Commit dde8e52b authored by Richard Mansfield's avatar Richard Mansfield

Enable auto_escape in artefact chooser & remaining pieform templates

Signed-off-by: default avatarRichard Mansfield <richardm@catalyst.net.nz>
parent a0df26d2
......@@ -6,5 +6,4 @@
</tr>
<tr>
<td>{if $artefact->description}{$artefact->description|clean_html|safe}{/if}</td>
</tr>
</tr>
\ No newline at end of file
<tr title="{$artefact->hovertitle|escape}">
<td style="width: 20px;">
{$formcontrols}
</td>
<td style="width: 22px;"><label for="{$elementname}_{$artefact->id}"><img src="{$artefact->icon|escape}" alt="*"></label></td>
<th><label for="{$elementname}_{$artefact->id}">{if $artefact->description}{$artefact->description|escape}{else}{$artefact->title|escape}{/if}{if $artefact->artefacttype == 'profileicon'} ({str tag=profileicon section=artefact.file}){/if}</label></th>
</tr>
{auto_escape off}
<tr>
<td style="width: 20px;" rowspan="2">
{$formcontrols}
{$formcontrols|safe}
</td>
<th><label for="{$elementname}_{$artefact->id}" title="{$artefact->title|strip_tags|substr:0:60|escape}">{str tag=$artefact->artefacttype section=artefact.internal}</label></th>
<th><label for="{$elementname}_{$artefact->id}" title="{$artefact->title|strip_tags|str_shorten_text:60:true|safe}">{str tag=$artefact->artefacttype section=artefact.internal}</label></th>
</tr>
<tr>
<td>{if $artefact->description}{$artefact->description}{/if}</td>
</tr>
{/auto_escape}
{auto_escape off}
<tr>
<td style="width: 20px;" rowspan="2">
{$formcontrols}
{$formcontrols|safe}
</td>
<th><label for="{$elementname}_{$artefact->id}" title="{$artefact->title|strip_tags|substr:0:60|escape}">{str tag=$artefact->artefacttype section=artefact.resume}</label></th>
<th><label for="{$elementname}_{$artefact->id}" title="{$artefact->title|strip_tags|str_shorten_text:60:true|safe}">{str tag=$artefact->artefacttype section=artefact.resume}</label></th>
</tr>
<tr>
<td>{$artefact->description|str_shorten_html}</td>
<td>{$artefact->description|str_shorten_html|safe}</td>
</tr>
{/auto_escape}
{auto_escape off}
<tr title="{$artefact->hovertitle|escape}">
<tr title="{$artefact->hovertitle}">
<td>
{$formcontrols}
{$formcontrols|safe}
<td>
<th><label for="{$elementname}_{$artefact->id}">{$artefact->title|escape}</label></th>
<th><label for="{$elementname}_{$artefact->id}">{$artefact->title}</label></th>
</tr>
{/auto_escape}
{auto_escape off}
{if $searchable}<ul class="artefactchooser-tabs">
<li{if !$.request.s} class="current"{/if}><a href="{$browseurl}">{str tag=Browse section=view}</a></li>
<li{if $.request.s} class="current"{/if}><a href="{$searchurl}">{str tag=Search section=view}</a></li>
......@@ -6,20 +5,19 @@
<div id="artefactchooser-body">
<div class="cb artefactchooser-splitter">
<div id="artefactchooser-searchform"{if !$.request.s} class="hidden"{/if}> {* Use a smarty var, not smarty.request *}
<label><input type="text" class="text" id="artefactchooser-searchfield" name="search" value="{$.request.search|escape}" tabindex="42">
<label><input type="text" class="text" id="artefactchooser-searchfield" name="search" value="{$.request.search}" tabindex="42">
<input type="hidden" name="s" value="1">
<input type="submit" class="submit" id="artefactchooser-searchsubmit" name="action_acsearch_id_{$blockinstance|escape}" value="&raquo;" tabindex="42"></label>
<input type="submit" class="submit" id="artefactchooser-searchsubmit" name="action_acsearch_id_{$blockinstance}" value="&raquo;" tabindex="42"></label>
</div>
{if $artefacts}
<table id="{$datatable}" class="artefactchooser-data">
<tbody>
{$artefacts}
{$artefacts|safe}
</tbody>
</table>
{$pagination}
{$pagination|safe}
{else}
<p class="noartefacts">{str tag=noartefactstochoosefrom section=view}</p>
{/if}
</div>
</div>
{/auto_escape}
{{auto_escape off}}
<script type="text/javascript">
var {{$name}}_current = 0;
var {{$name}}_newrefinput;
......@@ -18,4 +17,3 @@
<input type="file" name="{{$name}}_files_0"/>
</div>
<a href="" onclick="{{$name}}_new(); return false;">[+]</a>
{{/auto_escape}}
{{auto_escape off}}
<script type="text/javascript">addLoadEvent(partial(augment_tags_control,'{{$id|escape}}'))</script>
<input type="text" size="{{$size|escape}}" id="{{$id|escape}}" name="{{$name|escape}}" value="{{$value|escape}}">
{{/auto_escape}}
<script type="text/javascript">addLoadEvent(partial(augment_tags_control,'{{$id}}'))</script>
<input type="text" size="{{$size}}" id="{{$id}}" name="{{$name}}" value="{{$value}}">
{{auto_escape off}}
<input type="hidden" name="accesslist" value="">
<div id="viewacl_lhs">
<div id="potentialpresetitems"></div>
......@@ -227,7 +226,7 @@ function setupCalendar(item, type) {
// SETUP
// Left top: public, loggedin, friends
var potentialPresets = {{$potentialpresets}};
var potentialPresets = {{$potentialpresets|safe}};
forEach(potentialPresets, function(preset) {
renderPotentialPresetItem(preset);
});
......@@ -335,7 +334,7 @@ function search(e) {
// Right hand side
addLoadEvent(function () {
var accesslist = {{$accesslist}};
var accesslist = {{$accesslist|safe}};
if (accesslist) {
forEach(accesslist, function(item) {
renderAccessListItem(item);
......@@ -356,4 +355,3 @@ addLoadEvent(function() {
});
</script>
{{/auto_escape}}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment