header('Content-Type: '.$type);
+ // Output anti-framing headers to prevent clickjacking (respected by newer
+ // browsers).
+ if (common_config('javascript', 'bustframes')) {
+ header('X-XSS-Protection: 1; mode=block'); // detect XSS Reflection attacks
+ header('X-Frame-Options: SAMEORIGIN'); // no rendering if origin mismatch
+ }
+
$this->extraHeaders();
if (preg_match("/.*\/.*xml/", $type)) {
// Required for XML documents
- $this->xw->startDocument('1.0', 'UTF-8');
+ $this->startXML();
}
$this->xw->writeDTD('html',
'-//W3C//DTD XHTML 1.0 Strict//EN',
$language = $this->getLanguage();
- $this->elementStart('html', array('xmlns' => 'http://www.w3.org/1999/xhtml',
- 'xml:lang' => $language,
- 'lang' => $language));
+ $attrs = array(
+ 'xmlns' => 'http://www.w3.org/1999/xhtml',
+ 'xml:lang' => $language,
+ 'lang' => $language
+ );
+
+ if (Event::handle('StartHtmlElement', array($this, &$attrs))) {
+ $this->elementStart('html', $attrs);
+ Event::handle('EndHtmlElement', array($this, &$attrs));
+ }
}
function getLanguage()
* a cluster of elements, including a <label> and an associated
* instructions span.
*
+ * If $attrs['type'] does not exist it will be set to 'text'.
+ *
* @param string $id element ID, must be unique on page
* @param string $label text of label for the element
* @param string $value value of the element, default null
* @param string $instructions instructions for valid input
+ * @param string $name name of the element; if null, the id will
+ * be used
+ * @param bool $required HTML5 required attribute (exclude when false)
+ * @param array $attrs Initial attributes manually set in an array (overwritten by previous options)
*
- * @todo add a $name parameter
* @todo add a $maxLength parameter
* @todo add a $size parameter
*
* @return void
*/
- function input($id, $label, $value=null, $instructions=null)
+ function input($id, $label, $value=null, $instructions=null, $name=null, $required=false, array $attrs=array())
{
$this->element('label', array('for' => $id), $label);
- $attrs = array('name' => $id,
- 'type' => 'text',
- 'id' => $id);
- if ($value) {
+ if (!array_key_exists('type', $attrs)) {
+ $attrs['type'] = 'text';
+ }
+ $attrs['id'] = $id;
+ $attrs['name'] = is_null($name) ? $id : $name;
+ if (!is_null($value)) { // value can be 0 or ''
$attrs['value'] = $value;
}
+ if (!empty($required)) {
+ $attrs['required'] = 'required';
+ }
$this->element('input', $attrs);
if ($instructions) {
$this->element('p', 'form_guide', $instructions);
function hidden($id, $value, $name=null)
{
- $this->element('input', array('name' => ($name) ? $name : $id,
+ $this->element('input', array('name' => $name ?: $id,
'type' => 'hidden',
'id' => $id,
'value' => $value));
* @param string $label text of the button
* @param string $cls class of the button, default 'submit'
* @param string $name name, if different than ID
+ * @param string $title title text for the submit button
*
* @return void
*
{
$this->element('input', array('type' => 'submit',
'id' => $id,
- 'name' => ($name) ? $name : $id,
+ 'name' => $name ?: $id,
'class' => $cls,
'value' => $label,
'title' => $title));
*/
function script($src, $type='text/javascript')
{
- if(Event::handle('StartScriptElement', array($this,&$src,&$type))) {
+ if (Event::handle('StartScriptElement', array($this,&$src,&$type))) {
$url = parse_url($src);
- if( empty($url['scheme']) && empty($url['host']) && empty($url['query']) && empty($url['fragment']))
- {
+ if (empty($url['scheme']) && empty($url['host']) && empty($url['query']) && empty($url['fragment'])) {
+
+ // XXX: this seems like a big assumption
+
if (strpos($src, 'plugins/') === 0 || strpos($src, 'local/') === 0) {
- $src = common_path($src) . '?version=' . STATUSNET_VERSION;
+ $src = common_path($src, StatusNet::isHTTPS()) . '?version=' . GNUSOCIAL_VERSION;
- }else{
+ } else {
- $path = common_config('javascript', 'path');
+ if (StatusNet::isHTTPS()) {
- if (empty($path)) {
- $path = common_config('site', 'path') . '/js/';
- }
+ $sslserver = common_config('javascript', 'sslserver');
- if ($path[strlen($path)-1] != '/') {
- $path .= '/';
- }
+ if (empty($sslserver)) {
+ if (is_string(common_config('site', 'sslserver')) &&
+ mb_strlen(common_config('site', 'sslserver')) > 0) {
+ $server = common_config('site', 'sslserver');
+ } else if (common_config('site', 'server')) {
+ $server = common_config('site', 'server');
+ }
+ $path = common_config('site', 'path') . '/js/';
+ } else {
+ $server = $sslserver;
+ $path = common_config('javascript', 'sslpath');
+ if (empty($path)) {
+ $path = common_config('javascript', 'path');
+ }
+ }
- if ($path[0] != '/') {
- $path = '/'.$path;
- }
+ $protocol = 'https';
- $server = common_config('javascript', 'server');
+ } else {
- if (empty($server)) {
- $server = common_config('site', 'server');
- }
+ $path = common_config('javascript', 'path');
- $ssl = common_config('javascript', 'ssl');
+ if (empty($path)) {
+ $path = common_config('site', 'path') . '/js/';
+ }
- if (is_null($ssl)) { // null -> guess
- if (common_config('site', 'ssl') == 'always' &&
- !common_config('javascript', 'server')) {
- $ssl = true;
- } else {
- $ssl = false;
+ $server = common_config('javascript', 'server');
+
+ if (empty($server)) {
+ $server = common_config('site', 'server');
}
+
+ $protocol = 'http';
+ }
+
+ if ($path[strlen($path)-1] != '/') {
+ $path .= '/';
}
- $protocol = ($ssl) ? 'https' : 'http';
+ if ($path[0] != '/') {
+ $path = '/'.$path;
+ }
- $src = $protocol.'://'.$server.$path.$src . '?version=' . STATUSNET_VERSION;
+ $src = $protocol.'://'.$server.$path.$src . '?version=' . GNUSOCIAL_VERSION;
}
}
$this->element('script', array('type' => $type,
- 'src' => $src),
- ' ');
+ 'src' => $src),
+ ' ');
Event::handle('EndScriptElement', array($this,$src,$type));
}
if(file_exists(Theme::file($src,$theme))){
$src = Theme::path($src, $theme);
}else{
- $src = common_path($src);
+ $src = common_path($src, StatusNet::isHTTPS());
}
- $src.= '?version=' . STATUSNET_VERSION;
+ $src.= '?version=' . GNUSOCIAL_VERSION;
}
$this->element('link', array('rel' => 'stylesheet',
'type' => 'text/css',
* @param string $label text of label for the element
* @param string $content content of the textarea, default none
* @param string $instructions instructions for valid input
+ * @param string $name name of textarea; if null, $id will be used
+ * @param int $cols number of columns
+ * @param int $rows number of rows
+ * @param bool $required HTML5 required attribute (exclude when false)
*
* @return void
- *
- * @todo add a $name parameter
- * @todo add a $cols parameter
- * @todo add a $rows parameter
*/
- function textarea($id, $label, $content=null, $instructions=null)
- {
+ function textarea(
+ $id,
+ $label,
+ $content = null,
+ $instructions = null,
+ $name = null,
+ $cols = null,
+ $rows = null,
+ $required = false
+ ) {
$this->element('label', array('for' => $id), $label);
- $this->element('textarea', array('rows' => 3,
- 'cols' => 40,
- 'name' => $id,
- 'id' => $id),
- ($content) ? $content : '');
+ $attrs = array(
+ 'rows' => 3,
+ 'cols' => 40,
+ 'id' => $id
+ );
+ $attrs['name'] = is_null($name) ? $id : $name;
+
+ if ($cols != null) {
+ $attrs['cols'] = $cols;
+
+ }
+ if ($rows != null) {
+ $attrs['rows'] = $rows;
+ }
+ $this->element(
+ 'textarea',
+ $attrs,
+ is_null($content) ? '' : $content
+ );
if ($instructions) {
$this->element('p', 'form_guide', $instructions);
}
}
- /**
+ /**
* Internal script to autofocus the given element on page onload.
*
* @param string $id element ID, must refer to an existing element