Commit a01aa612 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Move display_name html-escaping out of templates and into the dwoo function



There is an existing display_name dwoo function which calls the
user/lib.php function with the same name.  This change wraps that
call in hsc(), and removes explicit escaping from all the templates
that use it.  In future, template authors won't have to remember to
put "|escape" after every call to display_name.

Change-Id: Ia8a614f6679f6cfa1b17508b2c820717cc311ef4
Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
parent 5acb37f7
......@@ -14,9 +14,9 @@
<div class="details commentleft">
{if $item->author}
<div class="icon"><a href="{$WWWROOT}user/view.php?id={$item->author->id}">
<img src="{profile_icon_url user=$item->author maxheight=40 maxwidth=40}" valign="middle" alt="{$item->author|display_name|escape}">
<img src="{profile_icon_url user=$item->author maxheight=40 maxwidth=40}" valign="middle" alt="{$item->author|display_name}">
</a><br />
<a href="{$WWWROOT}user/view.php?id={$item->author->id}" class="username">{$item->author|display_name|escape}</a></div>
<a href="{$WWWROOT}user/view.php?id={$item->author->id}" class="username">{$item->author|display_name}</a></div>
{else}
{$item->authorname}
{/if}
......
......@@ -3,7 +3,7 @@
{foreach from=$foruminfo item=postinfo}
<tr class="{cycle values='r0,r1'}">
<td><h4><a href="{$WWWROOT}interaction/forum/topic.php?id={$postinfo->topic|escape}#post{$postinfo->id}">{$postinfo->topicname}</a></h4><div class="s">{$postinfo->body|str_shorten_html:100:true|safe}</div></td>
<td class="valign s right"><a href="{$WWWROOT}user/view.php?id={$postinfo->poster}"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=16&amp;id={$postinfo->poster}" alt=""> {$postinfo->poster|display_name|escape}</a>
<td class="valign s right"><a href="{$WWWROOT}user/view.php?id={$postinfo->poster}"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=16&amp;id={$postinfo->poster}" alt=""> {$postinfo->poster|display_name}</a>
</td>
</tr>
{/foreach}
......
......@@ -5,7 +5,7 @@
<tr class="{cycle values='r0,r1'}">
<td><strong><a href="{$WWWROOT}interaction/forum/topic.php?id={$postinfo->topic}#post{$postinfo->id}">{$postinfo->topicname}</a></strong><br />
<div class="s">{$postinfo->body|str_shorten_html:100:true|safe}</div></td>
<td class="valign s center"><a href="{$WWWROOT}user/view.php?id={$postinfo->poster}"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$postinfo->poster}" alt=""><br />{$postinfo->poster|display_name|escape}</a></td>
<td class="valign s center"><a href="{$WWWROOT}user/view.php?id={$postinfo->poster}"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$postinfo->poster}" alt=""><br />{$postinfo->poster|display_name}</a></td>
</tr>
{/foreach}
</table>
......
......@@ -26,7 +26,7 @@
<span>{str tag="Moderators" section="interaction.forum"}:</span>
{foreach from=$forum->moderators item=mod}
<a href="{$WWWROOT}user/view.php?id={$mod}"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$mod}" alt=""></a>
<a href="{$WWWROOT}user/view.php?id={$mod}" class="moderator">{$mod|display_name:null:true|escape}</a>
<a href="{$WWWROOT}user/view.php?id={$mod}" class="moderator">{$mod|display_name:null:true}</a>
{/foreach}
</div>
{/if}
......@@ -51,7 +51,7 @@
<label>{str tag="groupadminlist" section="interaction.forum"}</label>
{foreach from=$groupadmins item=groupadmin}
<span class="inlinelist">
<a href="{$WWWROOT}user/view.php?id={$groupadmin}" class="groupadmin"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$groupadmin}" alt=""> {$groupadmin|display_name|escape}</a>
<a href="{$WWWROOT}user/view.php?id={$groupadmin}" class="groupadmin"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$groupadmin}" alt=""> {$groupadmin|display_name}</a>
</span>
{/foreach}
</div>
......
