Changeset 851


Ignore:
Timestamp:
Jan 17, 2016, 10:07:13 PM (9 years ago)
Author:
chronos
Message:
  • Fixed: Use htmlspecialchars function for user inserted content to avoid breaking page HTML structure. Added for forum, teams, dictionary and profile text.
Location:
trunk
Files:
11 edited

Legend:

Unmodified
Added
Removed
  • trunk/Application/Version.php

    r850 r851  
    66// and system will need database update.
    77
    8 $Revision = 850; // Subversion revision
     8$Revision = 851; // Subversion revision
    99$DatabaseRevision = 849; // Database structure revision
    1010$ReleaseTime = '2016-01-17';
  • trunk/Modules/Dictionary/Dictionary.php

    r850 r851  
    170170          '<input type="hidden" name="id"  value="'.$_GET['id'].'"/>'.
    171171          '<table><tr><td>'.
    172           'Původní anglické slovo:</td><td><input type="text" name="Original" value="'.$DbRow2['Text'].'" /></td></tr>'.
    173           '<tr><td>Přeložené:</td><td><input type="text" name="Translated"  value="'.$DbRow['Text'].'" /></td></tr>'.
     172          'Původní anglické slovo:</td><td><input type="text" name="Original" value="'.htmlspecialchars($DbRow2['Text']).'" /></td></tr>'.
     173          '<tr><td>Přeložené:</td><td><input type="text" name="Translated" value="'.htmlspecialchars($DbRow['Text']).'" /></td></tr>'.
    174174          '<tr><td>'.T('Language').':</td><td>'.WriteLanguages($DbRow['Language']).'</td></tr>'.
    175           '<tr><td>'.T('Description').':</td><td><input type="text" name="Description"  value="'.$DbRow['Description'].'" /></td></tr>'.
     175          '<tr><td>'.T('Description').':</td><td><input type="text" name="Description"  value="'.htmlspecialchars($DbRow['Description']).'" /></td></tr>'.
    176176          '<tr><td colspan="2"><input type="submit" value="'.T('Save').'" /></td></tr>'.
    177177          '</td></tr></table>'.
     
    271271
    272272    if(is_numeric($_SESSION['language'])) $LanguageName = $LanguageList[$_SESSION['language']]['Name'];
    273       else $LanguageName = 'Překlad';
     273      else $LanguageName = T('Translation');
    274274    $TableColumns = array(
    275275      array('Name' => 'Original', 'Title' => T('English')),
     
    288288    {
    289289      $Output .= '<tr>'.
    290         '<td>'.$Line['Original'].'</td>'.
    291         '<td><strong>'.$Line['Translated'].'</strong></td>';
     290        '<td>'.htmlspecialchars($Line['Original']).'</td>'.
     291        '<td><strong>'.htmlspecialchars($Line['Translated']).'</strong></td>';
    292292      if(!is_numeric($_SESSION['language'])) $Output .= '<td>'.T($Line['LangName']).'</td>';
    293       $Output .= '<td>'.$Line['Description'].'</td>'.
     293      $Output .= '<td>'.htmlspecialchars($Line['Description']).'</td>'.
    294294        '<td><a href="'.$this->System->Link('/user/?user='.$Line['UserId']).'">'.
    295295        $Line['UserName'].'</a></td>';
  • trunk/Modules/Export/Page.php

    r848 r851  
    7070      $Output .= '<tr><td>'.HumanDate($Export['TimeCreate']).'</td>'.
    7171          '<td><a href="'.$this->System->Link('/user/?user='.$Export['User']).'">'.$Export['UserName'].'</a></td>'.
    72           '<td>'.$Export['Title'].'</td>'.
     72          '<td>'.htmlspecialchars($Export['Title']).'</td>'.
    7373          '<td>'.$Export['OutputType'].'</td>'.
    7474          '<td><a href="'.$this->System->Link('/client-version/?action=item&amp;id='.$Export['ClientVersionId']).'">'.$Export['ClientVersion'].'</a></td>'.
     
    304304        $Output .= '<input type="hidden" name="Operation" value="Save"/>'.
    305305            '<tr><td colspan="2">';
    306         if($Editable) $Output .= ' <input type="submit" value="Uložit" '.$DisabledInput[$Editable].'/>';
     306        if($Editable) $Output .= ' <input type="submit" value="'.T('Save').'" '.$DisabledInput[$Editable].'/>';
    307307        $Output .= ' <a href="?Action=Clone&amp;ExportId='.$Export['Id'].'" onclick="return confirmAction(\''.T('Realy clone item?').'\');">'.T('Clone').'</a> ';
    308308        if($this->System->User->Licence(LICENCE_ADMIN))
     
    310310        $Output .= '</td></tr>';
    311311      }
    312       $Output .= '<tr><td>'.T('Identification').':</td><td><input type="text" style="width: 400px" name="Title" value="'.$Export['Title'].'"'.$DisabledInput[$Editable].'/></td></tr>'.
    313           '<tr><td>Popis:</td><td><textarea name="Description" cols="54" rows="10"'.$DisabledTextArea[$Editable].'>'.$Export['Description'].'</textarea></td></tr>'.
     312      $Output .= '<tr><td>'.T('Identification').':</td><td><input type="text" style="width: 400px" name="Title" value="'.htmlspecialchars($Export['Title']).'"'.$DisabledInput[$Editable].'/></td></tr>'.
     313          '<tr><td>'.T('Description').':</td><td><textarea name="Description" cols="54" rows="10"'.$DisabledTextArea[$Editable].'>'.htmlspecialchars($Export['Description']).'</textarea></td></tr>'.
    314314          '<tr><td>'.T('With diacritics').'</td><td><input type="checkbox" name="WithDiacritic" '.$WithDiacritic.''.$DisabledInput[$Editable].'/></td></tr>'.
    315315          '</table></form>';
     
    752752        $DbResult = $this->System->Database->query('SELECT * FROM `User` WHERE `ID`='.$Export['User']);
    753753        $UserLine = $DbResult->fetch_assoc();
    754         $Output .= 'Export <strong><a href="?Action=View&amp;Tab=6&amp;ExportId='.$Export['Id'].'">'.$_GET['ExportId'].'</a></strong> překladatele <strong>'.$UserLine['Name'].'</strong> s označením <strong>'.$Export['Title'].'</strong>';
    755         $Output .= ShowTabs(array(T('General'), T('Translators'), T('Translations'), T('Languages'), T('Format'), T('Version'), T('Statistic'), T('Output')));
     754        $Output .= sprintf(T('Export %s of translator %s'),
     755          '<strong><a href="?Action=View&amp;Tab=6&amp;ExportId='.$Export['Id'].'">'.htmlspecialchars($Export['Title']).'</a></strong>',
     756          '<strong>'.$UserLine['Name'].'</strong>');
     757        $Output .= ShowTabs(array(T('General'), T('Translators'),
     758          T('Translations'), T('Languages'), T('Format'), T('Version'),
     759          T('Statistic'), T('Output')));
    756760        $Output .= '<div id="content">';
    757761        if($_SESSION['Tab'] == TAB_GENERAL) $Output .= $this->ExportViewGeneral();
  • trunk/Modules/Forum/Forum.php

    r850 r851  
    2626    if(array_key_exists('Search', $this->System->ModuleManager->Modules))
    2727      $this->System->ModuleManager->Modules['Search']->RegisterSearch('forumthread',
    28       T('Name of thread forum'), array('UserName', 'Text'), '`ForumThread`', $this->System->Link('/forum/?search='));
     28      T('Name of thread forum'), array('UserName', 'Text'), '`ForumThread`',
     29      $this->System->Link('/forum/?search='));
    2930
    3031    $this->System->RegisterMenuItem(array(
     
    5657        '<td><a href="'.$this->System->Link('/forum/?Thread='.$DbRow['Thread']).'">'.HumanDate($DbRow['Date']).'</a></td>'.
    5758        '<td><a href="'.$this->System->Link('/user/?user='.$DbRow['UserId']).'">'.$DbRow['UserName'].'</a></td>'.
    58         '<td>'.$Parser->qparse($DbRow['Text']).'</td>'.
     59        '<td>'.htmlspecialchars($Parser->qparse($DbRow['Text'])).'</td>'.
    5960        '</tr>';
    6061    }
     
    7273    if(array_key_exists('a', $_POST)) $Action = $_POST['a'];
    7374      else if(array_key_exists('a', $_GET)) $Action = $_GET['a'];
    74            else $Action = '';
     75       else $Action = '';
    7576    if (array_key_exists('Edit', $_GET)) {
    7677      if (array_key_exists('text', $_POST))
     
    117118            T('User').': ';
    118119        if($this->System->User->Licence(LICENCE_USER)) $Output .= '<b>'.$this->System->User->Name.'</b><br />';
    119         else $Output .= '<input type="text" name="user" /><br />';
     120          else $Output .= '<input type="text" name="user" /><br />';
    120121        $Output .= T('Message text').': ('.T('You can use').' <a href="http://www.bbcode.org/reference.php">'.T('BB code').'</a>)<br/>'.
    121         '<textarea onkeydown="ResizeTextArea(this)" rows="8" name="text" cols="80">'.$DbRow['Text'].'</textarea> <br/>'.
     122        '<textarea onkeydown="ResizeTextArea(this)" rows="8" name="text" cols="80">'.htmlspecialchars($DbRow['Text']).'</textarea> <br/>'.
    122123        '<input type="hidden" name="a" value="add2"/>'.
    123124        '<input type="submit" value="'.T('Send').'" /><br /></fieldset>'.
     
    149150    '`ForumThread`.`Text` as `ThreadName`,`ForumText`.`Thread` FROM `ForumText` '.$join.' WHERE '.$where.' ORDER BY `ForumText`.`Date` DESC '.$PageList['SQLLimit']);
    150151    while($Line = $DbResult->fetch_assoc())
    151       $Output .= '<div><a href="'.$this->System->Link('/forum/?Thread='.$Line['Thread']).'">'.$Line['ThreadName'].'</a><br /><strong>'.$Line['UserName'].'</strong> ('.HumanDate($Line['Date']).'): '.$parser->qparse($Line['Text']).'</div> ';
     152      $Output .= '<div><a href="'.$this->System->Link('/forum/?Thread='.$Line['Thread']).'">'.
     153      htmlspecialchars($Line['ThreadName']).'</a><br /><strong>'.$Line['UserName'].
     154      '</strong> ('.HumanDate($Line['Date']).'): '.htmlspecialchars($parser->qparse($Line['Text'])).'</div> ';
    152155    $Output .= '</div>'.$PageList['Output'];
    153156    return($Output);
     
    166169    $DbResult = $this->System->Database->query('SELECT * FROM `ForumThread` WHERE 1 ORDER BY `ID` DESC '.$PageList['SQLLimit']);
    167170    while($Line = $DbResult->fetch_assoc())
    168       $Output .= '<div><span style="float:right;"><strong>'.$Line['UserName'].'</strong> - ('.HumanDate($Line['Date']).')</span> <a href="?Thread='.$Line['ID'].'">'.str_replace("\n", '',$Line['Text']).'</a> </div>';
     171      $Output .= '<div><span style="float:right;"><strong>'.$Line['UserName'].
     172    '</strong> - ('.HumanDate($Line['Date']).')</span> <a href="?Thread='.$Line['ID'].'">'.
     173    str_replace("\n", '', htmlspecialchars($Line['Text'])).'</a></div>';
    169174    $Output .= '</div>'.$PageList['Output'];
    170175    return($Output);
     
    191196    {
    192197    $Thread = $DbResult->fetch_assoc();
    193     $Output .= '<h3>'.$Thread['Text'].'</h3>';
     198    $Output .= '<h3>'.htmlspecialchars($Thread['Text']).'</h3>';
    194199
    195200    $DbResult = $this->System->Database->query('SELECT COUNT(*) FROM `ForumText` WHERE `Thread` = '.($_GET['Thread']*1).' '.$SearchQuery);
     
    206211      else $edit = '';
    207212      $Output .= '<div><span style="float:right;">'.$edit.' ('.HumanDate($Line['Date']).
    208         ')</span><strong>'.$Line['UserName'].'</strong>: '.str_replace("\n", '<br />',$parser->qparse($Line['Text'])).'  </div> ';
     213        ')</span><strong>'.$Line['UserName'].'</strong>: '.str_replace("\n", '<br />',
     214        htmlspecialchars($parser->qparse($Line['Text']))).'  </div> ';
    209215    }
    210216    $Output .= '</div>'.$PageList['Output'];
     
    313319      $Items[] = array
    314320      (
    315         'Title' =>  $DbRow['ThreadText'].' - '.$DbRow['UserName'].': ',
    316         'Link' =>  'http://'.$this->System->Config['Web']['Host'].$this->System->Link('/forum/?Thread='.$DbRow['Thread']),
    317         'Description' => $parser->qparse($DbRow['Text']),
     321        'Title' => htmlspecialchars($DbRow['ThreadText']).' - '.$DbRow['UserName'].': ',
     322        'Link' => 'http://'.$this->System->Config['Web']['Host'].$this->System->Link('/forum/?Thread='.$DbRow['Thread']),
     323        'Description' => htmlspecialchars($parser->qparse($DbRow['Text'])),
    318324        'Time' => $DbRow['UnixDate'],
    319325      );
  • trunk/Modules/ShoutBox/ShoutBox.php

    r839 r851  
    6363    {
    6464      $SearchQuery = ' AND (`Text` LIKE "%'.$_SESSION['search'].'%")';
    65       $Output .= '<div><a href="?search=">'.sprintf(T('Disable filter "%s"'), $_SESSION['search']).'</a></div>';
     65      $Output .= '<div><a href="?search=">'.sprintf(T('Disable filter "%s"'), htmlentities($_SESSION['search'])).'</a></div>';
    6666    } else $SearchQuery = '';
    6767
  • trunk/Modules/Team/Team.php

    r849 r851  
    4747    {
    4848      $SearchQuery = ' AND ((`Name` LIKE "%'.$_SESSION['search'].'%") OR (`Description` LIKE "%'.$_SESSION['search'].'%"))';
    49       $Output .= '<div><a href="?search=">'.sprintf(T('Disable filter "%s"'), $_SESSION['search']).'</a></div>';
     49      $Output .= '<div><a href="?search=">'.sprintf(T('Disable filter "%s"'), htmlspecialchars($_SESSION['search'])).'</a></div>';
    5050    } else $SearchQuery = '';
    5151
     
    7575    {
    7676      $Output .= '<tr>'.
    77         '<td><a href="?action=team&amp;id='.$Team['Id'].'">'.$Team['Name'].'</a></td>'.
    78         '<td><a href="http://'.$Team['URL'].'">'.$Team['URL'].'</a></td>'.
     77        '<td><a href="?action=team&amp;id='.$Team['Id'].'">'.htmlspecialchars($Team['Name']).'</a></td>'.
     78        '<td><a href="http://'.$Team['URL'].'">'.htmlspecialchars($Team['URL']).'</a></td>'.
    7979        '<td><a href="'.$this->System->Link('/user/?user='.$Team['Leader']).'">'.$Team['LeaderName'].'</a></td>'.
    8080        '<td><a href="'.$this->System->Link('/users/?team='.$Team['Id']).'" title="Zobrazit členy týmu">'.$Team['NumberUser'].'</a></td>'.
     
    157157          $Output = '<form action="?action=finish_modify&amp;id='.$_GET['id'].'" method="post">'.
    158158            '<fieldset><legend>Nastavení týmu</legend>'.
    159             '<table><tr><td>Jméno:</td><td><input type="text" name="Name" value="'.$Team['Name'].'"/></td></tr>'.
    160             '<tr><td>Webové stránky:</td><td>http://<input type="text" name="URL" value="'.$Team['URL'].'"/></td></tr>'.
    161             '<tr><td>Popis:</td><td><input type="text" name="Description" value="'.$Team['Description'].'"/></td></tr>'.
    162             '<tr><td colspan="2"><input type="submit" value="Uložit" /></td></tr>'.
     159            '<table><tr><td>Jméno:</td><td><input type="text" name="Name" value="'.htmlspecialchars($Team['Name']).'"/></td></tr>'.
     160            '<tr><td>Webové stránky:</td><td>http://<input type="text" name="URL" value="'.htmlspecialchars($Team['URL']).'"/></td></tr>'.
     161            '<tr><td>Popis:</td><td><input type="text" name="Description" value="'.htmlspecialchars($Team['Description']).'"/></td></tr>'.
     162            '<tr><td colspan="2"><input type="submit" value="'.T('Save').'" /></td></tr>'.
    163163            '</table></fieldset></form>';
    164164        } else $Output = ShowMesage('Tým nenalezen.', MESSAGE_CRITICAL);
     
    230230        } else $Leader = array('Name' => '', 'Id' => 0);
    231231
    232         $Output .='<h3>'.T('Translation team').' '.$Team['Name'].'</h3><br />'.
    233           T('Web pages').': <a href="http://'.$Team['URL'].'">'.$Team['URL'].'</a><br/>'.
     232        $Output .='<h3>'.T('Translation team').' '.htmlspecialchars($Team['Name']).'</h3><br />'.
     233          T('Web pages').': <a href="http://'.htmlspecialchars($Team['URL']).'">'.htmlspecialchars($Team['URL']).'</a><br/>'.
    234234          T('Leader').': <a href="'.$this->System->Link('/user/?user='.$Leader['Id']).'">'.$Leader['Name'].'</a><br/>';
    235235        if($Team['Description'] != '')
    236           $Output .= T('Description').': '.$Team['Description'].'<br />';
     236          $Output .= T('Description').': '.htmlspecialchars($Team['Description']).'<br />';
    237237        $Output .= '<br />';
    238238        //$Output .= '<a href="export/?team='.$Team['Id'].'">Exportovat překlad týmu</a> ';
     
    241241        $XP = GetLevelMinMax($Team['AverageXP']);
    242242        $Output .='<fieldset><legend>'.T('Statistics').'</legend>'.
    243           T('Team member count').': <a href="'.$this->System->Link('/userlist/?team='.$Team['Id']).'" title="Zobrazit členy týmu">'.$Team['NumberUser'].'</a><br />'.
     243          T('Team member count').': <a href="'.$this->System->Link('/users/?team='.$Team['Id']).'" title="Zobrazit členy týmu">'.$Team['NumberUser'].'</a><br />'.
    244244          T('Team number of translated texts').': <strong>'.$Team['NumberTranslate'].'</strong><br />'.
    245245          T('Average level of team members').': <strong>'.$XP['Level'].'</strong> '.T('experience').': '.ProgressBar(150, round($XP['XP'] / $XP['MaxXP'] * 100, 2), $XP['XP'].' / '.$XP['MaxXP']).'<br />'.
  • trunk/Modules/User/Options.php

    r848 r851  
    3030      '<tr><td>'.T('Preferred client version').': </td><td>'.ClientVersionSelection($this->System->User->PreferredVersion).'</td></tr>'.
    3131      '<tr><td>'.T('Public profile text').':</td><td>'.
    32       '<textarea name="info" cols="60" rows="10">'.$this->System->User->Info.'</textarea></td></tr>';
     32      '<textarea name="info" cols="60" rows="10">'.htmlspecialchars($this->System->User->Info).'</textarea></td></tr>';
    3333
    3434    $Output .= '<tr><td>';
     
