Changeset - 4ebd39f3f679
Parent rev.
Child rev.
[Not reviewed]
default
0 3 0
Nathan Brink (binki) - 15 years ago 2011-01-15 22:28:28
ohnobinki@ohnopublishing.net
Now all url()-style functions return actual URLs, whose return value must and now is escaped using htmlentities() when inserted into XHTML pages.
3 files changed with 14 insertions and 5 deletions:
admin.php
1
1
class.schedule.php
8
4
inc/class.page.php
5
0 comments (0 inline, 0 general)
admin.php
Show inline comments
 
@@ -164,13 +164,13 @@ require_once('inc/admin.inc');
 
      <input type="submit" value="Go &raquo;" />
 
    </form>
 
  </li>
 
</ul>
 

			




	
	
	
		
 
<h3>Purge</h3>

			




	
	
	
		
 
    <p>The highest saved_schedule id is <a href="<?php $max_saved = getMaxSaved(); echo Schedule::url($max_saved); ?>"><?php echo $max_saved;?></a>.</p>

			




	
	
	
		
 
    <p>The highest saved_schedule id is <a href="<?php $max_saved = getMaxSaved(); echo htmlentities(Schedule::url($max_saved)); ?>"><?php echo $max_saved;?></a>.</p>

			




	
	
	
		
 
<ul>

			




	
	
	
		
 
  <li><a href="admin.php?purge">Purge Entire Cache</a></li>

			




	
	
	
		
 
  <li>

			




	
	
	
		
 
    <form action="admin.php">Purge cache up to 

			




	
	
	
		
 
      <input type="text" name="purgetodate" size="8" id="datepicker"/>

			




	
	
	
		
 
      <input type="submit" value="Go &raquo;" />

			




        

    


    
    

    

        

                

                    class.schedule.php
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -282,13 +282,13 @@ class Schedule

			




	
	
	
		
 
	        jQuery(\'#cancelItems\').click( function() {

			




	
	
	
		
 
		  jQuery(\'#selectItemsInput\').hide();

			




	
	
	
		
 
	        });';

			




	
	
	
		
 
      echo '  });

			




	
	
	
		
 
            </script>';

			




	
	
	
		
 

			




	
	
	
		
 
      echo '<div id="sharedialog" title="Share Schedule"><p>You can share your schedule with the URL below:</p><p>'.$outputPage->gen_share_url($this->id_get()).'</p></div>';

			




	
	
	
		
 
      echo '<div id="sharedialog" title="Share Schedule"><p>You can share your schedule with the URL below:</p><p>' . htmlentities($outputPage->gen_share_url($this->id_get())) . '</p></div>';

			




	
	
	
		
 
      echo '<p><span id="printItems"><a href="#">Print</a></span> :: <span id="share"><a href="#">Share</a></span> :: <a href="input.php">Home</a></p>';

			




	
	
	
		
 
      echo '<p class="centeredtext">Having problems? <a href="feedback.php">Let us know</a>.</p>';

			




	
	
	
		
 
      echo '<p class="centeredtext graytext"><em>Keyboard Shortcut: Left and right arrow keys switch between schedules</em></p>';

			




	
	
	
		
 
    }		

			




	
	
	
		
 

			




	
	
	
		
 
    echo "\n";

			




	
	
		
 
@@ -316,17 +316,17 @@ class Schedule

			




	
	
	
		
 
			

			




	
	
	
		
 
	echo "    </ul></div>\n  \n";

			




	
	
	
		
 

			




	
	
	
		
 
	echo "    <div id=\"pagers\">\n";

			




	
	
	
		
 
	/* Previous button */

			




	
	
	
		
 
	if ($page > 0)

			




	
	
	
		
 
	  echo '      <div id="pager-previous" class="pager left"><a href="' . $this->url($this->id, $page - 1) . '">&laquo; Previous</a></div>' . "\n";

			




	
	
