Commit 3769fe88 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Enable auto_escape in header & footer and fix PAGEHEADING var to avoid double escaping


Signed-off-by: default avatarRichard Mansfield <richardm@catalyst.net.nz>
parent 566360c2
{auto_escape off}
<head>
<meta http-equiv="Content-type" content="text/html; charset=UTF-8">
<title>{$PAGETITLE|escape}</title>
<title>{$PAGETITLE}</title>
<script type="text/javascript">
var config = {literal}{{/literal}
'theme': {$THEMELIST},
'theme': {$THEMELIST|safe},
'sesskey' : '{$SESSKEY}',
'wwwroot': '{$WWWROOT}',
'loggedin': {$USER->is_logged_in()|intval},
'userid': {$USER->get('id')}
{literal}}{/literal};
</script>
{$STRINGJS}
{$STRINGJS|safe}
{foreach from=$JAVASCRIPT item=script}
<script type="text/javascript" src="{$script}"></script>
{/foreach}
{foreach from=$HEADERS item=header}
{$header}
{$header|safe}
{/foreach}
{if isset($INLINEJAVASCRIPT)}
<script type="text/javascript">
{$INLINEJAVASCRIPT}
{$INLINEJAVASCRIPT|safe}
</script>
{/if}
<!--[if lt IE 7.]>
......@@ -34,4 +33,3 @@
<link rel="shortcut icon" href="{$WWWROOT}favicon.ico" type="image/vnd.microsoft.icon">
</head>
{dynamic}{flush}{/dynamic}
{/auto_escape}
{auto_escape off}
{if $RIGHTNAV}
<div id="right-nav">
<ul>{strip}
{foreach from=$RIGHTNAV item=item}
<li{if $item.selected}{assign var=MAINNAVSELECTED value=$item} class="selected"{/if}><a href="{if $item.wwwroot}{$item.wwwroot}{else}{$WWWROOT}{/if}{$item.url|escape}">{if $item.title}{$item.title|escape}{/if}{if $item.icon}<img src="{$item.icon}" alt="{$item.alt|escape}">{if isset($item.count)}<span class="navcount{if $item.countclass} {$item.countclass}{/if}">{$item.count|escape}</span>{/if}</a></li>
<li{if $item.selected}{assign var=MAINNAVSELECTED value=$item} class="selected"{/if}><a href="{if $item.wwwroot}{$item.wwwroot}{else}{$WWWROOT}{/if}{$item.url}">{if $item.title}{$item.title}{/if}{if $item.icon}<img src="{$item.icon}" alt="{$item.alt}">{if isset($item.count)}<span class="navcount{if $item.countclass} {$item.countclass}{/if}">{$item.count}</span>{/if}</a></li>
{/foreach}
<li><a href="{$WWWROOT}?logout" accesskey="l">{str tag="logout"}</a></li>
{/strip}</ul>
......@@ -14,7 +13,7 @@
<div id="main-nav">
<ul>{strip}
{foreach from=$MAINNAV item=item}
<li{if $item.selected}{assign var=MAINNAVSELECTED value=$item} class="selected"{/if}><a href="{$WWWROOT}{$item.url|escape}"{if $item.accesskey} accesskey="{$item.accesskey}"{/if}>{$item.title|escape}</a></li>
<li{if $item.selected}{assign var=MAINNAVSELECTED value=$item} class="selected"{/if}><a href="{$WWWROOT}{$item.url}"{if $item.accesskey} accesskey="{$item.accesskey}"{/if}>{$item.title}</a></li>
{/foreach}
{if $ADMIN || $INSTITUTIONALADMIN}
<li><a href="{$WWWROOT}" accesskey="h">{str tag="returntosite"}</a></li>
......@@ -30,10 +29,9 @@
{if $MAINNAVSELECTED.submenu}
<ul>{strip}
{foreach from=$MAINNAVSELECTED.submenu item=item}
<li{if $item.selected} class="selected"{/if}><a href="{if get_config('httpswwwroot') && $item.url=='account/'}{$HTTPSWWWROOT}{else}{$WWWROOT}{/if}{$item.url|escape}"{if $item.accesskey} accesskey="{$item.accesskey}"{/if}>{$item.title|escape}</a></li>
<li{if $item.selected} class="selected"{/if}><a href="{if get_config('httpswwwroot') && $item.url=='account/'}{$HTTPSWWWROOT}{else}{$WWWROOT}{/if}{$item.url}"{if $item.accesskey} accesskey="{$item.accesskey}"{/if}>{$item.title}</a></li>
{/foreach}
{/strip}</ul>
{/if}
</div>
{/if}
{/auto_escape}
{auto_escape off}
{if !$nosearch && $LOGGEDIN} {user_search_form}{/if}
{if !$nosearch && !$LOGGEDIN && (count($LANGUAGES) > 1)}
<form id="language-select" method="post" action="">
......@@ -7,11 +6,11 @@
<select name="lang">
<option value="default" selected="selected">{$sitedefaultlang}</option>
