Merge pull request #6 from GreenMeteor/dev

ArchBlood · web-flow · commit 4c3c074330a0 · 2024-03-13T17:31:11.000-04:00
Fix: Nonce
diff --git a/Module.php b/Module.php
@@ -4,6 +4,7 @@
 
 use Yii;
 use yii\helpers\Url;
+use humhub\libs\Html;
 use humhub\components\Module as BaseModule;
 
 class Module extends BaseModule
@@ -31,12 +32,15 @@ public function getTitle()
     public function getHtmlCode()
     {
         $htmlCode = $this->settings->get('htmlCode');
+
         if (empty($htmlCode)) {
             return '';
         }
+
         return $htmlCode;
     }
 
+
     public function getOrder()
     {
         $sortOrder = $this->settings->get('sortOrder');
diff --git a/widgets/CodeboxFrame.php b/widgets/CodeboxFrame.php
@@ -3,17 +3,14 @@
 namespace humhub\modules\codebox\widgets;
 
 use Yii;
+use humhub\libs\Html;
 use humhub\components\Widget;
-use humhub\modules\web\security\helpers\Security;
 
 /**
  * CodeboxFrame adds HTML snippet code to all layouts extended by config.php
  */
 class CodeboxFrame extends Widget
 {
-
-    public $contentContainer;
-
     /**
      * @inheritdoc
      */
@@ -31,7 +28,16 @@ public function run()
             return '';
         }
 
-        return $this->render('codeboxframe', ['title' => $title, 'htmlCode' => $htmlCode, $sortOrder => 'sortOrder', 'nonce' => Security::getNonce()]);
+        // Generate nonce attribute
+        $nonce = Html::nonce();
+
+        // Check if {{nonce}} placeholder exists in htmlCode
+        if (strpos($htmlCode, 'nonce={{nonce}}') !== false) {
+            // Replace {{nonce}} with the generated nonce value
+            $htmlCode = str_replace('nonce={{nonce}}', $nonce, $htmlCode);
+        }
+
+        return $this->render('codeboxframe', ['title' => $title, 'htmlCode' => $htmlCode, 'sortOrder' => $sortOrder, 'nonce' => $nonce]);
     }
 
 }
diff --git a/widgets/views/codeboxframe.php b/widgets/views/codeboxframe.php
@@ -7,14 +7,10 @@
 
 <div class="panel panel-default panel-codebox" id="panel-codebox">
     <?= PanelMenu::widget(['id' => 'panel-codebox']); ?>
-  <div class="panel-heading">
-    <strong><?= Html::encode($title) ?></strong>
-  </div>
-  <div class="panel-body">
-
-<?= Html::beginTag('div') ?>
-<?= $htmlCode ?>
-<?= Html::endTag('div'); ?>
-
-</div>
+    <div class="panel-heading">
+        <strong><?= Html::encode($title) ?></strong>
+    </div>
+    <div class="panel-body">
+        <?= $htmlCode ?>
+    </div>
 </div>

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@`
`4`	`4`
`5`	`5`	`use Yii;`
`6`	`6`	`use yii\helpers\Url;`
	`7`	`+use humhub\libs\Html;`
`7`	`8`	`use humhub\components\Module as BaseModule;`
`8`	`9`
`9`	`10`	`class Module extends BaseModule`
`@@ -31,12 +32,15 @@ public function getTitle()`
`31`	`32`	`public function getHtmlCode()`
`32`	`33`	`{`
`33`	`34`	`$htmlCode = $this->settings->get('htmlCode');`
	`35`	`+`
`34`	`36`	`if (empty($htmlCode)) {`
`35`	`37`	`return '';`
`36`	`38`	`}`
	`39`	`+`
`37`	`40`	`return $htmlCode;`
`38`	`41`	`}`
`39`	`42`
	`43`	`+`
`40`	`44`	`public function getOrder()`
`41`	`45`	`{`
`42`	`46`	`$sortOrder = $this->settings->get('sortOrder');`