Add extra validation for text output

Author: Mr-Kaos

site/private_core/controller/APIController.php

@@ -7,12 +7,14 @@
 require_once('Controller.php');
 require_once('private_core/model/APIModel.php');
 require_once('private_core/objects/IAsyncHandler.php');
+require_once('private_core/objects/DataValidators.php');
 
 /**
  * @property \RipDB\Model\APIModel $model
  */
 class APIController extends Controller implements \RipDB\Objects\IAsyncHandler
 {
+	use \RipDB\DataValidator;
 	public function __construct(string $page)
 	{
 		parent::__construct($page, new m\APIModel());
@@ -101,6 +103,7 @@ private function dropdownSearch($method): array
 				$result = $this->model->getRecords('Rips', 'RipID', 'RipName', $search, $rand);
 				break;
 		}
+		$this->cleanseDatabaseDataForOutput($result);
 		return $result;
 	}
 }

site/private_core/controller/ChannelController.php

@@ -43,6 +43,7 @@ public function performRequest(array $data = []): void
 					$_GET['search'] ?? null,
 				);
 
+				$this->cleanseDatabaseDataForOutput($records);
 				$this->setData('results', $records);
 
 				// Pagination values
@@ -67,6 +68,7 @@ public function performRequest(array $data = []): void
 					\Flight::redirect('/channels');
 					die();
 				}
+				$this->cleanseDatabaseDataForOutput($channel);
 				$this->setData('channel', $channel);
 				break;
 		}

site/private_core/controller/ComposerController.php

@@ -43,6 +43,7 @@ public function performRequest(array $data = []): void
 					$_GET['search'] ?? null,
 				);
 
+				$this->cleanseDatabaseDataForOutput($composers);
 				$this->setData('results', $composers);
 
 				// Pagination values
@@ -67,6 +68,8 @@ public function performRequest(array $data = []): void
 					\RipDB\addNotification('The specified composer does not exist.', \RipDB\NotificationPriority::Warning);
 					die();
 				}
+				$this->cleanseDatabaseDataForOutput($composer);
+
 				$this->setData('composer', $composer);
 
 				break;

site/private_core/controller/GameController.php

@@ -43,6 +43,7 @@ public function performRequest(array $data = []): void
 					$_GET['search'] ?? null,
 				);
 
+				$this->cleanseDatabaseDataForOutput($records);
 				$this->setData('results', $records);
 
 				// Pagination values
@@ -67,6 +68,7 @@ public function performRequest(array $data = []): void
 					\Flight::redirect('/games');
 					die();
 				}
+				$this->cleanseDatabaseDataForOutput($game);
 				$this->setData('game', $game);
 				break;
 		}

site/private_core/controller/JokeController.php

@@ -47,6 +47,7 @@ public function performRequest(array $data = []): void
 					$_GET['metajokes'] ?? [],
 				);
 
+				$this->cleanseDatabaseDataForOutput($jokes);
 				$this->setData('results', $jokes);
 
 				// Pagination values
@@ -84,6 +85,8 @@ public function performRequest(array $data = []): void
 					\Flight::redirect('/jokes');
 					die();
 				}
+				$this->cleanseDatabaseDataForOutput($joke);
+
 				$this->setData('joke', $joke);
 				break;
 		}

site/private_core/controller/MetaController.php

@@ -45,6 +45,7 @@ public function performRequest(array $data = []): void
 					$_GET['metas'] ?? [],
 				);
 
+				$this->cleanseDatabaseDataForOutput($records);
 				$this->setData('results', $records);
 
 				// Pagination values
@@ -80,6 +81,7 @@ public function performRequest(array $data = []): void
 					\Flight::redirect('/meta-jokes');
 					die();
 				}
+				$this->cleanseDatabaseDataForOutput($meta);
 				$this->setData('meta', $meta);
 				break;
 		}

site/private_core/controller/MetaJokeController.php

@@ -45,6 +45,7 @@ public function performRequest(array $data = []): void
 					$_GET['metas'] ?? [],
 				);
 
+				$this->cleanseDatabaseDataForOutput($records);
 				$this->setData('results', $records);
 
 				// Pagination values
@@ -80,6 +81,7 @@ public function performRequest(array $data = []): void
 					\Flight::redirect('/meta-jokes');
 					die();
 				}
+				$this->cleanseDatabaseDataForOutput($metaJoke);
 				$this->setData('metaJoke', $metaJoke);
 				break;
 		}

site/private_core/controller/PlatformController.php

@@ -43,6 +43,7 @@ public function performRequest(array $data = []): void
 					$_GET['search'] ?? null,
 				);
 
+				$this->cleanseDatabaseDataForOutput($platforms);
 				$this->setData('results', $platforms);
 
 				// Pagination values
@@ -67,6 +68,8 @@ public function performRequest(array $data = []): void
 					\RipDB\addNotification('The specified platform does not exist.', \RipDB\NotificationPriority::Warning);
 					die();
 				}
+				$this->cleanseDatabaseDataForOutput($platform);
+
 				$this->setData('platform', $platform);
 				break;
 		}
@@ -95,7 +98,7 @@ public function validateRequest(?array $extraData = null): array|string
 				$result = [new \RipDB\Error('Invalid form submission.')];
 				break;
 		}
-		
+
 		return $result;
 	}
 }

site/private_core/controller/PlaylistController.php

@@ -38,7 +38,7 @@ public function performRequest(array $data = []): void
 				$id = $data['id'] ?? null;
 				if (!empty($id) && is_numeric($id)) {
 					$playlist = $this->model->getPlaylist($id);
-					
+
 					// If the playlist is not public, check if the user viewing it is the owner
 					if (($playlist['IsPublic'] == 0 && $playlist['Creator'] == $_SESSION[\RipDB\AUTH_USER]) || $playlist['IsPublic'] == 1) {
 						$this->setData('playlist', $playlist);
@@ -64,6 +64,7 @@ public function get(string $method, ?string $methodGroup = null): mixed
 					if (empty($result)) {
 						$result = 'The specified playlist does not exist.';
 					}
+					$this->cleanseDatabaseDataForOutput($result);
 				} else {
 					$result = 'You must be logged in to edit a playlist.';
 				}
@@ -176,7 +177,7 @@ public function validateRequest(?array $extraData = null): array|string
 					$validated['AccountID'] = $_SESSION[AUTH_USER];
 
 					$result = $this->submitRequest($validated, 'usp_DeletePlaylist', '', 'Playlists successfully deleted!');
-				}else {
+				} else {
 					$result = [new \RipDB\Error('The playlist does not exist.')];
 				}
 

site/private_core/controller/RipController.php

@@ -48,6 +48,7 @@ public function performRequest(array $data = []): void
 				$rips = [];
 				$offset = $this->getOffset($ripCount, '/rips');
 				$rips = $this->model->search($rowCount, $offset, $_GET['s'] ?? null, $_GET['search'] ?? null, $tags, $jokes, $games, $rippers, $genres, $metaJokes, $metas, $_GET['channel'] ?? null, $useAltName);
+				$this->cleanseDatabaseDataForOutput($rips);
 				$this->setData('results', $rips);
 
 				// Get search filters
@@ -111,6 +112,7 @@ public function performRequest(array $data = []): void
 						$this->setData('jokes', $this->sortJokesByTimestamp($rip['Jokes'] ?? []));
 					}
 
+					$this->cleanseDatabaseDataForOutput($rip);
 					$this->setData('rip', $rip);
 					$this->setData('hasWiki', $this->model->channelHasWiki($rip['RipChannel']));
 					if ($rip !== null) {
@@ -159,6 +161,7 @@ public function performRequest(array $data = []): void
 					}
 				}
 				$rip['Jokes'] = $temp;
+				$this->cleanseDatabaseDataForOutput($rip);
 				$this->setData('rip', $rip);
 			case 'rips/new':
 				$this->setData('rippers', $this->model->getRippers());