{foreach from=$LANGUAGES key=k item=i}
<option value="{$k|escape}">{$i|escape}</option>
<option value="{$k}">{$i}</option>
{/foreach}
</select>
<input type="submit" class="submit" name="changelang" value="{str tag=change}">
</div>
</form>
{/if}
{/auto_escape}
{auto_escape off}
</div>
<div id="footer-wrap">
<div id="performance-info">{mahara_performance_info}</div>
......@@ -7,4 +6,4 @@
</div>
</body>
</html>
{/auto_escape}
{auto_escape off}
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html{if $LANGDIRECTION == 'rtl'} dir="rtl"{/if}>
{include file="header/head.tpl"}
......@@ -12,6 +11,5 @@
<div class="main-column">
{dynamic}{insert_messages}{/dynamic}
<div id="main-column-container">
{if isset($PAGEHEADING)} <h1>{$PAGEHEADING}{if $PAGEHELPNAME}<span class="page-help-icon">{$PAGEHELPICON}</span>{/if}</h1>
{if isset($PAGEHEADING)} <h1>{$PAGEHEADING}{if $PAGEHELPNAME}<span class="page-help-icon">{$PAGEHELPICON|safe}</span>{/if}</h1>
{/if}
{/auto_escape}
{if $microheaders}{include file="viewmicroheader.tpl"}{else}{include file="header.tpl"}{/if}
{if $microheaders}
{include file="viewmicroheader.tpl"}
{else}
{include file="header.tpl"}{if $pageheadinghtml}<h1>{$pageheadinghtml|safe}</h1>{/if}
{/if}
<div id="userview">
<div class="user-icon right">
......
{auto_escape off}
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html{if $LANGDIRECTION == 'rtl'} dir="rtl"{/if}>
{include file="header/head.tpl"}
<body>
{if $USERMASQUERADING}<div class="sitemessage"><img src="{theme_url filename='images/icon_problem.gif'}" alt="">{$masqueradedetails} {$becomeyouagain}</div>{/if}
{if $USERMASQUERADING}<div class="sitemessage"><img src="{theme_url filename='images/icon_problem.gif'}" alt="">{$masqueradedetails} {$becomeyouagain|safe}</div>{/if}
{if $SITECLOSED}<div class="sitemessage center">{$SITECLOSED}</div>{/if}
<div id="containerX">
<div id="loading-box"></div>
<div id="top-wrapper">
<div class="viewheader rel">
<div class="rbuttons">
<a class="small-logo" href="{$WWWROOT}"><img src="{theme_url filename='images/site-logo-small.png'}" alt="{$sitename|escape}"></a>
<a class="small-logo" href="{$WWWROOT}"><img src="{theme_url filename='images/site-logo-small.png'}" alt="{$sitename}"></a>
</div>
<div class="links lbuttons">
{if $microheaderlinks}
{foreach from=$microheaderlinks item=item}
<a {if $item.type}class="btn-{$item.type}" {/if}href="{$item.url}">{$item.name|escape}</a>&nbsp;
<a {if $item.type}class="btn-{$item.type}" {/if}href="{$item.url}">{$item.name}</a>&nbsp;
{/foreach}
{elseif $backurl}<a class="btn-reply" href="{$backurl}">{str tag=back}</a>&nbsp;
{/if}
</div>
{if $LOGGEDIN}
<div class="nav">
<a href="{$WWWROOT}user/view.php">{$userdisplayname|escape}</a>&nbsp;:
<a href="{$WWWROOT}user/view.php">{$USER|display_name:null:true|escape}</a>&nbsp;:
{foreach from=$MAINNAV item=item}
{if $item.path}
<a href="{if $item.url=='account/' && get_config('httpswwwroot')}{$HTTPSWWWROOT}{else}{$WWWROOT}{/if}{$item.url|escape}">{$item.title|escape}</a>&nbsp;
<a href="{if $item.url=='account/' && get_config('httpswwwroot')}{$HTTPSWWWROOT}{else}{$WWWROOT}{/if}{$item.url}">{$item.title}</a>&nbsp;
{/if}
{/foreach}
{if $USER->get('admin')}
......@@ -38,11 +37,10 @@
<a href="{$WWWROOT}?logout">{str tag="logout"}</a>
</div>
{/if}
<div class="center cb title">{$microheadertitle}</div>
<div class="center cb title">{$microheadertitle|safe}</div>
</div>
</div>
<div id="main-wrapper">
<div class="main-column">
{dynamic}{insert_messages}{/dynamic}
<div id="main-column-container">
{/auto_escape}
......@@ -62,7 +62,7 @@ $form = pieform(array(
));
$smarty = smarty();
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('form', $form);
$smarty->assign('user', $user);
$smarty->display('user/denyrequest.tpl');
......