    6464      $Output .= '<option value="'.$LineTeam['Id'].'"';
    6565      if ($LineTeam['Id'] == $this->System->User->Team) $Output .= ' selected="selected"';
    66       $Output .= '>'.$LineTeam['Name'].'</option>';
     66      $Output .= '>'.htmlspecialchars($LineTeam['Name']).'</option>';
    6767    }
    6868    $Output .= '</select> <input type="submit" value="'.T('Enter').'" />
  • trunk/Modules/User/Profile.php

    r850 r851  
    6464      if($this->System->User->Id != null) $Action .= ' <a href="'.$this->System->Link('/export/?Action=Clone&amp;ExportId='.$Export['Id']).'" onclick="return confirmAction(\''.T('Really clone item?').'\');">'.T('Clone').'</a>';
    6565      $Output .= '<tr><td>'.HumanDate($Export['TimeCreate']).'</td>'.
    66         '<td>'.$Export['Title'].'</td>'.
     66        '<td>'.htmlspecialchars($Export['Title']).'</td>'.
    6767        '<td>'.$Export['OutputType'].'</td>'.
    6868        '<td><a href="'.$this->System->Link('/client-version/?action=item&amp;id='.$Export['ClientVersionId']).'">'.$Export['ClientVersion'].'</a></td>'.
     
    109109      {
    110110        $Output .= '<tr><td>'.HumanDate($DbRow['ModifyTime']).'</td>'.
    111             '<td><a href="'.$this->System->Link('/form.php?group='.$DbRow['Group'].'&amp;ID='.$DbRow['ID']).'">'.$DbRow['ID'].'</a></td>'.
    112             '<td><a href="'.$this->System->Link('/form.php?group='.$DbRow['Group'].'&amp;ID='.$DbRow['Take']).'">'.$DbRow['Take'].'</a></td>'.
    113             '<td><a href="'.$this->System->Link('/TranslationList.php?group='.$DbRow['Group'].'&amp;action=filter').'">'.T($DbRow['GroupName']).'</a></td></tr>';
     111          '<td><a href="'.$this->System->Link('/form.php?group='.$DbRow['Group'].'&amp;ID='.$DbRow['ID']).'">'.$DbRow['ID'].'</a></td>'.
     112          '<td><a href="'.$this->System->Link('/form.php?group='.$DbRow['Group'].'&amp;ID='.$DbRow['Take']).'">'.$DbRow['Take'].'</a></td>'.
     113          '<td><a href="'.$this->System->Link('/TranslationList.php?group='.$DbRow['Group'].'&amp;action=filter').'">'.T($DbRow['GroupName']).'</a></td></tr>';
    114114      }
    115115      $Output .= '</table>';
     
    125125
    126126    $Output .= '<div class="shoutbox">';
    127     $DbResult = $this->System->Database->query('SELECT `ForumText`.`Text`, `ForumText`.`Date`, `ForumText`.`UserName`,`ForumThread`.`Text` as `ThreadName`,`ForumText`.`Thread` FROM `ForumText` JOIN `ForumThread` ON `ForumThread`.`ID` = `ForumText`.`Thread` WHERE `ForumText`.`User` = '.($_GET['user'] * 1).' ORDER BY `ForumText`.`Date` DESC LIMIT '.$Count);
     127    $DbResult = $this->System->Database->query('SELECT `ForumText`.`Text`, '.
     128      '`ForumText`.`Date`, `ForumText`.`UserName`,`ForumThread`.`Text` AS `ThreadName`, '.
     129      '`ForumText`.`Thread` FROM `ForumText` '.
     130      'JOIN `ForumThread` ON `ForumThread`.`ID` = `ForumText`.`Thread` '.
     131      'WHERE `ForumText`.`User` = '.($_GET['user'] * 1).' ORDER BY `ForumText`.`Date` DESC LIMIT '.$Count);
    128132    while($Line = $DbResult->fetch_assoc())
    129       $Output .= '<div><a href="'.$this->System->Link('/forum/?Thread='.$Line['Thread']).'">'.$Line['ThreadName'].'</a><br /><strong>'.$Line['UserName'].'</strong> ('.HumanDate($Line['Date']).'): '.$parser->qparse($Line['Text']).'</div> ';
     133      $Output .= '<div><a href="'.$this->System->Link('/forum/?Thread='.$Line['Thread']).'">'.htmlspecialchars($Line['ThreadName']).'</a><br />'.
     134        '<strong>'.$Line['UserName'].'</strong> ('.HumanDate($Line['Date']).'): '.htmlspecialchars($parser->qparse($Line['Text'])).'</div> ';
    130135    $Output .= '</div>';
    131136    return($Output);
     
    159164        T('Level:').' <strong>'.$XP['Level'].'</strong> '.T('experience:').' '.ProgressBar(150, round($XP['XP'] / $XP['MaxXP'] * 100, 2), $XP['XP'].' / '.$XP['MaxXP']).'<br/>';
    160165      if($UserLine['TeamName'] != '')
    161         $Output .= T('Member of team:').' <a href="'.$this->System->Link('/team/?action=team&amp;id='.$UserLine['Team']).'"><strong>'.$UserLine['TeamName'].'</strong></a><br />';
     166        $Output .= T('Member of team:').' <a href="'.$this->System->Link('/team/?action=team&amp;id='.$UserLine['Team']).'"><strong>'.htmlspecialchars($UserLine['TeamName']).'</strong></a><br />';
    162167
    163168      // User tags
     
    175180      }
    176181
    177     $Output .= '<br /><fieldset><legend>'.T('Profile text:').'</legend>'.str_replace("\n", '<br/>', $UserLine['Info']).'</fieldset><br/>';
     182    $Output .= '<br /><fieldset><legend>'.T('Profile text:').'</legend>'.htmlspecialchars(str_replace("\n", '<br/>', $UserLine['Info'])).'</fieldset><br/>';
    178183
    179184    $Output .= '<table class="Home"><tr>'.
     
    183188    $Output .= '<br />'.$this->ShowLastForum().'<br />';
    184189    if($this->System->User->Licence(LICENCE_MODERATOR))
    185    {
     190    {
    186191      $Output .= '<fieldset><legend>Moderování</legend>';
    187192
    188193      $Output .= '<form action="?user='.($_GET['user'] * 1).'" method="post">Přidání tagu uživateli:<br />';
    189       $Query = 'SELECT * FROM UserTagType';
     194      $Query = 'SELECT * FROM `UserTagType`';
    190195      $DbResult = $this->Database->query($Query);
    191196      while ($UserTag = $DbResult->fetch_array()) {
  • trunk/Modules/User/Registration.php

    r844 r851  
    1919    <fieldset><legend>'.T('New user registration').'</legend>
    2020    <table>
    21     <tr><td colspan="2">'.T('Please read carefully <a href="'.$this->System->Link('/info/').'">translation guidelines</a> and follow them. Translate with diacritics!').'<br/><br/></td></tr>
     21    <tr><td colspan="2">'.sprintf(T('Please read carefully %s and follow them. Translate with diacritics!'),
     22      '<a href="'.$this->System->Link('/info/').'">'.T('translation guidelines').'</a>').
     23      '<br/><br/></td></tr>
    2224    <tr>
    2325    <th class="Left">'.T('Are you human?').'</th>';
     
    2729    </tr>
    2830    <tr>
    29     <th class="Left">'.T('Name:').'</th>
     31    <th class="Left">'.T('Name').':</th>
    3032    <td><input type="text" name="user" value="'.$UserName.'"/></td>
    3133    </tr>
    3234    <tr>
    33     <th class="Left">'.T('Password:').'</th>
     35    <th class="Left">'.T('Password').':</th>
    3436    <td><input type="password" name="pass" /></td>
    3537    </tr>
    3638    <tr>
    37     <th class="Left">'.T('Password confirmation:').'</th>
     39    <th class="Left">'.T('Password confirmation').':</th>
    3840    <td><input type="password" name="pass2" /></td>
    3941    </tr>
    4042    <tr>
    41     <th class="Left">'.T('E-mail:').'</th>
     43    <th class="Left">'.T('E-mail').':</th>
    4244    <td><input type="text" name="Email" value="'.$Email.'"/></td>
    4345    </tr>
    4446    <tr>
    45     <th class="Left">'.T('I will translate normally to:').'</th>
     47    <th class="Left">'.T('I will translate normally to').':</th>
    4648    <td>'.WriteLanguages($Language).'</td>
    4749    </tr>
    4850    <tr>
    49     <th class="Left">'.T('I belong to team:').'</th>';
     51    <th class="Left">'.T('I belong to team').':</th>';
    5052    if($Team == '') $Selected = ' selected="selected"';
    5153      else $Selected = '';
     
    5658      if($Team == $Line['Id']) $Selected = ' selected="selected"';
    5759      else $Selected = '';
    58       $Output .= '<option value="0'.$Line['Id'].'"'.$Selected.'>'.$Line['Name'].'</option>';
     60      $Output .= '<option value="0'.$Line['Id'].'"'.$Selected.'>'.htmlspecialchars($Line['Name']).'</option>';
    5961    }
    6062    $Output .= '</select>';
    6163    $Output .= '</td></tr>'.
    62       '<tr><th class="Left">'.T('Preferred client version:').'</th><td>'.ClientVersionSelection('').'</td></tr>';
     64      '<tr><th class="Left">'.T('Preferred client version').':</th><td>'.ClientVersionSelection('').'</td></tr>';
    6365
    6466    $Query = 'SELECT * FROM UserTagType';
    6567    $DbResult = $this->Database->query($Query);
    6668    $Output .= '<tr><th class="Left">'.
    67       T('Select rules which you will apply during translation:').'</th><td>';
     69      T('Select rules which you will apply during translation').':</th><td>';
    6870    while ($UserTag = $DbResult->fetch_array())
    6971    {
  • trunk/Modules/User/UserList.php

    r843 r851  
    2020    {
    2121      $TeamId = $_GET['team'] * 1;
    22       $DbResult = $this->Database->select('Team', 'Name', 'Id='.$TeamId);
     22      $DbResult = $this->Database->select('Team', 'Name', '`Id`='.$TeamId);
    2323      if($DbResult->num_rows > 0)
    2424      {
    2525        $Team = $DbResult->fetch_assoc();
    26         $Output .= '<h3>'.sprintf(T('Users in team %s'), $Team['Name']).'</h3>';
     26        $Output .= '<h3>'.sprintf(T('Users in team %s'), htmlspecialchars($Team['Name'])).'</h3>';
    2727        $TeamFilter = ' AND (`Team`='.$_GET['team'].')';
    2828      } else {
  • trunk/locale/cs.php

    r850 r851  
    286286      'Select rules which you will apply during translation' => 'Vyberte pravidla, kterými se při překladu chcete řídit',
    287287      'Register' => 'Registrovat',
    288       'Please read carefully <a href="info.php">translation guidelines</a> and follow them. Translate with diacritics!' => 'Pozorně si přečtěte <a href="info.php">pokyny k překladu</a> a řiďte se jimi. Překládat je nutno včetně háčků a čárek!',
     288      'Please read carefully %s and follow them. Translate with diacritics!' => 'Pozorně si přečtěte %s a řiďte se jimi. Překládat je nutno včetně háčků a čárek!',
     289      'translation guidelines' => 'pokyny k překladu',
    289290      'Untranslated' => 'Nepřeložené',
    290291      'Own' => 'Vlastní',
     
    497498        'edit' => 'upravit',
    498499        'Post' => 'Příspěvek',
     500        'Export %s of translator %s' => 'Export %s překladatele %s',
    499501      ),
    500502      'URL' => array(
Note: See TracChangeset for help on using the changeset viewer.