Merge commit from fork

DNNImageHandler - Add Option to prevent URL text from appearing as content
dnnsoftware · Jul 16, 2024 · 5def7cc · 5def7cc
2 parents 7e86029 + de184b3
commit 5def7cc
Show file tree

Hide file tree

Showing 5 changed files with 95 additions and 78 deletions.
diff --git a/DNN Platform/Library/Services/GeneratedImage/DnnImageHandler.cs b/DNN Platform/Library/Services/GeneratedImage/DnnImageHandler.cs
@@ -17,6 +17,7 @@ namespace DotNetNuke.Services.GeneratedImage
     using System.Web;
 
     using DotNetNuke.Common;
+    using DotNetNuke.Common.Utilities;
     using DotNetNuke.Entities.Portals;
     using DotNetNuke.Services.FileSystem;
     using DotNetNuke.Services.GeneratedImage.FilterTransform;
@@ -177,7 +178,11 @@ public override ImageInfo GenerateImage(NameValueCollection parameters)
 
                         if (!string.IsNullOrEmpty(parameters["Text"]))
                         {
-                            placeHolderTrans.Text = text;
+                            bool.TryParse(Config.GetSetting("AllowDnnImagePlaceholderText"), out bool allowDnnImagePlaceholderText);
+                            if (allowDnnImagePlaceholderText)
+                            {
+                                placeHolderTrans.Text = text;
+                            }
                         }
 
                         if (!string.IsNullOrEmpty(parameters["BackColor"]))
@@ -265,7 +270,6 @@ public override ImageInfo GenerateImage(NameValueCollection parameters)
                         break;
 
                     default:
-
                         string imageTransformClass = ConfigurationManager.AppSettings["DnnImageHandler." + mode];
                         string[] imageTransformClassParts = imageTransformClass.Split(',');
                         var asm = Assembly.LoadFrom(Globals.ApplicationMapPath + @"\bin\" +

diff --git a/DNN Platform/Website/DotNetNuke.Website.csproj b/DNN Platform/Website/DotNetNuke.Website.csproj
@@ -1254,6 +1254,7 @@
     <Content Include="Providers\DataProviders\SqlDataProvider\09.11.01.SqlDataProvider" />
     <Content Include="Providers\DataProviders\SqlDataProvider\09.11.02.SqlDataProvider" />
     <Content Include="Providers\DataProviders\SqlDataProvider\09.12.01.SqlDataProvider" />
+    <Content Include="Install\Config\09.13.04.config" />
     <Content Include="Providers\DataProviders\SqlDataProvider\09.13.04.SqlDataProvider" />
     <None Include="web.Debug.config">
       <DependentUpon>web.config</DependentUpon>

diff --git a/DNN Platform/Website/Install/Config/09.13.04.config b/DNN Platform/Website/Install/Config/09.13.04.config
@@ -0,0 +1,8 @@
+<configuration>
+  <nodes configfile="web.config">
+    <node path="/configuration/appSettings" action="add">
+      <!-- Can be set to true to allow the image handler to display text passed in the querystring. -->
+      <add key="AllowDnnImagePlaceholderText" value="false" />
+    </node>
+  </nodes>
+</configuration>
diff --git a/DNN Platform/Website/development.config b/DNN Platform/Website/development.config
@@ -37,8 +37,8 @@
   <connectionStrings>
     <!-- Connection String for SQL Server 2008/2012 Express -->
     <add name="SiteSqlServer" connectionString="Data Source=.\SQLExpress;Integrated Security=True;User Instance=True;AttachDBFilename=|DataDirectory|Database.mdf;" providerName="System.Data.SqlClient"/>
-    <!-- Connection String for SQL Server 2008/2012
-    <add name="SiteSqlServer" connectionString="Server=(local);Database=DotNetNuke;uid=;pwd=;" providerName="System.Data.SqlClient" />
+    <!-- Connection String for SQL Server 2008/2012
+    <add name="SiteSqlServer" connectionString="Server=(local);Database=DotNetNuke;uid=;pwd=;" providerName="System.Data.SqlClient" />
     -->
   </connectionStrings>
 
@@ -55,7 +55,7 @@
     <!--optionally strip angle brackets on public login and registration screens-->
     <add key="PersistentCookieTimeout" value="0"/>
     <!--use as persistent cookie expiration. Value is in minutes, and only active if a non-zero figure-->
-    <!-- set UsePortNumber to true to preserve the port number if you're using a port number other than 80 (the standard)
+    <!-- set UsePortNumber to true to preserve the port number if you're using a port number other than 80 (the standard)
         <add key="UsePortNumber" value="true" /> -->
     <!-- Services Framework Tracing is primarily useful for developing and debugging -->
     <add key="EnableServicesFrameworkTracing" value="false" />
@@ -64,7 +64,9 @@
 	  <add key="loginUrl" value="~/Login.aspx" />
     <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
     <add key="MobileViewSiteCookieName" value="dnn_IsMobile" />
-    <add key="DisableMobileViewSiteCookieName" value="dnn_NoMobile" />
+    <add key="DisableMobileViewSiteCookieName" value="dnn_NoMobile" />
+    <!-- Can be set to true to allow the image handler to display text passed in the querystring. -->
+    <add key="AllowDnnImagePlaceholderText" value="false" />
   </appSettings>
 
   <system.web.webPages.razor>
@@ -148,19 +150,19 @@
     <authentication mode="Forms">
       <forms name=".DOTNETNUKE" protection="All" timeout="60" cookieless="UseCookies"/>
     </authentication>
-    <!--
-    <identity impersonate="true"/>
-    <authentication mode="Windows">
-    </authentication>
+    <!--
+    <identity impersonate="true"/>
+    <authentication mode="Windows">
+    </authentication>
     -->
     <!-- allow large file uploads -->
     <httpRuntime targetFramework="4.7.2" shutdownTimeout="120" executionTimeout="1200" useFullyQualifiedRedirectUrl="true" maxRequestLength="28672" requestLengthDiskThreshold="81920" maxUrlLength="2048" requestPathInvalidCharacters="&lt;,&gt;,*,%,:,\,?" enableVersionHeader="false"  requestValidationMode="2.0" fcnMode="Single" />
     <httpCookies httpOnlyCookies="true" requireSSL="false" domain=""/>
-    <!--  GLOBALIZATION
-    This section sets the globalization settings of the application.
-    Utf-8 is not supported on Netscape 4.x
-    If you need netscape compatiblity leave iso-8859-1.
-    UTF-8 is recommended for complex languages
+    <!--  GLOBALIZATION
+    This section sets the globalization settings of the application.
+    Utf-8 is not supported on Netscape 4.x
+    If you need netscape compatiblity leave iso-8859-1.
+    UTF-8 is recommended for complex languages
     -->
     <globalization culture="en-US" uiCulture="en" requestEncoding="UTF-8" responseEncoding="UTF-8" fileEncoding="UTF-8"/>
     <!--<globalization culture="en-US" uiCulture="en"  fileEncoding="iso-8859-1" requestEncoding="iso-8859-1" responseEncoding="iso-8859-1"/>-->
@@ -192,33 +194,33 @@
       </controls>
     </pages>
     <!-- ASP.NET 2 Membership/Profile/Role and AnonymousAuthentication Providers -->
-    <!-- anonymousIdentification configuration:
-          enabled="[true|false]"                              Feature is enabled?
-          cookieName=".ASPXANONYMOUS"                         Cookie Name
-          cookieTimeout="100000"                              Cookie Timeout in minutes
-          cookiePath="/"                                      Cookie Path
-          cookieRequireSSL="[true|false]"                     Set Secure bit in Cookie
-          cookieSlidingExpiration="[true|false]"              Reissue expiring cookies?
-          cookieProtection="[None|Validation|Encryption|All]" How to protect cookies from being read/tampered
-          domain="[domain]"                                   Enables output of the "domain" cookie attribute set to the specified value
+    <!-- anonymousIdentification configuration:
+          enabled="[true|false]"                              Feature is enabled?
+          cookieName=".ASPXANONYMOUS"                         Cookie Name
+          cookieTimeout="100000"                              Cookie Timeout in minutes
+          cookiePath="/"                                      Cookie Path
+          cookieRequireSSL="[true|false]"                     Set Secure bit in Cookie
+          cookieSlidingExpiration="[true|false]"              Reissue expiring cookies?
+          cookieProtection="[None|Validation|Encryption|All]" How to protect cookies from being read/tampered
+          domain="[domain]"                                   Enables output of the "domain" cookie attribute set to the specified value
         -->
     <anonymousIdentification enabled="true" cookieName=".ASPXANONYMOUS" cookieTimeout="100000" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="None" domain=""/>
     <membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15">
       <providers>
         <clear/>
-        <!-- Configuration for AspNetSqlMembershipProvider:
-                connectionStringName="string"               Name corresponding to the entry in <connectionStrings> section where the connection string for the provider is specified
-                maxInvalidPasswordAttempts="int"            The number of failed password attempts, or failed password answer attempts that are allowed before locking out a user?s account
-                passwordAttemptWindow="int"                 The time window, in minutes, during which failed password attempts and failed password answer attempts are tracked
-                enablePasswordRetrieval="[true|false]"      Should the provider support password retrievals
-                enablePasswordReset="[true|false]"          Should the provider support password resets
-                requiresQuestionAndAnswer="[true|false]"    Should the provider require Q & A
-                minRequiredPasswordLength="int"		        The minimum password length
-                minRequiredNonalphanumericCharacters="int"  The minimum number of non-alphanumeric characters
-                applicationName="string"                    Optional string to identity the application: defaults to Application Metabase path
-                requiresUniqueEmail="[true|false]"          Should the provider require a unique email to be specified
-                passwordFormat="[Clear|Hashed|Encrypted]"   Storage format for the password: Hashed (SHA1), Clear or Encrypted (Triple-DES)
-                description="string"                        Description of what the provider does
+        <!-- Configuration for AspNetSqlMembershipProvider:
+                connectionStringName="string"               Name corresponding to the entry in <connectionStrings> section where the connection string for the provider is specified
+                maxInvalidPasswordAttempts="int"            The number of failed password attempts, or failed password answer attempts that are allowed before locking out a user?s account
+                passwordAttemptWindow="int"                 The time window, in minutes, during which failed password attempts and failed password answer attempts are tracked
+                enablePasswordRetrieval="[true|false]"      Should the provider support password retrievals
+                enablePasswordReset="[true|false]"          Should the provider support password resets
+                requiresQuestionAndAnswer="[true|false]"    Should the provider require Q & A
+                minRequiredPasswordLength="int"		        The minimum password length
+                minRequiredNonalphanumericCharacters="int"  The minimum number of non-alphanumeric characters
+                applicationName="string"                    Optional string to identity the application: defaults to Application Metabase path
+                requiresUniqueEmail="[true|false]"          Should the provider require a unique email to be specified
+                passwordFormat="[Clear|Hashed|Encrypted]"   Storage format for the password: Hashed (SHA1), Clear or Encrypted (Triple-DES)
+                description="string"                        Description of what the provider does
                 -->
         <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="SiteSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" requiresUniqueEmail="false" passwordFormat="Hashed" applicationName="DotNetNuke" description="Stores and retrieves membership data from the local Microsoft SQL Server database"/>
       </providers>
@@ -443,8 +445,8 @@
     <compositeFiles defaultFileProcessingProvider="DnnCompositeFileProcessor" compositeFileHandlerPath="~/DependencyHandler.axd">
       <fileProcessingProviders>
         <add name="CompositeFileProcessor" type="ClientDependency.Core.CompositeFiles.Providers.CompositeFileProcessingProvider, ClientDependency.Core" enableCssMinify="false" enableJsMinify="true" persistFiles="true" compositeFilePath="~/App_Data/ClientDependency" bundleDomains="" urlType="MappedId" />
-        <!-- For webfarms remove the above CompositeFileProcessor and uncomment this section
-                                                <add name="CompositeFileProcessor" type="ClientDependency.Core.CompositeFiles.Providers.CompositeFileProcessingProvider, ClientDependency.Core" enableCssMinify="false" enableJsMinify="true" persistFiles="true" compositeFilePath="~/App_Data/ClientDependency" bundleDomains="" urlType="Base64QueryStrings" />
+        <!-- For webfarms remove the above CompositeFileProcessor and uncomment this section
+                                                <add name="CompositeFileProcessor" type="ClientDependency.Core.CompositeFiles.Providers.CompositeFileProcessingProvider, ClientDependency.Core" enableCssMinify="false" enableJsMinify="true" persistFiles="true" compositeFilePath="~/App_Data/ClientDependency" bundleDomains="" urlType="Base64QueryStrings" />
                                                 -->
         <add name="DnnCompositeFileProcessor" type="DotNetNuke.Web.Client.Providers.DnnCompositeFileProcessingProvider, DotNetNuke.Web.Client" enableCssMinify="false" enableJsMinify="true" persistFiles="true" compositeFilePath="~/App_Data/ClientDependency" bundleDomains="" urlType="MappedId" />
       </fileProcessingProviders>