diff options
| author | Greg Roach <fisharebest@gmail.com> | 2017-07-13 19:13:30 +0100 |
|---|---|---|
| committer | Greg Roach <fisharebest@gmail.com> | 2017-07-13 19:13:30 +0100 |
| commit | bb61d72b5d018479e20cca0501be23e7754ebf6f (patch) | |
| tree | f2b3cd32a1e5d08dc8c8b2034dc37b24fcca5386 | |
| parent | 3c3b90dec7b6af8ce516d659bda403ea7b512725 (diff) | |
| download | webtrees-bb61d72b5d018479e20cca0501be23e7754ebf6f.tar.gz webtrees-bb61d72b5d018479e20cca0501be23e7754ebf6f.tar.bz2 webtrees-bb61d72b5d018479e20cca0501be23e7754ebf6f.zip | |
Review esacping
| -rw-r--r-- | admin_media.php | 4 | ||||
| -rw-r--r-- | admin_trees_manage.php | 2 | ||||
| -rw-r--r-- | edituser.php | 2 | ||||
| -rw-r--r-- | modules_v3/GEDFact_assistant/MEDIA_ctrl.php | 4 | ||||
| -rw-r--r-- | reportengine.php | 3 |
5 files changed, 7 insertions, 8 deletions
diff --git a/admin_media.php b/admin_media.php index 0932d5be16..99d5163e40 100644 --- a/admin_media.php +++ b/admin_media.php @@ -312,9 +312,9 @@ case 'load_json': } } - $conf = I18N::translate('Are you sure you want to delete “%s”?', Filter::escapeJs($unused_file)); + $conf = I18N::translate('Are you sure you want to delete “%s”?', Html::escape($unused_file)); $delete_link = - '<p><a onclick="if (confirm(\'' . Filter::escapeJs($conf) . '\')) jQuery.post(\'admin_media.php\',{delete:\'' . Filter::escapeJs($media_path . $unused_file) . '\',media_folder:\'' . Filter::escapeJs($media_folder) . '\'},function(){location.reload();})" href="#">' . I18N::translate('Delete') . '</a></p>'; + '<p><a onclick="if (confirm(\'' . Filter::escapeJs($conf) . '\')) jQuery.post(\'admin_media.php\',{delete:\'' . Html::escape($media_path . $unused_file) . '\',media_folder:\'' . Html::escape($media_folder) . '\'},function(){location.reload();})" href="#">' . I18N::translate('Delete') . '</a></p>'; $data[] = [ mediaFileInfo($media_folder, $media_path, $unused_file) . $delete_link, diff --git a/admin_trees_manage.php b/admin_trees_manage.php index 323bc2f9b1..1f4952404a 100644 --- a/admin_trees_manage.php +++ b/admin_trees_manage.php @@ -417,7 +417,7 @@ echo Bootstrap4::breadcrumbs([ <input type="hidden" name="gedcom_id" value="<?= $tree->getTreeId() ?>"> <?= Filter::getCsrf() ?> <!-- A11Y - forms need submit buttons, but they look ugly here --> - <button class="sr-only" onclick="return confirm('<?= I18N::translate('Are you sure you want to delete “%s”?', Filter::escapeJs($tree->getTitle())) ?>')" type="submit"> + <button class="sr-only" onclick="return confirm('<?= I18N::translate('Are you sure you want to delete “%s”?', Html::escape($tree->getTitle())) ?>')" type="submit"> <?= I18N::translate('Delete') ?> </button> </form> diff --git a/edituser.php b/edituser.php index 411427094f..04e2dc78b7 100644 --- a/edituser.php +++ b/edituser.php @@ -300,7 +300,7 @@ function checkform(frm) { <?= Filter::getCsrf() ?> <div class="row form-group"> <div class="col-sm-9 offset-sm-3"> - <input class="btn btn-danger" type="submit" value="<?= I18N::translate('Delete your account') ?>" onclick="return confirm('<?= I18N::translate('Are you sure you want to delete “%s”?', Filter::escapeJs(Auth::user()->getUserName())) ?>');"> + <input class="btn btn-danger" type="submit" value="<?= I18N::translate('Delete your account') ?>" onclick="return confirm('<?= I18N::translate('Are you sure you want to delete “%s”?', Html::escape(Auth::user()->getUserName())) ?>');"> </div> </div> </form> diff --git a/modules_v3/GEDFact_assistant/MEDIA_ctrl.php b/modules_v3/GEDFact_assistant/MEDIA_ctrl.php index ead70c27bd..bcf7835bc1 100644 --- a/modules_v3/GEDFact_assistant/MEDIA_ctrl.php +++ b/modules_v3/GEDFact_assistant/MEDIA_ctrl.php @@ -136,7 +136,7 @@ function print_navigator_family(Family $family, Individual $individual) { ?> <tr class="fact_value"> <td class="facts_value" > - <a href="#" onclick="opener.insertRowToTable('<?= $spouse->getXref() ?>', '<?= Filter::escapeJs($spouse->getFullName()) ?>', '', '', '', '', '', '', '', ''); return false;"> + <a href="#" onclick="opener.insertRowToTable('<?= $spouse->getXref() ?>', '<?= Html::escape($spouse->getFullName()) ?>', '', '', '', '', '', '', '', ''); return false;"> <?= $spouse === $individual ? '<b>' : '' ?> <?= $spouse->getFullName() ?> <?= $spouse->getLifeSpan() ?> <?= $spouse === $individual ? '</b>' : '' ?> @@ -157,7 +157,7 @@ function print_navigator_family(Family $family, Individual $individual) { ?> <tr> <td class="facts_value"> - <a href="#" onclick="opener.insertRowToTable('<?= $child->getXref() ?>', '<?= Filter::escapeJs($child->getFullName()) ?>', '', '', '', '', '', '', '', ''); return false;"> + <a href="#" onclick="opener.insertRowToTable('<?= $child->getXref() ?>', '<?= Html::escape($child->getFullName()) ?>', '', '', '', '', '', '', '', ''); return false;"> <?= $child === $individual ? '<b>' : '' ?> <?= $child->getFullName() ?> <?= $child->getLifeSpan() ?> <?= $child === $individual ? '</b>' : '' ?> diff --git a/reportengine.php b/reportengine.php index b4b2876367..5510d742c4 100644 --- a/reportengine.php +++ b/reportengine.php @@ -201,8 +201,7 @@ case 'setup': } if (isset($input['lookup'])) { echo '<input type="hidden" name="type[', Html::escape($input['name']), ']" value="', Html::escape($input['lookup']), '">'; - if ($input['lookup'] == 'INDI') { - } elseif ($input['lookup'] == 'DATE') { + if ($input['lookup'] == 'DATE') { echo FontAwesome::linkIcon('calendar', I18N::translate('Select a date'), ['class' => 'btn btn-link', 'href' => '#', 'onclick' => 'return calendarWidget("div_' . Filter::escapeJs($input['name']) . '", "' . Filter::escapeJs($input['name']) . '");']); echo '<div id="div_', Html::escape($input['name']), '" style="position:absolute;visibility:hidden;background-color:white;"></div>'; } |
