Commit 2795f939 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Turn on auto_escape in more templates


Signed-off-by: default avatarRichard Mansfield <richardm@catalyst.net.nz>
parent 76e5d0c7
......@@ -511,7 +511,7 @@ $smarty->assign('institutions', count($allinstitutions) > 1);
$smarty->assign('institutionform', $institutionform);
if ($id != $USER->get('id') && is_null($USER->get('parentuser'))) {
$loginas = get_string('loginasuser', 'admin', hsc($user->username));
$loginas = get_string('loginasuser', 'admin', $user->username);
} else {
$loginas = null;
}
......
{auto_escape off}
{if !$options.hidetitle}<h2>{$artefacttitle}</h2>{/if}
{if !$options.hidetitle}<h2>{$artefacttitle|safe}</h2>{/if}
{$description}
{$description|clean_html|safe}
{if $tags}<div class="tags">{str tag=tags}: {list_tags owner=$owner tags=$tags}</div>{/if}
{foreach from=$postdata item=post}
{$post.content.html}
{$post.content.html|safe}
{/foreach}
{if $newerpostslink || $olderpostslink}
<div class="blog-pagination">
{if $olderpostslink}<div class="fr"><a href="{$olderpostslink|escape}">{str tag=olderposts section=artefact.blog}</a></div>{/if}
{if $newerpostslink}<div><a href="{$newerpostslink|escape}">{str tag=newerposts section=artefact.blog}</a></div>{/if}
{if $olderpostslink}<div class="fr"><a href="{$olderpostslink}">{str tag=olderposts section=artefact.blog}</a></div>{/if}
{if $newerpostslink}<div><a href="{$newerpostslink}">{str tag=newerposts section=artefact.blog}</a></div>{/if}
</div>
{/if}
{/auto_escape}
{auto_escape off}
<ul>
{foreach from=$mostrecent item=post}
<li>
<a href="{$WWWROOT}view/artefact.php?artefact={$post->id|escape}&amp;view={$view|escape}">{$post->title|escape}</a>
<a href="{$WWWROOT}view/artefact.php?artefact={$post->id}&amp;view={$view}">{$post->title}</a>
{str tag='postedin' section='blocktype.blog/recentposts'}
<a href="{$WWWROOT}view/artefact.php?artefact={$post->parent|escape}&amp;view={$view|escape}">{$post->parenttitle|escape}</a>
<a href="{$WWWROOT}view/artefact.php?artefact={$post->parent}&amp;view={$view}">{$post->parenttitle}</a>
{str tag='postedon' section='blocktype.blog/recentposts'}
{$post->displaydate}
</li>
{/foreach}
</ul>
{/auto_escape}
......@@ -219,7 +219,7 @@ class ArtefactTypeBlog extends ArtefactType {
}
$smarty->assign('options', $options);
$smarty->assign('description', clean_html($this->get('description')));
$smarty->assign('description', $this->get('description'));
$smarty->assign('owner', $this->get('owner'));
$smarty->assign('tags', $this->get('tags'));
......@@ -538,7 +538,7 @@ class ArtefactTypeBlogPost extends ArtefactType {
}
// We need to make sure that the images in the post have the right viewid associated with them
$postcontent = clean_html($this->get('description'));
$postcontent = $this->get('description');
if (isset($options['viewid'])) {
safe_require('artefact', 'file');
$postcontent = ArtefactTypeFolder::append_view_url($postcontent, $options['viewid']);
......
