Skip to content

GitLab

Commit 1a07d3b2 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Turn on auto_escape in remaining admin templates 


Signed-off-by: default avatarRichard Mansfield <richardm@catalyst.net.nz>
parent d55436b4
Hide whitespace changes
Inline Side-by-side
htdocs/theme/raw/templates/admin/extensions/filters.tpl
View file @ 1a07d3b2
{auto_escape off}
{include file='header.tpl'}
<p>{str tag=htmlfiltersdescription section=admin}</p>
......@@ -15,7 +14,7 @@
{/if}
<p>{$newfiltersdescription}</p>
<div>{$reloadform}</div>
<div>{$reloadform|safe}</div>
{include file='footer.tpl'}
{/auto_escape}
htdocs/theme/raw/templates/admin/extensions/pluginconfig.tpl
View file @ 1a07d3b2
{auto_escape off}
{include file='header.tpl'}
{$form}
{$form|safe}
{include file='footer.tpl'}
{/auto_escape}
htdocs/theme/raw/templates/admin/extensions/plugins.tpl
View file @ 1a07d3b2
{auto_escape off}
{include file='header.tpl'}
<div id="adminplugin">
......@@ -52,4 +51,3 @@
</div>
{include file='footer.tpl'}
{/auto_escape}
htdocs/theme/raw/templates/admin/users/institutionadmins.tpl
View file @ 1a07d3b2
{auto_escape off}
{include file="header.tpl"}
<p>{str tag="institutionadminuserspagedescription" section="admin"}</p>
{$institutionselector}
{$institutionselector|safe}
<div class="userlistform">
{$adminusersform}
{$adminusersform|safe}
</div>
{include file="footer.tpl"}
{/auto_escape}
htdocs/theme/raw/templates/admin/users/institutions.tpl
View file @ 1a07d3b2
{auto_escape off}
{include file="header.tpl"}
{if $delete_form}
<h3>{str tag="deleteinstitution" section="admin"}</h3>
<p>{str tag="deleteinstitutionconfirm" section="admin"}</p>
{$delete_form}
{else}
{if $institution_form}
{if $suspended}
<div class="message">
<h4>{$suspended|escape}</h4>
<div id="suspendedhelp">
{if $USER->get('admin')}
<p class="description">{str tag="unsuspendinstitutiondescription_top" section="admin"}</p>
{else}
<p class="description">{str tag="unsuspendinstitutiondescription_top_instadmin" section="admin"}</p>
{/if}
</div>
<div class="center">{$suspendform_top}</div>
</div>
{/if}
{if $add}
<h3>{str tag="addinstitution" section="admin"}</h3>
{/if}
{$institution_form}
{if $suspendform}
<div id="suspendinstitution">
<h3 id="suspend">{str tag="suspendinstitution" section=admin}</h3>
<div class="suspendform">{$suspendform}</div>
</div>
{/if}
{else}
<table id="adminstitutionslist" class="fullwidth">
<thead>
<tr>
<th>{str tag="institution"}</th>
<th class="center">{str tag="Members" section="admin"}</th>
<th class="center">{str tag="Maximum" section="admin"}</th>
<th class="center">{str tag="Staff" section="admin"}</th>
<th class="center">{str tag="Admins" section="admin"}</th>
<th></th>
<th></th>
</tr>
</thead>
<tfoot>
<tr>
<td>
{if $siteadmin}
<form action="" method="post">
<input type="submit" class="submit" name="add" value="{str tag="addinstitution" section="admin"}" id="admininstitution_add">
</form>
{/if}
</td>
<td colspan="5" class="institutionedituserbuttons right">{if count($institutions) > 1}
<form action="{$WWWROOT}admin/users/institutionusers.php" method="post">
<input type="submit" class="submit" name="editmembers" value="{str tag="editmembers" section="admin"}">
</form>
<form action="{$WWWROOT}admin/users/institutionstaff.php" method="post">
<input type="submit" class="submit" name="editstaff" value="{str tag="editstaff" section="admin"}">
</form>
<form action="{$WWWROOT}admin/users/institutionadmins.php" method="post">
<input type="submit" class="submit" name="editadmins" value="{str tag="editadmins" section="admin"}">
</form>
{/if}</td>
<td></td>
</tr>
</tfoot>
<tbody>
{foreach from=$institutions item=institution}
<tr class="{cycle values='r0,r1'}">
<td>{$institution->displayname|escape}</td>
<td class="center">
{if $institution->name != 'mahara'}
<a href="{$WWWROOT}admin/users/institutionusers.php?usertype=members&amp;institution={$institution->name}">{$institution->members}</a>
{else}
<a href="{$WWWROOT}admin/users/search.php?institution=mahara">{$institution->members}</a>
{/if}
</td>
<td class="center">{$institution->maxuseraccounts}</td>
<td class="center"><a href="{$WWWROOT}admin/users/institutionstaff.php?institution={$institution->name}">{$institution->staff}</a></td>
<td class="center"><a href="{$WWWROOT}admin/users/institutionadmins.php?institution={$institution->name}">{$institution->admins}</a></td>
<td class="admininstitutionbtns right">
<form action="" method="post">
<input type="hidden" name="i" value="{$institution->name}">
<input type="submit" class="submit btn-edit s" name="edit" value="{str tag="edit"}">
{if $siteadmin && !$institution->members && $institution->name != 'mahara'}<input type="submit" class="submit btn-del s" name="delete" value="{str tag="delete"}">{/if}
</form>
</td>
<td class="center">{if $institution->suspended}<span class="suspended">{str tag="suspendedinstitution" section=admin}</span>{/if}</td>
</tr>
{/foreach}
</tbody>
</table>
{if $delete_form}
{/if}
{/if}
<h3>{str tag="deleteinstitution" section="admin"}</h3>
<p>{str tag="deleteinstitutionconfirm" section="admin"}</p>
{$delete_form|safe}
{elseif $institution_form}
{if $suspended}
<div class="message">
<h4>{$suspended}</h4>
<div id="suspendedhelp">
{if $USER->get('admin')}
<p class="description">{str tag="unsuspendinstitutiondescription_top" section="admin"}</p>
{else}
<p class="description">{str tag="unsuspendinstitutiondescription_top_instadmin" section="admin"}</p>
{/if}
</div>
<div class="center">{$suspendform_top|safe}</div>
</div>
{/if}
{if $add}
<h3>{str tag="addinstitution" section="admin"}</h3>
{/if}
{$institution_form|safe}
{if $suspendform}
<div id="suspendinstitution">
<h3 id="suspend">{str tag="suspendinstitution" section=admin}</h3>
<div class="suspendform">{$suspendform|safe}</div>
</div>
{/if}
{else}
<table id="adminstitutionslist" class="fullwidth">
<thead>
<tr>
<th>{str tag="institution"}</th>
<th class="center">{str tag="Members" section="admin"}</th>
<th class="center">{str tag="Maximum" section="admin"}</th>
<th class="center">{str tag="Staff" section="admin"}</th>
<th class="center">{str tag="Admins" section="admin"}</th>
<th></th>
<th></th>
</tr>
</thead>
<tfoot>
<tr>
<td>
{if $siteadmin}
<form action="" method="post">
<input type="submit" class="submit" name="add" value="{str tag="addinstitution" section="admin"}" id="admininstitution_add">
</form>
{/if}
</td>
<td colspan="5" class="institutionedituserbuttons right">{if count($institutions) > 1}
<form action="{$WWWROOT}admin/users/institutionusers.php" method="post">
<input type="submit" class="submit" name="editmembers" value="{str tag="editmembers" section="admin"}">
</form>
<form action="{$WWWROOT}admin/users/institutionstaff.php" method="post">
<input type="submit" class="submit" name="editstaff" value="{str tag="editstaff" section="admin"}">
</form>
<form action="{$WWWROOT}admin/users/institutionadmins.php" method="post">
<input type="submit" class="submit" name="editadmins" value="{str tag="editadmins" section="admin"}">
</form>
{/if}</td>
<td></td>
</tr>
</tfoot>
<tbody>
{foreach from=$institutions item=institution}
<tr class="{cycle values='r0,r1'}">
<td>{$institution->displayname}</td>
<td class="center">
{if $institution->name != 'mahara'}
<a href="{$WWWROOT}admin/users/institutionusers.php?usertype=members&amp;institution={$institution->name}">{$institution->members}</a>
{else}
<a href="{$WWWROOT}admin/users/search.php?institution=mahara">{$institution->members}</a>
{/if}
</td>
<td class="center">{$institution->maxuseraccounts}</td>
<td class="center"><a href="{$WWWROOT}admin/users/institutionstaff.php?institution={$institution->name}">{$institution->staff}</a></td>
<td class="center"><a href="{$WWWROOT}admin/users/institutionadmins.php?institution={$institution->name}">{$institution->admins}</a></td>
<td class="admininstitutionbtns right">
<form action="" method="post">
<input type="hidden" name="i" value="{$institution->name}">
<input type="submit" class="submit btn-edit s" name="edit" value="{str tag="edit"}">
{if $siteadmin && !$institution->members && $institution->name != 'mahara'}<input type="submit" class="submit btn-del s" name="delete" value="{str tag="delete"}">{/if}
</form>
</td>
<td class="center">{if $institution->suspended}<span class="suspended">{str tag="suspendedinstitution" section=admin}</span>{/if}</td>
</tr>
{/foreach}
</tbody>
</table>
{/if}
{include file="footer.tpl"}
{/auto_escape}
htdocs/theme/raw/templates/admin/users/institutionstaff.tpl
View file @ 1a07d3b2
{auto_escape off}
{include file="header.tpl"}
<p>{str tag="institutionstaffuserspagedescription" section="admin"}</p>
{$institutionselector}
{$institutionselector|safe}
<div class="userlistform">
{$staffusersform}
{$staffusersform|safe}
</div>
{include file="footer.tpl"}
{/auto_escape}
htdocs/theme/raw/templates/admin/users/institutionusers.tpl
View file @ 1a07d3b2
{auto_escape off}
{include file="header.tpl"}
<p>{str tag="institutionmemberspagedescription" section="admin"}</p>
<p>{$instructions}</p>
{$usertypeselector}
{$usertypeselector|safe}
<div class="userlistform">
{$institutionusersform}
{$institutionusersform|safe}
</div>
{include file="footer.tpl"}
{/auto_escape}
htdocs/theme/raw/templates/admin/users/noinstitutions.tpl
View file @ 1a07d3b2
{auto_escape off}
{include file="header.tpl"}
<h1>{str tag="noinstitutions" section="admin"}</h1>
......@@ -11,4 +10,3 @@
</div>
{include file="footer.tpl"}
{/auto_escape}
htdocs/theme/raw/templates/form/authlist.tpl
View file @ 1a07d3b2
{{auto_escape off}}
<script type="text/javascript">
function move_up(id) {
......@@ -77,13 +76,13 @@
inuseArray = arrayIze('institution_inuse');
if (instanceArray.length == 1) {
alert({{$cannotremove}});
alert({{$cannotremove|safe}});
return false;
}
for(i = 0; i < inuseArray.length; i++) {
if (id == inuseArray[i]) {
alert({{$cannotremoveinuse}});
alert({{$cannotremoveinuse|safe}});
return false;
}
}
......@@ -120,7 +119,7 @@
var selectedPlugin = document.getElementById('dummySelect').value;
var institution = '{{$institution}}';
if (institution.length == 0) {
alert({{$saveinstitutiondetailsfirst}});
alert({{$saveinstitutiondetailsfirst|safe}});
return false;
}
......@@ -144,7 +143,7 @@
if (requiresConfig(plugin)) {
window.open('addauthority.php?id='+id+'&edit=1&i={{$institution}}&p=' + plugin, 'editinstance', 'height=520,width=550,screenx=250,screenY=200,scrollbars=1');
} else {
alert({{$noauthpluginconfigoptions}});
alert({{$noauthpluginconfigoptions|safe}});
}
}
......@@ -188,10 +187,9 @@ IMPORTANT: do not introduce any new whitespace into the instanceList div.
</div>
<select name="dummy" id="dummySelect">
{{foreach $authtypes authtype}}
<option value="{{$authtype->name|escape}}"{{if !$authtype->is_usable}} disabled="disabled"{{/if}}>{{$authtype->title|escape}} - {{$authtype->description|escape}}</option>
<option value="{{$authtype->name}}"{{if !$authtype->is_usable}} disabled="disabled"{{/if}}>{{$authtype->title}} - {{$authtype->description}}</option>
{{/foreach}}
</select>
<button type="button" onclick="addinstance(); return false;" name="button" value="foo">{{str tag=Add section=admin}}</button>
<input type="hidden" id="instancePriority" name="instancePriority" value="{{$instancestring}}" />
<input type="hidden" id="deleteList" name="deleteList" value="" />
{{/auto_escape}}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment