Commit 63a80723 authored by Nigel McNie's avatar Nigel McNie
Browse files

I18n-ise and properly escape variables in the admin user search template. Fixes #1635.

Also removed styles for the old administer templates screen that I found along the way.
parent 66027700
......@@ -260,6 +260,9 @@ $string['institutionupdatedsuccessfully'] = 'Institution updated successfully';
$string['registrationallowed'] = 'Registration allowed?';
$string['registrationalloweddescription'] = 'Whether users can register for the system with this institution';
// Admin User Search
$string['Query'] = 'Query';
$string['Institution'] = 'Institution';
// general stuff
$string['notificationssaved'] = 'Notification settings saved';
......
......@@ -1390,36 +1390,6 @@ a.folderhover {
/* Administer Extensions styles */
.maincontent #admintemplates tr th {
font-weight: bold;
color: #3a5813;
background: #e5e8da;
margin: 0;
padding: 2px 4px 2px 4px;
}
.maincontent #admintemplates tr td {
padding: 3px;
}
.maincontent #admintemplates #admintemplates_reinstall {
border: 0;
color: #FFF;
font-weight: bold;
font-size: 11px;
background: url(../images/btn_reinstall.gif) no-repeat;
width: 60px;
height: 18px;
padding: 2px 7px 2px 7px;
}
.maincontent #admintemplates #admintemplates_install {
border: 0;
color: #eef7d4;
font-weight: bold;
font-size: 11px;
background: url(../images/btn_install.gif) no-repeat;
width: 60px;
height: 18px;
padding: 2px 14px 2px 14px;
}
.maincontent #pluginconfig table {
padding: 10px;
border: 0;
......@@ -1569,6 +1539,9 @@ table#initials .initial-letters {
text-decoration: none;
font-weight: bold;
}
.searchform .institutions {
padding-left: 1em;
}
.pagination a, .pagination .disabled {
border: 1px solid #547C22;
......
......@@ -9,11 +9,11 @@
<td class="initial-label">{str tag="firstname"}:</td>
<td class="initial-letters">
<span class="first-initial{if empty($search->f)} selected{/if} all">
<a href="{$WWWROOT}admin/users/search.php{if $search->l}?l={$search->l}{/if}">{str tag="all"}</a>
<a href="{$WWWROOT}admin/users/search.php{if $search->l}?l={$search->l|escape}{/if}">{str tag="all"}</a>
</span>
{foreach from=$alphabet item=a}
<span class="first-initial{if $a == $search->f} selected{/if}">
<a href="{$WWWROOT}admin/users/search.php?f={$a}{if $search->l}&amp;l={$search->l}{/if}">{$a}</a>
<a href="{$WWWROOT}admin/users/search.php?f={$a}{if $search->l}&amp;l={$search->l|escape}{/if}">{$a}</a>
</span>
{/foreach}
</td>
......@@ -22,11 +22,11 @@
<td class="initial-label">{str tag="lastname"}:</td>
<td class="initial-letters">
<span class="last-initial{if empty($search->l)} selected{/if} all">
<a href="{$WWWROOT}admin/users/search.php{if $search->f}?f={$search->f}{/if}">{str tag="all"}</a>
<a href="{$WWWROOT}admin/users/search.php{if $search->f}?f={$search->f|escape}{/if}">{str tag="all"}</a>
</span>
{foreach from=$alphabet item=a}
<span class="last-initial{if $a == $search->l} selected{/if}">
<a href="{$WWWROOT}admin/users/search.php?l={$a}{if $search->f}&amp;f={$search->f}{/if}">{$a}</a>
<a href="{$WWWROOT}admin/users/search.php?l={$a}{if $search->f}&amp;f={$search->f|escape}{/if}">{$a}</a>
</span>
{/foreach}
</td>
......@@ -34,16 +34,16 @@
</tbody></table>
<form action="{$WWWROOT}admin/users/search.php" method="post">
<div class="searchform">
<label>Query:
<input type="text" name="query" id="query"{if !empty($search->query)} value="{$search->query}"{/if}>
<label>{str tag='Query' section='admin'}:
<input type="text" name="query" id="query"{if !empty($search->query)} value="{$search->query|escape}"{/if}>
</label>
{if $USER->get('admin') && !empty($institutions)}
<span class="institutions">
<label>Institution:
<label>{str tag='Institution' section='admin'}:
<select name="institution">
<option value=all>{str tag=all}</option>
{foreach from=$institutions item=i}
<option value={$i->name}>{$i->displayname}</option>
<option value={$i->name|escape}>{$i->displayname|escape}</option>
{/foreach}
</select>
</label>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment