1
0
mirror of https://github.com/owncloud/bookmarks.git synced 2024-11-30 05:24:09 +01:00

Merge pull request #631 from owncloud/from-insane-autoescape-to-p

Replace insane auto sanitization with p()- WIP
This commit is contained in:
Lukas Reschke 2013-03-01 14:31:16 -08:00
commit d6db39c5e7
5 changed files with 47 additions and 47 deletions

View File

@ -65,5 +65,5 @@ foreach($qtags as $tag) {
$tmpl = new OCP\Template( 'bookmarks', 'addBm', 'base' );
$tmpl->assign('requesttoken', OC_Util::callRegister());
$tmpl->assign('bookmark', $bm);
$tmpl->assign('tags', json_encode($tags), false);
$tmpl->assign('tags', json_encode($tags));
$tmpl->printPage();

View File

@ -1,43 +1,43 @@
<form class="addBm" method="post" action="<?php echo OCP\Util::linkTo('bookmarks', 'ajax/editBookmark.php');?>">
<form class="addBm" method="post" action="<?php print_unescaped(OCP\Util::linkTo('bookmarks', 'ajax/editBookmark.php'));?>">
<?php if(!isset($embedded) || !$embedded):?>
<script type="text/javascript" src="<?php echo OC_Helper::linkTo('bookmarks/js', 'full_tags.php');?>"></script>
<script type="text/javascript" src="<?php print_unescaped(OC_Helper::linkTo('bookmarks/js', 'full_tags.php'));?>"></script>
<h1><?php echo $l->t('Add a bookmark');?></h1>
<h1><?php p($l->t('Add a bookmark'));?></h1>
<div class="close_btn">
<a href="javascript:self.close()" class="ui-icon ui-icon-closethick">
<?php echo $l->t('Close');?>
<?php p($l->t('Close'));?>
</a>
</div>
<?php endif;?>
<fieldset class="bm_desc">
<ul>
<li>
<input type="text" name="title" class="title" value="<?php echo $_['bookmark']['title']; ?>"
placeholder="<?php echo $l->t('The title of the page');?>" />
<input type="text" name="title" class="title" value="<?php p($_['bookmark']['title']); ?>"
placeholder="<?php p($l->t('The title of the page'));?>" />
</li>
<li>
<input type="text" name="url" class="url_input" value="<?php echo $_['bookmark']['url']; ?>"
placeholder="<?php echo $l->t('The address of the page');?>" />
<input type="text" name="url" class="url_input" value="<?php p($_['bookmark']['url']); ?>"
placeholder="<?php p($l->t('The address of the page'));?>" />
</li>
<li>
<ul class="tags" >
<?php foreach($_['bookmark']['tags'] as $tag):?>
<li><?php echo $tag;?></li>
<li><?php p($tag);?></li>
<?php endforeach;?>
</ul>
</li>
<li>
<textarea name="description" class="desc" value="<?php echo $_['bookmark']['desc']; ?>"
placeholder="<?php echo $l->t('Description of the page');?>"></textarea>
<textarea name="description" class="desc" value="<?php p($_['bookmark']['desc']); ?>"
placeholder="<?php p($l->t('Description of the page'));?>"></textarea>
</li>
<li>
<input type="submit" class="submit" value="<?php echo $l->t("Save");?>" />
<input type="submit" class="submit" value="<?php p($l->t("Save"));?>" />
<input type="hidden" class="record_id" value="" name="record_id" />
<input type="hidden" name="requesttoken" value="<?php echo $_['requesttoken'] ?>">
<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>">
</li>
</ul>

View File

@ -2,8 +2,8 @@
<div class="bookmark_single" data-id="<%= id %>">
<p class="bookmark_actions">
<span class="bookmark_delete">
<img class="svg" src="<?php echo OCP\image_path("", "actions/delete.svg");?>"
title="<?php echo $l->t('Delete');?>">
<img class="svg" src="<?php print_unescaped(OCP\image_path("", "actions/delete.svg"));?>"
title="<?php p($l->t('Delete'));?>">
</span>&nbsp;
</p>
<p class="bookmark_title">
@ -11,7 +11,7 @@
<%= escapeHTML(title == '' ? encodeURI(url) : title ) %>
</a>
<span class="bookmark_edit bookmark_edit_btn">
<img class="svg" src="<?php echo OCP\image_path("", "actions/rename.svg");?>" title="<?php echo $l->t('Edit');?>">
<img class="svg" src="<?php print_unescaped(OCP\image_path("", "actions/rename.svg"));?>" title="<?php p($l->t('Edit'));?>">
</span>
</p>
<span class="bookmark_desc"><%= escapeHTML(description)%> </span>
@ -21,14 +21,14 @@
<script type="text/html" id="item_form_tmpl">
<div class="bookmark_single_form" data-id="<%= id %>">
<form method="post" action="<?php echo OCP\Util::linkTo('bookmarks', 'ajax/editBookmark.php');?>" >
<form method="post" action="<?php p(OCP\Util::linkTo('bookmarks', 'ajax/editBookmark.php'));?>" >
<input type="hidden" name="record_id" value="<%= id %>" />
<p class="bookmark_form_title">
<input type="text" name="title" placeholder="<?php echo $l->t('The title of the page');?>"
<input type="text" name="title" placeholder="<?php p($l->t('The title of the page'));?>"
value="<%= escapeHTML(title) %>"/>
</p>
<p class="bookmark_form_url">
<input type="text" name="url" placeholder="<?php echo $l->t('The address of the page');?>"
<input type="text" name="url" placeholder="<?php p($l->t('The address of the page'));?>"
value="<%= encodeURI(url)%>"/>
</p>
<div class="bookmark_form_tags"><ul>
@ -37,11 +37,11 @@
<% } %>
</ul></div>
<p class="bookmark_form_desc">
<textarea name="description" placeholder="<?php echo $l->t('Description of the page');?>"
<textarea name="description" placeholder="<?php p($l->t('Description of the page'));?>"
><%= escapeHTML(description) %></textarea>
</p>
<p class="bookmark_form_submit"><button class="reset" ><?php echo $l->t('Cancel');?></button>
<input type="submit" value="<?php echo $l->t('Save');?>">
<p class="bookmark_form_submit"><button class="reset" ><?php p($l->t('Cancel'));?></button>
<input type="submit" value="<?php p($l->t('Save'));?>">
</p>
</form>
</div>
@ -50,12 +50,12 @@
<li><a href="" class="tag"><%= tag %></a>
<p class="tags_actions">
<span class="tag_edit">
<img class="svg" src="<?php echo OCP\image_path("", "actions/rename.svg");?>"
title="<?php echo $l->t('Edit');?>">
<img class="svg" src="<?php print_unescaped(OCP\image_path("", "actions/rename.svg"));?>"
title="<?php p($l->t('Edit'));?>">
</span>
<span class="tag_delete">
<img class="svg" src="<?php echo OCP\image_path("", "actions/delete.svg");?>"
title="<?php echo $l->t('Delete');?>">
<img class="svg" src="<?php print_unescaped(OCP\image_path("", "actions/delete.svg"));?>"
title="<?php p($l->t('Delete'));?>">
</span>
</p>
<em><%= nbr %></em>

View File

@ -19,25 +19,25 @@ function bookmarklet(){
<div id="leftcontent">
<form id="add_form">
<input type="text" id="add_url" value="" placeholder="<?php echo $l->t('Address'); ?>"/>
<input type="submit" value="<?php echo $l->t('Add'); ?>" id="bookmark_add_submit" />
<input type="text" id="add_url" value="" placeholder="<?php p($l->t('Address')); ?>"/>
<input type="submit" value="<?php p($l->t('Add')); ?>" id="bookmark_add_submit" />
</form>
<p id="tag_filter">
<input type="text" value="<?php echo $_['req_tag']; ?>"/>
<input type="text" value="<?php p($_['req_tag']); ?>"/>
</p>
<input type="hidden" id="bookmarkFilterTag" value="<?php echo $_['req_tag']; ?>" />
<input type="hidden" id="bookmarkFilterTag" value="<?php p($_['req_tag']); ?>" />
<label><?php echo $l->t('Related Tags'); ?></label>
<label><?php p($l->t('Related Tags')); ?></label>
<ul class="tag_list">
</ul>
<div id="bookmark_settings" class="">
<ul class="controls">
<li id="settingsbtn" title="<?php echo $l->t('Settings'); ?>">
<img class="svg" src="<?php echo OCP\Util::imagePath('core', 'actions/settings.png'); ?>"
alt="<?php echo $l->t('Settings'); ?>" />
<li id="settingsbtn" title="<?php p($l->t('Settings')); ?>">
<img class="svg" src="<?php print_unescaped(OCP\Util::imagePath('core', 'actions/settings.png')); ?>"
alt="<?php p($l->t('Settings')); ?>" />
</li>
</ul>
<div id="bm_setting_panel">
@ -51,16 +51,16 @@ function bookmarklet(){
<div id="distance"></div>
<div id="firstrun_message">
<?php
echo $l->t('You have no bookmarks');
p($l->t('You have no bookmarks'));
$embedded = true;
echo bookmarklet();?><br/><br />
print_unescaped(bookmarklet());?><br/><br />
<small><a href="#" id="firstrun_setting"><?php echo $l->t('You can also try to import a bookmark file');?></a></small>
<small><a href="#" id="firstrun_setting"><?php p($l->t('You can also try to import a bookmark file'));?></a></small>
</div>
</div>
<div class="bookmarks_list"></div>
</div>
<script type="text/javascript" src="<?php echo OC_Helper::linkTo('bookmarks/js', 'full_tags.php');?>"></script>
<script type="text/javascript" src="<?php print_unescaped(OC_Helper::linkTo('bookmarks/js', 'full_tags.php'));?>"></script>
<?php require 'js_tpl.php';?>

View File

@ -8,22 +8,22 @@
?>
<fieldset class="personalblock">
<legend><strong><?php echo $l->t('Bookmarklet');?></strong></legend>
<?php echo bookmarklet();?><br />
<legend><strong><?php p($l->t('Bookmarklet'));?></strong></legend>
<?php print_unescaped(bookmarklet());?><br />
</fieldset>
<form id="import_bookmark" action="<?php echo OCP\Util::linkTo( "bookmarks", "ajax/import.php" );?>"
<form id="import_bookmark" action="<?php print_unescaped(OCP\Util::linkTo( "bookmarks", "ajax/import.php" ));?>"
method="post" enctype="multipart/form-data">
<fieldset class="personalblock">
<?php if(isset($_['error'])): ?>
<h3><?php echo $_['error']['error']; ?></h3>
<p><?php echo $_['error']['hint']; ?></p>
<h3><?php p($_['error']['error']); ?></h3>
<p><?php p($_['error']['hint']); ?></p>
<?php endif; ?>
<legend><strong><?php echo $l->t('Export & Import');?></strong></legend>
<input type="button" id="bm_export" href="<?php echo OCP\Util::linkTo('bookmarks', 'export.php') ;?>" value="<?php echo $l->t('Export'); ?>" />
<legend><strong><?php p($l->t('Export & Import'));?></strong></legend>
<input type="button" id="bm_export" href="<?php print_unescaped(OCP\Util::linkTo('bookmarks', 'export.php')) ;?>" value="<?php p($l->t('Export')); ?>" />
<input type="file" id="bm_import" name="bm_import" size="5">
<button type="button" name="bm_import_btn" id="bm_import_submit"><?php echo $l->t('Import'); ?></button>
<button type="button" name="bm_import_btn" id="bm_import_submit"><?php p($l->t('Import')); ?></button>
<div id="upload"></div>