From 38d6d64ecfcbcb425d8acc539e9890a74ba1e700 Mon Sep 17 00:00:00 2001 From: Julian Prieber <60265788+JulianPrieber@users.noreply.github.com> Date: Fri, 13 May 2022 18:10:43 +0200 Subject: [PATCH] Enabled optional use of custom HTML for ll page Enabled users to use custom HTML formatting for their personal page descriptions. Due to security reasons, this option is turned off by default. This setting can be enabled in the config. --- .env | 9 +++++++-- resources/views/littlelink.blade.php | 2 +- resources/views/studio/page.blade.php | 4 +++- storage/backups/default_settings | 5 +++++ 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/.env b/.env index 9c362ee..56e0c8a 100644 --- a/.env +++ b/.env @@ -1,6 +1,6 @@ #Email verification=Changes if users have to verify their email after registration. #=REGISTER_AUTH either auth or verified. If auth is selected, no verification is required. Default is verified. -REGISTER_AUTH=verified +REGISTER_AUTH=auth #Internal notifications=Changes if certain messages should be displayed or not. #=NOTIFY_EVENTS notifies admins if an important event is happening, such as polls about the future of this project or security vulnerabilities. @@ -15,10 +15,15 @@ DISPLAY_CREDIT=true #=(e.g. 'admin' without the '@') HOME_URL= +#ALLOW_USER_HTML=Changes if users are able to use custom HTML in their descriptions. Allows for more customized texts. +#=Either true or false. USE WITH CAUTION! If true, this enables users to use custom code, including JavaScript. +#=It is recommended to only turn this option on if you trust your users or only use this instance for yourself. +ALLOW_USER_HTML=false + #App Settings=Changes settings regarding your LittleLink Custom installation. You probably only want to change the App Name setting. #=App_Name changes the displayed name for the App in the title, for example. APP_NAME="LittleLink Custom" -APP_KEY= +APP_KEY=base64:YUFWn5swwXryVBujHaOdiPqNvLEsC7RZs8df3rb/DJs= #=The APP_URL should be left empty under most circumstances. This setting is not required for LittleLink Custom, and you should only change this if required for your setup. APP_URL= diff --git a/resources/views/littlelink.blade.php b/resources/views/littlelink.blade.php index f908a8d..0b778e7 100644 --- a/resources/views/littlelink.blade.php +++ b/resources/views/littlelink.blade.php @@ -147,7 +147,7 @@ function get_operating_system() {

{{ $info->name }}

-

{{ $info->littlelink_description }}

+

@if(env('ALLOW_USER_HTML') === true){!! $info->littlelink_description !!}@else{{ $info->littlelink_description }}@endif

@endforeach diff --git a/resources/views/studio/page.blade.php b/resources/views/studio/page.blade.php index 7d35ca8..172d156 100755 --- a/resources/views/studio/page.blade.php +++ b/resources/views/studio/page.blade.php @@ -2,6 +2,8 @@ @section('content') +@if(env('ALLOW_USER_HTML') === true) @endif +

Page

@@ -41,7 +43,7 @@
- +
@endforeach diff --git a/storage/backups/default_settings b/storage/backups/default_settings index 3f290b8..21a5a93 100644 --- a/storage/backups/default_settings +++ b/storage/backups/default_settings @@ -15,6 +15,11 @@ DISPLAY_CREDIT=true #=(e.g. 'admin' without the '@') HOME_URL= +#ALLOW_USER_HTML=Changes if users are able to use custom HTML in their descriptions. Allows for more customized texts. +#=Either true or false. USE WITH CAUTION! If true, this enables users to use custom code, including JavaScript. +#=It is recommended to only turn this option on if you trust your users or only use this instance for yourself. +ALLOW_USER_HTML=false + #App Settings=Changes settings regarding your LittleLink Custom installation. You probably only want to change the App Name setting. #=App_Name changes the displayed name for the App in the title, for example. APP_NAME="LittleLink Custom"