From bd33b9c8344aaf56d2b497699ce0bb4e579a4fbe Mon Sep 17 00:00:00 2001
From: Robert Lyon <robertl@catalyst.net.nz>
Date: Tue, 15 Oct 2013 07:51:18 +1300
Subject: [PATCH] Allowing pieform error text to not be escaped if needed (Bug
 1239539)

Currently if there is html in an error message used by pieforms it
escapes the html so the link becomes not usable.

I have made a change where you can tell pieforms not to escape the
error message.

So instead of using:
$form->set_error($field, $message);

you can use:
$form->set_error($field, $message, false);

Where false means do not escape the message.

As the terms and conditions are displayed on the page already I've
updated the link to jump to the terms section

Change-Id: Ia8650a9f2284fb007cbe81a4a94223f127c4f6cd
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>
---
 htdocs/auth/internal/lang/en.utf8/auth.internal.php | 2 +-
 htdocs/auth/lib.php                                 | 2 +-
 htdocs/lib/pieforms/pieform.php                     | 9 ++++++---
 htdocs/lib/pieforms/pieform/renderers/div.php       | 2 +-
 htdocs/lib/pieforms/pieform/renderers/table.php     | 2 +-
 htdocs/register.php                                 | 2 +-
 6 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/htdocs/auth/internal/lang/en.utf8/auth.internal.php b/htdocs/auth/internal/lang/en.utf8/auth.internal.php
index e452584f79..6c0accb9c8 100644
--- a/htdocs/auth/internal/lang/en.utf8/auth.internal.php
+++ b/htdocs/auth/internal/lang/en.utf8/auth.internal.php
@@ -66,7 +66,7 @@ $string['registrationunsuccessful'] = 'Sorry, your registration attempt was unsu
 $string['usernamealreadytaken'] = 'Sorry, this username is already taken.';
 $string['usernameinvalidform'] = 'Usernames may contain letters, numbers and most common symbols and must be from 3 to 30 characters long. Spaces are not allowed.';
 $string['usernameinvalidadminform'] = 'Usernames may contain letters, numbers and most common symbols and must be from 3 to 236 characters long. Spaces are not allowed.';
-$string['youmaynotregisterwithouttandc'] = 'You may not register unless you agree to abide by the <a href="terms.php">Terms and Conditions</a>.';
+$string['youmaynotregisterwithouttandc'] = 'You may not register unless you agree to abide by the <a href="#user_acceptterms">Terms and Conditions</a>.';
 
 // pending institution registrations
 $string['confirmcancelregistration'] = 'Are you sure you want to cancel this registration? Doing so will result in your request being removed from the system.';
diff --git a/htdocs/auth/lib.php b/htdocs/auth/lib.php
index 8408fd2430..e8adf17b28 100644
--- a/htdocs/auth/lib.php
+++ b/htdocs/auth/lib.php
@@ -2117,7 +2117,7 @@ function auth_register_validate(Pieform $form, $values) {
 
     // If the user hasn't agreed to the terms and conditions, don't bother
     if ($registerterms && $values['tandc'] != 'yes') {
-        $form->set_error('tandc', get_string('youmaynotregisterwithouttandc', 'auth.internal'));
+        $form->set_error('tandc', get_string('youmaynotregisterwithouttandc', 'auth.internal'), false);
     }
 
     $institution = get_record_sql('
diff --git a/htdocs/lib/pieforms/pieform.php b/htdocs/lib/pieforms/pieform.php
index 4ef2a72cf7..4c81350d01 100644
--- a/htdocs/lib/pieforms/pieform.php
+++ b/htdocs/lib/pieforms/pieform.php
@@ -942,11 +942,12 @@ EOF;
      * This method should be used to set an error on an element in a custom
      * validation function, if one has occurred.
      *
-     * @param string $name    The name of the element to set an error on
-     * @param string $message The error message
+     * @param string $name      The name of the element to set an error on
+     * @param string $message   The error message
+     * @param bool   $isescaped Whether to display error string as escaped or not
      * @throws PieformException  If the element could not be found
      */
-    public function set_error($name, $message) {/*{{{*/
+    public function set_error($name, $message, $isescaped = true) {/*{{{*/
         if (is_null($name) && !empty($message)) {
             $this->error = $message;
             return;
@@ -956,6 +957,7 @@ EOF;
                 foreach ($element['elements'] as &$subelement) {
                     if ($subelement['name'] == $name) {
                         $subelement['error'] = $message;
+                        $subelement['isescaped'] = ($isescaped) ? true : false;
                         return;
                     }
                 }
@@ -963,6 +965,7 @@ EOF;
             else {
                 if ($key == $name) {
                     $element['error'] = $message;
+                    $element['isescaped'] = ($isescaped) ? true : false;
                     return;
                 }
             }
diff --git a/htdocs/lib/pieforms/pieform/renderers/div.php b/htdocs/lib/pieforms/pieform/renderers/div.php
index 2db84cdf5e..efb381153d 100644
--- a/htdocs/lib/pieforms/pieform/renderers/div.php
+++ b/htdocs/lib/pieforms/pieform/renderers/div.php
@@ -69,7 +69,7 @@ function pieform_renderer_div(Pieform $form, $element) {/*{{{*/
     }
 
     if (!empty($element['error'])) {
-        $result .= '<div class="errmsg">' . hsc($element['error']) . '</div>';
+        $result .= '<div class="errmsg">' . ((!empty($element['isescaped'])) ? hsc($element['error']) : $element['error']) . '</div>';
     }
 
     $result .= "</div>\n";
diff --git a/htdocs/lib/pieforms/pieform/renderers/table.php b/htdocs/lib/pieforms/pieform/renderers/table.php
index 543b833937..f2b7a2bbe9 100644
--- a/htdocs/lib/pieforms/pieform/renderers/table.php
+++ b/htdocs/lib/pieforms/pieform/renderers/table.php
@@ -109,7 +109,7 @@ function pieform_renderer_table(Pieform $form, $element) {/*{{{*/
 
     if (!empty($element['error'])) {
         $result .= "\t<tr>\n\t\t<td colspan=\"2\" class=\"errmsg\">";
-        $result .= hsc($element['error']);
+        $result .= (!empty($element['isescaped'])) ? hsc($element['error']) : $element['error'];
         $result .= "</td>\n\t</tr>\n";
     }
 
diff --git a/htdocs/register.php b/htdocs/register.php
index 89dbcb9ed6..f750382a43 100644
--- a/htdocs/register.php
+++ b/htdocs/register.php
@@ -218,7 +218,7 @@ $smarty = smarty();
 $smarty->assign('register_form', $formhtml);
 $smarty->assign('registerdescription', $registerdescription);
 if ($registerterms) {
-    $smarty->assign('termsandconditions', get_site_page_content('termsandconditions'));
+    $smarty->assign('termsandconditions', '<a name="user_acceptterms"></a>' . get_site_page_content('termsandconditions'));
 }
 $smarty->assign('PAGEHEADING', TITLE);
 $smarty->assign('INLINEJAVASCRIPT', $js);
-- 
GitLab