X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=lib%2Fhtmloutputter.php;h=5e400379529b1c72e5b8c0631528d9ae78e3c3de;hb=5e7a7701b94ee63927750064a39b188d9e17164a;hp=dac3c621fc4fe82eecd2a8228748456e3816b99d;hpb=606d7d718510428fbe3c467c326bab017ea53423;p=quix0rs-gnu-social.git

diff --git a/lib/htmloutputter.php b/lib/htmloutputter.php
index dac3c621fc..5e40037952 100644
--- a/lib/htmloutputter.php
+++ b/lib/htmloutputter.php
@@ -28,11 +28,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
-    exit(1);
-}
-
-require_once INSTALLDIR.'/lib/xmloutputter.php';
+if (!defined('GNUSOCIAL')) { exit(1); }
 
 // Can include XHTML options but these are too fragile in practice.
 define('PAGE_TYPE_PREFS', 'text/html');
@@ -58,6 +54,9 @@ define('PAGE_TYPE_PREFS', 'text/html');
 
 class HTMLOutputter extends XMLOutputter
 {
+    protected $DTD = array('doctype' => 'html',
+                           'spec'    => '-//W3C//DTD XHTML 1.0 Strict//EN',
+                           'uri'     => 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd');
     /**
      * Constructor
      *
@@ -108,14 +107,20 @@ class HTMLOutputter extends XMLOutputter
 
         header('Content-Type: '.$type);
 
+	// Output anti-framing headers to prevent clickjacking (respected by newer
+        // browsers).
+	if (common_config('javascript', 'bustframes')) {
+            header('X-XSS-Protection: 1; mode=block'); // detect XSS Reflection attacks
+            header('X-Frame-Options: SAMEORIGIN'); // no rendering if origin mismatch
+        }
+
         $this->extraHeaders();
         if (preg_match("/.*\/.*xml/", $type)) {
             // Required for XML documents
-            $this->xw->startDocument('1.0', 'UTF-8');
+            $this->startXML();
         }
-        $this->xw->writeDTD('html',
-                            '-//W3C//DTD XHTML 1.0 Strict//EN',
-                            'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd');
+
+        $this->writeDTD();
 
         $language = $this->getLanguage();
 
@@ -131,6 +136,18 @@ class HTMLOutputter extends XMLOutputter
         }
     }
 
+    public function setDTD($doctype, $spec, $uri)
+    {
+        $this->DTD = array('doctype' => $doctype, 'spec' => $spec, 'uri' => $uri);
+    }
+
+    protected function writeDTD()
+    {
+        $this->xw->writeDTD($this->DTD['doctype'],
+                            $this->DTD['spec'],
+                            $this->DTD['uri']);
+    }
+
     function getLanguage()
     {
         // FIXME: correct language for interface
@@ -166,12 +183,16 @@ class HTMLOutputter extends XMLOutputter
      * a cluster of elements, including a <label> and an associated
      * instructions span.
      *
+     * If $attrs['type'] does not exist it will be set to 'text'.
+     *
      * @param string $id           element ID, must be unique on page
      * @param string $label        text of label for the element
      * @param string $value        value of the element, default null
      * @param string $instructions instructions for valid input
      * @param string $name         name of the element; if null, the id will
      *                             be used
+     * @param bool   $required     HTML5 required attribute (exclude when false)
+     * @param array  $attrs        Initial attributes manually set in an array (overwritten by previous options)
      *
      * @todo add a $maxLength parameter
      * @todo add a $size parameter
@@ -179,15 +200,28 @@ class HTMLOutputter extends XMLOutputter
      * @return void
      */
 
-    function input($id, $label, $value=null, $instructions=null, $name=null)
+    function input($id, $label, $value=null, $instructions=null, $name=null, $required=false, array $attrs=array())
     {
         $this->element('label', array('for' => $id), $label);
-        $attrs = array('type' => 'text',
-                       'id'   => $id);
+        if (!array_key_exists('type', $attrs)) {
+            $attrs['type'] = 'text';
+        }
+        $attrs['id'] = $id;
         $attrs['name'] = is_null($name) ? $id : $name;
+        if (array_key_exists('placeholder', $attrs) && (is_null($attrs['placeholder']) || $attrs['placeholder'] === '')) {
+            // If placeholder is type-aware equal to '' or null, unset it as we apparently don't want a placeholder value
+            unset($attrs['placeholder']);
+        } else {
+            // If the placeholder is set use it, or use the label as fallback.
+            $attrs['placeholder'] = isset($attrs['placeholder']) ? $attrs['placeholder'] : $label;
+        }
+
         if (!is_null($value)) { // value can be 0 or ''
             $attrs['value'] = $value;
         }
+        if (!empty($required)) {
+            $attrs['required'] = 'required';
+        }
         $this->element('input', $attrs);
         if ($instructions) {
             $this->element('p', 'form_guide', $instructions);
@@ -295,7 +329,7 @@ class HTMLOutputter extends XMLOutputter
 
     function hidden($id, $value, $name=null)
     {
-        $this->element('input', array('name' => ($name) ? $name : $id,
+        $this->element('input', array('name' => $name ?: $id,
                                       'type' => 'hidden',
                                       'id' => $id,
                                       'value' => $value));
@@ -344,7 +378,7 @@ class HTMLOutputter extends XMLOutputter
     {
         $this->element('input', array('type' => 'submit',
                                       'id' => $id,
-                                      'name' => ($name) ? $name : $id,
+                                      'name'  => $name ?: $id,
                                       'class' => $cls,
                                       'value' => $label,
                                       'title' => $title));
@@ -370,11 +404,11 @@ class HTMLOutputter extends XMLOutputter
 
                 if (strpos($src, 'plugins/') === 0 || strpos($src, 'local/') === 0) {
 
-                    $src = common_path($src, StatusNet::isHTTPS()) . '?version=' . STATUSNET_VERSION;
+                    $src = common_path($src, GNUsocial::isHTTPS()) . '?version=' . GNUSOCIAL_VERSION;
 
                 } else {
 
-                    if (StatusNet::isHTTPS()) {
+                    if (GNUsocial::isHTTPS()) {
 
                         $sslserver = common_config('javascript', 'sslserver');
 
@@ -421,7 +455,7 @@ class HTMLOutputter extends XMLOutputter
                         $path = '/'.$path;
                     }
 
-                    $src = $protocol.'://'.$server.$path.$src . '?version=' . STATUSNET_VERSION;
+                    $src = $protocol.'://'.$server.$path.$src . '?version=' . GNUSOCIAL_VERSION;
                 }
             }
 
@@ -477,9 +511,9 @@ class HTMLOutputter extends XMLOutputter
                 if(file_exists(Theme::file($src,$theme))){
                    $src = Theme::path($src, $theme);
                 }else{
-                    $src = common_path($src, StatusNet::isHTTPS());
+                    $src = common_path($src, GNUsocial::isHTTPS());
                 }
-                $src.= '?version=' . STATUSNET_VERSION;
+                $src.= '?version=' . GNUSOCIAL_VERSION;
             }
             $this->element('link', array('rel' => 'stylesheet',
                                     'type' => 'text/css',
@@ -517,28 +551,50 @@ class HTMLOutputter extends XMLOutputter
      * @param string $label        text of label for the element
      * @param string $content      content of the textarea, default none
      * @param string $instructions instructions for valid input
+     * @param string $name         name of textarea; if null, $id will be used
+     * @param int    $cols         number of columns
+     * @param int    $rows         number of rows
+     * @param bool   $required     HTML5 required attribute (exclude when false)
      *
      * @return void
-     *
-     * @todo add a $name parameter
-     * @todo add a $cols parameter
-     * @todo add a $rows parameter
      */
 
-    function textarea($id, $label, $content=null, $instructions=null)
-    {
+    function textarea(
+        $id,
+        $label,
+        $content      = null,
+        $instructions = null,
+        $name         = null,
+        $cols         = null,
+        $rows         = null,
+        $required     = false
+    ) {
         $this->element('label', array('for' => $id), $label);
-        $this->element('textarea', array('rows' => 3,
-                                         'cols' => 40,
-                                         'name' => $id,
-                                         'id' => $id),
-                       ($content) ? $content : '');
+        $attrs = array(
+            'rows' => 3,
+            'cols' => 40,
+            'id' => $id
+        );
+        $attrs['name'] = is_null($name) ? $id : $name;
+
+        if ($cols != null) {
+            $attrs['cols'] = $cols;
+
+        }
+        if ($rows != null) {
+            $attrs['rows'] = $rows;
+        }
+        $this->element(
+            'textarea',
+            $attrs,
+            is_null($content) ? '' : $content
+        );
         if ($instructions) {
             $this->element('p', 'form_guide', $instructions);
         }
     }
 
-    /**
+   /**
     * Internal script to autofocus the given element on page onload.
     *
     * @param string $id element ID, must refer to an existing element