{if $post->deleted}
{assign var=poster value=$post->poster|display_name|escape}
<h4 class="deletedpost">{str tag="postbyuserwasdeleted" section="interaction.forum" args=$poster}</h4>
<h4 class="deletedpost">{str tag="postbyuserwasdeleted" section="interaction.forum" args=display_name($post->poster)}</h4>
{else}
{if $post->parent}
{include file="interaction:forum:simplepost.tpl" post=$post groupadmins=$groupadmins}
......
......@@ -11,7 +11,7 @@
<td class="forumpostleft">
<div class="author">
<img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=40&amp;id={$post->poster}" alt="" class="center">
<div class="poster"><a href="{$WWWROOT}user/view.php?id={$post->poster}"{if in_array($post->poster, $groupadmins)} class="groupadmin"{elseif $post->moderator} class="moderator"{/if}>{$post->poster|display_name|escape}</a></div>
<div class="poster"><a href="{$WWWROOT}user/view.php?id={$post->poster}"{if in_array($post->poster, $groupadmins)} class="groupadmin"{elseif $post->moderator} class="moderator"{/if}>{$post->poster|display_name}</a></div>
{if $post->postcount}<div class="postcount">{$post->postcount}</div>{/if}
</div>
</td>
......@@ -28,7 +28,7 @@
{/if}
>
<img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$edit.editor}" alt="">
{$edit.editor|display_name|escape}
{$edit.editor|display_name}
</a>
{$edit.edittime}
</li>
......
......@@ -19,13 +19,13 @@
</td>
<td class="s">
<a href="{$WWWROOT}user/view.php?id={$topic->poster}"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$topic->poster}" alt=""></a>
<a href="{$WWWROOT}user/view.php?id={$topic->poster}" class="forumuser{if in_array($topic->poster, $groupadmins)} groupadmin{elseif $topic->moderator} moderator{/if}">{$topic->poster|display_name:null:true|escape}</a>
<a href="{$WWWROOT}user/view.php?id={$topic->poster}" class="forumuser{if in_array($topic->poster, $groupadmins)} groupadmin{elseif $topic->moderator} moderator{/if}">{$topic->poster|display_name:null:true}</a>
</td>
<td class="center s">{$topic->postcount}</td>
<td class="s">
{if !$topic->lastpostdeleted}
<a href="{$WWWROOT}interaction/forum/topic.php?id={$topic->id}#post{$topic->lastpost}">{$topic->lastposttime}</a> {str tag=by section=view}
<a href="{$WWWROOT}user/view.php?id={$topic->lastposter}" {if in_array($topic->lastposter, $groupadmins)} class="groupadmin"{elseif $topic->lastpostermoderator} class="moderator"{/if}>{$topic->lastposter|display_name:null:true|escape}</a>
<a href="{$WWWROOT}user/view.php?id={$topic->lastposter}" {if in_array($topic->lastposter, $groupadmins)} class="groupadmin"{elseif $topic->lastpostermoderator} class="moderator"{/if}>{$topic->lastposter|display_name:null:true}</a>
{/if}
</td>
{if $moderator}
......
......@@ -71,7 +71,7 @@
{foreach from=$groupadmins item=groupadmin}
<span class="s inlinelist">
<a href="{$WWWROOT}user/view.php?id={$groupadmin}"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$groupadmin}" alt=""></a>
<a href="{$WWWROOT}user/view.php?id={$groupadmin}" class="groupadmin">{$groupadmin|display_name|escape}</a>
<a href="{$WWWROOT}user/view.php?id={$groupadmin}" class="groupadmin">{$groupadmin|display_name}</a>
</span>
{/foreach}
{if $moderators}
......@@ -80,7 +80,7 @@
{foreach from=$moderators item=mod}
<span class="s inlinelist">
<a href="{$WWWROOT}user/view.php?id={$mod}"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$mod}" alt=""></a>
<a href="{$WWWROOT}user/view.php?id={$mod}" class="moderator">{$mod|display_name|escape}</a>
<a href="{$WWWROOT}user/view.php?id={$mod}" class="moderator">{$mod|display_name}</a>
</span>
{/foreach}
</div>
......
......@@ -14,7 +14,7 @@ function Dwoo_Plugin_display_name(Dwoo $dwoo, $user, $userto=null, $nameonly=fal
return '';
}
return display_name($user, $userto, $nameonly, $realname);
return hsc(display_name($user, $userto, $nameonly, $realname));
}
?>
......@@ -18,7 +18,7 @@
<tr><td class="center">
<div id="profilepict">
<a href="{$WWWROOT}user/view.php?id={$user->id}"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxwidth=100&amp;maxheight=100&amp;id={$user->id}" alt=""></a>
<div id="profilename"><a href="{$WWWROOT}user/view.php?id={$user->id}">{$user|display_name|escape}</a></div>
<div id="profilename"><a href="{$WWWROOT}user/view.php?id={$user->id}">{$user|display_name}</a></div>
</div>
{if $loginas}
<div id="loginas"><a class="btn" href="{$WWWROOT}admin/users/changeuser.php?id={$user->id}">{str tag=loginas section=admin}</a></div>
......
......@@ -15,7 +15,7 @@
{foreach from=$users item='user' key='userid'}
<tr class="{cycle values="r0,r1"}">
<td class='center'><img src="{$WWWROOT}thumb.php?type=profileicon&maxwidth=40&maxheight=40&id={$userid}" alt="profile picture"/></td>
<td>{$user.user|display_name|escape}</td>
<td>{$user.user|display_name}</td>
<td>
{foreach from=$user.user->institutions item=i}
<div>{$i}</div>
......
<h3><a href="{$WWWROOT}group/view.php?id={$group->id}">{$group->name}</a></h3>
<h6>{foreach name=admins from=$group->admins item=id}<a href="{$WWWROOT}user/view.php?id={$id}">{$id|display_name|escape}</a>{if !$.foreach.admins.last}, {/if}{/foreach}</h6>
<h6>{foreach name=admins from=$group->admins item=id}<a href="{$WWWROOT}user/view.php?id={$id}">{$id|display_name}</a>{if !$.foreach.admins.last}, {/if}{/foreach}</h6>
<div class="inline s"> - {$group->settingsdescription}
{$group->description|str_shorten_html:100:true|safe}</div>
{if $group->membercount}
......
<ul>
<li><label class="groupinfolabel">{str tag=groupadmins section=group}:</label> {foreach name=admins from=$group->admins item=id}
<img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxsize=20&amp;id={$id}" alt="">
<a href="{$WWWROOT}user/view.php?id={$id}">{$id|display_name|escape}</a>{if !$.foreach.admins.last}, {/if}
<a href="{$WWWROOT}user/view.php?id={$id}">{$id|display_name}</a>{if !$.foreach.admins.last}, {/if}
{/foreach}</li>
<li><label class="groupinfolabel">{str tag=grouptype section=group}:</label> {$group->settingsdescription}</li>
{if $group->categorytitle}<li><label>{str tag=groupcategory section=group}:</label> {$group->categorytitle}</li>{/if}
......
......@@ -10,7 +10,7 @@
<td class="center">{$topic->postcount}</td>
<td>
<div class="s">{$topic->body|str_shorten_html:80:true|strip_tags|safe}</div>
<span class="s poster"><a href="{$WWWROOT}user/view.php?id={$topic->poster}">{$topic->poster|display_name|escape}</a></span>
<span class="s poster"><a href="{$WWWROOT}user/view.php?id={$topic->poster}">{$topic->poster|display_name}</a></span>
<span class="postedon nowrap"> - {$topic->ctime|strtotime|format_date:'strftimerecent'}</span>
</td>
</tr>
......
......@@ -3,7 +3,7 @@
<div class="sidebar-content">
<ul class="cr">
{foreach from=$sbdata.users item=user}
<li><a href="{$WWWROOT}user/view.php?id={$user->id}"><div class="profile-icon-container"><img src="{$user->profileiconurl}" alt=""></div>{$user|display_name|escape}</a>{if $user->loggedinfrom} ({$user->loggedinfrom}){/if}</li>
<li><a href="{$WWWROOT}user/view.php?id={$user->id}"><div class="profile-icon-container"><img src="{$user->profileiconurl}" alt=""></div>{$user|display_name}</a>{if $user->loggedinfrom} ({$user->loggedinfrom}){/if}</li>
{/foreach}
</ul>
</div>
......
......@@ -11,9 +11,9 @@
<td>
<h5>
{if $message->from == $user->id}
<a href="{$WWWROOT}user/view.php?id={$user->id}">{$user|display_name|escape}</a>
<a href="{$WWWROOT}user/view.php?id={$user->id}">{$user|display_name}</a>
{else}
<a href="{$WWWROOT}user/view.php?id={$USER->id}">{$USER|display_name|escape}</a>
<a href="{$WWWROOT}user/view.php?id={$USER->id}">{$USER|display_name}</a>
{/if}
<span class="postedon">{$message->ctime|strtotime|format_date}</span>
</h5>
......
......@@ -2,7 +2,7 @@
<div class="fl">
<img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxwidth=50&amp;maxheight=50&amp;id={$user->id}" alt="">
</div>
<h3><a href="{$WWWROOT}user/view.php?id={$user->id}">{$user|display_name|escape}</a></h3>
<h3><a href="{$WWWROOT}user/view.php?id={$user->id}">{$user|display_name}</a></h3>
{if $user->introduction}
<p>{$user->introduction|clean_html|safe}</p>
{else}
......
......@@ -14,7 +14,7 @@
{elseif $accessgroup.accesstype == 'group'}
<a href="{$WWWROOT}group/view.php?id={$accessgroup.id}">{$accessgroup.name}</a>{if $accessgroup.role} ({$accessgroup.roledisplay}){/if}
{elseif $accessgroup.accesstype == 'user'}
<a href="{$WWWROOT}user/view.php?id={$accessgroup.id}">{$accessgroup.id|display_name|escape}</a>
<a href="{$WWWROOT}user/view.php?id={$accessgroup.id}">{$accessgroup.id|display_name}</a>
{/if}
{if $accessgroup.startdate}
{if $accessgroup.stopdate}
......
......@@ -23,7 +23,7 @@
<a href="{$WWWROOT}view/view.php?id={$view.id}&showcomment={$view.commentid}" class="fr btn" title="{str tag=viewcomment section=artefact.comment}">{str tag=viewcomment section=artefact.comment}</a>
<div>{$view.commenttext|str_shorten_html:40:true|strip_tags|safe}</div>
{if $view.commentauthor}
<a href="{$WWWROOT}user/view.php?id={$view.commentauthor}" class="poster">{$view.commentauthor|display_name|escape}</a>
<a href="{$WWWROOT}user/view.php?id={$view.commentauthor}" class="poster">{$view.commentauthor|display_name}</a>
{else}
{$view.commentauthorname}
{/if}
......
......@@ -22,7 +22,7 @@
{if $LOGGEDIN}
<div id="mainnav-container" class="nav">
<div id="mainnav" class="js-hidden">
<strong><a href="{$WWWROOT}user/view.php">{$USER|display_name:null:true|escape}</a>:</strong>
<strong><a href="{$WWWROOT}user/view.php">{$USER|display_name:null:true}</a>:</strong>
{foreach from=$MAINNAV item=item}
{if $item.path}
<a href="{$WWWROOT}{$item.url}">{$item.title}</a> |
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment