From ccd7df74b19270185adabb01b666b1bcce8c59f3 Mon Sep 17 00:00:00 2001
From: ciukstar <ciukstar@yahoo.com>
Date: Fri, 10 Nov 2023 23:35:39 +0300
Subject: [PATCH] Sanitize Brand inputs

---
 config/models.persistentmodels              |  6 +++---
 src/Admin/Business.hs                       |  9 ++++-----
 src/Handler/Home.hs                         |  4 ++--
 templates/admin/business/brand/brand.hamlet | 10 +++++-----
 templates/homepage.hamlet                   | 10 +++++-----
 5 files changed, 19 insertions(+), 20 deletions(-)

diff --git a/config/models.persistentmodels b/config/models.persistentmodels
index c519dd0..3b1b1cd 100644
--- a/config/models.persistentmodels
+++ b/config/models.persistentmodels
@@ -104,11 +104,11 @@ Brand
   markMime Text Maybe
   markWidth Text Maybe
   markHeight Text Maybe
-  name Textarea Maybe
-  strapline Textarea Maybe
+  name Html Maybe
+  strapline Html Maybe
   ico ByteString Maybe
   icoMime Text Maybe
-  more Textarea Maybe
+  more Html Maybe
 
 ContactUs
   business BusinessId OnDeleteCascade
diff --git a/src/Admin/Business.hs b/src/Admin/Business.hs
index 7623c42..326d951 100644
--- a/src/Admin/Business.hs
+++ b/src/Admin/Business.hs
@@ -80,7 +80,6 @@ import Yesod.Core
     , redirect, addMessageI, newIdent, addScriptRemote, addStylesheetRemote
     , FileInfo (fileContentType), TypedContent (TypedContent), typeSvg
     , emptyContent, ToContent (toContent), fileSourceByteString
-    , preEscapedToMarkup
     )
 import Yesod.Core.Handler
     ( setUltDestCurrent, getCurrentRoute, getYesod, languages
@@ -89,7 +88,7 @@ import Yesod.Core.Widget (setTitleI, whamlet, toWidget)
 import Yesod.Form.Input (runInputGet, iopt)
 import Yesod.Form.Fields
     ( textField, emailField, textareaField, intField, dayField, timeField
-    , hiddenField, htmlField, checkBoxField, doubleField, unTextarea, fileField
+    , hiddenField, htmlField, checkBoxField, doubleField, fileField
     )
 import Yesod.Form.Functions
     ( generateFormPost, mreq, mopt, runFormPost, checkM, check )
@@ -316,12 +315,12 @@ formBrand bid brand extra = do
         , fsTooltip = Nothing, fsId = Nothing, fsName = Nothing
         , fsAttrs = [("class","mdc-text-field__input")]
         } (brandMarkHeight . entityVal <$> brand)
-    (nameR,nameV) <- mopt textareaField FieldSettings
+    (nameR,nameV) <- mopt htmlField FieldSettings
         { fsLabel = SomeMessage MsgBrandName
         , fsTooltip = Nothing, fsId = Nothing, fsName = Nothing
         , fsAttrs = [("class","mdc-text-field__input")]
         } (brandName . entityVal <$> brand)
-    (strapR,strapV) <- mopt textareaField FieldSettings
+    (strapR,strapV) <- mopt htmlField FieldSettings
         { fsLabel = SomeMessage MsgBrandStrapline
         , fsTooltip = Nothing, fsId = Nothing, fsName = Nothing
         , fsAttrs = [("class","mdc-text-field__input")]
@@ -331,7 +330,7 @@ formBrand bid brand extra = do
         , fsTooltip = Nothing, fsId = Nothing, fsName = Nothing
         , fsAttrs = [("style","display:none"),("accept","image/ico,.ico")]
         } Nothing
-    (moreR,moreV) <- mopt textareaField FieldSettings
+    (moreR,moreV) <- mopt htmlField FieldSettings
         { fsLabel = SomeMessage MsgMore
         , fsTooltip = Nothing, fsId = Nothing, fsName = Nothing
         , fsAttrs = [("class","mdc-text-field__input")]
diff --git a/src/Handler/Home.hs b/src/Handler/Home.hs
index 14c41be..8437a10 100644
--- a/src/Handler/Home.hs
+++ b/src/Handler/Home.hs
@@ -10,10 +10,10 @@ import Text.Hamlet (Html)
 import Settings (widgetFile)
 import Yesod.Core
     ( Yesod(defaultLayout), setTitleI, setUltDestCurrent
-    , getMessages, preEscapedToMarkup
+    , getMessages
     )
 import Yesod.Auth (Route(LoginR), maybeAuth)
-import Yesod.Form.Fields (unTextarea)
+
 import Settings.StaticFiles (img_salon_svg)
 
 import Database.Persist (Entity (Entity))
diff --git a/templates/admin/business/brand/brand.hamlet b/templates/admin/business/brand/brand.hamlet
index f269cc9..06110ea 100644
--- a/templates/admin/business/brand/brand.hamlet
+++ b/templates/admin/business/brand/brand.hamlet
@@ -119,18 +119,18 @@
                 <img src=@{AdminR $ BrandMarkR bid rid} alt=_{MsgBrandMark} style="max-width:100%">
           <figcaption>
             $maybe name <- name
-              #{preEscapedToMarkup $ unTextarea name}
+              ^{name}
             $maybe strap <- strap
-              #{preEscapedToMarkup $ unTextarea strap}
+              ^{strap}
       $nothing
         <figure>
           <figcaption>
             $maybe name <- name
-              #{preEscapedToMarkup $ unTextarea name}
+              ^{name}
             $maybe strap <- strap
-              #{preEscapedToMarkup $ unTextarea strap}
+              ^{strap}
       $maybe more <- more
-        #{preEscapedToMarkup $ unTextarea more}
+        ^{more}
     $nothing
       <figure style="text-align:center">
         <span style="font-size:5rem;color:var(--mdc-theme-primary)">&varnothing;
diff --git a/templates/homepage.hamlet b/templates/homepage.hamlet
index 2a30518..68d9b0f 100644
--- a/templates/homepage.hamlet
+++ b/templates/homepage.hamlet
@@ -39,18 +39,18 @@
               <img src=@{AdminR $ BrandMarkR bid rid} alt=_{MsgBrandMark} style="max-width:100%">
           <figcaption>
             $maybe name <- name
-              #{preEscapedToMarkup $ unTextarea name}
+              ^{name}
             $maybe strap <- strap
-              #{preEscapedToMarkup $ unTextarea strap}
+              ^{strap}
       $nothing
         <figure>
           <figcaption>
             $maybe name <- name
-              #{preEscapedToMarkup $ unTextarea name}
+              ^{name}
             $maybe strap <- strap
-              #{preEscapedToMarkup $ unTextarea strap}
+              ^{strap}
       $maybe more <- more
-        #{preEscapedToMarkup $ unTextarea more}
+        ^{more}
   $nothing
     <div #brandDefault>
       <figure>