
*
10+
*
1111
* DISCLAIMER
12-
*
12+
*
1313
* Do not edit or add to this file if you wish to upgrade this extension to newer
1414
* version in the future.
15-
*
15+
*
1616
* @category Venustheme
1717
* @package Ves_Blog
1818
* @copyright Copyright (c) 2016 Venustheme (http://www.venustheme.com/)
@@ -119,13 +119,14 @@ public function getCollection(){
119119
* @return $this
120120
*/
121121
protected function _prepareLayout()
122-
{
122+
{
123123
$searchKey = $this->_request->getParam('s');
124+
$searchKey = $this->_blogHelper->xss_clean($searchKey);
124125
$page_title = __("Search result for: '%1'", $searchKey);
125126
$this->pageConfig->addBodyClass('vesblog-page');
126127
$this->pageConfig->addBodyClass('blog-searchresult');
127128
if($page_title){
128-
$this->pageConfig->getTitle()->set($page_title);
129+
$this->pageConfig->getTitle()->set($page_title);
129130
}
130131
return parent::_prepareLayout();
131132
}
@@ -151,7 +152,7 @@ public function getPostsBlock()
151152
$html = $block->toHtml();
152153
if ($html) {
153154
return $html;
154-
}
155+
}
155156
}
156157

157158
/**
@@ -178,6 +179,7 @@ protected function _beforeToHtml()
178179

179180
$store = $this->_storeManager->getStore();
180181
$searchKey = $this->_request->getParam('s');
182+
$searchKey = $this->_blogHelper->xss_clean($searchKey);
181183
$itemsperpage = (int)$this->getConfig('blog_page/item_per_page');
182184
$orderby = $this->getConfig('blog_page/orderby');
183185
$orderby = $orderby?$orderby:"DESC";
@@ -210,4 +212,4 @@ protected function _beforeToHtml()
210212
}
211213
return parent::_beforeToHtml();
212214
}
213-
}
215+
}

Controller/Comment/Add.php

Lines changed: 15 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,18 @@
11
<?php
22
/**
33
* Venustheme
4-
*
4+
*
55
* NOTICE OF LICENSE
6-
*
6+
*
77
* This source file is subject to the Venustheme.com license that is
88
* available through the world-wide-web at this URL:
99
* http://www.venustheme.com/license-agreement.html
10-
*
10+
*
1111
* DISCLAIMER
12-
*
12+
*
1313
* Do not edit or add to this file if you wish to upgrade this extension to newer
1414
* version in the future.
15-
*
15+
*
1616
* @category Venustheme
1717
* @package Ves_Blog
1818
* @copyright Copyright (c) 2016 Venustheme (http://www.venustheme.com/)
@@ -83,14 +83,14 @@ class Add extends \Magento\Framework\App\Action\Action
8383

8484
/**
8585
* [__construct description]
86-
* @param Context $context
87-
* @param \Magento\Framework\View\Result\PageFactory $resultPageFactory
88-
* @param \Ves\Blog\Helper\Data $blogHelper
89-
* @param \Magento\Framework\Controller\Result\ForwardFactory $resultForwardFactory
90-
* @param \Magento\Framework\Translate\Inline\StateInterface $inlineTranslation
91-
* @param \Magento\Framework\Mail\Template\TransportBuilder $transportBuilder
92-
* @param \Magento\Framework\App\Config\ScopeConfigInterface $scopeConfig
93-
* @param \Magento\Store\Model\StoreManagerInterface $storeManager
86+
* @param Context $context
87+
* @param \Magento\Framework\View\Result\PageFactory $resultPageFactory
88+
* @param \Ves\Blog\Helper\Data $blogHelper
89+
* @param \Magento\Framework\Controller\Result\ForwardFactory $resultForwardFactory
90+
* @param \Magento\Framework\Translate\Inline\StateInterface $inlineTranslation
91+
* @param \Magento\Framework\Mail\Template\TransportBuilder $transportBuilder
92+
* @param \Magento\Framework\App\Config\ScopeConfigInterface $scopeConfig
93+
* @param \Magento\Store\Model\StoreManagerInterface $storeManager
9494
*/
9595
public function __construct(
9696
Context $context,
@@ -148,6 +148,7 @@ public function execute()
148148
if (isset($data['content']) && $allowableTags) {
149149
$data['content'] = strip_tags($data['content'], $allowableTags);
150150
}
151+
$data['content'] = $this->_blogHelper->xss_clean($data['content']);
151152

152153
$model = $this->_objectManager->create('Ves\Blog\Model\Comment');
153154
$store = $this->_storeManager->getStore();
@@ -231,4 +232,4 @@ public function execute()
231232
}
232233
return $resultRedirect->setRefererOrBaseUrl();
233234
}
234-
}
235+
}

0 commit comments

Comments
 (0)