Commit 0ea122d7 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Turn on auto_escape for user/view.tpl


Signed-off-by: default avatarRichard Mansfield <richardm@catalyst.net.nz>
parent aaaf9cb0
{auto_escape off}
{if $microheaders}{include file="viewmicroheader.tpl"}{else}{include file="header.tpl"}{/if}
<div id="userview">
......@@ -14,7 +13,7 @@
{if $relationship == 'existingfriend'}
<a href="{$WWWROOT}user/removefriend.php?id={$USERID}&amp;returnto=view" class="btn-del">{str tag='removefromfriendslist' section='group'}</a>
{elseif $relationship == 'none' && $friendscontrol == 'auto'}
{$newfriendform}
{$newfriendform|safe}
{elseif $relationship == 'none' && $friendscontrol == 'auth'}
<a href="{$WWWROOT}user/requestfriendship.php?id={$USERID}&amp;returnto=view" class="btn-req">{str tag='requestfriendship' section='group'}</a>
{/if}
......@@ -22,28 +21,27 @@
<div>{str tag=groupinvitesfrom section=group}{$invitedlist}</div>
{/if}
{if $inviteform}
<div class="btn-msg">{$inviteform}</div>
<div class="btn-msg">{$inviteform|safe}</div>
{/if}
{if $requestedlist}
<div>{str tag=requestedmembershipin section=group}{$requestedlist}</div>
{/if}
<div class="btn-add">{if $addform}{$addform}{/if}</div>
<div class="btn-add">{if $addform}{$addform|safe}{/if}</div>
</div>
{if $relationship == 'pending'}
<div class="message">
{str tag='whymakemeyourfriend' section='group'} {$message|escape}
{$requestform}
{str tag='whymakemeyourfriend' section='group'} {$message}
{$requestform|safe}
</div>
{/if}
</div>
<div id="view" class="cl">
<div id="bottom-pane">
<div id="column-container">
{$viewcontent}
{$viewcontent|safe}
<div class="cb"></div>
</div>
</div>
</div>
{if $microheaders}{include file="microfooter.tpl"}{else}{include file="footer.tpl"}{/if}
{/auto_escape}
......@@ -271,7 +271,7 @@ if (!empty($loggedinid) && $loggedinid != $userid) {
}
if ($userid != $USER->get('id') && $USER->is_admin_for_user($user) && is_null($USER->get('parentuser'))) {
$loginas = get_string('loginasuser', 'admin', hsc($user->username));
$loginas = get_string('loginasuser', 'admin', $user->username);
} else {
$loginas = null;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment