falso
/
oddluck-limnoria-plugins
mirror of https://github.com/oddluck/limnoria-plugins.git
1
0
Fork 0
Code Issues Releases Wiki Activity

escaping html entities

This commit is contained in:
rootcoma 2013-12-09 10:54:20 -08:00
parent aefc0be7f5
commit 7b2a8a83ce
7 changed files with 21 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
php/views/header.html.php
View File

@ -32,7 +32,7 @@
$user = $container->login->getUser();
echo '<p class="navbar-text pull-right">
Logged in as ';
echo $user->getUsername();
echo htmlspecialchars($user->getUsername());
echo ' (<a class="navbar-link" href="' . $container->router->generate('logout') . '">logout</a>)';
echo '</p>';
}

6
php/views/home.html.php
View File

@ -24,8 +24,8 @@
foreach($values['resultQuestions'] as $res) {
echo '<tr>';
echo '<td>' . $res['round_num'] . '</td>';
echo '<td>' . $res['channel'] . '</td>';
echo '<td class="breakable">' . $res['question'] . '</td>';
echo '<td>' . htmlspecialchars($res['channel']) . '</td>';
echo '<td class="breakable">' . htmlspecialchars($res['question']) . '</td>';
echo '<td class="hidden-phone">' . $res['line_num'] . '</td>';
echo '</tr>';
}
@ -54,7 +54,7 @@
foreach($values['resultActivities'] as $res) {
echo '<tr>';
echo '<td>' . date('Y/m/d h:i:s A',$res['timestamp']) . '</td>';
echo '<td>' . $res['activity'] . '</td>';
echo '<td>' . htmlspecialchars($res['activity']) . '</td>';
echo '</tr>';
}
?>

2
php/views/profile.html.php
View File

@ -3,7 +3,7 @@ $userProfile = $values['userProfile'];
?>
<div class="row profile-header">
<div class="span12">
<h1><?php echo $userProfile['usrname']; ?></h1>
<h1><?php echo htmlspecialchars($userProfile['usrname']); ?></h1>
<p>Profile and stats.</p>
</div>
</div>

20
php/views/reports.html.php
View File

@ -44,7 +44,7 @@ if($login->isLoggedIn()) {
foreach($values['reportResult'] as $res) {
echo '<tr>';
echo '<td>' . $res['id'] . '</td>';
echo '<td class="hidden-phone">' . $res['username'] . '</td>';
echo '<td class="hidden-phone">' . htmlspecialchars($res['username']) . '</td>';
echo '<td class="hidden-phone">' . $res['question_num'] . '</td>';
echo '<td class="breakable">' . $res['original'] . '</td>';
echo '<td class="breakable">' . $res['report_text'] . '</td>';
@ -91,8 +91,8 @@ if($login->isLoggedIn()) {
<?php
foreach($values['editResult'] as $res) {
$isItalic = false;
$splitNew = explode('*', $res['question']);
$splitOld = explode('*', $res['original']);
$splitNew = explode('*', htmlspecialchars($res['question']));
$splitOld = explode('*', htmlspecialchars($res['original']));
$differenceString = '';
for($y=0;$y<sizeof($splitNew);$y++){
@ -133,9 +133,9 @@ if($login->isLoggedIn()) {
echo '<tr>';
echo '<td>' . $res['id'] . '</td>';
echo '<td class="hidden-phone">' . $res['username'] . '</td>';
echo '<td class="hidden-phone">' . htmlspecialchars($res['username']) . '</td>';
echo '<td class="breakable">' . $differenceString . '</td>';
echo '<td class="breakable">' . $res['original'] . '</td>';
echo '<td class="breakable">' . htmlspecialchars($res['original']) . '</td>';
echo '<td class="hidden-phone">' . $res['question_id'] . '</td>';
if($isMod) {
echo '<td><a href="' . $container->router->generate('accept-edit', array("id"=>$res['id'])) . '" class="btn btn-mini"><i class="icon-ok"></i></a> <a href="' . $container->router->generate('remove-edit', array("id"=>$res['id'])) . '" class="btn btn-mini"><i class="icon-ban-circle"></i></a></td>';
@ -178,8 +178,8 @@ if($login->isLoggedIn()) {
foreach($values['newResult'] as $res) {
echo '<tr>';
echo '<td>' . $res['id'] . '</td>';
echo '<td>' . $res['username'] . '</td>';
echo '<td class="breakable">' . $res['question'] . '</td>';
echo '<td>' . htmlspecialchars($res['username']) . '</td>';
echo '<td class="breakable">' . htmlspecialchars($res['question']) . '</td>';
if($isMod) {
echo '<td><a href="' . $container->router->generate('accept-new', array("id"=>$res['id'])) . '" class="btn btn-mini"><i class="icon-ok"></i></a> <a href="' . $container->router->generate('remove-new', array("id"=>$res['id'])) . '" class="btn btn-mini"><i class="icon-ban-circle"></i></a></td>';
}
@ -223,10 +223,10 @@ if($login->isLoggedIn()) {
foreach($values['deleteResult'] as $res) {
echo '<tr>';
echo '<td>' . $res['id'] . '</td>';
echo '<td class="hidden-phone">' . $res['username'] . '</td>';
echo '<td class="breakable">' . $res['question'] . '</td>';
echo '<td class="hidden-phone">' . htmlspecialchars($res['username']) . '</td>';
echo '<td class="breakable">' . htmlspecialchars($res['question']) . '</td>';
echo '<td class="hidden-phone">' . $res['line_num'] . '</td>';
echo '<td class="breakable">' . $res['reason'] . '</td>';
echo '<td class="breakable">' . htmlspecialchars($res['reason']) . '</td>';
if($isMod) {
echo '<td><a href="' . $container->router->generate('accept-delete', array("id"=>$res['id'])) . '" class="btn btn-mini"><i class="icon-ok"></i></a> <a href="' . $container->router->generate('remove-delete', array("id"=>$res['id'])) . '" class="btn btn-mini"><i class="icon-ban-circle"></i></a></td>';
}

8
php/views/stats.html.php
View File

@ -24,7 +24,7 @@
foreach($values['dayResult'] as $key=>$res) {
echo '<tr>';
echo '<td>' . ($key+1) . '</td>';
echo '<td><a href="' . $container->router->generate('profile', array("username"=>$res['username'])) . '">' . $res['username'] . '</a></td>';
echo '<td><a href="' . $container->router->generate('profile', array("username"=>$res['username'])) . '">' . htmlspecialchars($res['username']) . '</a></td>';
echo '<td>' . number_format($res['points'],0) . '</td>';
echo '</tr>';
}
@ -54,7 +54,7 @@
foreach($values['weekResult'] as $key=>$res) {
echo '<tr>';
echo '<td>' . ($key+1) . '</td>';
echo '<td><a href="' . $container->router->generate('profile', array("username"=>$res['username'])) . '">' . $res['username'] . '</a></td>';
echo '<td><a href="' . $container->router->generate('profile', array("username"=>$res['username'])) . '">' . htmlspecialchars($res['username']) . '</a></td>';
echo '<td>' . number_format($res['points'],0) . '</td>';
echo '</tr>';
}
@ -85,7 +85,7 @@
foreach($values['monthResult'] as $key=>$res) {
echo '<tr>';
echo '<td>' . ($key+1) . '</td>';
echo '<td><a href="' . $container->router->generate('profile', array("username"=>$res['username'])) . '">' . $res['username'] . '</a></td>';
echo '<td><a href="' . $container->router->generate('profile', array("username"=>$res['username'])) . '">' . htmlspecialchars($res['username']) . '</a></td>';
echo '<td>' . number_format($res['points'],0) . '</td>';
echo '</tr>';
}
@ -114,7 +114,7 @@
foreach($values['yearResult'] as $key=>$res) {
echo '<tr>';
echo '<td>' . ($key+1) . '</td>';
echo '<td><a href="' . $container->router->generate('profile', array("username"=>$res['username'])) . '">' . $res['username'] . '</a></td>';
echo '<td><a href="' . $container->router->generate('profile', array("username"=>$res['username'])) . '">' . htmlspecialchars($res['username']) . '</a></td>';
echo '<td>' . number_format($res['points'],0) . '</td>';
echo '</tr>';
}

2
php/views/top.html.php
View File

@ -34,7 +34,7 @@
foreach($values['result'] as $res) {
echo '<tr>';
echo '<td>' . $currentRank . '</td>';
echo '<td><a href="' . $container->router->generate('profile', array("username"=>$res['username'])) . '">' . $res['username'] . '</a></td>';
echo '<td><a href="' . $container->router->generate('profile', array("username"=>$res['username'])) . '">' . htmlspecialchars($res['username']) . '</a></td>';
echo '<td>' . number_format($res['points'],0) . '</td>';
echo '</tr>';
$currentRank++;

2
php/views/user.html.php
View File

@ -41,7 +41,7 @@
<?php
foreach($values['users'] as $res) {
echo '<tr>';
echo '<td><a href="' . $container->router->generate('profile', array("username"=>$res['username'])) . '">' . $res['username'] . '</a></td>';
echo '<td><a href="' . $container->router->generate('profile', array("username"=>$res['username'])) . '">' . htmlspecialchars($res['username']) . '</a></td>';
echo '<td>' . number_format($res['points'],0) . '</td>';
echo '<td>' . number_format($res['total'],0) . '</td>';
echo '</tr>';