SlatePermutate Changeset - 8576082b065f · protofusion repositories

Changeset - 8576082b065f

Parent rev.

Child rev.

[Not reviewed]

default

0 1 0

Nathan Brink (binki) - 15 years ago 2010-10-17 08:28:48
ohnobinki@ohnopublishing.net

Use a stronger htmlentities() call to allow schedules with single quotes in the class or section names to be edited.

1 file changed with 5 insertions and 5 deletions:

input.php

0 comments (0 inline, 0 general)

input.php

➞

Show inline comments

@@ @@ -21,36 +21,36 @@ if (isset($_REQUEST['s'])) @@
 if ($sch)
+{
   $nclasses = $sch->nclasses_get();
   $my_hc = 'jQuery(document).ready(
   function()
+  {
     var class_last = 0;
 ';
   for ($class_key = 0; $class_key < $nclasses; $class_key ++)
+    {
       $class = $sch->class_get($class_key);
       $my_hc .= '    class_last = add_class_n(\'' . htmlentities($class->getName()) . "');\n";
+      $my_hc .= '    class_last = add_class_n(\'' . htmlentities($class->getName(), ENT_QUOTES) . "');\n";
       $nsections = $class->getnsections();
       for ($section_key = 0; $section_key < $nsections; $section_key ++)
+	{
 	  $section = $class->getSection($section_key);
 	  $my_hc .= '    add_section_n(class_last, \'' . htmlentities($section->getLetter()) . '\', \''
 	    . htmlentities($section->getSynonym()) . '\', \''
 	  $my_hc .= '    add_section_n(class_last, \'' . htmlentities($section->getLetter(), ENT_QUOTES) . '\', \''
 	    . htmlentities($section->getSynonym(), ENT_QUOTES) . '\', \''
 	    . $section->getStartTime() . '\', \''
 	    . $section->getEndTime() . '\', '
 	    . json_encode(array('m' => $section->getM(), 't' => $section->getTu(), 'w' => $section->getW(), 'h' => $section->getTh(), 'f' => $section->getF())) . ', \''
 	    . htmlentities($section->getProf()) . "');\n";
+	    . htmlentities($section->getProf(), ENT_QUOTES) . "');\n";
+	}
+    }
   $my_hc .= '  });
 ';
   $inputPage->headcode_add('scheduleInput', $inputPage->script_wrap($my_hc), TRUE);
+}
 else
   $inputPage->headcode_add('schduleInput', $inputPage->script_wrap('jQuery(document).ready( function() { add_class(); } );'), TRUE);
 $inputPage->head();
 /*
@@ @@ -83,25 +83,25 @@ if (!empty($_REQUEST['selectschool']) @@
 $inputPage->showSavedScheds($_SESSION);
 ?>
 <p>
   Welcome to SlatePermutate<?php $inputPage->addressStudent(', ', '',
   FALSE); ?>! To get started, enter in some of your
   classes, and add available sections for each class.
 </p>
 <form method="post" action="process.php" id="scheduleForm">
 <br />
 <label>Schedule Name</label><br />
 <input id="scheduleName" style="margin-bottom: 1em;" class="defText required" type="text" size="25" title="(e.g., Spring <?php echo Date('Y'); ?>)" name="postData[name]"
 <?php if ($sch) echo 'value="' . htmlentities($sch->getName()) . '"'; /*"*/ ?>
+<?php if ($sch) echo 'value="' . htmlentities($sch->getName(), ENT_QUOTES) . '"'; /*"*/ ?>
 />
 <table id="container">
   <tr><td>
     <table id="jsrows">
 	<!-- Header -->
 	<tr>
 		<td>Class</td>
 		<td class="center" id="letterNumber">Section</td>
 		<td class="center">Start Time</td>
 		<td class="center">End Time</td>
 		<td class="center">M</td>

0 comments (0 inline, 0 general)