summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--addmedia.php6
-rw-r--r--admin.php16
-rw-r--r--admin_media.php18
-rw-r--r--admin_media_upload.php2
-rw-r--r--admin_pgv_to_wt.php4
-rw-r--r--admin_site_change.php10
-rw-r--r--admin_site_clean.php14
-rw-r--r--admin_site_config.php38
-rw-r--r--admin_site_info.php4
-rw-r--r--admin_site_logs.php18
-rw-r--r--admin_site_merge.php6
-rw-r--r--admin_site_upgrade.php4
-rw-r--r--admin_trees_config.php28
-rw-r--r--admin_trees_download.php4
-rw-r--r--admin_trees_manage.php16
-rw-r--r--admin_trees_places.php8
-rw-r--r--admin_users.php26
-rw-r--r--app/Bootstrap4.php8
-rw-r--r--app/Controller/BranchesController.php3
-rw-r--r--app/Controller/FamilyBookController.php2
-rw-r--r--app/Controller/IndividualController.php5
-rw-r--r--app/Controller/IndividualListController.php5
-rw-r--r--app/Controller/TimelineController.php3
-rw-r--r--app/Database.php2
-rw-r--r--app/Fact.php4
-rw-r--r--app/Filter.php7
-rw-r--r--app/FontAwesome.php1
-rw-r--r--app/Functions/FunctionsEdit.php27
-rw-r--r--app/Functions/FunctionsPrint.php3
-rw-r--r--app/Functions/FunctionsPrintFacts.php39
-rw-r--r--app/Functions/FunctionsPrintLists.php32
-rw-r--r--app/GedcomRecord.php4
-rw-r--r--app/GedcomTag.php2
-rw-r--r--app/Html.php2
-rw-r--r--app/Individual.php2
-rw-r--r--app/Media.php4
-rw-r--r--app/Menu.php6
-rw-r--r--app/Module/BatchUpdate/BatchUpdateSearchReplacePlugin.php5
-rw-r--r--app/Module/BatchUpdateModule.php7
-rw-r--r--app/Module/CensusAssistantModule.php12
-rw-r--r--app/Module/ClippingsCartModule.php8
-rw-r--r--app/Module/FamiliesSidebarModule.php2
-rw-r--r--app/Module/FamilyTreeNewsModule.php4
-rw-r--r--app/Module/FamilyTreeStatisticsModule.php2
-rw-r--r--app/Module/FrequentlyAskedQuestionsModule.php6
-rw-r--r--app/Module/GoogleMapsModule.php23
-rw-r--r--app/Module/HtmlBlockModule.php5
-rw-r--r--app/Module/IndividualSidebarModule.php2
-rw-r--r--app/Module/LoggedInUsersModule.php2
-rw-r--r--app/Module/RecentChangesModule.php6
-rw-r--r--app/Module/ResearchTaskModule.php3
-rw-r--r--app/Module/StoriesModule.php9
-rw-r--r--app/Module/TopSurnamesModule.php4
-rw-r--r--app/Module/UserJournalModule.php5
-rw-r--r--app/Module/UserMessagesModule.php6
-rw-r--r--app/Place.php10
-rw-r--r--app/Select2.php11
-rw-r--r--app/Stats.php10
-rw-r--r--app/Theme/AbstractTheme.php9
-rw-r--r--app/Tree.php4
-rw-r--r--app/User.php2
-rw-r--r--branches.php2
-rw-r--r--edit_changes.php6
-rw-r--r--edit_interface.php14
-rw-r--r--editnews.php4
-rw-r--r--edituser.php8
-rw-r--r--famlist.php6
-rw-r--r--indilist.php6
-rw-r--r--individual.php2
-rw-r--r--inverselink.php2
-rw-r--r--login.php36
-rw-r--r--medialist.php2
-rw-r--r--message.php18
-rw-r--r--placelist.php2
-rw-r--r--reportengine.php22
-rw-r--r--search.php14
-rw-r--r--search_advanced.php2
-rw-r--r--setup.php44
-rw-r--r--site-unavailable.php2
-rw-r--r--statisticsplot.php2
-rw-r--r--timeline.php4
81 files changed, 378 insertions, 360 deletions
diff --git a/addmedia.php b/addmedia.php
index 8ba9269a02..5857e62d57 100644
--- a/addmedia.php
+++ b/addmedia.php
@@ -310,7 +310,7 @@ if ($gedfile === 'FILE') {
echo '</td>';
echo '<td class="optionbox wrap wrap">';
if (Auth::isManager($WT_TREE)) {
- echo '<input name="filename" type="text" value="' . Filter::escapeHtml($fileName) . '" size="40"';
+ echo '<input name="filename" type="text" value="' . Html::escape($fileName) . '" size="40"';
if ($isExternal) {
echo '>';
} else {
@@ -318,7 +318,7 @@ if ($gedfile === 'FILE') {
}
} else {
echo $fileName;
- echo '<input name="filename" type="hidden" value="' . Filter::escapeHtml($fileName) . '" size="40">';
+ echo '<input name="filename" type="hidden" value="' . Html::escape($fileName) . '" size="40">';
}
echo '</td>';
echo '</tr>';
@@ -357,7 +357,7 @@ if (!$isExternal) {
echo '<p class="small text-muted">', I18N::translate('This entry is ignored if you have entered a URL into the filename field.'), '</p>';
}
} else {
- echo '<input name="folder" type="hidden" value="', Filter::escapeHtml($folder), '">';
+ echo '<input name="folder" type="hidden" value="', Html::escape($folder), '">';
}
echo '<p class="small text-muted">', I18N::translate('If you have a large number of media files, you can organize them into folders and subfolders.'), '</p>'; echo '</td></tr>';
} else {
diff --git a/admin.php b/admin.php
index c0549e4cf4..7567243760 100644
--- a/admin.php
+++ b/admin.php
@@ -624,7 +624,7 @@ if (
<?php elseif ($update_available): ?>
<?= I18N::translate('A new version of webtrees is available.') ?>
<a href="admin_site_upgrade.php" class="error">
- <?= /* I18N: %s is a version number */ I18N::translate('Upgrade to webtrees %s.', Filter::escapeHtml($latest_version)) ?>
+ <?= /* I18N: %s is a version number */ I18N::translate('Upgrade to webtrees %s.', Html::escape($latest_version)) ?>
</a>
<?php else: ?>
<?= I18N::translate('This is the latest version of webtrees. No upgrade is available.') ?>
@@ -670,7 +670,7 @@ if (
<?php foreach ($administrators as $n => $user): ?>
<?= $n ? I18N::$list_separator : '' ?>
<a href="admin_users.php?action=edit&user_id=<?= $user->user_id ?>" dir="auto">
- <?= Filter::escapeHtml($user->real_name) ?>
+ <?= Html::escape($user->real_name) ?>
</a>
<?php endforeach ?>
</td>
@@ -683,7 +683,7 @@ if (
<?php foreach ($managers as $n => $user): ?>
<?= $n ? I18N::$list_separator : '' ?>
<a href="admin_users.php?action=edit&user_id=<?= $user->user_id ?>" dir="auto">
- <?= Filter::escapeHtml($user->real_name) ?>
+ <?= Html::escape($user->real_name) ?>
</a>
<?php endforeach ?>
</td>
@@ -696,7 +696,7 @@ if (
<?php foreach ($moderators as $n => $user): ?>
<?= $n ? I18N::$list_separator : '' ?>
<a href="admin_users.php?action=edit&user_id=<?= $user->user_id ?>" dir="auto">
- <?= Filter::escapeHtml($user->real_name) ?>
+ <?= Html::escape($user->real_name) ?>
</a>
<?php endforeach ?>
</td>
@@ -709,7 +709,7 @@ if (
<?php foreach ($unverified as $n => $user): ?>
<?= $n ? I18N::$list_separator : '' ?>
<a href="admin_users.php?action=edit&user_id=<?= $user->user_id ?>" dir="auto">
- <?= Filter::escapeHtml($user->real_name) ?>
+ <?= Html::escape($user->real_name) ?>
</a>
<?php endforeach ?>
</td>
@@ -722,7 +722,7 @@ if (
<?php foreach ($unapproved as $n => $user): ?>
<?= $n ? I18N::$list_separator : '' ?>
<a href="admin_users.php?action=edit&user_id=<?= $user->user_id ?>" dir="auto">
- <?= Filter::escapeHtml($user->real_name) ?>
+ <?= Html::escape($user->real_name) ?>
</a>
<?php endforeach ?>
</td>
@@ -735,7 +735,7 @@ if (
<?php foreach ($logged_in as $n => $user): ?>
<?= $n ? I18N::$list_separator : '' ?>
<a href="admin_users.php?action=edit&user_id=<?= $user->user_id ?>" dir="auto">
- <?= Filter::escapeHtml($user->real_name) ?>
+ <?= Html::escape($user->real_name) ?>
</a>
<?php endforeach ?>
</td>
@@ -895,7 +895,7 @@ if (
</p>
<ul class="list-unstyled">
<?php foreach ($files_to_delete as $file_to_delete): ?>
- <li dir="ltr"><code><?= Filter::escapeHtml($file_to_delete) ?></code></li>
+ <li dir="ltr"><code><?= Html::escape($file_to_delete) ?></code></li>
<?php endforeach ?>
</ul>
</div>
diff --git a/admin_media.php b/admin_media.php
index 08945deee3..0932d5be16 100644
--- a/admin_media.php
+++ b/admin_media.php
@@ -308,7 +308,7 @@ case 'load_json':
if (!$exists_pending) {
foreach ($media_trees as $media_tree) {
$create_form .=
- '<p><a href="" onclick="window.open(\'addmedia.php?action=showmediaform&amp;ged=' . rawurlencode($media_tree) . '&amp;filename=' . rawurlencode($unused_file) . '\', \'_blank\', edit_window_specs); return false;">' . I18N::translate('Create') . '</a> — ' . Filter::escapeHtml($media_tree) . '<p>';
+ '<p><a href="" onclick="window.open(\'addmedia.php?action=showmediaform&amp;ged=' . rawurlencode($media_tree) . '&amp;filename=' . rawurlencode($unused_file) . '\', \'_blank\', edit_window_specs); return false;">' . I18N::translate('Create') . '</a> — ' . Html::escape($media_tree) . '<p>';
}
}
@@ -476,7 +476,7 @@ function all_media_files($media_folder, $media_path, $subfolders, $filter) {
function mediaFileInfo($media_folder, $media_path, $file) {
$html = '<dl>';
$html .= '<dt>' . I18N::translate('Filename') . '</dt>';
- $html .= '<dd>' . Filter::escapeHtml($file) . '</dd>';
+ $html .= '<dd>' . Html::escape($file) . '</dd>';
$full_path = WT_DATA_DIR . $media_folder . $media_path . $file;
try {
@@ -516,7 +516,7 @@ function mediaObjectInfo(Media $media) {
$html =
'<b><a href="' . $media->getHtmlUrl() . '">' . $media->getFullName() . '</a></b>' .
- '<br><i>' . Filter::escapeHtml($media->getNote()) . '</i></br>';
+ '<br><i>' . Html::escape($media->getNote()) . '</i></br>';
$html .= '<br>';
@@ -624,16 +624,16 @@ echo Bootstrap4::breadcrumbs([
<?php if (count($media_folders) > 1): ?>
<?= WT_DATA_DIR . Bootstrap4::select($media_folders, $media_folder, ['name' => 'media_folder', 'onchange' => 'this.form.submit();']) ?>
<?php else: ?>
- <?= WT_DATA_DIR . Filter::escapeHtml($media_folder) ?>
- <input type="hidden" name="media_folder" value="<?= Filter::escapeHtml($media_folder) ?>">
+ <?= WT_DATA_DIR . Html::escape($media_folder) ?>
+ <input type="hidden" name="media_folder" value="<?= Html::escape($media_folder) ?>">
<?php endif ?>
</div>
<?php if (count($media_paths) > 1): ?>
<?= Bootstrap4::select($media_paths, $media_path, ['name' => 'media_path', 'onchange' => 'this.form.submit();']) ?>
<?php else: ?>
- <?= Filter::escapeHtml($media_path) ?>
- <input type="hidden" name="media_path" value="<?= Filter::escapeHtml($media_path) ?>">
+ <?= Html::escape($media_path) ?>
+ <input type="hidden" name="media_path" value="<?= Html::escape($media_path) ?>">
<?php endif ?>
<label>
@@ -649,8 +649,8 @@ echo Bootstrap4::breadcrumbs([
<?php elseif ($files === 'external'): ?>
<?= I18N::translate('External media files have a URL instead of a filename.') ?>
- <input type="hidden" name="media_folder" value="<?= Filter::escapeHtml($media_folder) ?>">
- <input type="hidden" name="media_path" value="<?= Filter::escapeHtml($media_path) ?>">
+ <input type="hidden" name="media_folder" value="<?= Html::escape($media_folder) ?>">
+ <input type="hidden" name="media_path" value="<?= Html::escape($media_path) ?>">
<?php endif ?>
</td>
diff --git a/admin_media_upload.php b/admin_media_upload.php
index 688ed9f3f1..9bc17426a6 100644
--- a/admin_media_upload.php
+++ b/admin_media_upload.php
@@ -236,7 +236,7 @@ for ($i = 1; $i < 6; $i++) {
echo '<option value="other" disabled>', I18N::translate('Other folder… please type in'), '</option>';
}
foreach ($mediaFolders as $f) {
- echo '<option value="', Filter::escapeHtml($f), '">', Filter::escapeHtml($f), '</option>';
+ echo '<option value="', Html::escape($f), '">', Html::escape($f), '</option>';
}
echo '</select>';
if (Auth::isAdmin()) {
diff --git a/admin_pgv_to_wt.php b/admin_pgv_to_wt.php
index 340b99055c..f9628a900f 100644
--- a/admin_pgv_to_wt.php
+++ b/admin_pgv_to_wt.php
@@ -144,7 +144,7 @@ if (!$PGV_PATH) {
if (count($pgv_dirs) > 1) {
$html = I18N::translate('PhpGedView might be installed in one of these folders:');
foreach ($pgv_dirs as $pgv_dir) {
- $html .= '<div onclick="$(\'#PGV_PATH\').val(\'' . Filter::escapeHtml($pgv_dir) . '\')">' . Filter::escapeHtml($pgv_dir) . '</div>';
+ $html .= '<div onclick="$(\'#PGV_PATH\').val(\'' . Html::escape($pgv_dir) . '\')">' . Html::escape($pgv_dir) . '</div>';
}
echo Theme::theme()->htmlAlert($html, 'info', true);
@@ -165,7 +165,7 @@ if (!$PGV_PATH) {
name="PGV_PATH"
size="40"
placeholder="<?= I18N::translate('Installation folder') ?>"
- value="<?= count($pgv_dirs) === 1 ? Filter::escapeHtml($pgv_dirs[0]) : '' ?>"
+ value="<?= count($pgv_dirs) === 1 ? Html::escape($pgv_dirs[0]) : '' ?>"
required
>
</div>
diff --git a/admin_site_change.php b/admin_site_change.php
index 6de8d071b0..4b415a0632 100644
--- a/admin_site_change.php
+++ b/admin_site_change.php
@@ -292,7 +292,7 @@ echo Bootstrap4::breadcrumbs([
<?= /* I18N: label for the start of a date range (from x to y) */ I18N::translate('From') ?>
</label>
<div class="input-group date">
- <input type="text" autocomplete="off" class="form-control" id="from" name="from" value="<?= Filter::escapeHtml($from) ?>">
+ <input type="text" autocomplete="off" class="form-control" id="from" name="from" value="<?= Html::escape($from) ?>">
<span class="input-group-addon"><span class="fa fa-calendar"></span></span>
</div>
</div>
@@ -302,7 +302,7 @@ echo Bootstrap4::breadcrumbs([
<?= /* I18N: label for the end of a date range (from x to y) */ I18N::translate('To') ?>
</label>
<div class="input-group date">
- <input type="text" autocomplete="off" class="form-control" id="to" name="to" value="<?= Filter::escapeHtml($to) ?>">
+ <input type="text" autocomplete="off" class="form-control" id="to" name="to" value="<?= Html::escape($to) ?>">
<span class="input-group-addon"><span class="fa fa-calendar"></span></span>
</div>
</div>
@@ -318,7 +318,7 @@ echo Bootstrap4::breadcrumbs([
<label for="xref">
<?= I18N::translate('Record') ?>
</label>
- <input class="form-control" type="text" id="xref" name="xref" value="<?= Filter::escapeHtml($xref) ?>">
+ <input class="form-control" type="text" id="xref" name="xref" value="<?= Html::escape($xref) ?>">
</div>
</div>
@@ -327,14 +327,14 @@ echo Bootstrap4::breadcrumbs([
<label for="oldged">
<?= I18N::translate('Old data') ?>
</label>
- <input class="form-control" type="text" id="oldged" name="oldged" value="<?= Filter::escapeHtml($oldged) ?>">
+ <input class="form-control" type="text" id="oldged" name="oldged" value="<?= Html::escape($oldged) ?>">
</div>
<div class="form-group col-xs-6 col-md-3">
<label for="newged">
<?= I18N::translate('New data') ?>
</label>
- <input class="form-control" type="text" id="newged" name="newged" value="<?= Filter::escapeHtml($newged) ?>">
+ <input class="form-control" type="text" id="newged" name="newged" value="<?= Html::escape($newged) ?>">
</div>
<div class="form-group col-xs-6 col-md-3">
diff --git a/admin_site_clean.php b/admin_site_clean.php
index 4f68486759..57180c0ade 100644
--- a/admin_site_clean.php
+++ b/admin_site_clean.php
@@ -25,15 +25,15 @@ if ($to_delete && Filter::checkCsrf()) {
$is_dir = is_dir(WT_DATA_DIR . $path);
if (File::delete(WT_DATA_DIR . $path)) {
if ($is_dir) {
- FlashMessages::addMessage(I18N::translate('The folder %s has been deleted.', Filter::escapeHtml($path)), 'success');
+ FlashMessages::addMessage(I18N::translate('The folder %s has been deleted.', Html::escape($path)), 'success');
} else {
- FlashMessages::addMessage(I18N::translate('The file %s has been deleted.', Filter::escapeHtml($path)), 'success');
+ FlashMessages::addMessage(I18N::translate('The file %s has been deleted.', Html::escape($path)), 'success');
}
} else {
if ($is_dir) {
- FlashMessages::addMessage(I18N::translate('The folder %s could not be deleted.', Filter::escapeHtml($path)), 'danger');
+ FlashMessages::addMessage(I18N::translate('The folder %s could not be deleted.', Html::escape($path)), 'danger');
} else {
- FlashMessages::addMessage(I18N::translate('The file %s could not be deleted.', Filter::escapeHtml($path)), 'danger');
+ FlashMessages::addMessage(I18N::translate('The file %s could not be deleted.', Html::escape($path)), 'danger');
}
}
}
@@ -93,12 +93,12 @@ echo Bootstrap4::breadcrumbs([
<?php
foreach ($entries as $entry) {
if (in_array($entry, $do_not_delete)) {
- echo '<li><i class="fa-li fa fa-ban text-danger"></i>', Filter::escapeHtml($entry), '</li>';
+ echo '<li><i class="fa-li fa fa-ban text-danger"></i>', Html::escape($entry), '</li>';
} else {
echo '<li><i class="fa-li fa fa-trash-o"></i>';
echo '<label>';
- echo '<input type="checkbox" name="to_delete[]" value="', Filter::escapeHtml($entry), '"> ';
- echo Filter::escapeHtml($entry);
+ echo '<input type="checkbox" name="to_delete[]" value="', Html::escape($entry), '"> ';
+ echo Html::escape($entry);
echo '</label></li>';
}
}
diff --git a/admin_site_config.php b/admin_site_config.php
index a16c7a9520..98acbce4ff 100644
--- a/admin_site_config.php
+++ b/admin_site_config.php
@@ -33,7 +33,7 @@ case 'site':
if (File::mkdir($INDEX_DIRECTORY)) {
Site::setPreference('INDEX_DIRECTORY', $INDEX_DIRECTORY);
} else {
- FlashMessages::addMessage(I18N::translate('The folder %s does not exist, and it could not be created.', Filter::escapeHtml($INDEX_DIRECTORY)), 'danger');
+ FlashMessages::addMessage(I18N::translate('The folder %s does not exist, and it could not be created.', Html::escape($INDEX_DIRECTORY)), 'danger');
}
Site::setPreference('MEMORY_LIMIT', Filter::post('MEMORY_LIMIT'));
Site::setPreference('MAX_EXECUTION_TIME', Filter::post('MAX_EXECUTION_TIME'));
@@ -177,7 +177,7 @@ echo Bootstrap4::breadcrumbs([
<?= /* I18N: A configuration setting */ I18N::translate('Data folder') ?>
</label>
<div class="col-sm-9">
- <input type="text" class="form-control" dir="ltr" id="INDEX_DIRECTORY" name="INDEX_DIRECTORY" value="<?= Filter::escapeHtml(Site::getPreference('INDEX_DIRECTORY')) ?>" maxlength="255" placeholder="data/" required>
+ <input type="text" class="form-control" dir="ltr" id="INDEX_DIRECTORY" name="INDEX_DIRECTORY" value="<?= Html::escape(Site::getPreference('INDEX_DIRECTORY')) ?>" maxlength="255" placeholder="data/" required>
<p class="small text-muted">
<?= /* I18N: Help text for the "Data folder" site configuration setting */ I18N::translate('This folder will be used by webtrees to store media files, GEDCOM files, temporary files, etc. These files may contain private data, and should not be made available over the internet.') ?>
</p>
@@ -199,7 +199,7 @@ echo Bootstrap4::breadcrumbs([
<?= /* I18N: A configuration setting */ I18N::translate('Memory limit') ?>
</label>
<div class="col-sm-9">
- <input type="text" class="form-control" id="MEMORY_LIMIT" name="MEMORY_LIMIT" value="<?= Filter::escapeHtml(Site::getPreference('MEMORY_LIMIT')) ?>" pattern="[0-9]+[KMG]" placeholder="<?= get_cfg_var('memory_limit') ?>" maxlength="255">
+ <input type="text" class="form-control" id="MEMORY_LIMIT" name="MEMORY_LIMIT" value="<?= Html::escape(Site::getPreference('MEMORY_LIMIT')) ?>" pattern="[0-9]+[KMG]" placeholder="<?= get_cfg_var('memory_limit') ?>" maxlength="255">
<p class="small text-muted">
<?= /* I18N: %s is an amount of memory, such as 32MB */ I18N::translate('By default, your server allows scripts to use %s of memory.', get_cfg_var('memory_limit')) ?>
<?= I18N::translate('You can request a higher or lower limit, although the server may ignore this request.') ?>
@@ -214,7 +214,7 @@ echo Bootstrap4::breadcrumbs([
<?= /* I18N: A configuration setting */ I18N::translate('PHP time limit') ?>
</label>
<div class="col-sm-9">
- <input type="text" class="form-control" id="MAX_EXECUTION_TIME" name="MAX_EXECUTION_TIME" value="<?= Filter::escapeHtml(Site::getPreference('MAX_EXECUTION_TIME')) ?>" pattern="[0-9]*" placeholder="<?= get_cfg_var('max_execution_time') ?>" maxlength="255">
+ <input type="text" class="form-control" id="MAX_EXECUTION_TIME" name="MAX_EXECUTION_TIME" value="<?= Html::escape(Site::getPreference('MAX_EXECUTION_TIME')) ?>" pattern="[0-9]*" placeholder="<?= get_cfg_var('max_execution_time') ?>" maxlength="255">
<p class="small text-muted">
<?= I18N::plural(
'By default, your server allows scripts to run for %s second.',
@@ -289,7 +289,7 @@ echo Bootstrap4::breadcrumbs([
<?= /* I18N: A configuration setting */ I18N::translate('Session timeout') ?>
</label>
<div class="col-sm-9">
- <input type="text" class="form-control" id="SESSION_TIME" name="SESSION_TIME" value="<?= Filter::escapeHtml(Site::getPreference('SESSION_TIME')) ?>" pattern="[0-9]*" placeholder="7200" maxlength="255">
+ <input type="text" class="form-control" id="SESSION_TIME" name="SESSION_TIME" value="<?= Html::escape(Site::getPreference('SESSION_TIME')) ?>" pattern="[0-9]*" placeholder="7200" maxlength="255">
<p class="small text-muted">
<?= /* I18N: Help text for the “Session timeout” site configuration setting */ I18N::translate('The time in seconds that a webtrees session remains active before requiring a new sign-in. The default is 7200, which is 2 hours.') ?>
<?= I18N::translate('Leave this blank to use the default value.') ?>
@@ -319,7 +319,7 @@ echo Bootstrap4::breadcrumbs([
<?= /* I18N: A configuration setting */ I18N::translate('Sender name') ?>
</label>
<div class="col-sm-9">
- <input type="email" class="form-control" id="SMTP_FROM_NAME" name="SMTP_FROM_NAME" value="<?= Filter::escapeHtml(Site::getPreference('SMTP_FROM_NAME')) ?>" placeholder="no-reply@localhost" maxlength="255">
+ <input type="email" class="form-control" id="SMTP_FROM_NAME" name="SMTP_FROM_NAME" value="<?= Html::escape(Site::getPreference('SMTP_FROM_NAME')) ?>" placeholder="no-reply@localhost" maxlength="255">
<p class="small text-muted">
<?= /* I18N: Help text for the “Sender name” site configuration setting */ I18N::translate('This name is used in the “From” field, when sending automatic emails from this server.') ?>
</p>
@@ -334,7 +334,7 @@ echo Bootstrap4::breadcrumbs([
<?= /* I18N: A configuration setting */ I18N::translate('Server name') ?>
</label>
<div class="col-sm-9">
- <input type="text" class="form-control" id="SMTP_HOST" name="SMTP_HOST" value="<?= Filter::escapeHtml(Site::getPreference('SMTP_HOST')) ?>" placeholder="smtp.example.com" maxlength="255" pattern="[a-z0-9-]+(\.[a-z0-9-]+)*">
+ <input type="text" class="form-control" id="SMTP_HOST" name="SMTP_HOST" value="<?= Html::escape(Site::getPreference('SMTP_HOST')) ?>" placeholder="smtp.example.com" maxlength="255" pattern="[a-z0-9-]+(\.[a-z0-9-]+)*">
<p class="small text-muted">
<?= /* I18N: Help text for the “Server name” site configuration setting */ I18N::translate('This is the name of the SMTP server. “localhost” means that the mail service is running on the same computer as your web server.') ?>
</p>
@@ -347,7 +347,7 @@ echo Bootstrap4::breadcrumbs([
<?= /* I18N: A configuration setting */ I18N::translate('Port number') ?>
</label>
<div class="col-sm-9">
- <input type="text" class="form-control" id="SMTP_PORT" name="SMTP_PORT" value="<?= Filter::escapeHtml(Site::getPreference('SMTP_PORT')) ?>" pattern="[0-9]*" placeholder="25" maxlength="5">
+ <input type="text" class="form-control" id="SMTP_PORT" name="SMTP_PORT" value="<?= Html::escape(Site::getPreference('SMTP_PORT')) ?>" pattern="[0-9]*" placeholder="25" maxlength="5">
<p class="small text-muted">
<?= /* I18N: Help text for the "Port number" site configuration setting */ I18N::translate('By default, SMTP works on port 25.') ?>
</p>
@@ -375,7 +375,7 @@ echo Bootstrap4::breadcrumbs([
<?= /* I18N: A configuration setting */ I18N::translate('Username') ?>
</label>
<div class="col-sm-9">
- <input type="text" class="form-control" id="SMTP_AUTH_USER" name="SMTP_AUTH_USER" value="<?= Filter::escapeHtml(Site::getPreference('SMTP_AUTH_USER')) ?>" maxlength="255">
+ <input type="text" class="form-control" id="SMTP_AUTH_USER" name="SMTP_AUTH_USER" value="<?= Html::escape(Site::getPreference('SMTP_AUTH_USER')) ?>" maxlength="255">
<p class="small text-muted">
<?= /* I18N: Help text for the "Username" site configuration setting */ I18N::translate('The username required for authentication with the SMTP server.') ?>
</p>
@@ -414,7 +414,7 @@ echo Bootstrap4::breadcrumbs([
<?= /* I18N: A configuration setting */ I18N::translate('Sending server name') ?>
</label>
<div class="col-sm-9">
- <input type="text" class="form-control" id="SMTP_HELO" name="SMTP_HELO" value="<?= Filter::escapeHtml(Site::getPreference('SMTP_HELO')) ?>" placeholder="localhost" maxlength="255" pattern="[a-z0-9-]+(\.[a-z0-9-]+)*">
+ <input type="text" class="form-control" id="SMTP_HELO" name="SMTP_HELO" value="<?= Html::escape(Site::getPreference('SMTP_HELO')) ?>" placeholder="localhost" maxlength="255" pattern="[a-z0-9-]+(\.[a-z0-9-]+)*">
<p class="small text-muted">
<?= /* I18N: Help text for the "Sending server name" site configuration setting */ I18N::translate('Many mail servers require that the sending server identifies itself correctly, using a valid domain name.') ?>
</p>
@@ -439,7 +439,7 @@ echo Bootstrap4::breadcrumbs([
<?= /* I18N: A configuration setting */ I18N::translate('Sign-in URL') ?>
</label>
<div class="col-sm-9">
- <input type="text" class="form-control" id="LOGIN_URL" name="LOGIN_URL" value="<?= Filter::escapeHtml(Site::getPreference('LOGIN_URL')) ?>" maxlength="255">
+ <input type="text" class="form-control" id="LOGIN_URL" name="LOGIN_URL" value="<?= Html::escape(Site::getPreference('LOGIN_URL')) ?>" maxlength="255">
<p class="small text-muted">
<?= /* I18N: Help text for the "Login URL" site configuration setting */ I18N::translate('You only need to enter a Sign-in URL if you want to redirect to a different website or location when your users sign in. This is very useful if you need to switch from http to https when your users sign in. Include the full URL to <i>login.php</i>. For example, https://www.yourserver.com/webtrees/login.php .') ?>
</p>
@@ -464,7 +464,7 @@ echo Bootstrap4::breadcrumbs([
<?= /* I18N: A configuration setting */ I18N::translate('Custom welcome text') ?>
</label>
<div class="col-sm-9">
- <textarea class="form-control" maxlength="2000" id="WELCOME_TEXT_AUTH_MODE_4" name="WELCOME_TEXT_AUTH_MODE_4" rows="4"><?= Filter::escapeHtml(Site::getPreference('WELCOME_TEXT_AUTH_MODE_' . WT_LOCALE)) ?></textarea>
+ <textarea class="form-control" maxlength="2000" id="WELCOME_TEXT_AUTH_MODE_4" name="WELCOME_TEXT_AUTH_MODE_4" rows="4"><?= Html::escape(Site::getPreference('WELCOME_TEXT_AUTH_MODE_' . WT_LOCALE)) ?></textarea>
<p class="small text-muted">
<?= /* I18N: Help text for the "Custom welcome text" site configuration setting */ I18N::translate('To set this text for other languages, you must switch to that language, and visit this page again.') ?>
</p>
@@ -521,7 +521,7 @@ echo Bootstrap4::breadcrumbs([
<input
type="text" class="form-control"
id="BING_WEBMASTER_ID" name="BING_WEBMASTER_ID" <?= dirname(parse_url(WT_BASE_URL, PHP_URL_PATH)) === '/' ? '' : 'disabled' ?>
- value="<?= Filter::escapeHtml(Site::getPreference('BING_WEBMASTER_ID')) ?>"
+ value="<?= Html::escape(Site::getPreference('BING_WEBMASTER_ID')) ?>"
maxlength="255" pattern="[0-9a-zA-Z+=/_:.!-]*"
>
<p class="small text-muted">
@@ -542,7 +542,7 @@ echo Bootstrap4::breadcrumbs([
<input
type="text" class="form-control"
id="GOOGLE_WEBMASTER_ID" name="GOOGLE_WEBMASTER_ID" <?= dirname(parse_url(WT_BASE_URL, PHP_URL_PATH)) === '/' ? '' : 'disabled' ?>
- value="<?= Filter::escapeHtml(Site::getPreference('GOOGLE_WEBMASTER_ID')) ?>"
+ value="<?= Html::escape(Site::getPreference('GOOGLE_WEBMASTER_ID')) ?>"
maxlength="255" pattern="[0-9a-zA-Z+=/_:.!-]*"
>
<p class="small text-muted">
@@ -560,7 +560,7 @@ echo Bootstrap4::breadcrumbs([
<span class="sr-only">Google Analytics</span>
</label>
<div class="col-sm-9">
- <input type="text" class="form-control" id="GOOGLE_ANALYTICS_ID" name="GOOGLE_ANALYTICS_ID" value="<?= Filter::escapeHtml(Site::getPreference('GOOGLE_ANALYTICS_ID')) ?>" placeholder="UA-12345-6" maxlength="255" pattern="UA-[0-9]+-[0-9]+">
+ <input type="text" class="form-control" id="GOOGLE_ANALYTICS_ID" name="GOOGLE_ANALYTICS_ID" value="<?= Html::escape(Site::getPreference('GOOGLE_ANALYTICS_ID')) ?>" placeholder="UA-12345-6" maxlength="255" pattern="UA-[0-9]+-[0-9]+">
<p class="small text-muted">
<?= I18N::translate('Tracking and analytics are not added to the control panel.') ?>
</p>
@@ -575,7 +575,7 @@ echo Bootstrap4::breadcrumbs([
<?= /* I18N: A configuration setting */ I18N::translate('Site identification code') ?>
</label>
<div class="col-sm-9">
- <input type="text" class="form-control" id="PIWIK_SITE_ID" name="PIWIK_SITE_ID" value="<?= Filter::escapeHtml(Site::getPreference('PIWIK_SITE_ID')) ?>" maxlength="255" pattern="[0-9]+">
+ <input type="text" class="form-control" id="PIWIK_SITE_ID" name="PIWIK_SITE_ID" value="<?= Html::escape(Site::getPreference('PIWIK_SITE_ID')) ?>" maxlength="255" pattern="[0-9]+">
</div>
</div>
@@ -585,7 +585,7 @@ echo Bootstrap4::breadcrumbs([
<?= /* I18N: A configuration setting */ I18N::translate('URL') ?>
</label>
<div class="col-sm-9">
- <input type="text" class="form-control" id="PIWIK_URL" name="PIWIK_URL" value="<?= Filter::escapeHtml(Site::getPreference('PIWIK_URL')) ?>" placeholder="example.com/piwik" maxlength="255">
+ <input type="text" class="form-control" id="PIWIK_URL" name="PIWIK_URL" value="<?= Html::escape(Site::getPreference('PIWIK_URL')) ?>" placeholder="example.com/piwik" maxlength="255">
<p class="small text-muted">
<?= I18N::translate('Tracking and analytics are not added to the control panel.') ?>
</p>
@@ -600,7 +600,7 @@ echo Bootstrap4::breadcrumbs([
<?= /* I18N: A configuration setting */ I18N::translate('Site identification code') ?>
</label>
<div class="col-sm-9">
- <input type="text" class="form-control" id="STATCOUNTER_PROJECT_ID" name="STATCOUNTER_PROJECT_ID" value="<?= Filter::escapeHtml(Site::getPreference('STATCOUNTER_PROJECT_ID')) ?>" maxlength="255" pattern="[0-9]+">
+ <input type="text" class="form-control" id="STATCOUNTER_PROJECT_ID" name="STATCOUNTER_PROJECT_ID" value="<?= Html::escape(Site::getPreference('STATCOUNTER_PROJECT_ID')) ?>" maxlength="255" pattern="[0-9]+">
</div>
</div>
@@ -610,7 +610,7 @@ echo Bootstrap4::breadcrumbs([
<?= /* I18N: A configuration setting */ I18N::translate('Security code') ?>
</label>
<div class="col-sm-9">
- <input type="text" class="form-control" id="STATCOUNTER_SECURITY_ID" name="STATCOUNTER_SECURITY_ID" value="<?= Filter::escapeHtml(Site::getPreference('STATCOUNTER_SECURITY_ID')) ?>" maxlength="255" pattern="[0-9a-zA-Z]+">
+ <input type="text" class="form-control" id="STATCOUNTER_SECURITY_ID" name="STATCOUNTER_SECURITY_ID" value="<?= Html::escape(Site::getPreference('STATCOUNTER_SECURITY_ID')) ?>" maxlength="255" pattern="[0-9a-zA-Z]+">
<p class="small text-muted">
<?= I18N::translate('Tracking and analytics are not added to the control panel.') ?>
</p>
diff --git a/admin_site_info.php b/admin_site_info.php
index d498259580..d3dbbcada0 100644
--- a/admin_site_info.php
+++ b/admin_site_info.php
@@ -62,8 +62,8 @@ echo Bootstrap4::breadcrumbs([
<div class="panel-body">
<dl>
<?php foreach ($variables as $variable => $value): ?>
- <dt><?= Filter::escapeHtml($variable) ?></dt>
- <dd><?= Filter::escapeHtml($value) ?></dd>
+ <dt><?= Html::escape($variable) ?></dt>
+ <dd><?= Html::escape($value) ?></dd>
<?php endforeach ?>
</dl>
</div>
diff --git a/admin_site_logs.php b/admin_site_logs.php
index da4c860e8d..3991c76669 100644
--- a/admin_site_logs.php
+++ b/admin_site_logs.php
@@ -155,11 +155,11 @@ case 'load_json':
// This becomes a JSON list, not array, so need to fetch with numeric keys.
$data = Database::prepare($sql_select . $where . $order_by . $limit)->execute($args)->fetchAll(PDO::FETCH_NUM);
foreach ($data as &$datum) {
- $datum[2] = Filter::escapeHtml($datum[2]);
- $datum[3] = '<span dir="auto">' . Filter::escapeHtml($datum[3]) . '</span>';
- $datum[4] = '<span dir="auto">' . Filter::escapeHtml($datum[4]) . '</span>';
- $datum[5] = '<span dir="auto">' . Filter::escapeHtml($datum[5]) . '</span>';
- $datum[6] = '<span dir="auto">' . Filter::escapeHtml($datum[6]) . '</span>';
+ $datum[2] = Html::escape($datum[2]);
+ $datum[3] = '<span dir="auto">' . Html::escape($datum[3]) . '</span>';
+ $datum[4] = '<span dir="auto">' . Html::escape($datum[4]) . '</span>';
+ $datum[5] = '<span dir="auto">' . Html::escape($datum[5]) . '</span>';
+ $datum[6] = '<span dir="auto">' . Html::escape($datum[6]) . '</span>';
}
// Total filtered/unfiltered rows
@@ -239,7 +239,7 @@ echo Bootstrap4::breadcrumbs([
<?= /* I18N: label for the start of a date range (from x to y) */ I18N::translate('From') ?>
</label>
<div class="input-group date">
- <input type="text" autocomplete="off" class="form-control" id="from" name="from" value="<?= Filter::escapeHtml($from) ?>">
+ <input type="text" autocomplete="off" class="form-control" id="from" name="from" value="<?= Html::escape($from) ?>">
<span class="input-group-addon"><span class="fa fa-calendar"></span></span>
</div>
</div>
@@ -249,7 +249,7 @@ echo Bootstrap4::breadcrumbs([
<?= /* I18N: label for the end of a date range (from x to y) */ I18N::translate('To') ?>
</label>
<div class="input-group date">
- <input type="text" autocomplete="off" class="form-control" id="to" name="to" value="<?= Filter::escapeHtml($to) ?>">
+ <input type="text" autocomplete="off" class="form-control" id="to" name="to" value="<?= Html::escape($to) ?>">
<span class="input-group-addon"><span class="fa fa-calendar"></span></span>
</div>
</div>
@@ -265,7 +265,7 @@ echo Bootstrap4::breadcrumbs([
<label for="ip">
<?= I18N::translate('IP address') ?>
</label>
- <input class="form-control" type="text" id="ip" name="ip" value="<?= Filter::escapeHtml($ip) ?>">
+ <input class="form-control" type="text" id="ip" name="ip" value="<?= Html::escape($ip) ?>">
</div>
</div>
@@ -274,7 +274,7 @@ echo Bootstrap4::breadcrumbs([
<label for="text">
<?= I18N::translate('Message') ?>
</label>
- <input class="form-control" type="text" id="text" name="text" value="<?= Filter::escapeHtml($text) ?>">
+ <input class="form-control" type="text" id="text" name="text" value="<?= Html::escape($text) ?>">
</div>
<div class="form-group col-sm-4">
diff --git a/admin_site_merge.php b/admin_site_merge.php
index acae4be0ac..b8062e957d 100644
--- a/admin_site_merge.php
+++ b/admin_site_merge.php
@@ -217,7 +217,7 @@ echo Bootstrap4::breadcrumbs([
<input type="checkbox" name="keep1[]" value="<?= $fact->getFactId() ?>" checked>
</td>
<td>
- <div class="gedcom-data" dir="ltr"><?= Filter::escapeHtml($fact->getGedcom()) ?></div>
+ <div class="gedcom-data" dir="ltr"><?= Html::escape($fact->getGedcom()) ?></div>
<?php if ($fact->getTarget()): ?>
<a href="<?= $fact->getTarget()->getHtmlUrl() ?>">
<?= $fact->getTarget()->getFullName() ?>
@@ -264,7 +264,7 @@ echo Bootstrap4::breadcrumbs([
<input type="checkbox" name="keep1[]" value="<?= $fact->getFactId() ?>" checked>
</td>
<td>
- <div class="gedcom-data" dir="ltr"><?= Filter::escapeHtml($fact->getGedcom()) ?></div>
+ <div class="gedcom-data" dir="ltr"><?= Html::escape($fact->getGedcom()) ?></div>
<?php if ($fact->getTarget()): ?>
<a href="<?= $fact->getTarget()->getHtmlUrl() ?>">
<?= $fact->getTarget()->getFullName() ?>
@@ -310,7 +310,7 @@ echo Bootstrap4::breadcrumbs([
<input type="checkbox" name="keep2[]" value="<?= $fact->getFactId() ?>" checked>
</td>
<td>
- <div class="gedcom-data" dir="ltr"><?= Filter::escapeHtml($fact->getGedcom()) ?></div>
+ <div class="gedcom-data" dir="ltr"><?= Html::escape($fact->getGedcom()) ?></div>
<?php if ($fact->getTarget()): ?>
<a href="<?= $fact->getTarget()->getHtmlUrl() ?>">
<?= $fact->getTarget()->getFullName() ?>
diff --git a/admin_site_upgrade.php b/admin_site_upgrade.php
index 21577277f9..224438dd3a 100644
--- a/admin_site_upgrade.php
+++ b/admin_site_upgrade.php
@@ -141,7 +141,7 @@ if ($custom_modules) {
if ($modules_action != 'ignore') {
echo '<br>', I18N::translate('No custom modules are enabled.'), $icon_success;
}
- echo '<input type="hidden" name="modules" value="', Filter::escapeHtml($modules_action), '">';
+ echo '<input type="hidden" name="modules" value="', Html::escape($modules_action), '">';
}
echo '</li>';
@@ -205,7 +205,7 @@ if ($custom_themes) {
if ($themes_action != 'ignore') {
echo '<br>', I18N::translate('No custom themes are enabled.'), $icon_success;
}
- echo '<input type="hidden" name="themes" value="', Filter::escapeHtml($themes_action), '">';
+ echo '<input type="hidden" name="themes" value="', Html::escape($themes_action), '">';
}
echo '</li>';
diff --git a/admin_trees_config.php b/admin_trees_config.php
index aa85aed64f..01658ce413 100644
--- a/admin_trees_config.php
+++ b/admin_trees_config.php
@@ -367,7 +367,7 @@ echo Bootstrap4::breadcrumbs([
maxlength="5"
name="MAX_ALIVE_AGE"
type="text"
- value="<?= Filter::escapeHtml($WT_TREE->getPreference('MAX_ALIVE_AGE')) ?>"
+ value="<?= Html::escape($WT_TREE->getPreference('MAX_ALIVE_AGE')) ?>"
>
<p class="small text-muted">
<?= /* I18N: Help text for the “Age at which to assume an individual is dead” configuration setting */ I18N::translate('If this individual has any events other than death, burial, or cremation more recent than this number of years, they are considered to be “alive”. Children’s birth dates are considered to be such events for this purpose.') ?>
@@ -558,7 +558,7 @@ echo Bootstrap4::breadcrumbs([
name="title"
required
type="text"
- value="<?= Filter::escapeHtml($WT_TREE->getPreference('title')) ?>"
+ value="<?= Html::escape($WT_TREE->getPreference('title')) ?>"
>
</div>
</div>
@@ -803,7 +803,7 @@ echo Bootstrap4::breadcrumbs([
name="WEBTREES_EMAIL"
required
type="email"
- value="<?= Filter::escapeHtml($WT_TREE->getPreference('WEBTREES_EMAIL')) ?>"
+ value="<?= Html::escape($WT_TREE->getPreference('WEBTREES_EMAIL')) ?>"
>
<p class="small text-muted">
<?= /* I18N: Help text for the “webtrees reply address” configuration setting */ I18N::translate('Email address to be used in the “From:” field of emails that webtrees creates automatically.<br><br>webtrees can automatically create emails to notify administrators of changes that need to be reviewed. webtrees also sends notification emails to users who have requested an account.<br><br>Usually, the “From:” field of these automatically created emails is something like <i>From: webtrees-noreply@yoursite</i> to show that no response to the email is required. To guard against spam or other email abuse, some email systems require each message’s “From:” field to reflect a valid email account and will not accept messages that are apparently from account <i>webtrees-noreply</i>.') ?>
@@ -822,7 +822,7 @@ echo Bootstrap4::breadcrumbs([
<?php foreach (User::all() as $user): ?>
<?php if (Auth::isMember($WT_TREE, $user)): ?>
<option value="<?= $user->getUserId() ?>" <?= $WT_TREE->getPreference('CONTACT_USER_ID') === $user->getUserId() ? 'selected' : '' ?>>
- <?= $user->getRealNameHtml() ?> - <?= Filter::escapeHtml($user->getUserName()) ?>
+ <?= $user->getRealNameHtml() ?> - <?= Html::escape($user->getUserName()) ?>
</option>
<?php endif ?>
<?php endforeach ?>
@@ -844,7 +844,7 @@ echo Bootstrap4::breadcrumbs([
<?php foreach (User::all() as $user): ?>
<?php if (Auth::isMember($WT_TREE, $user)): ?>
<option value="<?= $user->getUserId() ?>" <?= $WT_TREE->getPreference('WEBMASTER_USER_ID') === $user->getUserId() ? 'selected' : '' ?>>
- <?= $user->getRealNameHtml() ?> - <?= Filter::escapeHtml($user->getUserName()) ?>
+ <?= $user->getRealNameHtml() ?> - <?= Html::escape($user->getUserName()) ?>
</option>
<?php endif ?>
<?php endforeach ?>
@@ -869,7 +869,7 @@ echo Bootstrap4::breadcrumbs([
maxlength="255"
name="META_TITLE"
type="text"
- value="<?= Filter::escapeHtml($WT_TREE->getPreference('META_TITLE')) ?>"
+ value="<?= Html::escape($WT_TREE->getPreference('META_TITLE')) ?>"
>
<p class="small text-muted">
<?= /* I18N: Help text for the “Add to TITLE header tag” configuration setting */ I18N::translate('This text will be appended to each page title. It will be shown in the browser’s title bar, bookmarks, etc.') ?>
@@ -889,7 +889,7 @@ echo Bootstrap4::breadcrumbs([
maxlength="255"
name="META_DESCRIPTION"
type="text"
- value="<?= Filter::escapeHtml($WT_TREE->getPreference('META_DESCRIPTION')) ?>"
+ value="<?= Html::escape($WT_TREE->getPreference('META_DESCRIPTION')) ?>"
>
<p class="small text-muted">
<?= /* I18N: Help text for the “Description META tag” configuration setting */ I18N::translate('The value to place in the “meta description” tag in the HTML page header. Leave this field empty to use the name of the family tree.') ?>
@@ -945,7 +945,7 @@ echo Bootstrap4::breadcrumbs([
maxlength="255"
name="MEDIA_DIRECTORY"
type="text"
- value="<?= Filter::escapeHtml($WT_TREE->getPreference('MEDIA_DIRECTORY')) ?>"
+ value="<?= Html::escape($WT_TREE->getPreference('MEDIA_DIRECTORY')) ?>"
>
</div>
<p class="small text-muted">
@@ -1075,7 +1075,7 @@ echo Bootstrap4::breadcrumbs([
name="SUBLIST_TRIGGER_I"
required
type="text"
- value="<?= Filter::escapeHtml($WT_TREE->getPreference('SUBLIST_TRIGGER_I')) ?>"
+ value="<?= Html::escape($WT_TREE->getPreference('SUBLIST_TRIGGER_I')) ?>"
>
<p class="small text-muted">
<?= /* I18N: Help text for the “Maximum number of surnames on individual list” configuration setting */ I18N::translate('Long lists of individuals with the same surname can be broken into smaller sub-lists according to the first letter of the individual’s given name.<br><br>This option determines when sub-listing of surnames will occur. To disable sub-listing completely, set this option to zero.') ?>
@@ -1142,7 +1142,7 @@ echo Bootstrap4::breadcrumbs([
name="DEFAULT_PEDIGREE_GENERATIONS"
required
type="text"
- value="<?= Filter::escapeHtml($WT_TREE->getPreference('DEFAULT_PEDIGREE_GENERATIONS')) ?>"
+ value="<?= Html::escape($WT_TREE->getPreference('DEFAULT_PEDIGREE_GENERATIONS')) ?>"
>
<p class="small text-muted">
<?= /* I18N: Help text for the “Default pedigree generations” configuration setting */ I18N::translate('Set the default number of generations to display on descendancy and pedigree charts.') ?>
@@ -1162,7 +1162,7 @@ echo Bootstrap4::breadcrumbs([
maxlength="5"
name="MAX_PEDIGREE_GENERATIONS"
type="text"
- value="<?= Filter::escapeHtml($WT_TREE->getPreference('MAX_PEDIGREE_GENERATIONS')) ?>"
+ value="<?= Html::escape($WT_TREE->getPreference('MAX_PEDIGREE_GENERATIONS')) ?>"
>
<p class="small text-muted">
<?= /* I18N: Help text for the “Maximum pedigree generations” configuration setting */ I18N::translate('Set the maximum number of generations to display on pedigree charts.') ?>
@@ -1182,7 +1182,7 @@ echo Bootstrap4::breadcrumbs([
maxlength="5"
name="MAX_DESCENDANCY_GENERATIONS"
type="text"
- value="<?= Filter::escapeHtml($WT_TREE->getPreference('MAX_DESCENDANCY_GENERATIONS')) ?>"
+ value="<?= Html::escape($WT_TREE->getPreference('MAX_DESCENDANCY_GENERATIONS')) ?>"
>
<p class="small text-muted">
<?= /* I18N: Help text for the “Maximum descendancy generations” configuration setting */ I18N::translate('Set the maximum number of generations to display on descendancy charts.') ?>
@@ -1249,7 +1249,7 @@ echo Bootstrap4::breadcrumbs([
maxlength="255"
name="CHART_BOX_TAGS"
type="text"
- value="<?= Filter::escapeHtml($WT_TREE->getPreference('CHART_BOX_TAGS')) ?>"
+ value="<?= Html::escape($WT_TREE->getPreference('CHART_BOX_TAGS')) ?>"
>
<div class="input-group-btn">
<a class="btn btn-default" onclick="return findFact('CHART_BOX_TAGS', 'INDI');">
@@ -1450,7 +1450,7 @@ echo Bootstrap4::breadcrumbs([
maxlength="255"
name="GEONAMES_ACCOUNT"
type="text"
- value="<?= Filter::escapeHtml($WT_TREE->getPreference('GEONAMES_ACCOUNT')) ?>"
+ value="<?= Html::escape($WT_TREE->getPreference('GEONAMES_ACCOUNT')) ?>"
>
<p class="small text-muted">
<?= /* I18N: Help text for the “Use GeoNames database for autocomplete on places” configuration setting */ I18N::translate('The website www.geonames.org provides a large database of place names. This can be searched when entering new places. To use this feature, you must register for a free account at www.geonames.org and provide the username.') ?>
diff --git a/admin_trees_download.php b/admin_trees_download.php
index 8980a36134..f3821dd4af 100644
--- a/admin_trees_download.php
+++ b/admin_trees_download.php
@@ -150,11 +150,11 @@ echo Bootstrap4::breadcrumbs([
<!-- GEDCOM_MEDIA_PATH -->
<?php if ($WT_TREE->getPreference('GEDCOM_MEDIA_PATH')): ?>
<label>
- <input type="checkbox" name="conv_path" value="<?= Filter::escapeHtml($WT_TREE->getPreference('GEDCOM_MEDIA_PATH')) ?>">
+ <input type="checkbox" name="conv_path" value="<?= Html::escape($WT_TREE->getPreference('GEDCOM_MEDIA_PATH')) ?>">
<?= /* I18N: A media path (e.g. C:\aaa\bbb\ccc\) in a GEDCOM file */ I18N::translate('Add the GEDCOM media path to filenames') ?>
</label>
<p>
- <?= /* I18N: %s is the name of a folder. */ I18N::translate('Media filenames will be prefixed by %s.', '<code dir="ltr">' . Filter::escapeHtml($WT_TREE->getPreference('GEDCOM_MEDIA_PATH')) . '</code>') ?>
+ <?= /* I18N: %s is the name of a folder. */ I18N::translate('Media filenames will be prefixed by %s.', '<code dir="ltr">' . Html::escape($WT_TREE->getPreference('GEDCOM_MEDIA_PATH')) . '</code>') ?>
</p>
<?php endif ?>
</div>
diff --git a/admin_trees_manage.php b/admin_trees_manage.php
index abe665ced2..323bc2f9b1 100644
--- a/admin_trees_manage.php
+++ b/admin_trees_manage.php
@@ -69,10 +69,10 @@ case 'new_tree':
if (Filter::checkCsrf() && $basename && $tree_title) {
if (Tree::findByName($basename)) {
- FlashMessages::addMessage(/* I18N: %s is the name of a family tree */ I18N::translate('The family tree “%s” already exists.', Filter::escapeHtml($basename)), 'danger');
+ FlashMessages::addMessage(/* I18N: %s is the name of a family tree */ I18N::translate('The family tree “%s” already exists.', Html::escape($basename)), 'danger');
} else {
Tree::create($basename, $tree_title);
- FlashMessages::addMessage(/* I18N: %s is the name of a family tree */ I18N::translate('The family tree “%s” has been created.', Filter::escapeHtml($basename)), 'success');
+ FlashMessages::addMessage(/* I18N: %s is the name of a family tree */ I18N::translate('The family tree “%s” has been created.', Html::escape($basename)), 'success');
}
}
header('Location: admin_trees_manage.php?ged=' . Filter::escapeUrl($basename));
@@ -140,7 +140,7 @@ case 'synchronize':
if ($tree->getPreference('filemtime') != $filemtime) {
$tree->importGedcomFile($gedcom_file, $basename);
$tree->setPreference('filemtime', $filemtime);
- FlashMessages::addMessage(I18N::translate('The GEDCOM file “%s” has been imported.', Filter::escapeHtml($basename)), 'success');
+ FlashMessages::addMessage(I18N::translate('The GEDCOM file “%s” has been imported.', Html::escape($basename)), 'success');
}
}
@@ -192,9 +192,9 @@ case 'importform':
<p>
<?= /* I18N: %s is the name of a family tree */ I18N::translate('This will delete all the genealogy data from “%s” and replace it with data from a GEDCOM file.', $tree->getTitleHtml()) ?>
</p>
- <form class="form form-horizontal" name="gedcomimportform" method="post" enctype="multipart/form-data" onsubmit="return checkGedcomImportForm('<?= Filter::escapeHtml(I18N::translate('You have selected a GEDCOM file with a different name. Is this correct?')) ?>');">
+ <form class="form form-horizontal" name="gedcomimportform" method="post" enctype="multipart/form-data" onsubmit="return checkGedcomImportForm('<?= Html::escape(I18N::translate('You have selected a GEDCOM file with a different name. Is this correct?')) ?>');">
<input type="hidden" name="gedcom_id" value="<?= $tree->getTreeId() ?>">
- <input type="hidden" id="gedcom_filename" value="<?= Filter::escapeHtml($gedcom_filename) ?>">
+ <input type="hidden" id="gedcom_filename" value="<?= Html::escape($gedcom_filename) ?>">
<?= Filter::getCsrf() ?>
<fieldset class="form-group">
@@ -241,11 +241,11 @@ case 'importform':
echo '<option value=""></option>';
sort($files);
foreach ($files as $gedcom_file) {
- echo '<option value="', Filter::escapeHtml($gedcom_file), '" ';
+ echo '<option value="', Html::escape($gedcom_file), '" ';
if ($gedcom_file === $gedcom_filename) {
echo ' selected';
}
- echo'>', Filter::escapeHtml($gedcom_file), '</option>';
+ echo'>', Html::escape($gedcom_file), '</option>';
}
if (empty($files)) {
echo '<option disabled selected>', I18N::translate('No GEDCOM files found.'), '</option>';
@@ -291,7 +291,7 @@ case 'importform':
maxlength="255"
name="GEDCOM_MEDIA_PATH"
type="text"
- value="<?= Filter::escapeHtml($WT_TREE->getPreference('GEDCOM_MEDIA_PATH')) ?>"
+ value="<?= Html::escape($WT_TREE->getPreference('GEDCOM_MEDIA_PATH')) ?>"
>
<p class="small text-muted">
<?= /* I18N: Help text for the “GEDCOM media path” configuration setting. A “path” is something like “C:\Documents\Genealogy\Photos\John_Smith.jpeg” */ I18N::translate('Some genealogy software creates GEDCOM files that contain media filenames with full paths. These paths will not exist on the web-server. To allow webtrees to find the file, the first part of the path must be removed.') ?>
diff --git a/admin_trees_places.php b/admin_trees_places.php
index 0234978dbc..3470e882a2 100644
--- a/admin_trees_places.php
+++ b/admin_trees_places.php
@@ -94,9 +94,9 @@ echo Bootstrap4::breadcrumbs([
<form method="post">
<dl>
<dt><label for="search"><?= I18N::translate('Search for') ?></label></dt>
- <dd><input name="search" id="search" type="text" size="60" value="<?= Filter::escapeHtml($search) ?>" data-autocomplete-type="PLAC" required autofocus></dd>
+ <dd><input name="search" id="search" type="text" size="60" value="<?= Html::escape($search) ?>" data-autocomplete-type="PLAC" required autofocus></dd>
<dt><label for="replace"><?= I18N::translate('Replace with') ?></label></dt>
- <dd><input name="replace" id="replace" type="text" size="60" value="<?= Filter::escapeHtml($replace) ?>" data-autocomplete-type="PLAC" required></dd>
+ <dd><input name="replace" id="replace" type="text" size="60" value="<?= Html::escape($replace) ?>" data-autocomplete-type="PLAC" required></dd>
</dl>
<button type="submit" value="preview"><?= /* I18N: A button label. */ I18N::translate('preview') ?></button>
<button type="submit" value="update" name="confirm"><?= /* I18N: A button label. */ I18N::translate('update') ?></button>
@@ -110,9 +110,9 @@ echo Bootstrap4::breadcrumbs([
<ul>
<?php foreach ($changes as $old_place => $new_place) { ?>
<li>
- <?= Filter::escapeHtml($old_place) ?>
+ <?= Html::escape($old_place) ?>
&rarr;
- <?= Filter::escapeHtml($new_place) ?>
+ <?= Html::escape($new_place) ?>
</li>
<?php } ?>
</ul>
diff --git a/admin_users.php b/admin_users.php
index 5942c2f049..7d47639589 100644
--- a/admin_users.php
+++ b/admin_users.php
@@ -212,13 +212,13 @@ case 'load_json':
$datum[0] = '<div class="btn-group"><button type="button" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" aria-expanded="false"><i class="fa fa-pencil"></i> <span class="caret"></span></button><ul class="dropdown-menu" role="menu"><li><a href="?action=edit&amp;user_id=' . $user_id . '"><i class="fa fa-fw fa-pencil"></i> ' . I18N::translate('Edit') . '</a></li><li class="divider"><li><a href="index_edit.php?user_id=' . $user_id . '"><i class="fa fa-fw fa-th-large"></i> ' . I18N::translate('Change the blocks on this user’s “My page”') . '</a></li>' . $admin_options . '</ul></div>';
// $datum[1] is the user ID
// $datum[3] is the real name
- $datum[3] = '<span dir="auto">' . Filter::escapeHtml($datum[3]) . '</span>';
+ $datum[3] = '<span dir="auto">' . Html::escape($datum[3]) . '</span>';
// $datum[4] is the email address
if ($user_id != Auth::id()) {
- $datum[4] = '<a href="#" onclick="return message(\'' . Filter::escapeHtml($datum[2]) . '\', \'\', \'\');">' . Filter::escapeHtml($datum[4]) . '</i></a>';
+ $datum[4] = '<a href="#" onclick="return message(\'' . Html::escape($datum[2]) . '\', \'\', \'\');">' . Html::escape($datum[4]) . '</i></a>';
}
// $datum[2] is the username
- $datum[2] = '<span dir="auto">' . Filter::escapeHtml($datum[2]) . '</span>';
+ $datum[2] = '<span dir="auto">' . Html::escape($datum[2]) . '</span>';
// $datum[5] is the langauge
if (array_key_exists($datum[5], $installed_languages)) {
$datum[5] = $installed_languages[$datum[5]];
@@ -305,7 +305,7 @@ case 'edit':
<?= I18N::translate('Real name') ?>
</label>
<div class="col-sm-9">
- <input class="form-control" type="text" id="real_name" name="real_name" required maxlength="64" value="<?= Filter::escapeHtml($user->getRealName()) ?>" dir="auto">
+ <input class="form-control" type="text" id="real_name" name="real_name" required maxlength="64" value="<?= Html::escape($user->getRealName()) ?>" dir="auto">
<p class="small text-muted">
<?= I18N::translate('This is your real name, as you would like it displayed on screen.') ?>
</p>
@@ -318,7 +318,7 @@ case 'edit':
<?= I18N::translate('Username') ?>
</label>
<div class="col-sm-9">
- <input class="form-control" type="text" id="username" name="username" required maxlength="32" value="<?= Filter::escapeHtml($user->getUserName()) ?>" dir="auto">
+ <input class="form-control" type="text" id="username" name="username" required maxlength="32" value="<?= Html::escape($user->getUserName()) ?>" dir="auto">
<p class="small text-muted">
<?= I18N::translate('Usernames are case-insensitive and ignore accented letters, so that “chloe”, “chloë”, and “Chloe” are considered to be the same.') ?>
</p>
@@ -354,7 +354,7 @@ case 'edit':
<?= I18N::translate('Email address') ?>
</label>
<div class="col-sm-9">
- <input class="form-control" type="email" id="email" name="email" required maxlength="64" value="<?= Filter::escapeHtml($user->getEmail()) ?>">
+ <input class="form-control" type="email" id="email" name="email" required maxlength="64" value="<?= Html::escape($user->getEmail()) ?>">
<p class="small text-muted">
<?= I18N::translate('This email address will be used to send password reminders, website notifications, and messages from other family members who are registered on the website.') ?>
</p>
@@ -488,7 +488,7 @@ case 'edit':
<?= I18N::translate('Administrator comments on user') ?>
</label>
<div class="col-sm-9">
- <textarea class="form-control" id="comment" name="comment" rows="5" maxlength="255"><?= Filter::escapeHtml($user->getPreference('comment')) ?></textarea>
+ <textarea class="form-control" id="comment" name="comment" rows="5" maxlength="255"><?= Html::escape($user->getPreference('comment')) ?></textarea>
</div>
</div>
@@ -616,12 +616,12 @@ case 'edit':
<td>
<input
data-autocomplete-type="INDI"
- data-autocomplete-ged="<?= Filter::escapeHtml($tree->getName()) ?>"
+ data-autocomplete-ged="<?= Html::escape($tree->getName()) ?>"
type="text"
size="12"
name="gedcomid<?= $tree->getTreeId() ?>"
id="gedcomid<?= $tree->getTreeId() ?>"
- value="<?= Filter::escapeHtml($tree->getUserPreference($user, 'gedcomid')) ?>"
+ value="<?= Html::escape($tree->getUserPreference($user, 'gedcomid')) ?>"
>
</td>
<td>
@@ -693,7 +693,7 @@ case 'cleanup':
<tr>
<td>
<a href="?action=edit&amp;user_id=<?= $user->getUserId() ?>">
- <?= Filter::escapeHtml($user->getUserName()) ?>
+ <?= Html::escape($user->getUserName()) ?>
<?= $user->getRealNameHtml() ?>
</a>
@@ -717,7 +717,7 @@ case 'cleanup':
<tr>
<td>
<a href="?action=edit&amp;user_id=<?= $user->getUserId() ?>">
- <?= Filter::escapeHtml($user->getUserName()) ?>
+ <?= Html::escape($user->getUserName()) ?>
<?= $user->getRealNameHtml() ?>
</a>
@@ -741,7 +741,7 @@ case 'cleanup':
<tr>
<td>
<a href="?action=edit&amp;user_id=<?= $user->getUserId() ?>">
- <?= Filter::escapeHtml($user->getUserName()) ?>
+ <?= Html::escape($user->getUserName()) ?>
<?= $user->getRealNameHtml() ?>
</a>
@@ -774,7 +774,7 @@ case 'cleanup2':
if (Filter::post('del_' . $user->getUserId()) == '1') {
Log::addAuthenticationLog('Deleted user: ' . $user->getUserName());
$user->delete();
- I18N::translate('The user %s has been deleted.', Filter::escapeHtml($user->getUserName()));
+ I18N::translate('The user %s has been deleted.', Html::escape($user->getUserName()));
}
}
diff --git a/app/Bootstrap4.php b/app/Bootstrap4.php
index 4e101a1fcc..1f17843033 100644
--- a/app/Bootstrap4.php
+++ b/app/Bootstrap4.php
@@ -81,7 +81,7 @@ class Bootstrap4 extends Html {
return
'<div class="' . $class . '">' .
'<label class="form-check-label">' .
- '<input ' . $input_attributes . '> ' . Filter::escapeHtml($label) .
+ '<input ' . $input_attributes . '> ' . Html::escape($label) .
'</label>' .
'</div>';
}
@@ -122,7 +122,7 @@ class Bootstrap4 extends Html {
$html .=
'<div class="' . $class . '">' .
'<label class="form-check-label">' .
- '<input ' . $input_attributes . '> ' . Filter::escapeHtml($label) .
+ '<input ' . $input_attributes . '> ' . Html::escape($label) .
'</label>' .
'</div>';
}
@@ -147,7 +147,7 @@ class Bootstrap4 extends Html {
'selected' => (string) $value === (string) $selected,
]);
- $html .= '<option ' . $option_attributes . '>' . Filter::escapeHtml($option) . '</option>';
+ $html .= '<option ' . $option_attributes . '>' . Html::escape($option) . '</option>';
}
if (empty($attributes['class'])) {
@@ -178,7 +178,7 @@ class Bootstrap4 extends Html {
'selected' => in_array((string) $value, $selected),
]);
- $html .= '<option ' . $option_attributes . '>' . Filter::escapeHtml($option) . '</option>';
+ $html .= '<option ' . $option_attributes . '>' . Html::escape($option) . '</option>';
}
if (empty($attributes['class'])) {
diff --git a/app/Controller/BranchesController.php b/app/Controller/BranchesController.php
index 42f95e5be3..65863959a7 100644
--- a/app/Controller/BranchesController.php
+++ b/app/Controller/BranchesController.php
@@ -20,6 +20,7 @@ use Fisharebest\Webtrees\Database;
use Fisharebest\Webtrees\Family;
use Fisharebest\Webtrees\Filter;
use Fisharebest\Webtrees\GedcomCode\GedcomCodePedi;
+use Fisharebest\Webtrees\Html;
use Fisharebest\Webtrees\I18N;
use Fisharebest\Webtrees\Individual;
use Fisharebest\Webtrees\Soundex;
@@ -55,7 +56,7 @@ class BranchesController extends PageController {
if ($this->surname !== '') {
$this->setPageTitle(/* I18N: %s is a surname */
- I18N::translate('Branches of the %s family', Filter::escapeHtml($this->surname)));
+ I18N::translate('Branches of the %s family', Html::escape($this->surname)));
$this->loadIndividuals();
$self = Individual::getInstance($this->tree()->getUserPreference(Auth::user(), 'gedcomid'), $this->tree());
if ($self) {
diff --git a/app/Controller/FamilyBookController.php b/app/Controller/FamilyBookController.php
index 4f205987b1..bf50bced2b 100644
--- a/app/Controller/FamilyBookController.php
+++ b/app/Controller/FamilyBookController.php
@@ -269,7 +269,7 @@ class FamilyBookController extends ChartController {
if ($genoffset > $count) {
echo '<table cellspacing="0" cellpadding="0" border="0" >';
for ($i = 1; $i < (pow(2, ($genoffset) - $count) / 2); $i++) {
- $this->printEmptyBox($this->getBoxDimensions()->width, $this->getBoxDimensions()->height);
+ $this->printEmptyBox();
echo '</tr>';
}
echo '</table>';
diff --git a/app/Controller/IndividualController.php b/app/Controller/IndividualController.php
index dc45e2aabe..7bb255acc5 100644
--- a/app/Controller/IndividualController.php
+++ b/app/Controller/IndividualController.php
@@ -24,6 +24,7 @@ use Fisharebest\Webtrees\Functions\FunctionsPrint;
use Fisharebest\Webtrees\Functions\FunctionsPrintFacts;
use Fisharebest\Webtrees\GedcomCode\GedcomCodeName;
use Fisharebest\Webtrees\GedcomTag;
+use Fisharebest\Webtrees\Html;
use Fisharebest\Webtrees\I18N;
use Fisharebest\Webtrees\Individual;
use Fisharebest\Webtrees\Menu;
@@ -159,7 +160,7 @@ class IndividualController extends GedcomRecordController {
echo '<dt class="label">', GedcomTag::getLabel($tag, $this->record), '</dt>';
echo '<dd class="field">'; // Before using dir="auto" on this field, note that Gecko treats this as an inline element but WebKit treats it as a block element
if (isset($nmatch[$i][2])) {
- $name = Filter::escapeHtml($nmatch[$i][2]);
+ $name = Html::escape($nmatch[$i][2]);
$name = str_replace('/', '', $name);
$name = preg_replace('/(\S*)\*/', '<span class="starredname">\\1</span>', $name);
switch ($tag) {
@@ -169,7 +170,7 @@ class IndividualController extends GedcomRecordController {
case 'SURN':
// The SURN field is not necessarily the surname.
// Where it is not a substring of the real surname, show it after the real surname.
