From 6ab89563441e90f69260fc415e5645f410ad6bf9 Mon Sep 17 00:00:00 2001
From: Samuel Georges <sam@daftspunk.com>
Date: Fri, 22 Nov 2024 10:41:58 +1100
Subject: [PATCH 1/2] Fixes inherited bug

This seems to allow escaped HTML through...
---
 src/Html/HtmlBuilder.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Html/HtmlBuilder.php b/src/Html/HtmlBuilder.php
index 5b7770cb3..86a4b1752 100644
--- a/src/Html/HtmlBuilder.php
+++ b/src/Html/HtmlBuilder.php
@@ -404,7 +404,7 @@ public function obfuscate($value)
      */
     public static function strip($string, $allow = '')
     {
-        return htmlspecialchars_decode(strip_tags($string, $allow));
+        return strip_tags(htmlspecialchars_decode($string), $allow);
     }
 
     /**

From da037eeddb86c3d0fbdeef379df4e54e7b928b19 Mon Sep 17 00:00:00 2001
From: Samuel Georges <sam@daftspunk.com>
Date: Mon, 2 Dec 2024 13:44:28 +1100
Subject: [PATCH 2/2] Adds unique_site rule

---
 src/Validation/ValidationServiceProvider.php |  5 +++
 src/Validation/Validator.php                 | 46 ++++++++++++++++++++
 2 files changed, 51 insertions(+)

diff --git a/src/Validation/ValidationServiceProvider.php b/src/Validation/ValidationServiceProvider.php
index c100377ec..ee5be1c70 100644
--- a/src/Validation/ValidationServiceProvider.php
+++ b/src/Validation/ValidationServiceProvider.php
@@ -20,6 +20,11 @@ protected function registerValidationFactory()
                 $validator->setPresenceVerifier($app['validation.presence']);
             }
 
+            // Replacers for custom rules in Validator class
+            $validator->replacer('unique_site', function ($message, $attribute, $rule, $parameters) {
+                return __('validation.unique', ['attribute' => $attribute]);
+            });
+
             return $validator;
         });
     }
diff --git a/src/Validation/Validator.php b/src/Validation/Validator.php
index 5bba58180..27171f0f4 100644
--- a/src/Validation/Validator.php
+++ b/src/Validation/Validator.php
@@ -1,5 +1,7 @@
 <?php namespace October\Rain\Validation;
 
+use Site;
+use Illuminate\Validation\Rules\Unique;
 use Illuminate\Validation\Validator as ValidatorBase;
 use October\Rain\Exception\ValidationException;
 
@@ -16,4 +18,48 @@ class Validator extends ValidatorBase
      * @var string exception to throw upon failure.
      */
     protected $exception = ValidationException::class;
+
+    /**
+     * validateUniqueSite validates the uniqueness of an attribute value on a given database table,
+     * including a site ID condition check.
+     */
+    public function validateUniqueSite($attribute, $value, $parameters)
+    {
+        $this->requireParameterCount(1, $parameters, 'unique_site');
+
+        [$connection, $table, $idColumn] = $this->parseTable($parameters[0]);
+
+        // The second parameter position holds the name of the column that needs to
+        // be verified as unique. If this parameter isn't specified we will just
+        // assume that this column to be verified shares the attribute's name.
+        $column = $this->getQueryColumn($parameters, $attribute);
+
+        $id = null;
+
+        if (isset($parameters[2])) {
+            [$idColumn, $id] = $this->getUniqueIds($idColumn, $parameters);
+
+            if (!is_null($id)) {
+                $id = stripslashes($id);
+            }
+        }
+
+        // The presence verifier is responsible for counting rows within this store
+        // mechanism which might be a relational database or any other permanent
+        // data store like Redis, etc. We will use it to determine uniqueness.
+        $verifier = $this->getPresenceVerifier($connection);
+
+        $extra = $this->getUniqueExtra($parameters);
+
+        if ($this->currentRule instanceof Unique) {
+            $extra = array_merge($extra, $this->currentRule->queryCallbacks());
+        }
+
+        // Add the site extra
+        $extra['site_id'] = Site::getSiteIdFromContext();
+
+        return $verifier->getCount(
+            $table, $column, $value, $id, $idColumn, $extra
+        ) == 0;
+    }
 }