Making us less dependant on javascript trust

[quix0rs-gnu-social.git] / lib / action.php

diff --git a/lib/action.php b/lib/action.php
index b26df171bc94edd8efee51af455e082c413b3b85..74ced563fbbbc46e3951dc9dfc5431db7ac38f89 100644 (file)
--- a/lib/action.php
+++ b/lib/action.php
@@ -370,21 +370,12 @@ class Action extends HTMLOutputter // lawsuit
     {
         if (Event::handle('StartShowScripts', array($this))) {
             if (Event::handle('StartShowJQueryScripts', array($this))) {
-                if (common_config('site', 'minify')) {
-                    $this->script('extlib/jquery.min.js');
-                    $this->script('extlib/jquery.form.min.js');
-                    $this->script('extlib/jquery-ui/jquery-ui.min.js');
-                    $this->script('extlib/jquery.cookie.min.js');
-                    $this->inlineScript('if (typeof window.JSON !== "object") { $.getScript("'.common_path('js/extlib/json2.min.js', StatusNet::isHTTPS()).'"); }');
-                    $this->script('extlib/jquery.infieldlabel.min.js');
-                } else {
-                    $this->script('extlib/jquery.js');
-                    $this->script('extlib/jquery.form.js');
-                    $this->script('extlib/jquery-ui/jquery-ui.js');
-                    $this->script('extlib/jquery.cookie.js');
-                    $this->inlineScript('if (typeof window.JSON !== "object") { $.getScript("'.common_path('js/extlib/json2.js', StatusNet::isHTTPS()).'"); }');
-                    $this->script('extlib/jquery.infieldlabel.js');
-                }
+                $this->script('extlib/jquery.js');
+                $this->script('extlib/jquery.form.js');
+                $this->script('extlib/jquery-ui/jquery-ui.js');
+                $this->script('extlib/jquery.cookie.js');
+                $this->inlineScript('if (typeof window.JSON !== "object") { $.getScript("'.common_path('js/extlib/json2.js', StatusNet::isHTTPS()).'"); }');
+                $this->script('extlib/jquery.infieldlabel.js');
 
                 Event::handle('EndShowJQueryScripts', array($this));
             }
@@ -690,7 +681,8 @@ class Action extends HTMLOutputter // lawsuit
     function showNoticeForm()
     {
         // TRANS: Tab on the notice form.
-        $tabs = array('status' => _m('TAB','Status'));
+        $tabs = array('status' => array('title' => _m('TAB','Status'),
+                                        'href'  => common_local_url('newnotice')));
 
         $this->elementStart('div', 'input_forms');
 
@@ -698,7 +690,8 @@ class Action extends HTMLOutputter // lawsuit
             $this->elementStart('ul', array('class' => 'nav',
                                             'id' => 'input_form_nav'));
 
-            foreach ($tabs as $tag => $title) {
+            foreach ($tabs as $tag => $data) {
+                $tag = htmlspecialchars($tag);
                 $attrs = array('id' => 'input_form_nav_'.$tag,
                                'class' => 'input_form_nav_tab');
 
@@ -711,8 +704,9 @@ class Action extends HTMLOutputter // lawsuit
                 $this->elementStart('li', $attrs);
 
                 $this->element('a',
-                               array('href' => 'javascript:SN.U.switchInputFormTab("'.$tag.'")'),
-                               $title);
+                               array('onclick' => 'return SN.U.switchInputFormTab("'.$tag.'");',
+                                     'href' => $data['href']),
+                               $data['title']);
                 $this->elementEnd('li');
             }
 
@@ -725,7 +719,7 @@ class Action extends HTMLOutputter // lawsuit
             $form->show();
             $this->elementEnd('div');
 
-            foreach ($tabs as $tag => $title) {
+            foreach ($tabs as $tag => $data) {
                 $attrs = array('class' => 'input_form',
                                'id' => 'input_form_'.$tag);