Commit 9a28149b authored by Jono Mingard's avatar Jono Mingard Committed by Jono Mingard

Ensure pieforms labels are always escaped (Bug #1496683)

Remove the 'labelescaped' attribute entirely since it doesn't look
like that was being used for anything vital.

behatnotneeded

Change-Id: Ibab70cfdf04862ff364d10d0cf8d49ae37e39858
parent d1bfcdad
......@@ -639,7 +639,6 @@ $string['email'] = 'Email';
$string['emails'] = 'Emails';
$string['subject'] = 'Subject';
$string['message'] = 'Message';
$string['messageoptional'] = 'Message <span class="accessible-hidden sr-only">(optional)</span>';
$string['messagesent'] = 'Your message has been sent';
$string['nosendernamefound'] = 'No sender name was submitted';
$string['emailnotsent'] = 'Failed to send contact email. Error message: "%s"';
......
......@@ -33,7 +33,7 @@ function pieform_element_checkboxes(Pieform $form, $element) {/*{{{*/
$elementtitle = '';
if (isset($element['title'])) {
$elementtitle = '<span class="accessible-hidden sr-only">' . $element['title'] . ': </span>';
$elementtitle = '<span class="accessible-hidden sr-only">' . Pieform::hsc($element['title']) . ': </span>';
}
foreach ($element['elements'] as $e) {
......
......@@ -48,7 +48,7 @@ EOF;
$title = '';
if (!empty($element['title'])) {
$title = '<span class="accessible-hidden sr-only">' . $element['title'] . ':</span>';
$title = '<span class="accessible-hidden sr-only">' . Pieform::hsc($element['title']) . ':</span>';
}
$optional .= ' <input type="checkbox" '
......
......@@ -1481,7 +1481,7 @@ EOF;
// Element title
if (isset($element['title']) && $element['title'] !== '') {
$title = (!empty($element['labelescaped'])) ? $element['title'] : self::hsc($element['title']);
$title = self::hsc($element['title']);
if ($this->get_property('requiredmarker') && !empty($element['rules']['required'])) {
$requiredmarker = ' <span class="requiredmarker">*</span>';
......
......@@ -72,7 +72,7 @@ EOF;
. 'tabindex="' . Pieform::hsc($element['tabindex']) . '">';
$optional .= ' <label for="' . $name . '_optional">'
. $form->i18n('element', 'date', 'specify', $element) . ': '
. $element['title'] . '</label> ';
. Pieform::hsc($element['title']) . '</label> ';
$result .= $optional;
}
......
......@@ -52,8 +52,7 @@ $form = pieform(array(
'elements' => array(
'message' => array(
'type' => 'textarea',
'title' => get_string('messageoptional'),
'labelescaped' => true,
'title' => get_string('message'),
'cols' => 50,
'rows' => 4,
'rules' => array(
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment