extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-18 12:41:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed problems reported by LFRZ

Browse Source
This commit is contained in:
Ralf Becker 2014-07-16 12:18:43 +00:00
parent 3557cd4ac8
commit 5a6221ee63
3 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
calendar/inc/class.calendar_ui.inc.php
View File

@ -199,7 +199,7 @@ class calendar_ui
} }
if (count($no_access)) if (count($no_access))
{ {
$msg = '<p class="message" align="center">'.lang('Access denied to the calendar of %1 !!!',implode(', ',$no_access))."</p>\n"; $msg = '<p class="message" align="center">'.htmlspecialchars(lang('Access denied to the calendar of %1 !!!',implode(', ',$no_access)))."</p>\n";
if ($GLOBALS['egw_info']['flags']['currentapp'] == 'home') if ($GLOBALS['egw_info']['flags']['currentapp'] == 'home')
{ {
@ -239,7 +239,7 @@ class calendar_ui
common::egw_header(); common::egw_header();
if ($this->bo->warnings) echo '<p class="message" align="center">'.implode('<br />',$this->bo->warnings)."</p>\n"; if ($this->bo->warnings) echo '<pre class="message" align="center">'.html::htmlspecialchars(implode("\n",$this->bo->warnings))."</pre>\n";
} }
/** /**

12
etemplate/inc/class.etemplate.inc.php
View File

@ -1423,7 +1423,8 @@ class etemplate extends boetemplate
if ($multiple) if ($multiple)
{ {
// add the set_val to the id to make it unique // add the set_val to the id to make it unique
$options = str_replace('id="'.$form_name,'id="'.substr($form_name,0,-2)."[$set_val]",$options); $options = str_replace('id="'.self::get_id($form_name).'"',
'id="'.self::get_id(substr($form_name,0,-2)."[$set_val]"), $options);
} }
$html .= html::input($form_name,$set_val,'checkbox',$options); $html .= html::input($form_name,$set_val,'checkbox',$options);
@ -1450,7 +1451,8 @@ class etemplate extends boetemplate
$options .= ' checked="checked"'; $options .= ' checked="checked"';
} }
// add the set_val to the id to make it unique // add the set_val to the id to make it unique
$options = str_replace('id="'.$form_name,'id="'.$form_name."[$set_val]",$options); $options = str_replace('id="'.self::get_id($form_name).'"',
'id="'.self::get_id(substr($form_name,0,-2)."[$set_val]"), $options);
if ($readonly) if ($readonly)
{ {
@ -1502,7 +1504,7 @@ class etemplate extends boetemplate
{ {
if (!empty($img)) if (!empty($img))
{ {
$options .= ' title="'.$title.'"'; $options .= ' title="'.html::htmlspecialchars($title).'"';
} }
if ($cell['onchange'] && $cell['onchange'] != 1) if ($cell['onchange'] && $cell['onchange'] != 1)
{ {
@ -1990,7 +1992,7 @@ class etemplate extends boetemplate
// if necessary show validation-error behind field // if necessary show validation-error behind field
if (isset(self::$validation_errors[$form_name])) if (isset(self::$validation_errors[$form_name]))
{ {
$html .= ' <span style="color: red; white-space: nowrap;">'.self::$validation_errors[$form_name].'</span>'; $html .= ' <span style="color: red; white-space: nowrap;">'.htmlspecialchars(self::$validation_errors[$form_name]).'</span>';
} }
// generate an extra div, if we have an onclick handler and NO children or it's an extension // generate an extra div, if we have an onclick handler and NO children or it's an extension
//echo "<p>$this->name($this->onclick_handler:$this->no_onclick:$this->onclick_proxy): $cell[type]/$cell[name]</p>\n"; //echo "<p>$this->name($this->onclick_handler:$this->no_onclick:$this->onclick_proxy): $cell[type]/$cell[name]</p>\n";
@ -2036,7 +2038,7 @@ class etemplate extends boetemplate
$id = $form_name; $id = $form_name;
} }
} }
return !empty($id) ? ' id="'.str_replace('"','&quot;',$id).'"' : ''; return !empty($id) ? ' id="'.htmlspecialchars($id).'"' : '';
} }
/** /**

14
phpgwapi/inc/class.about.inc.php
View File

@ -54,22 +54,24 @@ class about
$nonavbar = false; $nonavbar = false;
// application detail? // application detail?
if (isset($_GET['app']) && $_GET['app'] != 'eGroupWare') { if (isset($_GET['app']) && $_GET['app'] != 'eGroupWare' &&
$name = basename($_GET['app']); ($name = basename($_GET['app'])) &&
isset($GLOBALS['egw_info']['apps'][$name])) {
$type = 'application'; $type = 'application';
$detail = true; $detail = true;
} }
// template detail? // template detail?
if (isset($_GET['template']) && $_GET['template'] != 'eGroupWare') { if (isset($_GET['template']) && $_GET['template'] != 'eGroupWare' &&
$name = basename($_GET['template']); ($name = basename($_GET['template'])) &&
(is_dir(EGW_SERVER_ROOT.'/phpgwapi/templates/'.$name) || is_dir(EGW_SERVER_ROOT.'/'.$name))) {
$type = 'template'; $type = 'template';
$detail = true; $detail = true;
} }
// navbar or not // navbar or not
if (isset($_GET['nonavbar'])) { if (isset($_GET['nonavbar'])) {
$nonavbar = $_GET['nonavbar']; $nonavbar = (boolean)$_GET['nonavbar'];
} }
@ -185,7 +187,7 @@ from community developers.</p>
* *
* @param string $name application/template name * @param string $name application/template name
* @param string $type can be 'application' or 'template' :default $type='application' * @param string $type can be 'application' or 'template' :default $type='application'
* @param string $nonavbar don't show navbar :default $nonavbar=false * @param boolean $nonavbar don't show navbar :default $nonavbar=false
* @return nothing * @return nothing
* *
* @access private * @access private