]> git.mxchange.org Git - friendica.git/commitdiff
Escape values to input fields (and some 'title' and 'alt')
authorFabrixxm <fabrix.xm@gmail.com>
Mon, 16 Feb 2015 08:30:12 +0000 (09:30 +0100)
committerFabrixxm <fabrix.xm@gmail.com>
Mon, 16 Feb 2015 08:30:12 +0000 (09:30 +0100)
64 files changed:
view/templates/admin_aside.tpl
view/templates/admin_logs.tpl
view/templates/admin_remoteupdate.tpl
view/templates/admin_site.tpl
view/templates/admin_users.tpl
view/templates/album_edit.tpl
view/templates/auto_request.tpl
view/templates/comment_item.tpl
view/templates/confirm.tpl
view/templates/contact_edit.tpl
view/templates/contacts-template.tpl
view/templates/crepair.tpl
view/templates/cropbody.tpl
view/templates/dfrn_req_confirm.tpl
view/templates/dfrn_request.tpl
view/templates/directory_header.tpl
view/templates/event_form.tpl
view/templates/field_combobox.tpl
view/templates/field_input.tpl
view/templates/field_intcheckbox.tpl
view/templates/field_openid.tpl
view/templates/field_password.tpl
view/templates/field_radio.tpl
view/templates/field_select.tpl
view/templates/field_themeselect.tpl
view/templates/field_yesno.tpl
view/templates/filebrowser.tpl
view/templates/filer_dialog.tpl
view/templates/files.tpl [new file with mode: 0644]
view/templates/follow.tpl
view/templates/group_edit.tpl
view/templates/install_checks.tpl
view/templates/install_db.tpl
view/templates/install_settings.tpl
view/templates/intros.tpl
view/templates/invite.tpl
view/templates/jot.tpl
view/templates/lang_selector.tpl
view/templates/login.tpl
view/templates/logout.tpl
view/templates/lostpass.tpl
view/templates/moderated_comment.tpl
view/templates/mood_content.tpl
view/templates/oauth_authorize.tpl
view/templates/peoplefind.tpl
view/templates/photo_edit.tpl
view/templates/photos_default_uploader_submit.tpl
view/templates/poke_content.tpl
view/templates/profile_edit.tpl
view/templates/profile_photo.tpl
view/templates/prv_message.tpl
view/templates/register.tpl
view/templates/removeme.tpl
view/templates/scroll_loader.tpl [new file with mode: 0644]
view/templates/settings.tpl
view/templates/settings_connectors.tpl
view/templates/settings_display.tpl
view/templates/settings_features.tpl
view/templates/settings_oauth.tpl
view/templates/settings_oauth_edit.tpl
view/templates/suggestions.tpl
view/templates/uimport.tpl
view/templates/wall_thread.tpl
view/templates/wallmessage.tpl

index a9d26a89f04d0237da40fb249eb276d0e8d7928d..0f28a1cf376966ecc01dd3c482b755cc2351820d 100644 (file)
@@ -40,3 +40,8 @@
        <li class='admin link button {{$admin.logs.2}}'><a href='{{$admin.logs.0}}'>{{$admin.logs.1}}</a></li>
 </ul>
 
+<h4>{{$diagnosticstxt}}</h4>
+<ul class='admin linklist'>
+       <li class='admin link {{$admin.diagnostics_probe.2}}'><a href="{{$admin.diagnostics_probe.0}}">{{$admin.diagnostics_probe.1}}</a></li>
+       <li class='admin link {{$admin.diagnostics_webfinger.2}}'><a href="{{$admin.diagnostics_webfinger.0}}">{{$admin.diagnostics_webfinger.1}}</a></li>
+</ul>
index e5412429f4e7349a1a68373995164c094e32f210..4cc0acb66c346d1d5cb373ef05439c4fc527b0f1 100644 (file)
@@ -2,13 +2,13 @@
        <h1>{{$title}} - {{$page}}</h1>
        
        <form action="{{$baseurl}}/admin/logs" method="post">
-    <input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
+    <input type='hidden' name='form_security_token' value="{{$form_security_token|escape:'html'}}">
 
        {{include file="field_checkbox.tpl" field=$debugging}}
        {{include file="field_input.tpl" field=$logfile}}
        {{include file="field_select.tpl" field=$loglevel}}
        
-       <div class="submit"><input type="submit" name="page_logs" value="{{$submit}}" /></div>
+       <div class="submit"><input type="submit" name="page_logs" value="{{$submit|escape:'html'}}" /></div>
        
        </form>
        
index 24f7f9bfa6a3674201403013f6e950c1b1beaf8d..c3e85f2e804a6f78e44732c223a3d6b11da32a23 100644 (file)
@@ -66,7 +66,7 @@
                        <h1>Friendica Update</h1>
                        <div class="panel_text"></div>
                        <div class="panel_actions">
-                               <input type="button" value="{{$close}}" class="panel_action_close">
+                               <input type="button" value="{{$close|escape:'html'}}" class="panel_action_close">
                        </div>
                </div>
        </div>
        <dl> <dt>New version:</dt><dd>{{$remoteversion}}</dd> </dl>
 
        <form id="remoteupdate_form" method="POST" action="{{$baseurl}}/admin/update">
-       <input type="hidden" name="{{$remotefile.0}}" value="{{$remotefile.2}}">
+       <input type="hidden" name="{{$remotefile.0}}" value="{{$remotefile.2|escape:'html'}}">
 
        {{if $canwrite}}
-               <div class="submit"><input type="submit" name="remoteupdate" value="{{$submit}}" /></div>
+               <div class="submit"><input type="submit" name="remoteupdate" value="{{$submit|escape:'html'}}" /></div>
        {{else}}
                <h3>Your friendica installation is not writable by web server.</h3>
                {{if $canftp}}
@@ -89,7 +89,7 @@
                        {{include file="field_input.tpl" field=$ftppath}}
                        {{include file="field_input.tpl" field=$ftpuser}}
                        {{include file="field_password.tpl" field=$ftppwd}}
-                       <div class="submit"><input type="submit" name="remoteupdate" value="{{$submit}}" /></div>
+                       <div class="submit"><input type="submit" name="remoteupdate" value="{{$submit|escape:'html'}}" /></div>
                {{/if}}
        {{/if}}
        </form>
index 166b35e7d43d1dddaa5d9da8c11414c88687d94e..6880f0fd916505c1a4343c7d8c021abb608af974 100644 (file)
 
        {{include file="field_input.tpl" field=$sitename}}
        {{include file="field_input.tpl" field=$hostname}}
+       {{include file="field_input.tpl" field=$sender_email}}
        {{include file="field_textarea.tpl" field=$banner}}
+       {{include file="field_input.tpl" field=$shortcut_icon}}
+       {{include file="field_input.tpl" field=$touch_icon}}
        {{include file="field_textarea.tpl" field=$info}}
        {{include file="field_select.tpl" field=$language}}
        {{include file="field_select.tpl" field=$theme}}
@@ -58,7 +61,7 @@
        {{include file="field_select.tpl" field=$singleuser}}
 
        
-       <div class="submit"><input type="submit" name="page_site" value="{{$submit}}" /></div>
+       <div class="submit"><input type="submit" name="page_site" value="{{$submit|escape:'html'}}" /></div>
        
        <h3>{{$registration}}</h3>
        {{include file="field_input.tpl" field=$register_text}}
@@ -68,7 +71,7 @@
        {{include file="field_checkbox.tpl" field=$no_openid}}
        {{include file="field_checkbox.tpl" field=$no_regfullname}}
        
-       <div class="submit"><input type="submit" name="page_site" value="{{$submit}}" /></div>
+       <div class="submit"><input type="submit" name="page_site" value="{{$submit|escape:'html'}}" /></div>
 
        <h3>{{$upload}}</h3>
        {{include file="field_input.tpl" field=$maximagesize}}
@@ -80,7 +83,8 @@
        {{include file="field_input.tpl" field=$allowed_email}}
        {{include file="field_checkbox.tpl" field=$block_public}}
        {{include file="field_checkbox.tpl" field=$force_publish}}
-       {{include file="field_checkbox.tpl" field=$no_community_page}}
+       {{include file="field_select.tpl" field=$community_page_style}}
+       {{include file="field_input.tpl" field=$max_author_posts_community_page}}
        {{include file="field_checkbox.tpl" field=$ostatus_disabled}}
        {{include file="field_select.tpl" field=$ostatus_poll_interval}}
        {{include file="field_checkbox.tpl" field=$diaspora_enabled}}
@@ -92,7 +96,7 @@
        {{include file="field_checkbox.tpl" field=$private_addons}}     
        {{include file="field_checkbox.tpl" field=$disable_embedded}}
        {{include file="field_checkbox.tpl" field=$allow_users_remote_self}}
-       <div class="submit"><input type="submit" name="page_site" value="{{$submit}}" /></div>
+       <div class="submit"><input type="submit" name="page_site" value="{{$submit|escape:'html'}}" /></div>
        
        <h3>{{$advanced}}</h3>
        {{include file="field_checkbox.tpl" field=$no_utf}}
        {{include file="field_input.tpl" field=$temppath}}
        {{include file="field_input.tpl" field=$basepath}}
        {{include file="field_checkbox.tpl" field=$suppress_language}}
+       {{include file="field_checkbox.tpl" field=$suppress_tags}}
 
        <h3>{{$performance}}</h3>
-       {{include file="field_checkbox.tpl" field=$disable_noscrape}}
        {{include file="field_checkbox.tpl" field=$use_fulltext_engine}}
+       {{include file="field_checkbox.tpl" field=$only_tag_search}}
        {{include file="field_input.tpl" field=$itemcache}}
        {{include file="field_input.tpl" field=$itemcache_duration}}
        {{include file="field_input.tpl" field=$max_comments}}
        {{include file="field_checkbox.tpl" field=$proxy_disabled}}
-       <div class="submit"><input type="submit" name="page_site" value="{{$submit}}" /></div>
+       {{include file="field_checkbox.tpl" field=$old_pager}}
+       <div class="submit"><input type="submit" name="page_site" value="{{$submit|escape:'html'}}" /></div>
 
        </form>
        
        <input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
        <h3>{{$relocate}}</h3>
        {{include file="field_input.tpl" field=$relocate_url}}
-       <input type="hidden" name="page_site" value="{{$submit}}">
-       <div class="submit"><input type="submit" name="relocate" value="{{$submit}}" /></div>
+       <input type="hidden" name="page_site" value="{{$submit|escape:'html'}}">
+       <div class="submit"><input type="submit" name="relocate" value="{{$submit|escape:'html'}}" /></div>
        </form>
        
 </div>
index 4e0b9650ef68a5b21241a916e1b8905c14d2b37c..fc3c6377f17b9cf8b3f8c12f36c95ecb708a28ce 100644 (file)
@@ -43,7 +43,7 @@
                                </tbody>
                        </table>
                        <div class='selectall'><a href='#' onclick="return selectall('pending_ckbx');">{{$select_all}}</a></div>
-                       <div class="submit"><input type="submit" name="page_users_deny" value="{{$deny}}"/> <input type="submit" name="page_users_approve" value="{{$approve}}" /></div>                        
+                       <div class="submit"><input type="submit" name="page_users_deny" value="{{$deny|escape:'html'}}"/> <input type="submit" name="page_users_approve" value="{{$approve|escape:'html'}}" /></div>                    
                {{else}}
                        <p>{{$no_pending}}</p>
                {{/if}}
@@ -88,7 +88,7 @@
                                </tbody>
                        </table>
                        <div class='selectall'><a href='#' onclick="return selectall('users_ckbx');">{{$select_all}}</a></div>
-                       <div class="submit"><input type="submit" name="page_users_block" value="{{$block}}/{{$unblock}}" /> <input type="submit" name="page_users_delete" value="{{$delete}}" onclick="return confirm_delete_multi()" /></div>                                          
+                       <div class="submit"><input type="submit" name="page_users_block" value="{{$block|escape:'html'}}/{{$unblock|escape:'html'}}" /> <input type="submit" name="page_users_delete" value="{{$delete|escape:'html'}}" onclick="return confirm_delete_multi()" /></div>                                                
                {{else}}
                        NO USERS?!?
                {{/if}}
     </tr> 
       </tbody> 
   </table> 
-  <div class="submit"><input type="submit" name="add_new_user_submit" value="{{$submit}}" /></div>             
+  <div class="submit"><input type="submit" name="add_new_user_submit" value="{{$submit|escape:'html'}}" /></div>             
   </form>
 </div>
index 72aedd8b70aa02afc9a0f5e588a6eaa1401ea2e8..3d1d7573d7d51c1a289be4eb463ff3ca32debb7d 100644 (file)
@@ -4,12 +4,12 @@
 
