summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--addmedia.php2
-rw-r--r--admin_media.php6
-rw-r--r--admin_users.php2
-rw-r--r--find.php4
-rw-r--r--includes/functions/functions_print.php2
-rw-r--r--includes/functions/functions_print_lists.php14
-rw-r--r--index_edit.php2
-rw-r--r--library/WT/Controller/Individual.php2
-rw-r--r--library/WT/Filter.php4
-rw-r--r--library/WT/I18N.php2
-rw-r--r--modules_v3/lightbox/module.php5
-rw-r--r--search_advanced.php2
12 files changed, 23 insertions, 24 deletions
diff --git a/addmedia.php b/addmedia.php
index a42c875114..874774d236 100644
--- a/addmedia.php
+++ b/addmedia.php
@@ -546,7 +546,7 @@ if (!$isExternal) {
echo '<p class="sub">', WT_I18N::translate('This entry is ignored if you have entered a URL into the file name field.'), '</p>';
}
} else {
- echo '<input name="folder" type="hidden" value="', addslashes($folder), '">';
+ echo '<input name="folder" type="hidden" value="', WT_Filter::escapeHtml($folder), '">';
}
echo '</td></tr>';
} else {
diff --git a/admin_media.php b/admin_media.php
index 9e2a59fd7b..6b36cec170 100644
--- a/admin_media.php
+++ b/admin_media.php
@@ -285,9 +285,9 @@ case 'load_json':
}
}
- $conf = WT_I18N::translate('Are you sure you want to delete “%s”?', strip_tags($unused_file));
+ $conf = WT_I18N::translate('Are you sure you want to delete “%s”?', $unused_file);
$delete_link =
- '<p><a onclick="if (confirm(\'' . $conf . '\')) jQuery.post(\'admin_media.php\',{delete:\'' .addslashes($media_path . $unused_file) . '\',media_folder:\'' . addslashes($media_folder) . '\'},function(){location.reload();})" href="#">' . WT_I18N::Translate('Delete') . '</a></p>';
+ '<p><a onclick="if (confirm(\'' . WT_Filter::escapeJs($conf) . '\')) jQuery.post(\'admin_media.php\',{delete:\'' .WT_Filter::escapeJs($media_path . $unused_file) . '\',media_folder:\'' . WT_Filter::escapeJs($media_folder) . '\'},function(){location.reload();})" href="#">' . WT_I18N::Translate('Delete') . '</a></p>';
$aaData[] = array(
media_file_info($media_folder, $media_path, $unused_file) . $delete_link,
@@ -432,7 +432,7 @@ function media_object_info(WT_Media $media) {
' - ' .
'<a onclick="window.open(\'addmedia.php?action=editmedia&amp;pid=' . $xref . '&ged=' . $gedcom . '\', \'_blank\', edit_window_specs)" href="#">' . WT_I18N::Translate('Edit') . '</a>' .
' - ' .
- '<a onclick="if (confirm(\'' . $conf . '\')) jQuery.post(\'action.php\',{action:\'delete-media\',xref:\'' . $xref . '\',ged:\'' . $gedcom . '\'},function(){location.reload();})" href="#">' . WT_I18N::Translate('Delete') . '</a>' .
+ '<a onclick="if (confirm(\'' . WT_Filter::escapeJs($conf) . '\')) jQuery.post(\'action.php\',{action:\'delete-media\',xref:\'' . $xref . '\',ged:\'' . $gedcom . '\'},function(){location.reload();})" href="#">' . WT_I18N::Translate('Delete') . '</a>' .