{auto_escape off}
<tr>
<td style="width: 20px;" rowspan="2">
{$formcontrols}
{$formcontrols|safe}
</td>
<th><label for="{$elementname}_{$artefact->id}">{if $artefact->blog}{$artefact->blog|escape}: {/if}{$artefact->title|escape}</label></th>
<th><label for="{$elementname}_{$artefact->id}">{if $artefact->blog}{$artefact->blog}: {/if}{$artefact->title}{if $artefact->draft} [{str tag=draft section=artefact.blog}]{/if}</label></th>
</tr>
<tr>
<td>{if $artefact->description}{$artefact->description}{/if}</td>
<td>{if $artefact->description}{$artefact->description|clean_html|safe}{/if}</td>
</tr>
{/auto_escape}
{auto_escape off}
<script type="text/javascript">
function confirmdelete(id) {
if(confirm("{str tag=deleteblog? section=artefact.blog}")) {
......@@ -9,8 +8,8 @@
{foreach from=$blogs->data item=blog}
<tr class="{cycle name=rows values='r0,r1'}">
<td>
<div><strong><a href="{$WWWROOT}artefact/blog/view/?id={$blog->id}">{$blog->title|escape}</a></strong></div>
<div>{$blog->description|clean_html}</div>
<div><strong><a href="{$WWWROOT}artefact/blog/view/?id={$blog->id}">{$blog->title}</a></strong></div>
<div>{$blog->description|clean_html|safe}</div>
</td>
<td class="right">
<a href="{$WWWROOT}artefact/blog/view/?id={$blog->id}">{$blog->postcount}</a>
......@@ -20,4 +19,3 @@
</td>
</tr>
{/foreach}
{/auto_escape}
{auto_escape off}
{include file="header.tpl"}
{$form}
{$form|safe}
{include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
{**
* This template displays a blog post.
*}
<div>
{if $artefacttitle}<h3>{$artefacttitle}</h3>{/if}
<div>{$artefactdescription}</div>
{if $artefacttitle}<h3>{$artefacttitle|safe}</h3>{/if}
<div>{$artefactdescription|clean_html|safe}</div>
{if isset($attachments)}
<table class="cb attachments fullwidth">
<tbody>
......@@ -12,14 +11,13 @@
{if $artefact->get('tags')}<div class="tags">{str tag=tags}: {list_tags owner=$artefact->get('owner') tags=$artefact->get('tags')}</div>{/if}
{foreach from=$attachments item=item}
<tr class="{cycle values='r0,r1'}">
{if $icons}<td style="width: 22px;"><img src="{$item->iconpath|escape}" alt=""></td>{/if}
<td><a href="{$item->viewpath|escape}">{$item->title|escape}</a> ({$item->size|escape}) - <strong><a href="{$item->downloadpath|escape}">{str tag=Download section=artefact.file}</a></strong>
<br>{$item->description|escape}</td>
{if $icons}<td style="width: 22px;"><img src="{$item->iconpath}" alt=""></td>{/if}
<td><a href="{$item->viewpath}">{$item->title}</a> ({$item->size}) - <strong><a href="{$item->downloadpath}">{str tag=Download section=artefact.file}</a></strong>
<br>{$item->description}</td>
</tr>
{/foreach}
</tbody>
</table>
{/if}
<div class="postdetails">{$postedbyon|escape}</div>
<div class="postdetails">{$postedbyon}</div>
</div>
{/auto_escape}
{auto_escape off}
{include file="header.tpl"}
{$editform}
{$editform|safe}
{include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
{include file="header.tpl"}
<div id="myblogs rel">
......@@ -7,7 +6,7 @@
<a class="btn btn-add" href="{$WWWROOT}artefact/blog/post.php?blog={$blog->get('id')}">{str section="artefact.blog" tag="addpost"}</a>
</div>
<p>{$blog->get('description')}</p>
<p>{clean_html($blog->get('description'))|safe}</p>
{if $blog->get('tags')}<p class="tags">{str tag=tags}: {list_tags owner=$blog->get('owner') tags=$blog->get('tags')}</p>{/if}
{if $blog->count_children() > 0}
......@@ -22,4 +21,4 @@
</div>
{include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
