Commit aadff244 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Merge commit 'mahara-security/master'

parents 53e62df6 b31bc009
......@@ -80,7 +80,7 @@ if ($authobj->authname == 'internal') {
'type' => 'text',
'defaultvalue' => $USER->get('username'),
'title' => get_string('changeusername', 'account'),
'description' => get_string('changeusernamedesc', 'account', get_config('sitename')),
'description' => get_string('changeusernamedesc', 'account', hsc(get_config('sitename'))),
);
}
......
......@@ -18,8 +18,8 @@
<tbody>
{foreach from=$children item=child}
<tr class="{cycle values=r1,r0}">
<td><img src="{$child->iconsrc}" border="0" alt="{$child->artefacttype|escape}"></td>
<td><a href="{$WWWROOT}view/artefact.php?artefact={$child->id|escape}&amp;view={$viewid|escape}" title="{$child->hovertitle}">{$child->title}</a></td>
<td><img src="{$child->iconsrc|escape}" border="0" alt="{$child->artefacttype|escape}"></td>
<td><a href="{$WWWROOT}view/artefact.php?artefact={$child->id|escape}&amp;view={$viewid|escape}" title="{$child->hovertitle|escape}">{$child->title|escape}</a></td>
<td>{$child->description|escape}</td>
{if !$simpledisplay}
<td>{$child->date}</td>
......
......@@ -5,5 +5,5 @@
<th><label for="{$elementname}_{$artefact->id}" title="{$artefact->title|strip_tags|substr:0:60|escape}">{str tag=$artefact->artefacttype section=artefact.resume}</label></th>
</tr>
<tr>
<td>{if $artefact->description}{$artefact->description}{/if}</td>
<td>{$artefact->description|str_shorten_html}</td>
</tr>
......@@ -710,13 +710,27 @@ class BlockInstance {
return true;
}
// Get list of allowed artefacts
require_once('view.php');
$searchdata = array(
'extraselect' => 'id IN (' . join(',', $artefacts) . ')',
);
list($allowed, $count) = View::get_artefactchooser_artefacts(
$searchdata,
$this->get_view()->get('group'),
$this->get_view()->get('institution'),
true
);
$va = new StdClass;
$va->view = $this->get('view');
$va->block = $this->id;
foreach ($artefacts as $id) {
$va->artefact = $id;
insert_record('view_artefact', $va);
if (isset($allowed[$id])) {
$va->artefact = $id;
insert_record('view_artefact', $va);
}
}
db_commit();
......
......@@ -3,7 +3,7 @@
{include file="columnleftstart.tpl"}
<div class="message">
<p>{$message}</p>
<p>{$message|escape}</p>
{$form}
</div>
{include file="columnleftend.tpl"}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment