Commit 3769fe88 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Enable auto_escape in header & footer and fix PAGEHEADING var to avoid double escaping


Signed-off-by: default avatarRichard Mansfield <richardm@catalyst.net.nz>
parent 566360c2
......@@ -87,7 +87,7 @@ else {
}
$smarty = smarty();
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('message', $message);
$smarty->display('artefact:internal:validate.tpl');
......
......@@ -48,6 +48,6 @@ $compositeforms = ArtefactTypeResumeComposite::get_forms($compositetypes);
$smarty = smarty(array('tablerenderer'));
$smarty->assign('compositeforms', $compositeforms);
$smarty->assign('INLINEJAVASCRIPT', $inlinejs);
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('SUBPAGENAV', PluginArtefactResume::submenu_items());
$smarty->display('artefact:resume:achievements.tpl');
......@@ -43,7 +43,7 @@ $compositeforms = ArtefactTypeResumeComposite::get_forms($compositetypes);
$smarty = smarty(array('tablerenderer'));
$smarty->assign('compositeforms', $compositeforms);
$smarty->assign('INLINEJAVASCRIPT', $inlinejs);
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('SUBPAGENAV', PluginArtefactResume::submenu_items());
$smarty->display('artefact:resume:employment.tpl');
......
......@@ -102,7 +102,7 @@ $gform = array(
$goalform = pieform($gform);
$smarty = smarty();
$smarty->assign('goalform', $goalform);
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('SUBPAGENAV', PluginArtefactResume::submenu_items());
$smarty->display('artefact:resume:goals.tpl');
......@@ -151,7 +151,7 @@ $personalinformationform = pieform(array(
$smarty = smarty();
$smarty->assign('coverletterform', $coverletterform);
$smarty->assign('personalinformationform',$personalinformationform);
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('SUBPAGENAV', PluginArtefactResume::submenu_items());
$smarty->display('artefact:resume:index.tpl');
......
......@@ -73,7 +73,7 @@ $interestsform = pieform(array(
$smarty = smarty();
$smarty->assign('interestsform', $interestsform);
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('SUBPAGENAV', PluginArtefactResume::submenu_items());
$smarty->display('artefact:resume:interests.tpl');
......
......@@ -97,7 +97,7 @@ $sform = array(
$skillform = pieform($sform);
$smarty = smarty();
$smarty->assign('skillform', $skillform);
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('SUBPAGENAV', PluginArtefactResume::submenu_items());
$smarty->display('artefact:resume:skills.tpl');
......@@ -971,7 +971,7 @@ function auth_draw_login_page($message=null, Pieform $form=null) {
}
$smarty = smarty(array(), array(), array(), array('pagehelp' => false, 'sidebars' => false));
$smarty->assign('login_form', $loginform);
$smarty->assign('PAGEHEADING', hsc(get_string('loginto', 'mahara', get_config('sitename'))));
$smarty->assign('PAGEHEADING', get_string('loginto', 'mahara', get_config('sitename')));
$smarty->display('login.tpl');
exit;
}
......
......@@ -73,7 +73,7 @@ function deletepost_submit(Pieform $form, $values) {
$smarty = smarty();
$smarty->assign('deleteform', $form);
$smarty->assign('PAGEHEADING', hsc(get_string('deletepost', 'blocktype.wall')));
$smarty->assign('PAGEHEADING', get_string('deletepost', 'blocktype.wall'));
$smarty->display('blocktype:wall:deletepost.tpl');
?>
......@@ -65,7 +65,7 @@ if ($tag = param_variable('tag', null)) {
}
$smarty = smarty();
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('tags', $tags);
if ($tag) {
$smarty->assign('tag', $tag);
......
......@@ -142,7 +142,7 @@ $smarty = smarty(
array(),
array('stylesheets' => array('style/views.css'))
);
$smarty->assign('PAGEHEADING', hsc(get_string('exportyourportfolio', 'export')));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('form', $form);
$smarty->display('export/index.tpl');
......
......@@ -89,7 +89,7 @@ $creategroup = pieform(array(
$smarty = smarty();
$smarty->assign('form', $creategroup);
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->display('form.tpl');
......
......@@ -153,7 +153,7 @@ function search_submit(Pieform $form, $values) {
}
$smarty = smarty();
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('form', $searchform);
$smarty->assign('groups', $groups['data']);
$smarty->assign('pagination', $pagination['html']);
......
......@@ -83,7 +83,7 @@ $smarty->assign('form', $form);
$smarty->assign('filter', $filter);
$smarty->assign('pagination', $pagination['html']);
$smarty->assign('searchingforgroups', array('<a href="' . get_config('wwwroot') . 'group/find.php">', '</a>'));
$smarty->assign('PAGEHEADING', hsc(get_string('mygroups')));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->display('group/mygroups.tpl');
function filter_submit(Pieform $form, $values) {
......