{include file="header.tpl"}
{$settingsformtag}
{$settingsformtag|safe}
<table id="profileicons" class="hidden tablerenderer">
<thead>
<tr>
......@@ -24,6 +23,5 @@
<h3>{str tag="uploadprofileicon" section="artefact.file"}</h3>
<p>{str tag="profileiconsiconsizenotice" section="artefact.file" args=$imagemaxdimensions}</p>
{$uploadform}
{$uploadform|safe}
{include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
{if $profileiconpath}<div class="fr"><img src="{$profileiconpath|escape}" alt=""></div>{/if}
<p>{$profileinfo.introduction|clean_html}</p>
{if $profileiconpath}<div class="fr"><img src="{$profileiconpath}" alt=""></div>{/if}
<p>{$profileinfo.introduction|clean_html|safe}</p>
{if $profileinfo && (count($profileinfo) != 1 || !$profileinfo.introduction)}<ul>
{foreach from=$profileinfo key=key item=item}
{if !in_array($key, array('introduction'))} <li><strong>{str tag=$key section=artefact.internal}:</strong> {$item}</li>
......@@ -8,4 +7,3 @@
{/foreach}
</ul>{/if}
{if $profileiconpath}<div class="cb"></div>{/if}
{/auto_escape}
{auto_escape off}
{include file="header.tpl"}
{$profileform}
{$profileform|safe}
<script type="text/javascript">
{literal} insertSiblingNodesAfter('profileform', DIV({'id': 'profile-loading'}, IMG({'src': config.theme['images/loading.gif'], 'alt': ''}), ' ', get_string('loading')));{/literal}
</script>
{include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
<fieldset>{if !$hidetitle}<legend class="resumeh3">{str tag='book' section='artefact.resume'}
{if $controls}
{contextualhelp plugintype='artefact' pluginname='resume' section='addbook'}
......@@ -20,17 +19,16 @@
<tbody>
{foreach from=$rows item=row}
<tr class="{cycle values='r0,r1'}">
<td>{$row->date|escape}</td>
<td><div class="jstitle">{$row->title|escape}</div><div class="jsdescription">{$row->description|escape}</div></td>
<td>{$row->date}</td>
<td><div class="jstitle">{$row->title}</div><div class="jsdescription">{$row->description}</div></td>
</tr>
{/foreach}
</tbody>
</table>
{if $controls}
<div>
<div id="bookform" class="hidden">{$compositeforms.book}</div>
<div id="bookform" class="hidden">{$compositeforms.book|safe}</div>
<button id="addbookbutton" class="cancel" onclick="toggleCompositeForm('book');">{str tag='add'}</button>
</div>
{/if}
</fieldset>
{/auto_escape}
{auto_escape off}
<fieldset>{if !$hidetitle}<legend class="resumeh3">{str tag='certification' section='artefact.resume'}
{if $controls}
{contextualhelp plugintype='artefact' pluginname='resume' section='addcertification'}
......@@ -20,17 +19,16 @@
<tbody>
{foreach from=$rows item=row}
<tr class="{cycle values='r0,r1'}">
<td>{$row->date|escape}</td>
<td><div class="jstitle">{$row->title|escape}</div><div class="jsdescription">{$row->description|escape}</div></td>
<td>{$row->date}</td>
<td><div class="jstitle">{$row->title}</div><div class="jsdescription">{$row->description}</div></td>
</tr>
{/foreach}
</tbody>
</table>
{if $controls}
<div>
<div id="certificationform" class="hidden">{$compositeforms.certification}</div>
<div id="certificationform" class="hidden">{$compositeforms.certification|safe}</div>
<button id="addcertificationbutton" class="cancel" onclick="toggleCompositeForm('certification');">{str tag='add'}</button>
</div>
{/if}
</fieldset>
{/auto_escape}
{auto_escape off}
<fieldset>{if !$hidetitle}<legend class="resumeh3">{str tag='educationhistory' section='artefact.resume'}
{if $controls}
{contextualhelp plugintype='artefact' pluginname='resume' section='addeducationhistory'}
......@@ -21,18 +20,17 @@
<tbody>
{foreach from=$rows item=row}
<tr class="{cycle values='r0,r1'}">
<td>{$row->startdate|escape}</td>
<td>{$row->enddate|escape}</td>
<td><div class="jstitle">{$row->qualification|escape}</div><div class="jsdescription">{$row->qualdescription|escape}</div></td>
<td>{$row->startdate}</td>
<td>{$row->enddate}</td>
<td><div class="jstitle">{$row->qualification}</div><div class="jsdescription">{$row->qualdescription}</div></td>
</tr>
{/foreach}
</tbody>
</table>
{if $controls}
<div>
<div id="educationhistoryform" class="hidden">{$compositeforms.educationhistory}</div>
<div id="educationhistoryform" class="hidden">{$compositeforms.educationhistory|safe}</div>
<button id="addeducationhistorybutton" class="cancel" onclick="toggleCompositeForm('educationhistory');">{str tag='add'}</button>
</div>
{/if}
</fieldset>
{/auto_escape}
{auto_escape off}
<fieldset>{if !$hidetitle}<legend class="resumeh3">{str tag='employmenthistory' section='artefact.resume'}
{if $controls}
{contextualhelp plugintype='artefact' pluginname='resume' section='addemploymenthistory'}
......@@ -21,19 +20,18 @@
<tbody>
{foreach from=$rows item=row}
<tr class="{cycle values='r0,r1'}">
<td>{$row->startdate|escape}</td>
<td>{$row->enddate|escape}</td>
<td><div class="jstitle">{$row->jobtitle|escape}: {$row->employer|escape}</div>
<div class="jsdescription">{$row->positiondescription|escape}</div></td>
<td>{$row->startdate}</td>
<td>{$row->enddate}</td>
<td><div class="jstitle">{$row->jobtitle}: {$row->employer}</div>
<div class="jsdescription">{$row->positiondescription}</div></td>
</tr>
{/foreach}
</tbody>
</table>
{if $controls}
<div>
<div id="employmenthistoryform" class="hidden">{$compositeforms.employmenthistory}</div>
<div id="employmenthistoryform" class="hidden">{$compositeforms.employmenthistory|safe}</div>
<button id="addemploymenthistorybutton" class="cancel" onclick="toggleCompositeForm('employmenthistory');">{str tag='add'}</button>
</div>
{/if}
</fieldset>
{/auto_escape}
{auto_escape off}
<fieldset>{if !$hidetitle}<legend class="resumeh3">{str tag='membership' section='artefact.resume'}
{if $controls}
{contextualhelp plugintype='artefact' pluginname='resume' section='addmembership'}
......@@ -21,18 +20,17 @@
<tbody>
{foreach from=$rows item=row}
<tr class="{cycle values='r0,r1'}">
<td>{$row->startdate|escape}</td>
<td>{$row->enddate|escape}</td>
<td><div class="jstitle">{$row->title|escape}</div><div class="jsdescription">{$row->description|escape}</div></td>
<td>{$row->startdate}</td>
<td>{$row->enddate}</td>
<td><div class="jstitle">{$row->title}</div><div class="jsdescription">{$row->description}</div></td>
</tr>
{/foreach}
</tbody>
</table>
{if $controls}
<div>
<div id="membershipform" class="hidden">{$compositeforms.membership}</div>
<div id="membershipform" class="hidden">{$compositeforms.membership|safe}</div>
<button id="addmembershipbutton" class="cancel" onclick="toggleCompositeForm('membership');">{str tag='add'}</button>
</div>
{/if}
</fieldset>
{/auto_escape}
{auto_escape off}
{include file="header.tpl"}
<div id="resumewrap">
{$goalform}
{$goalform|safe}
</div>
{include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
{include file="header.tpl"}
<div id="resumewrap">
{$coverletterform}
{$personalinformationform}
{$coverletterform|safe}
{$personalinformationform|safe}
</div>
{include file="footer.tpl"}
{/auto_escape}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment