Move display_name html-escaping out of templates and into the dwoo function

There is an existing display_name dwoo function which calls the user/lib.php function with the same name. This change wraps that call in hsc(), and removes explicit escaping from all the templates that use it. In future, template authors won't have to remember to put "|escape" after every call to display_name. Change-Id: Ia8a614f6679f6cfa1b17508b2c820717cc311ef4 Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Move display_name html-escaping out of templates and into the dwoo function
There is an existing display_name dwoo function which calls the user/lib.php function with the same name. This change wraps that call in hsc(), and removes explicit escaping from all the templates that use it. In future, template authors won't have to remember to put "|escape" after every call to display_name. Change-Id: Ia8a614f6679f6cfa1b17508b2c820717cc311ef4 Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>
a01aa612 · Richard Mansfield · 5acb37f7 · a01aa612 · a01aa612 · a01aa612
Commit a01aa612 authored May 17, 2011 by Richard Mansfield
--- a/htdocs/artefact/comment/theme/raw/commentlist.tpl
+++ b/htdocs/artefact/comment/theme/raw/commentlist.tpl
@@ -14,9 +14,9 @@
      <div class="details commentleft">
      {if $item->author}
        <div class="icon"><a href="{$WWWROOT}user/view.php?id={$item->author->id}">
-          <img src="{profile_icon_url user=$item->author maxheight=40 maxwidth=40}" valign="middle" alt="{$item->author|display_name|escape}">
+          <img src="{profile_icon_url user=$item->author maxheight=40 maxwidth=40}" valign="middle" alt="{$item->author|display_name}">
        </a><br />
-        <a href="{$WWWROOT}user/view.php?id={$item->author->id}" class="username">{$item->author|display_name|escape}</a></div>
+        <a href="{$WWWROOT}user/view.php?id={$item->author->id}" class="username">{$item->author|display_name}</a></div>
      {else}
        {$item->authorname}
      {/if}

--- a/htdocs/blocktype/recentforumposts/theme/raw/latestforumposts.tpl
+++ b/htdocs/blocktype/recentforumposts/theme/raw/latestforumposts.tpl
@@ -3,7 +3,7 @@
        {foreach from=$foruminfo item=postinfo}
            <tr class="{cycle values='r0,r1'}">
                <td><h4><a href="{$WWWROOT}interaction/forum/topic.php?id={$postinfo->topic|escape}#post{$postinfo->id}">{$postinfo->topicname}</a></h4><div class="s">{$postinfo->body|str_shorten_html:100:true|safe}</div></td>
-                <td class="valign s right"><a href="{$WWWROOT}user/view.php?id={$postinfo->poster}"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=16&amp;id={$postinfo->poster}" alt=""> {$postinfo->poster|display_name|escape}</a>
+                <td class="valign s right"><a href="{$WWWROOT}user/view.php?id={$postinfo->poster}"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=16&amp;id={$postinfo->poster}" alt=""> {$postinfo->poster|display_name}</a>
                </td>
            </tr>
        {/foreach}

--- a/htdocs/blocktype/recentforumposts/theme/raw/recentforumposts.tpl
+++ b/htdocs/blocktype/recentforumposts/theme/raw/recentforumposts.tpl
@@ -5,7 +5,7 @@
                <tr class="{cycle values='r0,r1'}">
                	<td><strong><a href="{$WWWROOT}interaction/forum/topic.php?id={$postinfo->topic}#post{$postinfo->id}">{$postinfo->topicname}</a></strong><br />
                    <div class="s">{$postinfo->body|str_shorten_html:100:true|safe}</div></td>
-                    <td class="valign s center"><a href="{$WWWROOT}user/view.php?id={$postinfo->poster}"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$postinfo->poster}" alt=""><br />{$postinfo->poster|display_name|escape}</a></td>
+                    <td class="valign s center"><a href="{$WWWROOT}user/view.php?id={$postinfo->poster}"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$postinfo->poster}" alt=""><br />{$postinfo->poster|display_name}</a></td>
            	</tr>
                {/foreach}
        		</table>

--- a/htdocs/interaction/forum/theme/raw/index.tpl
+++ b/htdocs/interaction/forum/theme/raw/index.tpl
@@ -26,7 +26,7 @@
                <span>{str tag="Moderators" section="interaction.forum"}:</span>
                {foreach from=$forum->moderators item=mod}
                    <a href="{$WWWROOT}user/view.php?id={$mod}"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$mod}" alt=""></a>
-                    <a href="{$WWWROOT}user/view.php?id={$mod}" class="moderator">{$mod|display_name:null:true|escape}</a>
+                    <a href="{$WWWROOT}user/view.php?id={$mod}" class="moderator">{$mod|display_name:null:true}</a>
                {/foreach}
            </div>
            {/if}
@@ -51,7 +51,7 @@
 	<label>{str tag="groupadminlist" section="interaction.forum"}</label>
 	{foreach from=$groupadmins item=groupadmin}
    <span class="inlinelist">
-        <a href="{$WWWROOT}user/view.php?id={$groupadmin}" class="groupadmin"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$groupadmin}" alt=""> {$groupadmin|display_name|escape}</a>
+        <a href="{$WWWROOT}user/view.php?id={$groupadmin}" class="groupadmin"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$groupadmin}" alt=""> {$groupadmin|display_name}</a>
    </span>
    {/foreach}
 </div>

--- a/htdocs/interaction/forum/theme/raw/post.tpl
+++ b/htdocs/interaction/forum/theme/raw/post.tpl
 {if $post->deleted}
-{assign var=poster value=$post->poster|display_name|escape}
-<h4 class="deletedpost">{str tag="postbyuserwasdeleted" section="interaction.forum" args=$poster}</h4>
+<h4 class="deletedpost">{str tag="postbyuserwasdeleted" section="interaction.forum" args=display_name($post->poster)}</h4>
 {else}
 {if $post->parent}
 {include file="interaction:forum:simplepost.tpl" post=$post groupadmins=$groupadmins}

--- a/htdocs/interaction/forum/theme/raw/simplepost.tpl
+++ b/htdocs/interaction/forum/theme/raw/simplepost.tpl
@@ -11,7 +11,7 @@
 	<td class="forumpostleft">
      <div class="author">
         <img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=40&amp;id={$post->poster}" alt="" class="center">
-         <div class="poster"><a href="{$WWWROOT}user/view.php?id={$post->poster}"{if in_array($post->poster, $groupadmins)} class="groupadmin"{elseif $post->moderator} class="moderator"{/if}>{$post->poster|display_name|escape}</a></div>
+         <div class="poster"><a href="{$WWWROOT}user/view.php?id={$post->poster}"{if in_array($post->poster, $groupadmins)} class="groupadmin"{elseif $post->moderator} class="moderator"{/if}>{$post->poster|display_name}</a></div>
         {if $post->postcount}<div class="postcount">{$post->postcount}</div>{/if}
      </div>
    </td>
@@ -28,7 +28,7 @@
                {/if}
                >
                <img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$edit.editor}" alt="">
-                {$edit.editor|display_name|escape}
+                {$edit.editor|display_name}
                </a>
                {$edit.edittime}
            </li>

--- a/htdocs/interaction/forum/theme/raw/topics.tpl
+++ b/htdocs/interaction/forum/theme/raw/topics.tpl
@@ -19,13 +19,13 @@
    </td>
    <td class="s">
        <a href="{$WWWROOT}user/view.php?id={$topic->poster}"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$topic->poster}" alt=""></a>
-        <a href="{$WWWROOT}user/view.php?id={$topic->poster}" class="forumuser{if in_array($topic->poster, $groupadmins)} groupadmin{elseif $topic->moderator} moderator{/if}">{$topic->poster|display_name:null:true|escape}</a>
+        <a href="{$WWWROOT}user/view.php?id={$topic->poster}" class="forumuser{if in_array($topic->poster, $groupadmins)} groupadmin{elseif $topic->moderator} moderator{/if}">{$topic->poster|display_name:null:true}</a>
    </td>
    <td class="center s">{$topic->postcount}</td>
    <td class="s">
    {if !$topic->lastpostdeleted}
    <a href="{$WWWROOT}interaction/forum/topic.php?id={$topic->id}#post{$topic->lastpost}">{$topic->lastposttime}</a> {str tag=by section=view}
-    <a href="{$WWWROOT}user/view.php?id={$topic->lastposter}" {if in_array($topic->lastposter, $groupadmins)} class="groupadmin"{elseif $topic->lastpostermoderator} class="moderator"{/if}>{$topic->lastposter|display_name:null:true|escape}</a>
+    <a href="{$WWWROOT}user/view.php?id={$topic->lastposter}" {if in_array($topic->lastposter, $groupadmins)} class="groupadmin"{elseif $topic->lastpostermoderator} class="moderator"{/if}>{$topic->lastposter|display_name:null:true}</a>
    {/if}
    </td>
    {if $moderator}

--- a/htdocs/interaction/forum/theme/raw/view.tpl
+++ b/htdocs/interaction/forum/theme/raw/view.tpl
@@ -71,7 +71,7 @@
 	{foreach from=$groupadmins item=groupadmin}
    <span class="s inlinelist">
        <a href="{$WWWROOT}user/view.php?id={$groupadmin}"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$groupadmin}" alt=""></a>
-        <a href="{$WWWROOT}user/view.php?id={$groupadmin}" class="groupadmin">{$groupadmin|display_name|escape}</a>
+        <a href="{$WWWROOT}user/view.php?id={$groupadmin}" class="groupadmin">{$groupadmin|display_name}</a>
    </span>
    {/foreach}
 	{if $moderators}
@@ -80,7 +80,7 @@
        {foreach from=$moderators item=mod}
        <span class="s inlinelist">
            <a href="{$WWWROOT}user/view.php?id={$mod}"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$mod}" alt=""></a>
-            <a href="{$WWWROOT}user/view.php?id={$mod}" class="moderator">{$mod|display_name|escape}</a>
+            <a href="{$WWWROOT}user/view.php?id={$mod}" class="moderator">{$mod|display_name}</a>
        </span>
        {/foreach}
    </div>

--- a/htdocs/lib/dwoo/mahara/plugins/function.display_name.php
+++ b/htdocs/lib/dwoo/mahara/plugins/function.display_name.php
@@ -14,7 +14,7 @@ function Dwoo_Plugin_display_name(Dwoo $dwoo, $user, $userto=null, $nameonly=fal
        return '';
    }

-    return display_name($user, $userto, $nameonly, $realname);
+    return hsc(display_name($user, $userto, $nameonly, $realname));
 }

 ?>
--- a/htdocs/theme/raw/templates/admin/users/edit.tpl
+++ b/htdocs/theme/raw/templates/admin/users/edit.tpl
@@ -18,7 +18,7 @@
 <tr><td class="center">
    <div id="profilepict">
        <a href="{$WWWROOT}user/view.php?id={$user->id}"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxwidth=100&amp;maxheight=100&amp;id={$user->id}" alt=""></a>
-        <div id="profilename"><a href="{$WWWROOT}user/view.php?id={$user->id}">{$user|display_name|escape}</a></div>
+        <div id="profilename"><a href="{$WWWROOT}user/view.php?id={$user->id}">{$user|display_name}</a></div>
    </div>
    {if $loginas}
       <div id="loginas"><a class="btn" href="{$WWWROOT}admin/users/changeuser.php?id={$user->id}">{str tag=loginas section=admin}</a></div>

--- a/htdocs/theme/raw/templates/admin/users/notifications.tpl
+++ b/htdocs/theme/raw/templates/admin/users/notifications.tpl
@@ -15,7 +15,7 @@
 {foreach from=$users item='user' key='userid'}
                <tr class="{cycle values="r0,r1"}">
                    <td class='center'><img src="{$WWWROOT}thumb.php?type=profileicon&maxwidth=40&maxheight=40&id={$userid}" alt="profile picture"/></td>
-                    <td>{$user.user|display_name|escape}</td>
+                    <td>{$user.user|display_name}</td>
                    <td>
                    {foreach from=$user.user->institutions item=i}
                        <div>{$i}</div>

--- a/htdocs/theme/raw/templates/group/group.tpl
+++ b/htdocs/theme/raw/templates/group/group.tpl
 <h3><a href="{$WWWROOT}group/view.php?id={$group->id}">{$group->name}</a></h3>
-<h6>{foreach name=admins from=$group->admins item=id}<a href="{$WWWROOT}user/view.php?id={$id}">{$id|display_name|escape}</a>{if !$.foreach.admins.last}, {/if}{/foreach}</h6>
+<h6>{foreach name=admins from=$group->admins item=id}<a href="{$WWWROOT}user/view.php?id={$id}">{$id|display_name}</a>{if !$.foreach.admins.last}, {/if}{/foreach}</h6>
 <div class="inline s"> - {$group->settingsdescription}
 {$group->description|str_shorten_html:100:true|safe}</div>
 {if $group->membercount}

--- a/htdocs/theme/raw/templates/group/info.tpl
+++ b/htdocs/theme/raw/templates/group/info.tpl
                <ul>
                    <li><label class="groupinfolabel">{str tag=groupadmins section=group}:</label> {foreach name=admins from=$group->admins item=id}
                    <img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$id}" alt="">
-                    <a href="{$WWWROOT}user/view.php?id={$id}">{$id|display_name|escape}</a>{if !$.foreach.admins.last}, {/if}
+                    <a href="{$WWWROOT}user/view.php?id={$id}">{$id|display_name}</a>{if !$.foreach.admins.last}, {/if}
                    {/foreach}</li>
                    <li><label class="groupinfolabel">{str tag=grouptype section=group}:</label> {$group->settingsdescription}</li>
                    {if $group->categorytitle}<li><label>{str tag=groupcategory section=group}:</label> {$group->categorytitle}</li>{/if}

--- a/htdocs/theme/raw/templates/group/topicrows.tpl
+++ b/htdocs/theme/raw/templates/group/topicrows.tpl
@@ -10,7 +10,7 @@
      <td class="center">{$topic->postcount}</td>
      <td>
        <div class="s">{$topic->body|str_shorten_html:80:true|strip_tags|safe}</div>
-        <span class="s poster"><a href="{$WWWROOT}user/view.php?id={$topic->poster}">{$topic->poster|display_name|escape}</a></span>
+        <span class="s poster"><a href="{$WWWROOT}user/view.php?id={$topic->poster}">{$topic->poster|display_name}</a></span>
        <span class="postedon nowrap"> - {$topic->ctime|strtotime|format_date:'strftimerecent'}</span>
      </td>
    </tr>

--- a/htdocs/theme/raw/templates/sideblocks/onlineusers.tpl
+++ b/htdocs/theme/raw/templates/sideblocks/onlineusers.tpl
@@ -3,7 +3,7 @@
    <div class="sidebar-content">
        <ul class="cr">
 {foreach from=$sbdata.users item=user}
-            <li><a href="{$WWWROOT}user/view.php?id={$user->id}"><div class="profile-icon-container"><img src="{$user->profileiconurl}" alt=""></div>{$user|display_name|escape}</a>{if $user->loggedinfrom} ({$user->loggedinfrom}){/if}</li>
+            <li><a href="{$WWWROOT}user/view.php?id={$user->id}"><div class="profile-icon-container"><img src="{$user->profileiconurl}" alt=""></div>{$user|display_name}</a>{if $user->loggedinfrom} ({$user->loggedinfrom}){/if}</li>
 {/foreach}
        </ul>
    </div>

--- a/htdocs/theme/raw/templates/user/sendmessage.tpl
+++ b/htdocs/theme/raw/templates/user/sendmessage.tpl
@@ -11,9 +11,9 @@
          <td>
            <h5>
        {if $message->from == $user->id}
-              <a href="{$WWWROOT}user/view.php?id={$user->id}">{$user|display_name|escape}</a>
+              <a href="{$WWWROOT}user/view.php?id={$user->id}">{$user|display_name}</a>
        {else}
-              <a href="{$WWWROOT}user/view.php?id={$USER->id}">{$USER|display_name|escape}</a>
+              <a href="{$WWWROOT}user/view.php?id={$USER->id}">{$USER|display_name}</a>
        {/if}
              <span class="postedon">{$message->ctime|strtotime|format_date}</span>
            </h5>

--- a/htdocs/theme/raw/templates/user/simpleuser.tpl
+++ b/htdocs/theme/raw/templates/user/simpleuser.tpl
@@ -2,7 +2,7 @@
    <div class="fl">
        <img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxwidth=50&amp;maxheight=50&amp;id={$user->id}" alt="">
    </div>
-    <h3><a href="{$WWWROOT}user/view.php?id={$user->id}">{$user|display_name|escape}</a></h3>
+    <h3><a href="{$WWWROOT}user/view.php?id={$user->id}">{$user|display_name}</a></h3>
    {if $user->introduction}
    <p>{$user->introduction|clean_html|safe}</p>
    {else}

--- a/htdocs/theme/raw/templates/view/accesslistrow.tpl
+++ b/htdocs/theme/raw/templates/view/accesslistrow.tpl
@@ -14,7 +14,7 @@
          {elseif $accessgroup.accesstype == 'group'}
            <a href="{$WWWROOT}group/view.php?id={$accessgroup.id}">{$accessgroup.name}</a>{if $accessgroup.role} ({$accessgroup.roledisplay}){/if}
          {elseif $accessgroup.accesstype == 'user'}
-            <a href="{$WWWROOT}user/view.php?id={$accessgroup.id}">{$accessgroup.id|display_name|escape}</a>
+            <a href="{$WWWROOT}user/view.php?id={$accessgroup.id}">{$accessgroup.id|display_name}</a>
          {/if}
          {if $accessgroup.startdate}
            {if $accessgroup.stopdate}

--- a/htdocs/theme/raw/templates/view/sharedviewrows.tpl
+++ b/htdocs/theme/raw/templates/view/sharedviewrows.tpl
@@ -23,7 +23,7 @@
            <a href="{$WWWROOT}view/view.php?id={$view.id}&showcomment={$view.commentid}" class="fr btn" title="{str tag=viewcomment section=artefact.comment}">{str tag=viewcomment section=artefact.comment}</a>
            <div>{$view.commenttext|str_shorten_html:40:true|strip_tags|safe}</div>
          {if $view.commentauthor}
-            <a href="{$WWWROOT}user/view.php?id={$view.commentauthor}" class="poster">{$view.commentauthor|display_name|escape}</a>
+            <a href="{$WWWROOT}user/view.php?id={$view.commentauthor}" class="poster">{$view.commentauthor|display_name}</a>
          {else}
            {$view.commentauthorname}
          {/if}

--- a/htdocs/theme/raw/templates/viewmicroheader.tpl
+++ b/htdocs/theme/raw/templates/viewmicroheader.tpl
@@ -22,7 +22,7 @@
 {if $LOGGEDIN}
        <div id="mainnav-container" class="nav">
         <div id="mainnav" class="js-hidden">
-          <strong><a href="{$WWWROOT}user/view.php">{$USER|display_name:null:true|escape}</a>:</strong> 
+          <strong><a href="{$WWWROOT}user/view.php">{$USER|display_name:null:true}</a>:</strong>
          {foreach from=$MAINNAV item=item}
            {if $item.path}
              <a href="{$WWWROOT}{$item.url}">{$item.title}</a> |