Set safeMode to true and use helper for all parsedown

Signed-off-by: snipe <[email protected]>

Author: snipe

app/Helpers/Helper.php

@@ -22,12 +22,13 @@ class Helper
      * @since [v2.0]
      * @return string
      */
-    public static function parseEscapedMarkedown($str)
+    public static function parseEscapedMarkedown($str = null)
     {
         $Parsedown = new \Parsedown();
+        $Parsedown->setSafeMode(true);
 
         if ($str) {
-            return $Parsedown->text(e($str));
+            return $Parsedown->text($str);
         }
     }
 

app/Models/Accessory.php

@@ -2,6 +2,7 @@
 
 namespace App\Models;
 
+use App\Helpers\Helper;
 use App\Models\Traits\Acceptable;
 use App\Models\Traits\Searchable;
 use App\Presenters\Presentable;
@@ -299,15 +300,14 @@ public function requireAcceptance()
      */
     public function getEula()
     {
-        $Parsedown = new \Parsedown();
 
         if ($this->category->eula_text) {
-            return $Parsedown->text(e($this->category->eula_text));
+            return Helper::parseEscapedMarkedown($this->category->eula_text);
         } elseif ((Setting::getSettings()->default_eula_text) && ($this->category->use_default_eula == '1')) {
-            return $Parsedown->text(e(Setting::getSettings()->default_eula_text));
+            return Helper::parseEscapedMarkedown(Setting::getSettings()->default_eula_text);
         }
 
-            return null;
+        return null;
     }
 
      /**

app/Models/Asset.php

@@ -5,6 +5,7 @@
 use App\Events\AssetCheckedOut;
 use App\Events\CheckoutableCheckedOut;
 use App\Exceptions\CheckoutNotAllowed;
+use App\Helpers\Helper;
 use App\Http\Traits\UniqueSerialTrait;
 use App\Http\Traits\UniqueUndeletedTrait;
 use App\Models\Traits\Acceptable;
@@ -875,13 +876,12 @@ public function requireAcceptance()
      */
     public function getEula()
     {
-        $Parsedown = new \Parsedown();
-        
+
         if (($this->model) && ($this->model->category)) {
             if ($this->model->category->eula_text) {
-                return $Parsedown->text(e($this->model->category->eula_text));
+                return Helper::parseEscapedMarkedown($this->model->category->eula_text);
             } elseif ($this->model->category->use_default_eula == '1') {
-                return $Parsedown->text(e(Setting::getSettings()->default_eula_text));
+                return Helper::parseEscapedMarkedown(Setting::getSettings()->default_eula_text);
             } else {
                 return false;
             }

app/Models/Category.php

@@ -9,6 +9,7 @@
 use Illuminate\Database\Eloquent\SoftDeletes;
 use Illuminate\Support\Facades\Gate;
 use Watson\Validating\ValidatingTrait;
+use App\Helpers\Helper;
 
 /**
  * Model for Categories. Categories are a higher-level group
@@ -207,12 +208,11 @@ public function models()
      */
     public function getEula()
     {
-        $Parsedown = new \Parsedown();
 
         if ($this->eula_text) {
-            return $Parsedown->text(e($this->eula_text));
+            return Helper::parseEscapedMarkedown($this->eula_text);
         } elseif ((Setting::getSettings()->default_eula_text) && ($this->use_default_eula == '1')) {
-            return $Parsedown->text(e(Setting::getSettings()->default_eula_text));
+            return Helper::parseEscapedMarkedown(Setting::getSettings()->default_eula_text);
         } else {
             return null;
         }

app/Models/Consumable.php

@@ -2,6 +2,7 @@
 
 namespace App\Models;
 
+use App\Helpers\Helper;
 use App\Models\Traits\Acceptable;
 use App\Models\Traits\Searchable;
 use App\Presenters\Presentable;
@@ -265,12 +266,10 @@ public function requireAcceptance()
      */
     public function getEula()
     {
-        $Parsedown = new \Parsedown();
-
         if ($this->category->eula_text) {
-            return $Parsedown->text(e($this->category->eula_text));
+            return  Helper::parseEscapedMarkedown($this->category->eula_text);
         } elseif ((Setting::getSettings()->default_eula_text) && ($this->category->use_default_eula == '1')) {
-            return $Parsedown->text(e(Setting::getSettings()->default_eula_text));
+            return  Helper::parseEscapedMarkedown(Setting::getSettings()->default_eula_text);
         } else {
             return null;
         }

app/Models/License.php

@@ -2,6 +2,7 @@
 
 namespace App\Models;
 
+use App\Helpers\Helper;
 use App\Models\Traits\Searchable;
 use App\Presenters\Presentable;
 use Carbon\Carbon;
@@ -337,12 +338,11 @@ public function requireAcceptance()
      */
     public function getEula()
     {
-        $Parsedown = new \Parsedown();
 
         if ($this->category->eula_text) {
-            return $Parsedown->text(e($this->category->eula_text));
+            return Helper::parseEscapedMarkedown($this->category->eula_text);
         } elseif ($this->category->use_default_eula == '1') {
-            return $Parsedown->text(e(Setting::getSettings()->default_eula_text));
+            return Helper::parseEscapedMarkedown(Setting::getSettings()->default_eula_text);
         } else {
             return false;
         }

app/Models/Setting.php

@@ -8,9 +8,10 @@
 use Illuminate\Support\Collection;
 use Illuminate\Support\Facades\App;
 use Illuminate\Support\Facades\Cache;
-use Parsedown;
+use App\Helpers\Helper;
 use Watson\Validating\ValidatingTrait;
 
+
 /**
  * Settings model.
  */
@@ -135,7 +136,6 @@ public static function setupCompleted(): bool
     public function lar_ver(): string
     {
         $app = App::getFacadeApplication();
-
         return $app::VERSION;
     }
 
@@ -147,9 +147,7 @@ public function lar_ver(): string
     public static function getDefaultEula(): ?string
     {
         if (self::getSettings()->default_eula_text) {
-            $parsedown = new Parsedown();
-
-            return $parsedown->text(e(self::getSettings()->default_eula_text));
+            return Helper::parseEscapedMarkedown(self::getSettings()->default_eula_text);
         }
 
         return null;

app/Presenters/AssetModelPresenter.php

@@ -2,6 +2,8 @@
 
 namespace App\Presenters;
 
+use App\Helpers\Helper;
+
 /**
  * Class AssetModelPresenter
  */
@@ -159,10 +161,8 @@ public static function dataTableLayout()
      */
     public function note()
     {
-        $Parsedown = new \Parsedown();
-
         if ($this->model->note) {
-            return $Parsedown->text($this->model->note);
+            return Helper::parseEscapedMarkedown($this->model->note);
         }
     }
 

resources/views/auth/login.blade.php

@@ -28,7 +28,7 @@
                                 @if ($snipeSettings->login_note)
                                     <div class="col-md-12">
                                         <div class="alert alert-info">
-                                            {!!  Parsedown::instance()->text(e($snipeSettings->login_note))  !!}
+                                            {!!  Helper::parseEscapedMarkedown($snipeSettings->login_note)  !!}
                                         </div>
                                     </div>
                                 @endif

resources/views/dashboard.blade.php

@@ -17,7 +17,7 @@
             <div class="box-body">
                 <div class="row">
                     <div class="col-md-12">
-                        {!!  Parsedown::instance()->text(e($snipeSettings->dashboard_message))  !!}
+                        {!!  Helper::parseEscapedMarkedown($snipeSettings->dashboard_message)  !!}
                     </div>
                 </div>
             </div>

resources/views/layouts/default.blade.php

@@ -827,7 +827,7 @@
         </div>
           @if ($snipeSettings->footer_text!='')
               <div class="pull-right">
-                  {!!  Parsedown::instance()->text(e($snipeSettings->footer_text))  !!}
+                  {!!  Helper::parseEscapedMarkedown($snipeSettings->footer_text)  !!}
               </div>
           @endif