 
 <label id="photo-album-edit-name-label" for="photo-album-edit-name" >{{$nametext}}</label>
-<input type="text" size="64" name="albumname" value="{{$album}}" >
+<input type="text" size="64" name="albumname" value="{{$album|escape:'html'}}" >
 
 <div id="photo-album-edit-name-end"></div>
 
-<input id="photo-album-edit-submit" type="submit" name="submit" value="{{$submit}}" />
-<input id="photo-album-edit-drop" type="submit" name="dropalbum" value="{{$dropsubmit}}" onclick="return confirmDelete();" />
+<input id="photo-album-edit-submit" type="submit" name="submit" value="{{$submit|escape:'html'}}" />
+<input id="photo-album-edit-drop" type="submit" name="dropalbum" value="{{$dropsubmit|escape:'html'}}" onclick="return confirmDelete();" />
 
 </form>
 </div>
index 8d7d3ff3d982089f78561958619b131592f22551..b987b7849cb6eb95ab5d25179b173a8860a5a422 100644 (file)
@@ -26,9 +26,9 @@
        <label id="dfrn-url-label" for="dfrn-url" >{{$your_address}}</label>
         {{if $myaddr}}
                 {{$myaddr}}
-                <input type="hidden" name="dfrn_url" id="dfrn-url" size="32" value="{{$myaddr}}" />
+                <input type="hidden" name="dfrn_url" id="dfrn-url" size="32" value="{{$myaddr|escape:'html'}}" />
         {{else}}
-        <input type="text" name="dfrn_url" id="dfrn-url" size="32" value="{{$myaddr}}" />
+        <input type="text" name="dfrn_url" id="dfrn-url" size="32" value="{{$myaddr|escape:'html'}}" />
         {{/if}}
        <div id="dfrn-request-url-end"></div>
 </div>
@@ -39,7 +39,7 @@
 </div>
 
        <div id="dfrn-request-submit-wrapper">
-               <input type="submit" name="submit" id="dfrn-request-submit-button" value="{{$submit}}" />
-               <input type="submit" name="cancel" id="dfrn-request-cancel-button" value="{{$cancel}}" />
+               <input type="submit" name="submit" id="dfrn-request-submit-button" value="{{$submit|escape:'html'}}" />
+               <input type="submit" name="cancel" id="dfrn-request-cancel-button" value="{{$cancel|escape:'html'}}" />
        </div>
 </form>
index 621c15d43e4ec94cef528a8bdd2667aa3e1b94c6..fa360df3a810a0fd17ab68a465965a21facd1577 100644 (file)
                                        <select id="qcomment-select-{{$id}}" name="qcomment-{{$id}}" class="qcomment" onchange="qCommentInsert(this,{{$id}});" >
                                        <option value=""></option>
                                {{foreach $qcomment as $qc}}
-                                       <option value="{{$qc}}">{{$qc}}</option>                                
+                                       <option value="{{$qc|escape:'html'}}">{{$qc}}</option>                          
                                {{/foreach}}
                                        </select>
                                {{/if}}
 
                                <div class="comment-edit-text-end"></div>
                                <div class="comment-edit-submit-wrapper" id="comment-edit-submit-wrapper-{{$id}}" style="display: none;" >
-                                       <input type="submit" onclick="post_comment({{$id}}); return false;" id="comment-edit-submit-{{$id}}" class="comment-edit-submit" name="submit" value="{{$submit}}" />
+                                       <input type="submit" onclick="post_comment({{$id}}); return false;" id="comment-edit-submit-{{$id}}" class="comment-edit-submit" name="submit" value="{{$submit|escape:'html'}}" />
                                        {{if $preview}}<span onclick="preview_comment({{$id}});" id="comment-edit-preview-link-{{$id}}" class="fakelink">{{$preview}}</span>{{/if}}
                                        <div id="comment-edit-preview-{{$id}}" class="comment-edit-preview" style="display:none;"></div>
                                </div>
index 6744ac4f745a52c27301e3690d4c7190db830108..bb9e159078477936bd18daaf8a7dfcbb7fd0f33b 100644 (file)
@@ -4,11 +4,11 @@
 
        <span id="confirm-message">{{$message}}</span>
        {{foreach $extra_inputs as $input}}
-       <input type="hidden" name="{{$input.name}}" value="{{$input.value}}" />
+       <input type="hidden" name="{{$input.name}}" value="{{$input.value|escape:'html'}}" />
        {{/foreach}}
 
-       <input class="confirm-button" id="confirm-submit-button" type="submit" name="{{$confirm_name}}" value="{{$confirm}}" />
-       <input class="confirm-button" id="confirm-cancel-button" type="submit" name="canceled" value="{{$cancel}}" />
+       <input class="confirm-button" id="confirm-submit-button" type="submit" name="{{$confirm_name}}" value="{{$confirm|escape:'html'}}" />
+       <input class="confirm-button" id="confirm-cancel-button" type="submit" name="canceled" value="{{$cancel|escape:'html'}}" />
 
 </form>
 </center>
index 9b57f17417281f9ca5742bd7d5dde3e7e26237fb..65af34c6bb039242b33628b88e743eddc505809a 100644 (file)
@@ -73,7 +73,7 @@
 <div id="contact-edit-info-wrapper">
 <h4>{{$lbl_info1}}</h4>
        <textarea id="contact-edit-info" rows="8" cols="60" name="info">{{$info}}</textarea>
-       <input class="contact-edit-submit" type="submit" name="submit" value="{{$submit}}" />
+       <input class="contact-edit-submit" type="submit" name="submit" value="{{$submit|escape:'html'}}" />
 </div>
 <div id="contact-edit-info-end"></div>
 
@@ -85,7 +85,7 @@
 {{$profile_select}}
 <div id="contact-edit-profile-select-end"></div>
 
-<input class="contact-edit-submit" type="submit" name="submit" value="{{$submit}}" />
+<input class="contact-edit-submit" type="submit" name="submit" value="{{$submit|escape:'html'}}" />
 
 </form>
 </div>
index 5797196ebb7dc4d0b20912d4acd52150ce658438..896f9af4c9f9d7f5fd7714d72556e06451a008a8 100644 (file)
@@ -6,8 +6,8 @@
 <div id="contacts-search-wrapper">
 <form id="contacts-search-form" action="{{$cmd}}" method="get" >
 <span class="contacts-search-desc">{{$desc}}</span>
-<input type="text" name="search" id="contacts-search" class="search-input" onfocus="this.select();" value="{{$search}}" />
-<input type="submit" name="submit" id="contacts-search-submit" value="{{$submit}}" />
+<input type="text" name="search" id="contacts-search" class="search-input" onfocus="this.select();" value="{{$search|escape:'html'}}" />
+<input type="submit" name="submit" id="contacts-search-submit" value="{{$submit|escape:'html'}}" />
 </form>
 </div>
 <div id="contacts-search-end"></div>
@@ -21,7 +21,7 @@
 <div id="contact-edit-end"></div>
 <div id="contacts-actions">
 {{foreach $batch_actions as $n=>$l}}
- <input class="batch-action" name="{{$n}}" value="{{$l}}" type="submit">
+ <input class="batch-action" name="{{$n}}" value="{{$l|escape:'html'}}" type="submit">
  {{/foreach}}
  </div>
 </form>
index 37e2ef417bb48926af0378c05ca3dbf2972139ae..a94f1f2d3c2241f6e207f4c3b87e068059d1a72c 100644 (file)
@@ -3,35 +3,35 @@
 <h4>{{$contact_name}}</h4>
 
 <label id="crepair-name-label" class="crepair-label" for="crepair-name">{{$label_name}}</label>
-<input type="text" id="crepair-name" class="crepair-input" name="name" value="{{$contact_name}}" />
+<input type="text" id="crepair-name" class="crepair-input" name="name" value="{{$contact_name|escape:'html'}}" />
 <div class="clear"></div>
 
 <label id="crepair-nick-label" class="crepair-label" for="crepair-nick">{{$label_nick}}</label>
-<input type="text" id="crepair-nick" class="crepair-input" name="nick" value="{{$contact_nick}}" />
+<input type="text" id="crepair-nick" class="crepair-input" name="nick" value="{{$contact_nick|escape:'html'}}" />
 <div class="clear"></div>
 
 <label id="crepair-attag-label" class="crepair-label" for="crepair-attag">{{$label_attag}}</label>
-<input type="text" id="crepair-attag" class="crepair-input" name="attag" value="{{$contact_attag}}" />
+<input type="text" id="crepair-attag" class="crepair-input" name="attag" value="{{$contact_attag|escape:'html'}}" />
 <div class="clear"></div>
 
 <label id="crepair-url-label" class="crepair-label" for="crepair-url">{{$label_url}}</label>
-<input type="text" id="crepair-url" class="crepair-input" name="url" value="{{$contact_url}}" />
+<input type="text" id="crepair-url" class="crepair-input" name="url" value="{{$contact_url|escape:'html'}}" />
 <div class="clear"></div>
 
 <label id="crepair-request-label" class="crepair-label" for="crepair-request">{{$label_request}}</label>
-<input type="text" id="crepair-request" class="crepair-input" name="request" value="{{$request}}" />
+<input type="text" id="crepair-request" class="crepair-input" name="request" value="{{$request|escape:'html'}}" />
 <div class="clear"></div>
  
 <label id="crepair-confirm-label" class="crepair-label" for="crepair-confirm">{{$label_confirm}}</label>
-<input type="text" id="crepair-confirm" class="crepair-input" name="confirm" value="{{$confirm}}" />
+<input type="text" id="crepair-confirm" class="crepair-input" name="confirm" value="{{$confirm|escape:'html'}}" />
 <div class="clear"></div>
 
 <label id="crepair-notify-label" class="crepair-label" for="crepair-notify">{{$label_notify}}</label>
-<input type="text" id="crepair-notify" class="crepair-input" name="notify" value="{{$notify}}" />
+<input type="text" id="crepair-notify" class="crepair-input" name="notify" value="{{$notify|escape:'html'}}" />
 <div class="clear"></div>
 
 <label id="crepair-poll-label" class="crepair-label" for="crepair-poll">{{$label_poll}}</label>
-<input type="text" id="crepair-poll" class="crepair-input" name="poll" value="{{$poll}}" />
+<input type="text" id="crepair-poll" class="crepair-input" name="poll" value="{{$poll|escape:'html'}}" />
 <div class="clear"></div>
 
 <label id="crepair-photo-label" class="crepair-label" for="crepair-photo">{{$label_photo}}</label>
@@ -42,7 +42,7 @@
 {{include file="field_select.tpl" field=$remote_self}}
 {{/if}}
 
-<input type="submit" name="submit" value="{{$lbl_submit}}" />
+<input type="submit" name="submit" value="{{$lbl_submit|escape:'html'}}" />
 
 </form>
 
index 47bb73b47a8c617e55cd59dcac8b06ed361485c2..4cf030bc9d5124cafeab38b4350d90708b8d9ee0 100644 (file)
@@ -52,7 +52,7 @@
 <input type="hidden" name="width"  id="width" />
 
 <div id="crop-image-submit-wrapper" >
-<input type="submit" name="submit" value="{{$done}}" />
+<input type="submit" name="submit" value="{{$done|escape:'html'}}" />
 </div>
 
 </form>
index accfd4f83f162bcf5054a3bd1c73d3fd64351e49..d49b5bbf2d44e8a68c0ff40b48bc8671c4e23015 100644 (file)
@@ -17,6 +17,6 @@
 
 
 <div id="dfrn-request-homecoming-submit-wrapper" >
-<input id="dfrn-request-homecoming-submit" type="submit" name="submit" value="{{$submit}}" />
+<input id="dfrn-request-homecoming-submit" type="submit" name="submit" value="{{$submit|escape:'html'}}" />
 </div>
 </form>
\ No newline at end of file
index d72478586569541b1e61fde352b00cdf2ba32404..44c8ef1e6a180680955c66f6687693d005b34c2e 100644 (file)
@@ -25,9 +25,9 @@
        <label id="dfrn-url-label" for="dfrn-url" >{{$your_address}}</label>
        {{if $myaddr}}
                {{$myaddr}}
-               <input type="hidden" name="dfrn_url" id="dfrn-url" size="32" value="{{$myaddr}}" />
+               <input type="hidden" name="dfrn_url" id="dfrn-url" size="32" value="{{$myaddr|escape:'html'}}" />
        {{else}}
-       <input type="text" name="dfrn_url" id="dfrn-url" size="32" value="{{$myaddr}}" />
+       <input type="text" name="dfrn_url" id="dfrn-url" size="32" value="{{$myaddr|escape:'html'}}" />
        {{/if}}
        <div id="dfrn-request-url-end"></div>
 </div>
@@ -69,7 +69,7 @@
 </div>
 
        <div id="dfrn-request-submit-wrapper">
-               <input type="submit" name="submit" id="dfrn-request-submit-button" value="{{$submit}}" />
-               <input type="submit" name="cancel" id="dfrn-request-cancel-button" value="{{$cancel}}" />
+               <input type="submit" name="submit" id="dfrn-request-submit-button" value="{{$submit|escape:'html'}}" />
+               <input type="submit" name="cancel" id="dfrn-request-cancel-button" value="{{$cancel|escape:'html'}}" />
        </div>
 </form>
index 29393aeda3d554552aa4336b4961eaef4f1bf9a7..2274f2e1f8ecd0ed71389466c2c9488dd51912c8 100644 (file)
@@ -9,8 +9,8 @@
 <div id="directory-search-wrapper">
 <form id="directory-search-form" action="directory" method="get" >
 <span class="dirsearch-desc">{{$desc}}</span>
-<input type="text" name="search" id="directory-search" class="search-input" onfocus="this.select();" value="{{$search}}" />
-<input type="submit" name="submit" id="directory-search-submit" value="{{$submit}}" class="button" />
+<input type="text" name="search" id="directory-search" class="search-input" onfocus="this.select();" value="{{$search|escape:'html'}}" />
+<input type="submit" name="submit" id="directory-search-submit" value="{{$submit|escape:'html'}}" class="button" />
 </form>
 </div>
 <div id="directory-search-end"></div>
index cb7ba53af0fb7ab07d633c898a7465e9c6652e6f..45e2ea71e096ea996ca5272278d0e1c25f3cc0a7 100644 (file)
@@ -28,7 +28,7 @@
 <div id="event-adjust-break"></div>
 
 <div id="event-summary-text">{{$t_text}}</div>
-<input type="text" id="event-summary" name="summary" value="{{$t_orig}}" />
+<input type="text" id="event-summary" name="summary" value="{{$t_orig|escape:'html'}}" />
 
 
 <div id="event-desc-text">{{$d_text}}</div>
@@ -44,7 +44,7 @@
 {{$acl}}
 
 <div class="clear"></div>
-<input id="event-submit" type="submit" name="submit" value="{{$submit}}" />
+<input id="event-submit" type="submit" name="submit" value="{{$submit|escape:'html'}}" />
 </form>
 
 
index 3d69e2d27275dc443a58c78d603c08f80710f73d..a2f7c3f27e9a52d6aeb9dbd5cf9808df0e6f1fb7 100644 (file)
@@ -4,13 +4,13 @@
                {{* html5 don't work on Chrome, Safari and IE9
                <input id="id_{{$field.0}}" type="text" list="data_{{$field.0}}" >
                <datalist id="data_{{$field.0}}" >
-                  {{foreach $field.4 as $opt=>$val}}<option value="{{$val}}">{{/foreach}}
+                  {{foreach $field.4 as $opt=>$val}}<option value="{{$val|escape:'html'}}">{{/foreach}}
                </datalist> *}}
                
                <input id="id_{{$field.0}}" type="text" value="{{$field.2}}">
                <select id="select_{{$field.0}}" onChange="$('#id_{{$field.0}}').val($(this).val())">
                        <option value="">{{$field.5}}</option>
-                       {{foreach $field.4 as $opt=>$val}}<option value="{{$val}}">{{$val}}</option>{{/foreach}}
+                       {{foreach $field.4 as $opt=>$val}}<option value="{{$val|escape:'html'}}">{{$val}}</option>{{/foreach}}
                </select>
                
                <span class='field_help'>{{$field.3}}</span>
index ae8fe844a3e7bcea55f35dc71b96d159f6b8d513..6a3328c5cc28dafe2dde8fba89d1baa6ba1d1bf7 100644 (file)
@@ -1,6 +1,6 @@
        
        <div class='field input' id='wrapper_{{$field.0}}'>
                <label for='id_{{$field.0}}'>{{$field.1}}</label>
-               <input{{if $field.6 eq 'email'}} type='email'{{elseif $field.6 eq 'url'}} type='url'{{/if}} name='{{$field.0}}' id='id_{{$field.0}}' value="{{$field.2}}"{{if $field.4 eq 'required'}} required{{/if}}{{if $field.5 eq 'autofocus'}} autofocus{{/if}}>
+               <input{{if $field.6 eq 'email'}} type='email'{{elseif $field.6 eq 'url'}} type='url'{{/if}} name='{{$field.0}}' id='id_{{$field.0}}' value="{{$field.2|escape:'html'}}"{{if $field.4 eq 'required'}} required{{/if}}{{if $field.5 eq 'autofocus'}} autofocus{{/if}}>
                <span class='field_help'>{{$field.3}}</span>
        </div>
index dd77e50018c55a6457ed5bed3eb86a59717bd87d..2f3c27d920cb860649e01ca4b7980920b02d3ae1 100644 (file)
@@ -2,6 +2,6 @@
        
        <div class='field checkbox'>
                <label for='id_{{$field.0}}'>{{$field.1}}</label>
-               <input type="checkbox" name='{{$field.0}}' id='id_{{$field.0}}' value="{{$field.3}}" {{if $field.2}}checked="true"{{/if}}>
+               <input type="checkbox" name='{{$field.0}}' id='id_{{$field.0}}' value="{{$field.3|escape:'html'}}" {{if $field.2}}checked="true"{{/if}}>
                <span class='field_help'>{{$field.4}}</span>
        </div>
index d8a9394a15380173c03abfb88dbae05cba4e6c9c..e5f236c6791a08a475e0323ffbb8fb4fec67eba6 100644 (file)
@@ -1,6 +1,6 @@
        
        <div class='field input openid' id='wrapper_{{$field.0}}'>
                <label for='id_{{$field.0}}'>{{$field.1}}</label>
-               <input name='{{$field.0}}' id='id_{{$field.0}}' value="{{$field.2}}">
+               <input name='{{$field.0}}' id='id_{{$field.0}}' value="{{$field.2|escape:'html'}}">
                <span class='field_help'>{{$field.3}}</span>
        </div>
index 2e9e91529ade3249167e7f6eafd25e5c3d5c12eb..8a9f0dc330e89ddf8fdb4609268b0dbc3851fd55 100644 (file)
@@ -1,6 +1,6 @@
        
        <div class='field password' id='wrapper_{{$field.0}}'>
                <label for='id_{{$field.0}}'>{{$field.1}}</label>
-               <input type='password' name='{{$field.0}}' id='id_{{$field.0}}' value="{{$field.2}}"{{if $field.4 eq 'required'}} required{{/if}}{{if $field.5 eq 'autofocus'}} autofocus{{/if}}>
+               <input type='password' name='{{$field.0}}' id='id_{{$field.0}}' value="{{$field.2|escape:'html'}}"{{if $field.4 eq 'required'}} required{{/if}}{{if $field.5 eq 'autofocus'}} autofocus{{/if}}>
                <span class='field_help'>{{$field.3}}</span>
        </div>
index 09db11472028636fb7dc534bd3940e7fec7733e5..86cc8fc47e15239189a7b2cbb7978463c6f43436 100644 (file)
@@ -2,6 +2,6 @@
        
        <div class='field radio'>
                <label for='id_{{$field.0}}_{{$field.2}}'>{{$field.1}}</label>
-               <input type="radio" name='{{$field.0}}' id='id_{{$field.0}}_{{$field.2}}' value="{{$field.2}}" {{if $field.4}}checked="true"{{/if}}>
+               <input type="radio" name='{{$field.0}}' id='id_{{$field.0}}_{{$field.2}}' value="{{$field.2|escape:'html'}}" {{if $field.4}}checked="true"{{/if}}>
                <span class='field_help'>{{$field.3}}</span>
        </div>
index a3274f51af7f4b8b2c4efbf14e55a27404b4e3b7..4fbbd4beb0a5423a2df00e5fb0479facbd0e9a95 100644 (file)
@@ -3,7 +3,7 @@
        <div class='field select'>
                <label for='id_{{$field.0}}'>{{$field.1}}</label>
                <select name='{{$field.0}}' id='id_{{$field.0}}'>
-                       {{foreach $field.4 as $opt=>$val}}<option value="{{$opt}}" {{if $opt==$field.2}}selected="selected"{{/if}}>{{$val}}</option>{{/foreach}}
+                       {{foreach $field.4 as $opt=>$val}}<option value="{{$opt|escape:'html'}}" {{if $opt==$field.2}}selected="selected"{{/if}}>{{$val}}</option>{{/foreach}}
                </select>
                <span class='field_help'>{{$field.3}}</span>
        </div>
index b250520d7b7ba01b262ad9bb33b707edd9f3356d..edd25dbe0f8cc77a66b2410d9f48fa55f8a3d60b 100644 (file)
@@ -3,7 +3,7 @@
        <div class='field select'>
                <label for='id_{{$field.0}}'>{{$field.1}}</label>
                <select name='{{$field.0}}' id='id_{{$field.0}}' {{if $field.5}}onchange="previewTheme(this);"{{/if}} >
-                       {{foreach $field.4 as $opt=>$val}}<option value="{{$opt}}" {{if $opt==$field.2}}selected="selected"{{/if}}>{{$val}}</option>{{/foreach}}
+                       {{foreach $field.4 as $opt=>$val}}<option value="{{$opt|escape:'html'}}" {{if $opt==$field.2}}selected="selected"{{/if}}>{{$val}}</option>{{/foreach}}
                </select>
                <span class='field_help'>{{$field.3}}</span>
                {{if $field.5}}<div id="theme-preview"></div>{{/if}}
index 4a471ccdc14eba1ec8a7c2b58758df4db520a7e2..de70c5ae6dccdfc967500b51f025d72a2d529963 100644 (file)
@@ -2,7 +2,7 @@
        <div class='field yesno'>
                <label for='id_{{$field.0}}'>{{$field.1}}</label>
                <div class='onoff' id="id_{{$field.0}}_onoff">
-                       <input  type="hidden" name='{{$field.0}}' id='id_{{$field.0}}' value="{{$field.2}}">
+                       <input  type="hidden" name='{{$field.0}}' id='id_{{$field.0}}' value="{{$field.2|escape:'html'}}">
                        <a href="#" class='off'>
                                {{if $field.4}}{{$field.4.0}}{{else}}OFF{{/if}}
                        </a>
index cde4e603cabfeee3ea434804b3573c54eeeae44e..b207277a7b6cf9d788e9bdbc246e04dc483c2cc8 100644 (file)
@@ -78,7 +78,7 @@
                </div>
        </div>
        <div class="mceActionPanel">
-               <input type="button" id="cancel" name="cancel" value="{{$cancel}}" onclick="tinyMCEPopup.close();" />
+               <input type="button" id="cancel" name="cancel" value="{{$cancel|escape:'html'}}" onclick="tinyMCEPopup.close();" />
        </div>  
        </body>
        
index 77f48e8aee1bc0a360d466d6e440be6fb9b4077d..27aa9b2f5b3ab5c9180ebef9d67cbee3e6ec9cc2 100644 (file)
@@ -1,5 +1,5 @@
 
 {{include file="field_combobox.tpl"}}
 <div class="settings-submit-wrapper" >
-       <input id="filer_save" type="button" class="settings-submit" value="{{$submit}}" />
+       <input id="filer_save" type="button" class="settings-submit" value="{{$submit|escape:'html'}}" />
 </div>
diff --git a/view/templates/files.tpl b/view/templates/files.tpl
new file mode 100644 (file)
index 0000000..a2a337b
--- /dev/null
@@ -0,0 +1,4 @@
+{{foreach $items as $item }}\r
+<p>{{$item.title}}  ({{$item.mime}}) ({{$item.filename}})</p>\r
+{{/foreach}}\r
+{{include "paginate.tpl"}}
\ No newline at end of file
index 32109e82bf28529fa3c452ec823c164a8e0ff0c6..c4d18876573aeddecdab4eb2e03d174e3d6dcc66 100644 (file)
@@ -3,7 +3,7 @@
        <h3>{{$connect}}</h3>
        <div id="connect-desc">{{$desc}}</div>
        <form action="follow" method="post" >
-               <input id="side-follow-url" type="text" name="url" value="{{$value}}" size="24" placeholder="{{$hint}}" title="{{$hint}}" /><input id="side-follow-submit" type="submit" name="submit" value="{{$follow}}" />
+               <input id="side-follow-url" type="text" name="url" value="{{$value|escape:'html'}}" size="24" placeholder="{{$hint|escape:'html'}}" title="{{$hint|escape:'html'}}" /><input id="side-follow-submit" type="submit" name="submit" value="{{$follow|escape:'html'}}" />
        </form>
 </div>
 
index 7bc4add88a85d79068d72cb9c9ab6a0730d02a70..6b72e776e016737ed26a0e2f87104dbffc9a16cb 100644 (file)
@@ -9,7 +9,7 @@
                {{include file="field_input.tpl" field=$gname}}
                {{if $drop}}{{$drop}}{{/if}}
                <div id="group-edit-submit-wrapper" >
-                       <input type="submit" name="submit" value="{{$submit}}" >
+                       <input type="submit" name="submit" value="{{$submit|escape:'html'}}" >
                </div>
                <div id="group-edit-select-end" ></div>
        </form>
index 217f182a507c03cd7966772f50be03b730bc10ed..ca12425f0584bede0e152d94d2477d6de0d9d1b8 100644 (file)
 </table>
 
 {{if $phpath}}
-       <input type="hidden" name="phpath" value="{{$phpath}}">
+       <input type="hidden" name="phpath" value="{{$phpath|escape:'html'}}">
 {{/if}}
 
 {{if $passed}}
        <input type="hidden" name="pass" value="2">
-       <input type="submit" value="{{$next}}">
+       <input type="submit" value="{{$next|escape:'html'}}">
 {{else}}
        <input type="hidden" name="pass" value="1">
-       <input type="submit" value="{{$reload}}">
+       <input type="submit" value="{{$reload|escape:'html'}}">
 {{/if}}
 </form>
index b6bad0a2eeba35a14b0e0507af63661689ccf82d..f66bf119e88bbf8f6a959ad3ddd723189795e31c 100644 (file)
@@ -16,7 +16,7 @@
 
 <form id="install-form" action="{{$baseurl}}/install" method="post">
 
-<input type="hidden" name="phpath" value="{{$phpath}}" />
+<input type="hidden" name="phpath" value="{{$phpath|escape:'html'}}" />
 <input type="hidden" name="pass" value="3" />
 
 {{include file="field_input.tpl" field=$dbhost}}
@@ -25,7 +25,7 @@
 {{include file="field_input.tpl" field=$dbdata}}
 
 
-<input id="install-submit" type="submit" name="submit" value="{{$submit}}" /> 
+<input id="install-submit" type="submit" name="submit" value="{{$submit|escape:'html'}}" /> 
 
 </form>
 
index 53450141d40b0aa9345c9856a3514557f978501a..735672fe6e749f3e01dd7299c57ccc8dbb1e406a 100644 (file)
 
 <form id="install-form" action="{{$baseurl}}/install" method="post">
 
-<input type="hidden" name="phpath" value="{{$phpath}}" />
-<input type="hidden" name="dbhost" value="{{$dbhost}}" />
-<input type="hidden" name="dbuser" value="{{$dbuser}}" />
-<input type="hidden" name="dbpass" value="{{$dbpass}}" />
-<input type="hidden" name="dbdata" value="{{$dbdata}}" />
+<input type="hidden" name="phpath" value="{{$phpath|escape:'html'}}" />
+<input type="hidden" name="dbhost" value="{{$dbhost|escape:'html'}}" />
+<input type="hidden" name="dbuser" value="{{$dbuser|escape:'html'}}" />
+<input type="hidden" name="dbpass" value="{{$dbpass|escape:'html'}}" />
+<input type="hidden" name="dbdata" value="{{$dbdata|escape:'html'}}" />
 <input type="hidden" name="pass" value="4" />
 
 {{include file="field_input.tpl" field=$adminmail}}
 {{$timezone}}
 
-<input id="install-submit" type="submit" name="submit" value="{{$submit}}" /> 
+<input id="install-submit" type="submit" name="submit" value="{{$submit|escape:'html'}}" /> 
 
 </form>
 
index a14bcf39e63484907cbd00bcd2fc2336730f220e..74fb53b589f5a91c127857225fd5796eb0218ea6 100644 (file)
@@ -4,13 +4,13 @@
 
 <p class="intro-desc">{{$str_notifytype}} {{$notify_type}}</p>
 <div class="intro-fullname" id="intro-fullname-{{$contact_id}}" >{{$fullname}}</div>
-<a class="intro-url-link" id="intro-url-link-{{$contact_id}}" href="{{$url}}" ><img id="photo-{{$contact_id}}" class="intro-photo" src="{{$photo}}" width="175" height=175" title="{{$fullname}}" alt="{{$fullname}}" /></a>
+<a class="intro-url-link" id="intro-url-link-{{$contact_id}}" href="{{$url}}" ><img id="photo-{{$contact_id}}" class="intro-photo" src="{{$photo}}" width="175" height=175" title="{{$fullname|escape:'html'}}" alt="{{$fullname|escape:'html'}}" /></a>
 <div class="intro-knowyou">{{$knowyou}}</div>
 <div class="intro-note" id="intro-note-{{$contact_id}}">{{$note}}</div>
 <div class="intro-wrapper-end" id="intro-wrapper-end-{{$contact_id}}"></div>
 <form class="intro-form" action="notifications/{{$intro_id}}" method="post">
-<input class="intro-submit-ignore" type="submit" name="submit" value="{{$ignore}}" />
-<input class="intro-submit-discard" type="submit" name="submit" value="{{$discard}}" />
+<input class="intro-submit-ignore" type="submit" name="submit" value="{{$ignore|escape:'html'}}" />
+<input class="intro-submit-discard" type="submit" name="submit" value="{{$discard|escape:'html'}}" />
 </form>
 <div class="intro-form-end"></div>
 
@@ -23,7 +23,7 @@
 
 {{$dfrn_text}}
 
-<input class="intro-submit-approve" type="submit" name="submit" value="{{$approve}}" />
+<input class="intro-submit-approve" type="submit" name="submit" value="{{$approve|escape:'html'}}" />
 </form>
 </div>
 <div class="intro-end"></div>
index 34c032fdc93d574edd53fbdebd536d67a9dbe39e..6fd8539c5acc45289f3ed04f61fa85329d1e14e6 100644 (file)
@@ -24,7 +24,7 @@
 </div>
 
 <div id="invite-submit-wrapper">
-<input type="submit" name="submit" value="{{$submit}}" />
+<input type="submit" name="submit" value="{{$submit|escape:'html'}}" />
 </div>
 
 </div>
index dba78e34fd322ef28904f3f284bcf42c503b0a70..e8e4e04f3cc07790022b2204a3f0235302e07241 100644 (file)
        <form id="profile-jot-form" action="{{$action}}" method="post" >
                <input type="hidden" name="type" value="{{$ptyp}}" />
                <input type="hidden" name="profile_uid" value="{{$profile_uid}}" />
-               <input type="hidden" name="return" value="{{$return_path}}" />
-               <input type="hidden" name="location" id="jot-location" value="{{$defloc}}" />
+               <input type="hidden" name="return" value="{{$return_path|escape:'html'}}" />
+               <input type="hidden" name="location" id="jot-location" value="{{$defloc|escape:'html'}}" />
                <input type="hidden" name="coord" id="jot-coord" value="" />
                <input type="hidden" name="post_id" value="{{$post_id}}" />
                <input type="hidden" name="preview" id="jot-preview" value="0" />
                <input type="hidden" name="post_id_random" value="{{$rand_num}}" />
-               <div id="jot-title-wrap"><input name="title" id="jot-title" type="text" placeholder="{{$placeholdertitle}}" value="{{$title}}" class="jothidden" style="display:none"></div>
+               <div id="jot-title-wrap"><input name="title" id="jot-title" type="text" placeholder="{{$placeholdertitle|escape:'html'}}" value="{{$title|escape:'html'}}" class="jothidden" style="display:none"></div>
                {{if $placeholdercategory}}
-               <div id="jot-category-wrap"><input name="category" id="jot-category" type="text" placeholder="{{$placeholdercategory}}" value="{{$category}}" class="jothidden" style="display:none" /></div>
+               <div id="jot-category-wrap"><input name="category" id="jot-category" type="text" placeholder="{{$placeholdercategory|escape:'html'}}" value="{{$category|escape:'html'}}" class="jothidden" style="display:none" /></div>
                {{/if}}
                <div id="jot-text-wrap">
                <img id="profile-jot-text-loading" src="images/rotator.gif" alt="{{$wait}}" title="{{$wait}}" style="display: none;" />
                </div>
 
 <div id="profile-jot-submit-wrapper" class="jothidden">
-       <input type="submit" id="profile-jot-submit" name="submit" value="{{$share}}" />
+       <input type="submit" id="profile-jot-submit" name="submit" value="{{$share|escape:'html'}}" />
 
        <div id="profile-upload-wrapper" style="display: {{$visitor}};" >
-               <div id="wall-image-upload-div" ><a href="#" onclick="return false;" id="wall-image-upload" class="icon camera" title="{{$upload}}"></a></div>
+               <div id="wall-image-upload-div" ><a href="#" onclick="return false;" id="wall-image-upload" class="icon camera" title="{{$upload|escape:'html'}}"></a></div>
        </div> 
        <div id="profile-attach-wrapper" style="display: {{$visitor}};" >
-               <div id="wall-file-upload-div" ><a href="#" onclick="return false;" id="wall-file-upload" class="icon attach" title="{{$attach}}"></a></div>
+               <div id="wall-file-upload-div" ><a href="#" onclick="return false;" id="wall-file-upload" class="icon attach" title="{{$attach|escape:'html'}}"></a></div>
        </div> 
 
        <div id="profile-link-wrapper" style="display: {{$visitor}};" ondragenter="linkdropper(event);" ondragover="linkdropper(event);" ondrop="linkdrop(event);" >
                <a id="profile-link" class="icon link" title="{{$weblink}}" ondragenter="return linkdropper(event);" ondragover="return linkdropper(event);" ondrop="linkdrop(event);" onclick="jotGetLink(); return false;"></a>
        </div> 
        <div id="profile-video-wrapper" style="display: {{$visitor}};" >
-               <a id="profile-video" class="icon video" title="{{$video}}" onclick="jotVideoURL();return false;"></a>
+               <a id="profile-video" class="icon video" title="{{$video|escape:'html'}}" onclick="jotVideoURL();return false;"></a>
        </div> 
        <div id="profile-audio-wrapper" style="display: {{$visitor}};" >
-               <a id="profile-audio" class="icon audio" title="{{$audio}}" onclick="jotAudioURL();return false;"></a>
+               <a id="profile-audio" class="icon audio" title="{{$audio|escape:'html'}}" onclick="jotAudioURL();return false;"></a>
        </div> 
        <div id="profile-location-wrapper" style="display: {{$visitor}};" >
-               <a id="profile-location" class="icon globe" title="{{$setloc}}" onclick="jotGetLocation();return false;"></a>
+               <a id="profile-location" class="icon globe" title="{{$setloc|escape:'html'}}" onclick="jotGetLocation();return false;"></a>
        </div> 
        <div id="profile-nolocation-wrapper" style="display: none;" >
-               <a id="profile-nolocation" class="icon noglobe" title="{{$noloc}}" onclick="jotClearLocation();return false;"></a>
+               <a id="profile-nolocation" class="icon noglobe" title="{{$noloc|escape:'html'}}" onclick="jotClearLocation();return false;"></a>
        </div> 
 
        <div id="profile-jot-perms" class="profile-jot-perms" style="display: {{$pvisit}};" >
-               <a href="#profile-jot-acl-wrapper" id="jot-perms-icon" class="icon {{$lockstate}}"  title="{{$permset}}" ></a>{{$bang}}
+               <a href="#profile-jot-acl-wrapper" id="jot-perms-icon" class="icon {{$lockstate}}"  title="{{$permset|escape:'html'}}" ></a>{{$bang}}
        </div>
 
        <!-- {{if $preview}}<span onclick="preview_post();" id="jot-preview-link" class="fakelink">{{$preview}}</span>{{/if}} -->
-       {{if $preview}}<input type="submit" onclick="preview_post(); return false;" id="jot-preview-link" value="{{$preview}}" />{{/if}}
+       {{if $preview}}<input type="submit" onclick="preview_post(); return false;" id="jot-preview-link" value="{{$preview|escape:'html'}}" />{{/if}}
 
        <div id="profile-jot-perms-end"></div>
 
@@ -66,7 +66,7 @@
        </div>
 
        <div id="profile-rotator-wrapper" style="display: {{$visitor}};" >
-               <img id="profile-rotator" src="images/rotator.gif" alt="{{$wait}}" title="{{$wait}}" style="display: none;" />
+               <img id="profile-rotator" src="images/rotator.gif" alt="{{$wait}}" title="{{$wait|escape:'html'}}" style="display: none;" />
        </div> 
        
        <div id="jot-preview-content" style="display:none;"></div>
@@ -75,7 +75,7 @@
                <div id="profile-jot-acl-wrapper" style="width:auto;height:auto;overflow:auto;">
                        {{$acl}}
                        <hr style="clear:both"/>
-                       <div id="profile-jot-email-label">{{$emailcc}}</div><input type="text" name="emailcc" id="profile-jot-email" title="{{$emtitle}}" />
+                       <div id="profile-jot-email-label">{{$emailcc}}</div><input type="text" name="emailcc" id="profile-jot-email" title="{{$emtitle|escape:'html'}}" />
                        <div id="profile-jot-email-end"></div>
                        {{$jotnets}}
                </div>
index 484d88fe357a0ea803bce0212bb4bac00a6bb560..f5fe8bea5677f509353f20461e2b7463c71c1215 100644 (file)
@@ -4,7 +4,7 @@
        <form action="#" method="post" >
                <select name="system_language" onchange="this.form.submit();" >
                        {{foreach $langs.0 as $v=>$l}}
-                               <option value="{{$v}}" {{if $v==$langs.1}}selected="selected"{{/if}}>{{$l}}</option>
+                               <option value="{{$v|escape:'html'}}" {{if $v==$langs.1}}selected="selected"{{/if}}>{{$l}}</option>
                        {{/foreach}}
                </select>
        </form>
index 57c735d8f9eb47a833bc1773b3aa2527105911c9..37d105c087b0c53367ee7dd6d3d81970c9dc3201 100644 (file)
        {{include file="field_checkbox.tpl" field=$lremember}}
 
        <div id="login-extra-links">
-               {{if $register}}<a href="register" title="{{$register.title}}" id="register-link">{{$register.desc}}</a>{{/if}}
-        <a href="lostpass" title="{{$lostpass}}" id="lost-password-link" >{{$lostlink}}</a>
+               {{if $register}}<a href="register" title="{{$register.title|escape:'html'}}" id="register-link">{{$register.desc}}</a>{{/if}}
+        <a href="lostpass" title="{{$lostpass|escape:'html'}}" id="lost-password-link" >{{$lostlink}}</a>
        </div>
        
        <div id="login-submit-wrapper" >
-               <input type="submit" name="submit" id="login-submit-button" value="{{$login}}" />
+               <input type="submit" name="submit" id="login-submit-button" value="{{$login|escape:'html'}}" />
        </div>
        
        {{foreach $hiddens as $k=>$v}}
-               <input type="hidden" name="{{$k}}" value="{{$v}}" />
+               <input type="hidden" name="{{$k}}" value="{{$v|escape:'html'}}" />
        {{/foreach}}
        
        
index ba66f831cc3874c8cb0493669d1d7818818403a1..343088d5582719652e169c32fb8151b0ae46640d 100644 (file)
@@ -2,6 +2,6 @@
 <form action="{{$dest_url}}" method="post" >
 <div class="logout-wrapper">
 <input type="hidden" name="auth-params" value="logout" />
-<input type="submit" name="submit" id="logout-button" value="{{$logout}}" />
+<input type="submit" name="submit" id="logout-button" value="{{$logout|escape:'html'}}" />
 </div>
 </form>
index e28586082044a99b63f17c3b67e533bd286495ff..3dfbb7a2375b094559236d416f536082ff3e94f5 100644 (file)
@@ -12,7 +12,7 @@
 </div>
 <div id="login-extra-end"></div>
 <div id="login-submit-wrapper" >
-        <input type="submit" name="submit" id="lostpass-submit-button" value="{{$submit}}" />
+        <input type="submit" name="submit" id="lostpass-submit-button" value="{{$submit|escape:'html'}}" />
 </div>
 <div id="login-submit-end"></div>
 </form>
index f61e133d0541cefe9579f81c04600a5a85f3e4bc..6e5eb22e7b3135e117f114947fca2be79d9d5d86 100644 (file)
@@ -4,27 +4,27 @@
                                <input type="hidden" name="type" value="{{$type}}" />
                                <input type="hidden" name="profile_uid" value="{{$profile_uid}}" />
                                <input type="hidden" name="parent" value="{{$parent}}" />
-                               <input type="hidden" name="return" value="{{$return_path}}" />
+                               <input type="hidden" name="return" value="{{$return_path|escape:'html'}}" />
                                <input type="hidden" name="jsreload" value="{{$jsreload}}" />
                                <input type="hidden" name="preview" id="comment-preview-inp-{{$id}}" value="0" />
 
                                <div class="comment-edit-photo" id="comment-edit-photo-{{$id}}" >
-                                       <a class="comment-edit-photo-link" href="{{$mylink}}" title="{{$mytitle}}"><img class="my-comment-photo" src="{{$myphoto}}" alt="{{$mytitle}}" title="{{$mytitle}}" /></a>
+                                       <a class="comment-edit-photo-link" href="{{$mylink}}" title="{{$mytitle|escape:'html'}}"><img class="my-comment-photo" src="{{$myphoto}}" alt="{{$mytitle|escape:'html'}}" title="{{$mytitle|escape:'html'}}" /></a>
                                </div>
                                <div class="comment-edit-photo-end"></div>
                                <div id="mod-cmnt-wrap-{{$id}}" class="mod-cmnt-wrap" style="display:none">
                                        <div id="mod-cmnt-name-lbl-{{$id}}" class="mod-cmnt-name-lbl">{{$lbl_modname}}</div>
-                                       <input type="text" id="mod-cmnt-name-{{$id}}" class="mod-cmnt-name" name="mod-cmnt-name" value="{{$modname}}" />
+                                       <input type="text" id="mod-cmnt-name-{{$id}}" class="mod-cmnt-name" name="mod-cmnt-name" value="{{$modname|escape:'html'}}" />
                                        <div id="mod-cmnt-email-lbl-{{$id}}" class="mod-cmnt-email-lbl">{{$lbl_modemail}}</div>
-                                       <input type="text" id="mod-cmnt-email-{{$id}}" class="mod-cmnt-email" name="mod-cmnt-email" value="{{$modemail}}" />
+                                       <input type="text" id="mod-cmnt-email-{{$id}}" class="mod-cmnt-email" name="mod-cmnt-email" value="{{$modemail|escape:'html'}}" />
                                        <div id="mod-cmnt-url-lbl-{{$id}}" class="mod-cmnt-url-lbl">{{$lbl_modurl}}</div>
-                                       <input type="text" id="mod-cmnt-url-{{$id}}" class="mod-cmnt-url" name="mod-cmnt-url" value="{{$modurl}}" />
+                                       <input type="text" id="mod-cmnt-url-{{$id}}" class="mod-cmnt-url" name="mod-cmnt-url" value="{{$modurl|escape:'html'}}" />
                                </div>
                                <textarea id="comment-edit-text-{{$id}}" class="comment-edit-text-empty" name="body" onFocus="commentOpen(this,{{$id}});" onBlur="commentClose(this,{{$id}});" >{{$comment}}</textarea>
 
                                <div class="comment-edit-text-end"></div>
                                <div class="comment-edit-submit-wrapper" id="comment-edit-submit-wrapper-{{$id}}" style="display: none;" >
-                                       <input type="submit" onclick="post_comment({{$id}}); return false;" id="comment-edit-submit-{{$id}}" class="comment-edit-submit" name="submit" value="{{$submit}}" />
+                                       <input type="submit" onclick="post_comment({{$id}}); return false;" id="comment-edit-submit-{{$id}}" class="comment-edit-submit" name="submit" value="{{$submit|escape:'html'}}" />
                                        <span onclick="preview_comment({{$id}});" id="comment-edit-preview-link-{{$id}}" class="fakelink">{{$preview}}</span>
                                        <div id="comment-edit-preview-{{$id}}" class="comment-edit-preview" style="display:none;"></div>
                                </div>
index ab2a845fcecae554a9a3061aa3a9d00a3513e9da..5604ff9a366fad4ced204e820a91a59a4ccc7545 100644 (file)
@@ -16,6 +16,6 @@
 </select>
 <br />
 <br />
-<input type="submit" name="submit" value="{{$submit}}" />
+<input type="submit" name="submit" value="{{$submit|escape:'html'}}" />
 </form>
 
index 10d9d5069dc70d5130ab80d5ad48ef5599129fbc..d513d6b2efde4b1125dfaab769806fde94ccc2cb 100644 (file)
@@ -7,5 +7,5 @@
 </div>
 <h3>{{$authorize}}</h3>
 <form method="POST">
-<div class="settings-submit-wrapper"><input  class="settings-submit"  type="submit" name="oauth_yes" value="{{$yes}}" /></div>
+<div class="settings-submit-wrapper"><input  class="settings-submit"  type="submit" name="oauth_yes" value="{{$yes|escape:'html'}}" /></div>
 </form>
index 4f88a1e426ec46753c2bbad8571760958bca4bac..de8cd011b4b1e1362daa8cd4b05762b93d060afe 100644 (file)
@@ -3,7 +3,7 @@
        <h3>{{$findpeople}}</h3>
        <div id="peoplefind-desc">{{$desc}}</div>
        <form action="dirfind" method="post" />
-               <input id="side-peoplefind-url" type="text" name="search" size="24" title="{{$hint}}" /><input id="side-peoplefind-submit" type="submit" name="submit" value="{{$findthem}}" />
+               <input id="side-peoplefind-url" type="text" name="search" size="24" title="{{$hint|escape:'html'}}" /><input id="side-peoplefind-submit" type="submit" name="submit" value="{{$findthem|escape:'html'}}" />
        </form>
        <div class="side-link" id="side-match-link"><a href="match" >{{$similar}}</a></div>
        <div class="side-link" id="side-suggest-link"><a href="suggest" >{{$suggest}}</a></div>
index 391543615c8dd0a320d8a33cdf687648eab3dbf1..d5e4397a1611cefbe68f8eba57df8f800d9c5f0a 100644 (file)
@@ -5,12 +5,12 @@
        <input type="hidden" name="item_id" value="{{$item_id}}" />
 
        <label id="photo-edit-albumname-label" for="photo-edit-albumname">{{$newalbum}}</label>
-       <input id="photo-edit-albumname" type="text" size="32" name="albname" value="{{$album}}" />
+       <input id="photo-edit-albumname" type="text" size="32" name="albname" value="{{$album|escape:'html'}}" />
 
        <div id="photo-edit-albumname-end"></div>
 
        <label id="photo-edit-caption-label" for="photo-edit-caption">{{$capt_label}}</label>
-       <input id="photo-edit-caption" type="text" size="84" name="desc" value="{{$caption}}" />
+       <input id="photo-edit-caption" type="text" size="84" name="desc" value="{{$caption|escape:'html'}}" />
 
        <div id="photo-edit-caption-end"></div>
 
@@ -42,8 +42,8 @@
        </div>
        <div id="photo-edit-perms-end"></div>
 
-       <input id="photo-edit-submit-button" type="submit" name="submit" value="{{$submit}}" />
-       <input id="photo-edit-delete-button" type="submit" name="delete" value="{{$delete}}" onclick="return confirmDelete()"; />
+       <input id="photo-edit-submit-button" type="submit" name="submit" value="{{$submit|escape:'html'}}" />
+       <input id="photo-edit-delete-button" type="submit" name="delete" value="{{$delete|escape:'html'}}" onclick="return confirmDelete()"; />
 
        <div id="photo-edit-end"></div>
 </form>
index e178e977a710917510436e700a034e6c85928cf1..91444e2d55473a8770247221cc62d100a39dfc69 100644 (file)
@@ -1,4 +1,4 @@
 
 <div class="photos-upload-submit-wrapper" >
-       <input type="submit" name="submit" value="{{$submit}}" id="photos-upload-submit" />
+       <input type="submit" name="submit" value="{{$submit|escape:'html'}}" id="photos-upload-submit" />
 </div>
index 06a3ec27c61e56c4a35fd0914e576ccad0ffee6f..857dfb2003893c6f7907b6cf677ebfae235202c2 100644 (file)
@@ -9,7 +9,7 @@
 
 <div id="poke-recip-label">{{$clabel}}</div>
 <br />
-<input id="poke-recip" type="text" size="64" maxlength="255" value="{{$name}}" name="pokename" autocomplete="off" />
+<input id="poke-recip" type="text" size="64" maxlength="255" value="{{$name|escape:'html'}}" name="pokename" autocomplete="off" />
 <input id="poke-recip-complete" type="hidden" value="{{$id}}" name="cid" />
 <input id="poke-parent" type="hidden" value="{{$parent}}" name="parent" />
 <br />
@@ -28,6 +28,6 @@
 <input type="checkbox" name="private" {{if $parent}}disabled="disabled"{{/if}} value="1" />
 <br />
 <br />
-<input type="submit" name="submit" value="{{$submit}}" />
+<input type="submit" name="submit" value="{{$submit|escape:'html'}}" />
 </form>
 
index b68ec5081d24078a7c75555014236b378b1db736..480add44042ea942bb94978048a13d012c6f69e3 100644 (file)
@@ -5,11 +5,11 @@
 
 <div id="profile-edit-links">
 <ul>
-<li><a href="profile_photo" id="profile-photo_upload-link" title="{{$profpic}}">{{$profpic}}</a></li>
-<li><a href="profile/{{$profile_id}}/view?tab=profile" id="profile-edit-view-link" title="{{$viewprof}}">{{$viewprof}}</a></li>
-<li><a href="{{$profile_clone_link}}" id="profile-edit-clone-link" title="{{$cr_prof}}">{{$cl_prof}}</a></li>
+<li><a href="profile_photo" id="profile-photo_upload-link" title="{{$profpic|escape:'html'}}">{{$profpic}}</a></li>
+<li><a href="profile/{{$profile_id}}/view?tab=profile" id="profile-edit-view-link" title="{{$viewprof|escape:'html'}}">{{$viewprof}}</a></li>
+<li><a href="{{$profile_clone_link}}" id="profile-edit-clone-link" title="{{$cr_prof|escape:'html'}}">{{$cl_prof}}</a></li>
 <li></li>
-<li><a href="{{$profile_drop_link}}" id="profile-edit-drop-link" title="{{$del_prof}}" {{$disabled}} >{{$del_prof}}</a></li>
+<li><a href="{{$profile_drop_link}}" id="profile-edit-drop-link" title="{{$del_prof|escape:'html'}}" {{$disabled}} >{{$del_prof}}</a></li>
 
 </ul>
 </div>
 
 <div id="profile-edit-profile-name-wrapper" >
 <label id="profile-edit-profile-name-label" for="profile-edit-profile-name" >{{$lbl_profname}} </label>
-<input type="text" size="32" name="profile_name" id="profile-edit-profile-name" value="{{$profile_name}}" /><div class="required">*</div>
+<input type="text" size="32" name="profile_name" id="profile-edit-profile-name" value="{{$profile_name|escape:'html'}}" /><div class="required">*</div>
 </div>
 <div id="profile-edit-profile-name-end"></div>
 
 <div id="profile-edit-name-wrapper" >
 <label id="profile-edit-name-label" for="profile-edit-name" >{{$lbl_fullname}} </label>
-<input type="text" size="32" name="name" id="profile-edit-name" value="{{$name}}" />
+<input type="text" size="32" name="name" id="profile-edit-name" value="{{$name|escape:'html'}}" />
 </div>
 <div id="profile-edit-name-end"></div>
 
 <div id="profile-edit-pdesc-wrapper" >
 <label id="profile-edit-pdesc-label" for="profile-edit-pdesc" >{{$lbl_title}} </label>
-<input type="text" size="32" name="pdesc" id="profile-edit-pdesc" value="{{$pdesc}}" />
+<input type="text" size="32" name="pdesc" id="profile-edit-pdesc" value="{{$pdesc|escape:'html'}}" />
 </div>
 <div id="profile-edit-pdesc-end"></div>
 
 
 <div id="profile-edit-address-wrapper" >
 <label id="profile-edit-address-label" for="profile-edit-address" >{{$lbl_address}} </label>
-<input type="text" size="32" name="address" id="profile-edit-address" value="{{$address}}" />
+<input type="text" size="32" name="address" id="profile-edit-address" value="{{$address|escape:'html'}}" />
 </div>
 <div id="profile-edit-address-end"></div>
 
 <div id="profile-edit-locality-wrapper" >
 <label id="profile-edit-locality-label" for="profile-edit-locality" >{{$lbl_city}} </label>
-<input type="text" size="32" name="locality" id="profile-edit-locality" value="{{$locality}}" />
+<input type="text" size="32" name="locality" id="profile-edit-locality" value="{{$locality|escape:'html'}}" />
 </div>
 <div id="profile-edit-locality-end"></div>
 
 
 <div id="profile-edit-postal-code-wrapper" >
 <label id="profile-edit-postal-code-label" for="profile-edit-postal-code" >{{$lbl_zip}} </label>
-<input type="text" size="32" name="postal_code" id="profile-edit-postal-code" value="{{$postal_code}}" />
+<input type="text" size="32" name="postal_code" id="profile-edit-postal-code" value="{{$postal_code|escape:'html'}}" />
 </div>
 <div id="profile-edit-postal-code-end"></div>
 
 
 <div id="profile-edit-hometown-wrapper" >
 <label id="profile-edit-hometown-label" for="profile-edit-hometown" >{{$lbl_hometown}} </label>
-<input type="text" size="32" name="hometown" id="profile-edit-hometown" value="{{$hometown}}" />
+<input type="text" size="32" name="hometown" id="profile-edit-hometown" value="{{$hometown|escape:'html'}}" />
 </div>
 <div id="profile-edit-hometown-end"></div>
 
 <label id="profile-edit-with-label" for="profile-edit-with" > {{$lbl_with}} </label>
 <input type="text" size="32" name="with" id="profile-edit-with" title="{{$lbl_ex1}}" value="{{$with}}" />
 <label id="profile-edit-howlong-label" for="profile-edit-howlong" > {{$lbl_howlong}} </label>
-<input type="text" size="32" name="howlong" id="profile-edit-howlong" title="{{$lbl_howlong}}" value="{{$howlong}}" />
+<input type="text" size="32" name="howlong" id="profile-edit-howlong" title="{{$lbl_howlong}}" value="{{$howlong|escape:'html'}}" />
 
 <div id="profile-edit-marital-end"></div>
 
 
 <div id="profile-edit-homepage-wrapper" >
 <label id="profile-edit-homepage-label" for="profile-edit-homepage" >{{$lbl_homepage}} </label>
-<input type="url" size="32" name="homepage" id="profile-edit-homepage" value="{{$homepage}}" />
+<input type="url" size="32" name="homepage" id="profile-edit-homepage" value="{{$homepage|escape:'html'}}" />
 </div>
 <div id="profile-edit-homepage-end"></div>
 
 <div id="profile-edit-politic-wrapper" >
 <label id="profile-edit-politic-label" for="profile-edit-politic" >{{$lbl_politic}} </label>
-<input type="text" size="32" name="politic" id="profile-edit-politic" value="{{$politic}}" />
+<input type="text" size="32" name="politic" id="profile-edit-politic" value="{{$politic|escape:'html'}}" />
 </div>
 <div id="profile-edit-politic-end"></div>
 
 <div id="profile-edit-religion-wrapper" >
 <label id="profile-edit-religion-label" for="profile-edit-religion" >{{$lbl_religion}} </label>
-<input type="text" size="32" name="religion" id="profile-edit-religion" value="{{$religion}}" />
+<input type="text" size="32" name="religion" id="profile-edit-religion" value="{{$religion|escape:'html'}}" />
 </div>
 <div id="profile-edit-religion-end"></div>
 
 <div id="profile-edit-pubkeywords-wrapper" >
 <label id="profile-edit-pubkeywords-label" for="profile-edit-pubkeywords" >{{$lbl_pubkey}} </label>
-<input type="text" size="32" name="pub_keywords" id="profile-edit-pubkeywords" title="{{$lbl_ex2}}" value="{{$pub_keywords}}" />
+<input type="text" size="32" name="pub_keywords" id="profile-edit-pubkeywords" title="{{$lbl_ex2}}" value="{{$pub_keywords|escape:'html'}}" />
 </div><div id="profile-edit-pubkeywords-desc">{{$lbl_pubdsc}}</div>
 <div id="profile-edit-pubkeywords-end"></div>
 
 <div id="profile-edit-prvkeywords-wrapper" >
 <label id="profile-edit-prvkeywords-label" for="profile-edit-prvkeywords" >{{$lbl_prvkey}} </label>
-<input type="text" size="32" name="prv_keywords" id="profile-edit-prvkeywords" title="{{$lbl_ex2}}" value="{{$prv_keywords}}" />
+<input type="text" size="32" name="prv_keywords" id="profile-edit-prvkeywords" title="{{$lbl_ex2}}" value="{{$prv_keywords|escape:'html'}}" />
 </div><div id="profile-edit-prvkeywords-desc">{{$lbl_prvdsc}}</div>
 <div id="profile-edit-prvkeywords-end"></div>
 
index d0ae4f87dc5b14819bb63259dafc3fc4ec5de245..1695d01e273d3d6118818286da5575a4fa3c0796 100644 (file)
@@ -17,7 +17,7 @@
 </select>
 
 <div id="profile-photo-submit-wrapper">
-<input type="submit" name="submit" id="profile-photo-submit" value="{{$submit}}">
+<input type="submit" name="submit" id="profile-photo-submit" value="{{$submit|escape:'html'}}">
 </div>
 
 </form>
index d419d4d9b353ddc8cdebcfb73e630caddba0d4b1..654671af0ecd8e3e13852b0d7ed0677d7d7f7753 100644 (file)
 
 
 <div id="prvmail-submit-wrapper" >
-       <input type="submit" id="prvmail-submit" name="submit" value="{{$submit}}" tabindex="13" />
+       <input type="submit" id="prvmail-submit" name="submit" value="{{$submit|escape:'html'}}" tabindex="13" />
        <div id="prvmail-upload-wrapper" >
-               <div id="prvmail-upload" class="icon border camera" title="{{$upload}}" ></div>
+               <div id="prvmail-upload" class="icon border camera" title="{{$upload|escape:'html'}}" ></div>
        </div> 
        <div id="prvmail-link-wrapper" >
-               <div id="prvmail-link" class="icon border link" title="{{$insert}}" onclick="jotGetLink();" ></div>
+               <div id="prvmail-link" class="icon border link" title="{{$insert|escape:'html'}}" onclick="jotGetLink();" ></div>
        </div> 
        <div id="prvmail-rotator-wrapper" >
-               <img id="prvmail-rotator" src="images/rotator.gif" alt="{{$wait}}" title="{{$wait}}" style="display: none;" />
+               <img id="prvmail-rotator" src="images/rotator.gif" alt="{{$wait|escape:'html'}}" title="{{$wait|escape:'html'}}" style="display: none;" />
        </div> 
 </div>
 <div id="prvmail-end"></div>
index aacf76529ea91a893395733f528728c67bc6b3bb..8a941145ab8b4268226cce6625670d1612d67d1f 100644 (file)
@@ -14,7 +14,7 @@
 
 {{if $oidlabel}}
        <div id="register-openid-wrapper" >
-       <label for="register-openid" id="label-register-openid" >{{$oidlabel}}</label><input    type="text" maxlength="60" size="32" name="openid_url" class="openid" id="register-openid" value="{{$openid}}" >
+       <label for="register-openid" id="label-register-openid" >{{$oidlabel}}</label><input    type="text" maxlength="60" size="32" name="openid_url" class="openid" id="register-openid" value="{{$openid|escape:'html'}}" >
        </div>
        <div id="register-openid-end" ></div>
 {{/if}}
 
        <div id="register-name-wrapper" >
                <label for="register-name" id="label-register-name" >{{$namelabel}}</label>
-               <input type="text" maxlength="60" size="32" name="username" id="register-name" value="{{$username}}" >
+               <input type="text" maxlength="60" size="32" name="username" id="register-name" value="{{$username|escape:'html'}}" >
        </div>
        <div id="register-name-end" ></div>
 
 
        <div id="register-email-wrapper" >
                <label for="register-email" id="label-register-email" >{{$addrlabel}}</label>
-               <input type="text" maxlength="60" size="32" name="email" id="register-email" value="{{$email}}" >
+               <input type="text" maxlength="60" size="32" name="email" id="register-email" value="{{$email|escape:'html'}}" >
        </div>
        <div id="register-email-end" ></div>
 
 
        <div id="register-nickname-wrapper" >
                <label for="register-nickname" id="label-register-nickname" >{{$nicklabel}}</label>
-               <input type="text" maxlength="60" size="32" name="nickname" id="register-nickname" value="{{$nickname}}" ><div id="register-sitename">@{{$sitename}}</div>
+               <input type="text" maxlength="60" size="32" name="nickname" id="register-nickname" value="{{$nickname|escape:'html'}}" ><div id="register-sitename">@{{$sitename}}</div>
        </div>
        <div id="register-nickname-end" ></div>
 
        {{$publish}}
 
        <div id="register-submit-wrapper">
-               <input type="submit" name="submit" id="register-submit-button" value="{{$regbutt}}" />
+               <input type="submit" name="submit" id="register-submit-button" value="{{$regbutt|escape:'html'}}" />
        </div>
        <div id="register-submit-end" ></div>
 
index 4148f94e5f8548a081a7b99e6eafb99c194bbce3..4acfb9ff1a3589ea908c8699b09dc35a960dc880 100644 (file)
@@ -14,7 +14,7 @@
 </div>
 <div id="remove-account-pass-end"></div>
 
-<input type="submit" name="submit" value="{{$submit}}" />
+<input type="submit" name="submit" value="{{$submit|escape:'html'}}" />
 
 </form>
 </div>
diff --git a/view/templates/scroll_loader.tpl b/view/templates/scroll_loader.tpl
new file mode 100644 (file)
index 0000000..4adaa96
--- /dev/null
@@ -0,0 +1,8 @@
+<div id="scroll-loader" class="pager" style="display: none;">
+       <img class="scroll_loader_image" src="images/rotator.gif" />
+       <span class="scroll_loader_text">{{$wait}}</span>
+</div>
+
+<div id="scroll-end" class="pager" style="display: none;">
+       <span class="scroll_loader_text">{{$end}}</span>
+</div>
index a3d4bf72db7f50f58a8a37fc386a2c3f410fbe83..323b614ef63d5111a4d94238be006b0d9031b0ac 100644 (file)
@@ -16,7 +16,7 @@
 {{/if}}
 
 <div class="settings-submit-wrapper" >
-<input type="submit" name="submit" class="settings-submit" value="{{$submit}}" />
+<input type="submit" name="submit" class="settings-submit" value="{{$submit|escape:'html'}}" />
 </div>
 </div>
 
@@ -32,7 +32,7 @@
 
 
 <div class="settings-submit-wrapper" >
-<input type="submit" name="submit" class="settings-submit" value="{{$submit}}" />
+<input type="submit" name="submit" class="settings-submit" value="{{$submit|escape:'html'}}" />
 </div>
 </div>
 
 
 
 <div class="settings-submit-wrapper" >
-<input type="submit" name="submit" class="settings-submit" value="{{$submit}}" />
+<input type="submit" name="submit" class="settings-submit" value="{{$submit|escape:'html'}}" />
 </div>
 </div>
 
 </div>
 
 <div class="settings-submit-wrapper" >
-<input type="submit" name="submit" class="settings-submit" value="{{$submit}}" />
+<input type="submit" name="submit" class="settings-submit" value="{{$submit|escape:'html'}}" />
 </div>
 </div>
 
 {{$pagetype}}
 
 <div class="settings-submit-wrapper" >
-<input type="submit" name="submit" class="settings-submit" value="{{$submit}}" />
+<input type="submit" name="submit" class="settings-submit" value="{{$submit|escape:'html'}}" />
 </div>
 </div>
 
 <div id="settings-pagetype-desc">{{$relocate_text}}</div>
 
 <div class="settings-submit-wrapper" >
-<input type="submit" name="resend_relocate" class="settings-submit" value="{{$relocate_button}}" />
+<input type="submit" name="resend_relocate" class="settings-submit" value="{{$relocate_button|escape:'html'}}" />
 </div>
 </div>
 
index 87103b6bbce762c6a4a58369f94369605f108841..bdb928f5b5f6c2db6e4588572eb47f9005ebd837 100644 (file)
@@ -32,7 +32,7 @@
        {{include file="field_input.tpl" field=$mail_movetofolder}}
 
        <div class="settings-submit-wrapper" >
-               <input type="submit" id="imap-submit" name="imap-submit" class="settings-submit" value="{{$submit}}" />
+               <input type="submit" id="imap-submit" name="imap-submit" class="settings-submit" value="{{$submit|escape:'html'}}" />
        </div>
        </div>
 {{/if}}
index 81e73e09cc4312f7d290e7299ea275f75d92c47b..12cdd3d668a29a9936f47259b19f7a43b5a953c0 100644 (file)
@@ -16,7 +16,7 @@
 
 
 <div class="settings-submit-wrapper" >
-<input type="submit" name="submit" class="settings-submit" value="{{$submit}}" />
+<input type="submit" name="submit" class="settings-submit" value="{{$submit|escape:'html'}}" />
 </div>
 
 {{if $theme_config}}
index 2793e477b1dbde77b59915284ac6f916c9f674ed..eb3f67f8136d5d1c6bad619195ad97c72c6d0418 100644 (file)
@@ -13,7 +13,7 @@
        {{include file="field_yesno.tpl" field=$fcat}}
 {{/foreach}}
 <div class="settings-submit-wrapper" >
-<input type="submit" name="submit" class="settings-features-submit" value="{{$submit}}" />
+<input type="submit" name="submit" class="settings-features-submit" value="{{$submit|escape:'html'}}" />
 </div>
 </div>
 {{/foreach}}
index edb0ff63ec16738aacfb4a0c0d6a373530845576..164930ecbad5a37c8b97932605b01a4be2f6da0a 100644 (file)
@@ -23,8 +23,8 @@
                        {{/if}}
                {{/if}}
                {{if $app.my}}
-               <a href="{{$baseurl}}/settings/oauth/edit/{{$app.client_id}}" class="icon s22 edit" title="{{$edit}}">&nbsp;</a>
-               <a href="{{$baseurl}}/settings/oauth/delete/{{$app.client_id}}?t={{$form_security_token}}" class="icon s22 delete" title="{{$delete}}">&nbsp;</a>
+               <a href="{{$baseurl}}/settings/oauth/edit/{{$app.client_id}}" class="icon s22 edit" title="{{$edit|escape:'html'}}">&nbsp;</a>
+               <a href="{{$baseurl}}/settings/oauth/delete/{{$app.client_id}}?t={{$form_security_token}}" class="icon s22 delete" title="{{$delete|escape:'html'}}">&nbsp;</a>
                {{/if}}         
        </div>
        {{/foreach}}
index eed9f6ea339da473d854bfa3055bfe9bd976031d..9019981542a34772d6d609c45bdbd938a6d912fb 100644 (file)
@@ -11,7 +11,7 @@
 {{include file="field_input.tpl" field=$icon}}
 
 <div class="settings-submit-wrapper" >
-<input type="submit" name="submit" class="settings-submit" value="{{$submit}}" />
+<input type="submit" name="submit" class="settings-submit" value="{{$submit|escape:'html'}}" />
 <!-- <input type="submit" name="cancel" class="settings-submit" value="{{$cancel}}" /> -->
 </div>
 
index eb273b446310e73c7024d0d5844f4b3c1bc381b2..e2acaa59248d515433636bbb9b1d2cebbc09b609 100644 (file)
@@ -5,18 +5,18 @@
 <p class="intro-desc">{{$str_notifytype}} {{$notify_type}}</p>
 <div class="intro-madeby">{{$madeby}}</div>
 <div class="intro-fullname" >{{$fullname}}</div>
-<a class="intro-url-link" href="{{$url}}" ><img class="intro-photo lframe" src="{{$photo}}" width="175" height=175" title="{{$fullname}}" alt="{{$fullname}}" /></a>
+<a class="intro-url-link" href="{{$url}}" ><img class="intro-photo lframe" src="{{$photo}}" width="175" height=175" title="{{$fullname|escape:'html'}}" alt="{{$fullname|escape:'html'}}" /></a>
 <div class="intro-note" >{{$note}}</div>
 <div class="intro-wrapper-end"></div>
 <form class="intro-form" action="notifications/{{$intro_id}}" method="post">
-<input class="intro-submit-ignore" type="submit" name="submit" value="{{$ignore}}" />
-<input class="intro-submit-discard" type="submit" name="submit" value="{{$discard}}" />
+<input class="intro-submit-ignore" type="submit" name="submit" value="{{$ignore|escape:'html'}}" />
+<input class="intro-submit-discard" type="submit" name="submit" value="{{$discard|escape:'html'}}" />
 </form>
 <div class="intro-form-end"></div>
 
 <form class="intro-approve-form" action="{{$request}}" method="get">
 {{include file="field_checkbox.tpl" field=$hidden}}
-<input class="intro-submit-approve" type="submit" name="submit" value="{{$approve}}" />
+<input class="intro-submit-approve" type="submit" name="submit" value="{{$approve|escape:'html'}}" />
 </form>
 </div>
 <div class="intro-end"></div>
index 05c79ab75763ae66ba2bc38c7a7067463c4fd870..0aca00a05f4c9f2d4203be3fe6923468626b94e2 100644 (file)
@@ -8,7 +8,7 @@
      \r
      \r
        <div id="register-submit-wrapper">\r
-               <input type="submit" name="submit" id="register-submit-button" value="{{$regbutt}}" />\r
+               <input type="submit" name="submit" id="register-submit-button" value="{{$regbutt|escape:'html'}}" />\r
        </div>\r
        <div id="register-submit-end" ></div>    \r
 </form>\r
index b38027a8da05459c955f4b35765202f93f4ec81f..2eb741c597e73db17cb3ffdd870e0afdcba20467 100644 (file)
@@ -12,7 +12,7 @@
                <div class="wall-item-info{{if $item.owner_url}} wallwall{{/if}}" id="wall-item-info-{{$item.id}}">
                        {{if $item.owner_url}}
                        <div class="wall-item-photo-wrapper wwto" id="wall-item-ownerphoto-wrapper-{{$item.id}}" >
-                               <a href="{{$item.owner_url}}" target="redir" title="{{$item.olinktitle}}" class="wall-item-photo-link" id="wall-item-ownerphoto-link-{{$item.id}}">
+                               <a href="{{$item.owner_url}}" target="redir" title="{{$item.olinktitle|escape:'html'}}" class="wall-item-photo-link" id="wall-item-ownerphoto-link-{{$item.id}}">
                                <img src="{{$item.owner_photo}}" class="wall-item-photo{{$item.osparkle}}" id="wall-item-ownerphoto-{{$item.id}}" style="height: 80px; width: 80px;" alt="{{$item.owner_name}}" /></a>
                        </div>
                        <div class="wall-item-arrowphoto-wrapper" ><img src="images/larrow.gif" alt="{{$item.wall}}" /></div>
@@ -20,7 +20,7 @@
                        <div class="wall-item-photo-wrapper{{if $item.owner_url}} wwfrom{{/if}}" id="wall-item-photo-wrapper-{{$item.id}}" 
                                onmouseover="if (typeof t{{$item.id}} != 'undefined') clearTimeout(t{{$item.id}}); openMenu('wall-item-photo-menu-button-{{$item.id}}')"
                 onmouseout="t{{$item.id}}=setTimeout('closeMenu(\'wall-item-photo-menu-button-{{$item.id}}\'); closeMenu(\'wall-item-photo-menu-{{$item.id}}\');',200)">
-                               <a href="{{$item.profile_url}}" target="redir" title="{{$item.linktitle}}" class="wall-item-photo-link" id="wall-item-photo-link-{{$item.id}}">
+                               <a href="{{$item.profile_url}}" target="redir" title="{{$item.linktitle|escape:'html'}}" class="wall-item-photo-link" id="wall-item-photo-link-{{$item.id}}">
                                <img src="{{$item.thumb}}" class="wall-item-photo{{$item.sparkle}}" id="wall-item-photo-{{$item.id}}" style="height: 80px; width: 80px;" alt="{{$item.name}}" /></a>
                                <span onclick="openClose('wall-item-photo-menu-{{$item.id}}');" class="fakelink wall-item-photo-menu-button" id="wall-item-photo-menu-button-{{$item.id}}">menu</span>
                 <div class="wall-item-photo-menu" id="wall-item-photo-menu-{{$item.id}}">
@@ -38,8 +38,8 @@
                        </div>
                </div>
                <div class="wall-item-author">
-                               <a href="{{$item.profile_url}}" target="redir" title="{{$item.linktitle}}" class="wall-item-name-link"><span class="wall-item-name{{$item.sparkle}}" id="wall-item-name-{{$item.id}}" >{{$item.name}}</span></a>{{if $item.owner_url}} {{$item.to}} <a href="{{$item.owner_url}}" target="redir" title="{{$item.olinktitle}}" class="wall-item-name-link"><span class="wall-item-name{{$item.osparkle}}" id="wall-item-ownername-{{$item.id}}">{{$item.owner_name}}</span></a> {{$item.vwall}}{{/if}}<br />
-                               <div class="wall-item-ago"  id="wall-item-ago-{{$item.id}}" title="{{$item.localtime}}">{{$item.ago}}</div>                             
+                               <a href="{{$item.profile_url}}" target="redir" title="{{$item.linktitle|escape:'html'}}" class="wall-item-name-link"><span class="wall-item-name{{$item.sparkle}}" id="wall-item-name-{{$item.id}}" >{{$item.name}}</span></a>{{if $item.owner_url}} {{$item.to}} <a href="{{$item.owner_url}}" target="redir" title="{{$item.olinktitle|escape:'html'}}" class="wall-item-name-link"><span class="wall-item-name{{$item.osparkle}}" id="wall-item-ownername-{{$item.id}}">{{$item.owner_name}}</span></a> {{$item.vwall}}{{/if}}<br />
+                               <div class="wall-item-ago"  id="wall-item-ago-{{$item.id}}" title="{{$item.localtime|escape:'html'}}">{{$item.ago}}</div>                               
                </div>                  
                <div class="wall-item-content" id="wall-item-content-{{$item.id}}" >
                        <div class="wall-item-title" id="wall-item-title-{{$item.id}}">{{$item.title}}</div>
                                                {{/foreach}}
                                        </div>
                        {{if $item.has_cats}}
-                       <div class="categorytags"><span>{{$item.txt_cats}} {{foreach $item.categories as $cat}}{{$cat.name}}{{if $cat.removeurl}} <a href="{{$cat.removeurl}}" title="{{$remove}}">[{{$remove}}]</a>{{/if}} {{if $cat.last}}{{else}}, {{/if}}{{/foreach}}
+                       <div class="categorytags"><span>{{$item.txt_cats}} {{foreach $item.categories as $cat}}{{$cat.name}}{{if $cat.removeurl}} <a href="{{$cat.removeurl}}" title="{{$remove|escape:'html'}}">[{{$remove}}]</a>{{/if}} {{if $cat.last}}{{else}}, {{/if}}{{/foreach}}
                        </div>
                        {{/if}}
 
                        {{if $item.has_folders}}
-                       <div class="filesavetags"><span>{{$item.txt_folders}} {{foreach $item.folders as $cat}}{{$cat.name}}{{if $cat.removeurl}} <a href="{{$cat.removeurl}}" title="{{$remove}}">[{{$remove}}]</a>{{/if}}{{if $cat.last}}{{else}}, {{/if}}{{/foreach}}
+                       <div class="filesavetags"><span>{{$item.txt_folders}} {{foreach $item.folders as $cat}}{{$cat.name}}{{if $cat.removeurl}} <a href="{{$cat.removeurl}}" title="{{$remove|escape:'html'}}">[{{$remove}}]</a>{{/if}}{{if $cat.last}}{{else}}, {{/if}}{{/foreach}}
                        </div>
                        {{/if}}
                        </div>
                <div class="wall-item-tools" id="wall-item-tools-{{$item.id}}">
                        {{if $item.vote}}
                        <div class="wall-item-like-buttons" id="wall-item-like-buttons-{{$item.id}}">
-                               <a href="#" class="icon like" title="{{$item.vote.like.0}}" onclick="dolike({{$item.id}},'like'); return false"></a>
-                               {{if $item.vote.dislike}}<a href="#" class="icon dislike" title="{{$item.vote.dislike.0}}" onclick="dolike({{$item.id}},'dislike'); return false"></a>{{/if}}
-                               {{if $item.vote.share}}<a href="#" class="icon recycle wall-item-share-buttons" title="{{$item.vote.share.0}}" onclick="jotShare({{$item.id}}); return false"></a>{{/if}}
-                               <img id="like-rotator-{{$item.id}}" class="like-rotator" src="images/rotator.gif" alt="{{$item.wait}}" title="{{$item.wait}}" style="display: none;" />
+                               <a href="#" class="icon like" title="{{$item.vote.like.0|escape:'html'}}" onclick="dolike({{$item.id}},'like'); return false"></a>
+                               {{if $item.vote.dislike}}<a href="#" class="icon dislike" title="{{$item.vote.dislike.0|escape:'html'}}" onclick="dolike({{$item.id}},'dislike'); return false"></a>{{/if}}
+                               {{if $item.vote.share}}<a href="#" class="icon recycle wall-item-share-buttons" title="{{$item.vote.share.0|escape:'html'}}" onclick="jotShare({{$item.id}}); return false"></a>{{/if}}
+                               <img id="like-rotator-{{$item.id}}" class="like-rotator" src="images/rotator.gif" alt="{{$item.wait|escape:'html'}}" title="{{$item.wait|escape:'html'}}" style="display: none;" />
                        </div>
                        {{/if}}
                        {{if $item.plink}}
-                               <div class="wall-item-links-wrapper"><a href="{{$item.plink.href}}" title="{{$item.plink.title}}" target="_blank" class="icon remote-link{{$item.sparkle}}"></a></div>
+                               <div class="wall-item-links-wrapper"><a href="{{$item.plink.href}}" title="{{$item.plink.title|escape:'html'}}" target="_blank" class="icon remote-link{{$item.sparkle}}"></a></div>
                        {{/if}}
                        {{if $item.edpost}}
-                               <a class="editpost icon pencil" href="{{$item.edpost.0}}" title="{{$item.edpost.1}}"></a>
+                               <a class="editpost icon pencil" href="{{$item.edpost.0}}" title="{{$item.edpost.1|escape:'html'}}"></a>
                        {{/if}}
                         
                        {{if $item.star}}
-                       <a href="#" id="starred-{{$item.id}}" onclick="dostar({{$item.id}}); return false;" class="star-item icon {{$item.isstarred}}" title="{{$item.star.toggle}}"></a>
+                       <a href="#" id="starred-{{$item.id}}" onclick="dostar({{$item.id}}); return false;" class="star-item icon {{$item.isstarred}}" title="{{$item.star.toggle|escape:'html'}}"></a>
                        {{/if}}
                        {{if $item.tagger}}
-                       <a href="#" id="tagger-{{$item.id}}" onclick="itemTag({{$item.id}}); return false;" class="tag-item icon tagged" title="{{$item.tagger.add}}"></a>
+                       <a href="#" id="tagger-{{$item.id}}" onclick="itemTag({{$item.id}}); return false;" class="tag-item icon tagged" title="{{$item.tagger.add|escape:'html'}}"></a>
                        {{/if}}
                        {{if $item.filer}}
-                       <a href="#" id="filer-{{$item.id}}" onclick="itemFiler({{$item.id}}); return false;" class="filer-item filer-icon" title="{{$item.filer}}"></a>
+                       <a href="#" id="filer-{{$item.id}}" onclick="itemFiler({{$item.id}}); return false;" class="filer-item filer-icon" title="{{$item.filer|escape:'html'}}"></a>
                        {{/if}}                 
                        
                        <div class="wall-item-delete-wrapper" id="wall-item-delete-wrapper-{{$item.id}}" >
-                               {{if $item.drop.dropping}}<a href="item/drop/{{$item.id}}" onclick="return confirmDelete();" class="icon drophide" title="{{$item.drop.delete}}" onmouseover="imgbright(this);" onmouseout="imgdull(this);" ></a>{{/if}}
+                               {{if $item.drop.dropping}}<a href="item/drop/{{$item.id}}" onclick="return confirmDelete();" class="icon drophide" title="{{$item.drop.delete|escape:'html'}}" onmouseover="imgbright(this);" onmouseout="imgdull(this);" ></a>{{/if}}
                        </div>
-                               {{if $item.drop.pagedrop}}<input type="checkbox" onclick="checkboxhighlight(this);" title="{{$item.drop.select}}" class="item-select" name="itemselected[]" value="{{$item.id}}" />{{/if}}
+                               {{if $item.drop.pagedrop}}<input type="checkbox" onclick="checkboxhighlight(this);" title="{{$item.drop.select|escape:'html'}}" class="item-select" name="itemselected[]" value="{{$item.id}}" />{{/if}}
                        <div class="wall-item-delete-end"></div>
                </div>
        </div>  
index 579ee0a31ec4c4594a9cfdda8a309f1ad1fdecb5..e6a6be908fb6d9d9c447ba70180ea37699ec435b 100644 (file)
@@ -13,7 +13,7 @@
 {{$recipname}}
 
 <div id="prvmail-subject-label">{{$subject}}</div>
-<input type="text" size="64" maxlength="255" id="prvmail-subject" name="subject" value="{{$subjtxt}}" {{$readonly}} tabindex="11" />
+<input type="text" size="64" maxlength="255" id="prvmail-subject" name="subject" value="{{$subjtxt|escape:'html'}}" {{$readonly}} tabindex="11" />
 
 <div id="prvmail-message-label">{{$yourmessage}}</div>
 <textarea rows="8" cols="72" class="prvmail-text" id="prvmail-text" name="body" tabindex="12">{{$text}}</textarea>
 <div id="prvmail-submit-wrapper" >
        <input type="submit" id="prvmail-submit" name="submit" value="Submit" tabindex="13" />
        <div id="prvmail-link-wrapper" >
-               <div id="prvmail-link" class="icon border link" title="{{$insert}}" onclick="jotGetLink();" ></div>
+               <div id="prvmail-link" class="icon border link" title="{{$insert|escape:'html'}}" onclick="jotGetLink();" ></div>
        </div> 
        <div id="prvmail-rotator-wrapper" >
-               <img id="prvmail-rotator" src="images/rotator.gif" alt="{{$wait}}" title="{{$wait}}" style="display: none;" />
+               <img id="prvmail-rotator" src="images/rotator.gif" alt="{{$wait|escape:'html'}}" title="{{$wait|escape:'html'}}" style="display: none;" />
        </div> 
 </div>
 <div id="prvmail-end"></div>