From cc5ab399cc3c8f78158c8e3027cb0ecf038648dc Mon Sep 17 00:00:00 2001 From: Greg Roach Date: Tue, 11 Jul 2017 11:52:56 +0100 Subject: Prepare to remove class Filter --- addmedia.php | 6 +-- admin.php | 16 ++++---- admin_media.php | 18 ++++----- admin_media_upload.php | 2 +- admin_pgv_to_wt.php | 4 +- admin_site_change.php | 10 ++--- admin_site_clean.php | 14 +++---- admin_site_config.php | 38 +++++++++---------- admin_site_info.php | 4 +- admin_site_logs.php | 18 ++++----- admin_site_merge.php | 6 +-- admin_site_upgrade.php | 4 +- admin_trees_config.php | 28 +++++++------- admin_trees_download.php | 4 +- admin_trees_manage.php | 16 ++++---- admin_trees_places.php | 8 ++-- admin_users.php | 26 ++++++------- app/Bootstrap4.php | 8 ++-- app/Controller/BranchesController.php | 3 +- app/Controller/FamilyBookController.php | 2 +- app/Controller/IndividualController.php | 5 ++- app/Controller/IndividualListController.php | 5 ++- app/Controller/TimelineController.php | 3 +- app/Database.php | 2 +- app/Fact.php | 4 +- app/Filter.php | 7 +--- app/FontAwesome.php | 1 + app/Functions/FunctionsEdit.php | 27 ++++++------- app/Functions/FunctionsPrint.php | 3 +- app/Functions/FunctionsPrintFacts.php | 39 +++++++++---------- app/Functions/FunctionsPrintLists.php | 32 ++++++++-------- app/GedcomRecord.php | 4 +- app/GedcomTag.php | 2 +- app/Html.php | 2 +- app/Individual.php | 2 +- app/Media.php | 4 +- app/Menu.php | 6 +-- .../BatchUpdate/BatchUpdateSearchReplacePlugin.php | 5 ++- app/Module/BatchUpdateModule.php | 7 ++-- app/Module/CensusAssistantModule.php | 12 +++--- app/Module/ClippingsCartModule.php | 8 ++-- app/Module/FamiliesSidebarModule.php | 2 +- app/Module/FamilyTreeNewsModule.php | 4 +- app/Module/FamilyTreeStatisticsModule.php | 2 +- app/Module/FrequentlyAskedQuestionsModule.php | 6 +-- app/Module/GoogleMapsModule.php | 23 +++++------ app/Module/HtmlBlockModule.php | 5 ++- app/Module/IndividualSidebarModule.php | 2 +- app/Module/LoggedInUsersModule.php | 2 +- app/Module/RecentChangesModule.php | 6 +-- app/Module/ResearchTaskModule.php | 3 +- app/Module/StoriesModule.php | 9 +++-- app/Module/TopSurnamesModule.php | 4 +- app/Module/UserJournalModule.php | 5 ++- app/Module/UserMessagesModule.php | 6 +-- app/Place.php | 10 ++--- app/Select2.php | 11 +++++- app/Stats.php | 10 ++--- app/Theme/AbstractTheme.php | 9 +++-- app/Tree.php | 4 +- app/User.php | 2 +- branches.php | 2 +- edit_changes.php | 6 +-- edit_interface.php | 14 +++---- editnews.php | 4 +- edituser.php | 8 ++-- famlist.php | 6 +-- indilist.php | 6 +-- individual.php | 2 +- inverselink.php | 2 +- login.php | 36 +++++++++--------- medialist.php | 2 +- message.php | 18 ++++----- placelist.php | 2 +- reportengine.php | 22 +++++------ search.php | 14 +++---- search_advanced.php | 2 +- setup.php | 44 +++++++++++----------- site-unavailable.php | 2 +- statisticsplot.php | 2 +- timeline.php | 4 +- 81 files changed, 378 insertions(+), 360 deletions(-) diff --git a/addmedia.php b/addmedia.php index 8ba9269a02..5857e62d57 100644 --- a/addmedia.php +++ b/addmedia.php @@ -310,7 +310,7 @@ if ($gedfile === 'FILE') { echo ''; echo ''; if (Auth::isManager($WT_TREE)) { - echo ''; } else { @@ -318,7 +318,7 @@ if ($gedfile === 'FILE') { } } else { echo $fileName; - echo ''; + echo ''; } echo ''; echo ''; @@ -357,7 +357,7 @@ if (!$isExternal) { echo '

', I18N::translate('This entry is ignored if you have entered a URL into the filename field.'), '

'; } } else { - echo ''; + echo ''; } echo '

', I18N::translate('If you have a large number of media files, you can organize them into folders and subfolders.'), '

'; echo ''; } else { diff --git a/admin.php b/admin.php index c0549e4cf4..7567243760 100644 --- a/admin.php +++ b/admin.php @@ -624,7 +624,7 @@ if ( - + @@ -670,7 +670,7 @@ if ( $user): ?> - real_name) ?> + real_name) ?> @@ -683,7 +683,7 @@ if ( $user): ?> - real_name) ?> + real_name) ?> @@ -696,7 +696,7 @@ if ( $user): ?> - real_name) ?> + real_name) ?> @@ -709,7 +709,7 @@ if ( $user): ?> - real_name) ?> + real_name) ?> @@ -722,7 +722,7 @@ if ( $user): ?> - real_name) ?> + real_name) ?> @@ -735,7 +735,7 @@ if ( $user): ?> - real_name) ?> + real_name) ?> @@ -895,7 +895,7 @@ if (

diff --git a/admin_media.php b/admin_media.php index 08945deee3..0932d5be16 100644 --- a/admin_media.php +++ b/admin_media.php @@ -308,7 +308,7 @@ case 'load_json': if (!$exists_pending) { foreach ($media_trees as $media_tree) { $create_form .= - '

' . I18N::translate('Create') . ' — ' . Filter::escapeHtml($media_tree) . '

'; + '

' . I18N::translate('Create') . ' — ' . Html::escape($media_tree) . '

'; } } @@ -476,7 +476,7 @@ function all_media_files($media_folder, $media_path, $subfolders, $filter) { function mediaFileInfo($media_folder, $media_path, $file) { $html = '

'; $html .= '
' . I18N::translate('Filename') . '
'; - $html .= '
' . Filter::escapeHtml($file) . '
'; + $html .= '
' . Html::escape($file) . '
'; $full_path = WT_DATA_DIR . $media_folder . $media_path . $file; try { @@ -516,7 +516,7 @@ function mediaObjectInfo(Media $media) { $html = '' . $media->getFullName() . '' . - '
' . Filter::escapeHtml($media->getNote()) . '
'; + '
' . Html::escape($media->getNote()) . '
'; $html .= '
'; @@ -624,16 +624,16 @@ echo Bootstrap4::breadcrumbs([ 1): ?> 'media_folder', 'onchange' => 'this.form.submit();']) ?> - - + + 1): ?> 'media_path', 'onchange' => 'this.form.submit();']) ?> - - + +
- +
@@ -302,7 +302,7 @@ echo Bootstrap4::breadcrumbs([
- +
@@ -318,7 +318,7 @@ echo Bootstrap4::breadcrumbs([ - + @@ -327,14 +327,14 @@ echo Bootstrap4::breadcrumbs([ - +
- +
diff --git a/admin_site_clean.php b/admin_site_clean.php index 4f68486759..57180c0ade 100644 --- a/admin_site_clean.php +++ b/admin_site_clean.php @@ -25,15 +25,15 @@ if ($to_delete && Filter::checkCsrf()) { $is_dir = is_dir(WT_DATA_DIR . $path); if (File::delete(WT_DATA_DIR . $path)) { if ($is_dir) { - FlashMessages::addMessage(I18N::translate('The folder %s has been deleted.', Filter::escapeHtml($path)), 'success'); + FlashMessages::addMessage(I18N::translate('The folder %s has been deleted.', Html::escape($path)), 'success'); } else { - FlashMessages::addMessage(I18N::translate('The file %s has been deleted.', Filter::escapeHtml($path)), 'success'); + FlashMessages::addMessage(I18N::translate('The file %s has been deleted.', Html::escape($path)), 'success'); } } else { if ($is_dir) { - FlashMessages::addMessage(I18N::translate('The folder %s could not be deleted.', Filter::escapeHtml($path)), 'danger'); + FlashMessages::addMessage(I18N::translate('The folder %s could not be deleted.', Html::escape($path)), 'danger'); } else { - FlashMessages::addMessage(I18N::translate('The file %s could not be deleted.', Filter::escapeHtml($path)), 'danger'); + FlashMessages::addMessage(I18N::translate('The file %s could not be deleted.', Html::escape($path)), 'danger'); } } } @@ -93,12 +93,12 @@ echo Bootstrap4::breadcrumbs([ ', Filter::escapeHtml($entry), ''; + echo '
  • ', Html::escape($entry), '
  • '; } else { echo '
  • '; echo '
  • '; } } diff --git a/admin_site_config.php b/admin_site_config.php index a16c7a9520..98acbce4ff 100644 --- a/admin_site_config.php +++ b/admin_site_config.php @@ -33,7 +33,7 @@ case 'site': if (File::mkdir($INDEX_DIRECTORY)) { Site::setPreference('INDEX_DIRECTORY', $INDEX_DIRECTORY); } else { - FlashMessages::addMessage(I18N::translate('The folder %s does not exist, and it could not be created.', Filter::escapeHtml($INDEX_DIRECTORY)), 'danger'); + FlashMessages::addMessage(I18N::translate('The folder %s does not exist, and it could not be created.', Html::escape($INDEX_DIRECTORY)), 'danger'); } Site::setPreference('MEMORY_LIMIT', Filter::post('MEMORY_LIMIT')); Site::setPreference('MAX_EXECUTION_TIME', Filter::post('MAX_EXECUTION_TIME')); @@ -177,7 +177,7 @@ echo Bootstrap4::breadcrumbs([
    - +

    @@ -199,7 +199,7 @@ echo Bootstrap4::breadcrumbs([
    - +

    @@ -214,7 +214,7 @@ echo Bootstrap4::breadcrumbs([

    - +

    - +

    @@ -319,7 +319,7 @@ echo Bootstrap4::breadcrumbs([

    - +

    @@ -334,7 +334,7 @@ echo Bootstrap4::breadcrumbs([
    - +

    @@ -347,7 +347,7 @@ echo Bootstrap4::breadcrumbs([
    - +

    @@ -375,7 +375,7 @@ echo Bootstrap4::breadcrumbs([
    - +

    @@ -414,7 +414,7 @@ echo Bootstrap4::breadcrumbs([
    - +

    @@ -439,7 +439,7 @@ echo Bootstrap4::breadcrumbs([
    - +

    login.php. For example, https://www.yourserver.com/webtrees/login.php .') ?>

    @@ -464,7 +464,7 @@ echo Bootstrap4::breadcrumbs([
    - +

    @@ -521,7 +521,7 @@ echo Bootstrap4::breadcrumbs([ - value="" + value="" maxlength="255" pattern="[0-9a-zA-Z+=/_:.!-]*" >

    @@ -542,7 +542,7 @@ echo Bootstrap4::breadcrumbs([ - value="" + value="" maxlength="255" pattern="[0-9a-zA-Z+=/_:.!-]*" >

    @@ -560,7 +560,7 @@ echo Bootstrap4::breadcrumbs([ Google Analytics

    - +

    @@ -575,7 +575,7 @@ echo Bootstrap4::breadcrumbs([
    - +
    @@ -585,7 +585,7 @@ echo Bootstrap4::breadcrumbs([
    - +

    @@ -600,7 +600,7 @@ echo Bootstrap4::breadcrumbs([
    - +
    @@ -610,7 +610,7 @@ echo Bootstrap4::breadcrumbs([
    - +

    diff --git a/admin_site_info.php b/admin_site_info.php index d498259580..d3dbbcada0 100644 --- a/admin_site_info.php +++ b/admin_site_info.php @@ -62,8 +62,8 @@ echo Bootstrap4::breadcrumbs([
    $value): ?> -
    -
    +
    +
    diff --git a/admin_site_logs.php b/admin_site_logs.php index da4c860e8d..3991c76669 100644 --- a/admin_site_logs.php +++ b/admin_site_logs.php @@ -155,11 +155,11 @@ case 'load_json': // This becomes a JSON list, not array, so need to fetch with numeric keys. $data = Database::prepare($sql_select . $where . $order_by . $limit)->execute($args)->fetchAll(PDO::FETCH_NUM); foreach ($data as &$datum) { - $datum[2] = Filter::escapeHtml($datum[2]); - $datum[3] = '' . Filter::escapeHtml($datum[3]) . ''; - $datum[4] = '' . Filter::escapeHtml($datum[4]) . ''; - $datum[5] = '' . Filter::escapeHtml($datum[5]) . ''; - $datum[6] = '' . Filter::escapeHtml($datum[6]) . ''; + $datum[2] = Html::escape($datum[2]); + $datum[3] = '' . Html::escape($datum[3]) . ''; + $datum[4] = '' . Html::escape($datum[4]) . ''; + $datum[5] = '' . Html::escape($datum[5]) . ''; + $datum[6] = '' . Html::escape($datum[6]) . ''; } // Total filtered/unfiltered rows @@ -239,7 +239,7 @@ echo Bootstrap4::breadcrumbs([
    - +
    @@ -249,7 +249,7 @@ echo Bootstrap4::breadcrumbs([
    - +
    @@ -265,7 +265,7 @@ echo Bootstrap4::breadcrumbs([ - +
    @@ -274,7 +274,7 @@ echo Bootstrap4::breadcrumbs([ - +
    diff --git a/admin_site_merge.php b/admin_site_merge.php index acae4be0ac..b8062e957d 100644 --- a/admin_site_merge.php +++ b/admin_site_merge.php @@ -217,7 +217,7 @@ echo Bootstrap4::breadcrumbs([ -
    getGedcom()) ?>
    +
    getGedcom()) ?>
    getTarget()): ?> getTarget()->getFullName() ?> @@ -264,7 +264,7 @@ echo Bootstrap4::breadcrumbs([ -
    getGedcom()) ?>
    +
    getGedcom()) ?>
    getTarget()): ?>
    getTarget()->getFullName() ?> @@ -310,7 +310,7 @@ echo Bootstrap4::breadcrumbs([ -
    getGedcom()) ?>
    +
    getGedcom()) ?>
    getTarget()): ?>
    getTarget()->getFullName() ?> diff --git a/admin_site_upgrade.php b/admin_site_upgrade.php index 21577277f9..224438dd3a 100644 --- a/admin_site_upgrade.php +++ b/admin_site_upgrade.php @@ -141,7 +141,7 @@ if ($custom_modules) { if ($modules_action != 'ignore') { echo '
    ', I18N::translate('No custom modules are enabled.'), $icon_success; } - echo ''; + echo ''; } echo ''; @@ -205,7 +205,7 @@ if ($custom_themes) { if ($themes_action != 'ignore') { echo '
    ', I18N::translate('No custom themes are enabled.'), $icon_success; } - echo ''; + echo ''; } echo ''; diff --git a/admin_trees_config.php b/admin_trees_config.php index aa85aed64f..01658ce413 100644 --- a/admin_trees_config.php +++ b/admin_trees_config.php @@ -367,7 +367,7 @@ echo Bootstrap4::breadcrumbs([ maxlength="5" name="MAX_ALIVE_AGE" type="text" - value="getPreference('MAX_ALIVE_AGE')) ?>" + value="getPreference('MAX_ALIVE_AGE')) ?>" >

    @@ -558,7 +558,7 @@ echo Bootstrap4::breadcrumbs([ name="title" required type="text" - value="getPreference('title')) ?>" + value="getPreference('title')) ?>" >

    @@ -803,7 +803,7 @@ echo Bootstrap4::breadcrumbs([ name="WEBTREES_EMAIL" required type="email" - value="getPreference('WEBTREES_EMAIL')) ?>" + value="getPreference('WEBTREES_EMAIL')) ?>" >


    webtrees can automatically create emails to notify administrators of changes that need to be reviewed. webtrees also sends notification emails to users who have requested an account.

    Usually, the “From:” field of these automatically created emails is something like From: webtrees-noreply@yoursite to show that no response to the email is required. To guard against spam or other email abuse, some email systems require each message’s “From:” field to reflect a valid email account and will not accept messages that are apparently from account webtrees-noreply.') ?> @@ -822,7 +822,7 @@ echo Bootstrap4::breadcrumbs([ @@ -844,7 +844,7 @@ echo Bootstrap4::breadcrumbs([ @@ -869,7 +869,7 @@ echo Bootstrap4::breadcrumbs([ maxlength="255" name="META_TITLE" type="text" - value="getPreference('META_TITLE')) ?>" + value="getPreference('META_TITLE')) ?>" >

    @@ -889,7 +889,7 @@ echo Bootstrap4::breadcrumbs([ maxlength="255" name="META_DESCRIPTION" type="text" - value="getPreference('META_DESCRIPTION')) ?>" + value="getPreference('META_DESCRIPTION')) ?>" >

    @@ -945,7 +945,7 @@ echo Bootstrap4::breadcrumbs([ maxlength="255" name="MEDIA_DIRECTORY" type="text" - value="getPreference('MEDIA_DIRECTORY')) ?>" + value="getPreference('MEDIA_DIRECTORY')) ?>" >

    @@ -1075,7 +1075,7 @@ echo Bootstrap4::breadcrumbs([ name="SUBLIST_TRIGGER_I" required type="text" - value="getPreference('SUBLIST_TRIGGER_I')) ?>" + value="getPreference('SUBLIST_TRIGGER_I')) ?>" >


    This option determines when sub-listing of surnames will occur. To disable sub-listing completely, set this option to zero.') ?> @@ -1142,7 +1142,7 @@ echo Bootstrap4::breadcrumbs([ name="DEFAULT_PEDIGREE_GENERATIONS" required type="text" - value="getPreference('DEFAULT_PEDIGREE_GENERATIONS')) ?>" + value="getPreference('DEFAULT_PEDIGREE_GENERATIONS')) ?>" >

    @@ -1162,7 +1162,7 @@ echo Bootstrap4::breadcrumbs([ maxlength="5" name="MAX_PEDIGREE_GENERATIONS" type="text" - value="getPreference('MAX_PEDIGREE_GENERATIONS')) ?>" + value="getPreference('MAX_PEDIGREE_GENERATIONS')) ?>" >

    @@ -1182,7 +1182,7 @@ echo Bootstrap4::breadcrumbs([ maxlength="5" name="MAX_DESCENDANCY_GENERATIONS" type="text" - value="getPreference('MAX_DESCENDANCY_GENERATIONS')) ?>" + value="getPreference('MAX_DESCENDANCY_GENERATIONS')) ?>" >

    @@ -1249,7 +1249,7 @@ echo Bootstrap4::breadcrumbs([ maxlength="255" name="CHART_BOX_TAGS" type="text" - value="getPreference('CHART_BOX_TAGS')) ?>" + value="getPreference('CHART_BOX_TAGS')) ?>" >

    diff --git a/admin_trees_manage.php b/admin_trees_manage.php index abe665ced2..323bc2f9b1 100644 --- a/admin_trees_manage.php +++ b/admin_trees_manage.php @@ -69,10 +69,10 @@ case 'new_tree': if (Filter::checkCsrf() && $basename && $tree_title) { if (Tree::findByName($basename)) { - FlashMessages::addMessage(/* I18N: %s is the name of a family tree */ I18N::translate('The family tree “%s” already exists.', Filter::escapeHtml($basename)), 'danger'); + FlashMessages::addMessage(/* I18N: %s is the name of a family tree */ I18N::translate('The family tree “%s” already exists.', Html::escape($basename)), 'danger'); } else { Tree::create($basename, $tree_title); - FlashMessages::addMessage(/* I18N: %s is the name of a family tree */ I18N::translate('The family tree “%s” has been created.', Filter::escapeHtml($basename)), 'success'); + FlashMessages::addMessage(/* I18N: %s is the name of a family tree */ I18N::translate('The family tree “%s” has been created.', Html::escape($basename)), 'success'); } } header('Location: admin_trees_manage.php?ged=' . Filter::escapeUrl($basename)); @@ -140,7 +140,7 @@ case 'synchronize': if ($tree->getPreference('filemtime') != $filemtime) { $tree->importGedcomFile($gedcom_file, $basename); $tree->setPreference('filemtime', $filemtime); - FlashMessages::addMessage(I18N::translate('The GEDCOM file “%s” has been imported.', Filter::escapeHtml($basename)), 'success'); + FlashMessages::addMessage(I18N::translate('The GEDCOM file “%s” has been imported.', Html::escape($basename)), 'success'); } } @@ -192,9 +192,9 @@ case 'importform':

    getTitleHtml()) ?>

    -
    + - +
    @@ -241,11 +241,11 @@ case 'importform': echo ''; sort($files); foreach ($files as $gedcom_file) { - echo ''; + echo'>', Html::escape($gedcom_file), ''; } if (empty($files)) { echo ''; @@ -291,7 +291,7 @@ case 'importform': maxlength="255" name="GEDCOM_MEDIA_PATH" type="text" - value="getPreference('GEDCOM_MEDIA_PATH')) ?>" + value="getPreference('GEDCOM_MEDIA_PATH')) ?>" >

    diff --git a/admin_trees_places.php b/admin_trees_places.php index 0234978dbc..3470e882a2 100644 --- a/admin_trees_places.php +++ b/admin_trees_places.php @@ -94,9 +94,9 @@ echo Bootstrap4::breadcrumbs([

    -
    +
    -
    +
    @@ -110,9 +110,9 @@ echo Bootstrap4::breadcrumbs([
      $new_place) { ?>
    • - + → - +
    diff --git a/admin_users.php b/admin_users.php index 5942c2f049..7d47639589 100644 --- a/admin_users.php +++ b/admin_users.php @@ -212,13 +212,13 @@ case 'load_json': $datum[0] = '
    '; // $datum[1] is the user ID // $datum[3] is the real name - $datum[3] = '' . Filter::escapeHtml($datum[3]) . ''; + $datum[3] = '' . Html::escape($datum[3]) . ''; // $datum[4] is the email address if ($user_id != Auth::id()) { - $datum[4] = '' . Filter::escapeHtml($datum[4]) . ''; + $datum[4] = '' . Html::escape($datum[4]) . ''; } // $datum[2] is the username - $datum[2] = '' . Filter::escapeHtml($datum[2]) . ''; + $datum[2] = '' . Html::escape($datum[2]) . ''; // $datum[5] is the langauge if (array_key_exists($datum[5], $installed_languages)) { $datum[5] = $installed_languages[$datum[5]]; @@ -305,7 +305,7 @@ case 'edit':
    - +

    @@ -318,7 +318,7 @@ case 'edit':
    - +

    @@ -354,7 +354,7 @@ case 'edit':
    - +

    @@ -488,7 +488,7 @@ case 'edit':
    - +
    @@ -616,12 +616,12 @@ case 'edit': @@ -693,7 +693,7 @@ case 'cleanup': - getUserName()) ?> + getUserName()) ?> — getRealNameHtml() ?> @@ -717,7 +717,7 @@ case 'cleanup': - getUserName()) ?> + getUserName()) ?> — getRealNameHtml() ?> @@ -741,7 +741,7 @@ case 'cleanup': - getUserName()) ?> + getUserName()) ?> — getRealNameHtml() ?> @@ -774,7 +774,7 @@ case 'cleanup2': if (Filter::post('del_' . $user->getUserId()) == '1') { Log::addAuthenticationLog('Deleted user: ' . $user->getUserName()); $user->delete(); - I18N::translate('The user %s has been deleted.', Filter::escapeHtml($user->getUserName())); + I18N::translate('The user %s has been deleted.', Html::escape($user->getUserName())); } } diff --git a/app/Bootstrap4.php b/app/Bootstrap4.php index 4e101a1fcc..1f17843033 100644 --- a/app/Bootstrap4.php +++ b/app/Bootstrap4.php @@ -81,7 +81,7 @@ class Bootstrap4 extends Html { return '
    ' . '' . '
    '; } @@ -122,7 +122,7 @@ class Bootstrap4 extends Html { $html .= '
    ' . '' . '
    '; } @@ -147,7 +147,7 @@ class Bootstrap4 extends Html { 'selected' => (string) $value === (string) $selected, ]); - $html .= ''; + $html .= ''; } if (empty($attributes['class'])) { @@ -178,7 +178,7 @@ class Bootstrap4 extends Html { 'selected' => in_array((string) $value, $selected), ]); - $html .= ''; + $html .= ''; } if (empty($attributes['class'])) { diff --git a/app/Controller/BranchesController.php b/app/Controller/BranchesController.php index 42f95e5be3..65863959a7 100644 --- a/app/Controller/BranchesController.php +++ b/app/Controller/BranchesController.php @@ -20,6 +20,7 @@ use Fisharebest\Webtrees\Database; use Fisharebest\Webtrees\Family; use Fisharebest\Webtrees\Filter; use Fisharebest\Webtrees\GedcomCode\GedcomCodePedi; +use Fisharebest\Webtrees\Html; use Fisharebest\Webtrees\I18N; use Fisharebest\Webtrees\Individual; use Fisharebest\Webtrees\Soundex; @@ -55,7 +56,7 @@ class BranchesController extends PageController { if ($this->surname !== '') { $this->setPageTitle(/* I18N: %s is a surname */ - I18N::translate('Branches of the %s family', Filter::escapeHtml($this->surname))); + I18N::translate('Branches of the %s family', Html::escape($this->surname))); $this->loadIndividuals(); $self = Individual::getInstance($this->tree()->getUserPreference(Auth::user(), 'gedcomid'), $this->tree()); if ($self) { diff --git a/app/Controller/FamilyBookController.php b/app/Controller/FamilyBookController.php index 4f205987b1..bf50bced2b 100644 --- a/app/Controller/FamilyBookController.php +++ b/app/Controller/FamilyBookController.php @@ -269,7 +269,7 @@ class FamilyBookController extends ChartController { if ($genoffset > $count) { echo ''; for ($i = 1; $i < (pow(2, ($genoffset) - $count) / 2); $i++) { - $this->printEmptyBox($this->getBoxDimensions()->width, $this->getBoxDimensions()->height); + $this->printEmptyBox(); echo ''; } echo '
    '; diff --git a/app/Controller/IndividualController.php b/app/Controller/IndividualController.php index dc45e2aabe..7bb255acc5 100644 --- a/app/Controller/IndividualController.php +++ b/app/Controller/IndividualController.php @@ -24,6 +24,7 @@ use Fisharebest\Webtrees\Functions\FunctionsPrint; use Fisharebest\Webtrees\Functions\FunctionsPrintFacts; use Fisharebest\Webtrees\GedcomCode\GedcomCodeName; use Fisharebest\Webtrees\GedcomTag; +use Fisharebest\Webtrees\Html; use Fisharebest\Webtrees\I18N; use Fisharebest\Webtrees\Individual; use Fisharebest\Webtrees\Menu; @@ -159,7 +160,7 @@ class IndividualController extends GedcomRecordController { echo '
    ', GedcomTag::getLabel($tag, $this->record), '
    '; echo '
    '; // Before using dir="auto" on this field, note that Gecko treats this as an inline element but WebKit treats it as a block element if (isset($nmatch[$i][2])) { - $name = Filter::escapeHtml($nmatch[$i][2]); + $name = Html::escape($nmatch[$i][2]); $name = str_replace('/', '', $name); $name = preg_replace('/(\S*)\*/', '\\1', $name); switch ($tag) { @@ -169,7 +170,7 @@ class IndividualController extends GedcomRecordController { case 'SURN': // The SURN field is not necessarily the surname. // Where it is not a substring of the real surname, show it after the real surname. - $surname = Filter::escapeHtml($dummy->getAllNames()[0]['surname']); + $surname = Html::escape($dummy->getAllNames()[0]['surname']); if (strpos($dummy->getAllNames()[0]['surname'], str_replace(',', ' ', $nmatch[$i][2])) !== false) { echo '' . $surname . ''; } else { diff --git a/app/Controller/IndividualListController.php b/app/Controller/IndividualListController.php index 854aba88aa..8510107ad0 100644 --- a/app/Controller/IndividualListController.php +++ b/app/Controller/IndividualListController.php @@ -18,6 +18,7 @@ namespace Fisharebest\Webtrees\Controller; use Fisharebest\Webtrees\Database; use Fisharebest\Webtrees\Family; use Fisharebest\Webtrees\Filter; +use Fisharebest\Webtrees\Html; use Fisharebest\Webtrees\I18N; use Fisharebest\Webtrees\Individual; @@ -541,7 +542,7 @@ class IndividualListController extends PageController { return I18N::translateContext('Unknown given name', '…'); break; default: - return Filter::escapeHtml($initial); + return Html::escape($initial); break; } } @@ -562,7 +563,7 @@ class IndividualListController extends PageController { return I18N::translate('None'); break; default: - return Filter::escapeHtml($initial); + return Html::escape($initial); break; } } diff --git a/app/Controller/TimelineController.php b/app/Controller/TimelineController.php index 11f5134a26..8251965429 100644 --- a/app/Controller/TimelineController.php +++ b/app/Controller/TimelineController.php @@ -22,6 +22,7 @@ use Fisharebest\Webtrees\Family; use Fisharebest\Webtrees\Filter; use Fisharebest\Webtrees\Functions\FunctionsDate; use Fisharebest\Webtrees\Functions\FunctionsPrint; +use Fisharebest\Webtrees\Html; use Fisharebest\Webtrees\I18N; use Fisharebest\Webtrees\Individual; use Fisharebest\Webtrees\Theme; @@ -232,7 +233,7 @@ class TimelineController extends PageController { echo ' ', I18N::translate('Age'), ' ', $ageh, ''; } } - echo ' ' . Filter::escapeHtml($desc); + echo ' ' . Html::escape($desc); if (!$event->getPlace()->isEmpty()) { echo ' — ' . $event->getPlace()->getShortName(); } diff --git a/app/Database.php b/app/Database.php index 2bec6df3b0..abb2585bcc 100644 --- a/app/Database.php +++ b/app/Database.php @@ -146,7 +146,7 @@ class Database { unset($trace[$n]); } } - $stack = '' . (count(self::$log) + 1) . ''; + $stack = '' . (count(self::$log) + 1) . ''; // Bind variables foreach ($bind_variables as $key => $value) { if (is_null($value)) { diff --git a/app/Fact.php b/app/Fact.php index 5839520201..68f406323a 100644 --- a/app/Fact.php +++ b/app/Fact.php @@ -266,7 +266,7 @@ class Fact { case 'FACT': if ($this->getAttribute('TYPE') !== '') { // Custom FACT/EVEN - with a TYPE - return I18N::translate(Filter::escapeHtml($this->getAttribute('TYPE'))); + return I18N::translate(Html::escape($this->getAttribute('TYPE'))); } // no break - drop into next case default: @@ -383,7 +383,7 @@ class Fact { // Fact value $value = $this->getValue(); if ($value !== '' && $value !== 'Y') { - $attributes[] = '' . Filter::escapeHtml($value) . ''; + $attributes[] = '' . Html::escape($value) . ''; } // Fact date $date = $this->getDate(); diff --git a/app/Filter.php b/app/Filter.php index b4491cf7a8..152a7b3627 100644 --- a/app/Filter.php +++ b/app/Filter.php @@ -38,12 +38,7 @@ class Filter { * @return string */ public static function escapeHtml($string) { - if (defined('ENT_SUBSTITUTE')) { - // PHP5.4 allows us to substitute invalid UTF8 sequences - return htmlspecialchars($string, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); - } else { - return htmlspecialchars($string, ENT_QUOTES, 'UTF-8'); - } + return htmlspecialchars($string, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); } /** diff --git a/app/FontAwesome.php b/app/FontAwesome.php index dc14073fba..61178f11aa 100644 --- a/app/FontAwesome.php +++ b/app/FontAwesome.php @@ -38,6 +38,7 @@ class FontAwesome extends Html { 'keyboard' => 'fa fa-keyboard-o wt-icon-keyboard', 'pin' => 'fa fa-thumb-tack wt-icon-pin', 'preferences' => 'fa fa-wrench wt-icon-preferences', + 'search' => 'fa fa-search wt-icon-search', 'save' => 'fa fa-check wt-icon-save', 'warning' => 'fa fa-warning wt-icon-warning', // Arrows (start/end variants require fontawesome-rtl library) diff --git a/app/Functions/FunctionsEdit.php b/app/Functions/FunctionsEdit.php index caf8981d17..35d62203fd 100644 --- a/app/Functions/FunctionsEdit.php +++ b/app/Functions/FunctionsEdit.php @@ -41,6 +41,7 @@ use Fisharebest\Webtrees\GedcomCode\GedcomCodeStat; use Fisharebest\Webtrees\GedcomCode\GedcomCodeTemp; use Fisharebest\Webtrees\GedcomRecord; use Fisharebest\Webtrees\GedcomTag; +use Fisharebest\Webtrees\Html; use Fisharebest\Webtrees\I18N; use Fisharebest\Webtrees\Individual; use Fisharebest\Webtrees\Media; @@ -683,11 +684,11 @@ class FunctionsEdit { } } } elseif ($fact === 'NPFX' || $fact === 'NSFX' || $fact === 'SPFX' || $fact === 'NICK') { - echo ''; + echo ''; } elseif ($fact === 'GIVN') { - echo ''; + echo ''; } elseif ($fact === 'SURN' || $fact === '_MARNM_SURN') { - echo ''; + echo ''; } elseif ($fact === 'ADOP') { echo Bootstrap4::select(GedcomCodeAdop::getValues($person), $value, ['id' => $id, 'name' => $name]); } elseif ($fact === 'ALIA') { @@ -705,7 +706,7 @@ class FunctionsEdit { } } elseif ($fact === 'DATE') { echo '
    '; - echo ''; + echo ''; echo self::inputAddonCalendar($id); echo self::inputAddonHelp('DATE'); echo '
    '; @@ -718,9 +719,9 @@ class FunctionsEdit { self::formControlFamily(Family::getInstance($value, $WT_TREE), ['id' => $id, 'name' => $name]) . '
    '; } elseif ($fact === 'LATI') { - echo ''; + echo ''; } elseif ($fact === 'LONG') { - echo ''; + echo ''; } elseif ($fact === 'NOTE' && $islink) { echo '
    ' . @@ -734,7 +735,7 @@ class FunctionsEdit { self::formControlMediaObject(Media::getInstance($value, $WT_TREE), ['id' => $id, 'name' => $name]) . '
    '; } elseif ($fact === 'PAGE') { - echo ''; + echo ''; } elseif ($fact === 'PEDI') { echo Bootstrap4::select(GedcomCodePedi::getValues($person), $value, ['id' => $id, 'name' => $name]); } elseif ($fact === 'PLAC') { @@ -781,7 +782,7 @@ class FunctionsEdit { } elseif ($fact === 'TEMP') { echo Bootstrap4::select(FunctionsEdit::optionsTemples(), $value, ['id' => $id, 'name' => $name]); } elseif ($fact === 'TIME') { - echo ''; + echo ''; } elseif ($fact === '_WT_USER') { echo Bootstrap4::select(FunctionsEdit::optionsUsers(), $value, ['id' => $id, 'name' => $name]); } elseif ($fact === '_PRIM') { @@ -792,7 +793,7 @@ class FunctionsEdit { echo ''; + echo ''; echo self::inputAddonKeyboard($id); echo '
    '; } else { // If using GEDFact-assistant window - echo ''; + echo ''; } } else { // Populated in javascript from sub-tags - echo ''; - echo '', Filter::escapeHtml($value), ''; + echo ''; + echo '', Html::escape($value), ''; echo ' '; } // MARRiage TYPE : hide text field and show a selection list diff --git a/app/Functions/FunctionsPrint.php b/app/Functions/FunctionsPrint.php index edde1f7b2c..c66324a55e 100644 --- a/app/Functions/FunctionsPrint.php +++ b/app/Functions/FunctionsPrint.php @@ -26,6 +26,7 @@ use Fisharebest\Webtrees\GedcomCode\GedcomCodeStat; use Fisharebest\Webtrees\GedcomCode\GedcomCodeTemp; use Fisharebest\Webtrees\GedcomRecord; use Fisharebest\Webtrees\GedcomTag; +use Fisharebest\Webtrees\Html; use Fisharebest\Webtrees\I18N; use Fisharebest\Webtrees\Individual; use Fisharebest\Webtrees\Module; @@ -517,7 +518,7 @@ class FunctionsPrint { echo ''; echo '' . '
    ' . '
    ' . '' . '
    ' . - '' . '
    ' . '
    ' . diff --git a/app/Module/BatchUpdateModule.php b/app/Module/BatchUpdateModule.php index 0b75a33907..328bc521a5 100644 --- a/app/Module/BatchUpdateModule.php +++ b/app/Module/BatchUpdateModule.php @@ -22,6 +22,7 @@ use Fisharebest\Webtrees\Database; use Fisharebest\Webtrees\Family; use Fisharebest\Webtrees\Filter; use Fisharebest\Webtrees\GedcomRecord; +use Fisharebest\Webtrees\Html; use Fisharebest\Webtrees\I18N; use Fisharebest\Webtrees\Individual; use Fisharebest\Webtrees\Media; @@ -391,9 +392,9 @@ class BatchUpdateModule extends AbstractModule implements ModuleConfigInterface public static function createSubmitButton($text, $xref, $action = '', $data = '') { return ''; } diff --git a/app/Module/CensusAssistantModule.php b/app/Module/CensusAssistantModule.php index 7814ff357d..6faf90acc6 100644 --- a/app/Module/CensusAssistantModule.php +++ b/app/Module/CensusAssistantModule.php @@ -386,7 +386,7 @@ class CensusAssistantModule extends AbstractModule { echo '
    diff --git a/app/Module/FrequentlyAskedQuestionsModule.php b/app/Module/FrequentlyAskedQuestionsModule.php index 1fd9edfc3c..21ac3ea7e0 100644 --- a/app/Module/FrequentlyAskedQuestionsModule.php +++ b/app/Module/FrequentlyAskedQuestionsModule.php @@ -177,7 +177,7 @@ class FrequentlyAskedQuestionsModule extends AbstractModule implements ModuleMen
    + value="">
    @@ -187,7 +187,7 @@ class FrequentlyAskedQuestionsModule extends AbstractModule implements ModuleMen
    - +
    @@ -491,7 +491,7 @@ class FrequentlyAskedQuestionsModule extends AbstractModule implements ModuleMen echo ''; echo ' ', I18N::translate('Edit'), ''; echo ''; - echo ' ', I18N::translate('Delete'), ''; + echo ' ', I18N::translate('Delete'), ''; echo ''; // NOTE: Print the title text of the current item echo ''; diff --git a/app/Module/GoogleMapsModule.php b/app/Module/GoogleMapsModule.php index 790c36d6a1..d6d2793269 100644 --- a/app/Module/GoogleMapsModule.php +++ b/app/Module/GoogleMapsModule.php @@ -28,6 +28,7 @@ use Fisharebest\Webtrees\FontAwesome; use Fisharebest\Webtrees\Functions\Functions; use Fisharebest\Webtrees\Functions\FunctionsCharts; use Fisharebest\Webtrees\Functions\FunctionsEdit; +use Fisharebest\Webtrees\Html; use Fisharebest\Webtrees\I18N; use Fisharebest\Webtrees\Individual; use Fisharebest\Webtrees\Log; @@ -408,7 +409,7 @@ class GoogleMapsModule extends AbstractModule implements ModuleConfigInterface,
    - getPreference('GM_PLACE_HIERARCHY'), true) ?> + getPreference('GM_PLACE_HIERARCHY', '0'), true) ?>
    @@ -1323,7 +1324,7 @@ class GoogleMapsModule extends AbstractModule implements ModuleConfigInterface, echo '', $event['fact_label'], ''; echo ''; if ($event['info']) { - echo '
    ', Filter::escapeHtml($event['info']), '
    '; + echo '
    ', Html::escape($event['info']), '
    '; } if ($event['name']) { echo '
    ', $event['name'], '
    '; @@ -2157,7 +2158,7 @@ class GoogleMapsModule extends AbstractModule implements ModuleConfigInterface, $placefile) { unset($placefiles[$p]); - $p = Filter::escapeHtml($placefile); + $p = Html::escape($placefile); if (substr($placefile, 0, 1) == '/') { $placefiles[$p] = substr($placefile, 1); } else { @@ -2585,7 +2586,7 @@ class GoogleMapsModule extends AbstractModule implements ModuleConfigInterface, [0 => I18N::translate('Geographic data')] + $this->placeIdToHierarchy($place_id === 0 ? $parent_id : $place_id); foreach ($hierarchy as $id => $name) { - $breadcrumbs += ['module.php?mod=googlemap&mod_action=admin_places&parent_id=' . $id .'&inactive=' . $inactive => Filter::escapeHtml($name)]; + $breadcrumbs += ['module.php?mod=googlemap&mod_action=admin_places&parent_id=' . $id .'&inactive=' . $inactive => Html::escape($name)]; } echo Bootstrap4::breadcrumbs($breadcrumbs, $place_id === 0 ? I18N::translate('Add') : I18N::translate('Edit')); @@ -2982,7 +2983,7 @@ class GoogleMapsModule extends AbstractModule implements ModuleConfigInterface,
    - +
    - +
    @@ -310,7 +311,7 @@ class HtmlBlockModule extends AbstractModule implements ModuleBlockInterface {
    - +
    diff --git a/app/Module/IndividualSidebarModule.php b/app/Module/IndividualSidebarModule.php index a74e145176..46e3d9f60c 100644 --- a/app/Module/IndividualSidebarModule.php +++ b/app/Module/IndividualSidebarModule.php @@ -185,7 +185,7 @@ class IndividualSidebarModule extends AbstractModule implements ModuleSidebarInt $surnames = QueryName::surnames($tree, '', $alpha, true, false); $out = '
      '; foreach (array_keys($surnames) as $surname) { - $out .= '
    • ' . Filter::escapeHtml($surname) . ''; + $out .= '
    • ' . Html::escape($surname) . ''; $out .= '
      '; $out .= '
    • '; } diff --git a/app/Module/LoggedInUsersModule.php b/app/Module/LoggedInUsersModule.php index 24e9c10580..9f49a39b62 100644 --- a/app/Module/LoggedInUsersModule.php +++ b/app/Module/LoggedInUsersModule.php @@ -85,7 +85,7 @@ class LoggedInUsersModule extends AbstractModule implements ModuleBlockInterface } else { $content .= $user->getRealNameHtml(); } - $content .= ' - ' . Filter::escapeHtml($user->getUserName()); + $content .= ' - ' . Html::escape($user->getUserName()); if (Auth::id() != $user->getUserId() && $user->getPreference('contactmethod') != 'none') { $content .= FontAwesome::linkIcon('email', I18N::translate('Send a message'), ['class' => 'btn btn-link', 'href' => 'message.php?to=' . Filter::escapeUrl($user->getUserName()) . '&ged=' . $WT_TREE->getNameUrl()]); } diff --git a/app/Module/RecentChangesModule.php b/app/Module/RecentChangesModule.php index 1ed44f57dc..c2aefe5360 100644 --- a/app/Module/RecentChangesModule.php +++ b/app/Module/RecentChangesModule.php @@ -230,7 +230,7 @@ class RecentChangesModule extends AbstractModule implements ModuleBlockInterface if ($timestamp !== '') { if ($show_user) { $html .= /* I18N: [a record was] Changed on by */ - I18N::translate('Changed on %1$s by %2$s', $timestamp, Filter::escapeHtml($record->lastChangeUser())); + I18N::translate('Changed on %1$s by %2$s', $timestamp, Html::escape($record->lastChangeUser())); } else { $html .= /* I18N: [a record was] Changed on */ I18N::translate('Changed on %1$s', $timestamp); @@ -323,7 +323,7 @@ class RecentChangesModule extends AbstractModule implements ModuleBlockInterface break; } $html .= ''; - $html .= ''; + $html .= ''; $html .= '' . $record->getFullName() . ''; $addname = $record->getAddName(); if ($addname) { @@ -331,7 +331,7 @@ class RecentChangesModule extends AbstractModule implements ModuleBlockInterface } $html .= ''; $html .= '' . $record->lastChangeTimestamp() . ''; - $html .= '' . Filter::escapeHtml($record->lastChangeUser()) . ''; + $html .= '' . Html::escape($record->lastChangeUser()) . ''; $html .= ''; } diff --git a/app/Module/ResearchTaskModule.php b/app/Module/ResearchTaskModule.php index 44254a721c..3c2634ee8f 100644 --- a/app/Module/ResearchTaskModule.php +++ b/app/Module/ResearchTaskModule.php @@ -23,6 +23,7 @@ use Fisharebest\Webtrees\Filter; use Fisharebest\Webtrees\FontAwesome; use Fisharebest\Webtrees\Functions\FunctionsEdit; use Fisharebest\Webtrees\GedcomRecord; +use Fisharebest\Webtrees\Html; use Fisharebest\Webtrees\I18N; use Fisharebest\Webtrees\Theme; @@ -103,7 +104,7 @@ class ResearchTaskModule extends AbstractModule implements ModuleBlockInterface if ($user_name === Auth::user()->getUserName() || !$user_name && $show_unassigned || $user_name && $show_other) { $content .= ''; $content .= '' . $fact->getDate()->display() . ''; - $content .= '' . $record->getFullName() . ''; + $content .= '' . $record->getFullName() . ''; $content .= '' . $user_name . ''; $content .= '' . $fact->getValue() . ''; $content .= ''; diff --git a/app/Module/StoriesModule.php b/app/Module/StoriesModule.php index c20f2f5ba3..52d7fd06b9 100644 --- a/app/Module/StoriesModule.php +++ b/app/Module/StoriesModule.php @@ -21,6 +21,7 @@ use Fisharebest\Webtrees\Controller\PageController; use Fisharebest\Webtrees\Database; use Fisharebest\Webtrees\Filter; use Fisharebest\Webtrees\Functions\FunctionsEdit; +use Fisharebest\Webtrees\Html; use Fisharebest\Webtrees\I18N; use Fisharebest\Webtrees\Individual; use Fisharebest\Webtrees\Menu; @@ -224,7 +225,7 @@ class StoriesModule extends AbstractModule implements ModuleTabInterface, Module
      - +
      @@ -233,7 +234,7 @@ class StoriesModule extends AbstractModule implements ModuleTabInterface, Module
      - +
      @@ -373,7 +374,7 @@ class StoriesModule extends AbstractModule implements ModuleTabInterface, Module - getBlockSetting($story->block_id, 'title')) ?> + getBlockSetting($story->block_id, 'title')) ?> xref, $WT_TREE) ?> @@ -393,7 +394,7 @@ class StoriesModule extends AbstractModule implements ModuleTabInterface, Module diff --git a/app/Module/TopSurnamesModule.php b/app/Module/TopSurnamesModule.php index 97ed881942..8b363437f1 100644 --- a/app/Module/TopSurnamesModule.php +++ b/app/Module/TopSurnamesModule.php @@ -178,8 +178,8 @@ class TopSurnamesModule extends AbstractModule implements ModuleBlockInterface { /** * Sort (lists of counts of similar) surname by total count. * - * @param string[] $a - * @param string[] $b + * @param string[][] $a + * @param string[][] $b * * @return int */ diff --git a/app/Module/UserJournalModule.php b/app/Module/UserJournalModule.php index 178d27a22b..08a35316d4 100644 --- a/app/Module/UserJournalModule.php +++ b/app/Module/UserJournalModule.php @@ -19,6 +19,7 @@ use Fisharebest\Webtrees\Auth; use Fisharebest\Webtrees\Database; use Fisharebest\Webtrees\Filter; use Fisharebest\Webtrees\Functions\FunctionsDate; +use Fisharebest\Webtrees\Html; use Fisharebest\Webtrees\I18N; use Fisharebest\Webtrees\Theme; @@ -86,7 +87,7 @@ class UserJournalModule extends AbstractModule implements ModuleBlockInterface { foreach ($articles as $article) { $content .= '
      '; - $content .= '
      ' . Filter::escapeHtml($article->subject) . '
      '; + $content .= '
      ' . Html::escape($article->subject) . '
      '; $content .= '
      ' . FunctionsDate::formatTimestamp($article->updated) . '
      '; if ($article->body == strip_tags($article->body)) { $article->body = nl2br($article->body, false); @@ -94,7 +95,7 @@ class UserJournalModule extends AbstractModule implements ModuleBlockInterface { $content .= $article->body; $content .= '' . I18N::translate('Edit') . ''; $content .= ' | '; - $content .= '" . I18N::translate('Delete') . '
      '; + $content .= '" . I18N::translate('Delete') . '
      '; $content .= '

      '; } diff --git a/app/Module/UserMessagesModule.php b/app/Module/UserMessagesModule.php index 568a35c6fb..0eeac2c3ba 100644 --- a/app/Module/UserMessagesModule.php +++ b/app/Module/UserMessagesModule.php @@ -94,7 +94,7 @@ class UserMessagesModule extends AbstractModule implements ModuleBlockInterface $content .= ''; $content .= '

      '; @@ -109,7 +109,7 @@ class UserMessagesModule extends AbstractModule implements ModuleBlockInterface foreach ($messages as $message) { $content .= ''; $content .= ''; - $content .= ' ' . Filter::escapeHtml($message->subject) . ''; + $content .= ' ' . Html::escape($message->subject) . ''; $content .= '' . FunctionsDate::formatTimestamp($message->created + WT_TIMESTAMP_OFFSET) . ''; $content .= ''; $user = User::findByIdentifier($message->sender); @@ -117,7 +117,7 @@ class UserMessagesModule extends AbstractModule implements ModuleBlockInterface $content .= $user->getRealNameHtml(); $content .= ' - ' . $user->getEmail() . ''; } else { - $content .= '' . Filter::escapeHtml($message->sender) . ''; + $content .= '' . Html::escape($message->sender) . ''; } $content .= ''; $content .= ''; diff --git a/app/Place.php b/app/Place.php index 4d65c09aff..6da6d76dd4 100644 --- a/app/Place.php +++ b/app/Place.php @@ -134,7 +134,7 @@ class Place { public function getPlaceName() { $place = reset($this->gedcom_place); - return $place ? '' . Filter::escapeHtml($place) . '' : I18N::translate('unknown'); + return $place ? '' . Html::escape($place) . '' : I18N::translate('unknown'); } /** @@ -154,12 +154,12 @@ class Place { public function getFullName() { if (true) { // If a place hierarchy is a single entity - return '' . Filter::escapeHtml(implode(I18N::$list_separator, $this->gedcom_place)) . ''; + return '' . Html::escape(implode(I18N::$list_separator, $this->gedcom_place)) . ''; } else { // If a place hierarchy is a list of distinct items $tmp = []; foreach ($this->gedcom_place as $place) { - $tmp[] = '' . Filter::escapeHtml($place) . ''; + $tmp[] = '' . Html::escape($place) . ''; } return implode(I18N::$list_separator, $tmp); @@ -187,7 +187,7 @@ class Place { $short_name = implode(self::GEDCOM_SEPARATOR, array_slice($this->gedcom_place, 0, $SHOW_PEDIGREE_PLACES)); } // Add a tool-tip showing the full name - return '' . Filter::escapeHtml($short_name) . ''; + return '' . Html::escape($short_name) . ''; } } @@ -199,7 +199,7 @@ class Place { public function getReverseName() { $tmp = []; foreach (array_reverse($this->gedcom_place) as $place) { - $tmp[] = '' . Filter::escapeHtml($place) . ''; + $tmp[] = '' . Html::escape($place) . ''; } return implode(I18N::$list_separator, $tmp); diff --git a/app/Select2.php b/app/Select2.php index 30a32a2c1a..a80c59b144 100644 --- a/app/Select2.php +++ b/app/Select2.php @@ -222,7 +222,14 @@ class Select2 extends Html { * @return string */ public static function individualValue(Individual $individual) { - return $individual->getFullName() . ', ' . $individual->getLifeSpan(); + $image = $individual->findHighlightedMedia(); + if ($image instanceof Media) { + $html = $image->displayImage(30, 40, 'crop', []) . ' '; + } else { + $html = ''; + } + + return $html . $individual->getFullName() . ', ' . $individual->getLifeSpan(); } /** @@ -291,7 +298,7 @@ class Select2 extends Html { * @return string */ public static function mediaObjectValue(Media $media) { - return $media->getFullName() . ', ' . basename($media->getFilename()); + return $media->displayImage(30, 40, 'crop', []) . ' ' . $media->getFullName() . ', ' . basename($media->getFilename()); } /** diff --git a/app/Stats.php b/app/Stats.php index e430acd8f2..292e458594 100644 --- a/app/Stats.php +++ b/app/Stats.php @@ -5900,9 +5900,9 @@ class Stats { if (Auth::check()) { foreach ($loggedusers as $user) { if ($type == 'list') { - $content .= '
    • ' . Filter::escapeHtml($user->getRealName()) . ' - ' . Filter::escapeHtml($user->getUserName()); + $content .= '
    • ' . Html::escape($user->getRealName()) . ' - ' . Html::escape($user->getUserName()); } else { - $content .= Filter::escapeHtml($user->getRealName()) . ' - ' . Filter::escapeHtml($user->getUserName()); + $content .= Html::escape($user->getRealName()) . ' - ' . Html::escape($user->getUserName()); } if (Auth::id() != $user->getUserId() && $user->getPreference('contactmethod') != 'none') { if ($type == 'list') { @@ -6011,10 +6011,10 @@ class Stats { */ public function userName($params = []) { if (Auth::check()) { - return Filter::escapeHtml(Auth::user()->getUserName()); + return Html::escape(Auth::user()->getUserName()); } elseif (isset($params[0]) && $params[0] != '') { // if #username:visitor# was specified, then "visitor" will be returned when the user is not logged in - return Filter::escapeHtml($params[0]); + return Html::escape($params[0]); } else { return ''; } @@ -6051,7 +6051,7 @@ class Stats { case 'userid': return $user->getUserId(); case 'username': - return Filter::escapeHtml($user->getUserName()); + return Html::escape($user->getUserName()); case 'fullname': return $user->getRealNameHtml(); case 'regdate': diff --git a/app/Theme/AbstractTheme.php b/app/Theme/AbstractTheme.php index 0ad379b350..f70c94e788 100644 --- a/app/Theme/AbstractTheme.php +++ b/app/Theme/AbstractTheme.php @@ -25,6 +25,7 @@ use Fisharebest\Webtrees\Functions\Functions; use Fisharebest\Webtrees\GedcomRecord; use Fisharebest\Webtrees\GedcomTag; use Fisharebest\Webtrees\HitCounter; +use Fisharebest\Webtrees\Html; use Fisharebest\Webtrees\I18N; use Fisharebest\Webtrees\Individual; use Fisharebest\Webtrees\Menu; @@ -327,9 +328,9 @@ abstract class AbstractTheme { case 'none': return ''; case 'mailto': - return '' . $user->getRealNameHtml() . ''; + return '' . $user->getRealNameHtml() . ''; default: - return '' . $user->getRealNameHtml() . ''; + return '' . $user->getRealNameHtml() . ''; } } @@ -1879,7 +1880,7 @@ abstract class AbstractTheme { * @return string */ protected function metaCsrf() { - return ''; + return ''; } /** @@ -2181,6 +2182,6 @@ abstract class AbstractTheme { * @return string */ protected function title($title) { - return '' . Filter::escapeHtml($title) . ''; + return '' . Html::escape($title) . ''; } } diff --git a/app/Tree.php b/app/Tree.php index 353141addc..ea9c671998 100644 --- a/app/Tree.php +++ b/app/Tree.php @@ -116,7 +116,7 @@ class Tree { * @return string */ public function getNameHtml() { - return Filter::escapeHtml($this->name); + return Html::escape($this->name); } /** @@ -143,7 +143,7 @@ class Tree { * @return string */ public function getTitleHtml() { - return '' . Filter::escapeHtml($this->title) . ''; + return '' . Html::escape($this->title) . ''; } /** diff --git a/app/User.php b/app/User.php index fb36eafa4b..81791a4272 100644 --- a/app/User.php +++ b/app/User.php @@ -382,7 +382,7 @@ class User { * @return string */ public function getRealNameHtml() { - return '' . Filter::escapeHtml($this->real_name) . ''; + return '' . Html::escape($this->real_name) . ''; } /** diff --git a/branches.php b/branches.php index 2439217c35..c00599f30a 100644 --- a/branches.php +++ b/branches.php @@ -35,7 +35,7 @@ $controller->pageHeader();
      - +
      diff --git a/edit_changes.php b/edit_changes.php index 0a74a29a1a..19e6d532ba 100644 --- a/edit_changes.php +++ b/edit_changes.php @@ -157,11 +157,11 @@ foreach ($rows as $row) {

      getTitleHtml() ?> — - + — - +

      @@ -195,7 +195,7 @@ foreach ($rows as $row) { - real_name)?> - user_name) ?> + real_name)?> - user_name) ?> diff --git a/edit_interface.php b/edit_interface.php index dc62fdd903..b744d1280a 100644 --- a/edit_interface.php +++ b/edit_interface.php @@ -72,7 +72,7 @@ switch ($action) { + style="width:100%;">getGedcom()) ?>
    • @@ -186,7 +186,7 @@ switch ($action) {
      + dir="ltr">getGedcom()) ?>
      @@ -595,7 +595,7 @@ switch ($action) {
      - +
      @@ -604,10 +604,10 @@ switch ($action) {
      - + - + @@ -1757,7 +1757,7 @@ switch ($action) { - +
      @@ -2613,7 +2613,7 @@ function keep_chan(GedcomRecord $record = null) { if ($record) { $details = GedcomTag::getLabelValue('DATE', $record->lastChangeTimestamp()) . - GedcomTag::getLabelValue('_WT_USER', Filter::escapeHtml($record->lastChangeUser())); + GedcomTag::getLabelValue('_WT_USER', Html::escape($record->lastChangeUser())); } else { $details = ''; } diff --git a/editnews.php b/editnews.php index f0ee50298d..0faea7908f 100644 --- a/editnews.php +++ b/editnews.php @@ -102,7 +102,7 @@ if (Module::getModuleByName('ckeditor')) { - + @@ -114,7 +114,7 @@ if (Module::getModuleByName('ckeditor')) { - + diff --git a/edituser.php b/edituser.php index bbe3cb365c..411427094f 100644 --- a/edituser.php +++ b/edituser.php @@ -132,7 +132,7 @@ function checkform(frm) {
      - +

      @@ -144,7 +144,7 @@ function checkform(frm) {
      - +

      @@ -233,7 +233,7 @@ function checkform(frm) {
      - +

      @@ -248,7 +248,7 @@ function checkform(frm) {
      - '; + '; echo '
      @@ -250,15 +250,15 @@ case 'requestpw': I18N::translate('Lost password request'), I18N::translate('Hello %s…', $user->getRealNameHtml()) . Mail::EOL . Mail::EOL . I18N::translate('A new password has been requested for your username.') . Mail::EOL . Mail::EOL . - I18N::translate('Username') . ': ' . Filter::escapeHtml($user->getUserName()) . Mail::EOL . + I18N::translate('Username') . ': ' . Html::escape($user->getUserName()) . Mail::EOL . I18N::translate('Password') . ': ' . $user_new_pw . Mail::EOL . Mail::EOL . I18N::translate('After you have signed in, select the “My account” link under the “My pages” menu and fill in the password fields to change your password.') . Mail::EOL . Mail::EOL . '' . WT_BASE_URL . 'login.php?ged=' . $WT_TREE->getNameUrl() . '' ); - FlashMessages::addMessage(I18N::translate('A new password has been created and emailed to %s. You can change this password after you sign in.', Filter::escapeHtml($user_name)), 'success'); + FlashMessages::addMessage(I18N::translate('A new password has been created and emailed to %s. You can change this password after you sign in.', Html::escape($user_name)), 'success'); } else { - FlashMessages::addMessage(I18N::translate('There is no account with the username or email “%s”.', Filter::escapeHtml($user_name)), 'danger'); + FlashMessages::addMessage(I18N::translate('There is no account with the username or email “%s”.', Html::escape($user_name)), 'danger'); } header('Location: login.php'); @@ -315,10 +315,10 @@ case 'register': I18N::translate('Hello administrator…') . Mail::EOL . Mail::EOL . /* I18N: %s is a server name/URL */ I18N::translate('A prospective user has registered with webtrees at %s.', WT_BASE_URL . ' ' . $WT_TREE->getTitleHtml()) . Mail::EOL . Mail::EOL . - I18N::translate('Username') . ' ' . Filter::escapeHtml($user->getUserName()) . Mail::EOL . + I18N::translate('Username') . ' ' . Html::escape($user->getUserName()) . Mail::EOL . I18N::translate('Real name') . ' ' . $user->getRealNameHtml() . Mail::EOL . - I18N::translate('Email address') . ' ' . Filter::escapeHtml($user->getEmail()) . Mail::EOL . - I18N::translate('Comments') . ' ' . Filter::escapeHtml($user_comments) . Mail::EOL . Mail::EOL . + I18N::translate('Email address') . ' ' . Html::escape($user->getEmail()) . Mail::EOL . + I18N::translate('Comments') . ' ' . Html::escape($user_comments) . Mail::EOL . Mail::EOL . I18N::translate('The user has been sent an email with the information necessary to confirm the access request.') . Mail::EOL . Mail::EOL . I18N::translate('You will be informed by email when this prospective user has confirmed the request. You can then complete the process by activating the username. The new user will not be able to sign in until you activate the account.'); @@ -337,9 +337,9 @@ case 'register': I18N::translate('Follow this link to verify your email address.') . Mail::EOL . Mail::EOL . '' . - WT_LOGIN_URL . '?user_name=' . Filter::escapeHtml($user->getUserName()) . '&user_hashcode=' . urlencode($user->getPreference('reg_hashcode')) . '&action=userverify&ged=' . $WT_TREE->getNameHtml() . + WT_LOGIN_URL . '?user_name=' . Html::escape($user->getUserName()) . '&user_hashcode=' . urlencode($user->getPreference('reg_hashcode')) . '&action=userverify&ged=' . $WT_TREE->getNameHtml() . '' . Mail::EOL . Mail::EOL . - I18N::translate('Username') . ' - ' . Filter::escapeHtml($user->getUserName()) . Mail::EOL . + I18N::translate('Username') . ' - ' . Html::escape($user->getUserName()) . Mail::EOL . I18N::translate('Comments') . ' - ' . $user->getPreference('comment') . Mail::EOL . I18N::translate('If you didn’t request an account, you can just delete this message.') . Mail::EOL; $mail2_subject = /* I18N: %s is a server name/URL */ I18N::translate('Your registration at %s', WT_BASE_URL); @@ -413,7 +413,7 @@ case 'register':

      @@ -423,7 +423,7 @@ case 'register':

      @@ -433,7 +433,7 @@ case 'register':

      @@ -446,7 +446,7 @@ case 'register': @@ -480,7 +480,7 @@ case 'register': cols="50" rows="5" id="user_comments" name="user_comments" placeholder="" - > + >

      @@ -555,8 +555,8 @@ case 'verify_hash': /* I18N: %1$s is a real-name, %2$s is a username, %3$s is an email address */ I18N::translate( 'A new user (%1$s) has requested an account (%2$s) and verified an email address (%3$s).', $user->getRealNameHtml(), - Filter::escapeHtml($user->getUserName()), - Filter::escapeHtml($user->getEmail()) + Html::escape($user->getUserName()), + Html::escape($user->getEmail()) ) . Mail::EOL . Mail::EOL . I18N::translate('You need to review the account details.') . diff --git a/medialist.php b/medialist.php index e5d1c5ea95..0caeb3ed0c 100644 --- a/medialist.php +++ b/medialist.php @@ -109,7 +109,7 @@ $medialist = QueryMedia::mediaList(

      - +
      diff --git a/message.php b/message.php index dbe70f137a..6c854faff1 100644 --- a/message.php +++ b/message.php @@ -71,7 +71,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { // No errors. Send the message. foreach ($recipients as $recipient) { if (deliverMessage($WT_TREE, $from_email, $from_name, $recipient, $subject, $body, $url)) { - FlashMessages::addMessage(I18N::translate('The message was successfully sent to %s.', Filter::escapeHtml($to)), 'info'); + FlashMessages::addMessage(I18N::translate('The message was successfully sent to %s.', Html::escape($to)), 'info'); } else { FlashMessages::addMessage(I18N::translate('The message was not sent.'), 'danger'); Log::addErrorLog('Unable to send a message. FROM:' . $from_email . ' TO:' . $recipient->getEmail()); @@ -102,15 +102,15 @@ $to_names = implode(I18N::$list_separator, array_map(function(User $user) { retu - +
      - -
      + +
      @@ -120,7 +120,7 @@ $to_names = implode(I18N::$list_separator, array_map(function(User $user) { retu
      -
      getRealName()) ?>
      +
      getRealName()) ?>
      @@ -129,7 +129,7 @@ $to_names = implode(I18N::$list_separator, array_map(function(User $user) { retu
      - +
      @@ -137,7 +137,7 @@ $to_names = implode(I18N::$list_separator, array_map(function(User $user) { retu
      - +
      @@ -147,7 +147,7 @@ $to_names = implode(I18N::$list_separator, array_map(function(User $user) { retu
      - +
      @@ -156,7 +156,7 @@ $to_names = implode(I18N::$list_separator, array_map(function(User $user) { retu
      - +
      diff --git a/placelist.php b/placelist.php index bdfdf85612..4eec7ef273 100644 --- a/placelist.php +++ b/placelist.php @@ -33,7 +33,7 @@ $level = count($parent); if ($display == 'hierarchy') { if ($level) { - $controller->setPageTitle(I18N::translate('Place hierarchy') . ' - ' . Filter::escapeHtml($parent[$level - 1]) . ''); + $controller->setPageTitle(I18N::translate('Place hierarchy') . ' - ' . Html::escape($parent[$level - 1]) . ''); } else { $controller->setPageTitle(I18N::translate('Place hierarchy')); } diff --git a/reportengine.php b/reportengine.php index f82d9e7f46..89ba243adb 100644 --- a/reportengine.php +++ b/reportengine.php @@ -115,12 +115,12 @@ case 'choose':

      ', I18N::translate('Choose a report to run'), '

      - + @@ -141,7 +141,7 @@ case 'setup':

      ', $report_array['title'], '

      - +
      ', I18N::translate('Report'), '
      '; @@ -150,7 +150,7 @@ case 'setup': } foreach ($report_array['inputs'] as $input) { echo ''; diff --git a/search.php b/search.php index 8cd8388656..3918a289b5 100644 --- a/search.php +++ b/search.php @@ -72,7 +72,7 @@ function checknames(frm) {
      - +
      @@ -152,13 +152,13 @@ function checknames(frm) {
      - +
      - +
      '; $currentFieldSearch = $controller->getField($i); // Get this field’s name and the search criterion $currentField = substr($currentFieldSearch, 0, strrpos($currentFieldSearch, ':')); // Get the actual field name ?> - getField($i), -4) == 'PLAC' ? 'data-autocomplete-type="PLAC"' : '' ?>> + getField($i), -4) == 'PLAC' ? 'data-autocomplete-type="PLAC"' : '' ?>> 0) { ?>
      ', I18N::translate('Report'), '', $report_array['description'], '
      '; - echo ''; + echo ''; echo I18N::translate($input['value']), ''; if (!isset($input['type'])) { $input['type'] = 'text'; @@ -195,15 +195,15 @@ case 'setup': break; } - echo ' type="text" name="vars[', Filter::escapeHtml($input['name']), ']" id="', Filter::escapeHtml($input['name']), '" value="', Filter::escapeHtml($input['default']), '" style="direction: ltr;">'; + echo ' type="text" name="vars[', Html::escape($input['name']), ']" id="', Html::escape($input['name']), '" value="', Html::escape($input['default']), '" style="direction: ltr;">'; } if ($input['type'] == 'checkbox') { - echo ''; } if ($input['type'] == 'select') { - echo ''; $options = preg_split('/[|]+/', $input['options']); foreach ($options as $option) { $opt = explode('=>', $option); @@ -215,20 +215,20 @@ case 'setup': } elseif (preg_match('/^I18N::translateContext\(\'(.+)\', *\'(.+)\'\)$/', $display, $match)) { $display = I18N::translateContext($match[1], $match[2]); } - echo ''; + echo '>', Html::escape($display), ''; } echo ''; } if (isset($input['lookup'])) { - echo ''; + echo ''; if ($input['lookup'] == 'INDI') { } elseif ($input['lookup'] == 'DATE') { echo FontAwesome::linkIcon('calendar', I18N::translate('Select a date'), ['class' => 'btn btn-link', 'href' => '#', 'onclick' => 'return calendarWidget("div_' . Filter::escapeJs($input['name']) . '", "' . Filter::escapeJs($input['name']) . '");']); - echo ''; + echo ''; } } echo '
      ', I18N::translate('Server name'), '', - '', + '', I18N::translate('Most sites are configured to use localhost. This means that your database runs on the same computer as your web server.'), '
      ', I18N::translate('Port number'), '', - '', + '', I18N::translate('Most sites are configured to use the default value of 3306.'), '
      ', I18N::translate('Database user account'), '', - '', + '', I18N::translate('This is case sensitive.'), '
      ', I18N::translate('Database password'), '', - '', + '', I18N::translate('This is case sensitive.'), '
      ', '
      ', @@ -299,10 +299,10 @@ if (empty($_POST['dbuser']) || !Database::isConnected() || !$db_version_ok) { return; } else { // Copy these values through to the next step - echo ''; - echo ''; - echo ''; - echo ''; + echo ''; + echo ''; + echo ''; + echo ''; } //////////////////////////////////////////////////////////////////////////////// @@ -370,11 +370,11 @@ if (!$dbname_ok) { '
      ', I18N::translate('Database name'), '', '
      ', I18N::translate('Database name'), '', - '', + '', I18N::translate('This is case sensitive. If a database with this name does not already exist webtrees will attempt to create one for you. Success will depend on permissions set for your web server, but you will be notified if this fails.'), '
      ', I18N::translate('Table prefix'), '', - '', + '', I18N::translate('The prefix is optional, but recommended. By giving the table names a unique prefix you can let several different applications share the same database. “wt_” is suggested, but can be anything you want.'), '
      ', '
      ', @@ -385,8 +385,8 @@ if (!$dbname_ok) { return; } else { // Copy these values through to the next step - echo ''; - echo ''; + echo ''; + echo ''; } //////////////////////////////////////////////////////////////////////////////// @@ -423,22 +423,22 @@ if (empty($_POST['wtname']) || empty($_POST['wtuser']) || strlen($_POST['wtpass' '
      ', I18N::translate('Administrator account'), '', '
      ', I18N::translate('Your name'), '', - '', + '', I18N::translate('This is your real name, as you would like it displayed on screen.'), '
      ', I18N::translate('Username'), '', - '', + '', I18N::translate('You will use this to sign in to webtrees.'), '
      ', I18N::translate('Password'), '', - '', + '', I18N::translate('This must be at least six characters long. It is case-sensitive.'), '
      ', - '', + '', I18N::translate('Type your password again, to make sure you have typed it correctly.'), '
      ', I18N::translate('Email address'), '', - '', + '', I18N::translate('This email address will be used to send password reminders, website notifications, and messages from other family members who are registered on the website.'), '
      ', '
      ', @@ -450,11 +450,11 @@ if (empty($_POST['wtname']) || empty($_POST['wtuser']) || strlen($_POST['wtpass' return; } else { // Copy these values through to the next step - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; } //////////////////////////////////////////////////////////////////////////////// diff --git a/site-unavailable.php b/site-unavailable.php index 63ceb29a42..174aa566f3 100644 --- a/site-unavailable.php +++ b/site-unavailable.php @@ -38,7 +38,7 @@ header('Content-Type: text/html; charset=UTF-8'); $messages = ''; if (Filter::get('message')) { $messages .= - '
      ' . Filter::escapeHtml(Filter::get('message')) . '
      '; + '
      ' . Html::escape(Filter::get('message')) . '
      '; } // If we can't connect to the database at all, give the reason why diff --git a/statisticsplot.php b/statisticsplot.php index 741f23d510..4b7cbb4b86 100644 --- a/statisticsplot.php +++ b/statisticsplot.php @@ -684,7 +684,7 @@ function my_plot($chart_title, $xdata, $xtitle, $ydata, $ytitle, $legend) { $imgurl .= rawurlencode($data); } } - echo '', Filter::escapeHtml($chart_title), ''; + echo '', Html::escape($chart_title), ''; } /** diff --git a/timeline.php b/timeline.php index d89b76655a..234a05befb 100644 --- a/timeline.php +++ b/timeline.php @@ -399,7 +399,7 @@ $controller getFullName() ?>
      getAddName() ?>
      - + birthyears[$pid])) { ?> @@ -414,7 +414,7 @@ $controller } else { echo '
      ', I18N::translate('This information is private and cannot be shown.'), '
      '; ?> - +
      -- cgit v1.3