Ignore:
Timestamp:
Jan 17, 2016, 10:07:13 PM (8 years ago)
Author:
chronos
Message:
  • Fixed: Use htmlspecialchars function for user inserted content to avoid breaking page HTML structure. Added for forum, teams, dictionary and profile text.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Modules/User/Registration.php

    r844 r851  
    1919    <fieldset><legend>'.T('New user registration').'</legend>
    2020    <table>
    21     <tr><td colspan="2">'.T('Please read carefully <a href="'.$this->System->Link('/info/').'">translation guidelines</a> and follow them. Translate with diacritics!').'<br/><br/></td></tr>
     21    <tr><td colspan="2">'.sprintf(T('Please read carefully %s and follow them. Translate with diacritics!'),
     22      '<a href="'.$this->System->Link('/info/').'">'.T('translation guidelines').'</a>').
     23      '<br/><br/></td></tr>
    2224    <tr>
    2325    <th class="Left">'.T('Are you human?').'</th>';
     
    2729    </tr>
    2830    <tr>
    29     <th class="Left">'.T('Name:').'</th>
     31    <th class="Left">'.T('Name').':</th>
    3032    <td><input type="text" name="user" value="'.$UserName.'"/></td>
    3133    </tr>
    3234    <tr>
    33     <th class="Left">'.T('Password:').'</th>
     35    <th class="Left">'.T('Password').':</th>
    3436    <td><input type="password" name="pass" /></td>
    3537    </tr>
    3638    <tr>
    37     <th class="Left">'.T('Password confirmation:').'</th>
     39    <th class="Left">'.T('Password confirmation').':</th>
    3840    <td><input type="password" name="pass2" /></td>
    3941    </tr>
    4042    <tr>
    41     <th class="Left">'.T('E-mail:').'</th>
     43    <th class="Left">'.T('E-mail').':</th>
    4244    <td><input type="text" name="Email" value="'.$Email.'"/></td>
    4345    </tr>
    4446    <tr>
    45     <th class="Left">'.T('I will translate normally to:').'</th>
     47    <th class="Left">'.T('I will translate normally to').':</th>
    4648    <td>'.WriteLanguages($Language).'</td>
    4749    </tr>
    4850    <tr>
    49     <th class="Left">'.T('I belong to team:').'</th>';
     51    <th class="Left">'.T('I belong to team').':</th>';
    5052    if($Team == '') $Selected = ' selected="selected"';
    5153      else $Selected = '';
     
    5658      if($Team == $Line['Id']) $Selected = ' selected="selected"';
    5759      else $Selected = '';
    58       $Output .= '<option value="0'.$Line['Id'].'"'.$Selected.'>'.$Line['Name'].'</option>';
     60      $Output .= '<option value="0'.$Line['Id'].'"'.$Selected.'>'.htmlspecialchars($Line['Name']).'</option>';
    5961    }
    6062    $Output .= '</select>';
    6163    $Output .= '</td></tr>'.
    62       '<tr><th class="Left">'.T('Preferred client version:').'</th><td>'.ClientVersionSelection('').'</td></tr>';
     64      '<tr><th class="Left">'.T('Preferred client version').':</th><td>'.ClientVersionSelection('').'</td></tr>';
    6365
    6466    $Query = 'SELECT * FROM UserTagType';
    6567    $DbResult = $this->Database->query($Query);
    6668    $Output .= '<tr><th class="Left">'.
    67       T('Select rules which you will apply during translation:').'</th><td>';
     69      T('Select rules which you will apply during translation').':</th><td>';
    6870    while ($UserTag = $DbResult->fetch_array())
    6971    {
Note: See TracChangeset for help on using the changeset viewer.