extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-26 16:48:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

always use the charset param for htmlspecialchars (via html::htmlspecialchars)

Browse Source
This commit is contained in:
Ralf Becker 2004-08-02 07:24:44 +00:00
parent a4ad3b46c0
commit 00d45abcfe
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
etemplate/inc/class.uietemplate.inc.php
View File

@ -558,8 +558,8 @@
{ {
$value = $blur; $value = $blur;
} }
$onFocus .= "if(this.value=='".addslashes(htmlspecialchars($blur))."') this.value='';"; $onFocus .= "if(this.value=='".addslashes($this->html->htmlspecialchars($blur))."') this.value='';";
$onBlur .= "if(this.value=='') this.value='".addslashes(htmlspecialchars($blur))."';"; $onBlur .= "if(this.value=='') this.value='".addslashes($this->html->htmlspecialchars($blur))."';";
} }
if ($help) if ($help)
{ {
@ -567,11 +567,11 @@
{ {
$help = lang($help); $help = lang($help);
} }
$onFocus .= "self.status='".addslashes(htmlspecialchars($help))."'; return true;"; $onFocus .= "self.status='".addslashes($this->html->htmlspecialchars($help))."'; return true;";
$onBlur .= "self.status=''; return true;"; $onBlur .= "self.status=''; return true;";
if ($cell['type'] == 'button' || $cell['type'] == 'file') // for button additionally when mouse over button if ($cell['type'] == 'button' || $cell['type'] == 'file') // for button additionally when mouse over button
{ {
$options .= " onMouseOver=\"self.status='".addslashes(htmlspecialchars($help))."'; return true;\""; $options .= " onMouseOver=\"self.status='".addslashes($this->html->htmlspecialchars($help))."'; return true;\"";
$options .= " onMouseOut=\"self.status=''; return true;\""; $options .= " onMouseOut=\"self.status=''; return true;\"";
} }
} }
@ -596,7 +596,7 @@
break; break;
list($style,$extra_link,$activate_links) = explode(',',$cell_options); list($style,$extra_link,$activate_links) = explode(',',$cell_options);
$value = strlen($value) > 1 && !$cell['no_lang'] ? lang($value) : $value; $value = strlen($value) > 1 && !$cell['no_lang'] ? lang($value) : $value;
$value = nl2br(htmlspecialchars($value)); $value = nl2br($this->html->htmlspecialchars($value));
if ($activate_links) $value = $this->html->activate_links($value); if ($activate_links) $value = $this->html->activate_links($value);
if ($value != '' && strstr($style,'b')) $value = $this->html->bold($value); if ($value != '' && strstr($style,'b')) $value = $this->html->bold($value);
if ($value != '' && strstr($style,'i')) $value = $this->html->italic($value); if ($value != '' && strstr($style,'i')) $value = $this->html->italic($value);
@ -618,7 +618,7 @@
case 'text': // size: [length][,maxLength[,preg]] case 'text': // size: [length][,maxLength[,preg]]
if ($readonly) if ($readonly)
{ {
$html .= $this->html->bold(htmlspecialchars($value)); $html .= $this->html->bold($this->html->htmlspecialchars($value));
} }
else else
{ {