......@@ -98,7 +98,7 @@ if ($admingroups->invite || $admingroups->controlled) {
array_push($javascript, 'groupbox');
}
$smarty = smarty($javascript, array(), array('applychanges' => 'mahara', 'nogroups' => 'group'), array('sideblocks' => array(friends_control_sideblock('find'))));
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('INLINEJAVASCRIPT', $js);
$smarty->assign('results', $data);
$smarty->assign('form', $searchform);
......
......@@ -111,7 +111,7 @@ if ($admingroups->invite || $admingroups->controlled) {
array_push($javascript, 'groupbox');
}
$smarty = smarty($javascript, array(), array('applychanges' => 'mahara', 'nogroups' => 'group'), array('sideblocks' => array(friends_control_sideblock())));
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('INLINEJAVASCRIPT', $js);
$smarty->assign('results', $data);
$smarty->assign('form', $filterform);
......
......@@ -60,7 +60,7 @@ $form = pieform(array(
));
$smarty = smarty();
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('form', $form);
$smarty->assign('user', $user);
$smarty->display('user/removefriend.tpl');
......
......@@ -64,7 +64,7 @@ $form = pieform(array(
));
$smarty = smarty();
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('form', $form);
$smarty->assign('user', $user);
$smarty->display('user/requestfriendship.tpl');
......
......@@ -76,7 +76,7 @@ $form = pieform(array(
));
$smarty = smarty();
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('form', $form);
$smarty->assign('user', $user);
$smarty->assign('messages', $messages);
......
......@@ -280,7 +280,6 @@ $smarty->assign('loginas', $loginas);
$smarty->assign('institutions', get_institution_string_for_user($userid));
$smarty->assign('canmessage', $loggedinid != $userid && can_send_message($loggedinid, $userid));
$smarty->assign('USERID', $userid);
$smarty->assign('userdisplayname', display_name($USER, null, true));
$smarty->assign('viewtitle', get_string('usersprofile', 'mahara', display_name($user, null, true)));
$smarty->assign('viewtype', 'profile');
......@@ -302,7 +301,7 @@ if (get_config('viewmicroheaders')) {
}
}
else {
$smarty->assign('PAGEHEADING', $view->display_title(false));
$smarty->assign('pageheadinghtml', $view->display_title(false));
}
$smarty->assign('viewcontent', $view->build_columns());
......
......@@ -447,7 +447,7 @@ $smarty = smarty(
array('sidebars' => false)
);
$smarty->assign('INLINEJAVASCRIPT', $js);
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('pagedescriptionhtml', get_string('editaccesspagedescription2', 'view'));
$smarty->assign('form', $form);
$smarty->display('form.tpl');
......@@ -156,7 +156,6 @@ if (get_config('viewmicroheaders')) {
$smarty->assign('microheaders', true);
$smarty->assign('microheadertitle', $view->display_title(true, false));
if ($USER->is_logged_in()) {
$smarty->assign('userdisplayname', display_name($USER, null, true));
if (!empty($_SERVER['HTTP_REFERER'])) {
$page = get_config('wwwroot') . 'view/artefact.php?id=' . $artefactid . '&view=' . $viewid;
if ($_SERVER['HTTP_REFERER'] != $page) {
......
......@@ -229,7 +229,6 @@ if (get_config('viewmicroheaders')) {
}
}
$smarty->assign('userdisplayname', display_name($USER, null, true));
$smarty->assign('viewtype', $viewtype);
$smarty->assign('view', $view->get('id'));
$smarty->assign('groupid', $group);
......
......@@ -116,7 +116,7 @@ $smarty = smarty(
array('stylesheets' => array('style/views.css'))
);
$smarty->assign('INLINEJAVASCRIPT', $js);
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('helptext', $helptext);
$smarty->assign('views', $views);
$smarty->display('view/choosetemplate.tpl');
......
......@@ -67,7 +67,7 @@ $columnsform = pieform(array(
));
$smarty = smarty(array(), array(), array(), array('sidebars' => false));
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('form', $columnsform);
$smarty->assign('pagedescription', get_string('viewcolumnspagedescription', 'view'));
$smarty->display('form.tpl');
......
......@@ -67,7 +67,7 @@ $form = pieform(array(
));
$smarty = smarty();
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('form', $form);
$smarty->display('view/delete.tpl');
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment