From 84c598536b90b9c814c2f410a977a914ecf1cb79 Mon Sep 17 00:00:00 2001
From: Daniel Winzen <daniel@danwin1210.me>
Date: Sat, 17 Oct 2020 10:01:59 +0200
Subject: [PATCH] Add missing label tags and role="alert" attriubutes

---
 www/admin.php  | 81 ++++++++++++++++++++++++++------------------------
 www/onions.php | 14 ++++-----
 www/test.php   | 17 ++++++-----
 3 files changed, 58 insertions(+), 54 deletions(-)

diff --git a/www/admin.php b/www/admin.php
index 1e88893..ebc4905 100644
--- a/www/admin.php
+++ b/www/admin.php
@@ -8,25 +8,27 @@ try{
 	die($I['nodb']);
 }
 asort($categories);
-echo '<!DOCTYPE html><html lang="'.$language.'><head>';
-echo "<title>$I[admintitle]</title>";
-echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
-echo '<meta name=viewport content="width=device-width, initial-scale=1">';
-echo '<meta name="robots" content="noindex">';
-echo '<style type="text/css">'.$style.'</style>';
-echo '</head><body>';
-echo "<h1>$I[admintitle]</h1>";
+?>
+<!DOCTYPE html><html lang="<?php echo $language; ?>"><head>
+<title><?php echo $I['admintitle']; ?></title>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<meta name=viewport content="width=device-width, initial-scale=1">
+<meta name="robots" content="noindex">
+<style type="text/css"><?php echo $style; ?></style>
+</head><body>
+<h1><?php echo $I['admintitle']; ?></h1>
+<?php
 print_langs();
 
 //check password
 if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
 	echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
 	echo "<input type=\"hidden\" name=\"lang\" value=\"$language\">";
-	echo "<p>$I[password]: <input type=\"password\" name=\"pass\" size=\"30\" required></p>";
+	echo "<p><label>$I[password]: <input type=\"password\" name=\"pass\" size=\"30\" required></label></p>";
 	echo "<input type=\"submit\" name=\"action\" value=\"$I[login]\">";
 	echo '</form>';
 	if(isset($_POST['pass'])){
-		echo "<p class=\"red\">$I[wrongpass]</p>";
+		echo "<p class=\"red\" role=\"alert\">$I[wrongpass]</p>";
 	}
 }else{
 	$view_mode = isset($_POST['view_mode']) ? $_POST['view_mode'] : 'single';
@@ -43,11 +45,11 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
 	echo "<input type=\"hidden\" name=\"pass\" value=\"$_POST[pass]\">";
 	echo "<input type=\"hidden\" name=\"view_mode\" value=\"$view_mode\">";
 	if($view_mode === 'single') {
-		echo "<p>$I[link]: <input name=\"addr\" size=\"30\" value=\"";
+		echo "<p><label>$I[link]: <input name=\"addr\" size=\"30\" value=\"";
 		if ( isset( $_REQUEST[ 'addr' ] ) ) {
 			echo htmlspecialchars( $_REQUEST[ 'addr' ] );
 		}
-		echo '" required autofocus></p>';
+		echo '" required autofocus></label></p>';
 	} else {
 		echo '<table id="maintable"><tr><th>Select</th><th>Address</th><th>Description</th><th>Category</th><th>Status</th></tr>';
 		$stmt=$db->query('SELECT address, description, category, approved, locked FROM ' . PREFIX . "onions WHERE address!='';");
@@ -57,17 +59,17 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
 		}
 		echo '</table>';
 	}
-	echo "<p>$I[cloneof]: <input type=\"text\" name=\"original\" size=\"30\"";
+	echo "<p><label>$I[cloneof]: <input type=\"text\" name=\"original\" size=\"30\"";
 	if(isset($_REQUEST['original'])){
 		echo ' value="'.htmlspecialchars($_REQUEST['original']).'"';
