Commit 7f9082b6 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Enable auto_escape in remaining templates (fixes bug #669307)


Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
parent ea65a307
{auto_escape off}
{include file="header.tpl"}
<div id="planswrap">
{$editform}
{$editform|safe}
</div>
{include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
<div class="group-info">
<div class="fr">
{include file="group/groupuserstatus.tpl" group=$group returnto='view'}
</div>
{include file="group/info.tpl"}
</div>
{/auto_escape}
{auto_escape off}
<div class="friends">
{if $groupmembers}
<table id="userfriendstable" class="center fullwidth">
<tbody>
{$groupmembers.tablerows}
{$groupmembers.tablerows|safe}
</tbody>
</table>
{/if}
<a class="morelink" href="{$show_all.url}">{$show_all.message|escape} &raquo;</a>
<a class="morelink" href="{$show_all.url}">{$show_all.message} &raquo;</a>
</div>
{/auto_escape}
{auto_escape off}
{foreach from=$groupmembers item=row}
<tr>
{foreach from=$row item=groupmember}
......@@ -11,4 +10,3 @@
{/foreach}
</tr>
{/foreach}
{/auto_escape}
......@@ -119,12 +119,9 @@ class PluginBlocktypeGroupViews extends SystemBlocktype {
if (!empty($data['mysubmittedviews'])) {
foreach ($data['mysubmittedviews'] as &$v) {
$url = get_config('wwwroot') . 'view/view.php?id=' . $v['id'];
$v['url'] = get_config('wwwroot') . 'view/view.php?id=' . $v['id'];
if ($v['submittedtime']) {
$v['strsubmitted'] = get_string('youhavesubmittedon', 'view', $url, $v['title'], format_date($v['submittedtime']));
}
else {
$v['strsubmitted'] = get_string('youhavesubmitted', 'view', $url, $v['title']);
$v['submittedtime'] = format_date($v['submittedtime']);
}
}
}
......
{auto_escape off}
{if $sharedviews}
<div class="groupviewsection">
<h5>{str tag="viewssharedtogroupbyothers" section="view"}</h5>
......@@ -6,7 +5,7 @@
{foreach from=$sharedviews item=view}
<tr class="{cycle values='r0,r1'}">
<td>
<a href="{$WWWROOT}view/view.php?id={$view.id}">{$view.title|escape}</a>
<a href="{$WWWROOT}view/view.php?id={$view.id}">{$view.title}</a>
{if $view.sharedby}
{str tag=by section=view}
{if $view.group}
......@@ -17,7 +16,7 @@
{$view.sharedby}
{/if}
{/if}
<div>{$view.shortdescription|clean_html}</div>
<div>{$view.shortdescription}</div>
{if $view.tags}<div class="tags"><label>{str tag=tags}:</label> {list_tags owner=$view.owner tags=$view.tags}</div>{/if}
{if $view.template}
<div><a href="">{str tag=copythisview section=view}</a></div>
......@@ -29,6 +28,7 @@
</div>
{/if}
{if $mysubmittedviews || $group_view_submission_form}
<div class="groupviewsection">
{if $group_view_submission_form}
......@@ -37,14 +37,18 @@
<table class="fullwidth listing">
{if $mysubmittedviews}
{foreach from=$mysubmittedviews item=view}
<tr class="{cycle values='r0,r1'}">
<td class="submittedform">{$view.strsubmitted}</td>
</tr>
<tr class="{cycle values='r0,r1'}"><td class="submittedform">
{if $view.submittedtime}
{str tag=youhavesubmittedon section=view arg1=$view.url arg2=$view.title arg3=$view.submittedtime}
{else}
{str tag=youhavesubmitted section=view arg1=$view.url arg2=$view.title}
{/if}
</td></tr>
{/foreach}
{/if}
{if $group_view_submission_form}
<tr class="{cycle values='r0,r1'}">
<td class="submissionform">{$group_view_submission_form}</td>
<td class="submissionform">{$group_view_submission_form|safe}</td>
</tr>
{/if}
</table>
......@@ -58,7 +62,7 @@
{foreach from=$allsubmittedviews item=view}
<tr class="{cycle values='r0,r1'}">
<td>
<a href="{$WWWROOT}view/view.php?id={$view.id}">{$view.title|escape}</a>
<a href="{$WWWROOT}view/view.php?id={$view.id}">{$view.title}</a>
{if $view.sharedby}
{str tag=by section=view}
<a href="{$WWWROOT}user/view.php?id={$view.owner}">{$view.sharedby}</a>
......@@ -74,5 +78,3 @@
</table>
</div>
{/if}
{/auto_escape}
{auto_escape off}
{include file="header.tpl"}
<p>{str tag=managegroupdescription section=admin}</p>
<div class="userlistform">
{$managegroupform}
{$managegroupform|safe}
</div>
{include file="footer.tpl"}
{/auto_escape}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment