Commit 51aa39fb authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Enable auto_escape in view templates


Signed-off-by: default avatarRichard Mansfield <richardm@catalyst.net.nz>
parent 07528841
{include file="header.tpl"} {include file="header.tpl"}
{if $pagedescription}
<p>{$pagedescription}</p>
{elseif $pagedescriptionhtml}
{$pagedescriptionhtml|safe}
{/if}
{$form|safe} {$form|safe}
{include file="footer.tpl"} {include file="footer.tpl"}
\ No newline at end of file
{auto_escape off}
{include file="header.tpl"}
{str tag=editaccesspagedescription2 section=view}
{$form}
{include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
{if $microheaders}{include file="viewmicroheader.tpl"}{else}{include file="header.tpl"}{/if} {if $microheaders}{include file="viewmicroheader.tpl"}{else}{include file="header.tpl"}{/if}
<h2> <h2>
<a href="{$WWWROOT}view/view.php?id={$viewid}">{$viewtitle|escape}</a>{if $ownername} {str tag=by section=view} <a href="{$WWWROOT}view/view.php?id={$viewid}">{$viewtitle}</a>{if $ownername} {str tag=by section=view}
<a href="{$WWWROOT}{$ownerlink}">{$ownername|escape}</a>{/if}{foreach from=$artefactpath item=a}: <a href="{$WWWROOT}{$ownerlink}">{$ownername}</a>{/if}{foreach from=$artefactpath item=a}:
{if $a.url}<a href="{$a.url}">{/if}{$a.title|escape}{if $a.url}</a>{/if}{if $hasfeed}<a href="{$feedlink}"><img class="feedicon" src="{theme_url filename='images/rss.gif'}"></a>{/if} {if $a.url}<a href="{$a.url}">{/if}{$a.title}{if $a.url}</a>{/if}{if $hasfeed}<a href="{$feedlink}"><img class="feedicon" src="{theme_url filename='images/rss.gif'}"></a>{/if}
{/foreach} {/foreach}
</h2> </h2>
<div id="view"> <div id="view">
<div id="bottom-pane"> <div id="bottom-pane">
<div id="column-container"> <div id="column-container">
{$artefact} {$artefact|safe}
</div> </div>
</div> </div>
</div> </div>
...@@ -21,16 +20,16 @@ ...@@ -21,16 +20,16 @@
<table id="feedbacktable" class="fullwidth table"> <table id="feedbacktable" class="fullwidth table">
<thead><tr><th>{str tag="feedback" section="artefact.comment"}</th></tr></thead> <thead><tr><th>{str tag="feedback" section="artefact.comment"}</th></tr></thead>
<tbody> <tbody>
{$feedback->tablerows} {$feedback->tablerows|safe}
</tbody> </tbody>
</table> </table>
{$feedback->pagination} {$feedback->pagination|safe}
{/if} {/if}
<div id="viewmenu"> <div id="viewmenu">
{include file="view/viewmenu.tpl"} {include file="view/viewmenu.tpl"}
</div> </div>
<div>{$addfeedbackform}</div> <div>{$addfeedbackform|safe}</div>
<div>{$objectionform}</div> <div>{$objectionform|safe}</div>
</div> </div>
{if $microheaders}{include file="microfooter.tpl"}{else}{include file="footer.tpl"}{/if}{/auto_escape} {if $microheaders}{include file="microfooter.tpl"}{else}{include file="footer.tpl"}{/if}
{auto_escape off}
{include file="header.tpl"}
<p>{str tag="viewcolumnspagedescription" section="view"}</p>
{$form}
{include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
{include file="header.tpl"} {include file="header.tpl"}
<p>{str tag='viewlayoutpagedescription' section='view'}</p> <p>{str tag='viewlayoutpagedescription' section='view'}</p>
{$form_start_tag} {$form_start_tag|safe}
{foreach from=$options key=id item=description} {foreach from=$options key=id item=description}
<div class="fl"> <div class="fl">
...@@ -13,7 +12,7 @@ ...@@ -13,7 +12,7 @@
{else} {else}
<div><input type="radio" class="radio" name="layout" value="{$id}"></div> <div><input type="radio" class="radio" name="layout" value="{$id}"></div>
{/if} {/if}
<div>{$description|escape}</div> <div>{$description}</div>
</div> </div>
{/foreach} {/foreach}
<div class="cb"> <div class="cb">
...@@ -26,4 +25,3 @@ ...@@ -26,4 +25,3 @@
</form> </form>
{include file="footer.tpl"} {include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
{include file="header.tpl"} {include file="header.tpl"}
<div class="message"> <div class="message">
<p>{$message|escape}</p> <p>{$message}</p>
{$form} {$form|safe}
</div> </div>
{include file="footer.tpl"} {include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
{if $microheaders}{include file="viewmicroheader.tpl"}{else}{include file="header.tpl"}{/if} {if $microheaders}{include file="viewmicroheader.tpl"}{else}{include file="header.tpl"}{/if}
{if $maintitle}<h1>{$maintitle}</h1>{/if} {if $maintitle}<h1>{$maintitle|safe}</h1>{/if}
{if !$microheaders && $mnethost} {if !$microheaders && $mnethost}
<div class="rbuttons"> <div class="rbuttons">
...@@ -9,36 +8,36 @@ ...@@ -9,36 +8,36 @@
</div> </div>
{/if} {/if}
<p id="view-description">{$viewdescription|clean_html}</p> <p id="view-description">{$viewdescription|clean_html|safe}</p>
<div id="view" class="cb"> <div id="view" class="cb">
<div id="bottom-pane"> <div id="bottom-pane">
<div id="column-container"> <div id="column-container">
{$viewcontent} {$viewcontent|safe}
<div class="cb"> <div class="cb">
</div> </div>
</div> </div>
</div> </div>
<div class="viewfooter cb"> <div class="viewfooter cb">
{if $tags}<div class="tags">{str tag=tags}: {list_tags owner=$owner tags=$tags}</div>{/if} {if $tags}<div class="tags">{str tag=tags}: {list_tags owner=$owner tags=$tags}</div>{/if}
<div>{$releaseform}</div> <div>{$releaseform|safe}</div>
{if $view_group_submission_form}<div>{$view_group_submission_form}</div>{/if} {if $view_group_submission_form}<div>{$view_group_submission_form|safe}</div>{/if}
{if $feedback->count || $enablecomments} {if $feedback->count || $enablecomments}
<table id="feedbacktable" class="fullwidth table"> <table id="feedbacktable" class="fullwidth table">
<thead><tr><th>{str tag="feedback" section="artefact.comment"}</th></tr></thead> <thead><tr><th>{str tag="feedback" section="artefact.comment"}</th></tr></thead>
<tbody> <tbody>
{$feedback->tablerows} {$feedback->tablerows|safe}
</tbody> </tbody>
</table> </table>
{$feedback->pagination} {$feedback->pagination|safe}
{/if} {/if}
<div id="viewmenu"> <div id="viewmenu">
{include file="view/viewmenu.tpl" enablecomments=$enablecomments} {include file="view/viewmenu.tpl" enablecomments=$enablecomments}
</div> </div>
{if $addfeedbackform}<div>{$addfeedbackform}</div>{/if} {if $addfeedbackform}<div>{$addfeedbackform|safe}</div>{/if}
{if $objectionform}<div>{$objectionform}</div>{/if} {if $objectionform}<div>{$objectionform|safe}</div>{/if}
</div> </div>
</div> </div>
{if $visitstring}<div class="ctime center s">{$visitstring}</div>{/if} {if $visitstring}<div class="ctime center s">{$visitstring}</div>{/if}
{if $microheaders}{include file="microfooter.tpl"}{else}{include file="footer.tpl"}{/if}{/auto_escape} {if $microheaders}{include file="microfooter.tpl"}{else}{include file="footer.tpl"}{/if}
{auto_escape off}
{if $enablecomments} {if $enablecomments}
<a id="add_feedback_link" href="">{str tag=placefeedback section=artefact.comment}</a> | <a id="add_feedback_link" href="">{str tag=placefeedback section=artefact.comment}</a> |
{/if} {/if}
...@@ -10,4 +9,4 @@ ...@@ -10,4 +9,4 @@
| <a id="toggle_watchlist_link" href="">{if $viewbeingwatched}{str tag=removefromwatchlist section=view}{else}{str tag=addtowatchlist section=view}{/if}</a> | <a id="toggle_watchlist_link" href="">{if $viewbeingwatched}{str tag=removefromwatchlist section=view}{else}{str tag=addtowatchlist section=view}{/if}</a>
| {contextualhelp plugintype='core' pluginname='view' section='viewmenu'} | {contextualhelp plugintype='core' pluginname='view' section='viewmenu'}
{/if} {/if}
{/auto_escape}
...@@ -448,7 +448,6 @@ $smarty = smarty( ...@@ -448,7 +448,6 @@ $smarty = smarty(
); );
$smarty->assign('INLINEJAVASCRIPT', $js); $smarty->assign('INLINEJAVASCRIPT', $js);
$smarty->assign('PAGEHEADING', hsc(TITLE)); $smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('pagedescriptionhtml', get_string('editaccesspagedescription2', 'view'));
$smarty->assign('form', $form); $smarty->assign('form', $form);
$smarty->display('view/access.tpl'); $smarty->display('form.tpl');
?>
...@@ -69,7 +69,8 @@ $columnsform = pieform(array( ...@@ -69,7 +69,8 @@ $columnsform = pieform(array(
$smarty = smarty(array(), array(), array(), array('sidebars' => false)); $smarty = smarty(array(), array(), array(), array('sidebars' => false));
$smarty->assign('PAGEHEADING', hsc(TITLE)); $smarty->assign('PAGEHEADING', hsc(TITLE));
$smarty->assign('form', $columnsform); $smarty->assign('form', $columnsform);
$smarty->display('view/columns.tpl'); $smarty->assign('pagedescription', get_string('viewcolumnspagedescription', 'view'));
$smarty->display('form.tpl');
function viewcolumns_submit(Pieform $form, $values) { function viewcolumns_submit(Pieform $form, $values) {
global $view, $SESSION, $category, $new; global $view, $SESSION, $category, $new;
......
...@@ -93,7 +93,6 @@ if ($viewtype == 'profile') { ...@@ -93,7 +93,6 @@ if ($viewtype == 'profile') {
else { else {
define('TITLE', $view->get('title')); define('TITLE', $view->get('title'));
} }
$title = hsc(TITLE);
$submittedgroup = (int)$view->get('submittedgroup'); $submittedgroup = (int)$view->get('submittedgroup');
if ($USER->is_logged_in() && $submittedgroup && group_user_can_assess_submitted_views($submittedgroup, $USER->get('id'))) { if ($USER->is_logged_in() && $submittedgroup && group_user_can_assess_submitted_views($submittedgroup, $USER->get('id'))) {
...@@ -101,10 +100,10 @@ if ($USER->is_logged_in() && $submittedgroup && group_user_can_assess_submitted_ ...@@ -101,10 +100,10 @@ if ($USER->is_logged_in() && $submittedgroup && group_user_can_assess_submitted_
// been submitted to, and is entitled to release the view // been submitted to, and is entitled to release the view
$submittedgroup = get_record('group', 'id', $submittedgroup); $submittedgroup = get_record('group', 'id', $submittedgroup);
if ($view->get('submittedtime')) { if ($view->get('submittedtime')) {
$text = get_string('viewsubmittedtogroupon', 'view', get_config('wwwroot') . 'group/view.php?id=' . $submittedgroup->id, $submittedgroup->name, format_date(strtotime($view->get('submittedtime')))); $text = get_string('viewsubmittedtogroupon', 'view', get_config('wwwroot') . 'group/view.php?id=' . $submittedgroup->id, hsc($submittedgroup->name), format_date(strtotime($view->get('submittedtime'))));
} }
else { else {
$text = get_string('viewsubmittedtogroup', 'view', get_config('wwwroot') . 'group/view.php?id=' . $submittedgroup->id, $submittedgroup->name); $text = get_string('viewsubmittedtogroup', 'view', get_config('wwwroot') . 'group/view.php?id=' . $submittedgroup->id, hsc($submittedgroup->name));
} }
$releaseform = pieform(array( $releaseform = pieform(array(
'name' => 'releaseview', 'name' => 'releaseview',
...@@ -248,6 +247,8 @@ if (get_config('viewmicroheaders')) { ...@@ -248,6 +247,8 @@ if (get_config('viewmicroheaders')) {
} }
} }
$title = hsc(TITLE);
if ($viewtype != 'profile' && !get_config('viewmicroheaders')) { if ($viewtype != 'profile' && !get_config('viewmicroheaders')) {
$title = $view->display_title(); $title = $view->display_title();
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment