forked from extern/egroupware
fixed problems reported by LFRZ
This commit is contained in:
parent
3557cd4ac8
commit
5a6221ee63
@ -199,7 +199,7 @@ class calendar_ui
|
|||||||
}
|
}
|
||||||
if (count($no_access))
|
if (count($no_access))
|
||||||
{
|
{
|
||||||
$msg = '<p class="message" align="center">'.lang('Access denied to the calendar of %1 !!!',implode(', ',$no_access))."</p>\n";
|
$msg = '<p class="message" align="center">'.htmlspecialchars(lang('Access denied to the calendar of %1 !!!',implode(', ',$no_access)))."</p>\n";
|
||||||
|
|
||||||
if ($GLOBALS['egw_info']['flags']['currentapp'] == 'home')
|
if ($GLOBALS['egw_info']['flags']['currentapp'] == 'home')
|
||||||
{
|
{
|
||||||
@ -239,7 +239,7 @@ class calendar_ui
|
|||||||
|
|
||||||
common::egw_header();
|
common::egw_header();
|
||||||
|
|
||||||
if ($this->bo->warnings) echo '<p class="message" align="center">'.implode('<br />',$this->bo->warnings)."</p>\n";
|
if ($this->bo->warnings) echo '<pre class="message" align="center">'.html::htmlspecialchars(implode("\n",$this->bo->warnings))."</pre>\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1423,7 +1423,8 @@ class etemplate extends boetemplate
|
|||||||
if ($multiple)
|
if ($multiple)
|
||||||
{
|
{
|
||||||
// add the set_val to the id to make it unique
|
// add the set_val to the id to make it unique
|
||||||
$options = str_replace('id="'.$form_name,'id="'.substr($form_name,0,-2)."[$set_val]",$options);
|
$options = str_replace('id="'.self::get_id($form_name).'"',
|
||||||
|
'id="'.self::get_id(substr($form_name,0,-2)."[$set_val]"), $options);
|
||||||
}
|
}
|
||||||
$html .= html::input($form_name,$set_val,'checkbox',$options);
|
$html .= html::input($form_name,$set_val,'checkbox',$options);
|
||||||
|
|
||||||
@ -1450,7 +1451,8 @@ class etemplate extends boetemplate
|
|||||||
$options .= ' checked="checked"';
|
$options .= ' checked="checked"';
|
||||||
}
|
}
|
||||||
// add the set_val to the id to make it unique
|
// add the set_val to the id to make it unique
|
||||||
$options = str_replace('id="'.$form_name,'id="'.$form_name."[$set_val]",$options);
|
$options = str_replace('id="'.self::get_id($form_name).'"',
|
||||||
|
'id="'.self::get_id(substr($form_name,0,-2)."[$set_val]"), $options);
|
||||||
|
|
||||||
if ($readonly)
|
if ($readonly)
|
||||||
{
|
{
|
||||||
@ -1502,7 +1504,7 @@ class etemplate extends boetemplate
|
|||||||
{
|
{
|
||||||
if (!empty($img))
|
if (!empty($img))
|
||||||
{
|
{
|
||||||
$options .= ' title="'.$title.'"';
|
$options .= ' title="'.html::htmlspecialchars($title).'"';
|
||||||
}
|
}
|
||||||
if ($cell['onchange'] && $cell['onchange'] != 1)
|
if ($cell['onchange'] && $cell['onchange'] != 1)
|
||||||
{
|
{
|
||||||
@ -1990,7 +1992,7 @@ class etemplate extends boetemplate
|
|||||||
// if necessary show validation-error behind field
|
// if necessary show validation-error behind field
|
||||||
if (isset(self::$validation_errors[$form_name]))
|
if (isset(self::$validation_errors[$form_name]))
|
||||||
{
|
{
|
||||||
$html .= ' <span style="color: red; white-space: nowrap;">'.self::$validation_errors[$form_name].'</span>';
|
$html .= ' <span style="color: red; white-space: nowrap;">'.htmlspecialchars(self::$validation_errors[$form_name]).'</span>';
|
||||||
}
|
}
|
||||||
// generate an extra div, if we have an onclick handler and NO children or it's an extension
|
// generate an extra div, if we have an onclick handler and NO children or it's an extension
|
||||||
//echo "<p>$this->name($this->onclick_handler:$this->no_onclick:$this->onclick_proxy): $cell[type]/$cell[name]</p>\n";
|
//echo "<p>$this->name($this->onclick_handler:$this->no_onclick:$this->onclick_proxy): $cell[type]/$cell[name]</p>\n";
|
||||||
@ -2036,7 +2038,7 @@ class etemplate extends boetemplate
|
|||||||
$id = $form_name;
|
$id = $form_name;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return !empty($id) ? ' id="'.str_replace('"','"',$id).'"' : '';
|
return !empty($id) ? ' id="'.htmlspecialchars($id).'"' : '';
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -54,22 +54,24 @@ class about
|
|||||||
$nonavbar = false;
|
$nonavbar = false;
|
||||||
|
|
||||||
// application detail?
|
// application detail?
|
||||||
if (isset($_GET['app']) && $_GET['app'] != 'eGroupWare') {
|
if (isset($_GET['app']) && $_GET['app'] != 'eGroupWare' &&
|
||||||
$name = basename($_GET['app']);
|
($name = basename($_GET['app'])) &&
|
||||||
|
isset($GLOBALS['egw_info']['apps'][$name])) {
|
||||||
$type = 'application';
|
$type = 'application';
|
||||||
$detail = true;
|
$detail = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// template detail?
|
// template detail?
|
||||||
if (isset($_GET['template']) && $_GET['template'] != 'eGroupWare') {
|
if (isset($_GET['template']) && $_GET['template'] != 'eGroupWare' &&
|
||||||
$name = basename($_GET['template']);
|
($name = basename($_GET['template'])) &&
|
||||||
|
(is_dir(EGW_SERVER_ROOT.'/phpgwapi/templates/'.$name) || is_dir(EGW_SERVER_ROOT.'/'.$name))) {
|
||||||
$type = 'template';
|
$type = 'template';
|
||||||
$detail = true;
|
$detail = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// navbar or not
|
// navbar or not
|
||||||
if (isset($_GET['nonavbar'])) {
|
if (isset($_GET['nonavbar'])) {
|
||||||
$nonavbar = $_GET['nonavbar'];
|
$nonavbar = (boolean)$_GET['nonavbar'];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -185,7 +187,7 @@ from community developers.</p>
|
|||||||
*
|
*
|
||||||
* @param string $name application/template name
|
* @param string $name application/template name
|
||||||
* @param string $type can be 'application' or 'template' :default $type='application'
|
* @param string $type can be 'application' or 'template' :default $type='application'
|
||||||
* @param string $nonavbar don't show navbar :default $nonavbar=false
|
* @param boolean $nonavbar don't show navbar :default $nonavbar=false
|
||||||
* @return nothing
|
* @return nothing
|
||||||
*
|
*
|
||||||
* @access private
|
* @access private
|
||||||
|
Loading…
Reference in New Issue
Block a user