fixed problems reported by LFRZ

This commit is contained in:
Ralf Becker 2014-07-16 12:18:04 +00:00
parent ae062b12c5
commit 9fa607c3bd
3 changed files with 17 additions and 13 deletions

View File

@ -199,7 +199,7 @@ class calendar_ui
}
if (count($no_access))
{
$msg = '<p class="message" align="center">'.lang('Access denied to the calendar of %1 !!!',implode(', ',$no_access))."</p>\n";
$msg = '<p class="message" align="center">'.htmlspecialchars(lang('Access denied to the calendar of %1 !!!',implode(', ',$no_access)))."</p>\n";
if ($GLOBALS['egw_info']['flags']['currentapp'] == 'home')
{
@ -239,7 +239,7 @@ class calendar_ui
common::egw_header();
if ($this->bo->warnings) echo '<p class="message" align="center">'.implode('<br />',$this->bo->warnings)."</p>\n";
if ($this->bo->warnings) echo '<pre class="message" align="center">'.html::htmlspecialchars(implode("\n",$this->bo->warnings))."</pre>\n";
}
/**

View File

@ -1423,7 +1423,8 @@ class etemplate extends boetemplate
if ($multiple)
{
// add the set_val to the id to make it unique
$options = str_replace('id="'.$form_name,'id="'.substr($form_name,0,-2)."[$set_val]",$options);
$options = str_replace('id="'.self::get_id($form_name).'"',
'id="'.self::get_id(substr($form_name,0,-2)."[$set_val]"), $options);
}
$html .= html::input($form_name,$set_val,'checkbox',$options);
@ -1450,7 +1451,8 @@ class etemplate extends boetemplate
$options .= ' checked="checked"';
}
// add the set_val to the id to make it unique
$options = str_replace('id="'.$form_name,'id="'.$form_name."[$set_val]",$options);
$options = str_replace('id="'.self::get_id($form_name).'"',
'id="'.self::get_id(substr($form_name,0,-2)."[$set_val]"), $options);
if ($readonly)
{
@ -1502,7 +1504,7 @@ class etemplate extends boetemplate
{
if (!empty($img))
{
$options .= ' title="'.$title.'"';
$options .= ' title="'.html::htmlspecialchars($title).'"';
}
if ($cell['onchange'] && $cell['onchange'] != 1)
{
@ -1990,7 +1992,7 @@ class etemplate extends boetemplate
// if necessary show validation-error behind field
if (isset(self::$validation_errors[$form_name]))
{
$html .= ' <span style="color: red; white-space: nowrap;">'.self::$validation_errors[$form_name].'</span>';
$html .= ' <span style="color: red; white-space: nowrap;">'.htmlspecialchars(self::$validation_errors[$form_name]).'</span>';
}
// generate an extra div, if we have an onclick handler and NO children or it's an extension
//echo "<p>$this->name($this->onclick_handler:$this->no_onclick:$this->onclick_proxy): $cell[type]/$cell[name]</p>\n";
@ -2036,7 +2038,7 @@ class etemplate extends boetemplate
$id = $form_name;
}
}
return !empty($id) ? ' id="'.str_replace('"','&quot;',$id).'"' : '';
return !empty($id) ? ' id="'.htmlspecialchars($id).'"' : '';
}
/**

View File

@ -54,22 +54,24 @@ class about
$nonavbar = false;
// application detail?
if (isset($_GET['app']) && $_GET['app'] != 'eGroupWare') {
$name = basename($_GET['app']);
if (isset($_GET['app']) && $_GET['app'] != 'eGroupWare' &&
($name = basename($_GET['app'])) &&
isset($GLOBALS['egw_info']['apps'][$name])) {
$type = 'application';
$detail = true;
}
// template detail?
if (isset($_GET['template']) && $_GET['template'] != 'eGroupWare') {
$name = basename($_GET['template']);
if (isset($_GET['template']) && $_GET['template'] != 'eGroupWare' &&
($name = basename($_GET['template'])) &&
(is_dir(EGW_SERVER_ROOT.'/phpgwapi/templates/'.$name) || is_dir(EGW_SERVER_ROOT.'/'.$name))) {
$type = 'template';
$detail = true;
}
// navbar or not
if (isset($_GET['nonavbar'])) {
$nonavbar = $_GET['nonavbar'];
$nonavbar = (boolean)$_GET['nonavbar'];
}
@ -185,7 +187,7 @@ from community developers.</p>
*
* @param string $name application/template name
* @param string $type can be 'application' or 'template' :default $type='application'
* @param string $nonavbar don't show navbar :default $nonavbar=false
* @param boolean $nonavbar don't show navbar :default $nonavbar=false
* @return nothing
*
* @access private