......@@ -9,12 +9,12 @@
* @author Catalyst IT Ltd
* @version 1.0
*/
function Dwoo_Plugin_display_name(Dwoo $dwoo, $user) {
function Dwoo_Plugin_display_name(Dwoo $dwoo, $user, $userto=null, $nameonly=false, $realname=false) {
if (!$user) {
return '';
}
return display_name($user);
return display_name($user, $userto, $nameonly, $realname);
}
?>
......@@ -412,7 +412,7 @@ EOF;
$group = group_current_group();
$smarty->assign('GROUP', $group);
$smarty->assign('SUBPAGENAV', group_get_menu_tabs());
$smarty->assign('PAGEHEADING', hsc($group->name));
$smarty->assign('PAGEHEADING', $group->name);
}
// ---------- sideblock stuff ----------
......@@ -518,7 +518,7 @@ EOF;
if ($USER->get('parentuser')) {
$smarty->assign('USERMASQUERADING', true);
$smarty->assign('masqueradedetails', get_string('youaremasqueradingas', 'mahara', hsc(display_name($USER))));
$smarty->assign('masqueradedetails', get_string('youaremasqueradingas', 'mahara', display_name($USER)));
$smarty->assign('becomeyouagain',
' <a href="' . hsc($wwwroot) . 'admin/users/changeuser.php?restore=1">'
. get_string('becomeadminagain', 'admin', hsc($USER->get('parentuser')->name))
......
......@@ -397,7 +397,7 @@ $smarty->assign('registerdescription', $registerdescription);
if ($registerterms) {
$smarty->assign('termsandconditions', get_site_page_content('termsandconditions'));
}
$smarty->assign('PAGEHEADING', hsc(get_string('register')));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->display('register.tpl');
?>
......@@ -211,7 +211,7 @@ foreach (array('alpha', 'freq') as $option) {
}
$smarty = smarty(array('paginator'));
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('tags', $tags);
$smarty->assign('tagsortoptions', $tagsortoptions);
$smarty->assign('tag', $tag);
......
{auto_escape off}
{if $GROUP}
</div><!--end group-->
{/if}
......@@ -33,4 +32,3 @@
</div>
</body>
</html>
{/auto_escape}
{auto_escape off}
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html{if $LANGDIRECTION == 'rtl'} dir="rtl"{/if}>
{include file="header/head.tpl"}
<body>
{if $USERMASQUERADING}<div class="sitemessage"><img src="{theme_url filename='images/icon_problem.gif'}" alt="">{$masqueradedetails} {$becomeyouagain}</div>{/if}
{if $USERMASQUERADING}<div class="sitemessage"><img src="{theme_url filename='images/icon_problem.gif'}" alt="">{$masqueradedetails} {$becomeyouagain|safe}</div>{/if}
{if $SITECLOSED}<div class="sitemessage center">{$SITECLOSED}</div>{/if}
<div id="container">
<div id="loading-box"></div>
<div id="top-wrapper"><h1 id="site-logo"><a href="{$WWWROOT}"><img src="{theme_url filename='images/site-logo.png'}" alt="{$sitename|escape}"></a></h1>
<div id="top-wrapper"><h1 id="site-logo"><a href="{$WWWROOT}"><img src="{theme_url filename='images/site-logo.png'}" alt="{$sitename}"></a></h1>
{include file="header/topright.tpl"}
{include file="header/navigation.tpl"}
<div class="cb"></div>
......@@ -24,13 +23,12 @@
{dynamic}{insert_messages}{/dynamic}
<div id="main-column-container">
{if isset($PAGEHEADING)} <h1>{$PAGEHEADING}{if $PAGEHELPNAME}<span class="page-help-icon">{$PAGEHELPICON}</span>{/if}</h1>
{if isset($PAGEHEADING)} <h1>{$PAGEHEADING}{if $PAGEHELPNAME}<span class="page-help-icon">{$PAGEHELPICON|safe}</span>{/if}</h1>
{/if}
{if $SUBPAGENAV}{* Tabs and beginning of page container for group info pages *} <ul class="in-page-tabs">
{foreach from=$SUBPAGENAV item=item}
<li><a {if $item.selected}class="current-tab" {/if}href="{$WWWROOT}{$item.url|escape}">{$item.title|escape}</a></li>
<li><a {if $item.selected}class="current-tab" {/if}href="{$WWWROOT}{$item.url}">{$item.title}</a></li>
{/foreach}
</ul>
<div class="subpage rel">
{/if}
{/auto_escape}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment