Writeup works

.github/unicode-test.bin

@@ -0,0 +1,24 @@
+Normal line.
+
+This line contains a NO-BREAK SPACE between Hello and World:
+Hello World
+
+This line contains a ZERO WIDTH SPACE between Hello and World:
+Hello​World
+
+This line contains a ZERO WIDTH NON-JOINER:
+Hello‌World
+
+This line contains a ZERO WIDTH JOINER:
+Hello‍World
+
+This line contains a WORD JOINER:
+Hello⁠World
+
+The next line contains a LINE SEPARATOR character:
+Hello
World
+
+The next line contains a PARAGRAPH SEPARATOR character:
+Hello
World
+
+End of file.

docs/Sysconfig-Keys.md

@@ -49,6 +49,7 @@ These are the system configuration keys used by the platform applications. Any k
 * `stream_player_target_help`: Whether or not to produce stream entries for players who activate writeups on a target.
 * `log_failed_claims`: Log failed claim attempts?
 * `team_encrypted_claims_allowed`: Should we allow claims of flags across teams?
+* `target_metadata_visible`: Whether or not metadata will be visible to normal players. Admins get to see the metadata no matter this settting.
 
 ## String and numeric key/val pairs
 

frontend/modules/target/controllers/WriteupController.php

@@ -109,7 +109,6 @@ public function actionSubmit(int $id)
         return $this->redirect(['default/view','id'=>$id]);
       }
 
-
       $headshot=Headshot::findOne(['target_id'=>$id,'player_id'=>Yii::$app->user->id]);
       if($headshot===null)
       {
@@ -140,9 +139,6 @@ public function actionSubmit(int $id)
           'model' => $model,
           'headshot'=>$headshot,
       ]);
-
-
-
     }
 
     /**

frontend/modules/target/models/Writeup.php

@@ -63,24 +63,44 @@ public function scenarios()
     public function rules()
     {
         return [
+            [['content'], 'filter', 'filter' => function ($value) {
+              if ($value === null || $value === '') {
+                  return null;
+              }
+
+              $value = str_replace("\r\n", "\n", $value);
+              $value = str_replace("\r", "", $value);
+
+              $cleaned = preg_replace('/[\x{2028}\x{2029}]/u', "\n", $value);
+              if ($cleaned !== null && $cleaned !== false) {
+                  $value = $cleaned;
+              }
+
+              $value = str_replace("\u{00A0}", ' ', $value);
+
+              $cleaned = preg_replace('/[\x{200B}\x{200C}\x{200D}\x{2060}\x{FEFF}\x{00AD}]/u', '', $value);
+              if ($cleaned !== null && $cleaned !== false) {
+                  $value = $cleaned;
+              }
+
+              return $value;
+            }],
+
+            [['approved'], 'default', 'value' => false],
+            ['formatter', 'default', 'value' => 'text'],
+            ['language_id', 'default', 'value' => 'en'],
+            ['status', 'default', 'value' => 'PENDING'],
+
             [['player_id', 'target_id','content'], 'required'],
+
             [['player_id', 'target_id'], 'integer'],
             [['approved'], 'boolean'],
-            [['approved'], 'default','value'=>false],
-            ['formatter', 'default','value'=>'text'],
-            ['language_id', 'default','value'=>'en'],
             [['status', 'comment'], 'string'],
-            [['content'], 'filter', 'filter' => function ($value) {
-                return str_replace(["\r\n", "\r"], "\n", $value);
-            }],
             [['content'], 'filter','filter'=>'trim'],
-            [['content'], 'string','skipOnEmpty'=>false, 'min'=>'20'],
-            ['status','default','value'=>'PENDING'],
-            [['created_at', 'updated_at'], 'safe'],
+            [['content'], 'string', 'min'=>20],
             [['player_id'], 'exist', 'skipOnError' => true, 'targetClass' => Player::class, 'targetAttribute' => ['player_id' => 'id']],
             [['target_id'], 'exist', 'skipOnError' => true, 'targetClass' => Target::class, 'targetAttribute' => ['target_id' => 'id']],
             [['language_id'], 'exist', 'skipOnError' => true, 'targetClass' => \app\models\Language::class, 'targetAttribute' => ['language_id' => 'id']],
-
         ];
     }
 

frontend/themes/material/modules/target/views/default/_target_metadata.php

@@ -10,9 +10,11 @@
       <?php if(!empty($metadata->solution)):?><b><?=\Yii::t('app','Solution')?></b>: <?php \Yii::$app->formatter->divID = 'markdown-solution'; echo \Yii::$app->formatter->asMarkdown($metadata->solution)?><?php endif;?>
     </details>
   <?php endif;?>
+<?php if(\Yii::$app->sys->target_metadata_visible || Yii::$app->user->identity->isAdmin):?>
   <?php if(!empty($metadata->pre_credits)):?><b><?=\Yii::t('app','Pre exploitation credits')?></b>: <?php \Yii::$app->formatter->divID = 'markdown-pre-credits'; echo \Yii::$app->formatter->asMarkdown($metadata->pre_credits)?><?php endif;?>
   <?php if(!empty($metadata->pre_exploitation)):?><b><?=\Yii::t('app','Pre exploitation details')?></b>: <?php \Yii::$app->formatter->divID = 'markdown-pre-exploitation'; echo \Yii::$app->formatter->asMarkdown($metadata->pre_exploitation)?><?php endif;?>
   <?php if((($identity->player_id===Yii::$app->user->id && $target->progress==100) || Yii::$app->user->identity->isAdmin) && !empty($metadata->post_exploitation)):?><b><?=\Yii::t('app','Post exploitation')?></b>: <?php \Yii::$app->formatter->divID = 'markdown-post-exploitation'; echo \Yii::$app->formatter->asMarkdown($metadata->post_exploitation)?><?php endif;?>
   <?php if((($identity->player_id===Yii::$app->user->id && $target->progress==100) || Yii::$app->user->identity->isAdmin) && !empty($metadata->post_credits)):?><b><?=\Yii::t('app','Post exploitation credits')?></b>: <?php \Yii::$app->formatter->divID = 'markdown-post-credits'; echo \Yii::$app->formatter->asMarkdown($metadata->post_credits)?><?php endif;?>
   <?php \Yii::$app->formatter->divID=$oldId; ?>
 <?php endif;?>
+<?php endif;?>