Changeset 851 for trunk/Modules/Export/Page.php

Timestamp:

Jan 17, 2016, 10:07:13 PM (8 years ago)

Author:

chronos

Message:

• Fixed: Use htmlspecialchars function for user inserted content to avoid breaking page HTML structure. Added for forum, teams, dictionary and profile text.

File:

• trunk/Modules/Export/Page.php (modified) (4 diffs)

trunk/Modules/Export/Page.php

@@ -70 +70 @@
       $Output .= '<tr><td>'.HumanDate($Export['TimeCreate']).'</td>'.
           '<td><a href="'.$this->System->Link('/user/?user='.$Export['User']).'">'.$Export['UserName'].'</a></td>'.
-          '<td>'.$Export['Title'].'</td>'.
+          '<td>'.htmlspecialchars($Export['Title']).'</td>'.
           '<td>'.$Export['OutputType'].'</td>'.
           '<td><a href="'.$this->System->Link('/client-version/?action=item&amp;id='.$Export['ClientVersionId']).'">'.$Export['ClientVersion'].'</a></td>'.
@@ -304 +304 @@
         $Output .= '<input type="hidden" name="Operation" value="Save"/>'.
             '<tr><td colspan="2">';
-        if($Editable) $Output .= ' <input type="submit" value="Uložit" '.$DisabledInput[$Editable].'/>';
+        if($Editable) $Output .= ' <input type="submit" value="'.T('Save').'" '.$DisabledInput[$Editable].'/>';
         $Output .= ' <a href="?Action=Clone&amp;ExportId='.$Export['Id'].'" onclick="return confirmAction(\''.T('Realy clone item?').'\');">'.T('Clone').'</a> ';
         if($this->System->User->Licence(LICENCE_ADMIN))
@@ -310 +310 @@
         $Output .= '</td></tr>';
       }
-      $Output .= '<tr><td>'.T('Identification').':</td><td><input type="text" style="width: 400px" name="Title" value="'.$Export['Title'].'"'.$DisabledInput[$Editable].'/></td></tr>'.
-          '<tr><td>Popis:</td><td><textarea name="Description" cols="54" rows="10"'.$DisabledTextArea[$Editable].'>'.$Export['Description'].'</textarea></td></tr>'.
+      $Output .= '<tr><td>'.T('Identification').':</td><td><input type="text" style="width: 400px" name="Title" value="'.htmlspecialchars($Export['Title']).'"'.$DisabledInput[$Editable].'/></td></tr>'.
+          '<tr><td>'.T('Description').':</td><td><textarea name="Description" cols="54" rows="10"'.$DisabledTextArea[$Editable].'>'.htmlspecialchars($Export['Description']).'</textarea></td></tr>'.
           '<tr><td>'.T('With diacritics').'</td><td><input type="checkbox" name="WithDiacritic" '.$WithDiacritic.''.$DisabledInput[$Editable].'/></td></tr>'.
           '</table></form>';
@@ -752 +752 @@
         $DbResult = $this->System->Database->query('SELECT * FROM `User` WHERE `ID`='.$Export['User']);
         $UserLine = $DbResult->fetch_assoc();
-        $Output .= 'Export <strong><a href="?Action=View&amp;Tab=6&amp;ExportId='.$Export['Id'].'">'.$_GET['ExportId'].'</a></strong> překladatele <strong>'.$UserLine['Name'].'</strong> s označením <strong>'.$Export['Title'].'</strong>';
-        $Output .= ShowTabs(array(T('General'), T('Translators'), T('Translations'), T('Languages'), T('Format'), T('Version'), T('Statistic'), T('Output')));
+        $Output .= sprintf(T('Export %s of translator %s'),
+          '<strong><a href="?Action=View&amp;Tab=6&amp;ExportId='.$Export['Id'].'">'.htmlspecialchars($Export['Title']).'</a></strong>',
+          '<strong>'.$UserLine['Name'].'</strong>');
+        $Output .= ShowTabs(array(T('General'), T('Translators'),
+          T('Translations'), T('Languages'), T('Format'), T('Version'),
+          T('Statistic'), T('Output')));
         $Output .= '<div id="content">';
         if($_SESSION['Tab'] == TAB_GENERAL) $Output .= $this->ExportViewGeneral();