james/fembooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

more notation for which strings are HTML safe and which aren't

Browse Source
This commit is contained in:
Shish 2012-02-13 20:51:34 +00:00
parent 9af3a765b4
commit 519e46578d
13 changed files with 66 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
ext/alias_editor/theme.php
View File

@ -12,8 +12,8 @@ class AliasEditorTheme extends Themelet {
$can_manage = $user->can("manage_alias_list"); $can_manage = $user->can("manage_alias_list");
if($can_manage) { if($can_manage) {
$action = "<th width='10%'>Action</th>"; $h_action = "<th width='10%'>Action</th>";
$add = " $h_add = "
<tr> <tr>
".make_form(make_link("alias/add"))." ".make_form(make_link("alias/add"))."
<td><input type='text' name='oldtag'></td> <td><input type='text' name='oldtag'></td>
@ -24,8 +24,8 @@ class AliasEditorTheme extends Themelet {
"; ";
} }
else { else {
$action = ""; $h_action = "";
$add = ""; $h_add = "";
} }
$h_aliases = ""; $h_aliases = "";
@ -49,15 +49,10 @@ class AliasEditorTheme extends Themelet {
$h_aliases .= "</tr>"; $h_aliases .= "</tr>";
} }
$html = " $html = "
<script type='text/javascript'> <table id='aliases' class='sortable zebra'>
$(document).ready(function() { <thead><tr><th>From</th><th>To</th>$h_action</tr></thead>
$(\"#aliases\").tablesorter();
});
</script>
<table id='aliases' class='zebra'>
<thead><tr><th>From</th><th>To</th>$action</tr></thead>
<tbody>$h_aliases</tbody> <tbody>$h_aliases</tbody>
<tfoot>$add</tfoot> <tfoot>$h_add</tfoot>
</table> </table>
<p><a href='".make_link("alias/export/aliases.csv")."'>Download as CSV</a></p> <p><a href='".make_link("alias/export/aliases.csv")."'>Download as CSV</a></p>
"; ";

15
ext/comment/theme.php
View File

@ -167,7 +167,6 @@ class CommentListTheme extends Themelet {
if($i_uid == $config->get_int("anon_id")) { if($i_uid == $config->get_int("anon_id")) {
$anoncode = ""; $anoncode = "";
$style = "";
$anoncode2 = ""; $anoncode2 = "";
if($this->show_anon_id) { if($this->show_anon_id) {
$anoncode = '<sup>'.$this->anon_id.'</sup>'; $anoncode = '<sup>'.$this->anon_id.'</sup>';
@ -181,7 +180,7 @@ class CommentListTheme extends Themelet {
} }
} }
} }
$h_userlink = "<span class='username'$style>" . $h_name . $anoncode . $anoncode2 . "</span>"; $h_userlink = "<span class='username'>" . $h_name . $anoncode . $anoncode2 . "</span>";
$this->anon_id++; $this->anon_id++;
} }
else { else {
@ -197,10 +196,10 @@ class CommentListTheme extends Themelet {
'; ';
} }
else { else {
$avatar = ""; $h_avatar = "";
if(!empty($comment->owner_email)) { if(!empty($comment->owner_email)) {
$hash = md5(strtolower($comment->owner_email)); $hash = md5(strtolower($comment->owner_email));
$avatar = "<img src=\"http://www.gravatar.com/avatar/$hash.jpg\"><br>"; $h_avatar = "<img src=\"http://www.gravatar.com/avatar/$hash.jpg\"><br>";
} }
$h_reply = " - <a href='javascript: replyTo($i_image_id, $i_comment_id)'>Reply</a>"; $h_reply = " - <a href='javascript: replyTo($i_image_id, $i_comment_id)'>Reply</a>";
$h_ip = $user->can("view_ip") ? "<br>".show_ip($comment->poster_ip, "Comment posted {$comment->posted}") : ""; $h_ip = $user->can("view_ip") ? "<br>".show_ip($comment->poster_ip, "Comment posted {$comment->posted}") : "";
@ -211,7 +210,7 @@ class CommentListTheme extends Themelet {
<a name="'.$i_comment_id.'"></a> <a name="'.$i_comment_id.'"></a>
<div class="comment"> <div class="comment">
<div class="info"> <div class="info">
'.$avatar.' '.$h_avatar.'
'.$h_timestamp.$h_reply.$h_ip.$h_del.' '.$h_timestamp.$h_reply.$h_ip.$h_del.'
</div> </div>
'.$h_userlink.': '.$h_comment.' '.$h_userlink.': '.$h_comment.'
@ -221,19 +220,19 @@ class CommentListTheme extends Themelet {
return ""; return "";
} }
protected function build_postbox($image_id) { protected function build_postbox(/*int*/ $image_id) {
global $config; global $config;
$i_image_id = int_escape($image_id); $i_image_id = int_escape($image_id);
$hash = CommentList::get_hash(); $hash = CommentList::get_hash();
$captcha = $config->get_bool("comment_captcha") ? captcha_get_html() : ""; $h_captcha = $config->get_bool("comment_captcha") ? captcha_get_html() : "";
return ' return '
'.make_form(make_link("comment/add")).' '.make_form(make_link("comment/add")).'
<input type="hidden" name="image_id" value="'.$i_image_id.'" /> <input type="hidden" name="image_id" value="'.$i_image_id.'" />
<input type="hidden" name="hash" value="'.$hash.'" /> <input type="hidden" name="hash" value="'.$hash.'" />
<textarea id="comment_on_'.$i_image_id.'" name="comment" rows="5" cols="50"></textarea> <textarea id="comment_on_'.$i_image_id.'" name="comment" rows="5" cols="50"></textarea>
'.$captcha.' '.$h_captcha.'
<br><input type="submit" value="Post Comment" /> <br><input type="submit" value="Post Comment" />
</form> </form>
'; ';

17
ext/ext_manager/theme.php
View File

@ -3,7 +3,7 @@
class ExtManagerTheme extends Themelet { class ExtManagerTheme extends Themelet {
public function display_table(Page $page, /*array*/ $extensions, /*bool*/ $editable) { public function display_table(Page $page, /*array*/ $extensions, /*bool*/ $editable) {
global $user; global $user;
$en = $editable ? "<th>Enabled</th>" : ""; $h_en = $editable ? "<th>Enabled</th>" : "";
$html = " $html = "
".make_form(make_link("ext_manager/set"))." ".make_form(make_link("ext_manager/set"))."
<script type='text/javascript'> <script type='text/javascript'>
@ -13,7 +13,7 @@ class ExtManagerTheme extends Themelet {
</script> </script>
<table id='extensions' class='zebra'> <table id='extensions' class='zebra'>
<thead> <thead>
<tr>$en<th>Name</th><th>Description</th></tr> <tr>$h_en<th>Name</th><th>Description</th></tr>
</thead> </thead>
<tbody> <tbody>
"; ";
@ -21,27 +21,26 @@ class ExtManagerTheme extends Themelet {
foreach($extensions as $extension) { foreach($extensions as $extension) {
if(!$editable && $extension->visibility == "admin") continue; if(!$editable && $extension->visibility == "admin") continue;
$ext_name = $extension->ext_name; $h_name = html_escape(empty($extension->name) ? $extension->ext_name : $extension->name);
$h_name = empty($extension->name) ? $ext_name : html_escape($extension->name);
$h_description = html_escape($extension->description); $h_description = html_escape($extension->description);
if($extension->enabled === TRUE) $h_enabled = " checked='checked'"; if($extension->enabled === TRUE) $h_enabled = " checked='checked'";
else if($extension->enabled === FALSE) $h_enabled = ""; else if($extension->enabled === FALSE) $h_enabled = "";
else $h_enabled = " disabled checked='checked'"; else $h_enabled = " disabled checked='checked'";
$h_link = make_link("ext_doc/".html_escape($extension->ext_name)); $h_link = make_link("ext_doc/".url_escape($extension->ext_name));
$oe = ($n++ % 2 == 0) ? "even" : "odd"; $oe = ($n++ % 2 == 0) ? "even" : "odd";
$en = $editable ? "<td><input type='checkbox' name='ext_$ext_name'$h_enabled></td>" : ""; $h_en = $editable ? "<td><input type='checkbox' name='ext_".html_escape($extension->ext_name)."'$h_enabled></td>" : "";
$html .= " $html .= "
<tr class='$oe'> <tr class='$oe'>
$en $h_en
<td><a href='$h_link'>$h_name</a></td> <td><a href='$h_link'>$h_name</a></td>
<td style='text-align: left;'>$h_description</td> <td style='text-align: left;'>$h_description</td>
</tr>"; </tr>";
} }
$set = $editable ? "<tfoot><tr><td colspan='5'><input type='submit' value='Set Extensions'></td></tr></tfoot>" : ""; $h_set = $editable ? "<tfoot><tr><td colspan='5'><input type='submit' value='Set Extensions'></td></tr></tfoot>" : "";
$html .= " $html .= "
</tbody> </tbody>
$set $h_set
</table> </table>
</form> </form>
"; ";

4
ext/handle_pixel/theme.php
View File

@ -4,8 +4,8 @@ class PixelFileHandlerTheme extends Themelet {
public function display_image(Page $page, Image $image) { public function display_image(Page $page, Image $image) {
global $config; global $config;
$ilink = $image->get_image_link(); $u_ilink = $image->get_image_link();
$html = "<img id='main_image' src='$ilink'>"; $html = "<img id='main_image' src='$u_ilink'>";
if($config->get_bool("image_show_meta")) { if($config->get_bool("image_show_meta")) {
# FIXME: only read from jpegs? # FIXME: only read from jpegs?
$exif = @exif_read_data($image->get_image_filename(), 0, true); $exif = @exif_read_data($image->get_image_filename(), 0, true);

9
ext/image/theme.php
View File

@ -6,7 +6,7 @@ class ImageIOTheme {
* *
* @param $image_id The image to delete * @param $image_id The image to delete
*/ */
public function get_deleter_html($image_id) { public function get_deleter_html(/*int*/ $image_id) {
global $config; global $config;
if($config->get_bool("image_jquery_confirm")) { if($config->get_bool("image_jquery_confirm")) {
@ -33,14 +33,11 @@ class ImageIOTheme {
* *
* @param $image_id The image to replace * @param $image_id The image to replace
*/ */
public function get_replace_html($image_id) { public function get_replace_html(/*int*/ $image_id) {
$html = make_form(make_link("image_admin/replace"))."
$html = "
".make_form(make_link("image_admin/replace"))."
<input type='hidden' name='image_id' value='$image_id' /> <input type='hidden' name='image_id' value='$image_id' />
<input type='submit' value='Replace' /> <input type='submit' value='Replace' />
</form>"; </form>";
return $html; return $html;
} }
} }

23
ext/setup/theme.php
View File

@ -15,7 +15,6 @@ class SetupTheme extends Themelet {
public function display_page(Page $page, SetupPanel $panel) { public function display_page(Page $page, SetupPanel $panel) {
global $user; global $user;
usort($panel->blocks, "blockcmp"); usort($panel->blocks, "blockcmp");
/* /*
@ -44,35 +43,31 @@ class SetupTheme extends Themelet {
public function display_advanced(Page $page, $options) { public function display_advanced(Page $page, $options) {
global $user; global $user;
$rows = ""; $h_rows = "";
$n = 0; $n = 0;
ksort($options); ksort($options);
foreach($options as $name => $value) { foreach($options as $name => $value) {
$h_name = html_escape($name);
$h_value = html_escape($value); $h_value = html_escape($value);
$len = strlen($h_value); $len = strlen($h_value);
$oe = ($n++ % 2 == 0) ? "even" : "odd"; $oe = ($n++ % 2 == 0) ? "even" : "odd";
$box = ""; $h_box = "";
if(strpos($value, "\n") > 0) { if(strpos($value, "\n") > 0) {
$box .= "<textarea cols='50' rows='4' name='_config_$name'>$h_value</textarea>"; $h_box .= "<textarea cols='50' rows='4' name='_config_$h_name'>$h_value</textarea>";
} }
else { else {
$box .= "<input type='text' name='_config_$name' value='$h_value'>"; $h_box .= "<input type='text' name='_config_$h_name' value='$h_value'>";
} }
$box .= "<input type='hidden' name='_type_$name' value='string'>"; $h_box .= "<input type='hidden' name='_type_$h_name' value='string'>";
$rows .= "<tr class='$oe'><td>$name</td><td>$box</td></tr>"; $h_rows .= "<tr class='$oe'><td>$h_name</td><td>$h_box</td></tr>";
} }
$table = " $table = "
<script type='text/javascript'>
$(document).ready(function() {
$(\"#settings\").tablesorter();
});
</script>
".make_form(make_link("setup/save"))." ".make_form(make_link("setup/save"))."
<table id='settings' class='zebra'> <table id='settings' class='sortable zebra'>
<thead><tr><th width='25%'>Name</th><th>Value</th></tr></thead> <thead><tr><th width='25%'>Name</th><th>Value</th></tr></thead>
<tbody>$rows</tbody> <tbody>$h_rows</tbody>
<tfoot><tr><td colspan='2'><input type='submit' value='Save Settings'></td></tr></tfoot> <tfoot><tr><td colspan='2'><input type='submit' value='Save Settings'></td></tr></tfoot>
</table> </table>
</form> </form>

6
ext/tag_edit/theme.php
View File

@ -37,12 +37,12 @@ class TagEditTheme extends Themelet {
$h_owner = html_escape($image->get_owner()->name); $h_owner = html_escape($image->get_owner()->name);
$h_av = $image->get_owner()->get_avatar_html(); $h_av = $image->get_owner()->get_avatar_html();
$h_date = autodate($image->posted); $h_date = autodate($image->posted);
$ip = $user->can("view_ip") ? " (".show_ip($image->owner_ip, "Image posted {$image->posted}").")" : ""; $h_ip = $user->can("view_ip") ? " (".show_ip($image->owner_ip, "Image posted {$image->posted}").")" : "";
return " return "
<tr> <tr>
<td>Uploader</td> <td>Uploader</td>
<td> <td>
<span class='view'><a class='username' href='".make_link("user/$h_owner")."'>$h_owner</a>$ip, $h_date</span> <span class='view'><a class='username' href='".make_link("user/$h_owner")."'>$h_owner</a>$h_ip, $h_date</span>
<input class='edit' type='text' name='tag_edit__owner' value='$h_owner'> <input class='edit' type='text' name='tag_edit__owner' value='$h_owner'>
</td> </td>
<td width='80px' rowspan='4'>$h_av</td> <td width='80px' rowspan='4'>$h_av</td>
@ -64,7 +64,7 @@ class TagEditTheme extends Themelet {
"; ";
} }
private function format_source($source) { private function format_source(/*string*/ $source) {
if(!empty($source)) { if(!empty($source)) {
$h_source = html_escape($source); $h_source = html_escape($source);
if(startsWith($source, "http://") || startsWith($source, "https://")) { if(startsWith($source, "http://") || startsWith($source, "https://")) {

9
ext/tag_list/theme.php
View File

@ -53,9 +53,10 @@ class TagListTheme extends Themelet {
} }
} }
if($config->get_string('tag_list_image_type')=="tags"){ if($config->get_string('tag_list_image_type')=="tags") {
$page->add_block(new Block("Tags", $html, "left", 10));} $page->add_block(new Block("Tags", $html, "left", 10));
else{ }
else {
$page->add_block(new Block("Related Tags", $html, "left", 10)); $page->add_block(new Block("Related Tags", $html, "left", 10));
} }
} }
@ -109,7 +110,7 @@ class TagListTheme extends Themelet {
global $config; global $config;
// store local copy for speed. // store local copy for speed.
$info_link = $config->get_string('info_link'); $info_link = $config->get_string('info_link');
$html = ""; $html = "";
$n = 0; $n = 0;

14
ext/upload/_style.css
View File

@ -1,14 +0,0 @@
/* Only need to change the file/url inputs */
#large_upload_form INPUT.wid {
width: 100%;
}
#radio_button {
width: auto;
}
#wrapper {
opacity : 0.4;
filter: alpha(opacity=40); // msie
}
/* This is needed since the theme style.css forcibly sets vertical align to "top". */
TABLE.vert TD, TABLE.vert TH {vertical-align: middle;}

14
ext/upload/style.css
View File

@ -1,3 +1,17 @@
/* Only need to change the file/url inputs */
#large_upload_form INPUT.wid {
width: 100%;
}
#radio_button {
width: auto;
}
#wrapper {
opacity : 0.4;
filter: alpha(opacity=40); // msie
}
/* This is needed since the theme style.css forcibly sets vertical align to "top". */
TABLE.vert TD, TABLE.vert TH {vertical-align: middle;}
.mini_upload INPUT { .mini_upload INPUT {
width: 100%; width: 100%;
} }

2
ext/upload/theme.php
View File

@ -11,7 +11,6 @@ class UploadTheme extends Themelet {
public function display_page(Page $page) { public function display_page(Page $page) {
global $config, $page; global $config, $page;
$page->add_html_header("<link rel='stylesheet' href='".get_base_href()."/ext/upload/_style.css' type='text/css'>");
$tl_enabled = ($config->get_string("transload_engine", "none") != "none"); $tl_enabled = ($config->get_string("transload_engine", "none") != "none");
// Uploader 2.0! // Uploader 2.0!
@ -157,7 +156,6 @@ class UploadTheme extends Themelet {
/* only allows 1 file to be uploaded - for replacing another image file */ /* only allows 1 file to be uploaded - for replacing another image file */
public function display_replace_page(Page $page, /*int*/ $image_id) { public function display_replace_page(Page $page, /*int*/ $image_id) {
global $config, $page; global $config, $page;
$page->add_html_header("<link rel='stylesheet' href='".get_base_href()."/ext/upload/_style.css' type='text/css'>");
$tl_enabled = ($config->get_string("transload_engine", "none") != "none"); $tl_enabled = ($config->get_string("transload_engine", "none") != "none");
$js2 = 'javascript:$(function() { $js2 = 'javascript:$(function() {

10
ext/user/theme.php
View File

@ -17,7 +17,7 @@ class UserPageTheme extends Themelet {
$html .= "<tr><td>Name</td></tr>"; $html .= "<tr><td>Name</td></tr>";
foreach($users as $duser) { foreach($users as $duser) {
$html .= "<tr>"; $html .= "<tr>";
$html .= "<td><a href='".make_link("user/".$duser->name)."'>".html_escape($duser->name)."</a></td>"; $html .= "<td><a href='".make_link("user/".url_escape($duser->name))."'>".html_escape($duser->name)."</a></td>";
$html .= "</tr>"; $html .= "</tr>";
} }
$html .= "</table>"; $html .= "</table>";
@ -50,7 +50,7 @@ class UserPageTheme extends Themelet {
if(empty($tac)) {$html = "";} if(empty($tac)) {$html = "";}
else {$html = '<p>'.$tac.'</p>';} else {$html = '<p>'.$tac.'</p>';}
$reca = "<tr><td colspan='2'>".captcha_get_html()."</td></tr>"; $h_reca = "<tr><td colspan='2'>".captcha_get_html()."</td></tr>";
$html .= ' $html .= '
'.make_form(make_link("user_admin/create"))." '.make_form(make_link("user_admin/create"))."
@ -59,7 +59,7 @@ class UserPageTheme extends Themelet {
<tr><td>Password</td><td><input type='password' name='pass1'></td></tr> <tr><td>Password</td><td><input type='password' name='pass1'></td></tr>
<tr><td>Repeat Password</td><td><input type='password' name='pass2'></td></tr> <tr><td>Repeat Password</td><td><input type='password' name='pass2'></td></tr>
<tr><td>Email (Optional)</td><td><input type='text' name='email'></td></tr> <tr><td>Email (Optional)</td><td><input type='text' name='email'></td></tr>
$reca $h_reca
<tr><td colspan='2'><input type='Submit' value='Create Account'></td></tr> <tr><td colspan='2'><input type='Submit' value='Create Account'></td></tr>
</table> </table>
</form> </form>
@ -135,8 +135,8 @@ class UserPageTheme extends Themelet {
assert(is_array($stats)); assert(is_array($stats));
$stats[] = 'User ID: '.$duser->id; $stats[] = 'User ID: '.$duser->id;
$page->set_title($duser->name."'s Page"); $page->set_title(html_escape($duser->name)."'s Page");
$page->set_heading($duser->name."'s Page"); $page->set_heading(html_escape($duser->name)."'s Page");
$page->add_block(new NavBlock()); $page->add_block(new NavBlock());
$page->add_block(new Block("Stats", join("<br>", $stats), "main", 0)); $page->add_block(new Block("Stats", join("<br>", $stats), "main", 0));

6
ext/view/theme.php
View File

@ -7,11 +7,11 @@ class ViewImageTheme extends Themelet {
public function display_page(Image $image, $editor_parts) { public function display_page(Image $image, $editor_parts) {
global $page; global $page;
$metatags = str_replace(" ", ", ", html_escape($image->get_tag_list())); $h_metatags = str_replace(" ", ", ", html_escape($image->get_tag_list()));
$page->set_title("Image {$image->id}: ".html_escape($image->get_tag_list())); $page->set_title("Image {$image->id}: ".html_escape($image->get_tag_list()));
$page->add_html_header("<meta name=\"keywords\" content=\"$metatags\">"); $page->add_html_header("<meta name=\"keywords\" content=\"$h_metatags\">");
$page->add_html_header("<meta property=\"og:title\" content=\"$metatags\">"); $page->add_html_header("<meta property=\"og:title\" content=\"$h_metatags\">");
$page->add_html_header("<meta property=\"og:type\" content=\"article\">"); $page->add_html_header("<meta property=\"og:type\" content=\"article\">");
$page->add_html_header("<meta property=\"og:image\" content=\"".make_http($image->get_thumb_link())."\">"); $page->add_html_header("<meta property=\"og:image\" content=\"".make_http($image->get_thumb_link())."\">");
$page->add_html_header("<meta property=\"og:url\" content=\"".make_http(make_link("post/view/{$image->id}"))."\">"); $page->add_html_header("<meta property=\"og:url\" content=\"".make_http(make_link("post/view/{$image->id}"))."\">");