Turn on auto_escape in remaining admin templates

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Turn on auto_escape in remaining admin templates
Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>
1a07d3b2 · Richard Mansfield · d55436b4 · 1a07d3b2 · 1a07d3b2 · 1a07d3b2
Commit 1a07d3b2 authored May 14, 2010 by Richard Mansfield
9 changed files
--- a/htdocs/theme/raw/templates/admin/extensions/filters.tpl
+++ b/htdocs/theme/raw/templates/admin/extensions/filters.tpl
-{auto_escape off}
 {include file='header.tpl'}

 <p>{str tag=htmlfiltersdescription section=admin}</p>
@@ -15,7 +14,7 @@
 {/if}

 <p>{$newfiltersdescription}</p>
-<div>{$reloadform}</div>
+<div>{$reloadform|safe}</div>

 {include file='footer.tpl'}
-{/auto_escape}
+
--- a/htdocs/theme/raw/templates/admin/extensions/pluginconfig.tpl
+++ b/htdocs/theme/raw/templates/admin/extensions/pluginconfig.tpl
-{auto_escape off}
 {include file='header.tpl'}

-			{$form}
+			{$form|safe}

 {include file='footer.tpl'}
-{/auto_escape}
--- a/htdocs/theme/raw/templates/admin/extensions/plugins.tpl
+++ b/htdocs/theme/raw/templates/admin/extensions/plugins.tpl
-{auto_escape off}
 {include file='header.tpl'}

 <div id="adminplugin">
@@ -52,4 +51,3 @@
 </div>

 {include file='footer.tpl'}
-{/auto_escape}
--- a/htdocs/theme/raw/templates/admin/users/institutionadmins.tpl
+++ b/htdocs/theme/raw/templates/admin/users/institutionadmins.tpl
-{auto_escape off}
 {include file="header.tpl"}
 			<p>{str tag="institutionadminuserspagedescription" section="admin"}</p>

-			{$institutionselector}
+			{$institutionselector|safe}
            <div class="userlistform">
-			{$adminusersform}
+			{$adminusersform|safe}
            </div>

 {include file="footer.tpl"}
-{/auto_escape}
--- a/htdocs/theme/raw/templates/admin/users/institutions.tpl
+++ b/htdocs/theme/raw/templates/admin/users/institutions.tpl
-{auto_escape off}
 {include file="header.tpl"}

-			{if $delete_form}
-			<h3>{str tag="deleteinstitution" section="admin"}</h3>
-			<p>{str tag="deleteinstitutionconfirm" section="admin"}</p>
-			{$delete_form}
-			{else}
-			
-			{if $institution_form}
-            {if $suspended}
-            <div class="message">
-              <h4>{$suspended|escape}</h4>
-              <div id="suspendedhelp">
-                {if $USER->get('admin')}
-                <p class="description">{str tag="unsuspendinstitutiondescription_top" section="admin"}</p>
-                {else}
-                <p class="description">{str tag="unsuspendinstitutiondescription_top_instadmin" section="admin"}</p>
-                {/if}
-              </div>
-              <div class="center">{$suspendform_top}</div>
-            </div>
-            {/if}
-			{if $add}
-			<h3>{str tag="addinstitution" section="admin"}</h3>
-			{/if}
-			{$institution_form}
-            {if $suspendform}
-            <div id="suspendinstitution">
-              <h3 id="suspend">{str tag="suspendinstitution" section=admin}</h3>
-              <div class="suspendform">{$suspendform}</div>
-            </div>
-            {/if}
-			{else}
-			
-			<table id="adminstitutionslist" class="fullwidth">
-				<thead>
-				<tr>
-					<th>{str tag="institution"}</th>
-					<th class="center">{str tag="Members" section="admin"}</th>
-					<th class="center">{str tag="Maximum" section="admin"}</th>
-					<th class="center">{str tag="Staff" section="admin"}</th>
-					<th class="center">{str tag="Admins" section="admin"}</th>
-					<th></th>
-                    <th></th>
-				</tr>
-				</thead>
-				<tfoot>
-				<tr>
-					<td>
-                    {if $siteadmin}
-                        <form action="" method="post">
-                            <input type="submit" class="submit" name="add" value="{str tag="addinstitution" section="admin"}" id="admininstitution_add">
-                        </form>
-                    {/if}
-                    </td>
-                    <td colspan="5" class="institutionedituserbuttons right">{if count($institutions) > 1}
-                        <form action="{$WWWROOT}admin/users/institutionusers.php" method="post">
-                            <input type="submit" class="submit" name="editmembers" value="{str tag="editmembers" section="admin"}">
-                        </form>
-                        <form action="{$WWWROOT}admin/users/institutionstaff.php" method="post">
-                            <input type="submit" class="submit" name="editstaff" value="{str tag="editstaff" section="admin"}">
-                        </form>
-                        <form action="{$WWWROOT}admin/users/institutionadmins.php" method="post">
-                            <input type="submit" class="submit" name="editadmins" value="{str tag="editadmins" section="admin"}">
-                        </form>
-                    {/if}</td>
-                    <td></td>
-                </tr>
-				</tfoot>
-				<tbody>
-				{foreach from=$institutions item=institution}
-				<tr class="{cycle values='r0,r1'}">
-					<td>{$institution->displayname|escape}</td>
-					<td class="center">
-					  {if $institution->name != 'mahara'}
-						<a href="{$WWWROOT}admin/users/institutionusers.php?usertype=members&amp;institution={$institution->name}">{$institution->members}</a>
-					  {else}
-						<a href="{$WWWROOT}admin/users/search.php?institution=mahara">{$institution->members}</a>
-					  {/if}
-					</td>
-					<td class="center">{$institution->maxuseraccounts}</td>
-					<td class="center"><a href="{$WWWROOT}admin/users/institutionstaff.php?institution={$institution->name}">{$institution->staff}</a></td>
-					<td class="center"><a href="{$WWWROOT}admin/users/institutionadmins.php?institution={$institution->name}">{$institution->admins}</a></td>
-					<td class="admininstitutionbtns right">
-						<form action="" method="post">
-							<input type="hidden" name="i" value="{$institution->name}">
-							<input type="submit" class="submit btn-edit s" name="edit" value="{str tag="edit"}">
-							{if $siteadmin && !$institution->members && $institution->name != 'mahara'}<input type="submit" class="submit btn-del s" name="delete" value="{str tag="delete"}">{/if}
-						</form>
-					</td>
-                      <td class="center">{if $institution->suspended}<span class="suspended">{str tag="suspendedinstitution" section=admin}</span>{/if}</td>
-				</tr>
-				{/foreach}
-				</tbody>
-			</table>
+{if $delete_form}

-			{/if}
-			
-			{/if}
+<h3>{str tag="deleteinstitution" section="admin"}</h3>
+<p>{str tag="deleteinstitutionconfirm" section="admin"}</p>
+{$delete_form|safe}

+{elseif $institution_form}
+
+  {if $suspended}
+<div class="message">
+  <h4>{$suspended}</h4>
+  <div id="suspendedhelp">
+    {if $USER->get('admin')}
+    <p class="description">{str tag="unsuspendinstitutiondescription_top" section="admin"}</p>
+    {else}
+    <p class="description">{str tag="unsuspendinstitutiondescription_top_instadmin" section="admin"}</p>
+    {/if}
+  </div>
+  <div class="center">{$suspendform_top|safe}</div>
+</div>
+  {/if}
+  {if $add}
+<h3>{str tag="addinstitution" section="admin"}</h3>
+  {/if}
+{$institution_form|safe}
+  {if $suspendform}
+<div id="suspendinstitution">
+  <h3 id="suspend">{str tag="suspendinstitution" section=admin}</h3>
+  <div class="suspendform">{$suspendform|safe}</div>
+</div>
+  {/if}
+
+{else}
+<table id="adminstitutionslist" class="fullwidth">
+	<thead>
+	<tr>
+		<th>{str tag="institution"}</th>
+		<th class="center">{str tag="Members" section="admin"}</th>
+		<th class="center">{str tag="Maximum" section="admin"}</th>
+		<th class="center">{str tag="Staff" section="admin"}</th>
+		<th class="center">{str tag="Admins" section="admin"}</th>
+		<th></th>
+        <th></th>
+	</tr>
+	</thead>
+	<tfoot>
+	<tr>
+		<td>
+        {if $siteadmin}
+            <form action="" method="post">
+                <input type="submit" class="submit" name="add" value="{str tag="addinstitution" section="admin"}" id="admininstitution_add">
+            </form>
+        {/if}
+        </td>
+        <td colspan="5" class="institutionedituserbuttons right">{if count($institutions) > 1}
+            <form action="{$WWWROOT}admin/users/institutionusers.php" method="post">
+                <input type="submit" class="submit" name="editmembers" value="{str tag="editmembers" section="admin"}">
+            </form>
+            <form action="{$WWWROOT}admin/users/institutionstaff.php" method="post">
+                <input type="submit" class="submit" name="editstaff" value="{str tag="editstaff" section="admin"}">
+            </form>
+            <form action="{$WWWROOT}admin/users/institutionadmins.php" method="post">
+                <input type="submit" class="submit" name="editadmins" value="{str tag="editadmins" section="admin"}">
+            </form>
+        {/if}</td>
+        <td></td>
+    </tr>
+	</tfoot>
+	<tbody>
+	{foreach from=$institutions item=institution}
+	<tr class="{cycle values='r0,r1'}">
+		<td>{$institution->displayname}</td>
+		<td class="center">
+		  {if $institution->name != 'mahara'}
+			<a href="{$WWWROOT}admin/users/institutionusers.php?usertype=members&amp;institution={$institution->name}">{$institution->members}</a>
+		  {else}
+			<a href="{$WWWROOT}admin/users/search.php?institution=mahara">{$institution->members}</a>
+		  {/if}
+		</td>
+		<td class="center">{$institution->maxuseraccounts}</td>
+		<td class="center"><a href="{$WWWROOT}admin/users/institutionstaff.php?institution={$institution->name}">{$institution->staff}</a></td>
+		<td class="center"><a href="{$WWWROOT}admin/users/institutionadmins.php?institution={$institution->name}">{$institution->admins}</a></td>
+		<td class="admininstitutionbtns right">
+			<form action="" method="post">
+				<input type="hidden" name="i" value="{$institution->name}">
+				<input type="submit" class="submit btn-edit s" name="edit" value="{str tag="edit"}">
+				{if $siteadmin && !$institution->members && $institution->name != 'mahara'}<input type="submit" class="submit btn-del s" name="delete" value="{str tag="delete"}">{/if}
+			</form>
+		</td>
+          <td class="center">{if $institution->suspended}<span class="suspended">{str tag="suspendedinstitution" section=admin}</span>{/if}</td>
+	</tr>
+	{/foreach}
+	</tbody>
+</table>
+
+{/if}

 {include file="footer.tpl"}
-{/auto_escape}
--- a/htdocs/theme/raw/templates/admin/users/institutionstaff.tpl
+++ b/htdocs/theme/raw/templates/admin/users/institutionstaff.tpl
-{auto_escape off}
 {include file="header.tpl"}
 			<p>{str tag="institutionstaffuserspagedescription" section="admin"}</p>
-			{$institutionselector}
+			{$institutionselector|safe}
            <div class="userlistform">
-			{$staffusersform}
+			{$staffusersform|safe}
            </div>
 {include file="footer.tpl"}
-{/auto_escape}
--- a/htdocs/theme/raw/templates/admin/users/institutionusers.tpl
+++ b/htdocs/theme/raw/templates/admin/users/institutionusers.tpl
-{auto_escape off}
 {include file="header.tpl"}
 <p>{str tag="institutionmemberspagedescription" section="admin"}</p>
 <p>{$instructions}</p>
-{$usertypeselector}
+{$usertypeselector|safe}
 <div class="userlistform">
-{$institutionusersform}
+{$institutionusersform|safe}
 </div>
 {include file="footer.tpl"}
-{/auto_escape}
--- a/htdocs/theme/raw/templates/admin/users/noinstitutions.tpl
+++ b/htdocs/theme/raw/templates/admin/users/noinstitutions.tpl
-{auto_escape off}
 {include file="header.tpl"}

 <h1>{str tag="noinstitutions" section="admin"}</h1>
@@ -11,4 +10,3 @@
 </div>

 {include file="footer.tpl"}
-{/auto_escape}
--- a/htdocs/theme/raw/templates/form/authlist.tpl
+++ b/htdocs/theme/raw/templates/form/authlist.tpl
-{{auto_escape off}}
 <script type="text/javascript">

    function move_up(id) {
@@ -77,13 +76,13 @@
        inuseArray   = arrayIze('institution_inuse');

        if (instanceArray.length == 1) {
-            alert({{$cannotremove}});
+            alert({{$cannotremove|safe}});
            return false;
        }

 		for(i = 0; i < inuseArray.length; i++) {
 			if (id == inuseArray[i]) {
-				alert({{$cannotremoveinuse}});
+				alert({{$cannotremoveinuse|safe}});
 				return false;
 			}
 		}
@@ -120,7 +119,7 @@
        var selectedPlugin = document.getElementById('dummySelect').value;
        var institution = '{{$institution}}';
        if (institution.length == 0) {
-            alert({{$saveinstitutiondetailsfirst}});
+            alert({{$saveinstitutiondetailsfirst|safe}});
            return false;
        }

@@ -144,7 +143,7 @@
        if (requiresConfig(plugin)) {
            window.open('addauthority.php?id='+id+'&edit=1&i={{$institution}}&p=' + plugin, 'editinstance', 'height=520,width=550,screenx=250,screenY=200,scrollbars=1');
        } else {
-            alert({{$noauthpluginconfigoptions}});
+            alert({{$noauthpluginconfigoptions|safe}});
        }
    }

@@ -188,10 +187,9 @@ IMPORTANT: do not introduce any new whitespace into the instanceList div.
 </div>
 <select name="dummy" id="dummySelect">
 {{foreach $authtypes authtype}}
-    <option value="{{$authtype->name|escape}}"{{if !$authtype->is_usable}} disabled="disabled"{{/if}}>{{$authtype->title|escape}} - {{$authtype->description|escape}}</option>
+    <option value="{{$authtype->name}}"{{if !$authtype->is_usable}} disabled="disabled"{{/if}}>{{$authtype->title}} - {{$authtype->description}}</option>
 {{/foreach}}
 </select>
 <button type="button" onclick="addinstance(); return false;" name="button" value="foo">{{str tag=Add section=admin}}</button>
 <input type="hidden" id="instancePriority" name="instancePriority" value="{{$instancestring}}" />
 <input type="hidden" id="deleteList" name="deleteList" value="" />
-{{/auto_escape}}