diff options
| -rw-r--r-- | addmedia.php | 2 | ||||
| -rw-r--r-- | admin_media.php | 6 | ||||
| -rw-r--r-- | admin_users.php | 2 | ||||
| -rw-r--r-- | find.php | 4 | ||||
| -rw-r--r-- | includes/functions/functions_print.php | 2 | ||||
| -rw-r--r-- | includes/functions/functions_print_lists.php | 14 | ||||
| -rw-r--r-- | index_edit.php | 2 | ||||
| -rw-r--r-- | library/WT/Controller/Individual.php | 2 | ||||
| -rw-r--r-- | library/WT/Filter.php | 4 | ||||
| -rw-r--r-- | library/WT/I18N.php | 2 | ||||
| -rw-r--r-- | modules_v3/lightbox/module.php | 5 | ||||
| -rw-r--r-- | search_advanced.php | 2 |
12 files changed, 23 insertions, 24 deletions
diff --git a/addmedia.php b/addmedia.php index a42c875114..874774d236 100644 --- a/addmedia.php +++ b/addmedia.php @@ -546,7 +546,7 @@ if (!$isExternal) { echo '<p class="sub">', WT_I18N::translate('This entry is ignored if you have entered a URL into the file name field.'), '</p>'; } } else { - echo '<input name="folder" type="hidden" value="', addslashes($folder), '">'; + echo '<input name="folder" type="hidden" value="', WT_Filter::escapeHtml($folder), '">'; } echo '</td></tr>'; } else { diff --git a/admin_media.php b/admin_media.php index 9e2a59fd7b..6b36cec170 100644 --- a/admin_media.php +++ b/admin_media.php @@ -285,9 +285,9 @@ case 'load_json': } } - $conf = WT_I18N::translate('Are you sure you want to delete “%s”?', strip_tags($unused_file)); + $conf = WT_I18N::translate('Are you sure you want to delete “%s”?', $unused_file); $delete_link = - '<p><a onclick="if (confirm(\'' . $conf . '\')) jQuery.post(\'admin_media.php\',{delete:\'' .addslashes($media_path . $unused_file) . '\',media_folder:\'' . addslashes($media_folder) . '\'},function(){location.reload();})" href="#">' . WT_I18N::Translate('Delete') . '</a></p>'; + '<p><a onclick="if (confirm(\'' . WT_Filter::escapeJs($conf) . '\')) jQuery.post(\'admin_media.php\',{delete:\'' .WT_Filter::escapeJs($media_path . $unused_file) . '\',media_folder:\'' . WT_Filter::escapeJs($media_folder) . '\'},function(){location.reload();})" href="#">' . WT_I18N::Translate('Delete') . '</a></p>'; $aaData[] = array( media_file_info($media_folder, $media_path, $unused_file) . $delete_link, @@ -432,7 +432,7 @@ function media_object_info(WT_Media $media) { ' - ' . '<a onclick="window.open(\'addmedia.php?action=editmedia&pid=' . $xref . '&ged=' . $gedcom . '\', \'_blank\', edit_window_specs)" href="#">' . WT_I18N::Translate('Edit') . '</a>' . ' - ' . - '<a onclick="if (confirm(\'' . $conf . '\')) jQuery.post(\'action.php\',{action:\'delete-media\',xref:\'' . $xref . '\',ged:\'' . $gedcom . '\'},function(){location.reload();})" href="#">' . WT_I18N::Translate('Delete') . '</a>' . + '<a onclick="if (confirm(\'' . WT_Filter::escapeJs($conf) . '\')) jQuery.post(\'action.php\',{action:\'delete-media\',xref:\'' . $xref . '\',ged:\'' . $gedcom . '\'},function(){location.reload();})" href="#">' . WT_I18N::Translate('Delete') . '</a>' . ' - '; if (array_key_exists('GEDFact_assistant', WT_Module::getActiveModules())) { diff --git a/admin_users.php b/admin_users.php index 6d0280d8a5..0324f372e0 100644 --- a/admin_users.php +++ b/admin_users.php @@ -357,7 +357,7 @@ case 'createform': var idNum = fieldIDx.replace("RELATIONSHIP_PATH_LENGTH",""); var newIDx = "gedcomid"+idNum; if (jQuery("#"+newIDx).val()=="") { - alert("'.addslashes(WT_I18N::translate('You must specify an individual record before you can restrict the user to their immediate family.')).'"); + alert("'.WT_I18N::translate('You must specify an individual record before you can restrict the user to their immediate family.').'"); jQuery(this).val(""); } }); @@ -548,9 +548,9 @@ if ($action=="filter") { echo '<div class="find-media-thumb">', $media->displayImage(), '</div>'; echo '<div class="find-media-details">', $media->getFullName(), '</div>'; if (!$embed) { - echo '<p><a href="#" dir="auto" onclick="pasteid(\'', addslashes($media->getXref()), '\');">', $media->getFilename(), '</a></p>'; + echo '<p><a href="#" dir="auto" onclick="pasteid(\'', $media->getXref(), '\');">', $media->getFilename(), '</a></p>'; } else { - echo '<p><a href="#" dir="auto" onclick="pasteid(\'', $media->getXref(), '\', \'', '\', \'', addslashes($media->getFilename()), '\');">', $media->getFilename(), '</a></p> '; + echo '<p><a href="#" dir="auto" onclick="pasteid(\'', $media->getXref(), '\', \'', '\', \'', WT_Filter::escapeJs($media->getFilename()), '\');">', WT_Filter::escapeHtml($media->getFilename()), '</a></p> '; } if ($media->fileExists()) { $imgsize = $media->getImageAttributes(); diff --git a/includes/functions/functions_print.php b/includes/functions/functions_print.php index de34f0e084..e72fb105a6 100644 --- a/includes/functions/functions_print.php +++ b/includes/functions/functions_print.php @@ -317,7 +317,7 @@ function whoisonline() { foreach ($loggedusers as $user_id=>$user_name) { $content .= '<div class="logged_in_name">'; $content .= WT_Filter::escapeHtml(getUserFullName($user_id) . ' - ' . $user_name); - if (WT_USER_ID!=$user_id && get_user_setting($user_id, 'contactmethod')!="none") { + if (true || WT_USER_ID!=$user_id && get_user_setting($user_id, 'contactmethod')!="none") { $content .= ' <a class="icon-email" href="#" onclick="return message(\''.$user_name . '\', \'\', \''.addslashes(urlencode(get_query_url())).'\', \'\');" title="' . WT_I18N::translate('Send Message').'"></a>'; } $i++; diff --git a/includes/functions/functions_print_lists.php b/includes/functions/functions_print_lists.php index 9c13d2c7f5..0cef89c0c7 100644 --- a/includes/functions/functions_print_lists.php +++ b/includes/functions/functions_print_lists.php @@ -82,7 +82,7 @@ function format_indi_table($datalist, $option='') { "sPaginationType": "full_numbers" }); - jQuery("div.filtersH_'.$table_id.'").html("'.addslashes( + jQuery("div.filtersH_'.$table_id.'").html("'.WT_Filter::escapeJs( '<button type="button" id="SEX_M_'. $table_id.'" class="ui-state-default SEX_M" title="'. WT_I18N::translate('Show only males.').'"> '.WT_Individual::sexImage('M', 'small').' </button>'. '<button type="button" id="SEX_F_'. $table_id.'" class="ui-state-default SEX_F" title="'. WT_I18N::translate('Show only females.').'"> '.WT_Individual::sexImage('F', 'small').' </button>'. '<button type="button" id="SEX_U_'. $table_id.'" class="ui-state-default SEX_U" title="'. WT_I18N::translate('Show only persons of whom the gender is not known.').'"> '.WT_Individual::sexImage('U', 'small').' </button>'. @@ -97,7 +97,7 @@ function format_indi_table($datalist, $option='') { '<button type="button" id="RESET_'. $table_id.'" class="ui-state-default RESET" title="'. WT_I18N::translate('Reset to the list defaults.').'">'.WT_I18N::translate('Reset').'</button>' ).'"); - jQuery("div.filtersF_'.