Commit 4325e9e6 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Enable auto_escape in remaining blog & file templates


Signed-off-by: default avatarRichard Mansfield <richardm@catalyst.net.nz>
parent 9aadab78
{auto_escape off}
<?xml version="1.0"?> <?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom"> <feed xmlns="http://www.w3.org/2005/Atom">
<title>{$feed.title}</title> <title>{$feed.title}</title>
<id>{$feed.id}</id> <id>{$feed.id}</id>
<link href="{$feed.link|escape}" /> <link href="{$feed.link}" />
<link rel="self" type="application/atom+xml" href="{$feed.selflink|escape}" /> <link rel="self" type="application/atom+xml" href="{$feed.selflink}" />
<subtitle type="html"><![CDATA[ {$feed.description} ]]></subtitle> <subtitle type="html"><![CDATA[ {$feed.description|clean_html|safe} ]]></subtitle>
<logo>{$feed.logo|escape}</logo> <logo>{$feed.logo}</logo>
<icon>{$feed.icon|escape}</icon> <icon>{$feed.icon}</icon>
<generator uri="{$feed.generator.uri|escape}" version="{$feed.generator.version}"> <generator uri="{$feed.generator.uri}" version="{$feed.generator.version}">
{$feed.generator.text} {$feed.generator.text}
</generator> </generator>
<author> <author>
<name>{$feed.author.name}</name> <name>{$feed.author.name}</name>
{if $feed.author.uri} {if $feed.author.uri}
<uri>{$feed.author.uri|escape}</uri> <uri>{$feed.author.uri}</uri>
{/if} {/if}
</author> </author>
<updated>{$feed.updated}</updated> <updated>{$feed.updated}</updated>
...@@ -23,17 +22,16 @@ ...@@ -23,17 +22,16 @@
<entry> <entry>
<title>{$post.title}</title> <title>{$post.title}</title>
<id>{$post.id}</id> <id>{$post.id}</id>
<link href="{$post.link|escape}" /> <link href="{$post.link}" />
<content type="html"><![CDATA[ {$post.description} ]]></content> <content type="html"><![CDATA[ {$post.description|clean_html|safe} ]]></content>
<author> <author>
<name>{$feed.author.name}</name> <name>{$feed.author.name}</name>
</author> </author>
<updated>{$post.mtime}</updated> <updated>{$post.mtime}</updated>
<rights type="html"><![CDATA[ {$feed.rights} ]]></rights> <rights type="html"><![CDATA[ {$feed.rights} ]]></rights>
{foreach from=$post.attachments item=attachlink} {foreach from=$post.attachments item=attachlink}
<link rel="enclosure" title="{$attachlink.title}" href="{$attachlink.link|escape}" /> <link rel="enclosure" title="{$attachlink.title}" href="{$attachlink.link}" />
{/foreach} {/foreach}
</entry> </entry>
{/foreach} {/foreach}
</feed> </feed>
{/auto_escape}
{auto_escape off}
<html xmlns="http://www.w3.org/1999/xhtml"> <html xmlns="http://www.w3.org/1999/xhtml">
<head> <head>
<title>{str tag=insertimage section=artefact.blog}</title> <title>{str tag=insertimage section=artefact.blog}</title>
...@@ -78,4 +77,3 @@ ...@@ -78,4 +77,3 @@
</form> </form>
</body> </body>
</html> </html>
{/auto_escape}
{auto_escape off}
{include file="header.tpl"} {include file="header.tpl"}
<div class="rbuttons"> <div class="rbuttons">
<a class="btn btn-add" href="{$WWWROOT}artefact/blog/new/">{str section="artefact.blog" tag="addblog"}</a> <a class="btn btn-add" href="{$WWWROOT}artefact/blog/new/">{str section="artefact.blog" tag="addblog"}</a>
...@@ -12,11 +11,10 @@ ...@@ -12,11 +11,10 @@
<tr><th></th><th></th></tr> <tr><th></th><th></th></tr>
</thead> </thead>
<tbody> <tbody>
{$blogs->tablerows} {$blogs->tablerows|safe}
</tbody> </tbody>
</table> </table>
{$blogs->pagination} {$blogs->pagination|safe}
{/if} {/if}
</div> </div>
{include file="footer.tpl"} {include file="footer.tpl"}
{/auto_escape}
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
<div title="{$file.title}"> <div title="{$file.title}">
<div class="fl"><a href="{$WWWROOT}{$file.downloadurl}" target="_blank"><img src="{$file.iconsrc}" alt=""></a></div> <div class="fl"><a href="{$WWWROOT}{$file.downloadurl}" target="_blank"><img src="{$file.iconsrc}" alt=""></a></div>
<div style="margin-left: 30px;"> <div style="margin-left: 30px;">
<h4><a href="{$file.downloadurl}" target="_blank">{$file.title|str_shorten_text:20|safe}</a></h4> <h4><a href="{$file.downloadurl}" target="_blank">{$file.title|str_shorten_text:20}</a></h4>
{if $file.description}<p style="margin: 0;"><strong>{$file.description}</strong></p>{/if} {if $file.description}<p style="margin: 0;"><strong>{$file.description}</strong></p>{/if}
{$file.size|display_size} | {$file.ctime|format_date:'strftimedaydate'} {$file.size|display_size} | {$file.ctime|format_date:'strftimedaydate'}
| <a href="{$WWWROOT}view/artefact.php?artefact={$file.id}&view={$viewid}">{str tag=Details section=artefact.file}</a> | <a href="{$WWWROOT}view/artefact.php?artefact={$file.id}&view={$viewid}">{str tag=Details section=artefact.file}</a>
......
{auto_escape off}
<tr title="{$artefact->hovertitle|escape}"> <tr title="{$artefact->hovertitle|escape}">
<td style="width: 20px;"> <td style="width: 20px;">
{$formcontrols} {$formcontrols}
...@@ -6,4 +5,3 @@ ...@@ -6,4 +5,3 @@
<td style="width: 22px;"><label for="{$elementname}_{$artefact->id}"><img src="{$artefact->icon|escape}" alt="*"></label></td> <td style="width: 22px;"><label for="{$elementname}_{$artefact->id}"><img src="{$artefact->icon|escape}" alt="*"></label></td>
<th><label for="{$elementname}_{$artefact->id}">{if $artefact->description}{$artefact->description|escape}{else}{$artefact->title|escape}{/if}{if $artefact->artefacttype == 'profileicon'} ({str tag=profileicon section=artefact.file}){/if}</label></th> <th><label for="{$elementname}_{$artefact->id}">{if $artefact->description}{$artefact->description|escape}{else}{$artefact->title|escape}{/if}{if $artefact->artefacttype == 'profileicon'} ({str tag=profileicon section=artefact.file}){/if}</label></th>
</tr> </tr>
{/auto_escape}
{auto_escape off}
{include file="header.tpl"} {include file="header.tpl"}
{if $file} {if $file}
<h5>{$file->get('title')|escape}</h5> <h5>{$file->get('title')}</h5>
{if $zipinfo} {if $zipinfo}
<p> <p>
<span><label>{str tag=Files section=artefact.file}:</label> {$zipinfo->files}&nbsp;</span> <span><label>{str tag=Files section=artefact.file}:</label> {$zipinfo->files}&nbsp;</span>
...@@ -10,17 +9,16 @@ ...@@ -10,17 +9,16 @@
<span><label>{str tag=spacerequired section=artefact.file}:</label> {$zipinfo->displaysize}</span> <span><label>{str tag=spacerequired section=artefact.file}:</label> {$zipinfo->displaysize}</span>
</p> </p>
{/if} {/if}
<p>{$message|escape}</p> <p>{$message}</p>
{if $zipinfo} {if $zipinfo}
{$form} {$form|safe}
<p> <p>
<div><label>{str tag=Contents section=artefact.file}:</label></div> <div><label>{str tag=Contents section=artefact.file}:</label></div>
{foreach from=$zipinfo->names item=name} {foreach from=$zipinfo->names item=name}
<div>{$name|escape}</div> <div>{$name}</div>
{/foreach} {/foreach}
</p> </p>
{/if} {/if}
{/if} {/if}
{include file="footer.tpl"} {include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
<div> <div>
<div class="fl filedata-icon"><a href="{$downloadpath|escape}"><img src="{$iconpath|escape}" alt="{$description|escape}"></a></div> <div class="fl filedata-icon"><a href="{$downloadpath}"><img src="{$iconpath}" alt="{$description}"></a></div>
<h4><a href="{$downloadpath|escape}">{$title|escape}</a></h4> <h4><a href="{$downloadpath}">{$title}</a></h4>
</div> </div>
<table class="filedata"> <table class="filedata">
<tr><th>{str tag=Type section=artefact.file}:</th><td>{$filetype}</td></tr> <tr><th>{str tag=Type section=artefact.file}:</th><td>{$filetype}</td></tr>
<tr><th>{str tag=Description section=artefact.file}:</th><td>{$description|escape}</td></tr> <tr><th>{str tag=Description section=artefact.file}:</th><td>{$description}</td></tr>
<tr><th>{str tag=tags}:</th><td>{list_tags owner=$owner tags=$tags}</td></tr> <tr><th>{str tag=tags}:</th><td>{list_tags owner=$owner tags=$tags}</td></tr>
<tr><th>{str tag=Owner section=artefact.file}:</th><td>{$ownername|escape}</td></tr> <tr><th>{str tag=Owner section=artefact.file}:</th><td>{$ownername}</td></tr>
<tr><th>{str tag=Created section=artefact.file}:</th><td>{$created}</td></tr> <tr><th>{str tag=Created section=artefact.file}:</th><td>{$created}</td></tr>
<tr><th>{str tag=lastmodified section=artefact.file}:</th><td>{$modified}</td></tr> <tr><th>{str tag=lastmodified section=artefact.file}:</th><td>{$modified}</td></tr>
<tr><th>{str tag=Size section=artefact.file}:</th><td>{$size|escape}</td></tr> <tr><th>{str tag=Size section=artefact.file}:</th><td>{$size}</td></tr>
<tr><th>{str tag=Download section=artefact.file}:</th><td><a href="{$downloadpath|escape}">{str tag=Download section=artefact.file}</a></td></tr> <tr><th>{str tag=Download section=artefact.file}:</th><td><a href="{$downloadpath}">{str tag=Download section=artefact.file}</a></td></tr>
</table> </table>
{/auto_escape}
{auto_escape off}
{include file="header.tpl"} {include file="header.tpl"}
{if $institution} {if $institution}
{$institutionselector} {$institutionselector|safe}
{/if} {/if}
{if $institution && $institution == 'mahara'} {if $institution && $institution == 'mahara'}
...@@ -9,6 +8,6 @@ ...@@ -9,6 +8,6 @@
{else} {else}
<p>{str tag='fileinstructions' section='artefact.file'}</p> <p>{str tag='fileinstructions' section='artefact.file'}</p>
{/if} {/if}
<div>{$form}</div> <div>{$form|safe}</div>
{include file="footer.tpl"} {include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
<tr id="{$prefix}_edit_row"{if !$fileinfo} class="hidden"{/if}> <tr id="{$prefix}_edit_row"{if !$fileinfo} class="hidden"{/if}>
<td colspan=6> <td colspan=6>
<table> <table>
...@@ -63,4 +62,3 @@ ...@@ -63,4 +62,3 @@
</table> </table>
</td> </td>
</tr> </tr>
{/auto_escape}
{auto_escape off}
{if $config.select} {if $config.select}
{include file="artefact:file:form/selectedlist.tpl" selectedlist=$selectedlist prefix=$prefix highlight=$highlight} {include file="artefact:file:form/selectedlist.tpl" selectedlist=$selectedlist prefix=$prefix highlight=$highlight}
{/if} {/if}
<script type="text/javascript"> <script type="text/javascript">
{$initjs} {$initjs|safe}
</script> </script>
<input type="hidden" name="folder" id="{$prefix}_folder" value="{$folder}" /> <input type="hidden" name="folder" id="{$prefix}_folder" value="{$folder}" />
...@@ -109,4 +108,4 @@ ...@@ -109,4 +108,4 @@
</div> </div>
{/if} {/if}
</div>{/auto_escape} </div>
{auto_escape off}
{if !$filelist} {if !$filelist}
<p>{str tag=nofilesfound section=artefact.file}</p> <p>{str tag=nofilesfound section=artefact.file}</p>
{else} {else}
...@@ -35,7 +34,7 @@ ...@@ -35,7 +34,7 @@
{/if} {/if}
</td> </td>
<td class="filename"> <td class="filename">
{assign var=displaytitle value=$file->title|str_shorten_text:34|escape} {assign var=displaytitle value=$file->title|str_shorten_text:34|safe}
{if $file->artefacttype == 'folder'} {if $file->artefacttype == 'folder'}
<a href="{$querybase}folder={$file->id}{if $owner}&owner={$owner}{if $ownerid}&ownerid={$ownerid}{/if}{/if}" class="changefolder" title="{str tag=gotofolder section=artefact.file arg1=$displaytitle}">{$displaytitle}</a> <a href="{$querybase}folder={$file->id}{if $owner}&owner={$owner}{if $ownerid}&ownerid={$ownerid}{/if}{/if}" class="changefolder" title="{str tag=gotofolder section=artefact.file arg1=$displaytitle}">{$displaytitle}</a>
{elseif !$publishable} {elseif !$publishable}
...@@ -44,7 +43,7 @@ ...@@ -44,7 +43,7 @@
<a href="{$WWWROOT}artefact/file/download.php?file={$file->id}" target="_blank" title="{str tag=downloadfile section=artefact.file arg1=$displaytitle}">{$displaytitle}</a> <a href="{$WWWROOT}artefact/file/download.php?file={$file->id}" target="_blank" title="{str tag=downloadfile section=artefact.file arg1=$displaytitle}">{$displaytitle}</a>
{/if} {/if}
</td> </td>
<td>{$file->description|escape}</td> <td>{$file->description}</td>
{if !$showtags && !$editmeta} {if !$showtags && !$editmeta}
<td>{tif $file->size ?: ''}</td> <td>{tif $file->size ?: ''}</td>
<td>{tif $file->mtime ?: ''}</td> <td>{tif $file->mtime ?: ''}</td>
...@@ -77,4 +76,3 @@ ...@@ -77,4 +76,3 @@
</tbody> </tbody>
</table> </table>
{/if} {/if}
{/auto_escape}
{auto_escape off}
{foreach from=$path item=f name=path} {foreach from=$path item=f name=path}
{if !$.foreach.path.first}/ {/if}<a href="{$querybase}folder={$f->id}{if $owner}&owner={$owner}{if $ownerid}&ownerid={$ownerid}{/if}{/if}" class="changefolder">{$f->title|str_shorten_text:34|escape}</a> {if !$.foreach.path.first}/ {/if}<a href="{$querybase}folder={$f->id}{if $owner}&owner={$owner}{if $ownerid}&ownerid={$ownerid}{/if}{/if}" class="changefolder">{$f->title|str_shorten_text:34}</a>
{/foreach} {/foreach}
{/auto_escape}
{auto_escape off}
{if $tabs.subtabs} {if $tabs.subtabs}
<ul class="artefactchooser-subtabs"> <ul class="artefactchooser-subtabs">
{foreach from=$tabs.subtabs item=displayname key=ownerid} {foreach from=$tabs.subtabs item=displayname key=ownerid}
...@@ -6,4 +5,3 @@ ...@@ -6,4 +5,3 @@
{/foreach} {/foreach}
</ul> </ul>
{/if} {/if}
{/auto_escape}
{auto_escape off}
<ul class="artefactchooser-tabs files"> <ul class="artefactchooser-tabs files">
{foreach from=$tabs.tabs item=displayname key=name} {foreach from=$tabs.tabs item=displayname key=name}
<li{if $tabs.owner == $name} class="current"{/if}><a class="changeowner" href="{$querybase}owner={$name}">{$displayname}</a></li> <li{if $tabs.owner == $name} class="current"{/if}><a class="changeowner" href="{$querybase}owner={$name}">{$displayname}</a></li>
{/foreach} {/foreach}
</ul> </ul>
{/auto_escape}
{auto_escape off}
<p id="{$prefix}_empty_selectlist"{if !$selectedlist} class="hidden"{/if}>{str tag=nofilesfound section=artefact.file}</p> <p id="{$prefix}_empty_selectlist"{if !$selectedlist} class="hidden"{/if}>{str tag=nofilesfound section=artefact.file}</p>
<table id="{$prefix}_selectlist" class="attachments fullwidth{if !$selectedlist} hidden{/if}"> <table id="{$prefix}_selectlist" class="attachments fullwidth{if !$selectedlist} hidden{/if}">
<thead> <thead>
...@@ -11,7 +10,7 @@ ...@@ -11,7 +10,7 @@
</thead> </thead>
<tbody> <tbody>
{foreach from=$selectedlist item=file} {foreach from=$selectedlist item=file}
{assign var=displaytitle value=$file->title|str_shorten_text:34|escape} {assign var=displaytitle value=$file->title|str_shorten_text:34|safe}
<tr class="{cycle values='r0,r1'}{if $highlight && $highlight == $file->id} highlight-file{/if}"> <tr class="{cycle values='r0,r1'}{if $highlight && $highlight == $file->id} highlight-file{/if}">
<td> <td>
<img src="{if $file->artefacttype == 'image'}{$WWWROOT}artefact/file/download.php?file={$file->id}&size=20x20{else}{theme_url filename=images/`$file->artefacttype`.gif}{/if}"> <img src="{if $file->artefacttype == 'image'}{$WWWROOT}artefact/file/download.php?file={$file->id}&size=20x20{else}{theme_url filename=images/`$file->artefacttype`.gif}{/if}">
...@@ -19,7 +18,7 @@ ...@@ -19,7 +18,7 @@
<td> <td>
<a href="{$WWWROOT}artefact/file/download.php?file={$file->id}" target="_blank" title="{str tag=downloadfile section=artefact.file arg1=$displaytitle}">{$displaytitle}</a> <a href="{$WWWROOT}artefact/file/download.php?file={$file->id}" target="_blank" title="{str tag=downloadfile section=artefact.file arg1=$displaytitle}">{$displaytitle}</a>
</td> </td>
<td>{$file->description|escape}</td> <td>{$file->description}</td>
<td> <td>
<input type="submit" class="button small unselect" name="{$prefix}_unselect[{$file->id}]" value="{str tag=remove}" /> <input type="submit" class="button small unselect" name="{$prefix}_unselect[{$file->id}]" value="{str tag=remove}" />
<input type="hidden" name="{$prefix}_selected[{$file->id}]" value="{$file->id}"> <input type="hidden" name="{$prefix}_selected[{$file->id}]" value="{$file->id}">
...@@ -28,5 +27,3 @@ ...@@ -28,5 +27,3 @@
{/foreach} {/foreach}
</tbody> </tbody>
</table> </table>
{/auto_escape}
{auto_escape off}
<div> <div>
<a href="{$downloadpath|escape}"><img src="{$downloadpath|escape}&maxwidth=1000&maxheight=750" alt="{$title|escape}"></a> <a href="{$downloadpath}"><img src="{$downloadpath}&maxwidth=1000&maxheight=750" alt="{$title}"></a>
<p>{$description|escape}</p> <p>{$description}</p>
<div><a href="{$metadataurl|escape}">{str tag=Details section=artefact.file}</a></div> <div><a href="{$metadataurl}">{str tag=Details section=artefact.file}</a></div>
</div> </div>
{/auto_escape}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment