X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=lib%2Fhtmloutputter.php;h=f1496768b12b0b540cb9f97594aec1d72459bc5f;hb=e15f322187d4ddc39c7718d533824df435d99bc8;hp=b341d14958b44c04615924644d36fd73a1513afe;hpb=0dcfcbd51732bdb73368461cc3cd5d9898de5484;p=quix0rs-gnu-social.git diff --git a/lib/htmloutputter.php b/lib/htmloutputter.php index b341d14958..f1496768b1 100644 --- a/lib/htmloutputter.php +++ b/lib/htmloutputter.php @@ -108,10 +108,17 @@ class HTMLOutputter extends XMLOutputter header('Content-Type: '.$type); + // Output anti-framing headers to prevent clickjacking (respected by newer + // browsers). + if (common_config('javascript', 'bustframes')) { + header('X-XSS-Protection: 1; mode=block'); // detect XSS Reflection attacks + header('X-Frame-Options: SAMEORIGIN'); // no rendering if origin mismatch + } + $this->extraHeaders(); if (preg_match("/.*\/.*xml/", $type)) { // Required for XML documents - $this->xw->startDocument('1.0', 'UTF-8'); + $this->startXML(); } $this->xw->writeDTD('html', '-//W3C//DTD XHTML 1.0 Strict//EN', @@ -170,23 +177,28 @@ class HTMLOutputter extends XMLOutputter * @param string $label text of label for the element * @param string $value value of the element, default null * @param string $instructions instructions for valid input + * @param string $name name of the element; if null, the id will + * be used + * @param bool $required HTML5 required attribute (exclude when false) * - * @todo add a $name parameter * @todo add a $maxLength parameter * @todo add a $size parameter * * @return void */ - function input($id, $label, $value=null, $instructions=null) + function input($id, $label, $value=null, $instructions=null, $name=null, $required=false) { $this->element('label', array('for' => $id), $label); - $attrs = array('name' => $id, - 'type' => 'text', - 'id' => $id); - if ($value) { + $attrs = array('type' => 'text', + 'id' => $id); + $attrs['name'] = is_null($name) ? $id : $name; + if (!is_null($value)) { // value can be 0 or '' $attrs['value'] = $value; } + if (!empty($required)) { + $attrs['required'] = 'required'; + } $this->element('input', $attrs); if ($instructions) { $this->element('p', 'form_guide', $instructions); @@ -294,7 +306,7 @@ class HTMLOutputter extends XMLOutputter function hidden($id, $value, $name=null) { - $this->element('input', array('name' => ($name) ? $name : $id, + $this->element('input', array('name' => $name ?: $id, 'type' => 'hidden', 'id' => $id, 'value' => $value)); @@ -343,7 +355,7 @@ class HTMLOutputter extends XMLOutputter { $this->element('input', array('type' => 'submit', 'id' => $id, - 'name' => ($name) ? $name : $id, + 'name' => $name ?: $id, 'class' => $cls, 'value' => $label, 'title' => $title)); @@ -369,7 +381,7 @@ class HTMLOutputter extends XMLOutputter if (strpos($src, 'plugins/') === 0 || strpos($src, 'local/') === 0) { - $src = common_path($src, StatusNet::isHTTPS()) . '?version=' . STATUSNET_VERSION; + $src = common_path($src, StatusNet::isHTTPS()) . '?version=' . GNUSOCIAL_VERSION; } else { @@ -420,7 +432,7 @@ class HTMLOutputter extends XMLOutputter $path = '/'.$path; } - $src = $protocol.'://'.$server.$path.$src . '?version=' . STATUSNET_VERSION; + $src = $protocol.'://'.$server.$path.$src . '?version=' . GNUSOCIAL_VERSION; } } @@ -478,7 +490,7 @@ class HTMLOutputter extends XMLOutputter }else{ $src = common_path($src, StatusNet::isHTTPS()); } - $src.= '?version=' . STATUSNET_VERSION; + $src.= '?version=' . GNUSOCIAL_VERSION; } $this->element('link', array('rel' => 'stylesheet', 'type' => 'text/css', @@ -516,28 +528,50 @@ class HTMLOutputter extends XMLOutputter * @param string $label text of label for the element * @param string $content content of the textarea, default none * @param string $instructions instructions for valid input + * @param string $name name of textarea; if null, $id will be used + * @param int $cols number of columns + * @param int $rows number of rows + * @param bool $required HTML5 required attribute (exclude when false) * * @return void - * - * @todo add a $name parameter - * @todo add a $cols parameter - * @todo add a $rows parameter */ - function textarea($id, $label, $content=null, $instructions=null) - { + function textarea( + $id, + $label, + $content = null, + $instructions = null, + $name = null, + $cols = null, + $rows = null, + $required = false + ) { $this->element('label', array('for' => $id), $label); - $this->element('textarea', array('rows' => 3, - 'cols' => 40, - 'name' => $id, - 'id' => $id), - ($content) ? $content : ''); + $attrs = array( + 'rows' => 3, + 'cols' => 40, + 'id' => $id + ); + $attrs['name'] = is_null($name) ? $id : $name; + + if ($cols != null) { + $attrs['cols'] = $cols; + + } + if ($rows != null) { + $attrs['rows'] = $rows; + } + $this->element( + 'textarea', + $attrs, + is_null($content) ? '' : $content + ); if ($instructions) { $this->element('p', 'form_guide', $instructions); } } - /** + /** * Internal script to autofocus the given element on page onload. * * @param string $id element ID, must refer to an existing element