 	}
-	echo '></p>';
-	echo "<p>$I[bitcoins]: <input type=\"text\" name=\"btc\" size=\"30\"";
+	echo '></label></p>';
+	echo "<p><label>$I[bitcoins]: <input type=\"text\" name=\"btc\" size=\"30\"";
 	if(isset($_REQUEST['btc'])){
 		echo ' value="'.htmlspecialchars($_REQUEST['btc']).'"';
 	}
-	echo '></p>';
-	echo "<p>$I[adddesc]: <br><textarea name=\"desc\" rows=\"2\" cols=\"30\">";
+	echo '></label></p>';
+	echo "<p><label for=\"desc\">$I[adddesc]:</label> <br><textarea id=\"desc\" name=\"desc\" rows=\"2\" cols=\"30\">";
 	if(!empty($_REQUEST['desc'])){
 		echo htmlspecialchars(trim($_REQUEST['desc']));
 	}elseif(isset($_REQUEST['addr']) && is_string($_REQUEST['addr'])){
@@ -89,7 +91,7 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
 	if(!isset($category)){
 		$category=count($categories);
 	}
-	echo "<p>$I[category]: <select name=\"cat\">";
+	echo "<p><label>$I[category]: <select name=\"cat\">";
 	foreach($categories as $cat=>$name){
 		echo "<option value=\"$cat\"";
 		if($category==$cat || ($cat===0 && $category>=count($categories))){
@@ -97,7 +99,7 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
 		}
 		echo ">$name</option>";
 	}
-	echo '</select></p>';
+	echo '</select></label></p>';
 	echo '<input type="submit" name="action" value="None" hidden>';
 	echo '<table><tr>';
 	echo "<td><input type=\"submit\" name=\"action\" value=\"$I[remove]\"></td>";
@@ -122,22 +124,22 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
 		$addrs = is_array($_POST['addr']) ? $_POST['addr'] : [$_POST['addr']];
 		foreach ($addrs as $addr_single) {
 			if ( ! preg_match( '~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim( $addr_single ), $addr ) ) {
-				echo "<p class=\"red\">$I[invalonion]</p>";
+				echo "<p class=\"red\" role=\"alert\">$I[invalonion]</p>";
 			} else {
 				$addr = strtolower( $addr[ 3 ] );
 				$md5 = md5( $addr, true );
 				if ( $_POST[ 'action' ] === $I[ 'remove' ] ) { //remove address from public display
 					$db->prepare( 'UPDATE ' . PREFIX . "onions SET address='', locked=1, approved=-1 WHERE md5sum=?;" )->execute( [ $md5 ] );
-					echo "<p class=\"green\">$I[succremove]</p>";
+					echo "<p class=\"green\" role=\"alert\">$I[succremove]</p>";
 				} elseif ( $_POST[ 'action' ] === $I[ 'lock' ] ) { //lock editing
 					$db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=1, approved=1 WHERE md5sum=?;' )->execute( [ $md5 ] );
-					echo "<p class=\"green\">$I[succlock]</p>";
+					echo "<p class=\"green\"> role=\"alert\"$I[succlock]</p>";
 				} elseif ( $_POST[ 'action' ] === $I[ 'readd' ] ) { //add onion back, if previously removed
 					$db->prepare( 'UPDATE ' . PREFIX . 'onions SET address=?, locked=1, approved=1 WHERE md5sum=?;' )->execute( [ $addr, $md5 ] );
-					echo "<p class=\"green\">$I[succreadd]</p>";
+					echo "<p class=\"green\" role=\"alert\">$I[succreadd]</p>";
 				} elseif ( $_POST[ 'action' ] === $I[ 'unlock' ] ) { //unlock editing
 					$db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=0, approved=1 WHERE md5sum=?;' )->execute( [ $md5 ] );
-					echo "<p class=\"green\">$I[succunlock]</p>";
+					echo "<p class=\"green\" role=\"alert\">$I[succunlock]</p>";
 				} elseif ( $_POST[ 'action' ] === $I[ 'promote' ] ) { //promote link for payed time
 					$stmt = $db->prepare( 'SELECT special FROM ' . PREFIX . 'onions WHERE md5sum=?;' );
 					$stmt->execute( [ $md5 ] );
@@ -148,10 +150,10 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
 						$time = $specialtime[ 0 ] + ( ( $_POST[ 'btc' ] / PROMOTEPRICE ) * PROMOTETIME );
 					}
 					$db->prepare( 'UPDATE ' . PREFIX . 'onions SET special=?, locked=1, approved=1 WHERE md5sum=?;' )->execute( [ $time, $md5 ] );
-					printf( "<p class=\"green\">$I[succpromote]</p>", date( 'Y-m-d H:i', $time ) );
+					printf( "<p class=\"green\" role=\"alert\">$I[succpromote]</p>", date( 'Y-m-d H:i', $time ) );
 				} elseif ( $_POST[ 'action' ] === $I[ 'unpromote' ] ) { //remove promoted status
 					$db->prepare( 'UPDATE ' . PREFIX . 'onions SET special=0 WHERE md5sum=?;' )->execute( [ $md5 ] );
-					echo "<p class=\"green\">$I[succunpromote]</p>";
+					echo "<p class=\"green\" role=\"alert\">$I[succunpromote]</p>";
 				} elseif ( $_POST[ 'action' ] === $I[ 'update' ] ) { //update description
 					$stmt = $db->prepare( 'SELECT * FROM ' . PREFIX . 'onions WHERE md5sum=?;' );
 					$stmt->execute( [ $md5 ] );
@@ -168,21 +170,21 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
 					if ( ! $stmt->fetch( PDO::FETCH_ASSOC ) ) { //not yet there, add it
 						$stmt = $db->prepare( 'INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded, locked, approved) VALUES (?, ?, ?, ?, ?, 1, 1);' );
 						$stmt->execute( [ $addr, $desc, $md5, $category, time() ] );
-						echo "<p class=\"green\">$I[succadd]</p>";
+						echo "<p class=\"green\" role=\"alert\">$I[succadd]</p>";
 					} elseif ( $desc != '' ) { //update description+category
 						$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET description=?, category=?, locked=1, approved=1 WHERE md5sum=?;' );
 						$stmt->execute( [ $desc, $category, $md5 ] );
-						echo "<p class=\"green\">$I[succupddesc]</p>";
+						echo "<p class=\"green\" role=\"alert\">$I[succupddesc]</p>";
 					} elseif ( $category != 0 ) { //only update category
 						$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET category=?, locked=1, approved=1 WHERE md5sum=?;' );
 						$stmt->execute( [ $category, $md5 ] );
-						echo "<p class=\"green\">$I[succupdcat]!</p>";
+						echo "<p class=\"green\" role=\"alert\">$I[succupdcat]!</p>";
 					} else { //no description or category change and already known
-						echo "<p class=\"green\">$I[alreadyknown]</p>";
+						echo "<p class=\"green\" role=\"alert\">$I[alreadyknown]</p>";
 					}
 				} elseif ( $_POST[ 'action' ] === $I[ 'phishing' ] ) {//mark as phishing clone
 					if ( $_POST[ 'original' ] !== '' && ! preg_match( '~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', $_POST[ 'original' ], $orig ) ) {
-						echo "<p class=\"red\">$I[invalonion]</p>";
+						echo "<p class=\"red\" role=\"alert\">$I[invalonion]</p>";
 					} else {
 						if ( isset( $orig[ 3 ] ) ) {
 							$orig = strtolower( $orig[ 3 ] );
@@ -194,27 +196,28 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
 							$stmt->execute( [ $addr, $orig ] );
 							$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=1, approved=1 WHERE address=?;' );
 							$stmt->execute( [ $addr ] );
-							echo "<p class=\"green\">$I[succaddphish]</p>";
+							echo "<p class=\"green\" role=\"alert\">$I[succaddphish]</p>";
 						} else {
-							echo "<p class=\"red\">$I[samephish]</p>";
+							echo "<p class=\"red\" role=\"alert\">$I[samephish]</p>";
 						}
 					}
 				} elseif ( $_POST[ 'action' ] === $I[ 'unphishing' ] ) { //remove phishing clone status
 					$stmt = $db->prepare( 'DELETE FROM ' . PREFIX . 'phishing WHERE onion_id=(SELECT id FROM ' . PREFIX . 'onions WHERE address=?);' );
 					$stmt->execute( [ $addr ] );
-					echo "<p class=\"green\">$I[succrmphish]</p>";
+					echo "<p class=\"green\" role=\"alert\">$I[succrmphish]</p>";
 				} elseif ( $_POST[ 'action' ] === $I[ 'reject' ] ) { //lock editing
 					$db->prepare( 'UPDATE ' . PREFIX . 'onions SET approved=-1 WHERE md5sum=?;' )->execute( [ $md5 ] );
-					echo "<p class=\"green\">$I[succreject]</p>";
+					echo "<p class=\"green\" role=\"alert\">$I[succreject]</p>";
 				} elseif ( $_POST[ 'action' ] === $I[ 'approve' ] ) { //lock editing
 					$db->prepare( 'UPDATE ' . PREFIX . 'onions SET approved=1 WHERE md5sum=?;' )->execute( [ $md5 ] );
-					echo "<p class=\"green\">$I[succapprove]</p>";
+					echo "<p class=\"green\" role=\"alert\">$I[succapprove]</p>";
 				} else { //no specific button was pressed
-					echo "<p class=\"red\">$I[noaction]</p>";
+					echo "<p class=\"red\" role=\"alert\">$I[noaction]</p>";
 				}
 			}
 		}
 	}
 }
-echo '<br><p class="software-link"><a target="_blank" href="https://github.com/DanWin/onion-link-list">Onion Link List - ' . VERSION . '</a></p>';
-echo '</body></html>';
+?>
+<br><p class="software-link"><a target="_blank" href="https://github.com/DanWin/onion-link-list" rel="noopener">Onion Link List - <?php echo VERSION; ?></a></p>
+</body></html>
diff --git a/www/onions.php b/www/onions.php
index 5ea3077..2931776 100644
--- a/www/onions.php
+++ b/www/onions.php
@@ -208,7 +208,7 @@ function send_html(){
 	echo '</ul><br><br>';
 	if($_SERVER['REQUEST_METHOD']==='POST' && !empty($_REQUEST['addr'])){
 		if(!preg_match('~(^(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
-			echo "<p class=\"red\">$I[invalonion]</p>";
+			echo "<p class=\"red\" role=\"alert\">$I[invalonion]</p>";
 			echo "<p>$I[valid]: http://tt3j2x4k5ycaa5zt.onion</p>";
 		}else{
 			if(!isset($_REQUEST['challenge'])){
@@ -246,19 +246,19 @@ function send_html(){
 			if(!$stmt->fetch(PDO::FETCH_BOUND)){//new link, add to database
 				$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded) VALUES (?, ?, ?, ?, ?);');
 				$stmt->execute([$addr, $desc, $md5, $category, time()]);
-				echo "<p class=\"green\">$I[succadd]</p>";
+				echo "<p class=\"green\" role=\"alert\">$I[succadd]</p>";
 			}elseif($locked==1){//locked, not editable
-				echo "<p class=\"red\">$I[faillocked]</p>";
+				echo "<p class=\"red\" role=\"alert\">$I[faillocked]</p>";
 			}elseif($desc!==''){//update description
 				$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET description=?, category=? WHERE md5sum=?;');
 				$stmt->execute([$desc, $category, $md5]);
-				echo "<p class=\"green\">$I[succupddesc]</p>";
+				echo "<p class=\"green\" role=\"alert\">$I[succupddesc]</p>";
 			}elseif($category!=0){//update category only
 				$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET category=? WHERE md5sum=?;');
 				$stmt->execute([$category, $md5]);
-				echo "<p class=\"green\">$I[succupdcat]</p>";
+				echo "<p class=\"green\" role=\"alert\">$I[succupdcat]</p>";
 			}else{//nothing changed and already known
-				echo "<p class=\"green\">$I[alreadyknown]</p>";
+				echo "<p class=\"green\" role=\"alert\">$I[alreadyknown]</p>";
 			}
 		}
 	}
@@ -524,5 +524,5 @@ function send_captcha(){
 }
 
 function send_error(string $msg){
-	die("<p class=\"red\">$msg</p></div></body></html>");
+	die("<p class=\"red\" role=\"alert\">$msg</p></div></body></html>");
 }
diff --git a/www/test.php b/www/test.php
index be1a7ef..4eb0079 100644
--- a/www/test.php
+++ b/www/test.php
@@ -33,7 +33,7 @@ if(!empty($_REQUEST['addr'])){
 		die('No DB connection');
 	}
 	if(!preg_match('~(^(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
-		echo "<p class=\"red\">$I[invalonion]</p>";
+		echo "<p class=\"red\" role=\"alert\">$I[invalonion]</p>";
 	}else{
 		$ch=curl_init();
 		set_curl_options($ch);
@@ -49,17 +49,17 @@ if(!empty($_REQUEST['addr'])){
 		$phishing=$db->prepare('SELECT original FROM ' . PREFIX . 'phishing, ' . PREFIX . 'onions WHERE address=? AND onion_id=' . PREFIX . 'onions.id;');
 		$phishing->execute([$addr]);
 		if($orig=$phishing->fetch(PDO::FETCH_NUM)){
-			printf("<p class=\"red\">$I[testphishing]</p>", "<a href=\"http://$orig[0].onion\">$orig[0].onion</a>");
+			printf("<p class=\"red\" role=\"alert\">$I[testphishing]</p>", "<a href=\"http://$orig[0].onion\">$orig[0].onion</a>");
 		}
 		$scam=$db->prepare('SELECT null FROM ' . PREFIX . 'onions WHERE md5sum=? AND category=15 AND locked=1;');
 		$scam->execute([$md5]);
 		if($scam->fetch(PDO::FETCH_NUM)){
-			echo "<p class=\"red\">Warning: This is a known scam!</p>";
+			echo "<p class=\"red\" role=\"alert\">Warning: This is a known scam!</p>";
 		}
 		$stmt=$db->prepare('SELECT null FROM ' . PREFIX . 'onions WHERE md5sum=? AND timediff=0 AND lasttest>?;');
 		$stmt->execute([$md5, time()-60]);
 		if($stmt->fetch(PDO::FETCH_NUM)){
-			echo "<p class=\"green\">$I[testonline]</p>";
+			echo "<p class=\"green\" role=\"alert\">$I[testonline]</p>";
 		}elseif(($content=curl_exec($ch))!==false){
 			$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
 			$header = substr($content, 0, $header_size);
@@ -94,16 +94,17 @@ if(!empty($_REQUEST['addr'])){
 				}
 				blacklist_scams($addr, $content);
 			}
-			echo "<p class=\"green\">$I[testonline]</p>";
+			echo "<p class=\"green\" role=\"alert\">$I[testonline]</p>";
 		}else{
 			if(isset($db)){
 				$time=time();
 				$db->prepare('UPDATE ' . PREFIX . 'onions SET lasttest=?, timediff=lasttest-lastup WHERE md5sum=? AND lasttest<?;')->execute([$time, $md5, $time]);
 			}
-			echo "<p class=\"red\">$I[testoffline]</p>";
+			echo "<p class=\"red\" role=\"alert\">$I[testoffline]</p>";
 		}
 		curl_close($ch);
 	}
 }
-echo '<br><p class="software-link"><a target="_blank" href="https://github.com/DanWin/onion-link-list" rel="noopener">Onion Link List - ' . VERSION . '</a></p>';
-echo '</body></html>';
+?>
+<br><p class="software-link"><a target="_blank" href="https://github.com/DanWin/onion-link-list" rel="noopener">Onion Link List - <?php echo VERSION; ?></a></p>
+</body></html>