Commit 51aa39fb authored by Richard Mansfield's avatar Richard Mansfield

Enable auto_escape in view templates

Signed-off-by: default avatarRichard Mansfield <richardm@catalyst.net.nz>
parent 07528841
{include file="header.tpl"}
{if $pagedescription}
<p>{$pagedescription}</p>
{elseif $pagedescriptionhtml}
{$pagedescriptionhtml|safe}
{/if}
{$form|safe}
{include file="footer.tpl"}
\ No newline at end of file
{auto_escape off}
{include file="header.tpl"}
{str tag=editaccesspagedescription2 section=view}
{$form}
{include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
{if $microheaders}{include file="viewmicroheader.tpl"}{else}{include file="header.tpl"}{/if}
<h2>
<a href="{$WWWROOT}view/view.php?id={$viewid}">{$viewtitle|escape}</a>{if $ownername} {str tag=by section=view}
<a href="{$WWWROOT}{$ownerlink}">{$ownername|escape}</a>{/if}{foreach from=$artefactpath item=a}:
{if $a.url}<a href="{$a.url}">{/if}{$a.title|escape}{if $a.url}</a>{/if}{if $hasfeed}<a href="{$feedlink}"><img class="feedicon" src="{theme_url filename='images/rss.gif'}"></a>{/if}
<a href="{$WWWROOT}view/view.php?id={$viewid}">{$viewtitle}</a>{if $ownername} {str tag=by section=view}
<a href="{$WWWROOT}{$ownerlink}">{$ownername}</a>{/if}{foreach from=$artefactpath item=a}:
{if $a.url}<a href="{$a.url}">{/if}{$a.title}{if $a.url}</a>{/if}{if $hasfeed}<a href="{$feedlink}"><img class="feedicon" src="{theme_url filename='images/rss.gif'}"></a>{/if}
{/foreach}
</h2>
<div id="view">
<div id="bottom-pane">
<div id="column-container">
{$artefact}
{$artefact|safe}
</div>
</div>
</div>
......@@ -21,16 +20,16 @@
<table id="feedbacktable" class="fullwidth table">
<thead><tr><th>{str tag="feedback" section="artefact.comment"}</th></tr></thead>
<tbody>
{$feedback->tablerows}
{$feedback->tablerows|safe}
</tbody>
</table>
{$feedback->pagination}
{$feedback->pagination|safe}
{/if}
<div id="viewmenu">
{include file="view/viewmenu.tpl"}
</div>
<div>{$addfeedbackform}</div>
<div>{$objectionform}</div>
<div>{$addfeedbackform|safe}</div>
<div>{$objectionform|safe}</div>
</div>
{if $microheaders}{include file="microfooter.tpl"}{else}{include file="footer.tpl"}{/if}{/auto_escape}
{if $microheaders}{include file="microfooter.tpl"}{else}{include file="footer.tpl"}{/if}
{auto_escape off}
{include file="header.tpl"}
<p>{str tag="viewcolumnspagedescription" section="view"}</p>
{$form}
{include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
{include file="header.tpl"}
<p>{str tag='viewlayoutpagedescription' section='view'}</p>
{$form_start_tag}
{$form_start_tag|safe}
{foreach from=$options key=id item=description}
<div class="fl">
......@@ -13,7 +12,7 @@
{else}
<div><input type="radio" class="radio" name="layout" value="{$id}"></div>
{/if}
<div>{$description|escape}</div>
<div>{$description}</div>
</div>
{/foreach}
<div class="cb">
......@@ -26,4 +25,3 @@
</form>
{include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
{include file="header.tpl"}
<div class="message">
<p>{$message|escape}</p>
{$form}
<p>{$message}</p>
{$form|safe}
</div>
{include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
{if $microheaders}{include file="viewmicroheader.tpl"}{else}{include file="header.tpl"}{/if}
{if $maintitle}<h1>{$maintitle}</h1>{/if}
{if $maintitle}<h1>{$maintitle|safe}</h1>{/if}
{if !$microheaders && $mnethost}
<div class="rbuttons">
......@@ -9,36 +8,36 @@
</div>
{/if}
<p id="view-description">{$viewdescription|clean_html}</p>
<p id="view-description">{$viewdescription|clean_html|safe}</p>
<div id="view" class="cb">
<div id="bottom-pane">
<div id="column-container">
{$viewcontent}
{$viewcontent|safe}
<div class="cb">
</div>
</div>
</div>
<div class="viewfooter cb">
{if $tags}<div class="tags">{str tag=tags}: {list_tags owner=$owner tags=$tags}</div>{/if}
<div>{$releaseform}</div>
{if $view_group_submission_form}<div>{$view_group_submission_form}</div>{/if}
<div>{$releaseform|safe}</div>
{if $view_group_submission_form}<div>{$view_group_submission_form|safe}</div>{/if}
{if $feedback->count || $enablecomments}
<table id="feedbacktable" class="fullwidth table">
<thead><tr><th>{str tag="feedback" section="artefact.comment"}</th></tr></thead>
<tbody>
{$feedback->tablerows}
{$feedback->tablerows|safe}
</tbody>
</table>
{$feedback->pagination}
{$feedback->pagination|safe}
{/if}
<div id="viewmenu">
{include file="view/viewmenu.tpl" enablecomments=$enablecomments}
</div>
{if $addfeedbackform}<div>{$addfeedbackform}</div>{/if}
{if $objectionform}<div>{$objectionform}</div>{/if}
{if $addfeedbackform}<div>{$addfeedbackform|safe}</div>{/if}
{if $objectionform}<div>{$objectionform|safe}</div>{/if}
</div>
</div>
{if $visitstring}<div class="ctime center s">{$visitstring}</div>{/if}
{if $microheaders}{include file="microfooter.tpl"}{else}{include file="footer.tpl"}{/if}{/auto_escape}
{if $microheaders}{include file="microfooter.tpl"}{else}{include file="footer.tpl"}{/if}
{auto_escape off}
{if $enablecomments}
<a id="add_feedback_link" href="">{str tag=placefeedback section=artefact.comment}</a> |
{/if}
......@@ -10,4 +9,4 @@
| <a id="toggle_watchlist_link" href="">{if $viewbeingwatched}{str tag=removefromwatchlist section=view}{else}{str tag=addtowatchlist section=view}{/if}</a>
| {contextualhelp plugintype='core' pluginname='view' section='viewmenu'}
{/if}
{/auto_escape}
......@@ -448,7 +448,6 @@ $smarty = smarty(
);
$smarty->assign('INLINEJAVASCRIPT', $js);
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('pagedescriptionhtml', get_string('editaccesspagedescription2', 'view'));
$smarty->assign('form', $form);
$smarty->display('view/access.tpl');
?>
$smarty->display('form.tpl');
......@@ -69,7 +69,8 @@ $columnsform = pieform(array(
$smarty = smarty(array(), array(), array(), array('sidebars' => false));
$smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('form', $columnsform);
$smarty->display('view/columns.tpl');
$smarty->assign('pagedescription', get_string('viewcolumnspagedescription', 'view'));
$smarty->display('form.tpl');
function viewcolumns_submit(Pieform $form, $values) {
global $view, $SESSION, $category, $new;
......
......@@ -93,7 +93,6 @@ if ($viewtype == 'profile') {
else {
define('TITLE', $view->get('title'));
}
$title = hsc(TITLE);
$submittedgroup = (int)$view->get('submittedgroup');
if ($USER->is_logged_in() && $submittedgroup && group_user_can_assess_submitted_views($submittedgroup, $USER->get('id'))) {
......@@ -101,10 +100,10 @@ if ($USER->is_logged_in() && $submittedgroup && group_user_can_assess_submitted_
// been submitted to, and is entitled to release the view
$submittedgroup = get_record('group', 'id', $submittedgroup);
if ($view->get('submittedtime')) {
$text = get_string('viewsubmittedtogroupon', 'view', get_config('wwwroot') . 'group/view.php?id=' . $submittedgroup->id, $submittedgroup->name, format_date(strtotime($view->get('submittedtime'))));
$text = get_string('viewsubmittedtogroupon', 'view', get_config('wwwroot') . 'group/view.php?id=' . $submittedgroup->id, hsc($submittedgroup->name), format_date(strtotime($view->get('submittedtime'))));
}
else {
$text = get_string('viewsubmittedtogroup', 'view', get_config('wwwroot') . 'group/view.php?id=' . $submittedgroup->id, $submittedgroup->name);
$text = get_string('viewsubmittedtogroup', 'view', get_config('wwwroot') . 'group/view.php?id=' . $submittedgroup->id, hsc($submittedgroup->name));
}
$releaseform = pieform(array(
'name' => 'releaseview',
......@@ -248,6 +247,8 @@ if (get_config('viewmicroheaders')) {
}
}
$title = hsc(TITLE);
if ($viewtype != 'profile' && !get_config('viewmicroheaders')) {
$title = $view->display_title();
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment