Commit d55436b4 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Fix some admin templates to use auto_escape


Signed-off-by: default avatarRichard Mansfield <richardm@catalyst.net.nz>
parent 865c15f0
{auto_escape off}
{foreach from=$data item=item key=key}
<tr class="{cycle values='r0,r1'}">
<td>{$offset + $dwoo.foreach.default.iteration}</td>
<td><a href="{$WWWROOT}group/view.php?id={$item->id}">{$item->name|escape}</a></td>
<td><a href="{$WWWROOT}group/view.php?id={$item->id}">{$item->name}</a></td>
<td class="center">{$item->members}</td>
<td class="center">{$item->views}</td>
<td class="center">{$item->forums}</td>
<td class="center">{$item->posts}</td>
</tr>
{/foreach}
{/auto_escape}
{auto_escape off}
{if empty($grouptypecounts)}
{if !$grouptypecounts}
<p>{str tag=nogroups section=group}</p>
{else}
<p>{str tag=groupcountsbytype section=admin}:
<ul>
{foreach from=$grouptypecounts item=item}
<li>{str tag=name section=grouptype.$item->grouptype}: {$item->groups|escape}</li>
<li>{str tag=name section=grouptype.$item->grouptype}: {$item->groups}</li>
{/foreach}
</ul>
</p>
<p>{str tag=groupcountsbyjointype section=admin}:
<ul>
{foreach from=$jointypecounts item=item}
<li>{str tag=membershiptype.$item->jointype section=group}: {$item->groups|escape}</li>
<li>{str tag=membershiptype.$item->jointype section=group}: {$item->groups}</li>
{/foreach}
</ul>
</p>
{if $groupgraph}
<img src="{$groupgraph}" alt="" />
{/if}
{/if}{/auto_escape}
{/if}
\ No newline at end of file
{auto_escape off}
{include file='header.tpl'}
<div class="message" id="close-site">
......@@ -9,7 +8,7 @@
<h3>{str tag=closesite section=admin}</h3>
{str tag=closesitedetail section=admin}
{/if}
{$closeform}
{$closeform|safe}
</div>
<div id="adminhome">
......@@ -27,7 +26,7 @@
{foreach from=$upgrades key=key item=upgrade}
{if $key != 'disablelogin'}
<tr>
<td><strong>{$key|hsc}</strong></td>
<td><strong>{$key}</strong></td>
<td>{$upgrade->fromrelease} ({$upgrade->from})</td>
<td>{$upgrade->torelease} ({$upgrade->to})</td>
</tr>
......@@ -102,4 +101,4 @@
<div class="cb"></div>
{include file='footer.tpl'}
{/auto_escape}
{auto_escape off}
{include file='header.tpl'}
<div class="message" id="register-site">
......@@ -6,11 +5,10 @@
{if $register}
{str tag=registeryourmaharasitedetail section=admin args=$WWWROOT}
{$register}
{$register|safe}
{else}
{str tag=siteregistered section=admin args=$WWWROOT}
{/if}
</div>
{include file='footer.tpl'}
{/auto_escape}
{auto_escape off}
{include file="header.tpl"}
<p>{str tag=linksandresourcesmenupagedescription section=admin args=$descriptionstrargs}</p>
......@@ -22,4 +21,3 @@
{$footerform}
{include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
{include file='header.tpl'}
{if $missingextensions}
<p>{str section=admin tag=networkingextensionsmissing}</p>
<ul>
{foreach from=$missingextensions item=extension}
<li><a href="http://www.php.net/{$extension|escape}">{$extension|escape}</a></li>
<li><a href="http://www.php.net/{$extension}">{$extension}</a></li>
{/foreach}
</ul>
{else}
<p>{str tag=networkingpagedescription section=admin}</p>
{$networkingform}
{$networkingform|safe}
{/if}
{include file='footer.tpl'}
{/auto_escape}
{include file='footer.tpl'}
\ No newline at end of file
{auto_escape off}
{include file="header.tpl"}
<p>{str tag=editsitepagespagedescription section=admin}</p>
{$pageeditform}
{$pageeditform|safe}
{include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
{include file='header.tpl'}
{if $sitedata}
......@@ -14,7 +13,7 @@
<div class="subpage rel">
<div class="statistics-subpage-left-column fl">
{$subpagedata.summary}
{$subpagedata.summary|safe}
</div>
<div id="statistics_table_container" class="statistics-subpage-right-column fr{if $subpagedata.table.count == 0} hidden{/if}">
<h3>{$subpagedata.tabletitle}</h3>
......@@ -22,19 +21,18 @@
<thead>
<tr>
{foreach from=$subpagedata.tableheadings item=heading}
<th{if $heading.class} class="{$heading.class}"{/if}>{$heading.name|escape}</th>
<th{if $heading.class} class="{$heading.class}"{/if}>{$heading.name}</th>
{/foreach}
<tr>
</thead>
<tbody>
{$subpagedata.table.tablerows}
{$subpagedata.table.tablerows|safe}
</tbody>
</table>
{$subpagedata.table.pagination}
{$subpagedata.table.pagination|safe}
</div>
<div class="cb"></div>
</div>
{/if}
{include file='footer.tpl'}
{/auto_escape}
{auto_escape off}
{include file="header.tpl"}
{$form}
{$form|safe}
{include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
{include file="header.tpl"}
<p>{str tag="adminuserspagedescription" section="admin"}</p>
<div class="userlistform">
{$adminusersform}
{$adminusersform|safe}
</div>
{include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
{include file="header.tpl"}
<table id="notificationstable" class="fullwidth table">
......@@ -16,7 +15,7 @@
{foreach from=$users item='user' key='userid'}
<tr class="{cycle values="r0,r1"}">
<td class='center'><img src="{$WWWROOT}thumb.php?type=profileicon&maxwidth=40&maxheight=40&id={$userid}" alt="profile icon"/></td>
<td>{display_name user=$user.user}</td>
<td>{$user.user|display_name|escape}</td>
<td>
{foreach from=$user.user->institutions item=i}
<div>{$i}</div>
......@@ -31,4 +30,3 @@
</table>
{include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
{include file="header.tpl"}
<p>{str tag="staffuserspagedescription" section="admin"}</p>
<div class="userlistform">
{$staffusersform}
{$staffusersform|safe}
</div>
{include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
{include file="header.tpl"}
{$buttonformopen}
{$buttonform}
{$buttonformopen|safe}
{$buttonform|safe}
<table id="suspendedlist" class="table fullwidth">
<thead>
<tr>
......@@ -20,4 +19,3 @@
</form>
{include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
{include file="header.tpl"}
{$uploadcsvpagedescription}
{$uploadcsvform}
{$uploadcsvpagedescription|safe}
{$uploadcsvform|safe}
{include file="footer.tpl"}
{/auto_escape}
{auto_escape off}
{foreach from=$data item=item}
<tr class="{cycle values='r0,r1'}">
<td>{$item.date}</td>
......@@ -7,5 +6,3 @@
<td class="center">{$item.total}</td>
</tr>
{/foreach}
{/auto_escape}
{auto_escape off}
<h3>{str tag=youraverageuser section=admin}</h3>
<ul>
<li>{$data.strmaxfriends}</li>
<li>{$data.strmaxviews}</li>
<li>{$data.strmaxgroups}</li>
<li>{$data.strmaxquotaused}</li>
<li>{$data.strmaxfriends|safe}</li>
<li>{$data.strmaxviews|safe}</li>
<li>{$data.strmaxgroups|safe}</li>
<li>{$data.strmaxquotaused|safe}</li>
</ul>
{if $data.institutions}
<img src="{$data.institutions}" alt="" />
{/if}
{/auto_escape}
{auto_escape off}
{foreach from=$data item=item key=key}
<tr class="{cycle values='r0,r1'}">
<td>{$offset + $dwoo.foreach.default.iteration}</td>
<td><a href="{$WWWROOT}view/view.php?id={$item->id}">{$item->title|escape}</a></td>
<td>{if $item->ownerurl}<a href="{$WWWROOT}{$item->ownerurl}">{/if}{$item->ownername|escape}{if $item->ownerurl}</a>{/if}</td>
<td><a href="{$WWWROOT}view/view.php?id={$item->id}">{$item->title}</a></td>
<td>{if $item->ownerurl}<a href="{$WWWROOT}{$item->ownerurl}">{/if}{$item->ownername}{if $item->ownerurl}</a>{/if}</td>
<td class="center">{$item->visits}</td>
<td class="center">{$item->comments}</td>
</tr>
{/foreach}
{/auto_escape}
{auto_escape off}
{if $viewcount == 0}
<p>{str tag=noviews section=view}</p>
{/if}
......@@ -6,7 +5,7 @@
<p>{str tag=blockcountsbytype section=admin}:
<ul>
{foreach from=$blocktypecounts item=item}
<li>{str tag=title section=blocktype.$item->langsection}: {$item->blocks|escape}</li>
<li>{str tag=title section=blocktype.$item->langsection}: {$item->blocks}</li>
{/foreach}
</ul>
</p>
......@@ -14,5 +13,3 @@
{if $viewtypes}
<img src="{$viewtypes}" alt="" />
{/if}
{/auto_escape}
{{auto_escape off}}
<script type="text/javascript">
var {{$name}}_d;
......@@ -57,9 +56,9 @@
if(users.count > users.limit) {
replaceChildNodes('{{$name}}_messages',
DIV(null,
{{$onlyshowingfirst}}, ' ',
{{$onlyshowingfirst|safe}}, ' ',
SPAN({'id': '{{$name}}_userlimit'}, users.limit),
' ', {{$resultsof}}, ' ',
' ', {{$resultsof|safe}}, ' ',
SPAN({'id': '{{$name}}_usercount'}, users.count - counter)
)
);
......@@ -71,7 +70,7 @@
removeElement($('{{$name}}_potential').childNodes[0]);
removeElement($('{{$name}}_members').childNodes[0]);
{{$name}}_searchparams = {{$searchparams}};
{{$name}}_searchparams = {{$searchparams|safe}};
{{$name}}_searchfunc({});
......@@ -160,7 +159,7 @@
<td class="lrfieldlists">
<select size="10" multiple="true" id="{{$name}}_members" style="width: 100%;"><option></option>
{{foreach from=$options key=id item=user}}
<option value="{{$id|escape}}">{{$user|escape}}</option>
<option value="{{$id}}">{{$user}}</option>
{{/foreach}}
</select>
</td>
......@@ -172,4 +171,3 @@
</tr>
</table>
<input type="hidden" id="{{$name}}" name="{{$name}}" value="{{$value}}">
{{/auto_escape}}
{auto_escape off}
<h3>{str tag="linksandresources"}</h3>
<div class="sidebar-content">
{if $sbdata}
<ul>
{foreach from=$sbdata item=item}
<li><strong><a href="{$item.link|escape}">{$item.name}</a></strong></li>
<li><strong><a href="{$item.link}">{$item.name}</a></strong></li>
{/foreach}
</ul>
{/if}
</div>
{/auto_escape}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment