Enable auto_escape in group templates

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Enable auto_escape in group templates
Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>
272cc88f · Richard Mansfield · f71bac79 · 272cc88f · 272cc88f · 272cc88f
Commit 272cc88f authored May 24, 2010 by Richard Mansfield
--- a/htdocs/group/create.php
+++ b/htdocs/group/create.php
@@ -88,9 +88,9 @@ $creategroup = pieform(array(
 ));

 $smarty = smarty();
-$smarty->assign('creategroup', $creategroup);
+$smarty->assign('form', $creategroup);
 $smarty->assign('PAGEHEADING', hsc(TITLE));
-$smarty->display('group/create.tpl');
+$smarty->display('form.tpl');


 function creategroup_validate(Pieform $form, $values) {

--- a/htdocs/group/delete.php
+++ b/htdocs/group/delete.php
@@ -67,7 +67,7 @@ $form = pieform(array(
 ));

 $smarty = smarty();
-$smarty->assign('subheading', hsc(TITLE));
+$smarty->assign('subheading', TITLE);
 $smarty->assign('message', $views ? get_string('groupconfirmdeletehasviews', 'group') : get_string('groupconfirmdelete', 'group'));
 $smarty->assign('form', $form);
 $smarty->display('group/delete.tpl');

--- a/htdocs/group/interactions.php
+++ b/htdocs/group/interactions.php
@@ -71,7 +71,7 @@ $smarty = smarty();
 $smarty->assign('group', $group);
 $smarty->assign('data', $interactiontypes);
 $smarty->assign('pluginnames', $names);
-$smarty->assign('subheading', hsc(TITLE));
+$smarty->assign('subheading', TITLE);
 $smarty->display('group/interactions.tpl');

 ?>
--- a/htdocs/group/invite.php
+++ b/htdocs/group/invite.php
@@ -85,7 +85,7 @@ $form = pieform(array(
 ));

 $smarty = smarty();
-$smarty->assign('subheading', hsc(TITLE));
+$smarty->assign('subheading', TITLE);
 $smarty->assign('form', $form);
 $smarty->display('group/invite.tpl');


--- a/htdocs/lib/group.php
+++ b/htdocs/lib/group.php
@@ -821,7 +821,6 @@ function group_prepare_usergroups_for_display($groups, $returnto='mygroups') {
                $group->admins[] = $admin->member;
            }
        }
-        $group->description = str_shorten_html($group->description, 100, true);
        if ($group->membershiptype == 'member') {
            $group->canleave = group_user_can_leave($group->id);
        }

--- a/htdocs/theme/raw/templates/group/changerole.tpl
+++ b/htdocs/theme/raw/templates/group/changerole.tpl
-{auto_escape off}
 {include file="header.tpl"}
 {include file="sidebar.tpl"}

-                <h2>{$subheading|escape}</h2>
-                {$changeform}
+                <h2>{$subheading}</h2>
+                {$changeform|safe}

-{include file="footer.tpl"}
-
-
-{/auto_escape}
+{include file="footer.tpl"}
\ No newline at end of file
--- a/htdocs/theme/raw/templates/group/create.tpl
+++ b/htdocs/theme/raw/templates/group/create.tpl
-{auto_escape off}
-{include file="header.tpl"}
-
-    		{$creategroup}
-
-{include file="footer.tpl"}
-
-{/auto_escape}
--- a/htdocs/theme/raw/templates/group/delete.tpl
+++ b/htdocs/theme/raw/templates/group/delete.tpl
-{auto_escape off}
 {include file="header.tpl"}
 <div class="message">
-<h3>{$subheading|escape}</h3>
+<h3>{$subheading}</h3>
 <p>{$message}</p>
-{$form}
+{$form|safe}
 </div>
 {include file="footer.tpl"}
-{/auto_escape}
+
--- a/htdocs/theme/raw/templates/group/edit.tpl
+++ b/htdocs/theme/raw/templates/group/edit.tpl
-{auto_escape off}
 {include file="header.tpl"}
    		<h2>{str tag=editgroup section=group}</h2>
-    		{$editgroup}
+            {$editgroup|safe}
 {include file="footer.tpl"}

-{/auto_escape}
--- a/htdocs/theme/raw/templates/group/find.tpl
+++ b/htdocs/theme/raw/templates/group/find.tpl
-{auto_escape off}
 {include file="header.tpl"}
-{$form}
+{$form|safe}
 {if $groups}
 {foreach from=$groups item=group}
            <div class="{cycle values='r0,r1'} listing">
@@ -12,9 +11,8 @@
                </div>
            </div>
 {/foreach}
-{$pagination}
+{$pagination|safe}
 {else}
            <div class="message">{str tag="nogroupsfound" section="group"}</div>
 {/if}
 {include file="footer.tpl"}
-{/auto_escape}
--- a/htdocs/theme/raw/templates/group/group.tpl
+++ b/htdocs/theme/raw/templates/group/group.tpl
-{auto_escape off}
-<h3><a href="{$WWWROOT}group/view.php?id={$group->id|escape}">{$group->name|escape}</a></h3>
-<h6>{foreach name=admins from=$group->admins item=id}<a href="{$WWWROOT}user/view.php?id={$id|escape}">{$id|display_name|escape}</a>{if !$.foreach.admins.last}, {/if}{/foreach}</h6>
+<h3><a href="{$WWWROOT}group/view.php?id={$group->id}">{$group->name}</a></h3>
+<h6>{foreach name=admins from=$group->admins item=id}<a href="{$WWWROOT}user/view.php?id={$id}">{$id|display_name|escape}</a>{if !$.foreach.admins.last}, {/if}{/foreach}</h6>
 <div>{$group->settingsdescription}</div>
-{$group->description}
+{$group->description|str_shorten_html:100:true|safe}
 <div>{str tag="memberslist" section="group"}
 {foreach name=members from=$group->members item=member}
-	<a href="{$WWWROOT}user/view.php?id={$member->id|escape}">{$member->name|escape}</a>{if !$.foreach.members.last}, {/if}
+	<a href="{$WWWROOT}user/view.php?id={$member->id}">{$member->name}</a>{if !$.foreach.members.last}, {/if}
 {/foreach}
-{if $group->membercount > 3}<a href="{$WWWROOT}group/members.php?id={$group->id|escape}">...</a>{/if}
+{if $group->membercount > 3}<a href="{$WWWROOT}group/members.php?id={$group->id}">...</a>{/if}
 </div>
-
-{/auto_escape}
--- a/htdocs/theme/raw/templates/group/groupuserstatus.tpl
+++ b/htdocs/theme/raw/templates/group/groupuserstatus.tpl
-{auto_escape off}
 <ul class="groupuserstatus">
 {if $group->membershiptype == 'member'}
 	<li class="member">
            {str tag="youaregroup$group->role" section="group"}
        </li>
 {if $group->canleave}
-    <li><a href = "{$WWWROOT}group/leave.php?id={$group->id|escape}&amp;returnto={$returnto}" class="btn-leavegroup">{str tag="leavegroup" section="group"}</a></li>
+    <li><a href = "{$WWWROOT}group/leave.php?id={$group->id}&amp;returnto={$returnto}" class="btn-leavegroup">{str tag="leavegroup" section="group"}</a></li>
 {/if}
 {elseif $group->membershiptype == 'admin'}
-	<li><a href="{$WWWROOT}group/edit.php?id={$group->id|escape}" class="btn-edit">{str tag="edit"}</a></li>
-	<li><a href="{$WWWROOT}group/delete.php?id={$group->id|escape}" class="btn-del">{str tag="delete"}</a></li>
+	<li><a href="{$WWWROOT}group/edit.php?id={$group->id}" class="btn-edit">{str tag="edit"}</a></li>
+	<li><a href="{$WWWROOT}group/delete.php?id={$group->id}" class="btn-del">{str tag="delete"}</a></li>
 	
 {if $group->jointype == 'request' && $group->requests}
 	<li>
-		<a href="{$WWWROOT}group/members.php?id={$group->id|escape}&amp;membershiptype=request" class="btn-pending">{str tag="membershiprequests" section="group"} ({$group->requests})</a>
+		<a href="{$WWWROOT}group/members.php?id={$group->id}&amp;membershiptype=request" class="btn-pending">{str tag="membershiprequests" section="group"} ({$group->requests})</a>
 	</li>
 {/if}
 	
@@ -26,18 +25,17 @@
 {else}
 		{str tag="grouphaveinvite" section="group"}
 {/if}
-	{$group->invite}
+	{$group->invite|safe}
 	</li>
 	
 {elseif $group->membershiptype == 'request'}
 	<li>{str tag="requestedtojoin" section="group"}</li>
 	
 {elseif $group->jointype == 'open'}
-	{$group->groupjoin}
+	{$group->groupjoin|safe}
 	
 {elseif $group->jointype == 'request'}
-	<li><a href="{$WWWROOT}group/requestjoin.php?id={$group->id|escape}&amp;returnto={$returnto}" class="btn-req">{str tag="requestjoingroup" section="group"}</a></li>
+	<li><a href="{$WWWROOT}group/requestjoin.php?id={$group->id}&amp;returnto={$returnto}" class="btn-req">{str tag="requestjoingroup" section="group"}</a></li>
 	
 {/if}
 </ul>
-{/auto_escape}
--- a/htdocs/theme/raw/templates/group/info.tpl
+++ b/htdocs/theme/raw/templates/group/info.tpl
-{auto_escape off}
                <ul>
                    <li><label>{str tag=groupadmins section=group}:</label> {foreach name=admins from=$group->admins item=id}
-                    <img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$id|escape}" alt="">
-                    <a href="{$WWWROOT}user/view.php?id={$id|escape}">{$id|display_name|escape}</a>{if !$.foreach.admins.last}, {/if}
+                    <img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$id}" alt="">
+                    <a href="{$WWWROOT}user/view.php?id={$id}">{$id|display_name|escape}</a>{if !$.foreach.admins.last}, {/if}
                    {/foreach}</li>
                    <li>{$group->settingsdescription}</li>
                    <li><label>{str tag=Created section=group}:</label> {$group->ctime}</li>
@@ -11,4 +10,3 @@
                        <span><label>{str tag=Files section=artefact.file}:</label> {$filecount}&nbsp;</span>
                        <span><label>{str tag=Folders section=artefact.file}:</label> {$foldercount}</span></li>
                </ul>
-{/auto_escape}
--- a/htdocs/theme/raw/templates/group/interactions.tpl
+++ b/htdocs/theme/raw/templates/group/interactions.tpl
-{auto_escape off}
 {include file="header.tpl"}
 {include file="sidebar.tpl"}

-                <h2>{$subheading|escape}</h2>
+                <h2>{$subheading}</h2>

    <ul>
    {foreach from=$data item=interactions key=plugin}
@@ -11,7 +10,7 @@
            <ul>
            {foreach from=$interactions item=interaction}
                <li>
-                    <a href="{$WWWROOT}interaction/{$interaction->plugin|escape}/view.php?id={$interaction->id|escape}">{$interaction->title|escape}</a> [
+                    <a href="{$WWWROOT}interaction/{$interaction->plugin}/view.php?id={$interaction->id}">{$interaction->title}</a> [
                    <a href="{$WWWROOT}interaction/edit.php?id={$interaction->id}">{str tag='edit'}</a> |
                    <a href="{$WWWROOT}interaction/delete.php?id={$interaction->id}">{str tag='delete'}</a> ]
                </li>
@@ -23,5 +22,3 @@
    </ul>

 {include file="footer.tpl"}
-
-{/auto_escape}
--- a/htdocs/theme/raw/templates/group/invite.tpl
+++ b/htdocs/theme/raw/templates/group/invite.tpl
-{auto_escape off}
 {include file="header.tpl"}
 <h2>{$subheading}</h2>
 {include file="group/simplegroup.tpl" group=$GROUP}
-{$form}
+{$form|safe}
 {include file="footer.tpl"}
-{/auto_escape}
--- a/htdocs/theme/raw/templates/group/leave.tpl
+++ b/htdocs/theme/raw/templates/group/leave.tpl
-{auto_escape off}
 {include file="header.tpl"}
-<h2>{$subheading|escape}</h2>
+<h2>{$subheading}</h2>
 <div class="message">
 <p>{$message}</p>
-{$form}
+{$form|safe}
 </div>
 {include file="footer.tpl"}
-{/auto_escape}
--- a/htdocs/theme/raw/templates/group/members.tpl
+++ b/htdocs/theme/raw/templates/group/members.tpl
-{auto_escape off}
 {include file="header.tpl"}

-    {$form}
+    {$form|safe}
    <p>{$instructions}</p>
    {if $membershiptype}<h3>{str tag=pendingmembers section=group}</h3>{/if}
    <div id="results">
        <table id="membersearchresults" class="tablerenderer fullwidth listing twocolumn">
            <tbody>
-            {$results}
+            {$results|safe}
            </tbody>
        </table>
    </div>
-    {$pagination}
+    {$pagination|safe}

 {include file="footer.tpl"}
-{/auto_escape}
--- a/htdocs/theme/raw/templates/group/membersearchresults.tpl
+++ b/htdocs/theme/raw/templates/group/membersearchresults.tpl
-{auto_escape off}
 {if $results.data}
        {foreach from=$results.cdata item=row}
          <tr class="{cycle values='r0,r1'}">
            {foreach from=$row item=r}
            <td>
              <div class="fl"><img src="{profile_icon_url user=$r maxwidth=40 maxheight=40}" alt=""></div>
-                <h3><a href="{$WWWROOT}user/view.php?id={$r.id|escape}">{$r.name|escape}</a></h3>
+                <h3><a href="{$WWWROOT}user/view.php?id={$r.id}">{$r.name}</a></h3>
                {if $r.role}
                <div class="rel">
                  <strong>{$results.roles[$r.role]->display}</strong>
                  {if $caneditroles && $r.canchangerole} (<a href="{$WWWROOT}group/changerole.php?group={$group}&amp;user={$r.id}">{str tag=changerole section=group}</a>){/if}
-                  <div class="rbuttons btn-del">{$r.removeform}</div>
-                  <div>{$r.introduction|str_shorten_html:80:true}</div>
+                  <div class="rbuttons btn-del">{$r.removeform|safe}</div>
+                  <div>{$r.introduction|str_shorten_html:80:true|safe}</div>
                  <label>{str tag="Joined" section="group"}:</label> {$r.jointime}
                </div>
                {elseif $membershiptype == 'request'}
                <div>{str tag=hasrequestedmembership section=group}.{if $r.reason}
-                  <label>{str tag=reason}:</label> {$r.reason|format_whitespace}{/if}
+                  <label>{str tag=reason}:</label> {$r.reason|format_whitespace|safe}{/if}
                </div>
-                <div class="right btn-add">{$r.addform}</div>
-                <div class="right btn-add">{$r.denyform}</div>
+                <div class="right btn-add">{$r.addform|safe}</div>
+                <div class="right btn-add">{$r.denyform|safe}</div>
                {elseif $membershiptype == 'invite'}
                <div>{str tag=hasbeeninvitedtojoin section=group}</div>
                {/if}
@@ -31,4 +30,3 @@
 {else}
    <div>{str tag="noresultsfound"}</div>
 {/if}
-{/auto_escape}
--- a/htdocs/theme/raw/templates/group/mygroups.tpl
+++ b/htdocs/theme/raw/templates/group/mygroups.tpl
-{auto_escape off}
 {include file="header.tpl"}
 {if $cancreate}
            <div class="rbuttons">
                <a href="{$WWWROOT}group/create.php" class="btn">{str tag="creategroup" section="group"}</a>
            </div>
 {/if}
-{$form}
+{$form|safe}
 {if $groups}
 {foreach from=$groups item=group}
            <div class="{cycle values='r0,r1'} listing">
@@ -17,9 +16,8 @@
                </div>
            </div>
 {/foreach}
-{$pagination}
+{$pagination|safe}
 {else}
            <div class="message">{str tag="trysearchingforgroups" section="group" args=$searchingforgroups}</div>
 {/if}
 {include file="footer.tpl"}
-{/auto_escape}
--- a/htdocs/theme/raw/templates/group/requestjoin.tpl
+++ b/htdocs/theme/raw/templates/group/requestjoin.tpl
-{auto_escape off}
 {include file="header.tpl"}
-<h3>{$subheading|escape}</h3>
-{$form}
+<h3>{$subheading}</h3>
+{$form|safe}
 {include file="footer.tpl"}
-{/auto_escape}