diff options
Diffstat (limited to 'utils/forms.php')
| -rw-r--r-- | utils/forms.php | 37 |
1 files changed, 20 insertions, 17 deletions
diff --git a/utils/forms.php b/utils/forms.php index 126d29f..0268315 100644 --- a/utils/forms.php +++ b/utils/forms.php @@ -1,4 +1,7 @@ <?php + +include_once($UTIL_DIR."/convert.php"); + class LineEdit { public $label, $name, $value; @@ -12,8 +15,8 @@ class LineEdit { function render($indent = "") { $str = $indent . "<div class=\"input\">\n"; - $str .= $indent . " <div class=\"label\">". $this->label ."</div>\n"; - $str .= $indent . " <div class=\"widget\"><input name=\"vars[".$this->name."]\" value=\"".$this->value."\"/></div>\n"; + $str .= $indent . " <div class=\"label\">". xmlenc($this->label) ."</div>\n"; + $str .= $indent . " <div class=\"widget\"><input name=\"vars[".$this->name."]\" value=\"".xmlenc($this->value)."\"/></div>\n"; $str .= $indent . "</div>\n"; return $str; } @@ -32,8 +35,8 @@ class LineEditPwd { function render($indent = "") { $str = $indent . "<div class=\"input\">\n"; - $str .= $indent . " <div class=\"label\">". $this->label ."</div>\n"; - $str .= $indent . " <div class=\"widget\"><input name=\"vars[".$this->name."]\" value=\"".$this->value."\" type=\"password\"/></div>\n"; + $str .= $indent . " <div class=\"label\">". xmlenc($this->label) ."</div>\n"; + $str .= $indent . " <div class=\"widget\"><input name=\"vars[".$this->name."]\" value=\"".xmlenc($this->value)."\" type=\"password\"/></div>\n"; $str .= $indent . "</div>\n"; return $str; } @@ -52,7 +55,7 @@ class FileUpload { public function render($indent = "") { $str = $indent . "<div class=\"input\">\n"; - $str .= $indent . " <div class=\"label\">". $this->label . "</div>\n"; + $str .= $indent . " <div class=\"label\">". xmlenc($this->label) . "</div>\n"; $str .= $indent . " <div class=\"widget\"><input type=\"file\" name=\"" . $this->name. "\" accept=\"". $this->accept ."\"/></div>\n"; $str .= $indent . "</div>\n"; @@ -92,8 +95,8 @@ class CheckBox { public function render($indent = "") { $str = $indent . "<div class=\"input\">\n"; - $str .= $indent . " <div class=\"label\">". $this->label ."</div>\n"; - $str .= $indent . " <div class=\"widget\"><input type=\"checkbox\" name=\"vars[".$this->name."]\" value=\"".$this->value."\"/></div>\n"; + $str .= $indent . " <div class=\"label\">". xmlenc($this->label) ."</div>\n"; + $str .= $indent . " <div class=\"widget\"><input type=\"checkbox\" name=\"vars[".$this->name."]\" value=\"".xmlenc($this->value)."\"/></div>\n"; $str .= $indent . "</div>\n"; return $str; } @@ -113,12 +116,12 @@ class ComboBox { public function render($indent = "") { $str = $indent . "<div class=\"input\">\n"; - $str .= $indent . " <div class=\"label\">".$this->label."</div>\n"; + $str .= $indent . " <div class=\"label\">".xmlenc($this->label)."</div>\n"; $str .= $indent . " <div class=\"widget\">\n"; $str .= $indent . " <select name=\"vars[".$this->name."]\">\n"; foreach($this->values as $k => $v) { - if($v != $this->value) $str .= $indent . " <option value=\"".$v."\">".$k."</option>\n"; - else $str .= $indent . " <option value=\"".$v."\" selected>".$k."</option>\n"; + if($v != $this->value) $str .= $indent . " <option value=\"".xmlenc($v)."\">".xmlenc($k)."</option>\n"; + else $str .= $indent . " <option value=\"".xmlenc($v)."\" selected>".xmlenc($k)."</option>\n"; } $str .= $indent . " </select>\n"; $str .= $indent . " </div>\n"; @@ -139,7 +142,7 @@ class Hidden { { $str = ""; foreach($this->values as $key => $value) { - $str .= $indent . "<input type=\"hidden\" name=\"vars[".$key."]\" value=\"".$value."\"/>\n"; + $str .= $indent . "<input type=\"hidden\" name=\"vars[".$key."]\" value=\"".xmlenc($value)."\"/>\n"; } return $str; } @@ -159,8 +162,8 @@ class TextEdit { function render($indent = "") { $str = $indent . "<div class=\"input\">\n"; - $str .= $indent . " <div class=\"label\">". $this->label ."</div>\n"; - $str .= $indent . " <div class=\"widget\"><textarea rows=\"".$this->lines."\" class=\"textedit\" name=\"vars[".$this->name."]\">".$this->value."</textarea></div>\n"; + $str .= $indent . " <div class=\"label\">". xmlenc($this->label) ."</div>\n"; + $str .= $indent . " <div class=\"widget\"><textarea rows=\"".$this->lines."\" class=\"textedit\" name=\"vars[".$this->name."]\">".xmlenc($this->value)."</textarea></div>\n"; $str .= $indent . "</div>\n"; return $str; } @@ -189,7 +192,7 @@ class DateTimeEdit { $year = date('Y',$t); $str = $indent . "<div class=\"input\">\n"; - $str .= $indent . " <div class=\"label\">".$this->label."</div>\n"; + $str .= $indent . " <div class=\"label\">".xmlenc($this->label)."</div>\n"; $str .= $indent . " <div class=\"widget\">\n"; $str .= $indent . " <input style=\"width: 50px;\" name=\"vars[".$this->name."_year]\" value=\"".$year."\"/>"; $str .= "/<input style=\"width: 30px;\" name=\"vars[".$this->name."_month]\" value=\"".$month."\"/>"; @@ -237,7 +240,7 @@ class ImageComboBox { else $numicons = sizeof($this->values); $str = $indent . "<div class=\"input\">\n"; - $str .= $indent . " <div class=\"label\">".$this->label."</div>\n"; + $str .= $indent . " <div class=\"label\">".xmlenc($this->label)."</div>\n"; $str .= $indent . " <div class=\"widget\">\n"; $str .= $indent . " <script type=\"text/javascript\">\n"; $str .= $indent . " function setSelection(value)\n"; @@ -391,14 +394,14 @@ class MultiList { function render($indent = "") { $str = $indent . "<div class=\"input\">\n"; - $str .= $indent . " <div class=\"label\">". $this->label ."</div>\n"; + $str .= $indent . " <div class=\"label\">". xmlenc($this->label) ."</div>\n"; $str .= $indent . " <div class=\"widget\">\n"; $str .= $indent . " <select multiple size=\"8\" id=\"items\" name=\"".$this->name."[]\">\n"; if(sizeof($this->values)) { foreach($this->values as $value => $active) { if($active == true) $sel = " selected=\"true\""; else $sel = ""; - $str .= $indent . " <option value=\"".$value."\"".$sel.">".$value."</option>\n"; + $str .= $indent . " <option value=\"".xmlenc($value)."\"".$sel.">".xmlenc($value)."</option>\n"; } } $str .= $indent . " </select>\n"; |