more notation for which strings are HTML safe and which aren't
This commit is contained in:
Shish
parent
9af3a765b4
commit
519e46578d
@ -12,8 +12,8 @@ class AliasEditorTheme extends Themelet {
|
||||
|
||||
$can_manage = $user->can("manage_alias_list");
|
||||
if($can_manage) {
|
||||
$action = "<th width='10%'>Action</th>";
|
||||
$add = "
|
||||
$h_action = "<th width='10%'>Action</th>";
|
||||
$h_add = "
|
||||
<tr>
|
||||
".make_form(make_link("alias/add"))."
|
||||
<td><input type='text' name='oldtag'></td>
|
||||
@ -24,8 +24,8 @@ class AliasEditorTheme extends Themelet {
|
||||
";
|
||||
}
|
||||
else {
|
||||
$action = "";
|
||||
$add = "";
|
||||
$h_action = "";
|
||||
$h_add = "";
|
||||
}
|
||||
|
||||
$h_aliases = "";
|
||||
@ -49,15 +49,10 @@ class AliasEditorTheme extends Themelet {
|
||||
$h_aliases .= "</tr>";
|
||||
}
|
||||
$html = "
|
||||
<script type='text/javascript'>
|
||||
$(document).ready(function() {
|
||||
$(\"#aliases\").tablesorter();
|
||||
});
|
||||
</script>
|
||||
<table id='aliases' class='zebra'>
|
||||
<thead><tr><th>From</th><th>To</th>$action</tr></thead>
|
||||
<table id='aliases' class='sortable zebra'>
|
||||
<thead><tr><th>From</th><th>To</th>$h_action</tr></thead>
|
||||
<tbody>$h_aliases</tbody>
|
||||
<tfoot>$add</tfoot>
|
||||
<tfoot>$h_add</tfoot>
|
||||
</table>
|
||||
<p><a href='".make_link("alias/export/aliases.csv")."'>Download as CSV</a></p>
|
||||
";
|
||||
|
||||
@ -167,7 +167,6 @@ class CommentListTheme extends Themelet {
|
||||
|
||||
if($i_uid == $config->get_int("anon_id")) {
|
||||
$anoncode = "";
|
||||
$style = "";
|
||||
$anoncode2 = "";
|
||||
if($this->show_anon_id) {
|
||||
$anoncode = '<sup>'.$this->anon_id.'</sup>';
|
||||
@ -181,7 +180,7 @@ class CommentListTheme extends Themelet {
|
||||
}
|
||||
}
|
||||
}
|
||||
$h_userlink = "<span class='username'$style>" . $h_name . $anoncode . $anoncode2 . "</span>";
|
||||
$h_userlink = "<span class='username'>" . $h_name . $anoncode . $anoncode2 . "</span>";
|
||||
$this->anon_id++;
|
||||
}
|
||||
else {
|
||||
@ -197,10 +196,10 @@ class CommentListTheme extends Themelet {
|
||||
';
|
||||
}
|
||||
else {
|
||||
$avatar = "";
|
||||
$h_avatar = "";
|
||||
if(!empty($comment->owner_email)) {
|
||||
$hash = md5(strtolower($comment->owner_email));
|
||||
$avatar = "<img src=\"http://www.gravatar.com/avatar/$hash.jpg\"><br>";
|
||||
$h_avatar = "<img src=\"http://www.gravatar.com/avatar/$hash.jpg\"><br>";
|
||||
}
|
||||
$h_reply = " - <a href='javascript: replyTo($i_image_id, $i_comment_id)'>Reply</a>";
|
||||
$h_ip = $user->can("view_ip") ? "<br>".show_ip($comment->poster_ip, "Comment posted {$comment->posted}") : "";
|
||||
@ -211,7 +210,7 @@ class CommentListTheme extends Themelet {
|
||||
<a name="'.$i_comment_id.'"></a>
|
||||
<div class="comment">
|
||||
<div class="info">
|
||||
'.$avatar.'
|
||||
'.$h_avatar.'
|
||||
'.$h_timestamp.$h_reply.$h_ip.$h_del.'
|
||||
</div>
|
||||
'.$h_userlink.': '.$h_comment.'
|
||||
@ -221,19 +220,19 @@ class CommentListTheme extends Themelet {
|
||||
return "";
|
||||
}
|
||||
|
||||
protected function build_postbox($image_id) {
|
||||
protected function build_postbox(/*int*/ $image_id) {
|
||||
global $config;
|
||||
|
||||
$i_image_id = int_escape($image_id);
|
||||
$hash = CommentList::get_hash();
|
||||
$captcha = $config->get_bool("comment_captcha") ? captcha_get_html() : "";
|
||||
$h_captcha = $config->get_bool("comment_captcha") ? captcha_get_html() : "";
|
||||
|
||||
return '
|
||||
'.make_form(make_link("comment/add")).'
|
||||
<input type="hidden" name="image_id" value="'.$i_image_id.'" />
|
||||
<input type="hidden" name="hash" value="'.$hash.'" />
|
||||
<textarea id="comment_on_'.$i_image_id.'" name="comment" rows="5" cols="50"></textarea>
|
||||
'.$captcha.'
|
||||
'.$h_captcha.'
|
||||
<br><input type="submit" value="Post Comment" />
|
||||
</form>
|
||||
';
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
class ExtManagerTheme extends Themelet {
|
||||
public function display_table(Page $page, /*array*/ $extensions, /*bool*/ $editable) {
|
||||
global $user;
|
||||
$en = $editable ? "<th>Enabled</th>" : "";
|
||||
$h_en = $editable ? "<th>Enabled</th>" : "";
|
||||
$html = "
|
||||
".make_form(make_link("ext_manager/set"))."
|
||||
<script type='text/javascript'>
|
||||
@ -13,7 +13,7 @@ class ExtManagerTheme extends Themelet {
|
||||
</script>
|
||||
<table id='extensions' class='zebra'>
|
||||
<thead>
|
||||
<tr>$en<th>Name</th><th>Description</th></tr>
|
||||
<tr>$h_en<th>Name</th><th>Description</th></tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
";
|
||||
@ -21,27 +21,26 @@ class ExtManagerTheme extends Themelet {
|
||||
foreach($extensions as $extension) {
|
||||
if(!$editable && $extension->visibility == "admin") continue;
|
||||
|
||||
$ext_name = $extension->ext_name;
|
||||
$h_name = empty($extension->name) ? $ext_name : html_escape($extension->name);
|
||||
$h_name = html_escape(empty($extension->name) ? $extension->ext_name : $extension->name);
|
||||
$h_description = html_escape($extension->description);
|
||||
if($extension->enabled === TRUE) $h_enabled = " checked='checked'";
|
||||
else if($extension->enabled === FALSE) $h_enabled = "";
|
||||
else $h_enabled = " disabled checked='checked'";
|
||||
$h_link = make_link("ext_doc/".html_escape($extension->ext_name));
|
||||
$h_link = make_link("ext_doc/".url_escape($extension->ext_name));
|
||||
$oe = ($n++ % 2 == 0) ? "even" : "odd";
|
||||
|
||||
$en = $editable ? "<td><input type='checkbox' name='ext_$ext_name'$h_enabled></td>" : "";
|
||||
$h_en = $editable ? "<td><input type='checkbox' name='ext_".html_escape($extension->ext_name)."'$h_enabled></td>" : "";
|
||||
$html .= "
|
||||
<tr class='$oe'>
|
||||
$en
|
||||
$h_en
|
||||
<td><a href='$h_link'>$h_name</a></td>
|
||||
<td style='text-align: left;'>$h_description</td>
|
||||
</tr>";
|
||||
}
|
||||
$set = $editable ? "<tfoot><tr><td colspan='5'><input type='submit' value='Set Extensions'></td></tr></tfoot>" : "";
|
||||
$h_set = $editable ? "<tfoot><tr><td colspan='5'><input type='submit' value='Set Extensions'></td></tr></tfoot>" : "";
|
||||
$html .= "
|
||||
</tbody>
|
||||
$set
|
||||
$h_set
|
||||
</table>
|
||||
</form>
|
||||
";
|
||||
|
||||
@ -4,8 +4,8 @@ class PixelFileHandlerTheme extends Themelet {
|
||||
public function display_image(Page $page, Image $image) {
|
||||
global $config;
|
||||
|
||||
$ilink = $image->get_image_link();
|
||||
$html = "<img id='main_image' src='$ilink'>";
|
||||
$u_ilink = $image->get_image_link();
|
||||
$html = "<img id='main_image' src='$u_ilink'>";
|
||||
if($config->get_bool("image_show_meta")) {
|
||||
# FIXME: only read from jpegs?
|
||||
$exif = @exif_read_data($image->get_image_filename(), 0, true);
|
||||
|
||||
@ -6,7 +6,7 @@ class ImageIOTheme {
|
||||
*
|
||||
* @param $image_id The image to delete
|
||||
*/
|
||||
public function get_deleter_html($image_id) {
|
||||
public function get_deleter_html(/*int*/ $image_id) {
|
||||
global $config;
|
||||
|
||||
if($config->get_bool("image_jquery_confirm")) {
|
||||
@ -33,14 +33,11 @@ class ImageIOTheme {
|
||||
*
|
||||
* @param $image_id The image to replace
|
||||
*/
|
||||
public function get_replace_html($image_id) {
|
||||
|
||||
$html = "
|
||||
".make_form(make_link("image_admin/replace"))."
|
||||
public function get_replace_html(/*int*/ $image_id) {
|
||||
$html = make_form(make_link("image_admin/replace"))."
|
||||
<input type='hidden' name='image_id' value='$image_id' />
|
||||
<input type='submit' value='Replace' />
|
||||
</form>";
|
||||
|
||||
return $html;
|
||||
}
|
||||
}
|
||||
|
||||
@ -15,7 +15,6 @@ class SetupTheme extends Themelet {
|
||||
public function display_page(Page $page, SetupPanel $panel) {
|
||||
global $user;
|
||||
|
||||
|
||||
usort($panel->blocks, "blockcmp");
|
||||
|
||||
/*
|
||||
@ -44,35 +43,31 @@ class SetupTheme extends Themelet {
|
||||
public function display_advanced(Page $page, $options) {
|
||||
global $user;
|
||||
|
||||
$rows = "";
|
||||
$h_rows = "";
|
||||
$n = 0;
|
||||
ksort($options);
|
||||
foreach($options as $name => $value) {
|
||||
$h_name = html_escape($name);
|
||||
$h_value = html_escape($value);
|
||||
$len = strlen($h_value);
|
||||
$oe = ($n++ % 2 == 0) ? "even" : "odd";
|
||||
|
||||
$box = "";
|
||||
$h_box = "";
|
||||
if(strpos($value, "\n") > 0) {
|
||||
$box .= "<textarea cols='50' rows='4' name='_config_$name'>$h_value</textarea>";
|
||||
$h_box .= "<textarea cols='50' rows='4' name='_config_$h_name'>$h_value</textarea>";
|
||||
}
|
||||
else {
|
||||
$box .= "<input type='text' name='_config_$name' value='$h_value'>";
|
||||
$h_box .= "<input type='text' name='_config_$h_name' value='$h_value'>";
|
||||
}
|
||||
$box .= "<input type='hidden' name='_type_$name' value='string'>";
|
||||
$rows .= "<tr class='$oe'><td>$name</td><td>$box</td></tr>";
|
||||
$h_box .= "<input type='hidden' name='_type_$h_name' value='string'>";
|
||||
$h_rows .= "<tr class='$oe'><td>$h_name</td><td>$h_box</td></tr>";
|
||||
}
|
||||
|
||||
$table = "
|
||||
<script type='text/javascript'>
|
||||
$(document).ready(function() {
|
||||
$(\"#settings\").tablesorter();
|
||||
});
|
||||
</script>
|
||||
".make_form(make_link("setup/save"))."
|
||||
<table id='settings' class='zebra'>
|
||||
<table id='settings' class='sortable zebra'>
|
||||
<thead><tr><th width='25%'>Name</th><th>Value</th></tr></thead>
|
||||
<tbody>$rows</tbody>
|
||||
<tbody>$h_rows</tbody>
|
||||
<tfoot><tr><td colspan='2'><input type='submit' value='Save Settings'></td></tr></tfoot>
|
||||
</table>
|
||||
</form>
|
||||
|
||||
@ -37,12 +37,12 @@ class TagEditTheme extends Themelet {
|
||||
$h_owner = html_escape($image->get_owner()->name);
|
||||
$h_av = $image->get_owner()->get_avatar_html();
|
||||
$h_date = autodate($image->posted);
|
||||
$ip = $user->can("view_ip") ? " (".show_ip($image->owner_ip, "Image posted {$image->posted}").")" : "";
|
||||
$h_ip = $user->can("view_ip") ? " (".show_ip($image->owner_ip, "Image posted {$image->posted}").")" : "";
|
||||
return "
|
||||
<tr>
|
||||
<td>Uploader</td>
|
||||
<td>
|
||||
<span class='view'><a class='username' href='".make_link("user/$h_owner")."'>$h_owner</a>$ip, $h_date</span>
|
||||
<span class='view'><a class='username' href='".make_link("user/$h_owner")."'>$h_owner</a>$h_ip, $h_date</span>
|
||||
<input class='edit' type='text' name='tag_edit__owner' value='$h_owner'>
|
||||
</td>
|
||||
<td width='80px' rowspan='4'>$h_av</td>
|
||||
@ -64,7 +64,7 @@ class TagEditTheme extends Themelet {
|
||||
";
|
||||
}
|
||||
|
||||
private function format_source($source) {
|
||||
private function format_source(/*string*/ $source) {
|
||||
if(!empty($source)) {
|
||||
$h_source = html_escape($source);
|
||||
if(startsWith($source, "http://") || startsWith($source, "https://")) {
|
||||
|
||||
@ -53,9 +53,10 @@ class TagListTheme extends Themelet {
|
||||
}
|
||||
}
|
||||
|
||||
if($config->get_string('tag_list_image_type')=="tags"){
|
||||
$page->add_block(new Block("Tags", $html, "left", 10));}
|
||||
else{
|
||||
if($config->get_string('tag_list_image_type')=="tags") {
|
||||
$page->add_block(new Block("Tags", $html, "left", 10));
|
||||
}
|
||||
else {
|
||||
$page->add_block(new Block("Related Tags", $html, "left", 10));
|
||||
}
|
||||
}
|
||||
@ -109,7 +110,7 @@ class TagListTheme extends Themelet {
|
||||
global $config;
|
||||
|
||||
// store local copy for speed.
|
||||
$info_link = $config->get_string('info_link');
|
||||
$info_link = $config->get_string('info_link');
|
||||
|
||||
$html = "";
|
||||
$n = 0;
|
||||
|
||||
@ -1,14 +0,0 @@
|
||||
/* Only need to change the file/url inputs */
|
||||
#large_upload_form INPUT.wid {
|
||||
width: 100%;
|
||||
}
|
||||
#radio_button {
|
||||
width: auto;
|
||||
}
|
||||
#wrapper {
|
||||
opacity : 0.4;
|
||||
filter: alpha(opacity=40); // msie
|
||||
}
|
||||
|
||||
/* This is needed since the theme style.css forcibly sets vertical align to "top". */
|
||||
TABLE.vert TD, TABLE.vert TH {vertical-align: middle;}
|
||||
@ -1,3 +1,17 @@
|
||||
/* Only need to change the file/url inputs */
|
||||
#large_upload_form INPUT.wid {
|
||||
width: 100%;
|
||||
}
|
||||
#radio_button {
|
||||
width: auto;
|
||||
}
|
||||
#wrapper {
|
||||
opacity : 0.4;
|
||||
filter: alpha(opacity=40); // msie
|
||||
}
|
||||
|
||||
/* This is needed since the theme style.css forcibly sets vertical align to "top". */
|
||||
TABLE.vert TD, TABLE.vert TH {vertical-align: middle;}
|
||||
.mini_upload INPUT {
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
@ -11,7 +11,6 @@ class UploadTheme extends Themelet {
|
||||
|
||||
public function display_page(Page $page) {
|
||||
global $config, $page;
|
||||
$page->add_html_header("<link rel='stylesheet' href='".get_base_href()."/ext/upload/_style.css' type='text/css'>");
|
||||
|
||||
$tl_enabled = ($config->get_string("transload_engine", "none") != "none");
|
||||
// Uploader 2.0!
|
||||
@ -157,7 +156,6 @@ class UploadTheme extends Themelet {
|
||||
/* only allows 1 file to be uploaded - for replacing another image file */
|
||||
public function display_replace_page(Page $page, /*int*/ $image_id) {
|
||||
global $config, $page;
|
||||
$page->add_html_header("<link rel='stylesheet' href='".get_base_href()."/ext/upload/_style.css' type='text/css'>");
|
||||
$tl_enabled = ($config->get_string("transload_engine", "none") != "none");
|
||||
|
||||
$js2 = 'javascript:$(function() {
|
||||
|
||||
@ -17,7 +17,7 @@ class UserPageTheme extends Themelet {
|
||||
$html .= "<tr><td>Name</td></tr>";
|
||||
foreach($users as $duser) {
|
||||
$html .= "<tr>";
|
||||
$html .= "<td><a href='".make_link("user/".$duser->name)."'>".html_escape($duser->name)."</a></td>";
|
||||
$html .= "<td><a href='".make_link("user/".url_escape($duser->name))."'>".html_escape($duser->name)."</a></td>";
|
||||
$html .= "</tr>";
|
||||
}
|
||||
$html .= "</table>";
|
||||
@ -50,7 +50,7 @@ class UserPageTheme extends Themelet {
|
||||
if(empty($tac)) {$html = "";}
|
||||
else {$html = '<p>'.$tac.'</p>';}
|
||||
|
||||
$reca = "<tr><td colspan='2'>".captcha_get_html()."</td></tr>";
|
||||
$h_reca = "<tr><td colspan='2'>".captcha_get_html()."</td></tr>";
|
||||
|
||||
$html .= '
|
||||
'.make_form(make_link("user_admin/create"))."
|
||||
@ -59,7 +59,7 @@ class UserPageTheme extends Themelet {
|
||||
<tr><td>Password</td><td><input type='password' name='pass1'></td></tr>
|
||||
<tr><td>Repeat Password</td><td><input type='password' name='pass2'></td></tr>
|
||||
<tr><td>Email (Optional)</td><td><input type='text' name='email'></td></tr>
|
||||
$reca
|
||||
$h_reca
|
||||
<tr><td colspan='2'><input type='Submit' value='Create Account'></td></tr>
|
||||
</table>
|
||||
</form>
|
||||
@ -135,8 +135,8 @@ class UserPageTheme extends Themelet {
|
||||
assert(is_array($stats));
|
||||
$stats[] = 'User ID: '.$duser->id;
|
||||
|
||||
$page->set_title($duser->name."'s Page");
|
||||
$page->set_heading($duser->name."'s Page");
|
||||
$page->set_title(html_escape($duser->name)."'s Page");
|
||||
$page->set_heading(html_escape($duser->name)."'s Page");
|
||||
$page->add_block(new NavBlock());
|
||||
$page->add_block(new Block("Stats", join("<br>", $stats), "main", 0));
|
||||
|
||||
|
||||
@ -7,11 +7,11 @@ class ViewImageTheme extends Themelet {
|
||||
public function display_page(Image $image, $editor_parts) {
|
||||
global $page;
|
||||
|
||||
$metatags = str_replace(" ", ", ", html_escape($image->get_tag_list()));
|
||||
$h_metatags = str_replace(" ", ", ", html_escape($image->get_tag_list()));
|
||||
|
||||
$page->set_title("Image {$image->id}: ".html_escape($image->get_tag_list()));
|
||||
$page->add_html_header("<meta name=\"keywords\" content=\"$metatags\">");
|
||||
$page->add_html_header("<meta property=\"og:title\" content=\"$metatags\">");
|
||||
$page->add_html_header("<meta name=\"keywords\" content=\"$h_metatags\">");
|
||||
$page->add_html_header("<meta property=\"og:title\" content=\"$h_metatags\">");
|
||||
$page->add_html_header("<meta property=\"og:type\" content=\"article\">");
|
||||
$page->add_html_header("<meta property=\"og:image\" content=\"".make_http($image->get_thumb_link())."\">");
|
||||
$page->add_html_header("<meta property=\"og:url\" content=\"".make_http(make_link("post/view/{$image->id}"))."\">");
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user