	
		
 
	  echo '      <div id="pager-previous" class="pager left"><a href="' . htmlentities($this->url($this->id, $page - 1)) . '">&laquo; Previous</a></div>' . "\n";

			




	
	
	
		
 

			




	
	
	
		
 
	/* Next button */

			




	
	
	
		
 
	if ($page + 1 < $npages)

			




	
	
	
		
 
	  echo '      <div id="pager-next" class="pager right"><a href="' . $this->url($this->id, $page + 1) . '">Next &raquo;</a></div>' . "\n";

			




	
	
	
		
 
	  echo '      <div id="pager-next" class="pager right"><a href="' . htmlentities($this->url($this->id, $page + 1)) . '">Next &raquo;</a></div>' . "\n";

			




	
	
	
		
 
	echo "    </div> <!-- id=\"pagers\" -->\n";

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
	echo "  <div class=\"scroller\">\n"

			




	
	
	
		
 
	  . "    <div class=\"scontent\">\n";

			




	
	
	
		
 
		

			




	
	
		
 
@@ -518,12 +518,16 @@ class Schedule

			




	
	
	
		
 
   * Takes into account the $clean_urls setting.

			




	
	
	
		
 
   *

			




	
	
	
		
 
   * \param $id

			




	
	
	
		
 
   *   The ID of the schedule to link to. Defaults to the current schedule object.

			




	
	
	
		
 
   * \param $page

			




	
	
	
		
 
   *   The page of the schedule to link to. Defaults to 0.

			




	
	
	
		
 
   * \return

			




	
	
	
		
 
   *   A string, the URL used to access this schedule. Remember that

			




	
	
	
		
 
   *   if this string is inserted into an XHTML document,

			




	
	
	
		
 
   *   htmlentities() must be called on it.

			




	
	
	
		
 
   */

			




	
	
	
		
 
  function url($id = NULL, $page = 0)

			




	
	
	
		
 
  {

			




	
	
	
		
 
    global $clean_urls;

			




	
	
	
		
 

			




	
	
	
		
 
    $url = '';

			




	
	
		
 
@@ -536,13 +540,13 @@ class Schedule

			




	
	
	
		
 
    if ($clean_urls)

			




	
	
	
		
 
      $url .= '?';

			




	
	
	
		
 
    else

			




	
	
	
		
 
      $url .= '&';

			




	
	
	
		
 

			




	
	
	
		
 
    if ($page)

			




	
	
	
		
 
      $url .= 'page=' . (int)$page . '&amp;';

			




	
	
	
		
 
      $url .= 'page=' . (int)$page . '&';

			




	
	
	
		
 

			




	
	
	
		
 
    return $url;

			




	
	
	
		
 
  }

			




	
	
	
		
 

			




	
	
	
		
 
  /**

			




	
	
	
		
 
   * \brief

			




        

    


    
    

    

        

                

                    inc/class.page.php
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -487,12 +487,17 @@ class page

			




	
	
	
		
 
    }

			




	
	
	
		
 
  }

			




	
	
	
		
 

			




	
	
	
		
 
  /**

			




	
	
	
		
 
   * \brief

			




	
	
	
		
 
   *   Generate a URL to a given schedule.

			




	
	
	
		
 
   *

			




	
	
	
		
 
   * \return

			




	
	
	
		
 
   *   The URL used to access the schedule. You must call

			




	
	
	
		
 
   *   htmlentities() on this string if it is to be inserted into an

			




	
	
	
		
 
   *   XHTML document.

			




	
	
	
		
 
   */

			




	
	
	
		
 
  public function gen_share_url($id)

			




	
	
	
		
 
  {

			




	
	
	
		
 
    global $clean_urls, $short_url_base;

			




	
	
	
		
 

			




	
	
	
		
 
    if ($clean_urls && isset($short_url_base))

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: zserverv-307515
    
    
        This site is powered by
            Kallithea,
        which is
        © 2010–2021 by various authors & licensed under GPLv3.
            – Support