From 66535f6142919cf4ef52623f445427a7527162d9 Mon Sep 17 00:00:00 2001 From: Marcin Kurczewski Date: Sun, 5 Oct 2014 20:19:16 +0200 Subject: [PATCH] Added a few prohibited characters to tags --- src/Validator.php | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/src/Validator.php b/src/Validator.php index 4941a5af..b205d093 100644 --- a/src/Validator.php +++ b/src/Validator.php @@ -85,7 +85,11 @@ class Validator if (empty($tags)) throw new \DomainException('Tags cannot be empty.'); - $illegalCharacters = str_split("\r\n\t " . chr(160)); + //<> causes HTML injection and problems with Markdown. + //\/ causes problems with URLs. + //; causes problems with search argument parsing in JS frontend. + //whitespace causes problems with search. + $illegalCharacters = str_split("<>;\\/\r\n\t " . chr(160)); foreach ($tags as $tag) { if (empty($tag)) @@ -100,7 +104,16 @@ class Validator if (strpos($tag, $char) !== false) { throw new \DomainException( - 'Tags cannot contain any of following characters: ' . implode(', ', $illegalCharacters)); + sprintf('Tags cannot contain any of following characters: %s.', + implode(', ', array_map(function($char) + { + if ($char === "\n") return "new line"; + if ($char === "\r") return "carriage return"; + if ($char === "\t") return "tab"; + if ($char === " ") return "space"; + if ($char === chr(160)) return "hard space"; + return $char; + }, $illegalCharacters)))); } } }