X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=lib%2Fhtmloutputter.php;h=b1aae16fad7a0819b634c4069b60d85837a92c52;hb=c6b1b3e5e3ad1c47c7bd25b5bcfb0a8cb1cb2bb5;hp=b341d14958b44c04615924644d36fd73a1513afe;hpb=3ed56730581e78911f5a98ff4a817e7fc2ab3bfc;p=quix0rs-gnu-social.git

diff --git a/lib/htmloutputter.php b/lib/htmloutputter.php
index b341d14958..b1aae16fad 100644
--- a/lib/htmloutputter.php
+++ b/lib/htmloutputter.php
@@ -108,10 +108,17 @@ class HTMLOutputter extends XMLOutputter
 
         header('Content-Type: '.$type);
 
+	// Output anti-framing headers to prevent clickjacking (respected by newer
+        // browsers).
+	if (common_config('javascript', 'bustframes')) {
+            header('X-XSS-Protection: 1; mode=block'); // detect XSS Reflection attacks
+            header('X-Frame-Options: SAMEORIGIN'); // no rendering if origin mismatch
+        }
+
         $this->extraHeaders();
         if (preg_match("/.*\/.*xml/", $type)) {
             // Required for XML documents
-            $this->xw->startDocument('1.0', 'UTF-8');
+            $this->startXML();
         }
         $this->xw->writeDTD('html',
                             '-//W3C//DTD XHTML 1.0 Strict//EN',
@@ -166,27 +173,37 @@ class HTMLOutputter extends XMLOutputter
      * a cluster of elements, including a <label> and an associated
      * instructions span.
      *
+     * If $attrs['type'] does not exist it will be set to 'text'.
+     *
      * @param string $id           element ID, must be unique on page
      * @param string $label        text of label for the element
      * @param string $value        value of the element, default null
      * @param string $instructions instructions for valid input
+     * @param string $name         name of the element; if null, the id will
+     *                             be used
+     * @param bool   $required     HTML5 required attribute (exclude when false)
+     * @param array  $attrs        Initial attributes manually set in an array (overwritten by previous options)
      *
-     * @todo add a $name parameter
      * @todo add a $maxLength parameter
      * @todo add a $size parameter
      *
      * @return void
      */
 
-    function input($id, $label, $value=null, $instructions=null)
+    function input($id, $label, $value=null, $instructions=null, $name=null, $required=false, array $attrs=array())
     {
         $this->element('label', array('for' => $id), $label);
-        $attrs = array('name' => $id,
-                       'type' => 'text',
-                       'id' => $id);
-        if ($value) {
+        if (!array_key_exists('type', $attrs)) {
+            $attrs['type'] = 'text';
+        }
+        $attrs['id'] = $id;
+        $attrs['name'] = is_null($name) ? $id : $name;
+        if (!is_null($value)) { // value can be 0 or ''
             $attrs['value'] = $value;
         }
+        if (!empty($required)) {
+            $attrs['required'] = 'required';
+        }
         $this->element('input', $attrs);
         if ($instructions) {
             $this->element('p', 'form_guide', $instructions);
@@ -294,7 +311,7 @@ class HTMLOutputter extends XMLOutputter
 
     function hidden($id, $value, $name=null)
     {
-        $this->element('input', array('name' => ($name) ? $name : $id,
+        $this->element('input', array('name' => $name ?: $id,
                                       'type' => 'hidden',
                                       'id' => $id,
                                       'value' => $value));
@@ -343,7 +360,7 @@ class HTMLOutputter extends XMLOutputter
     {
         $this->element('input', array('type' => 'submit',
                                       'id' => $id,
-                                      'name' => ($name) ? $name : $id,
+                                      'name'  => $name ?: $id,
                                       'class' => $cls,
                                       'value' => $label,
                                       'title' => $title));
@@ -369,7 +386,7 @@ class HTMLOutputter extends XMLOutputter
 
                 if (strpos($src, 'plugins/') === 0 || strpos($src, 'local/') === 0) {
 
-                    $src = common_path($src, StatusNet::isHTTPS()) . '?version=' . STATUSNET_VERSION;
+                    $src = common_path($src, StatusNet::isHTTPS()) . '?version=' . GNUSOCIAL_VERSION;
 
                 } else {
 
@@ -420,7 +437,7 @@ class HTMLOutputter extends XMLOutputter
                         $path = '/'.$path;
                     }
 
-                    $src = $protocol.'://'.$server.$path.$src . '?version=' . STATUSNET_VERSION;
+                    $src = $protocol.'://'.$server.$path.$src . '?version=' . GNUSOCIAL_VERSION;
                 }
             }
 
@@ -478,7 +495,7 @@ class HTMLOutputter extends XMLOutputter
                 }else{
                     $src = common_path($src, StatusNet::isHTTPS());
                 }
-                $src.= '?version=' . STATUSNET_VERSION;
+                $src.= '?version=' . GNUSOCIAL_VERSION;
             }
             $this->element('link', array('rel' => 'stylesheet',
                                     'type' => 'text/css',
@@ -516,28 +533,50 @@ class HTMLOutputter extends XMLOutputter
      * @param string $label        text of label for the element
      * @param string $content      content of the textarea, default none
      * @param string $instructions instructions for valid input
+     * @param string $name         name of textarea; if null, $id will be used
+     * @param int    $cols         number of columns
+     * @param int    $rows         number of rows
+     * @param bool   $required     HTML5 required attribute (exclude when false)
      *
      * @return void
-     *
-     * @todo add a $name parameter
-     * @todo add a $cols parameter
-     * @todo add a $rows parameter
      */
 
-    function textarea($id, $label, $content=null, $instructions=null)
-    {
+    function textarea(
+        $id,
+        $label,
+        $content      = null,
+        $instructions = null,
+        $name         = null,
+        $cols         = null,
+        $rows         = null,
+        $required     = false
+    ) {
         $this->element('label', array('for' => $id), $label);
-        $this->element('textarea', array('rows' => 3,
-                                         'cols' => 40,
-                                         'name' => $id,
-                                         'id' => $id),
-                       ($content) ? $content : '');
+        $attrs = array(
+            'rows' => 3,
+            'cols' => 40,
+            'id' => $id
+        );
+        $attrs['name'] = is_null($name) ? $id : $name;
+
+        if ($cols != null) {
+            $attrs['cols'] = $cols;
+
+        }
+        if ($rows != null) {
+            $attrs['rows'] = $rows;
+        }
+        $this->element(
+            'textarea',
+            $attrs,
+            is_null($content) ? '' : $content
+        );
         if ($instructions) {
             $this->element('p', 'form_guide', $instructions);
         }
     }
 
-    /**
+   /**
     * Internal script to autofocus the given element on page onload.
     *
     * @param string $id element ID, must refer to an existing element