From 43ede64d0a23f20b4b2ddcde2f62fb0b28617f64 Mon Sep 17 00:00:00 2001 From: abrahammordev Date: Wed, 18 Mar 2026 14:04:29 +0100 Subject: [PATCH 1/2] fix: Use correct HTMLPurifier to process inputs --- .../Editing/class.ilSurveyEditorGUI.php | 11 +++++------ .../Survey/Settings/class.SettingsFormGUI.php | 19 +++++++++++-------- .../ILIAS/Survey/Settings/class.UIFactory.php | 3 ++- .../Questions/class.SurveyQuestionGUI.php | 14 +++++++------- 4 files changed, 25 insertions(+), 22 deletions(-) diff --git a/components/ILIAS/Survey/Editing/class.ilSurveyEditorGUI.php b/components/ILIAS/Survey/Editing/class.ilSurveyEditorGUI.php index d729941cc3f5..7f1a5e6fc348 100755 --- a/components/ILIAS/Survey/Editing/class.ilSurveyEditorGUI.php +++ b/components/ILIAS/Survey/Editing/class.ilSurveyEditorGUI.php @@ -48,6 +48,7 @@ class ilSurveyEditorGUI protected ilObjSurveyGUI $parent_gui; protected ilObjSurvey $object; protected array $print_options; + protected \ilHtmlPurifierInterface $purifier; public function __construct(ilObjSurveyGUI $a_parent_gui) { @@ -72,6 +73,7 @@ public function __construct(ilObjSurveyGUI $a_parent_gui) $this->tpl = $tpl; $this->ctrl->saveParameter($this, array("pgov", "pgov_pos")); + $this->purifier = new ilSvyStandardPurifier(); $this->print_options = array( //0 => $this->lng->txt('none'), @@ -962,6 +964,8 @@ protected function initHeadingForm( $heading->setRows(10); $heading->setCols(80); $heading->setRequired(true); + $heading->usePurifier(true); + $heading->setPurifier($this->purifier); $form->addItem($heading); $insertbefore = new ilSelectInputGUI($this->lng->txt("insert"), "insertbefore"); @@ -1027,12 +1031,7 @@ public function saveHeadingObject(): void $form = $this->initHeadingForm($q_id); if ($form->checkInput()) { - $tags = ilObjAdvancedEditing::_getUsedHTMLTags("survey"); - $purifier = new HTMLPurifier($tags); - $heading = $form->getInput("heading"); - - $heading = $purifier->purify($heading); - + $heading = $this->purifier->purify($form->getInput("heading")); $this->object->saveHeading($heading, $form->getInput("insertbefore")); $this->ctrl->redirect($this, "questions"); } diff --git a/components/ILIAS/Survey/Settings/class.SettingsFormGUI.php b/components/ILIAS/Survey/Settings/class.SettingsFormGUI.php index 8b59d2665254..7c036ec6ef37 100755 --- a/components/ILIAS/Survey/Settings/class.SettingsFormGUI.php +++ b/components/ILIAS/Survey/Settings/class.SettingsFormGUI.php @@ -20,7 +20,6 @@ namespace ILIAS\Survey\Settings; -use HTMLPurifier; use ILIAS\Survey\InternalGUIService; use ILIAS\Survey\Mode\UIModifier; use ILIAS\Survey\InternalDomainService; @@ -40,13 +39,15 @@ class SettingsFormGUI protected \ILIAS\Survey\Mode\FeatureConfig $feature_config; protected \ilRbacSystem $rbacsystem; private \ilGlobalTemplateInterface $main_tpl; + protected \ilHtmlPurifierInterface $purifier; public function __construct( InternalGUIService $ui_service, InternalDomainService $domain_service, \ilObjectService $object_service, \ilObjSurvey $survey, - UIModifier $modifier + UIModifier $modifier, + \ilHtmlPurifierInterface $purifier ) { global $DIC; $this->main_tpl = $DIC->ui()->mainTemplate(); @@ -59,6 +60,7 @@ public function __construct( $this->domain_service = $domain_service; $this->modifier = $modifier; $this->feature_config = $this->domain_service->modeFeatureConfig($survey->getMode()); + $this->purifier = $purifier; } public function checkForm(\ilPropertyFormGUI $form): bool @@ -334,6 +336,9 @@ public function withBeforeStart( $intro->setUseRte(true); $intro->setRteTagSet("mini"); } + $intro->usePurifier(true); + $intro->setPurifier(new \ilSvyStandardPurifier()); + $form->addItem($intro); return $form; @@ -452,6 +457,8 @@ public function withAfterEnd( $finalstatement->setUseRte(true); $finalstatement->setRteTagSet("mini"); } + $finalstatement->usePurifier(true); + $finalstatement->setPurifier(new \ilSvyStandardPurifier()); $form->addItem($finalstatement); // mail notification @@ -885,14 +892,10 @@ public function saveForm( } else { $survey->setEndDate(""); } - $tags = ilObjAdvancedEditing::_getUsedHTMLTags("survey"); - $purifier = new HTMLPurifier($tags); + $introduction = $this->purifier->purify($form->getInput('introduction')); - $introduction = $form->getInput("introduction"); - $introduction = $purifier->purify($introduction); $survey->setIntroduction($introduction); - $outro = $form->getInput("outro"); - $outro = $purifier->purify($outro); + $outro = $this->purifier->purify($form->getInput('outro')); $survey->setOutro($outro); $survey->setShowQuestionTitles((bool) $form->getInput("show_question_titles")); diff --git a/components/ILIAS/Survey/Settings/class.UIFactory.php b/components/ILIAS/Survey/Settings/class.UIFactory.php index b918aaf633b2..2d688544510e 100755 --- a/components/ILIAS/Survey/Settings/class.UIFactory.php +++ b/components/ILIAS/Survey/Settings/class.UIFactory.php @@ -48,7 +48,8 @@ public function __construct( $this->domain_service, $object_service, $survey, - $mode_ui_modifier + $mode_ui_modifier, + new \ilSvyStandardPurifier() ); } diff --git a/components/ILIAS/SurveyQuestionPool/Questions/class.SurveyQuestionGUI.php b/components/ILIAS/SurveyQuestionPool/Questions/class.SurveyQuestionGUI.php index a44735fd5cc0..60dd9c10fcf8 100755 --- a/components/ILIAS/SurveyQuestionPool/Questions/class.SurveyQuestionGUI.php +++ b/components/ILIAS/SurveyQuestionPool/Questions/class.SurveyQuestionGUI.php @@ -18,7 +18,6 @@ use ILIAS\SurveyQuestionPool\Editing\EditingGUIRequest; use ILIAS\SurveyQuestionPool\Editing\EditManager; -use ILIAS\LegalDocuments\HTMLPurifier; /** * Basic class for all survey question types @@ -45,6 +44,7 @@ abstract class SurveyQuestionGUI protected string $parent_url = ""; protected ilLogger $log; public ?SurveyQuestion $object = null; + protected \ilHtmlPurifierInterface $purifier; public function __construct($a_id = -1) { @@ -91,6 +91,7 @@ public function __construct($a_id = -1) ->editing(); $this->gui = $DIC->survey()->internal()->gui(); $this->domain = $DIC->survey()->internal()->domain(); + $this->purifier = new ilSvyStandardPurifier(); } abstract protected function initObject(): void; @@ -265,6 +266,8 @@ protected function initEditForm(): ilPropertyFormGUI $question->setUseRte(true); $question->setRteTagSet("mini"); } + $question->usePurifier(true); + $question->setPurifier($this->purifier); $form->addItem($question); // obligatory @@ -330,13 +333,10 @@ protected function saveForm(): bool $this->object->setAuthor($form->getInput("author")); $this->object->setDescription($form->getInput("description")); - $tags = ilObjAdvancedEditing::_getUsedHTMLTags("survey"); - $purifier = new HTMLPurifier($tags); - $question = $form->getInput("question"); - - $question = $purifier->purify($question); + $this->object->setQuestiontext( + $this->purifier->purify($form->getInput("question")) + ); - $this->object->setQuestiontext($question); $this->object->setObligatory($form->getInput("obligatory")); $this->importEditFormValues($form); From 67f792f19b6a26336a5758da8ee4401b850462ea Mon Sep 17 00:00:00 2001 From: abrahammordev Date: Wed, 18 Mar 2026 14:27:57 +0100 Subject: [PATCH 2/2] fix: Add strict types declaration --- components/ILIAS/Survey/Editing/class.ilSurveyEditorGUI.php | 2 ++ components/ILIAS/Survey/Settings/class.UIFactory.php | 4 ++-- .../SurveyQuestionPool/Questions/class.SurveyQuestionGUI.php | 2 ++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/components/ILIAS/Survey/Editing/class.ilSurveyEditorGUI.php b/components/ILIAS/Survey/Editing/class.ilSurveyEditorGUI.php index 7f1a5e6fc348..bcf727814e8e 100755 --- a/components/ILIAS/Survey/Editing/class.ilSurveyEditorGUI.php +++ b/components/ILIAS/Survey/Editing/class.ilSurveyEditorGUI.php @@ -16,6 +16,8 @@ * *********************************************************************/ +declare(strict_types=1); + use ILIAS\Survey\Editing\EditManager; use ILIAS\Survey\Editing\EditingGUIRequest; diff --git a/components/ILIAS/Survey/Settings/class.UIFactory.php b/components/ILIAS/Survey/Settings/class.UIFactory.php index 2d688544510e..e3394524deab 100755 --- a/components/ILIAS/Survey/Settings/class.UIFactory.php +++ b/components/ILIAS/Survey/Settings/class.UIFactory.php @@ -1,7 +1,5 @@