$table_id.'").html("'.addslashes( + jQuery("div.filtersF_'.$table_id.'").html("'.WT_Filter::escapeJs( '<button type="button" class="ui-state-default" id="cb_parents_indi_list_table" onclick="jQuery(\'div.parents_indi_list_table_'.$table_id.'\').toggle(); jQuery(this).toggleClass(\'ui-state-active\');">'.WT_I18N::translate('Show parents').'</button>'. '<button type="button" class="ui-state-default" id="charts_indi_list_table" onclick="jQuery(\'div.indi_list_table-charts_'.$table_id.'\').toggle(); jQuery(this).toggleClass(\'ui-state-active\');">'.WT_I18N::translate('Show statistics charts').'</button>' ).'"); @@ -489,7 +489,7 @@ function format_fam_table($datalist, $option='') { "sPaginationType": "full_numbers" }); - jQuery("div.filtersH_'.$table_id.'").html("'.addslashes( + jQuery("div.filtersH_'.$table_id.'").html("'.WT_Filter::escapeJs( '<button type="button" id="DEAT_N_'. $table_id.'" class="ui-state-default DEAT_N" title="'. WT_I18N::translate('Show people who are alive or couples where both partners are alive.').'">'.WT_I18N::translate('Both alive').'</button>'. '<button type="button" id="DEAT_W_'. $table_id.'" class="ui-state-default DEAT_W" title="'. WT_I18N::translate('Show couples where only the female partner is deceased.').'">'.WT_I18N::translate('Widower').'</button>'. '<button type="button" id="DEAT_H_'. $table_id.'" class="ui-state-default DEAT_H" title="'. WT_I18N::translate('Show couples where only the male partner is deceased.').'">'.WT_I18N::translate('Widow').'</button>'. @@ -504,7 +504,7 @@ function format_fam_table($datalist, $option='') { '<button type="button" id="RESET_'.$table_id.'" class="ui-state-default RESET" title="'.WT_I18N::translate('Reset to the list defaults.').'">'.WT_I18N::translate('Reset').'</button>' ).'"); - jQuery("div.filtersF_'.$table_id.'").html("'.addslashes( + jQuery("div.filtersF_'.$table_id.'").html("'.WT_Filter::escapeJs( '<button type="button" class="ui-state-default" id="cb_parents_'.$table_id.'" onclick="jQuery(\'div.parents_'.$table_id.'\').toggle(); jQuery(this).toggleClass(\'ui-state-active\');">'.WT_I18N::translate('Show parents').'</button>'. '<button type="button" class="ui-state-default" id="charts_fam_list_table" onclick="jQuery(\'div.fam_list_table-charts_'.$table_id.'\').toggle(); jQuery(this).toggleClass(\'ui-state-active\');">'. WT_I18N::translate('Show statistics charts').'</button>' ).'"); @@ -978,7 +978,7 @@ function format_sour_table($datalist) { } //-- Delete if (WT_USER_GEDCOM_ADMIN) { - $html .= '<td><div title="'. WT_I18N::translate('Delete'). '" class="deleteicon" onclick="if (confirm(\''. addslashes(WT_I18N::translate('Are you sure you want to delete “%s”?', strip_tags($source->getFullName()))). '\')) jQuery.post(\'action.php\',{action:\'delete-source\',xref:\''. $source->getXref(). '\'},function(){location.reload();})"><span class="link_text">'. WT_I18N::translate('Delete'). '</span></div></td>'; + $html .= '<td><div title="'. WT_I18N::translate('Delete'). '" class="deleteicon" onclick="if (confirm(\''. WT_Filter::escapeJs(WT_I18N::translate('Are you sure you want to delete “%s”?', strip_tags($source->getFullName()))). '\')) jQuery.post(\'action.php\',{action:\'delete-source\',xref:\''. $source->getXref(). '\'},function(){location.reload();})"><span class="link_text">'. WT_I18N::translate('Delete'). '</span></div></td>'; } else { $html .= '<td> </td>'; } @@ -1079,7 +1079,7 @@ function format_note_table($datalist) { } //-- Delete if (WT_USER_GEDCOM_ADMIN) { - $html .= '<td><div title="'. WT_I18N::translate('Delete'). '" class="deleteicon" onclick="if (confirm(\''. addslashes(WT_I18N::translate('Are you sure you want to delete “%s”?', strip_tags($note->getFullName()))). '\')) jQuery.post(\'action.php\',{action:\'delete-note\',xref:\''. $note->getXref(). '\'},function(){location.reload();})"><span class="link_text">'. WT_I18N::translate('Delete'). '</span></div></td>'; + $html .= '<td><div title="'. WT_I18N::translate('Delete'). '" class="deleteicon" onclick="if (confirm(\''. WT_Filter::escapeJs(WT_I18N::translate('Are you sure you want to delete “%s”?', strip_tags($note->getFullName()))). '\')) jQuery.post(\'action.php\',{action:\'delete-note\',xref:\''. $note->getXref(). '\'},function(){location.reload();})"><span class="link_text">'. WT_I18N::translate('Delete'). '</span></div></td>'; } else { $html .= '<td></td>'; } @@ -1171,7 +1171,7 @@ function format_repo_table($repos) { } //-- Delete if (WT_USER_GEDCOM_ADMIN) { - $html .= '<td><div title="'. WT_I18N::translate('Delete'). '" class="deleteicon" onclick="if (confirm(\''. addslashes(WT_I18N::translate('Are you sure you want to delete “%s”?', strip_tags($repo->getFullName()))). '\')) jQuery.post(\'action.php\',{action:\'delete-repository\',xref:\''. $repo->getXref(). '\'},function(){location.reload();})"><span class="link_text">'. WT_I18N::translate('Delete'). '</span></div></td>'; + $html .= '<td><div title="'. WT_I18N::translate('Delete'). '" class="deleteicon" onclick="if (confirm(\''. WT_Filter::escapeJs(WT_I18N::translate('Are you sure you want to delete “%s”?', strip_tags($repo->getFullName()))). '\')) jQuery.post(\'action.php\',{action:\'delete-repository\',xref:\''. $repo->getXref(). '\'},function(){location.reload();})"><span class="link_text">'. WT_I18N::translate('Delete'). '</span></div></td>'; } else { $html .= '<td> </td>'; } diff --git a/index_edit.php b/index_edit.php index 98151f21f2..1350d60d68 100644 --- a/index_edit.php +++ b/index_edit.php @@ -240,7 +240,7 @@ $controller // Load Block Description array for use by javascript foreach ($all_blocks as $block_name=>$block) { $controller->addInlineJavascript( - 'block_descr["'.$block_name.'"] = "'.addslashes($block->getDescription()).'";' + 'block_descr["'.$block_name.'"] = "'.WT_Filter::escapeJs($block->getDescription()).'";' ); } $controller->addInlineJavascript( diff --git a/library/WT/Controller/Individual.php b/library/WT/Controller/Individual.php index dac11a83d1..a540683e13 100644 --- a/library/WT/Controller/Individual.php +++ b/library/WT/Controller/Individual.php @@ -306,7 +306,7 @@ class WT_Controller_Individual extends WT_Controller_GedcomRecord { // delete if (WT_USER_CAN_EDIT) { $submenu = new WT_Menu(WT_I18N::translate('Delete'), '#', 'menu-indi-del'); - $submenu->addOnclick("if (confirm('".addslashes(WT_I18N::translate('Are you sure you want to delete “%s”?', strip_tags($this->record->getFullName())))."')) jQuery.post('action.php',{action:'delete-individual',xref:'".$this->record->getXref()."'},function(){location.reload();})"); + $submenu->addOnclick("if (confirm('".WT_I18N::translate('Are you sure you want to delete “%s”?', WT_Filter::escapeJs(strip_tags($this->record->getFullName())))."')) jQuery.post('action.php',{action:'delete-individual',xref:'".$this->record->getXref()."'},function(){location.reload();})"); $menu->addSubmenu($submenu); } diff --git a/library/WT/Filter.php b/library/WT/Filter.php index 81384b69de..ae547464f4 100644 --- a/library/WT/Filter.php +++ b/library/WT/Filter.php @@ -67,9 +67,9 @@ class WT_Filter { ////////////////////////////////////////////////////////////////////////////// private static function utf16be($string) { if (function_exists('iconv')) { - return iconv('utf-8', 'utf16be', $string); + return iconv(self::ENCODING, 'utf16be', $string); } elseif (function_exists('mb_convert_encoding')) { - return mb_convert_encoding($string, 'utf16be', 'utf-8'); + return mb_convert_encoding($string, 'utf16be', self::ENCODING); } else { throw new Exception('Need either iconv or mbstring libraries'); } diff --git a/library/WT/I18N.php b/library/WT/I18N.php index b5625cb777..097bd9e943 100644 --- a/library/WT/I18N.php +++ b/library/WT/I18N.php @@ -472,7 +472,7 @@ class WT_I18N { ' "sInfoFiltered": "'./* I18N: %s is a placeholder for a number */ WT_I18N::translate('(filtered from %s total entries)', '_MAX_').'",'. ' "sInfoPostfix": "",'. ' "sInfoThousands": "'.$symbols['group'].'",'. - ' "sLengthMenu": "'.addslashes($length_menu).'",'. + ' "sLengthMenu": "'.WT_Filter::escapeJs($length_menu).'",'. ' "sLoadingRecords": "'.WT_I18N::translate('Loading...').'",'. ' "sProcessing": "'.WT_I18N::translate('Loading...').'",'. ' "sSearch": "'.WT_I18N::translate('Filter').'",'. diff --git a/modules_v3/lightbox/module.php b/modules_v3/lightbox/module.php index ba32489318..28d2603b88 100644 --- a/modules_v3/lightbox/module.php +++ b/modules_v3/lightbox/module.php @@ -141,8 +141,7 @@ class lightbox_WT_Module extends WT_Module implements WT_Module_Tab { $needle = '1 NOTE'; $before = substr($haystack, 0, strpos($haystack, $needle)); $after = substr(strstr($haystack, $needle), strlen($needle)); - $final = $before.$needle.$after; - $notes = htmlspecialchars(addslashes(print_fact_notes($final, 1, true, true)), ENT_QUOTES); + $notes = print_fact_notes($before . $needle . $after, 1, true, true); // Prepare Below Thumbnail menu ---------------------------------------------------- $mtitle = '<div style="max-width:120px;overflow:hidden;text-overflow:ellipsis;">' . $media_list_item['media']->getFullName() . '</div>'; @@ -159,7 +158,7 @@ class lightbox_WT_Module extends WT_Module implements WT_Module_Tab { if (strpos($media_list_item['media']->getGedcom(), "\n1 NOTE")) { $submenu = new WT_Menu(WT_I18N::translate('View Notes'), '#'); // Notes Tooltip ---------------------------------------------------- - $submenu->addOnclick("modalNotes('". $notes ."','". WT_I18N::translate('View Notes') ."'); return false;"); + $submenu->addOnclick("modalNotes('". WT_Filter::escapeJs($notes) ."','". WT_I18N::translate('View Notes') ."'); return false;"); $submenu->addClass("submenuitem"); $menu->addSubMenu($submenu); } diff --git a/search_advanced.php b/search_advanced.php index 056c763bdc..d596dd38bc 100644 --- a/search_advanced.php +++ b/search_advanced.php @@ -62,7 +62,7 @@ echo '<script>'; <?php foreach ($controller->getOtherFields() as $field=>$label) { ?> opt = document.createElement('option'); opt.value='<?php echo $field; ?>'; - opt.text='<?php echo addslashes($label); ?>'; + opt.text='<?php echo WT_Filter::escapeJs($label); ?>'; sel.options.add(opt); <?php } ?> label.appendChild(sel); |
