mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-18 04:31:06 +01:00
fixed problems reported by LFRZ
This commit is contained in:
parent
3557cd4ac8
commit
5a6221ee63
@ -199,7 +199,7 @@ class calendar_ui
|
||||
}
|
||||
if (count($no_access))
|
||||
{
|
||||
$msg = '<p class="message" align="center">'.lang('Access denied to the calendar of %1 !!!',implode(', ',$no_access))."</p>\n";
|
||||
$msg = '<p class="message" align="center">'.htmlspecialchars(lang('Access denied to the calendar of %1 !!!',implode(', ',$no_access)))."</p>\n";
|
||||
|
||||
if ($GLOBALS['egw_info']['flags']['currentapp'] == 'home')
|
||||
{
|
||||
@ -239,7 +239,7 @@ class calendar_ui
|
||||
|
||||
common::egw_header();
|
||||
|
||||
if ($this->bo->warnings) echo '<p class="message" align="center">'.implode('<br />',$this->bo->warnings)."</p>\n";
|
||||
if ($this->bo->warnings) echo '<pre class="message" align="center">'.html::htmlspecialchars(implode("\n",$this->bo->warnings))."</pre>\n";
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1423,7 +1423,8 @@ class etemplate extends boetemplate
|
||||
if ($multiple)
|
||||
{
|
||||
// add the set_val to the id to make it unique
|
||||
$options = str_replace('id="'.$form_name,'id="'.substr($form_name,0,-2)."[$set_val]",$options);
|
||||
$options = str_replace('id="'.self::get_id($form_name).'"',
|
||||
'id="'.self::get_id(substr($form_name,0,-2)."[$set_val]"), $options);
|
||||
}
|
||||
$html .= html::input($form_name,$set_val,'checkbox',$options);
|
||||
|
||||
@ -1450,7 +1451,8 @@ class etemplate extends boetemplate
|
||||
$options .= ' checked="checked"';
|
||||
}
|
||||
// add the set_val to the id to make it unique
|
||||
$options = str_replace('id="'.$form_name,'id="'.$form_name."[$set_val]",$options);
|
||||
$options = str_replace('id="'.self::get_id($form_name).'"',
|
||||
'id="'.self::get_id(substr($form_name,0,-2)."[$set_val]"), $options);
|
||||
|
||||
if ($readonly)
|
||||
{
|
||||
@ -1502,7 +1504,7 @@ class etemplate extends boetemplate
|
||||
{
|
||||
if (!empty($img))
|
||||
{
|
||||
$options .= ' title="'.$title.'"';
|
||||
$options .= ' title="'.html::htmlspecialchars($title).'"';
|
||||
}
|
||||
if ($cell['onchange'] && $cell['onchange'] != 1)
|
||||
{
|
||||
@ -1990,7 +1992,7 @@ class etemplate extends boetemplate
|
||||
// if necessary show validation-error behind field
|
||||
if (isset(self::$validation_errors[$form_name]))
|
||||
{
|
||||
$html .= ' <span style="color: red; white-space: nowrap;">'.self::$validation_errors[$form_name].'</span>';
|
||||
$html .= ' <span style="color: red; white-space: nowrap;">'.htmlspecialchars(self::$validation_errors[$form_name]).'</span>';
|
||||
}
|
||||
// generate an extra div, if we have an onclick handler and NO children or it's an extension
|
||||
//echo "<p>$this->name($this->onclick_handler:$this->no_onclick:$this->onclick_proxy): $cell[type]/$cell[name]</p>\n";
|
||||
@ -2036,7 +2038,7 @@ class etemplate extends boetemplate
|
||||
$id = $form_name;
|
||||
}
|
||||
}
|
||||
return !empty($id) ? ' id="'.str_replace('"','"',$id).'"' : '';
|
||||
return !empty($id) ? ' id="'.htmlspecialchars($id).'"' : '';
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -54,22 +54,24 @@ class about
|
||||
$nonavbar = false;
|
||||
|
||||
// application detail?
|
||||
if (isset($_GET['app']) && $_GET['app'] != 'eGroupWare') {
|
||||
$name = basename($_GET['app']);
|
||||
if (isset($_GET['app']) && $_GET['app'] != 'eGroupWare' &&
|
||||
($name = basename($_GET['app'])) &&
|
||||
isset($GLOBALS['egw_info']['apps'][$name])) {
|
||||
$type = 'application';
|
||||
$detail = true;
|
||||
}
|
||||
|
||||
// template detail?
|
||||
if (isset($_GET['template']) && $_GET['template'] != 'eGroupWare') {
|
||||
$name = basename($_GET['template']);
|
||||
if (isset($_GET['template']) && $_GET['template'] != 'eGroupWare' &&
|
||||
($name = basename($_GET['template'])) &&
|
||||
(is_dir(EGW_SERVER_ROOT.'/phpgwapi/templates/'.$name) || is_dir(EGW_SERVER_ROOT.'/'.$name))) {
|
||||
$type = 'template';
|
||||
$detail = true;
|
||||
}
|
||||
|
||||
// navbar or not
|
||||
if (isset($_GET['nonavbar'])) {
|
||||
$nonavbar = $_GET['nonavbar'];
|
||||
$nonavbar = (boolean)$_GET['nonavbar'];
|
||||
}
|
||||
|
||||
|
||||
@ -185,7 +187,7 @@ from community developers.</p>
|
||||
*
|
||||
* @param string $name application/template name
|
||||
* @param string $type can be 'application' or 'template' :default $type='application'
|
||||
* @param string $nonavbar don't show navbar :default $nonavbar=false
|
||||
* @param boolean $nonavbar don't show navbar :default $nonavbar=false
|
||||
* @return nothing
|
||||
*
|
||||
* @access private
|
||||
|
Loading…
Reference in New Issue
Block a user