Use strip_html to clean entries for display in all forms

This commit is contained in:
Miles Lott 2001-04-04 01:59:24 +00:00
parent ef89f83d82
commit d4d317c6df

View File

@ -138,60 +138,90 @@
} }
} }
function addressbook_read_entries($start,$offset,$qcols,$query,$qfilter,$sort,$order,$userid="") { function addressbook_strip_html($dirty=array())
{
global $phpgw;
for($i=0;$i<count($dirty);$i++)
{
while (list($name,$value) = each($dirty[$i])) {
$cleaned[$i][$name] = $phpgw->strip_html($dirty[$i][$name]);
}
}
return $cleaned;
}
function addressbook_read_entries($start,$offset,$qcols,$query,$qfilter,$sort,$order,$userid="")
{
global $this,$rights; global $this,$rights;
$readrights = $rights & PHPGW_ACL_READ; $readrights = $rights & PHPGW_ACL_READ;
$entries = $this->read($start,$offset,$qcols,$query,$qfilter,$sort,$order,$readrights); $entries = $this->read($start,$offset,$qcols,$query,$qfilter,$sort,$order,$readrights);
return $entries; $cleaned = addressbook_strip_html($entries);
return $cleaned;
} }
function addressbook_read_entry($id,$fields,$userid="") { function addressbook_read_entry($id,$fields,$userid="")
{
global $this,$rights; global $this,$rights;
if ($rights & PHPGW_ACL_READ) { if ($rights & PHPGW_ACL_READ)
{
$entry = $this->read_single_entry($id,$fields); $entry = $this->read_single_entry($id,$fields);
return $entry; $cleaned = addressbook_strip_html($entry);
} else { return $cleaned;
}
else
{
$rtrn = array("No access" => "No access"); $rtrn = array("No access" => "No access");
return $rtrn; return $rtrn;
} }
} }
function addressbook_read_last_entry($fields) { function addressbook_read_last_entry($fields)
{
global $this,$rights; global $this,$rights;
if ($rights & PHPGW_ACL_READ) { if ($rights & PHPGW_ACL_READ)
{
$entry = $this->read_last_entry($fields); $entry = $this->read_last_entry($fields);
return $entry; $cleaned = addressbook_strip_html($entry);
} else { return $cleaned;
}
else
{
$rtrn = array("No access" => "No access"); $rtrn = array("No access" => "No access");
return $rtrn; return $rtrn;
} }
} }
function addressbook_add_entry($userid,$fields,$access='',$cat_id='',$tid='n') { function addressbook_add_entry($userid,$fields,$access='',$cat_id='',$tid='n')
{
global $this,$rights; global $this,$rights;
if ($rights & PHPGW_ACL_ADD) { if ($rights & PHPGW_ACL_ADD)
{
$this->add($userid,$fields,$access,$cat_id,$tid); $this->add($userid,$fields,$access,$cat_id,$tid);
} }
return; return;
} }
function addressbook_get_lastid() { function addressbook_get_lastid()
{
global $this; global $this;
$entry = $this->read_last_entry(); $entry = $this->read_last_entry();
$ab_id = $entry[0]["id"]; $ab_id = $entry[0]["id"];
return $ab_id; return $ab_id;
} }
function addressbook_update_entry($id,$userid,$fields,$access,$cat_id) { function addressbook_update_entry($id,$userid,$fields,$access,$cat_id)
{
global $this,$rights; global $this,$rights;
if ($rights & PHPGW_ACL_EDIT) { if ($rights & PHPGW_ACL_EDIT)
{
$this->update($id,$userid,$fields,$access,$cat_id); $this->update($id,$userid,$fields,$access,$cat_id);
} }
return; return;
} }
// Folowing used for add/edit // Folowing used for add/edit
function addressbook_form($format,$action,$title="",$fields="",$customfields="",$cat_id="") { function addressbook_form($format,$action,$title="",$fields="",$customfields="",$cat_id="")
{
global $phpgw, $phpgw_info; global $phpgw, $phpgw_info;
$t = new Template($phpgw->common->get_tpl_dir("addressbook")); $t = new Template($phpgw->common->get_tpl_dir("addressbook"));
@ -527,7 +557,8 @@
$t->pparse("out","form"); $t->pparse("out","form");
} //end form function } //end form function
function parsevcard($filename,$access='') { function parsevcard($filename,$access='')
{
global $phpgw; global $phpgw;
global $phpgw_info; global $phpgw_info;