' - ';
if (array_key_exists('GEDFact_assistant', WT_Module::getActiveModules())) {
diff --git a/admin_users.php b/admin_users.php
index 6d0280d8a5..0324f372e0 100644
--- a/admin_users.php
+++ b/admin_users.php
@@ -357,7 +357,7 @@ case 'createform':
var idNum = fieldIDx.replace("RELATIONSHIP_PATH_LENGTH","");
var newIDx = "gedcomid"+idNum;
if (jQuery("#"+newIDx).val()=="") {
- alert("'.addslashes(WT_I18N::translate('You must specify an individual record before you can restrict the user to their immediate family.')).'");
+ alert("'.WT_I18N::translate('You must specify an individual record before you can restrict the user to their immediate family.').'");
jQuery(this).val("");
}
});
diff --git a/find.php b/find.php
index fa99304c00..0cd5fdd3f0 100644
--- a/find.php
+++ b/find.php
@@ -548,9 +548,9 @@ if ($action=="filter") {
echo '<div class="find-media-thumb">', $media->displayImage(), '</div>';
echo '<div class="find-media-details">', $media->getFullName(), '</div>';
if (!$embed) {
- echo '<p><a href="#" dir="auto" onclick="pasteid(\'', addslashes($media->getXref()), '\');">', $media->getFilename(), '</a></p>';
+ echo '<p><a href="#" dir="auto" onclick="pasteid(\'', $media->getXref(), '\');">', $media->getFilename(), '</a></p>';
} else {
- echo '<p><a href="#" dir="auto" onclick="pasteid(\'', $media->getXref(), '\', \'', '\', \'', addslashes($media->getFilename()), '\');">', $media->getFilename(), '</a></p> ';
+ echo '<p><a href="#" dir="auto" onclick="pasteid(\'', $media->getXref(), '\', \'', '\', \'', WT_Filter::escapeJs($media->getFilename()), '\');">', WT_Filter::escapeHtml($media->getFilename()), '</a></p> ';
}
if ($media->fileExists()) {
$imgsize = $media->getImageAttributes();
diff --git a/includes/functions/functions_print.php b/includes/functions/functions_print.php
index de34f0e084..e72fb105a6 100644
--- a/includes/functions/functions_print.php
+++ b/includes/functions/functions_print.php
@@ -317,7 +317,7 @@ function whoisonline() {
foreach ($loggedusers as $user_id=>$user_name) {
$content .= '<div class="logged_in_name">';
$content .= WT_Filter::escapeHtml(getUserFullName($user_id) . ' - ' . $user_name);
- if (WT_USER_ID!=$user_id && get_user_setting($user_id, 'contactmethod')!="none") {
+ if (true || WT_USER_ID!=$user_id && get_user_setting($user_id, 'contactmethod')!="none") {
$content .= ' <a class="icon-email" href="#" onclick="return message(\''.$user_name . '\', \'\', \''.addslashes(urlencode(get_query_url())).'\', \'\');" title="' . WT_I18N::translate('Send Message').'"></a>';
}
$i++;
diff --git a/includes/functions/functions_print_lists.php b/includes/functions/functions_print_lists.php
index 9c13d2c7f5..0cef89c0c7 100644
--- a/includes/functions/functions_print_lists.php
+++ b/includes/functions/functions_print_lists.php
@@ -82,7 +82,7 @@ function format_indi_table($datalist, $option='') {
"sPaginationType": "full_numbers"
});
- jQuery("div.filtersH_'.$table_id.'").html("'.addslashes(
+ jQuery("div.filtersH_'.$table_id.'").html("'.WT_Filter::escapeJs(
'<button type="button" id="SEX_M_'. $table_id.'" class="ui-state-default SEX_M" title="'. WT_I18N::translate('Show only males.').'">&nbsp;'.WT_Individual::sexImage('M', 'small').'&nbsp;</button>'.
'<button type="button" id="SEX_F_'. $table_id.'" class="ui-state-default SEX_F" title="'. WT_I18N::translate('Show only females.').'">&nbsp;'.WT_Individual::sexImage('F', 'small').'&nbsp;</button>'.
'<button type="button" id="SEX_U_'. $table_id.'" class="ui-state-default SEX_U" title="'. WT_I18N::translate('Show only persons of whom the gender is not known.').'">&nbsp;'.WT_Individual::sexImage('U', 'small').'&nbsp;</button>'.
@@ -97,7 +97,7 @@ function format_indi_table($datalist, $option='') {
'<button type="button" id="RESET_'. $table_id.'" class="ui-state-default RESET" title="'. WT_I18N::translate('Reset to the list defaults.').'">'.WT_I18N::translate('Reset').'</button>'
).'");
- jQuery("div.filtersF_'.$table_id.'").html("'.addslashes(
+ jQuery("div.filtersF_'.$table_id.'").html("'.WT_Filter::escapeJs(
'<button type="button" class="ui-state-default" id="cb_parents_indi_list_table" onclick="jQuery(\'div.parents_indi_list_table_'.$table_id.'\').toggle(); jQuery(this).toggleClass(\'ui-state-active\');">'.WT_I18N::translate('Show parents').'</button>'.
'<button type="button" class="ui-state-default" id="charts_indi_list_table" onclick="jQuery(\'div.indi_list_table-charts_'.$table_id.'\').toggle(); jQuery(this).toggleClass(\'ui-state-active\');">'.WT_I18N::translate('Show statistics charts').'</button>'
).'");
@@ -489,7 +489,7 @@ function format_fam_table($datalist, $option='') {
"sPaginationType": "full_numbers"
});
- jQuery("div.filtersH_'.$table_id.'").html("'.addslashes(
+ jQuery("div.filtersH_'.$table_id.'").html("'.WT_Filter::escapeJs(
'<button type="button" id="DEAT_N_'. $table_id.'" class="ui-state-default DEAT_N" title="'. WT_I18N::translate('Show people who are alive or couples where both partners are alive.').'">'.WT_I18N::translate('Both alive').'</button>'.
'<button type="button" id="DEAT_W_'. $table_id.'" class="ui-state-default DEAT_W" title="'. WT_I18N::translate('Show couples where only the female partner is deceased.').'">'.WT_I18N::translate('Widower').'</button>'.
'<button type="button" id="DEAT_H_'. $table_id.'" class="ui-state-default DEAT_H" title="'. WT_I18N::translate('Show couples where only the male partner is deceased.').'">'.WT_I18N::translate('Widow').'</button>'.
@@ -504,7 +504,7 @@ function format_fam_table($datalist, $option='') {
'<button type="button" id="RESET_'.$table_id.'" class="ui-state-default RESET" title="'.WT_I18N::translate('Reset to the list defaults.').'">'.WT_I18N::translate('Reset').'</button>'
).'");
- jQuery("div.filtersF_'.$table_id.'").html("'.addslashes(
+ jQuery("div.filtersF_'.$table_id.'").html("'.WT_Filter::escapeJs(
'<button type="button" class="ui-state-default" id="cb_parents_'.$table_id.'" onclick="jQuery(\'div.parents_'.$table_id.'\').toggle(); jQuery(this).toggleClass(\'ui-state-active\');">'.WT_I18N::translate('Show parents').'</button>'.
'<button type="button" class="ui-state-default" id="charts_fam_list_table" onclick="jQuery(\'div.fam_list_table-charts_'.$table_id.'\').toggle(); jQuery(this).toggleClass(\'ui-state-active\');">'. WT_I18N::translate('Show statistics charts').'</button>'
).'");
@@ -978,7 +978,7 @@ function format_sour_table($datalist) {
}
//-- Delete
if (WT_USER_GEDCOM_ADMIN) {
- $html .= '<td><div title="'. WT_I18N::translate('Delete'). '" class="deleteicon" onclick="if (confirm(\''. addslashes(WT_I18N::translate('Are you sure you want to delete “%s”?', strip_tags($source->getFullName()))). '\')) jQuery.post(\'action.php\',{action:\'delete-source\',xref:\''. $source->getXref(). '\'},function(){location.reload();})"><span class="link_text">'. WT_I18N::translate('Delete'). '</span></div></td>';
+ $html .= '<td><div title="'. WT_I18N::translate('Delete'). '" class="deleteicon" onclick="if (confirm(\''. WT_Filter::escapeJs(WT_I18N::translate('Are you sure you want to delete “%s”?', strip_tags($source->getFullName()))). '\')) jQuery.post(\'action.php\',{action:\'delete-source\',xref:\''. $source->getXref(). '\'},function(){location.reload();})"><span class="link_text">'. WT_I18N::translate('Delete'). '</span></div></td>';
} else {
$html .= '<td>&nbsp;</td>';
}
@@ -1079,7 +1079,7 @@ function format_note_table($datalist) {
}
//-- Delete
if (WT_USER_GEDCOM_ADMIN) {
- $html .= '<td><div title="'. WT_I18N::translate('Delete'). '" class="deleteicon" onclick="if (confirm(\''. addslashes(WT_I18N::translate('Are you sure you want to delete “%s”?', strip_tags($note->getFullName()))). '\')) jQuery.post(\'action.php\',{action:\'delete-note\',xref:\''. $note->getXref(). '\'},function(){location.reload();})"><span class="link_text">'. WT_I18N::translate('Delete'). '</span></div></td>';
+ $html .= '<td><div title="'. WT_I18N::translate('Delete'). '" class="deleteicon" onclick="if (confirm(\''. WT_Filter::escapeJs(WT_I18N::translate('Are you sure you want to delete “%s”?', strip_tags($note->getFullName()))). '\')) jQuery.post(\'action.php\',{action:\'delete-note\',xref:\''. $note->getXref(). '\'},function(){location.reload();})"><span class="link_text">'. WT_I18N::translate('Delete'). '</span></div></td>';
} else {
$html .= '<td></td>';
}
@@ -1171,7 +1171,7 @@ function format_repo_table($repos) {
}
//-- Delete
if (WT_USER_GEDCOM_ADMIN) {
- $html .= '<td><div title="'. WT_I18N::translate('Delete'). '" class="deleteicon" onclick="if (confirm(\''. addslashes(WT_I18N::translate('Are you sure you want to delete “%s”?', strip_tags($repo->getFullName()))). '\')) jQuery.post(\'action.php\',{action:\'delete-repository\',xref:\''. $repo->getXref(). '\'},function(){location.reload();})"><span class="link_text">'. WT_I18N::translate('Delete'). '</span></div></td>';
+ $html .= '<td><div title="'. WT_I18N::translate('Delete'). '" class="deleteicon" onclick="if (confirm(\''. WT_Filter::escapeJs(WT_I18N::translate('Are you sure you want to delete “%s”?', strip_tags($repo->getFullName()))). '\')) jQuery.post(\'action.php\',{action:\'delete-repository\',xref:\''. $repo->getXref(). '\'},function(){location.reload();})"><span class="link_text">'. WT_I18N::translate('Delete'). '</span></div></td>';
} else {
$html .= '<td>&nbsp;</td>';
}
diff --git a/index_edit.php b/index_edit.php
index 98151f21f2..1350d60d68 100644
--- a/index_edit.php
+++ b/index_edit.php
@@ -240,7 +240,7 @@ $controller
// Load Block Description array for use by javascript
foreach ($all_blocks as $block_name=>$block) {
$controller->addInlineJavascript(
- 'block_descr["'.$block_name.'"] = "'.addslashes($block->getDescription()).'";'
+ 'block_descr["'.$block_name.'"] = "'.WT_Filter::escapeJs($block->getDescription()).'";'
);
}
$controller->addInlineJavascript(
diff --git a/library/WT/Controller/Individual.php b/library/WT/Controller/Individual.php
index dac11a83d1..a540683e13 100644
--- a/library/WT/Controller/Individual.php
+++ b/library/WT/Controller/Individual.php
@@ -306,7 +306,7 @@ class WT_Controller_Individual extends WT_Controller_GedcomRecord {
// delete
if (WT_USER_CAN_EDIT) {
$submenu = new WT_Menu(WT_I18N::translate('Delete'), '#', 'menu-indi-del');
- $submenu->addOnclick("if (confirm('".addslashes(WT_I18N::translate('Are you sure you want to delete “%s”?', strip_tags($this->record->getFullName())))."')) jQuery.post('action.php',{action:'delete-individual',xref:'".$this->record->getXref()."'},function(){location.reload();})");
+ $submenu->addOnclick("if (confirm('".WT_I18N::translate('Are you sure you want to delete “%s”?', WT_Filter::escapeJs(strip_tags($this->record->getFullName())))."')) jQuery.post('action.php',{action:'delete-individual',xref:'".$this->record->getXref()."'},function(){location.reload();})");
$menu->addSubmenu($submenu);
}
diff --git a/library/WT/Filter.php b/library/WT/Filter.php
index 81384b69de..ae547464f4 100644
--- a/library/WT/Filter.php
+++ b/library/WT/Filter.php
@@ -67,9 +67,9 @@ class WT_Filter {
//////////////////////////////////////////////////////////////////////////////
private static function utf16be($string) {
if (function_exists('iconv')) {
- return iconv('utf-8', 'utf16be', $string);
+ return iconv(self::ENCODING, 'utf16be', $string);
} elseif (function_exists('mb_convert_encoding')) {
- return mb_convert_encoding($string, 'utf16be', 'utf-8');
+ return mb_convert_encoding($string, 'utf16be', self::ENCODING);
} else {
throw new Exception('Need either iconv or mbstring libraries');
}
diff --git a/library/WT/I18N.php b/library/WT/I18N.php
index b5625cb777..097bd9e943 100644
--- a/library/WT/I18N.php
+++ b/library/WT/I18N.php
@@ -472,7 +472,7 @@ class WT_I18N {
' "sInfoFiltered": "'./* I18N: %s is a placeholder for a number */ WT_I18N::translate('(filtered from %s total entries)', '_MAX_').'",'.
' "sInfoPostfix": "",'.
' "sInfoThousands": "'.$symbols['group'].'",'.
- ' "sLengthMenu": "'.addslashes($length_menu).'",'.
+ ' "sLengthMenu": "'.WT_Filter::escapeJs($length_menu).'",'.
' "sLoadingRecords": "'.WT_I18N::translate('Loading...').'",'.
' "sProcessing": "'.WT_I18N::translate('Loading...').'",'.
' "sSearch": "'.WT_I18N::translate('Filter').'",'.
diff --git a/modules_v3/lightbox/module.php b/modules_v3/lightbox/module.php
index ba32489318..28d2603b88 100644
--- a/modules_v3/lightbox/module.php
+++ b/modules_v3/lightbox/module.php
@@ -141,8 +141,7 @@ class lightbox_WT_Module extends WT_Module implements WT_Module_Tab {
$needle = '1 NOTE';
$before = substr($haystack, 0, strpos($haystack, $needle));
$after = substr(strstr($haystack, $needle), strlen($needle));
- $final = $before.$needle.$after;
- $notes = htmlspecialchars(addslashes(print_fact_notes($final, 1, true, true)), ENT_QUOTES);
+ $notes = print_fact_notes($before . $needle . $after, 1, true, true);
// Prepare Below Thumbnail menu ----------------------------------------------------
$mtitle = '<div style="max-width:120px;overflow:hidden;text-overflow:ellipsis;">' . $media_list_item['media']->getFullName() . '</div>';
@@ -159,7 +158,7 @@ class lightbox_WT_Module extends WT_Module implements WT_Module_Tab {
if (strpos($media_list_item['media']->getGedcom(), "\n1 NOTE")) {
$submenu = new WT_Menu(WT_I18N::translate('View Notes'), '#');
// Notes Tooltip ----------------------------------------------------
- $submenu->addOnclick("modalNotes('". $notes ."','". WT_I18N::translate('View Notes') ."'); return false;");
+ $submenu->addOnclick("modalNotes('". WT_Filter::escapeJs($notes) ."','". WT_I18N::translate('View Notes') ."'); return false;");
$submenu->addClass("submenuitem");
$menu->addSubMenu($submenu);
}
diff --git a/search_advanced.php b/search_advanced.php
index 056c763bdc..d596dd38bc 100644
--- a/search_advanced.php
+++ b/search_advanced.php
@@ -62,7 +62,7 @@ echo '<script>';
<?php foreach ($controller->getOtherFields() as $field=>$label) { ?>
opt = document.createElement('option');
opt.value='<?php echo $field; ?>';
- opt.text='<?php echo addslashes($label); ?>';
+ opt.text='<?php echo WT_Filter::escapeJs($label); ?>';
sel.options.add(opt);
<?php } ?>
label.appendChild(sel);