summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGreg Roach <fisharebest@gmail.com>2017-07-13 19:13:30 +0100
committerGreg Roach <fisharebest@gmail.com>2017-07-13 19:13:30 +0100
commitbb61d72b5d018479e20cca0501be23e7754ebf6f (patch)
treef2b3cd32a1e5d08dc8c8b2034dc37b24fcca5386
parent3c3b90dec7b6af8ce516d659bda403ea7b512725 (diff)
downloadwebtrees-bb61d72b5d018479e20cca0501be23e7754ebf6f.tar.gz
webtrees-bb61d72b5d018479e20cca0501be23e7754ebf6f.tar.bz2
webtrees-bb61d72b5d018479e20cca0501be23e7754ebf6f.zip
Review esacping
-rw-r--r--admin_media.php4
-rw-r--r--admin_trees_manage.php2
-rw-r--r--edituser.php2
-rw-r--r--modules_v3/GEDFact_assistant/MEDIA_ctrl.php4
-rw-r--r--reportengine.php3
5 files changed, 7 insertions, 8 deletions
diff --git a/admin_media.php b/admin_media.php
index 0932d5be16..99d5163e40 100644
--- a/admin_media.php
+++ b/admin_media.php
@@ -312,9 +312,9 @@ case 'load_json':
}
}
- $conf = I18N::translate('Are you sure you want to delete “%s”?', Filter::escapeJs($unused_file));
+ $conf = I18N::translate('Are you sure you want to delete “%s”?', Html::escape($unused_file));
$delete_link =
- '<p><a onclick="if (confirm(\'' . Filter::escapeJs($conf) . '\')) jQuery.post(\'admin_media.php\',{delete:\'' . Filter::escapeJs($media_path . $unused_file) . '\',media_folder:\'' . Filter::escapeJs($media_folder) . '\'},function(){location.reload();})" href="#">' . I18N::translate('Delete') . '</a></p>';
+ '<p><a onclick="if (confirm(\'' . Filter::escapeJs($conf) . '\')) jQuery.post(\'admin_media.php\',{delete:\'' . Html::escape($media_path . $unused_file) . '\',media_folder:\'' . Html::escape($media_folder) . '\'},function(){location.reload();})" href="#">' . I18N::translate('Delete') . '</a></p>';
$data[] = [
mediaFileInfo($media_folder, $media_path, $unused_file) . $delete_link,
diff --git a/admin_trees_manage.php b/admin_trees_manage.php
index 323bc2f9b1..1f4952404a 100644
--- a/admin_trees_manage.php
+++ b/admin_trees_manage.php
@@ -417,7 +417,7 @@ echo Bootstrap4::breadcrumbs([
<input type="hidden" name="gedcom_id" value="<?= $tree->getTreeId() ?>">
<?= Filter::getCsrf() ?>
<!-- A11Y - forms need submit buttons, but they look ugly here -->
- <button class="sr-only" onclick="return confirm('<?= I18N::translate('Are you sure you want to delete “%s”?', Filter::escapeJs($tree->getTitle())) ?>')" type="submit">
+ <button class="sr-only" onclick="return confirm('<?= I18N::translate('Are you sure you want to delete “%s”?', Html::escape($tree->getTitle())) ?>')" type="submit">
<?= I18N::translate('Delete') ?>
</button>
</form>
diff --git a/edituser.php b/edituser.php
index 411427094f..04e2dc78b7 100644
--- a/edituser.php
+++ b/edituser.php
@@ -300,7 +300,7 @@ function checkform(frm) {
<?= Filter::getCsrf() ?>
<div class="row form-group">
<div class="col-sm-9 offset-sm-3">
- <input class="btn btn-danger" type="submit" value="<?= I18N::translate('Delete your account') ?>" onclick="return confirm('<?= I18N::translate('Are you sure you want to delete “%s”?', Filter::escapeJs(Auth::user()->getUserName())) ?>');">
+ <input class="btn btn-danger" type="submit" value="<?= I18N::translate('Delete your account') ?>" onclick="return confirm('<?= I18N::translate('Are you sure you want to delete “%s”?', Html::escape(Auth::user()->getUserName())) ?>');">
</div>
</div>
</form>
diff --git a/modules_v3/GEDFact_assistant/MEDIA_ctrl.php b/modules_v3/GEDFact_assistant/MEDIA_ctrl.php
index ead70c27bd..bcf7835bc1 100644
--- a/modules_v3/GEDFact_assistant/MEDIA_ctrl.php
+++ b/modules_v3/GEDFact_assistant/MEDIA_ctrl.php
@@ -136,7 +136,7 @@ function print_navigator_family(Family $family, Individual $individual) {
?>
<tr class="fact_value">
<td class="facts_value" >
- <a href="#" onclick="opener.insertRowToTable('<?= $spouse->getXref() ?>', '<?= Filter::escapeJs($spouse->getFullName()) ?>', '', '', '', '', '', '', '', ''); return false;">
+ <a href="#" onclick="opener.insertRowToTable('<?= $spouse->getXref() ?>', '<?= Html::escape($spouse->getFullName()) ?>', '', '', '', '', '', '', '', ''); return false;">
<?= $spouse === $individual ? '<b>' : '' ?>
<?= $spouse->getFullName() ?> <?= $spouse->getLifeSpan() ?>
<?= $spouse === $individual ? '</b>' : '' ?>
@@ -157,7 +157,7 @@ function print_navigator_family(Family $family, Individual $individual) {
?>
<tr>
<td class="facts_value">
- <a href="#" onclick="opener.insertRowToTable('<?= $child->getXref() ?>', '<?= Filter::escapeJs($child->getFullName()) ?>', '', '', '', '', '', '', '', ''); return false;">
+ <a href="#" onclick="opener.insertRowToTable('<?= $child->getXref() ?>', '<?= Html::escape($child->getFullName()) ?>', '', '', '', '', '', '', '', ''); return false;">
<?= $child === $individual ? '<b>' : '' ?>
<?= $child->getFullName() ?> <?= $child->getLifeSpan() ?>
<?= $child === $individual ? '</b>' : '' ?>
diff --git a/reportengine.php b/reportengine.php
index b4b2876367..5510d742c4 100644
--- a/reportengine.php
+++ b/reportengine.php
@@ -201,8 +201,7 @@ case 'setup':
}
if (isset($input['lookup'])) {
echo '<input type="hidden" name="type[', Html::escape($input['name']), ']" value="', Html::escape($input['lookup']), '">';
- if ($input['lookup'] == 'INDI') {
- } elseif ($input['lookup'] == 'DATE') {
+ if ($input['lookup'] == 'DATE') {
echo FontAwesome::linkIcon('calendar', I18N::translate('Select a date'), ['class' => 'btn btn-link', 'href' => '#', 'onclick' => 'return calendarWidget("div_' . Filter::escapeJs($input['name']) . '", "' . Filter::escapeJs($input['name']) . '");']);
echo '<div id="div_', Html::escape($input['name']), '" style="position:absolute;visibility:hidden;background-color:white;"></div>';
}