- $surname = Filter::escapeHtml($dummy->getAllNames()[0]['surname']);
+ $surname = Html::escape($dummy->getAllNames()[0]['surname']);
if (strpos($dummy->getAllNames()[0]['surname'], str_replace(',', ' ', $nmatch[$i][2])) !== false) {
echo '<span dir="auto">' . $surname . '</span>';
} else {
diff --git a/app/Controller/IndividualListController.php b/app/Controller/IndividualListController.php
index 854aba88aa..8510107ad0 100644
--- a/app/Controller/IndividualListController.php
+++ b/app/Controller/IndividualListController.php
@@ -18,6 +18,7 @@ namespace Fisharebest\Webtrees\Controller;
use Fisharebest\Webtrees\Database;
use Fisharebest\Webtrees\Family;
use Fisharebest\Webtrees\Filter;
+use Fisharebest\Webtrees\Html;
use Fisharebest\Webtrees\I18N;
use Fisharebest\Webtrees\Individual;
@@ -541,7 +542,7 @@ class IndividualListController extends PageController {
return I18N::translateContext('Unknown given name', '…');
break;
default:
- return Filter::escapeHtml($initial);
+ return Html::escape($initial);
break;
}
}
@@ -562,7 +563,7 @@ class IndividualListController extends PageController {
return I18N::translate('None');
break;
default:
- return Filter::escapeHtml($initial);
+ return Html::escape($initial);
break;
}
}
diff --git a/app/Controller/TimelineController.php b/app/Controller/TimelineController.php
index 11f5134a26..8251965429 100644
--- a/app/Controller/TimelineController.php
+++ b/app/Controller/TimelineController.php
@@ -22,6 +22,7 @@ use Fisharebest\Webtrees\Family;
use Fisharebest\Webtrees\Filter;
use Fisharebest\Webtrees\Functions\FunctionsDate;
use Fisharebest\Webtrees\Functions\FunctionsPrint;
+use Fisharebest\Webtrees\Html;
use Fisharebest\Webtrees\I18N;
use Fisharebest\Webtrees\Individual;
use Fisharebest\Webtrees\Theme;
@@ -232,7 +233,7 @@ class TimelineController extends PageController {
echo '<span class="age"> ', I18N::translate('Age'), ' ', $ageh, '</span>';
}
}
- echo ' ' . Filter::escapeHtml($desc);
+ echo ' ' . Html::escape($desc);
if (!$event->getPlace()->isEmpty()) {
echo ' — ' . $event->getPlace()->getShortName();
}
diff --git a/app/Database.php b/app/Database.php
index 2bec6df3b0..abb2585bcc 100644
--- a/app/Database.php
+++ b/app/Database.php
@@ -146,7 +146,7 @@ class Database {
unset($trace[$n]);
}
}
- $stack = '<abbr title="' . Filter::escapeHtml(implode(' / ', $trace)) . '">' . (count(self::$log) + 1) . '</abbr>';
+ $stack = '<abbr title="' . Html::escape(implode(' / ', $trace)) . '">' . (count(self::$log) + 1) . '</abbr>';
// Bind variables
foreach ($bind_variables as $key => $value) {
if (is_null($value)) {
diff --git a/app/Fact.php b/app/Fact.php
index 5839520201..68f406323a 100644
--- a/app/Fact.php
+++ b/app/Fact.php
@@ -266,7 +266,7 @@ class Fact {
case 'FACT':
if ($this->getAttribute('TYPE') !== '') {
// Custom FACT/EVEN - with a TYPE
- return I18N::translate(Filter::escapeHtml($this->getAttribute('TYPE')));
+ return I18N::translate(Html::escape($this->getAttribute('TYPE')));
}
// no break - drop into next case
default:
@@ -383,7 +383,7 @@ class Fact {
// Fact value
$value = $this->getValue();
if ($value !== '' && $value !== 'Y') {
- $attributes[] = '<span dir="auto">' . Filter::escapeHtml($value) . '</span>';
+ $attributes[] = '<span dir="auto">' . Html::escape($value) . '</span>';
}
// Fact date
$date = $this->getDate();
diff --git a/app/Filter.php b/app/Filter.php
index b4491cf7a8..152a7b3627 100644
--- a/app/Filter.php
+++ b/app/Filter.php
@@ -38,12 +38,7 @@ class Filter {
* @return string
*/
public static function escapeHtml($string) {
- if (defined('ENT_SUBSTITUTE')) {
- // PHP5.4 allows us to substitute invalid UTF8 sequences
- return htmlspecialchars($string, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
- } else {
- return htmlspecialchars($string, ENT_QUOTES, 'UTF-8');
- }
+ return htmlspecialchars($string, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
}
/**
diff --git a/app/FontAwesome.php b/app/FontAwesome.php
index dc14073fba..61178f11aa 100644
--- a/app/FontAwesome.php
+++ b/app/FontAwesome.php
@@ -38,6 +38,7 @@ class FontAwesome extends Html {
'keyboard' => 'fa fa-keyboard-o wt-icon-keyboard',
'pin' => 'fa fa-thumb-tack wt-icon-pin',
'preferences' => 'fa fa-wrench wt-icon-preferences',
+ 'search' => 'fa fa-search wt-icon-search',
'save' => 'fa fa-check wt-icon-save',
'warning' => 'fa fa-warning wt-icon-warning',
// Arrows (start/end variants require fontawesome-rtl library)
diff --git a/app/Functions/FunctionsEdit.php b/app/Functions/FunctionsEdit.php
index caf8981d17..35d62203fd 100644
--- a/app/Functions/FunctionsEdit.php
+++ b/app/Functions/FunctionsEdit.php
@@ -41,6 +41,7 @@ use Fisharebest\Webtrees\GedcomCode\GedcomCodeStat;
use Fisharebest\Webtrees\GedcomCode\GedcomCodeTemp;
use Fisharebest\Webtrees\GedcomRecord;
use Fisharebest\Webtrees\GedcomTag;
+use Fisharebest\Webtrees\Html;
use Fisharebest\Webtrees\I18N;
use Fisharebest\Webtrees\Individual;
use Fisharebest\Webtrees\Media;
@@ -683,11 +684,11 @@ class FunctionsEdit {
}
}
} elseif ($fact === 'NPFX' || $fact === 'NSFX' || $fact === 'SPFX' || $fact === 'NICK') {
- echo '<input class="form-control" type="text" id="', $id, '" name="', $name, '" value="', Filter::escapeHtml($value), '" oninput="updatewholename()">';
+ echo '<input class="form-control" type="text" id="', $id, '" name="', $name, '" value="', Html::escape($value), '" oninput="updatewholename()">';
} elseif ($fact === 'GIVN') {
- echo '<input class="form-control" type="text" id="', $id, '" name="', $name, '" value="', Filter::escapeHtml($value), '" data-autocomplete-type="GIVN" oninput="updatewholename()" autofocus>';
+ echo '<input class="form-control" type="text" id="', $id, '" name="', $name, '" value="', Html::escape($value), '" data-autocomplete-type="GIVN" oninput="updatewholename()" autofocus>';
} elseif ($fact === 'SURN' || $fact === '_MARNM_SURN') {
- echo '<input class="form-control" type="text" id="', $id, '" name="', $name, '" value="', Filter::escapeHtml($value), '" data-autocomplete-type="SURN" oninput="updatewholename()">';
+ echo '<input class="form-control" type="text" id="', $id, '" name="', $name, '" value="', Html::escape($value), '" data-autocomplete-type="SURN" oninput="updatewholename()">';
} elseif ($fact === 'ADOP') {
echo Bootstrap4::select(GedcomCodeAdop::getValues($person), $value, ['id' => $id, 'name' => $name]);
} elseif ($fact === 'ALIA') {
@@ -705,7 +706,7 @@ class FunctionsEdit {
}
} elseif ($fact === 'DATE') {
echo '<div class="input-group">';
- echo '<input class="form-control" type="text" id="', $id, '" name="', $name, '" value="', Filter::escapeHtml($value), '" oninput="valid_date(this)">';
+ echo '<input class="form-control" type="text" id="', $id, '" name="', $name, '" value="', Html::escape($value), '" oninput="valid_date(this)">';
echo self::inputAddonCalendar($id);
echo self::inputAddonHelp('DATE');
echo '</div>';
@@ -718,9 +719,9 @@ class FunctionsEdit {
self::formControlFamily(Family::getInstance($value, $WT_TREE), ['id' => $id, 'name' => $name]) .
'</div>';
} elseif ($fact === 'LATI') {
- echo '<input class="form-control" type="text" id="', $id, '" name="', $name, '" value="', Filter::escapeHtml($value), '" oninput="valid_lati_long(this, \'N\', \'S\')">';
+ echo '<input class="form-control" type="text" id="', $id, '" name="', $name, '" value="', Html::escape($value), '" oninput="valid_lati_long(this, \'N\', \'S\')">';
} elseif ($fact === 'LONG') {
- echo '<input class="form-control" type="text" id="', $id, '" name="', $name, '" value="', Filter::escapeHtml($value), '" oninput="valid_lati_long(this, \'E\', \'W\')">';
+ echo '<input class="form-control" type="text" id="', $id, '" name="', $name, '" value="', Html::escape($value), '" oninput="valid_lati_long(this, \'E\', \'W\')">';
} elseif ($fact === 'NOTE' && $islink) {
echo
'<div class="input-group">' .
@@ -734,7 +735,7 @@ class FunctionsEdit {
self::formControlMediaObject(Media::getInstance($value, $WT_TREE), ['id' => $id, 'name' => $name]) .
'</div>';
} elseif ($fact === 'PAGE') {
- echo '<input class="form-control" type="text" id="', $id, '" name="', $name, '" value="', Filter::escapeHtml($value), '" data-autocomplete-type="PAGE" data-autocomplete-extra="#' . $previous_ids['SOUR'] . '">';
+ echo '<input class="form-control" type="text" id="', $id, '" name="', $name, '" value="', Html::escape($value), '" data-autocomplete-type="PAGE" data-autocomplete-extra="#' . $previous_ids['SOUR'] . '">';
} elseif ($fact === 'PEDI') {
echo Bootstrap4::select(GedcomCodePedi::getValues($person), $value, ['id' => $id, 'name' => $name]);
} elseif ($fact === 'PLAC') {
@@ -781,7 +782,7 @@ class FunctionsEdit {
} elseif ($fact === 'TEMP') {
echo Bootstrap4::select(FunctionsEdit::optionsTemples(), $value, ['id' => $id, 'name' => $name]);
} elseif ($fact === 'TIME') {
- echo '<input class="form-control" type="text" id="', $id, '" name="', $name, '" value="', Filter::escapeHtml($value), '" pattern="([0-1][0-9]|2[0-3]):[0-5][0-9](:[0-5][0-9])?" dir="ltr" placeholder="' . /* I18N: Examples of valid time formats (hours:minutes:seconds) */ I18N::translate('hh:mm or hh:mm:ss') . '">';
+ echo '<input class="form-control" type="text" id="', $id, '" name="', $name, '" value="', Html::escape($value), '" pattern="([0-1][0-9]|2[0-3]):[0-5][0-9](:[0-5][0-9])?" dir="ltr" placeholder="' . /* I18N: Examples of valid time formats (hours:minutes:seconds) */ I18N::translate('hh:mm or hh:mm:ss') . '">';
} elseif ($fact === '_WT_USER') {
echo Bootstrap4::select(FunctionsEdit::optionsUsers(), $value, ['id' => $id, 'name' => $name]);
} elseif ($fact === '_PRIM') {
@@ -792,7 +793,7 @@ class FunctionsEdit {
echo '<select name="text[]"><option selected value="" ></option>';
$selectedValue = strtolower($value);
if (!array_key_exists($selectedValue, GedcomTag::getFileFormTypes())) {
- echo '<option selected value="', Filter::escapeHtml($value), '" >', Filter::escapeHtml($value), '</option>';
+ echo '<option selected value="', Html::escape($value), '" >', Html::escape($value), '</option>';
}
foreach (GedcomTag::getFileFormTypes() as $typeName => $typeValue) {
echo '<option value="', $typeName, '" ';
@@ -805,17 +806,17 @@ class FunctionsEdit {
} elseif (($fact !== 'NAME' || $upperlevel === 'REPO' || $upperlevel === 'UNKNOWN') && $fact !== '_MARNM') {
if ($fact === 'TEXT' || $fact === 'ADDR' || ($fact === 'NOTE' && !$islink)) {
echo '<div class="input-group">';
- echo '<textarea class="form-control" id="', $id, '" name="', $name, '" dir="auto">', Filter::escapeHtml($value), '</textarea>';
+ echo '<textarea class="form-control" id="', $id, '" name="', $name, '" dir="auto">', Html::escape($value), '</textarea>';
echo self::inputAddonKeyboard($id);
echo '</div>';
} else {
// If using GEDFact-assistant window
- echo '<input class="form-control" type="text" id="', $id, '" name="', $name, '" value="', Filter::escapeHtml($value), '">';
+ echo '<input class="form-control" type="text" id="', $id, '" name="', $name, '" value="', Html::escape($value), '">';
}
} else {
// Populated in javascript from sub-tags
- echo '<input type="hidden" id="', $id, '" name="', $name, '" oninput="updateTextName(\'', $id, '\')" value="', Filter::escapeHtml($value), '" class="', $fact, '">';
- echo '<span id="', $id, '_display" dir="auto">', Filter::escapeHtml($value), '</span>';
+ echo '<input type="hidden" id="', $id, '" name="', $name, '" oninput="updateTextName(\'', $id, '\')" value="', Html::escape($value), '" class="', $fact, '">';
+ echo '<span id="', $id, '_display" dir="auto">', Html::escape($value), '</span>';
echo ' <a href="#edit_name" onclick="convertHidden(\'', $id, '\'); return false" class="icon-edit_indi" title="' . I18N::translate('Edit the name') . '"></a>';
}
// MARRiage TYPE : hide text field and show a selection list
diff --git a/app/Functions/FunctionsPrint.php b/app/Functions/FunctionsPrint.php
index edde1f7b2c..c66324a55e 100644
--- a/app/Functions/FunctionsPrint.php
+++ b/app/Functions/FunctionsPrint.php
@@ -26,6 +26,7 @@ use Fisharebest\Webtrees\GedcomCode\GedcomCodeStat;
use Fisharebest\Webtrees\GedcomCode\GedcomCodeTemp;
use Fisharebest\Webtrees\GedcomRecord;
use Fisharebest\Webtrees\GedcomTag;
+use Fisharebest\Webtrees\Html;
use Fisharebest\Webtrees\I18N;
use Fisharebest\Webtrees\Individual;
use Fisharebest\Webtrees\Module;
@@ -517,7 +518,7 @@ class FunctionsPrint {
echo '<td class="optionbox wrap"><form name="newFromClipboard" onsubmit="return false;">';
echo '<select id="newClipboardFact">';
}
- echo '<option value="', Filter::escapeHtml($fact_id), '">', GedcomTag::getLabel($fact['fact']);
+ echo '<option value="', Html::escape($fact_id), '">', GedcomTag::getLabel($fact['fact']);
// TODO use the event class to store/parse the clipboard events
if (preg_match('/^2 DATE (.+)/m', $fact['factrec'], $match)) {
$tmp = new Date($match[1]);
diff --git a/app/Functions/FunctionsPrintFacts.php b/app/Functions/FunctionsPrintFacts.php
index 4e758149d7..e4932a37e5 100644
--- a/app/Functions/FunctionsPrintFacts.php
+++ b/app/Functions/FunctionsPrintFacts.php
@@ -26,6 +26,7 @@ use Fisharebest\Webtrees\GedcomCode\GedcomCodeQuay;
use Fisharebest\Webtrees\GedcomCode\GedcomCodeRela;
use Fisharebest\Webtrees\GedcomRecord;
use Fisharebest\Webtrees\GedcomTag;
+use Fisharebest\Webtrees\Html;
use Fisharebest\Webtrees\I18N;
use Fisharebest\Webtrees\Individual;
use Fisharebest\Webtrees\Media;
@@ -140,7 +141,7 @@ class FunctionsPrintFacts {
$type = ''; // Do not print this again
} elseif ($type) {
// We don't have a translation for $type - but a custom translation might exist.
- $label = I18N::translate(Filter::escapeHtml($type));
+ $label = I18N::translate(Html::escape($type));
$type = ''; // Do not print this again
} else {
// An unspecified fact/event
@@ -221,7 +222,7 @@ class FunctionsPrintFacts {
echo $fact->getValue();
break;
case 'AFN':
- echo '<div class="field"><a href="https://familysearch.org/search/tree/results#count=20&query=afn:', Filter::escapeUrl($fact->getValue()), '">', Filter::escapeHtml($fact->getValue()), '</a></div>';
+ echo '<div class="field"><a href="https://familysearch.org/search/tree/results#count=20&query=afn:', Filter::escapeUrl($fact->getValue()), '">', Html::escape($fact->getValue()), '</a></div>';
break;
case 'ASSO':
// we handle this later, in format_asso_rela_record()
@@ -229,11 +230,11 @@ class FunctionsPrintFacts {
case 'EMAIL':
case 'EMAI':
case '_EMAIL':
- echo '<div class="field"><a href="mailto:', Filter::escapeHtml($fact->getValue()), '">', Filter::escapeHtml($fact->getValue()), '</a></div>';
+ echo '<div class="field"><a href="mailto:', Html::escape($fact->getValue()), '">', Html::escape($fact->getValue()), '</a></div>';
break;
case 'FILE':
if (Auth::isEditor($fact->getParent()->getTree())) {
- echo '<div class="field">', Filter::escapeHtml($fact->getValue());
+ echo '<div class="field">', Html::escape($fact->getValue());
if ($fact->getParent()->fileExists('main') && $fact->getParent()->getTree()->getPreference('SHOW_MEDIA_DOWNLOAD') >= Auth::accessLevel($fact->getParent()->getTree())) {
echo ' — <a href="' . $fact->getParent()->getHtmlUrlDirect('main', true) . '">' . I18N::translate('Download file') . '</a>';
@@ -274,7 +275,7 @@ class FunctionsPrintFacts {
echo '<i class="icon-locked-none"></i> ', I18N::translate('Only managers can edit');
break;
default:
- echo Filter::escapeHtml($fact->getValue());
+ echo Html::escape($fact->getValue());
break;
}
echo '</div>';
@@ -286,16 +287,16 @@ class FunctionsPrintFacts {
if (preg_match('/^@(' . WT_REGEX_XREF . ')@$/', $fact->getValue(), $match)) {
self::printRepositoryRecord($match[1]);
} else {
- echo '<div class="error">', Filter::escapeHtml($fact->getValue()), '</div>';
+ echo '<div class="error">', Html::escape($fact->getValue()), '</div>';
}
break;
case 'URL':
case '_URL':
case 'WWW':
- echo '<div class="field"><a href="', Filter::escapeHtml($fact->getValue()), '">', Filter::escapeHtml($fact->getValue()), '</a></div>';
+ echo '<div class="field"><a href="', Html::escape($fact->getValue()), '">', Html::escape($fact->getValue()), '</a></div>';
break;
case 'TEXT': // 0 SOUR / 1 TEXT
- echo '<div class="field">', nl2br(Filter::escapeHtml($fact->getValue()), false), '</div>';
+ echo '<div class="field">', nl2br(Html::escape($fact->getValue()), false), '</div>';
break;
default:
// Display the value for all other facts/events
@@ -316,10 +317,10 @@ class FunctionsPrintFacts {
if ($target) {
echo '<div><a href="', $target->getHtmlUrl(), '">', $target->getFullName(), '</a></div>';
} else {
- echo '<div class="error">', Filter::escapeHtml($fact->getValue()), '</div>';
+ echo '<div class="error">', Html::escape($fact->getValue()), '</div>';
}
} else {
- echo '<div class="field"><span dir="auto">', Filter::escapeHtml($fact->getValue()), '</span></div>';
+ echo '<div class="field"><span dir="auto">', Html::escape($fact->getValue()), '</span></div>';
}
break;
}
@@ -337,7 +338,7 @@ class FunctionsPrintFacts {
// Allow (custom) translations for other types
$type = I18N::translate($type);
}
- echo GedcomTag::getLabelValue('TYPE', Filter::escapeHtml($type));
+ echo GedcomTag::getLabelValue('TYPE', Html::escape($type));
}
// Print the date of this fact/event
@@ -423,7 +424,7 @@ class FunctionsPrintFacts {
if ($user) {
echo GedcomTag::getLabelValue('_WT_USER', $user->getRealNameHtml());
} else {
- echo GedcomTag::getLabelValue('_WT_USER', Filter::escapeHtml($match[2]));
+ echo GedcomTag::getLabelValue('_WT_USER', Html::escape($match[2]));
}
break;
case 'RESN':
@@ -443,7 +444,7 @@ class FunctionsPrintFacts {
echo GedcomTag::getLabelValue('RESN', '<i class="icon-resn-locked"></i> ' . I18N::translate('Only managers can edit'));
break;
default:
- echo GedcomTag::getLabelValue('RESN', Filter::escapeHtml($match[2]));
+ echo GedcomTag::getLabelValue('RESN', Html::escape($match[2]));
break;
}
break;
@@ -459,7 +460,7 @@ class FunctionsPrintFacts {
case 'URL':
case '_URL':
case 'WWW':
- $link = '<a href="' . Filter::escapeHtml($match[2]) . '">' . Filter::escapeHtml($match[2]) . '</a>';
+ $link = '<a href="' . Html::escape($match[2]) . '">' . Html::escape($match[2]) . '</a>';
echo GedcomTag::getLabelValue($fact->getTag() . ':' . $match[1], $link);
break;
default:
@@ -471,11 +472,11 @@ class FunctionsPrintFacts {
$link = '<a href="' . $linked_record->getHtmlUrl() . '">' . $linked_record->getFullName() . '</a>';
echo GedcomTag::getLabelValue($fact->getTag() . ':' . $match[1], $link);
} else {
- echo GedcomTag::getLabelValue($fact->getTag() . ':' . $match[1], Filter::escapeHtml($match[2]));
+ echo GedcomTag::getLabelValue($fact->getTag() . ':' . $match[1], Html::escape($match[2]));
}
} else {
// Non links
- echo GedcomTag::getLabelValue($fact->getTag() . ':' . $match[1], Filter::escapeHtml($match[2]));
+ echo GedcomTag::getLabelValue($fact->getTag() . ':' . $match[1], Html::escape($match[2]));
}
}
break;
@@ -596,7 +597,7 @@ class FunctionsPrintFacts {
$ct = preg_match_all('/' . $level . ' SOUR (.*)((?:\n\d CONT.*)*)/', $factrec, $match, PREG_SET_ORDER);
for ($j = 0; $j < $ct; $j++) {
if (strpos($match[$j][1], '@') === false) {
- $source = Filter::escapeHtml($match[$j][1] . preg_replace('/\n\d CONT ?/', "\n", $match[$j][2]));
+ $source = Html::escape($match[$j][1] . preg_replace('/\n\d CONT ?/', "\n", $match[$j][2]));
$data .= '<div class="fact_SOUR"><span class="label">' . I18N::translate('Source') . ':</span> <span class="field" dir="auto">' . Filter::formatText($source, $WT_TREE) . '</span></div>';
}
}
@@ -889,9 +890,9 @@ class FunctionsPrintFacts {
}
if ($textSOUR['EVEN']) {
- $html .= GedcomTag::getLabelValue('EVEN', Filter::escapeHtml($textSOUR['EVEN']));
+ $html .= GedcomTag::getLabelValue('EVEN', Html::escape($textSOUR['EVEN']));
if ($textSOUR['ROLE']) {
- $html .= GedcomTag::getLabelValue('ROLE', Filter::escapeHtml($textSOUR['ROLE']));
+ $html .= GedcomTag::getLabelValue('ROLE', Html::escape($textSOUR['ROLE']));
}
}
diff --git a/app/Functions/FunctionsPrintLists.php b/app/Functions/FunctionsPrintLists.php
index baf25fa8dd..be35c09a6c 100644
--- a/app/Functions/FunctionsPrintLists.php
+++ b/app/Functions/FunctionsPrintLists.php
@@ -324,7 +324,7 @@ class FunctionsPrintLists {
// Extract Given names and Surnames for sorting
list($surn_givn, $givn_surn) = self::sortableNames($individual);
- $html .= '<td colspan="2" data-sort="' . Filter::escapeHtml($givn_surn) . '">';
+ $html .= '<td colspan="2" data-sort="' . Html::escape($givn_surn) . '">';
foreach ($individual->getAllNames() as $num => $name) {
if ($name['type'] == 'NAME') {
$title = '';
@@ -344,7 +344,7 @@ class FunctionsPrintLists {
$html .= '</td>';
// Hidden column for sortable name
- $html .= '<td hidden data-sort="' . Filter::escapeHtml($surn_givn) . '"></td>';
+ $html .= '<td hidden data-sort="' . Html::escape($surn_givn) . '"></td>';
// SOSA
$html .= '<td class="center" data-sort="' . $key . '">';
@@ -759,7 +759,7 @@ class FunctionsPrintLists {
// Extract Given names and Surnames for sorting
list($surn_givn, $givn_surn) = self::sortableNames($husb);
- $html .= '<td colspan="2" data-sort="' . Filter::escapeHtml($givn_surn) . '">';
+ $html .= '<td colspan="2" data-sort="' . Html::escape($givn_surn) . '">';
foreach ($husb->getAllNames() as $num => $name) {
if ($name['type'] == 'NAME') {
$title = '';
@@ -783,7 +783,7 @@ class FunctionsPrintLists {
$html .= '</td>';
// Hidden column for sortable name
- $html .= '<td hidden data-sort="' . Filter::escapeHtml($surn_givn) . '"></td>';
+ $html .= '<td hidden data-sort="' . Html::escape($surn_givn) . '"></td>';
// Husband age
$mdate = $family->getMarriageDate();
@@ -802,7 +802,7 @@ class FunctionsPrintLists {
// Wife name(s)
// Extract Given names and Surnames for sorting
list($surn_givn, $givn_surn) = self::sortableNames($wife);
- $html .= '<td colspan="2" data-sort="' . Filter::escapeHtml($givn_surn) . '">';
+ $html .= '<td colspan="2" data-sort="' . Html::escape($givn_surn) . '">';
foreach ($wife->getAllNames() as $num => $name) {
if ($name['type'] == 'NAME') {
$title = '';
@@ -826,7 +826,7 @@ class FunctionsPrintLists {
$html .= '</td>';
// Hidden column for sortable name
- $html .= '<td hidden data-sort="' . Filter::escapeHtml($surn_givn) . '"></td>';
+ $html .= '<td hidden data-sort="' . Html::escape($surn_givn) . '"></td>';
// Wife age
$mdate = $family->getMarriageDate();
@@ -1008,7 +1008,7 @@ class FunctionsPrintLists {
}
$html .= '<tr' . $class . '>';
// Source name(s)
- $html .= '<td data-sort="' . Filter::escapeHtml($source->getSortName()) . '">';
+ $html .= '<td data-sort="' . Html::escape($source->getSortName()) . '">';
foreach ($source->getAllNames() as $n => $name) {
if ($n) {
$html .= '<br>';
@@ -1027,7 +1027,7 @@ class FunctionsPrintLists {
} else {
$author = '';
}
- $html .= '<td data-sort="' . Filter::escapeHtml($author) . '">' . $author . '</td>';
+ $html .= '<td data-sort="' . Html::escape($author) . '">' . $author . '</td>';
$key = $source->getXref() . '@' . $source->getTree()->getTreeId();
// Count of linked individuals
$num = array_key_exists($key, $count_individuals) ? $count_individuals[$key] : 0;
@@ -1101,7 +1101,7 @@ class FunctionsPrintLists {
}
$html .= '<tr' . $class . '>';
// Count of linked notes
- $html .= '<td data-sort="' . Filter::escapeHtml($note->getSortName()) . '"><a class="name2" href="' . $note->getHtmlUrl() . '">' . $note->getFullName() . '</a></td>';
+ $html .= '<td data-sort="' . Html::escape($note->getSortName()) . '"><a class="name2" href="' . $note->getHtmlUrl() . '">' . $note->getFullName() . '</a></td>';
$key = $note->getXref() . '@' . $note->getTree()->getTreeId();
// Count of linked individuals
$num = array_key_exists($key, $count_individuals) ? $count_individuals[$key] : 0;
@@ -1162,7 +1162,7 @@ class FunctionsPrintLists {
}
$html .= '<tr' . $class . '>';
// Repository name(s)
- $html .= '<td data-sort="' . Filter::escapeHtml($repository->getSortName()) . '">';
+ $html .= '<td data-sort="' . Html::escape($repository->getSortName()) . '">';
foreach ($repository->getAllNames() as $n => $name) {
if ($n) {
$html .= '<br>';
@@ -1246,7 +1246,7 @@ class FunctionsPrintLists {
// Media object thumbnail
$html .= '<td>' . $media_object->displayImage(100, 100, 'contain', []) . '</td>';
// Media object name(s)
- $html .= '<td data-sort="' . Filter::escapeHtml($media_object->getSortName()) . '">';
+ $html .= '<td data-sort="' . Html::escape($media_object->getSortName()) . '">';
$html .= '<a href="' . $media_object->getHtmlUrl() . '" class="list_item name2">' . $name . '</a>';
if (Auth::isEditor($media_object->getTree())) {
$html .= '<br><a href="' . $media_object->getHtmlUrl() . '">' . basename($media_object->getFilename()) . '</a>';
@@ -1308,14 +1308,14 @@ class FunctionsPrintLists {
}
$html .= '<tr>';
// Surname
- $html .= '<td data-sort="' . Filter::escapeHtml($surn) . '">';
+ $html .= '<td data-sort="' . Html::escape($surn) . '">';
// Multiple surname variants, e.g. von Groot, van Groot, van der Groot, etc.
foreach ($surns as $spfxsurn => $indis) {
if ($spfxsurn) {
- $html .= '<a href="' . $url . '" dir="auto">' . Filter::escapeHtml($spfxsurn) . '</a><br>';
+ $html .= '<a href="' . $url . '" dir="auto">' . Html::escape($spfxsurn) . '</a><br>';
} else {
// No surname, but a value from "2 SURN"? A common workaround for toponyms, etc.
- $html .= '<a href="' . $url . '" dir="auto">' . Filter::escapeHtml($surn) . '</a><br>';
+ $html .= '<a href="' . $url . '" dir="auto">' . Html::escape($surn) . '</a><br>';
}
}
$html .= '</td>';
@@ -1415,7 +1415,7 @@ class FunctionsPrintLists {
$first_spfxsurn = $spfxsurn;
}
}
- $subhtml = '<a href="' . $url . '" dir="auto">' . Filter::escapeHtml(implode(I18N::$list_separator, array_keys($surns))) . '</a>';
+ $subhtml = '<a href="' . $url . '" dir="auto">' . Html::escape(implode(I18N::$list_separator, array_keys($surns))) . '</a>';
if ($totals) {
$subtotal = 0;
@@ -1538,7 +1538,7 @@ class FunctionsPrintLists {
foreach ($filtered_events as $n => $fact) {
$record = $fact->getParent();
$html .= '<tr>';
- $html .= '<td data-sort="' . Filter::escapeHtml($record->getSortName()) . '">';
+ $html .= '<td data-sort="' . Html::escape($record->getSortName()) . '">';
$html .= '<a href="' . $record->getHtmlUrl() . '">' . $record->getFullName() . '</a>';
if ($record instanceof Individual) {
$html .= $record->getSexImage();
diff --git a/app/GedcomRecord.php b/app/GedcomRecord.php
index 939c1b2f9a..ba4218cb22 100644
--- a/app/GedcomRecord.php
+++ b/app/GedcomRecord.php
@@ -534,7 +534,7 @@ class GedcomRecord {
$this->_getAllNames[] = [
'type' => $type,
'sort' => preg_replace_callback('/([0-9]+)/', function ($matches) { return str_pad($matches[0], 10, '0', STR_PAD_LEFT); }, $value),
- 'full' => '<span dir="auto">' . Filter::escapeHtml($value) . '</span>', // This is used for display
+ 'full' => '<span dir="auto">' . Html::escape($value) . '</span>', // This is used for display
'fullNN' => $value, // This goes into the database
];
}
@@ -610,7 +610,7 @@ class GedcomRecord {
* @return string
*/
public function getFallBackName() {
- return Filter::escapeHtml($this->getXref());
+ return Html::escape($this->getXref());
}
/**
diff --git a/app/GedcomTag.php b/app/GedcomTag.php
index 1bcf9a6f1c..d8cf9110ed 100644
--- a/app/GedcomTag.php
+++ b/app/GedcomTag.php
@@ -1383,7 +1383,7 @@ class GedcomTag {
}
// Still no translation? Highlight this as an error
- return '<span class="error" title="' . I18N::translate('Unrecognized GEDCOM code') . '">' . Filter::escapeHtml($tag) . '</span>';
+ return '<span class="error" title="' . I18N::translate('Unrecognized GEDCOM code') . '">' . Html::escape($tag) . '</span>';
}
}
diff --git a/app/Html.php b/app/Html.php
index a1f37ae007..c7d7c4eb1b 100644
--- a/app/Html.php
+++ b/app/Html.php
@@ -26,7 +26,7 @@ class Html {
*
* @return string
*/
- protected static function escape($string) {
+ public static function escape($string) {
return htmlspecialchars($string, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
}
diff --git a/app/Individual.php b/app/Individual.php
index 2917c71984..b4305a772b 100644
--- a/app/Individual.php
+++ b/app/Individual.php
@@ -1225,7 +1225,7 @@ class Individual extends GedcomRecord {
$full = str_replace('@N.N.', I18N::translateContext('Unknown surname', '…'), $full);
$full = str_replace('@P.N.', I18N::translateContext('Unknown given name', '…'), $full);
// Format for display
- $full = '<span class="NAME" dir="auto" translate="no">' . preg_replace('/\/([^\/]*)\//', '<span class="SURN">$1</span>', Filter::escapeHtml($full)) . '</span>';
+ $full = '<span class="NAME" dir="auto" translate="no">' . preg_replace('/\/([^\/]*)\//', '<span class="SURN">$1</span>', Html::escape($full)) . '</span>';
// Localise quotation marks around the nickname
$full = preg_replace_callback('/&quot;([^&]*)&quot;/', function ($matches) { return I18N::translate('“%s”', $matches[1]); }, $full);
diff --git a/app/Media.php b/app/Media.php
index a870b1a076..ae9be90fde 100644
--- a/app/Media.php
+++ b/app/Media.php
@@ -540,8 +540,8 @@ class Media extends GedcomRecord {
' href="' . $this->getHtmlUrlDirect('main') . '"' .
' type="' . $this->mimeType() . '"' .
' data-obje-url="' . $this->getHtmlUrl() . '"' .
- ' data-obje-note="' . Filter::escapeHtml($this->getNote()) . '"' .
- ' data-title="' . Filter::escapeHtml($this->getFullName()) . '"' .
+ ' data-obje-note="' . Html::escape($this->getNote()) . '"' .
+ ' data-title="' . Html::escape($this->getFullName()) . '"' .
'>' . $image . '</a>';
}
diff --git a/app/Menu.php b/app/Menu.php
index 8092e8b35f..727154bffd 100644
--- a/app/Menu.php
+++ b/app/Menu.php
@@ -69,7 +69,7 @@ class Menu {
foreach ($this->submenus as $submenu) {
$attrs = '';
foreach ($submenu->attrs as $key => $value) {
- $attrs .= ' ' . $key . '="' . Filter::escapeHtml($value) . '"';
+ $attrs .= ' ' . $key . '="' . Html::escape($value) . '"';
}
$class = trim('dropdown-item ' . $submenu->class);
@@ -90,7 +90,7 @@ class Menu {
} else {
$attrs = '';
foreach ($this->attrs as $key => $value) {
- $attrs .= ' ' . $key . '="' . Filter::escapeHtml($value) . '"';
+ $attrs .= ' ' . $key . '="' . Html::escape($value) . '"';
}
$class = trim('nav-item ' . $this->class);
@@ -219,7 +219,7 @@ class Menu {
public function getMenuAsList() {
$attrs = '';
foreach ($this->attrs as $key => $value) {
- $attrs .= ' ' . $key . '="' . Filter::escapeHtml($value) . '"';
+ $attrs .= ' ' . $key . '="' . Html::escape($value) . '"';
}
if ($this->link) {
$link = ' href="' . $this->link . '"';
diff --git a/app/Module/BatchUpdate/BatchUpdateSearchReplacePlugin.php b/app/Module/BatchUpdate/BatchUpdateSearchReplacePlugin.php
index 4c0bab1c38..deb22d0804 100644
--- a/app/Module/BatchUpdate/BatchUpdateSearchReplacePlugin.php
+++ b/app/Module/BatchUpdate/BatchUpdateSearchReplacePlugin.php
@@ -17,6 +17,7 @@ namespace Fisharebest\Webtrees\Module\BatchUpdate;
use Fisharebest\Webtrees\Bootstrap4;
use Fisharebest\Webtrees\Filter;
+use Fisharebest\Webtrees\Html;
use Fisharebest\Webtrees\I18N;
/**
@@ -146,13 +147,13 @@ class BatchUpdateSearchReplacePlugin extends BatchUpdateBasePlugin {
'<div class="row form-group">' .
'<label class="col-sm-3 col-form-label">' . I18N::translate('Search text/pattern') . '</label>' .
'<div class="col-sm-9">' .
- '<input class="form-control" name="search" size="40" value="' . Filter::escapeHtml($this->search) .
+ '<input class="form-control" name="search" size="40" value="' . Html::escape($this->search) .
'" onchange="this.form.submit();">' .
'</div></div>' .
'<div class="row form-group">' .
'<label class="col-sm-3 col-form-label">' . I18N::translate('Replacement text') . '</label>' .
'<div class="col-sm-9">' .
- '<input class="form-control" name="replace" size="40" value="' . Filter::escapeHtml($this->replace) .
+ '<input class="form-control" name="replace" size="40" value="' . Html::escape($this->replace) .
'" onchange="this.form.submit();"></td></tr>' .
'</div></div>' .
'<div class="row form-group">' .
diff --git a/app/Module/BatchUpdateModule.php b/app/Module/BatchUpdateModule.php
index 0b75a33907..328bc521a5 100644
--- a/app/Module/BatchUpdateModule.php
+++ b/app/Module/BatchUpdateModule.php
@@ -22,6 +22,7 @@ use Fisharebest\Webtrees\Database;
use Fisharebest\Webtrees\Family;
use Fisharebest\Webtrees\Filter;
use Fisharebest\Webtrees\GedcomRecord;
+use Fisharebest\Webtrees\Html;
use Fisharebest\Webtrees\I18N;
use Fisharebest\Webtrees\Individual;
use Fisharebest\Webtrees\Media;
@@ -391,9 +392,9 @@ class BatchUpdateModule extends AbstractModule implements ModuleConfigInterface
public static function createSubmitButton($text, $xref, $action = '', $data = '') {
return
'<input class="btn btn-primary" type="submit" value="' . $text . '" onclick="' .
- 'this.form.xref.value=\'' . Filter::escapeHtml($xref) . '\';' .
- 'this.form.action.value=\'' . Filter::escapeHtml($action) . '\';' .
- 'this.form.data.value=\'' . Filter::escapeHtml($data) . '\';' .
+ 'this.form.xref.value=\'' . Html::escape($xref) . '\';' .
+ 'this.form.action.value=\'' . Html::escape($action) . '\';' .
+ 'this.form.data.value=\'' . Html::escape($data) . '\';' .
'return true;"' .
($xref ? '' : ' disabled') . '>';
}
diff --git a/app/Module/CensusAssistantModule.php b/app/Module/CensusAssistantModule.php
index 7814ff357d..6faf90acc6 100644
--- a/app/Module/CensusAssistantModule.php
+++ b/app/Module/CensusAssistantModule.php
@@ -386,7 +386,7 @@ class CensusAssistantModule extends AbstractModule {
echo '<td class="list_value_wrap"><ul>';
usort($myindilist, '\Fisharebest\Webtrees\GedcomRecord::compare');
foreach ($myindilist as $indi) {
- $nam = Filter::escapeHtml($indi->getFullName());
+ $nam = Html::escape($indi->getFullName());
echo "<li><a href=\"#\" onclick=\"pasterow(
'" . $indi->getXref() . "' ,
'" . $nam . "' ,
@@ -469,11 +469,11 @@ class CensusAssistantModule extends AbstractModule {
public static function formatCensusNote(Note $note) {
if (preg_match('/(.*)((?:\n.*)*)\n\.start_formatted_area\.\n(.+)\n(.+(?:\n.+)*)\n.end_formatted_area\.((?:\n.*)*)/', $note->getNote(), $match)) {
// This looks like a census-assistant shared note
- $title = Filter::escapeHtml($match[1]);
- $preamble = Filter::escapeHtml($match[2]);
- $header = Filter::escapeHtml($match[3]);
- $data = Filter::escapeHtml($match[4]);
- $postamble = Filter::escapeHtml($match[5]);
+ $title = Html::escape($match[1]);
+ $preamble = Html::escape($match[2]);
+ $header = Html::escape($match[3]);
+ $data = Html::escape($match[4]);
+ $postamble = Html::escape($match[5]);
// Get the column headers for the census to which this note refers
// requires the fact place & date to match the specific census
diff --git a/app/Module/ClippingsCartModule.php b/app/Module/ClippingsCartModule.php
index 2af66fd8b3..acc43e567f 100644
--- a/app/Module/ClippingsCartModule.php
+++ b/app/Module/ClippingsCartModule.php
@@ -416,8 +416,8 @@ class ClippingsCartModule extends AbstractModule implements ModuleMenuInterface,
<?= I18N::translate('Add the GEDCOM media path to filenames') ?>
</td>
<td class="optionbox">
- <input type="checkbox" name="conv_path" value="<?= Filter::escapeHtml($WT_TREE->getPreference('GEDCOM_MEDIA_PATH')) ?>">
- <span dir="auto"><?= Filter::escapeHtml($WT_TREE->getPreference('GEDCOM_MEDIA_PATH')) ?></span>
+ <input type="checkbox" name="conv_path" value="<?= Html::escape($WT_TREE->getPreference('GEDCOM_MEDIA_PATH')) ?>">
+ <span dir="auto"><?= Html::escape($WT_TREE->getPreference('GEDCOM_MEDIA_PATH')) ?></span>
</td>
</tr>
@@ -775,8 +775,8 @@ class ClippingsCartModule extends AbstractModule implements ModuleMenuInterface,
<tr>
<td class="descriptionbox width50 wrap">' . I18N::translate('Add the GEDCOM media path to filenames') . '</td>
<td class="optionbox">
- <input type="checkbox" name="conv_path" value="' . Filter::escapeHtml($WT_TREE->getPreference('GEDCOM_MEDIA_PATH')) . '">
- <span dir="auto">' . Filter::escapeHtml($WT_TREE->getPreference('GEDCOM_MEDIA_PATH')) . '</span></td>
+ <input type="checkbox" name="conv_path" value="' . Html::escape($WT_TREE->getPreference('GEDCOM_MEDIA_PATH')) . '">
+ <span dir="auto">' . Html::escape($WT_TREE->getPreference('GEDCOM_MEDIA_PATH')) . '</span></td>
</tr>
<input type="hidden" name="conv_path" value="' . $clip_ctrl->conv_path . '">
diff --git a/app/Module/FamiliesSidebarModule.php b/app/Module/FamiliesSidebarModule.php
index 119bc09855..113c4636cd 100644
--- a/app/Module/FamiliesSidebarModule.php
+++ b/app/Module/FamiliesSidebarModule.php
@@ -185,7 +185,7 @@ class FamiliesSidebarModule extends AbstractModule implements ModuleSidebarInter
$surnames = QueryName::surnames($tree, '', $alpha, true, true);
$out = '<ul>';
foreach (array_keys($surnames) as $surname) {
- $out .= '<li class="sb_fam_surname_li"><a href="#" data-surname="' . Filter::escapeHtml($surname) . '" data-alpha="' . Filter::escapeHtml($alpha) . '" class="sb_fam_surname">' . Filter::escapeHtml($surname) . '</a>';
+ $out .= '<li class="sb_fam_surname_li"><a href="#" data-surname="' . Html::escape($surname) . '" data-alpha="' . Html::escape($alpha) . '" class="sb_fam_surname">' . Html::escape($surname) . '</a>';
$out .= '<div class="name_tree_div"></div>';
$out .= '</li>';
}
diff --git a/app/Module/FamilyTreeNewsModule.php b/app/Module/FamilyTreeNewsModule.php
index a26b6b88c7..899119780d 100644
--- a/app/Module/FamilyTreeNewsModule.php
+++ b/app/Module/FamilyTreeNewsModule.php
@@ -101,7 +101,7 @@ class FamilyTreeNewsModule extends AbstractModule implements ModuleBlockInterfac
foreach ($articles as $article) {
$content .= '<div class="news_box">';
- $content .= '<div class="news_title">' . Filter::escapeHtml($article->subject) . '</div>';
+ $content .= '<div class="news_title">' . Html::escape($article->subject) . '</div>';
$content .= '<div class="news_date">' . FunctionsDate::formatTimestamp($article->updated) . '</div>';
if ($article->body == strip_tags($article->body)) {
$article->body = nl2br($article->body, false);
@@ -111,7 +111,7 @@ class FamilyTreeNewsModule extends AbstractModule implements ModuleBlockInterfac
$content .= '<hr>';
$content .= '<a href="editnews.php?news_id=' . $article->news_id . '&amp;ctype=gedcom&amp;ged=' . $WT_TREE->getNameHtml() . '">' . I18N::translate('Edit') . '</a>';
$content .= ' | ';
- $content .= '<a href="editnews.php?action=delete&amp;news_id=' . $article->news_id . '&amp;ctype=gedcom&amp;ged=' . $WT_TREE->getNameHtml() . '" onclick="return confirm(\'' . I18N::translate('Are you sure you want to delete “%s”?', Filter::escapeHtml($article->subject)) . "');\">" . I18N::translate('Delete') . '</a><br>';
+ $content .= '<a href="editnews.php?action=delete&amp;news_id=' . $article->news_id . '&amp;ctype=gedcom&amp;ged=' . $WT_TREE->getNameHtml() . '" onclick="return confirm(\'' . I18N::translate('Are you sure you want to delete “%s”?', Html::escape($article->subject)) . "');\">" . I18N::translate('Delete') . '</a><br>';
}
$content .= '</div>';
}
diff --git a/app/Module/FamilyTreeStatisticsModule.php b/app/Module/FamilyTreeStatisticsModule.php
index a8ea0d2671..790590d047 100644
--- a/app/Module/FamilyTreeStatisticsModule.php
+++ b/app/Module/FamilyTreeStatisticsModule.php
@@ -327,7 +327,7 @@ class FamilyTreeStatisticsModule extends AbstractModule implements ModuleBlockIn
pattern="[1-9][0-9]*"
required
type="text"
- value="<?= Filter::escapeHtml($number_of_surnames) ?>"
+ value="<?= Html::escape($number_of_surnames) ?>"
>
</label>
</div>
diff --git a/app/Module/FrequentlyAskedQuestionsModule.php b/app/Module/FrequentlyAskedQuestionsModule.php
index 1fd9edfc3c..21ac3ea7e0 100644
--- a/app/Module/FrequentlyAskedQuestionsModule.php
+++ b/app/Module/FrequentlyAskedQuestionsModule.php
@@ -177,7 +177,7 @@ class FrequentlyAskedQuestionsModule extends AbstractModule implements ModuleMen
<div class="col-sm-9">
<input type="text" class="form-control" name="header" id="header"
- value="<?= Filter::escapeHtml($header) ?>">
+ value="<?= Html::escape($header) ?>">
</div>
</div>
@@ -187,7 +187,7 @@ class FrequentlyAskedQuestionsModule extends AbstractModule implements ModuleMen
</label>
<div class="col-sm-9">
- <textarea name="faqbody" id="faqbody" class="form-control html-edit" rows="10"><?= Filter::escapeHtml($faqbody) ?></textarea>
+ <textarea name="faqbody" id="faqbody" class="form-control html-edit" rows="10"><?= Html::escape($faqbody) ?></textarea>
</div>
</div>
@@ -491,7 +491,7 @@ class FrequentlyAskedQuestionsModule extends AbstractModule implements ModuleMen
echo '</td><td>';
echo '<a href="module.php?mod=', $this->getName(), '&amp;mod_action=admin_edit&amp;block_id=', $faq->block_id, '"><i class="fa fa-pencil"></i> ', I18N::translate('Edit'), '</a>';
echo '</td><td>';
- echo '<a href="module.php?mod=', $this->getName(), '&amp;mod_action=admin_delete&amp;block_id=', $faq->block_id, '" onclick="return confirm(\'', I18N::translate('Are you sure you want to delete “%s”?', Filter::escapeHtml($faq->header)), '\');"><i class="fa fa-trash"></i> ', I18N::translate('Delete'), '</a>';
+ echo '<a href="module.php?mod=', $this->getName(), '&amp;mod_action=admin_delete&amp;block_id=', $faq->block_id, '" onclick="return confirm(\'', I18N::translate('Are you sure you want to delete “%s”?', Html::escape($faq->header)), '\');"><i class="fa fa-trash"></i> ', I18N::translate('Delete'), '</a>';
echo '</td></tr>';
// NOTE: Print the title text of the current item
echo '<tr><td colspan="5">';
diff --git a/app/Module/GoogleMapsModule.php b/app/Module/GoogleMapsModule.php
index 790c36d6a1..d6d2793269 100644
--- a/app/Module/GoogleMapsModule.php
+++ b/app/Module/GoogleMapsModule.php
@@ -28,6 +28,7 @@ use Fisharebest\Webtrees\FontAwesome;
use Fisharebest\Webtrees\Functions\Functions;
use Fisharebest\Webtrees\Functions\FunctionsCharts;
use Fisharebest\Webtrees\Functions\FunctionsEdit;
+use Fisharebest\Webtrees\Html;
use Fisharebest\Webtrees\I18N;
use Fisharebest\Webtrees\Individual;
use Fisharebest\Webtrees\Log;
@@ -408,7 +409,7 @@ class GoogleMapsModule extends AbstractModule implements ModuleConfigInterface,
<?= I18N::translate('Use Google Maps™ for the place hierarchy') ?>
</legend>
<div class="col-sm-9">
- <?= Bootstrap4::radioButtons('GM_PLACE_HIERARCHY', [I18N::translate('no'), I18N::translate('yes')], $this->getPreference('GM_PLACE_HIERARCHY'), true) ?>
+ <?= Bootstrap4::radioButtons('GM_PLACE_HIERARCHY', [I18N::translate('no'), I18N::translate('yes')], $this->getPreference('GM_PLACE_HIERARCHY', '0'), true) ?>
</div>
</div>
</fieldset>
@@ -1323,7 +1324,7 @@ class GoogleMapsModule extends AbstractModule implements ModuleConfigInterface,
echo '<a href="#" onclick="return openInfowindow(\'', $index, '\')">', $event['fact_label'], '</a></td>';
echo '<td class="', $event['class'], '">';
if ($event['info']) {
- echo '<div><span class="field">', Filter::escapeHtml($event['info']), '</span></div>';
+ echo '<div><span class="field">', Html::escape($event['info']), '</span></div>';
}
if ($event['name']) {
echo '<div>', $event['name'], '</div>';
@@ -2157,7 +2158,7 @@ class GoogleMapsModule extends AbstractModule implements ModuleConfigInterface,
<?php
foreach ($placefiles as $p => $placefile) {
unset($placefiles[$p]);
- $p = Filter::escapeHtml($placefile);
+ $p = Html::escape($placefile);
if (substr($placefile, 0, 1) == '/') {
$placefiles[$p] = substr($placefile, 1);
} else {
@@ -2585,7 +2586,7 @@ class GoogleMapsModule extends AbstractModule implements ModuleConfigInterface,
[0 => I18N::translate('Geographic data')] +
$this->placeIdToHierarchy($place_id === 0 ? $parent_id : $place_id);
foreach ($hierarchy as $id => $name) {
- $breadcrumbs += ['module.php?mod=googlemap&mod_action=admin_places&parent_id=' . $id .'&inactive=' . $inactive => Filter::escapeHtml($name)];
+ $breadcrumbs += ['module.php?mod=googlemap&mod_action=admin_places&parent_id=' . $id .'&inactive=' . $inactive => Html::escape($name)];
}
echo Bootstrap4::breadcrumbs($breadcrumbs, $place_id === 0 ? I18N::translate('Add') : I18N::translate('Edit'));
@@ -2982,7 +2983,7 @@ class GoogleMapsModule extends AbstractModule implements ModuleConfigInterface,
<?= I18N::translate('Place') ?>
</label>
<div class="col-sm-6">
- <input type="text" id="new_pl_name" name="NEW_PLACE_NAME" value="<?= Filter::escapeHtml($record->pl_place) ?>" class="form-control" required>
+ <input type="text" id="new_pl_name" name="NEW_PLACE_NAME" value="<?= Html::escape($record->pl_place) ?>" class="form-control" required>
<label for="new_pl_name">
<a href="#" onclick="showLocation_all(document.getElementById('new_pl_name').value); return false">
@@ -3091,7 +3092,7 @@ class GoogleMapsModule extends AbstractModule implements ModuleConfigInterface,
[0 => I18N::translate('Geographic data')] +
$this->placeIdToHierarchy($parent_id);
foreach (array_slice($hierarchy, 0, -1, true) as $id => $name) {
- $breadcrumbs += ['module.php?mod=googlemap&mod_action=admin_places&parent_id=' . $id .'&inactive=' . $inactive => Filter::escapeHtml($name)];
+ $breadcrumbs += ['module.php?mod=googlemap&mod_action=admin_places&parent_id=' . $id .'&inactive=' . $inactive => Html::escape($name)];
}
echo Bootstrap4::breadcrumbs($breadcrumbs, end($hierarchy));
@@ -3193,7 +3194,7 @@ class GoogleMapsModule extends AbstractModule implements ModuleConfigInterface,
$highestIndex++;
Database::prepare("INSERT INTO `##placelocation` (pl_id, pl_parent_id, pl_level, pl_place, pl_zoom) VALUES (?, ?, ?, ?, ?)")
->execute([$highestIndex, $parent_id, $i, $escparent, $default_zoom_level[$i]]);
- echo Filter::escapeHtml($escparent), '<br>';
+ echo Html::escape($escparent), '<br>';
$parent_id = $highestIndex;
} else {
$parent_id = $row->pl_id;
@@ -3204,12 +3205,12 @@ class GoogleMapsModule extends AbstractModule implements ModuleConfigInterface,
$highestIndex++;
Database::prepare("INSERT INTO `##placelocation` (pl_id, pl_parent_id, pl_level, pl_place, pl_long, pl_lati, pl_zoom) VALUES (?, ?, ?, ?, ?, ?, ?)")
->execute([$highestIndex, $parent_id, $i, $escparent, $place['long'], $place['lati'], $default_zoom_level[$i]]);
- echo Filter::escapeHtml($escparent), '<br>';
+ echo Html::escape($escparent), '<br>';
} else {
if (empty($row->pl_long) && empty($row->pl_lati) && $place['lati'] != '0' && $place['long'] != '0') {
Database::prepare("UPDATE `##placelocation` SET pl_lati=?, pl_long=? WHERE pl_id=?")
->execute([$place['lati'], $place['long'], $row->pl_id]);
- echo Filter::escapeHtml($escparent), '<br>';
+ echo Html::escape($escparent), '<br>';
}
}
}
@@ -3253,7 +3254,7 @@ class GoogleMapsModule extends AbstractModule implements ModuleConfigInterface,
<?php if ($place['place'] === 'Unknown'): ?>
<?= I18N::translate('unknown') ?>
<?php else: ?>
- <?= Filter::escapeHtml($place['place']) ?>
+ <?= Html::escape($place['place']) ?>
<?php endif ?>
<?php if ($place['missing'] > 0): ?>
<span class="badge badge-pill badge-warning">
@@ -3277,7 +3278,7 @@ class GoogleMapsModule extends AbstractModule implements ModuleConfigInterface,
</td>
<td>
<?php if ($place['icon']): ?>
- <img src="<?= WT_STATIC_URL ?><?= WT_MODULES_DIR ?>googlemap/places/flags/<?= Filter::escapeHtml($place['icon']) ?>" width="25" height="15" title="<?= Filter::escapeHtml($place['icon']) ?>" alt="<?= I18N::translate('Flag') ?>">
+ <img src="<?= WT_STATIC_URL ?><?= WT_MODULES_DIR ?>googlemap/places/flags/<?= Html::escape($place['icon']) ?>" width="25" height="15" title="<?= Html::escape($place['icon']) ?>" alt="<?= I18N::translate('Flag') ?>">
<?php else: ?>
<img src="<?= WT_STATIC_URL ?><?= WT_MODULES_DIR ?>googlemap/images/mm_20_red.png">
<?php endif ?>
diff --git a/app/Module/HtmlBlockModule.php b/app/Module/HtmlBlockModule.php
index 0a781f3a19..ad1a5b6a95 100644
--- a/app/Module/HtmlBlockModule.php
+++ b/app/Module/HtmlBlockModule.php
@@ -21,6 +21,7 @@ use Fisharebest\Webtrees\Filter;
use Fisharebest\Webtrees\FontAwesome;
use Fisharebest\Webtrees\Functions\FunctionsDate;
use Fisharebest\Webtrees\Functions\FunctionsEdit;
+use Fisharebest\Webtrees\Html;
use Fisharebest\Webtrees\I18N;
use Fisharebest\Webtrees\Site;
use Fisharebest\Webtrees\Stats;
@@ -273,7 +274,7 @@ class HtmlBlockModule extends AbstractModule implements ModuleBlockInterface {
<?= I18N::translate('Title') ?>
</label>
<div class="col-sm-9">
- <input class="form-control" type="text" id="title" name="title" value="<?= Filter::escapeHtml($title) ?>">
+ <input class="form-control" type="text" id="title" name="title" value="<?= Html::escape($title) ?>">
</div>
</div>
@@ -310,7 +311,7 @@ class HtmlBlockModule extends AbstractModule implements ModuleBlockInterface {
</div>
<div class="row form-group">
- <textarea name="html" id="html" class="html-edit" rows="10"><?= Filter::escapeHtml($html) ?></textarea>
+ <textarea name="html" id="html" class="html-edit" rows="10"><?= Html::escape($html) ?></textarea>
</div>
<fieldset class="form-group">
diff --git a/app/Module/IndividualSidebarModule.php b/app/Module/IndividualSidebarModule.php
index a74e145176..46e3d9f60c 100644
--- a/app/Module/IndividualSidebarModule.php
+++ b/app/Module/IndividualSidebarModule.php
@@ -185,7 +185,7 @@ class IndividualSidebarModule extends AbstractModule implements ModuleSidebarInt
$surnames = QueryName::surnames($tree, '', $alpha, true, false);
$out = '<ul>';
foreach (array_keys($surnames) as $surname) {
- $out .= '<li class="sb_indi_surname_li"><a href="#" data-surname="' . Filter::escapeHtml($surname) . '" data-alpha="' . Filter::escapeHtml($alpha) . '" class="sb_indi_surname">' . Filter::escapeHtml($surname) . '</a>';
+ $out .= '<li class="sb_indi_surname_li"><a href="#" data-surname="' . Html::escape($surname) . '" data-alpha="' . Html::escape($alpha) . '" class="sb_indi_surname">' . Html::escape($surname) . '</a>';
$out .= '<div class="name_tree_div"></div>';
$out .= '</li>';
}
diff --git a/app/Module/LoggedInUsersModule.php b/app/Module/LoggedInUsersModule.php
index 24e9c10580..9f49a39b62 100644
--- a/app/Module/LoggedInUsersModule.php
+++ b/app/Module/LoggedInUsersModule.php
@@ -85,7 +85,7 @@ class LoggedInUsersModule extends AbstractModule implements ModuleBlockInterface
} else {
$content .= $user->getRealNameHtml();
}
- $content .= ' - ' . Filter::escapeHtml($user->getUserName());
+ $content .= ' - ' . Html::escape($user->getUserName());
if (Auth::id() != $user->getUserId() && $user->getPreference('contactmethod') != 'none') {
$content .= FontAwesome::linkIcon('email', I18N::translate('Send a message'), ['class' => 'btn btn-link', 'href' => 'message.php?to=' . Filter::escapeUrl($user->getUserName()) . '&ged=' . $WT_TREE->getNameUrl()]);
}
diff --git a/app/Module/RecentChangesModule.php b/app/Module/RecentChangesModule.php
index 1ed44f57dc..c2aefe5360 100644
--- a/app/Module/RecentChangesModule.php
+++ b/app/Module/RecentChangesModule.php
@@ -230,7 +230,7 @@ class RecentChangesModule extends AbstractModule implements ModuleBlockInterface
if ($timestamp !== '') {
if ($show_user) {
$html .= /* I18N: [a record was] Changed on <date/time> by <user> */
- I18N::translate('Changed on %1$s by %2$s', $timestamp, Filter::escapeHtml($record->lastChangeUser()));
+ I18N::translate('Changed on %1$s by %2$s', $timestamp, Html::escape($record->lastChangeUser()));
} else {
$html .= /* I18N: [a record was] Changed on <date/time> */
I18N::translate('Changed on %1$s', $timestamp);
@@ -323,7 +323,7 @@ class RecentChangesModule extends AbstractModule implements ModuleBlockInterface
break;
}
$html .= '</td>';
- $html .= '<td data-sort="' . Filter::escapeHtml($record->getSortName()) . '">';
+ $html .= '<td data-sort="' . Html::escape($record->getSortName()) . '">';
$html .= '<a href="' . $record->getHtmlUrl() . '">' . $record->getFullName() . '</a>';
$addname = $record->getAddName();
if ($addname) {
@@ -331,7 +331,7 @@ class RecentChangesModule extends AbstractModule implements ModuleBlockInterface
}
$html .= '</td>';
$html .= '<td data-sort="' . $record->lastChangeTimestamp(true) . '">' . $record->lastChangeTimestamp() . '</td>';
- $html .= '<td>' . Filter::escapeHtml($record->lastChangeUser()) . '</td>';
+ $html .= '<td>' . Html::escape($record->lastChangeUser()) . '</td>';
$html .= '</tr>';
}
diff --git a/app/Module/ResearchTaskModule.php b/app/Module/ResearchTaskModule.php
index 44254a721c..3c2634ee8f 100644
--- a/app/Module/ResearchTaskModule.php
+++ b/app/Module/ResearchTaskModule.php
@@ -23,6 +23,7 @@ use Fisharebest\Webtrees\Filter;
use Fisharebest\Webtrees\FontAwesome;
use Fisharebest\Webtrees\Functions\FunctionsEdit;
use Fisharebest\Webtrees\GedcomRecord;
+use Fisharebest\Webtrees\Html;
use Fisharebest\Webtrees\I18N;
use Fisharebest\Webtrees\Theme;
@@ -103,7 +104,7 @@ class ResearchTaskModule extends AbstractModule implements ModuleBlockInterface
if ($user_name === Auth::user()->getUserName() || !$user_name && $show_unassigned || $user_name && $show_other) {
$content .= '<tr>';
$content .= '<td data-sort="' . $fact->getDate()->julianDay() . '">' . $fact->getDate()->display() . '</td>';
- $content .= '<td data-sort="' . Filter::escapeHtml($record->getSortName()) . '"><a href="' . $record->getHtmlUrl() . '">' . $record->getFullName() . '</a></td>';
+ $content .= '<td data-sort="' . Html::escape($record->getSortName()) . '"><a href="' . $record->getHtmlUrl() . '">' . $record->getFullName() . '</a></td>';
$content .= '<td>' . $user_name . '</td>';
$content .= '<td dir="auto">' . $fact->getValue() . '</td>';
$content .= '</tr>';
diff --git a/app/Module/StoriesModule.php b/app/Module/StoriesModule.php
index c20f2f5ba3..52d7fd06b9 100644
--- a/app/Module/StoriesModule.php
+++ b/app/Module/StoriesModule.php
@@ -21,6 +21,7 @@ use Fisharebest\Webtrees\Controller\PageController;
use Fisharebest\Webtrees\Database;
use Fisharebest\Webtrees\Filter;
use Fisharebest\Webtrees\Functions\FunctionsEdit;
+use Fisharebest\Webtrees\Html;
use Fisharebest\Webtrees\I18N;
use Fisharebest\Webtrees\Individual;
use Fisharebest\Webtrees\Menu;
@@ -224,7 +225,7 @@ class StoriesModule extends AbstractModule implements ModuleTabInterface, Module
<?= I18N::translate('Story title') ?>
</label>
<div class="col-sm-9">
- <input type="text" class="form-control" name="title" id="title" value="<?= Filter::escapeHtml($title) ?>">
+ <input type="text" class="form-control" name="title" id="title" value="<?= Html::escape($title) ?>">
</div>
</div>
@@ -233,7 +234,7 @@ class StoriesModule extends AbstractModule implements ModuleTabInterface, Module
<?= I18N::translate('Story') ?>
</label>
<div class="col-sm-9">
- <textarea name="story_body" id="story_body" class="html-edit form-control" rows="10"><?= Filter::escapeHtml($story_body) ?></textarea>
+ <textarea name="story_body" id="story_body" class="html-edit form-control" rows="10"><?= Html::escape($story_body) ?></textarea>
</div>
</div>
@@ -373,7 +374,7 @@ class StoriesModule extends AbstractModule implements ModuleTabInterface, Module
<?php foreach ($stories as $story): ?>
<tr>
<td>
- <?= Filter::escapeHtml($this->getBlockSetting($story->block_id, 'title')) ?>
+ <?= Html::escape($this->getBlockSetting($story->block_id, 'title')) ?>
</td>
<td>
<?php $individual = Individual::getInstance($story->xref, $WT_TREE) ?>
@@ -393,7 +394,7 @@ class StoriesModule extends AbstractModule implements ModuleTabInterface, Module
<td>
<a
href="module.php?mod=<?= $this->getName() ?>&amp;mod_action=admin_delete&amp;block_id=<?= $story->block_id ?>"
- onclick="return confirm('<?= I18N::translate('Are you sure you want to delete “%s”?', Filter::escapeHtml($this->getBlockSetting($story->block_id, 'title'))) ?>');"
+ onclick="return confirm('<?= I18N::translate('Are you sure you want to delete “%s”?', Html::escape($this->getBlockSetting($story->block_id, 'title'))) ?>');"
>
<i class="fa fa-trash"></i> <?= I18N::translate('Delete') ?>
</a>
diff --git a/app/Module/TopSurnamesModule.php b/app/Module/TopSurnamesModule.php
index 97ed881942..8b363437f1 100644
--- a/app/Module/TopSurnamesModule.php
+++ b/app/Module/TopSurnamesModule.php
@@ -178,8 +178,8 @@ class TopSurnamesModule extends AbstractModule implements ModuleBlockInterface {
/**
* Sort (lists of counts of similar) surname by total count.
*
- * @param string[] $a
- * @param string[] $b
+ * @param string[][] $a
+ * @param string[][] $b
*
* @return int
*/
diff --git a/app/Module/UserJournalModule.php b/app/Module/UserJournalModule.php
index 178d27a22b..08a35316d4 100644
--- a/app/Module/UserJournalModule.php
+++ b/app/Module/UserJournalModule.php
@@ -19,6 +19,7 @@ use Fisharebest\Webtrees\Auth;
use Fisharebest\Webtrees\Database;
use Fisharebest\Webtrees\Filter;
use Fisharebest\Webtrees\Functions\FunctionsDate;
+use Fisharebest\Webtrees\Html;
use Fisharebest\Webtrees\I18N;
use Fisharebest\Webtrees\Theme;
@@ -86,7 +87,7 @@ class UserJournalModule extends AbstractModule implements ModuleBlockInterface {
foreach ($articles as $article) {
$content .= '<div class="journal_box">';
- $content .= '<div class="news_title">' . Filter::escapeHtml($article->subject) . '</div>';
+ $content .= '<div class="news_title">' . Html::escape($article->subject) . '</div>';
$content .= '<div class="news_date">' . FunctionsDate::formatTimestamp($article->updated) . '</div>';
if ($article->body == strip_tags($article->body)) {
$article->body = nl2br($article->body, false);
@@ -94,7 +95,7 @@ class UserJournalModule extends AbstractModule implements ModuleBlockInterface {
$content .= $article->body;
$content .= '<a href="editnews.php?news_id=' . $article->news_id . '&amp;ctype=user&amp;ged=' . $WT_TREE->getNameHtml() . '">' . I18N::translate('Edit') . '</a>';
$content .= ' | ';
- $content .= '<a href="editnews.php?action=delete&amp;news_id=' . $article->news_id . '&amp;ctype=user&amp;ged=' . $WT_TREE->getNameHtml() . '" onclick="return confirm(\'' . I18N::translate('Are you sure you want to delete “%s”?', Filter::escapeHtml($article->subject)) . "');\">" . I18N::translate('Delete') . '</a><br>';
+ $content .= '<a href="editnews.php?action=delete&amp;news_id=' . $article->news_id . '&amp;ctype=user&amp;ged=' . $WT_TREE->getNameHtml() . '" onclick="return confirm(\'' . I18N::translate('Are you sure you want to delete “%s”?', Html::escape($article->subject)) . "');\">" . I18N::translate('Delete') . '</a><br>';
$content .= '</div><br>';
}
diff --git a/app/Module/UserMessagesModule.php b/app/Module/UserMessagesModule.php
index 568a35c6fb..0eeac2c3ba 100644
--- a/app/Module/UserMessagesModule.php
+++ b/app/Module/UserMessagesModule.php
@@ -94,7 +94,7 @@ class UserMessagesModule extends AbstractModule implements ModuleBlockInterface
$content .= '<select id="touser" name="touser">';
$content .= '<option value="">' . I18N::translate('&lt;select&gt;') . '</option>';
foreach ($users as $user) {
- $content .= sprintf('<option value="%1$s">%2$s - %1$s</option>', Filter::escapeHtml($user->getUserName()), Filter::escapeHtml($user->getRealName()));
+ $content .= sprintf('<option value="%1$s">%2$s - %1$s</option>', Html::escape($user->getUserName()), Html::escape($user->getRealName()));
}
$content .= '</select>';
$content .= '<input type="button" value="' . I18N::translate('Send') . '" onclick="return message(document.messageform.touser.options[document.messageform.touser.selectedIndex].value, \'messaging2\', \'\');"><br><br>';
@@ -109,7 +109,7 @@ class UserMessagesModule extends AbstractModule implements ModuleBlockInterface
foreach ($messages as $message) {
$content .= '<tr>';
$content .= '<td class="list_value_wrap"><input type="checkbox" name="message_id[]" value="' . $message->message_id . '" id="cb_message' . $message->message_id . '"></td>';
- $content .= '<td class="list_value_wrap"><a href="#" onclick="return expand_layer(\'message' . $message->message_id . '\');"><i id="message' . $message->message_id . '_img" class="icon-plus"></i> <b dir="auto">' . Filter::escapeHtml($message->subject) . '</b></a></td>';
+ $content .= '<td class="list_value_wrap"><a href="#" onclick="return expand_layer(\'message' . $message->message_id . '\');"><i id="message' . $message->message_id . '_img" class="icon-plus"></i> <b dir="auto">' . Html::escape($message->subject) . '</b></a></td>';
$content .= '<td class="list_value_wrap">' . FunctionsDate::formatTimestamp($message->created + WT_TIMESTAMP_OFFSET) . '</td>';
$content .= '<td class="list_value_wrap">';
$user = User::findByIdentifier($message->sender);
@@ -117,7 +117,7 @@ class UserMessagesModule extends AbstractModule implements ModuleBlockInterface
$content .= $user->getRealNameHtml();
$content .= ' - <span dir="auto">' . $user->getEmail() . '</span>';
} else {
- $content .= '<a href="mailto:' . Filter::escapeHtml($message->sender) . '">' . Filter::escapeHtml($message->sender) . '</a>';
+ $content .= '<a href="mailto:' . Html::escape($message->sender) . '">' . Html::escape($message->sender) . '</a>';
}
$content .= '</td>';
$content .= '</tr>';
diff --git a/app/Place.php b/app/Place.php
index 4d65c09aff..6da6d76dd4 100644
--- a/app/Place.php
+++ b/app/Place.php
@@ -134,7 +134,7 @@ class Place {
public function getPlaceName() {
$place = reset($this->gedcom_place);
- return $place ? '<span dir="auto">' . Filter::escapeHtml($place) . '</span>' : I18N::translate('unknown');
+ return $place ? '<span dir="auto">' . Html::escape($place) . '</span>' : I18N::translate('unknown');
}
/**
@@ -154,12 +154,12 @@ class Place {
public function getFullName() {
if (true) {
// If a place hierarchy is a single entity
- return '<span dir="auto">' . Filter::escapeHtml(implode(I18N::$list_separator, $this->gedcom_place)) . '</span>';
+ return '<span dir="auto">' . Html::escape(implode(I18N::$list_separator, $this->gedcom_place)) . '</span>';
} else {
// If a place hierarchy is a list of distinct items
$tmp = [];
foreach ($this->gedcom_place as $place) {
- $tmp[] = '<span dir="auto">' . Filter::escapeHtml($place) . '</span>';
+ $tmp[] = '<span dir="auto">' . Html::escape($place) . '</span>';
}
return implode(I18N::$list_separator, $tmp);
@@ -187,7 +187,7 @@ class Place {
$short_name = implode(self::GEDCOM_SEPARATOR, array_slice($this->gedcom_place, 0, $SHOW_PEDIGREE_PLACES));
}
// Add a tool-tip showing the full name
- return '<span title="' . Filter::escapeHtml($this->getGedcomName()) . '" dir="auto">' . Filter::escapeHtml($short_name) . '</span>';
+ return '<span title="' . Html::escape($this->getGedcomName()) . '" dir="auto">' . Html::escape($short_name) . '</span>';
}
}
@@ -199,7 +199,7 @@ class Place {
public function getReverseName() {
$tmp = [];
foreach (array_reverse($this->gedcom_place) as $place) {
- $tmp[] = '<span dir="auto">' . Filter::escapeHtml($place) . '</span>';
+ $tmp[] = '<span dir="auto">' . Html::escape($place) . '</span>';
}
return implode(I18N::$list_separator, $tmp);
diff --git a/app/Select2.php b/app/Select2.php
index 30a32a2c1a..a80c59b144 100644
--- a/app/Select2.php
+++ b/app/Select2.php
@@ -222,7 +222,14 @@ class Select2 extends Html {
* @return string
*/
public static function individualValue(Individual $individual) {
- return $individual->getFullName() . ', ' . $individual->getLifeSpan();
+ $image = $individual->findHighlightedMedia();
+ if ($image instanceof Media) {
+ $html = $image->displayImage(30, 40, 'crop', []) . ' ';
+ } else {
+ $html = '';
+ }
+
+ return $html . $individual->getFullName() . ', ' . $individual->getLifeSpan();
}
/**
@@ -291,7 +298,7 @@ class Select2 extends Html {
* @return string
*/
public static function mediaObjectValue(Media $media) {
- return $media->getFullName() . ', ' . basename($media->getFilename());
+ return $media->displayImage(30, 40, 'crop', []) . ' ' . $media->getFullName() . ', ' . basename($media->getFilename());
}
/**
diff --git a/app/Stats.php b/app/Stats.php
index e430acd8f2..292e458594 100644
--- a/app/Stats.php
+++ b/app/Stats.php
@@ -5900,9 +5900,9 @@ class Stats {
if (Auth::check()) {
foreach ($loggedusers as $user) {
if ($type == 'list') {
- $content .= '<li>' . Filter::escapeHtml($user->getRealName()) . ' - ' . Filter::escapeHtml($user->getUserName());
+ $content .= '<li>' . Html::escape($user->getRealName()) . ' - ' . Html::escape($user->getUserName());
} else {
- $content .= Filter::escapeHtml($user->getRealName()) . ' - ' . Filter::escapeHtml($user->getUserName());
+ $content .= Html::escape($user->getRealName()) . ' - ' . Html::escape($user->getUserName());
}
if (Auth::id() != $user->getUserId() && $user->getPreference('contactmethod') != 'none') {
if ($type == 'list') {
@@ -6011,10 +6011,10 @@ class Stats {
*/
public function userName($params = []) {
if (Auth::check()) {
- return Filter::escapeHtml(Auth::user()->getUserName());
+ return Html::escape(Auth::user()->getUserName());
} elseif (isset($params[0]) && $params[0] != '') {
// if #username:visitor# was specified, then "visitor" will be returned when the user is not logged in
- return Filter::escapeHtml($params[0]);
+ return Html::escape($params[0]);
} else {
return '';
}
@@ -6051,7 +6051,7 @@ class Stats {
case 'userid':
return $user->getUserId();
case 'username':
- return Filter::escapeHtml($user->getUserName());
+ return Html::escape($user->getUserName());
case 'fullname':
return $user->getRealNameHtml();
case 'regdate':
diff --git a/app/Theme/AbstractTheme.php b/app/Theme/AbstractTheme.php
index 0ad379b350..f70c94e788 100644
--- a/app/Theme/AbstractTheme.php
+++ b/app/Theme/AbstractTheme.php
@@ -25,6 +25,7 @@ use Fisharebest\Webtrees\Functions\Functions;
use Fisharebest\Webtrees\GedcomRecord;
use Fisharebest\Webtrees\GedcomTag;
use Fisharebest\Webtrees\HitCounter;
+use Fisharebest\Webtrees\Html;
use Fisharebest\Webtrees\I18N;
use Fisharebest\Webtrees\Individual;
use Fisharebest\Webtrees\Menu;
@@ -327,9 +328,9 @@ abstract class AbstractTheme {
case 'none':
return '';
case 'mailto':
- return '<a href="mailto:' . Filter::escapeHtml($user->getEmail()) . '">' . $user->getRealNameHtml() . '</a>';
+ return '<a href="mailto:' . Html::escape($user->getEmail()) . '">' . $user->getRealNameHtml() . '</a>';
default:
- return '<a href="message.php?to=' . Filter::escapeUrl($user->getUserName()) . '&amp;ged=' . $this->tree->getNameUrl() . '&amp;url=' . Filter::escapeHtml(Functions::getQueryUrl()) . '">' . $user->getRealNameHtml() . '</a>';
+ return '<a href="message.php?to=' . Filter::escapeUrl($user->getUserName()) . '&amp;ged=' . $this->tree->getNameUrl() . '&amp;url=' . Html::escape(Functions::getQueryUrl()) . '">' . $user->getRealNameHtml() . '</a>';
}
}
@@ -1879,7 +1880,7 @@ abstract class AbstractTheme {
* @return string
*/
protected function metaCsrf() {
- return '<meta name="csrf" content="' . Filter::escapeHtml(Filter::getCsrfToken()) . '">';
+ return '<meta name="csrf" content="' . Html::escape(Filter::getCsrfToken()) . '">';
}
/**
@@ -2181,6 +2182,6 @@ abstract class AbstractTheme {
* @return string
*/
protected function title($title) {
- return '<title>' . Filter::escapeHtml($title) . '</title>';
+ return '<title>' . Html::escape($title) . '</title>';
}
}
diff --git a/app/Tree.php b/app/Tree.php
index 353141addc..ea9c671998 100644
--- a/app/Tree.php
+++ b/app/Tree.php
@@ -116,7 +116,7 @@ class Tree {
* @return string
*/
public function getNameHtml() {
- return Filter::escapeHtml($this->name);
+ return Html::escape($this->name);
}
/**
@@ -143,7 +143,7 @@ class Tree {
* @return string
*/
public function getTitleHtml() {
- return '<span dir="auto">' . Filter::escapeHtml($this->title) . '</span>';
+ return '<span dir="auto">' . Html::escape($this->title) . '</span>';
}
/**
diff --git a/app/User.php b/app/User.php
index fb36eafa4b..81791a4272 100644
--- a/app/User.php
+++ b/app/User.php
@@ -382,7 +382,7 @@ class User {
* @return string
*/
public function getRealNameHtml() {
- return '<span dir="auto">' . Filter::escapeHtml($this->real_name) . '</span>';
+ return '<span dir="auto">' . Html::escape($this->real_name) . '</span>';
}
/**
diff --git a/branches.php b/branches.php
index 2439217c35..c00599f30a 100644
--- a/branches.php
+++ b/branches.php
@@ -35,7 +35,7 @@ $controller->pageHeader();
<?= I18N::translate('Surname') ?>
</label>
<div class="col-sm-9 wt-page-options-value">
- <input class="form-control" data-autocomplete-type="SURN" type="text" name="surname" id="surname" value="<?= Filter::escapeHtml($controller->getSurname()) ?>" dir="auto">
+ <input class="form-control" data-autocomplete-type="SURN" type="text" name="surname" id="surname" value="<?= Html::escape($controller->getSurname()) ?>" dir="auto">
</div>
</div>
diff --git a/edit_changes.php b/edit_changes.php
index 0a74a29a1a..19e6d532ba 100644
--- a/edit_changes.php
+++ b/edit_changes.php
@@ -157,11 +157,11 @@ foreach ($rows as $row) {
<h3>
<?= Tree::findById($gedcom_name)->getTitleHtml() ?>
- <a href="edit_changes.php?action=acceptall&amp;ged=<?= Filter::escapeHtml($gedcom_name) ?>">
+ <a href="edit_changes.php?action=acceptall&amp;ged=<?= Html::escape($gedcom_name) ?>">
<?= I18N::translate('Accept all changes') ?>
</a>
- <a href="edit_changes.php?action=undoall&amp;ged=<?= Filter::escapeHtml($gedcom_name) ?>" onclick="return confirm('<?= I18N::translate('Are you sure you want to reject all the changes to this family tree?') ?>');">
+ <a href="edit_changes.php?action=undoall&amp;ged=<?= Html::escape($gedcom_name) ?>" onclick="return confirm('<?= I18N::translate('Are you sure you want to reject all the changes to this family tree?') ?>');">
<?= I18N::translate('Reject all changes') ?>
</a>
</h3>
@@ -195,7 +195,7 @@ foreach ($rows as $row) {
</td>
<td>
<a href="message.php?to=<?= Filter::escapeUrl($record_change->user_name) ?>&amp;subject=<?= Filter::escapeUrl(I18N::translate('Moderate pending changes')) ?>&amp;ged=<?= $WT_TREE->getNameUrl() ?>" title="<?= I18N::translate('Send a message') ?>">
- <?= Filter::escapeHtml($record_change->real_name)?> - <?= Filter::escapeHtml($record_change->user_name) ?>
+ <?= Html::escape($record_change->real_name)?> - <?= Html::escape($record_change->user_name) ?>
</a>
</td>
<td>
diff --git a/edit_interface.php b/edit_interface.php
index dc62fdd903..b744d1280a 100644
--- a/edit_interface.php
+++ b/edit_interface.php
@@ -72,7 +72,7 @@ switch ($action) {
</div>
<input type="hidden" name="fact_id[]" value="<?= $fact->getFactId() ?>">
<textarea name="fact[]" dir="ltr" rows="<?= preg_match_all('/\n/', $fact->getGedcom()) ?>"
- style="width:100%;"><?= Filter::escapeHtml($fact->getGedcom()) ?></textarea>
+ style="width:100%;"><?= Html::escape($fact->getGedcom()) ?></textarea>
</li>
<?php } ?>
<?php } ?>
@@ -186,7 +186,7 @@ switch ($action) {
</label>
<div class="col-sm-9">
<textarea autofocus class="form-control" rows="<?= $rows ?>" name="gedcom" id="gedcom"
- dir="ltr"><?= Filter::escapeHtml($edit_fact->getGedcom()) ?></textarea>
+ dir="ltr"><?= Html::escape($edit_fact->getGedcom()) ?></textarea>
</div>
</div>
<?= keep_chan($record) ?>
@@ -595,7 +595,7 @@ switch ($action) {
<?= I18N::translate('Title') ?>
</label>
<div class="col-sm-9">
- <input type="text" id="TITL" name="TITL" class="form-control" value="<?= Filter::escapeHtml($TITL) ?>" required>
+ <input type="text" id="TITL" name="TITL" class="form-control" value="<?= Html::escape($TITL) ?>" required>
</div>
</div>
@@ -604,10 +604,10 @@ switch ($action) {
<?= I18N::translate('Filename on server') ?>
</label>
<div class="col-sm-9">
- <input type="text" id="FILE" name="FILE" class="form-control" value="<?= Filter::escapeHtml($FILE) ?>" required>
+ <input type="text" id="FILE" name="FILE" class="form-control" value="<?= Html::escape($FILE) ?>" required>
<?php if ($auto_file !== ''): ?>
- <a href="#" class="btn btn-link" title="<?= Filter::escapeHtml($auto_file) ?>" onclick="document.querySelector('#FILE').value='<?= Filter::escapeHtml($auto_file) ?>'; document.querySelector('#FILE').focus(); return false;">
+ <a href="#" class="btn btn-link" title="<?= Html::escape($auto_file) ?>" onclick="document.querySelector('#FILE').value='<?= Html::escape($auto_file) ?>'; document.querySelector('#FILE').focus(); return false;">
<?= I18N::translate('Create a unique filename') ?>
</a>
<?php endif ?>
@@ -1757,7 +1757,7 @@ switch ($action) {
<tr>
<td class="descriptionbox wrap width25"><?= I18N::translate('Shared note') ?></td>
<td class="optionbox wrap">
- <textarea name="NOTE" id="NOTE" rows="15" cols="90"><?= Filter::escapeHtml($note->getNote()) ?></textarea>
+ <textarea name="NOTE" id="NOTE" rows="15" cols="90"><?= Html::escape($note->getNote()) ?></textarea>
<br>
<?= FunctionsPrint::printSpecialCharacterLink('NOTE') ?>
</td>
@@ -2613,7 +2613,7 @@ function keep_chan(GedcomRecord $record = null) {
if ($record) {
$details
= GedcomTag::getLabelValue('DATE', $record->lastChangeTimestamp()) .
- GedcomTag::getLabelValue('_WT_USER', Filter::escapeHtml($record->lastChangeUser()));
+ GedcomTag::getLabelValue('_WT_USER', Html::escape($record->lastChangeUser()));
} else {
$details = '';
}
diff --git a/editnews.php b/editnews.php
index f0ee50298d..0faea7908f 100644
--- a/editnews.php
+++ b/editnews.php
@@ -102,7 +102,7 @@ if (Module::getModuleByName('ckeditor')) {
<tr>
<tr>
<td>
- <input type="text" id="subject" name="subject" size="50" dir="auto" autofocus value="<?= Filter::escapeHtml($news['subject']) ?>">
+ <input type="text" id="subject" name="subject" size="50" dir="auto" autofocus value="<?= Html::escape($news['subject']) ?>">
</td>
</tr>
<tr>
@@ -114,7 +114,7 @@ if (Module::getModuleByName('ckeditor')) {
</tr>
<tr>
<td>
- <textarea id="body" name="body" class="html-edit" cols="80" rows="10" dir="auto"><?= Filter::escapeHtml($news['body']) ?></textarea>
+ <textarea id="body" name="body" class="html-edit" cols="80" rows="10" dir="auto"><?= Html::escape($news['body']) ?></textarea>
</td>
</tr>
<tr>
diff --git a/edituser.php b/edituser.php
index bbe3cb365c..411427094f 100644
--- a/edituser.php
+++ b/edituser.php
@@ -132,7 +132,7 @@ function checkform(frm) {
<?= I18N::translate('Username') ?>
</label>
<div class="col-sm-9">
- <input type="text" class="form-control" id="username" name="username" value="<?= Filter::escapeHtml(Auth::user()->getUserName()) ?>" dir="auto" aria-describedby="username-description" required>
+ <input type="text" class="form-control" id="username" name="username" value="<?= Html::escape(Auth::user()->getUserName()) ?>" dir="auto" aria-describedby="username-description" required>
<p class="small text-muted" id="username-description">
<?= I18N::translate('Usernames are case-insensitive and ignore accented letters, so that “chloe”, “chloë”, and “Chloe” are considered to be the same.') ?>
</p>
@@ -144,7 +144,7 @@ function checkform(frm) {
<?= I18N::translate('Real name') ?>
</label>
<div class="col-sm-9">
- <input type="text" class="form-control" id="real-name" name="real-name" value="<?= Filter::escapeHtml(Auth::user()->getRealName()) ?>" dir="auto" aria-describedby="real-name-description" required>
+ <input type="text" class="form-control" id="real-name" name="real-name" value="<?= Html::escape(Auth::user()->getRealName()) ?>" dir="auto" aria-describedby="real-name-description" required>
<p class="small text-muted" id="username-description">
<?= I18N::translate('This is your real name, as you would like it displayed on screen.') ?>
</p>
@@ -233,7 +233,7 @@ function checkform(frm) {
<?= I18N::translate('Email address') ?>
</label>
<div class="col-sm-9">
- <input class="form-control" type="email" id="email" name="email" value="<?= Filter::escapeHtml(Auth::user()->getEmail()) ?>" aria-describedby="email-description">
+ <input class="form-control" type="email" id="email" name="email" value="<?= Html::escape(Auth::user()->getEmail()) ?>" aria-describedby="email-description">
<p class="small text-muted" id="email-description">
<?= I18N::translate('This email address will be used to send password reminders, website notifications, and messages from other family members who are registered on the website.') ?>
</p>
@@ -248,7 +248,7 @@ function checkform(frm) {
<div class="col-sm-9">
<select class="form-control" id="theme" name="theme" aria-describedby="theme-description">
<option value="">
- <?= Filter::escapeHtml(/* I18N: default option in list of themes */ I18N::translate('<default theme>')) ?>
+ <?= Html::escape(/* I18N: default option in list of themes */ I18N::translate('<default theme>')) ?>
</option>
<?php foreach (Theme::themeNames() as $theme_id => $theme_name): ?>
<option value="<?= $theme_id ?>" <?= $theme_id === Auth::user()->getPreference('theme') ? 'selected' : '' ?>>
diff --git a/famlist.php b/famlist.php
index 7a998527e7..47ebf9e504 100644
--- a/famlist.php
+++ b/famlist.php
@@ -57,7 +57,7 @@ if ($show_all === 'yes') {
} elseif ($falpha) {
$alpha = '';
$surname = '';
- $legend = I18N::translate('All') . ', ' . Filter::escapeHtml($falpha) . '…';
+ $legend = I18N::translate('All') . ', ' . Html::escape($falpha) . '…';
$url = '?show_all=yes&amp;ged=' . $controller->tree()->getNameUrl();
$show = 'indi';
} else {
@@ -86,7 +86,7 @@ if ($show_all === 'yes') {
$url .= '&amp;falpha=' . rawurlencode($falpha) . '&amp;ged=' . $controller->tree()->getNameUrl();
break;
default:
- $legend .= ', ' . Filter::escapeHtml($falpha) . '…';
+ $legend .= ', ' . Html::escape($falpha) . '…';
$url .= '&amp;falpha=' . rawurlencode($falpha) . '&amp;ged=' . $controller->tree()->getNameUrl();
break;
}
@@ -103,7 +103,7 @@ if ($show_all === 'yes') {
$show = 'indi'; // SURN list makes no sense here
} elseif ($alpha) {
$show_all = 'no';
- $legend = Filter::escapeHtml($alpha) . '…';
+ $legend = Html::escape($alpha) . '…';
$url = '?alpha=' . rawurlencode($alpha) . '&amp;ged=' . $controller->tree()->getNameUrl();
$show = Filter::get('show', 'surn|indi', 'surn');
} else {
diff --git a/indilist.php b/indilist.php
index 5ffacd2d47..2a6d8e998a 100644
--- a/indilist.php
+++ b/indilist.php
@@ -57,7 +57,7 @@ if ($show_all === 'yes') {
} elseif ($falpha) {
$alpha = '';
$surname = '';
- $legend = I18N::translate('All') . ', ' . Filter::escapeHtml($falpha) . '…';
+ $legend = I18N::translate('All') . ', ' . Html::escape($falpha) . '…';
$url = '?show_all=yes&amp;ged=' . $controller->tree()->getNameUrl();
$show = 'indi';
} else {
@@ -86,7 +86,7 @@ if ($show_all === 'yes') {
$url .= '&amp;falpha=' . rawurlencode($falpha) . '&amp;ged=' . $controller->tree()->getNameUrl();
break;
default:
- $legend .= ', ' . Filter::escapeHtml($falpha) . '…';
+ $legend .= ', ' . Html::escape($falpha) . '…';
$url .= '&amp;falpha=' . rawurlencode($falpha) . '&amp;ged=' . $controller->tree()->getNameUrl();
break;
}
@@ -103,7 +103,7 @@ if ($show_all === 'yes') {
$show = 'indi'; // SURN list makes no sense here
} elseif ($alpha) {
$show_all = 'no';
- $legend = Filter::escapeHtml($alpha) . '…';
+ $legend = Html::escape($alpha) . '…';
$url = '?alpha=' . rawurlencode($alpha) . '&amp;ged=' . $controller->tree()->getNameUrl();
$show = Filter::get('show', 'surn|indi', 'surn');
} else {
diff --git a/individual.php b/individual.php
index 697e9613a6..abf9084ac0 100644
--- a/individual.php
+++ b/individual.php
@@ -84,7 +84,7 @@ $user_link = '';
if (Auth::isAdmin()) {
$user = User::findByGenealogyRecord($controller->record);
if ($user) {
- $user_link = ' — <a href="admin_users.php?filter=' . Filter::escapeHtml($user->getUserName()) . '">' . Filter::escapeHtml($user->getUserName()) . '</a>';
+ $user_link = ' — <a href="admin_users.php?filter=' . Html::escape($user->getUserName()) . '">' . Html::escape($user->getUserName()) . '</a>';
};
}
diff --git a/inverselink.php b/inverselink.php
index ce5e119e10..d91d210df4 100644
--- a/inverselink.php
+++ b/inverselink.php
@@ -68,7 +68,7 @@ if ($linkto == 'manage' && Module::getModuleByName('GEDFact_assistant')) {
->execute([$mediaid, $WT_TREE->getTreeId()])
->fetchOne();
if ($title) {
- echo '<b>', Filter::escapeHtml($title), '</b>';
+ echo '<b>', Html::escape($title), '</b>';
} else {
echo '<b>', $mediaid, '</b>';
}
diff --git a/login.php b/login.php
index b0a7382ff3..277481abf0 100644
--- a/login.php
+++ b/login.php
@@ -182,10 +182,10 @@ default:
}
echo '<form id="login-form" name="login-form" method="post" action="', WT_LOGIN_URL, '">
<input type="hidden" name="action" value="login">
- <input type="hidden" name="url" value="', Filter::escapeHtml($url), '">';
+ <input type="hidden" name="url" value="', Html::escape($url), '">';
echo '<div>
<label for="username">', I18N::translate('Username'),
- '<input type="text" id="username" name="username" value="', Filter::escapeHtml($username), '" class="formField" autofocus>
+ '<input type="text" id="username" name="username" value="', Html::escape($username), '" class="formField" autofocus>
</label>
</div>
<div>
@@ -250,15 +250,15 @@ case 'requestpw':
I18N::translate('Lost password request'),
I18N::translate('Hello %s…', $user->getRealNameHtml()) . Mail::EOL . Mail::EOL .
I18N::translate('A new password has been requested for your username.') . Mail::EOL . Mail::EOL .
- I18N::translate('Username') . ': ' . Filter::escapeHtml($user->getUserName()) . Mail::EOL .
+ I18N::translate('Username') . ': ' . Html::escape($user->getUserName()) . Mail::EOL .
I18N::translate('Password') . ': ' . $user_new_pw . Mail::EOL . Mail::EOL .
I18N::translate('After you have signed in, select the “My account” link under the “My pages” menu and fill in the password fields to change your password.') . Mail::EOL . Mail::EOL .
'<a href="' . WT_BASE_URL . 'login.php?ged=' . $WT_TREE->getNameUrl() . '">' . WT_BASE_URL . 'login.php?ged=' . $WT_TREE->getNameUrl() . '</a>'
);
- FlashMessages::addMessage(I18N::translate('A new password has been created and emailed to %s. You can change this password after you sign in.', Filter::escapeHtml($user_name)), 'success');
+ FlashMessages::addMessage(I18N::translate('A new password has been created and emailed to %s. You can change this password after you sign in.', Html::escape($user_name)), 'success');
} else {
- FlashMessages::addMessage(I18N::translate('There is no account with the username or email “%s”.', Filter::escapeHtml($user_name)), 'danger');
+ FlashMessages::addMessage(I18N::translate('There is no account with the username or email “%s”.', Html::escape($user_name)), 'danger');
}
header('Location: login.php');
@@ -315,10 +315,10 @@ case 'register':
I18N::translate('Hello administrator…') . Mail::EOL . Mail::EOL .
/* I18N: %s is a server name/URL */
I18N::translate('A prospective user has registered with webtrees at %s.', WT_BASE_URL . ' ' . $WT_TREE->getTitleHtml()) . Mail::EOL . Mail::EOL .
- I18N::translate('Username') . ' ' . Filter::escapeHtml($user->getUserName()) . Mail::EOL .
+ I18N::translate('Username') . ' ' . Html::escape($user->getUserName()) . Mail::EOL .
I18N::translate('Real name') . ' ' . $user->getRealNameHtml() . Mail::EOL .
- I18N::translate('Email address') . ' ' . Filter::escapeHtml($user->getEmail()) . Mail::EOL .
- I18N::translate('Comments') . ' ' . Filter::escapeHtml($user_comments) . Mail::EOL . Mail::EOL .
+ I18N::translate('Email address') . ' ' . Html::escape($user->getEmail()) . Mail::EOL .
+ I18N::translate('Comments') . ' ' . Html::escape($user_comments) . Mail::EOL . Mail::EOL .
I18N::translate('The user has been sent an email with the information necessary to confirm the access request.') . Mail::EOL . Mail::EOL .
I18N::translate('You will be informed by email when this prospective user has confirmed the request. You can then complete the process by activating the username. The new user will not be able to sign in until you activate the account.');
@@ -337,9 +337,9 @@ case 'register':
I18N::translate('Follow this link to verify your email address.') .
Mail::EOL . Mail::EOL .
'<a href="' . WT_LOGIN_URL . '?user_name=' . Filter::escapeUrl($user->getUserName()) . '&amp;user_hashcode=' . $user->getPreference('reg_hashcode') . '&amp;action=userverify&amp;ged=' . $WT_TREE->getNameUrl() . '">' .
- WT_LOGIN_URL . '?user_name=' . Filter::escapeHtml($user->getUserName()) . '&amp;user_hashcode=' . urlencode($user->getPreference('reg_hashcode')) . '&amp;action=userverify&amp;ged=' . $WT_TREE->getNameHtml() .
+ WT_LOGIN_URL . '?user_name=' . Html::escape($user->getUserName()) . '&amp;user_hashcode=' . urlencode($user->getPreference('reg_hashcode')) . '&amp;action=userverify&amp;ged=' . $WT_TREE->getNameHtml() .
'</a>' . Mail::EOL . Mail::EOL .
- I18N::translate('Username') . ' - ' . Filter::escapeHtml($user->getUserName()) . Mail::EOL .
+ I18N::translate('Username') . ' - ' . Html::escape($user->getUserName()) . Mail::EOL .
I18N::translate('Comments') . ' - ' . $user->getPreference('comment') . Mail::EOL .
I18N::translate('If you didn’t request an account, you can just delete this message.') . Mail::EOL;
$mail2_subject = /* I18N: %s is a server name/URL */ I18N::translate('Your registration at %s', WT_BASE_URL);
@@ -413,7 +413,7 @@ case 'register':
<div>
<label for="user_realname">
<?= I18N::translate('Real name') ?>
- <input type="text" id="user_realname" name="user_realname" required maxlength="64" value="<?= Filter::escapeHtml($user_realname) ?>" autofocus>
+ <input type="text" id="user_realname" name="user_realname" required maxlength="64" value="<?= Html::escape($user_realname) ?>" autofocus>
</label>
<p class="small text-muted">
<?= I18N::translate('This is your real name, as you would like it displayed on screen.') ?>
@@ -423,7 +423,7 @@ case 'register':
<div>
<label for="user_email">
<?= I18N::translate('Email address') ?>
- <input type="email" id="user_email" name="user_email" required maxlength="64" value="<?= Filter::escapeHtml($user_email) ?>">
+ <input type="email" id="user_email" name="user_email" required maxlength="64" value="<?= Html::escape($user_email) ?>">
</label>
<p class="small text-muted">
<?= I18N::translate('This email address will be used to send password reminders, website notifications, and messages from other family members who are registered on the website.') ?>
@@ -433,7 +433,7 @@ case 'register':
<div>
<label for="username">
<?= I18N::translate('Username') ?>
- <input type="text" id="username" name="user_name" required maxlength="32" value="<?php Filter::escapeHtml($user_name) ?>">
+ <input type="text" id="username" name="user_name" required maxlength="32" value="<?php Html::escape($user_name) ?>">
</label>
<p class="small text-muted">
<?= I18N::translate('Usernames are case-insensitive and ignore accented letters, so that “chloe”, “chloë”, and “Chloe” are considered to be the same.') ?>
@@ -446,7 +446,7 @@ case 'register':
<input required
type="password"
id="user_password01" name="user_password01"
- value="<?= Filter::escapeHtml($user_password01) ?>"
+ value="<?= Html::escape($user_password01) ?>"
placeholder="<?= /* I18N: placeholder text for new-password field */ I18N::plural('Use at least %s character.', 'Use at least %s characters.', WT_MINIMUM_PASSWORD_LENGTH, I18N::number(WT_MINIMUM_PASSWORD_LENGTH)) ?>"
pattern="<?= WT_REGEX_PASSWORD ?>"
onchange="form.user_password02.pattern = regex_quote(this.value);"
@@ -463,7 +463,7 @@ case 'register':
<input required
type="password"
id="user_password02" name="user_password02"
- value="<?= Filter::escapeHtml($user_password02) ?>"
+ value="<?= Html::escape($user_password02) ?>"
placeholder="<?= /* I18N: placeholder text for repeat-password field */ I18N::translate('Type the password again.') ?>"
pattern="<?= WT_REGEX_PASSWORD ?>"
>
@@ -480,7 +480,7 @@ case 'register':
cols="50" rows="5"
id="user_comments" name="user_comments"
placeholder="<?php /* I18N: placeholder text for registration-comments field */ I18N::translate('Explain why you are requesting an account.') ?>"
- ><?= Filter::escapeHtml($user_comments) ?></textarea>
+ ><?= Html::escape($user_comments) ?></textarea>
</label>
<p class="small text-muted">
<?= I18N::translate('Use this field to tell the site administrator why you are requesting an account and how you are related to the genealogy displayed on this site. You can also use this to enter any other comments you may have for the site administrator.') ?>
@@ -555,8 +555,8 @@ case 'verify_hash':
/* I18N: %1$s is a real-name, %2$s is a username, %3$s is an email address */ I18N::translate(
'A new user (%1$s) has requested an account (%2$s) and verified an email address (%3$s).',
$user->getRealNameHtml(),
- Filter::escapeHtml($user->getUserName()),
- Filter::escapeHtml($user->getEmail())
+ Html::escape($user->getUserName()),
+ Html::escape($user->getEmail())
) .
Mail::EOL . Mail::EOL .
I18N::translate('You need to review the account details.') .
diff --git a/medialist.php b/medialist.php
index e5d1c5ea95..0caeb3ed0c 100644
--- a/medialist.php
+++ b/medialist.php
@@ -109,7 +109,7 @@ $medialist = QueryMedia::mediaList(
<?= I18N::translate('Search filters') ?>
</label>
<div class="col-sm-3 wt-page-options-value">
- <input type="text" class="form-control" name="filter" id="filter" value="<?= Filter::escapeHtml($filter) ?>">
+ <input type="text" class="form-control" name="filter" id="filter" value="<?= Html::escape($filter) ?>">
</div>
<div class="col-sm-3 col-form-label wt-page-options-label">
diff --git a/message.php b/message.php
index dbe70f137a..6c854faff1 100644
--- a/message.php
+++ b/message.php
@@ -71,7 +71,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// No errors. Send the message.
foreach ($recipients as $recipient) {
if (deliverMessage($WT_TREE, $from_email, $from_name, $recipient, $subject, $body, $url)) {
- FlashMessages::addMessage(I18N::translate('The message was successfully sent to %s.', Filter::escapeHtml($to)), 'info');
+ FlashMessages::addMessage(I18N::translate('The message was successfully sent to %s.', Html::escape($to)), 'info');
} else {
FlashMessages::addMessage(I18N::translate('The message was not sent.'), 'danger');
Log::addErrorLog('Unable to send a message. FROM:' . $from_email . ' TO:' . $recipient->getEmail());
@@ -102,15 +102,15 @@ $to_names = implode(I18N::$list_separator, array_map(function(User $user) { retu
<form method="post">
<?= Filter::getCsrf() ?>
- <input type="hidden" name="url" value="<?= Filter::escapeHtml($url) ?>">
+ <input type="hidden" name="url" value="<?= Html::escape($url) ?>">
<div class="form-group row">
<div class="col-sm-3 col-form-label">
<?= I18N::translate('To') ?>
</div>
<div class="col-sm-9">
- <input type="hidden" name="to" value="<?= Filter::escapeHtml($to) ?>">
- <div class="form-control"><?= Filter::escapeHtml($to_names) ?></div>
+ <input type="hidden" name="to" value="<?= Html::escape($to) ?>">
+ <div class="form-control"><?= Html::escape($to_names) ?></div>
</div>
</div>
@@ -120,7 +120,7 @@ $to_names = implode(I18N::$list_separator, array_map(function(User $user) { retu
<?= I18N::translate('From') ?>
</div>
<div class="col-sm-9">
- <div class="form-control"><?= Filter::escapeHtml(Auth::user()->getRealName()) ?></div>
+ <div class="form-control"><?= Html::escape(Auth::user()->getRealName()) ?></div>
</div>
</div>
<?php else: ?>
@@ -129,7 +129,7 @@ $to_names = implode(I18N::$list_separator, array_map(function(User $user) { retu
<?= I18N::translate('Your name') ?>
</label>
<div class="col-sm-9">
- <input class="form-control" id="from-name" type="text" name="from_name" value="<?= Filter::escapeHtml($from_name) ?>" required>
+ <input class="form-control" id="from-name" type="text" name="from_name" value="<?= Html::escape($from_name) ?>" required>
</div>
</div>
<div class="form-group row">
@@ -137,7 +137,7 @@ $to_names = implode(I18N::$list_separator, array_map(function(User $user) { retu
<?= I18N::translate('Email address') ?>
</label>
<div class="col-sm-9">
- <input class="form-control" id="from-email" type="text" name="from_email" value="<?= Filter::escapeHtml($from_email) ?>" required>
+ <input class="form-control" id="from-email" type="text" name="from_email" value="<?= Html::escape($from_email) ?>" required>
</div>
</div>
<?php endif ?>
@@ -147,7 +147,7 @@ $to_names = implode(I18N::$list_separator, array_map(function(User $user) { retu
<?= I18N::translate('Subject') ?>
</label>
<div class="col-sm-9">
- <input class="form-control" id="subject" type="text" name="subject" value="<?= Filter::escapeHtml($subject) ?>" required>
+ <input class="form-control" id="subject" type="text" name="subject" value="<?= Html::escape($subject) ?>" required>
</div>
</div>
@@ -156,7 +156,7 @@ $to_names = implode(I18N::$list_separator, array_map(function(User $user) { retu
<?= I18N::translate('Body') ?>
</label>
<div class="col-sm-9">
- <textarea class="form-control" id="body" type="text" name="body" required><?= Filter::escapeHtml($body) ?></textarea>
+ <textarea class="form-control" id="body" type="text" name="body" required><?= Html::escape($body) ?></textarea>
</div>
</div>
diff --git a/placelist.php b/placelist.php
index bdfdf85612..4eec7ef273 100644
--- a/placelist.php
+++ b/placelist.php
@@ -33,7 +33,7 @@ $level = count($parent);
if ($display == 'hierarchy') {
if ($level) {
- $controller->setPageTitle(I18N::translate('Place hierarchy') . ' - <span dir="auto">' . Filter::escapeHtml($parent[$level - 1]) . '</span>');
+ $controller->setPageTitle(I18N::translate('Place hierarchy') . ' - <span dir="auto">' . Html::escape($parent[$level - 1]) . '</span>');
} else {
$controller->setPageTitle(I18N::translate('Place hierarchy'));
}
diff --git a/reportengine.php b/reportengine.php
index f82d9e7f46..89ba243adb 100644
--- a/reportengine.php
+++ b/reportengine.php
@@ -115,12 +115,12 @@ case 'choose':
<h2 class="wt-page-title">', I18N::translate('Choose a report to run'), '</h2>
<form name="choosereport" action="reportengine.php">
<input type="hidden" name="action" value="setup">
- <input type="hidden" name="output" value="', Filter::escapeHtml($output), '">
+ <input type="hidden" name="output" value="', Html::escape($output), '">
<table class="facts_table width40">
<tr><td class="descriptionbox wrap width33 vmiddle">', I18N::translate('Report'), '</td>
<td class="optionbox"><select name="report">';
foreach ($reports as $file => $report) {
- echo '<option value="', Filter::escapeHtml($file), '">', Filter::escapeHtml($report), '</option>';
+ echo '<option value="', Html::escape($file), '">', Html::escape($report), '</option>';
}
echo '</select></td></tr>
<tr><td class="topbottombar" colspan="2"><input type="submit" value="', I18N::translate('continue'), '"></td></tr>
@@ -141,7 +141,7 @@ case 'setup':
<h2 class="wt-page-title">', $report_array['title'], '</h2>
<form name="setupreport" action="reportengine.php">
<input type="hidden" name="action" value="run">
- <input type="hidden" name="report" value="', Filter::escapeHtml($report), '">
+ <input type="hidden" name="report" value="', Html::escape($report), '">
<table class="facts_table width50">
<tr><td class="descriptionbox width30 wrap">', I18N::translate('Report'), '</td><td class="optionbox">', $report_array['description'], '</td></tr>';
@@ -150,7 +150,7 @@ case 'setup':
}
foreach ($report_array['inputs'] as $input) {
echo '<tr><td class="descriptionbox wrap">';
- echo '<input type="hidden" name="varnames[]" value="', Filter::escapeHtml($input['name']), '">';
+ echo '<input type="hidden" name="varnames[]" value="', Html::escape($input['name']), '">';
echo I18N::translate($input['value']), '</td><td class="optionbox">';
if (!isset($input['type'])) {
$input['type'] = 'text';
@@ -195,15 +195,15 @@ case 'setup':
break;
}
- echo ' type="text" name="vars[', Filter::escapeHtml($input['name']), ']" id="', Filter::escapeHtml($input['name']), '" value="', Filter::escapeHtml($input['default']), '" style="direction: ltr;">';
+ echo ' type="text" name="vars[', Html::escape($input['name']), ']" id="', Html::escape($input['name']), '" value="', Html::escape($input['default']), '" style="direction: ltr;">';
}
if ($input['type'] == 'checkbox') {
- echo '<input type="checkbox" name="vars[', Filter::escapeHtml($input['name']), ']" id="', Filter::escapeHtml($input['name']), '" value="1" ';
+ echo '<input type="checkbox" name="vars[', Html::escape($input['name']), ']" id="', Html::escape($input['name']), '" value="1" ';
echo $input['default'] == '1' ? 'checked' : '';
echo '>';
}
if ($input['type'] == 'select') {
- echo '<select name="vars[', Filter::escapeHtml($input['name']), ']" id="', Filter::escapeHtml($input['name']), '_var">';
+ echo '<select name="vars[', Html::escape($input['name']), ']" id="', Html::escape($input['name']), '_var">';
$options = preg_split('/[|]+/', $input['options']);
foreach ($options as $option) {
$opt = explode('=>', $option);
@@ -215,20 +215,20 @@ case 'setup':
} elseif (preg_match('/^I18N::translateContext\(\'(.+)\', *\'(.+)\'\)$/', $display, $match)) {
$display = I18N::translateContext($match[1], $match[2]);
}
- echo '<option value="', Filter::escapeHtml($value), '" ';
+ echo '<option value="', Html::escape($value), '" ';
if ($opt[0] == $input['default']) {
echo 'selected';
}
- echo '>', Filter::escapeHtml($display), '</option>';
+ echo '>', Html::escape($display), '</option>';
}
echo '</select>';
}
if (isset($input['lookup'])) {
- echo '<input type="hidden" name="type[', Filter::escapeHtml($input['name']), ']" value="', Filter::escapeHtml($input['lookup']), '">';
+ echo '<input type="hidden" name="type[', Html::escape($input['name']), ']" value="', Html::escape($input['lookup']), '">';
if ($input['lookup'] == 'INDI') {
} elseif ($input['lookup'] == 'DATE') {
echo FontAwesome::linkIcon('calendar', I18N::translate('Select a date'), ['class' => 'btn btn-link', 'href' => '#', 'onclick' => 'return calendarWidget("div_' . Filter::escapeJs($input['name']) . '", "' . Filter::escapeJs($input['name']) . '");']);
- echo '<div id="div_', Filter::escapeHtml($input['name']), '" style="position:absolute;visibility:hidden;background-color:white;"></div>';
+ echo '<div id="div_', Html::escape($input['name']), '" style="position:absolute;visibility:hidden;background-color:white;"></div>';
}
}
echo '</td></tr>';
diff --git a/search.php b/search.php
index 8cd8388656..3918a289b5 100644
--- a/search.php
+++ b/search.php
@@ -72,7 +72,7 @@ function checknames(frm) {
<?= I18N::translate('Search for') ?>
</label>
<div class="value">
- <input id="query" type="text" name="query" value="<?= Filter::escapeHtml($controller->query) ?>" size="30" autofocus>
+ <input id="query" type="text" name="query" value="<?= Html::escape($controller->query) ?>" size="30" autofocus>
<?= FunctionsPrint::printSpecialCharacterLink('query') ?>
</div>
<div class="label">
@@ -152,13 +152,13 @@ function checknames(frm) {
<?= I18N::translate('Search for') ?>
</div>
<div class="value">
- <input name="query" value="<?= Filter::escapeHtml($controller->query) ?>" type="text" autofocus>
+ <input name="query" value="<?= Html::escape($controller->query) ?>" type="text" autofocus>
</div>
<div class="label">
<?= I18N::translate('Replace with') ?>
</div>
<div class="value">
- <input name="replace" value="<?= Filter::escapeHtml($controller->replace) ?>" type="text">
+ <input name="replace" value="<?= Html::escape($controller->replace) ?>" type="text">
</div>
<script>
function checkAll(box) {
@@ -226,25 +226,25 @@ function checknames(frm) {
<?= I18N::translate('Given name') ?>
</label>
<div class="value">
- <input type="text" data-autocomplete-type="GIVN" name="firstname" id="firstname" value="<?= Filter::escapeHtml($controller->firstname) ?>" autofocus>
+ <input type="text" data-autocomplete-type="GIVN" name="firstname" id="firstname" value="<?= Html::escape($controller->firstname) ?>" autofocus>
</div>
<label class="label" for="lastname">
<?= I18N::translate('Surname') ?>
</label>
<div class="value">
- <input type="text" data-autocomplete-type="SURN" name="lastname" id="lastname" value="<?= Filter::escapeHtml($controller->lastname) ?>">
+ <input type="text" data-autocomplete-type="SURN" name="lastname" id="lastname" value="<?= Html::escape($controller->lastname) ?>">
</div>
<label class="label" for="place">
<?= I18N::translate('Place') ?>
</label>
<div class="value">
- <input type="text" data-autocomplete-type="PLAC2" name="place" id="place" value="<?= Filter::escapeHtml($controller->place) ?>">
+ <input type="text" data-autocomplete-type="PLAC2" name="place" id="place" value="<?= Html::escape($controller->place) ?>">
</div>
<label class="label" for="year">
<?= I18N::translate('Year') ?>
</label>
<div class="value"
- ><input type="text" name="year" id="year" value="<?= Filter::escapeHtml($controller->year) ?>">
+ ><input type="text" name="year" id="year" value="<?= Html::escape($controller->year) ?>">
</div>
<div class="label">
<?= I18N::translate('Phonetic algorithm') ?>
diff --git a/search_advanced.php b/search_advanced.php
index 375d808cd7..53d2eb0eac 100644
--- a/search_advanced.php
+++ b/search_advanced.php
@@ -147,7 +147,7 @@ echo '</script>';
$currentFieldSearch = $controller->getField($i); // Get this field’s name and the search criterion
$currentField = substr($currentFieldSearch, 0, strrpos($currentFieldSearch, ':')); // Get the actual field name
?>
- <input type="text" id="value<?= $i ?>" name="values[<?= $i ?>]" value="<?= Filter::escapeHtml($controller->getValue($i)) ?>"<?= substr($controller->getField($i), -4) == 'PLAC' ? 'data-autocomplete-type="PLAC"' : '' ?>>
+ <input type="text" id="value<?= $i ?>" name="values[<?= $i ?>]" value="<?= Html::escape($controller->getValue($i)) ?>"<?= substr($controller->getField($i), -4) == 'PLAC' ? 'data-autocomplete-type="PLAC"' : '' ?>>
<?php if (preg_match('/^NAME:/', $currentFieldSearch) > 0) { ?>
<select name="fields[<?= $i ?>]">
<option value="<?= $currentField ?>:EXACT" <?php if (preg_match('/:EXACT$/', $currentFieldSearch) > 0) echo 'selected' ?>><?= I18N::translate('Exact') ?></option>
diff --git a/setup.php b/setup.php
index 5fe02d9941..09c4e67d1e 100644
--- a/setup.php
+++ b/setup.php
@@ -275,19 +275,19 @@ if (empty($_POST['dbuser']) || !Database::isConnected() || !$db_version_ok) {
'<fieldset><legend>', I18N::translate('Database connection'), '</legend>',
'<table border="0"><tr><td>',
I18N::translate('Server name'), '</td><td>',
- '<input type="text" name="dbhost" value="', Filter::escapeHtml($_POST['dbhost']), '" dir="ltr" required></td><td>',
+ '<input type="text" name="dbhost" value="', Html::escape($_POST['dbhost']), '" dir="ltr" required></td><td>',
I18N::translate('Most sites are configured to use localhost. This means that your database runs on the same computer as your web server.'),
'</td></tr><tr><td>',
I18N::translate('Port number'), '</td><td>',
- '<input type="text" name="dbport" value="', Filter::escapeHtml($_POST['dbport']), '" required></td><td>',
+ '<input type="text" name="dbport" value="', Html::escape($_POST['dbport']), '" required></td><td>',
I18N::translate('Most sites are configured to use the default value of 3306.'),
'</td></tr><tr><td>',
I18N::translate('Database user account'), '</td><td>',
- '<input type="text" name="dbuser" value="', Filter::escapeHtml($_POST['dbuser']), '" autofocus required></td><td>',
+ '<input type="text" name="dbuser" value="', Html::escape($_POST['dbuser']), '" autofocus required></td><td>',
I18N::translate('This is case sensitive.'),
'</td></tr><tr><td>',
I18N::translate('Database password'), '</td><td>',
- '<input type="password" name="dbpass" value="', Filter::escapeHtml($_POST['dbpass']), '" required></td><td>',
+ '<input type="password" name="dbpass" value="', Html::escape($_POST['dbpass']), '" required></td><td>',
I18N::translate('This is case sensitive.'),
'</td></tr><tr><td>',
'</td></tr></table>',
@@ -299,10 +299,10 @@ if (empty($_POST['dbuser']) || !Database::isConnected() || !$db_version_ok) {
return;
} else {
// Copy these values through to the next step
- echo '<input type="hidden" name="dbhost" value="', Filter::escapeHtml($_POST['dbhost']), '">';
- echo '<input type="hidden" name="dbport" value="', Filter::escapeHtml($_POST['dbport']), '">';
- echo '<input type="hidden" name="dbuser" value="', Filter::escapeHtml($_POST['dbuser']), '">';
- echo '<input type="hidden" name="dbpass" value="', Filter::escapeHtml($_POST['dbpass']), '">';
+ echo '<input type="hidden" name="dbhost" value="', Html::escape($_POST['dbhost']), '">';
+ echo '<input type="hidden" name="dbport" value="', Html::escape($_POST['dbport']), '">';
+ echo '<input type="hidden" name="dbuser" value="', Html::escape($_POST['dbuser']), '">';
+ echo '<input type="hidden" name="dbpass" value="', Html::escape($_POST['dbpass']), '">';
}
////////////////////////////////////////////////////////////////////////////////
@@ -370,11 +370,11 @@ if (!$dbname_ok) {
'<fieldset><legend>', I18N::translate('Database name'), '</legend>',
'<table border="0"><tr><td>',
I18N::translate('Database name'), '</td><td>',
- '<input type="text" name="dbname" value="', Filter::escapeHtml($_POST['dbname']), '" autofocus required></td><td>',
+ '<input type="text" name="dbname" value="', Html::escape($_POST['dbname']), '" autofocus required></td><td>',
I18N::translate('This is case sensitive. If a database with this name does not already exist webtrees will attempt to create one for you. Success will depend on permissions set for your web server, but you will be notified if this fails.'),
'</td></tr><tr><td>',
I18N::translate('Table prefix'), '</td><td>',
- '<input type="text" name="tblpfx" value="', Filter::escapeHtml($_POST['tblpfx']), '"></td><td>',
+ '<input type="text" name="tblpfx" value="', Html::escape($_POST['tblpfx']), '"></td><td>',
I18N::translate('The prefix is optional, but recommended. By giving the table names a unique prefix you can let several different applications share the same database. “wt_” is suggested, but can be anything you want.'),
'</td></tr></table>',
'</fieldset>',
@@ -385,8 +385,8 @@ if (!$dbname_ok) {
return;
} else {
// Copy these values through to the next step
- echo '<input type="hidden" name="dbname" value="', Filter::escapeHtml($_POST['dbname']), '">';
- echo '<input type="hidden" name="tblpfx" value="', Filter::escapeHtml($_POST['tblpfx']), '">';
+ echo '<input type="hidden" name="dbname" value="', Html::escape($_POST['dbname']), '">';
+ echo '<input type="hidden" name="tblpfx" value="', Html::escape($_POST['tblpfx']), '">';
}
////////////////////////////////////////////////////////////////////////////////
@@ -423,22 +423,22 @@ if (empty($_POST['wtname']) || empty($_POST['wtuser']) || strlen($_POST['wtpass'
'<fieldset><legend>', I18N::translate('Administrator account'), '</legend>',
'<table border="0"><tr><td>',
I18N::translate('Your name'), '</td><td>',
- '<input type="text" name="wtname" value="', Filter::escapeHtml($_POST['wtname']), '" autofocus required></td><td>',
+ '<input type="text" name="wtname" value="', Html::escape($_POST['wtname']), '" autofocus required></td><td>',
I18N::translate('This is your real name, as you would like it displayed on screen.'),
'</td></tr><tr><td>',
I18N::translate('Username'), '</td><td>',
- '<input type="text" name="wtuser" value="', Filter::escapeHtml($_POST['wtuser']), '" required></td><td>',
+ '<input type="text" name="wtuser" value="', Html::escape($_POST['wtuser']), '" required></td><td>',
I18N::translate('You will use this to sign in to webtrees.'),
'</td></tr><tr><td>',
I18N::translate('Password'), '</td><td>',
- '<input type="password" name="wtpass" value="', Filter::escapeHtml($_POST['wtpass']), '" required></td><td>',
+ '<input type="password" name="wtpass" value="', Html::escape($_POST['wtpass']), '" required></td><td>',
I18N::translate('This must be at least six characters long. It is case-sensitive.'),
'</td></tr><tr><td></td><td>',
- '<input type="password" name="wtpass2" value="', Filter::escapeHtml($_POST['wtpass2']), '" required></td><td>',
+ '<input type="password" name="wtpass2" value="', Html::escape($_POST['wtpass2']), '" required></td><td>',
I18N::translate('Type your password again, to make sure you have typed it correctly.'),
'</td></tr><tr><td>',
I18N::translate('Email address'), '</td><td>',
- '<input type="email" name="wtemail" value="', Filter::escapeHtml($_POST['wtemail']), '" required></td><td>',
+ '<input type="email" name="wtemail" value="', Html::escape($_POST['wtemail']), '" required></td><td>',
I18N::translate('This email address will be used to send password reminders, website notifications, and messages from other family members who are registered on the website.'),
'</td></tr><tr><td>',
'</td></tr></table>',
@@ -450,11 +450,11 @@ if (empty($_POST['wtname']) || empty($_POST['wtuser']) || strlen($_POST['wtpass'
return;
} else {
// Copy these values through to the next step
- echo '<input type="hidden" name="wtname" value="', Filter::escapeHtml($_POST['wtname']), '">';
- echo '<input type="hidden" name="wtuser" value="', Filter::escapeHtml($_POST['wtuser']), '">';
- echo '<input type="hidden" name="wtpass" value="', Filter::escapeHtml($_POST['wtpass']), '">';
- echo '<input type="hidden" name="wtpass2" value="', Filter::escapeHtml($_POST['wtpass2']), '">';
- echo '<input type="hidden" name="wtemail" value="', Filter::escapeHtml($_POST['wtemail']), '">';
+ echo '<input type="hidden" name="wtname" value="', Html::escape($_POST['wtname']), '">';
+ echo '<input type="hidden" name="wtuser" value="', Html::escape($_POST['wtuser']), '">';
+ echo '<input type="hidden" name="wtpass" value="', Html::escape($_POST['wtpass']), '">';
+ echo '<input type="hidden" name="wtpass2" value="', Html::escape($_POST['wtpass2']), '">';
+ echo '<input type="hidden" name="wtemail" value="', Html::escape($_POST['wtemail']), '">';
}
////////////////////////////////////////////////////////////////////////////////
diff --git a/site-unavailable.php b/site-unavailable.php
index 63ceb29a42..174aa566f3 100644
--- a/site-unavailable.php
+++ b/site-unavailable.php
@@ -38,7 +38,7 @@ header('Content-Type: text/html; charset=UTF-8');
$messages = '';
if (Filter::get('message')) {
$messages .=
- '<blockquote>' . Filter::escapeHtml(Filter::get('message')) . '</blockquote>';
+ '<blockquote>' . Html::escape(Filter::get('message')) . '</blockquote>';
}
// If we can't connect to the database at all, give the reason why
diff --git a/statisticsplot.php b/statisticsplot.php
index 741f23d510..4b7cbb4b86 100644
--- a/statisticsplot.php
+++ b/statisticsplot.php
@@ -684,7 +684,7 @@ function my_plot($chart_title, $xdata, $xtitle, $ydata, $ytitle, $legend) {
$imgurl .= rawurlencode($data);
}
}
- echo '<img src="', $imgurl, '" width="950" height="300" alt="', Filter::escapeHtml($chart_title), '">';
+ echo '<img src="', $imgurl, '" width="950" height="300" alt="', Html::escape($chart_title), '">';
}
/**
diff --git a/timeline.php b/timeline.php
index d89b76655a..234a05befb 100644
--- a/timeline.php
+++ b/timeline.php
@@ -399,7 +399,7 @@ $controller
<a href="<?= $indi->getHtmlUrl() ?>"> <?= $indi->getFullName() ?><br>
<?= $indi->getAddName() ?><br>
</a>
- <input type="hidden" name="pids[<?= $p ?>]" value="<?= Filter::escapeHtml($pid) ?>">
+ <input type="hidden" name="pids[<?= $p ?>]" value="<?= Html::escape($pid) ?>">
<a href="timeline.php?<?= $controller->pidlinks ?>&amp;scale=<?= $controller->scale ?>&amp;remove=<?= $pid ?>&amp;ged=<?= $controller->tree()->getNameUrl() ?>">
<span class="details1"><?= I18N::translate('Remove individual') ?></span></a>
<?php if (!empty($controller->birthyears[$pid])) { ?>
@@ -414,7 +414,7 @@ $controller
} else {
echo '<div class="error">', I18N::translate('This information is private and cannot be shown.'), '</div>';
?>
- <input type="hidden" name="pids[<?= $p ?>]" value="<?= Filter::escapeHtml($pid) ?>">
+ <input type="hidden" name="pids[<?= $p ?>]" value="<?= Html::escape($pid) ?>">
<br>
<a href="timeline.php?<?= $controller->pidlinks ?>&amp;scale=<?= $controller->scale ?>&amp;remove=<?= $pid ?>&amp;ged=<?= $controller->tree()->getNameUrl() ?>">
<span class="details1"><?= I18N::translate('Remove individual') ?></span></a>