AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improve HTML escaping

This commit is contained in:
Frédéric Guillot 2014-02-24 18:29:09 -05:00
parent 64e2e07229
commit 8159cc99a6
6 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/translator.php
View File

@ -11,6 +11,10 @@ namespace Translator {
\array_shift($args);
\array_unshift($args, get($identifier, $identifier));
foreach ($args as &$arg) {
$arg = htmlspecialchars($arg, ENT_QUOTES, 'UTF-8', false);
}
return \call_user_func_array(
'sprintf',
$args
@ -77,7 +81,6 @@ namespace Translator {
foreach ($dir as $fileinfo) {
if (strpos($fileinfo->getFilename(), '.php') !== false) {
$locales = array_merge($locales, include $fileinfo->getPathname());
}
}
@ -91,7 +94,6 @@ namespace Translator {
static $values = array();
if ($locales !== null) {
$values = $locales;
}

2
templates/board_remove.php
View File

@ -5,7 +5,7 @@
<div class="confirm">
<p class="alert alert-info">
<?= t('Do you really want to remove this column: "%s"?', Helper\escape($column['title'])) ?>
<?= t('Do you really want to remove this column: "%s"?', $column['title']) ?>
<?= t('This action will REMOVE ALL TASKS associated to this column!') ?>
</p>

9
templates/config_index.php
View File

@ -27,7 +27,10 @@
<?= t('Webhooks token:') ?>
<strong><?= Helper\escape($values['webhooks_token']) ?></strong>
</li>
<li><?= t('Database size:') ?> <strong><?= Helper\format_bytes($db_size) ?></strong></li>
<li>
<?= t('Database size:') ?>
<strong><?= Helper\format_bytes($db_size) ?></strong>
</li>
<li>
<a href="?controller=config&amp;action=downloadDb"><?= t('Download the database') ?></a>
<?= t('(Gzip compressed Sqlite file)') ?>
@ -38,7 +41,7 @@
</li>
<li>
<?= t('Official website:') ?>
<a href="http://kanboard.net/" target="_blank">http://kanboard.net/</a>
<a href="http://kanboard.net/" target="_blank" rel="noreferer">http://kanboard.net/</a>
</li>
<li>
<?= t('Application version:') ?>
@ -55,7 +58,7 @@
<ul>
<li>
<strong><?= t('My default project:') ?> </strong>
<?= (isset($user['default_project_id']) && isset($projects[$user['default_project_id']])) ? $projects[$user['default_project_id']] : t('None') ?>,
<?= (isset($user['default_project_id']) && isset($projects[$user['default_project_id']])) ? Helper\escape($projects[$user['default_project_id']]) : t('None') ?>,
<a href="?controller=user&amp;action=edit&amp;user_id=<?= $user['id'] ?>"><?= t('edit') ?></a>
</li>
</ul>

2
templates/project_remove.php
View File

@ -5,7 +5,7 @@
<div class="confirm">
<p class="alert alert-info">
<?= t('Do you really want to remove this project: "%s"?', Helper\escape($project['name'])) ?>
<?= t('Do you really want to remove this project: "%s"?', $project['name']) ?>
</p>
<div class="form-actions">

2
templates/user_index.php
View File

@ -27,7 +27,7 @@
<?= $user['is_admin'] ? t('Yes') : t('No') ?>
</td>
<td>
<?= (isset($user['default_project_id']) && isset($projects[$user['default_project_id']])) ? $projects[$user['default_project_id']] : t('None'); ?>
<?= (isset($user['default_project_id']) && isset($projects[$user['default_project_id']])) ? Helper\escape($projects[$user['default_project_id']]) : t('None'); ?>
</td>
<td>
<?php if (Helper\is_admin() || Helper\is_current_user($user['id'])): ?>

2
templates/user_remove.php
View File

@ -4,7 +4,7 @@
</div>
<div class="confirm">
<p class="alert alert-info"><?= t('Do you really want to remove this user: "%s"?', Helper\escape($user['username'])) ?></p>
<p class="alert alert-info"><?= t('Do you really want to remove this user: "%s"?', $user['username']) ?></p>
<div class="form-actions">
<a href="?controller=user&amp;action=remove&amp;user_id=<?= $user['id'] ?>" class="btn btn-red"><?= t('Yes') ?></a>