From 9cff69d330760c133d2b22c96da7a89e319b2362 Mon Sep 17 00:00:00 2001
From: deva <deva>
Date: Sun, 28 Feb 2010 13:06:39 +0000
Subject: Better control of xml enconding... still a lot of testing to do
 though.

---
 utils/forms.php | 37 ++++++++++++++++++++-----------------
 1 file changed, 20 insertions(+), 17 deletions(-)

(limited to 'utils/forms.php')

diff --git a/utils/forms.php b/utils/forms.php
index 126d29f..0268315 100644
--- a/utils/forms.php
+++ b/utils/forms.php
@@ -1,4 +1,7 @@
 <?php
+
+include_once($UTIL_DIR."/convert.php");
+
 class LineEdit {
 	public $label, $name, $value;
 		
@@ -12,8 +15,8 @@ class LineEdit {
 	function render($indent = "")
 	{
 		$str  = $indent . "<div class=\"input\">\n";
-		$str .= $indent . "  <div class=\"label\">". $this->label ."</div>\n";
-		$str .= $indent . "  <div class=\"widget\"><input name=\"vars[".$this->name."]\" value=\"".$this->value."\"/></div>\n";
+		$str .= $indent . "  <div class=\"label\">". xmlenc($this->label) ."</div>\n";
+		$str .= $indent . "  <div class=\"widget\"><input name=\"vars[".$this->name."]\" value=\"".xmlenc($this->value)."\"/></div>\n";
 		$str .= $indent . "</div>\n";
 		return $str;
 	}
@@ -32,8 +35,8 @@ class LineEditPwd {
 	function render($indent = "")
 	{
 		$str  = $indent . "<div class=\"input\">\n";
-		$str .= $indent . "  <div class=\"label\">". $this->label ."</div>\n";
-		$str .= $indent . "  <div class=\"widget\"><input name=\"vars[".$this->name."]\" value=\"".$this->value."\" type=\"password\"/></div>\n";
+		$str .= $indent . "  <div class=\"label\">". xmlenc($this->label) ."</div>\n";
+		$str .= $indent . "  <div class=\"widget\"><input name=\"vars[".$this->name."]\" value=\"".xmlenc($this->value)."\" type=\"password\"/></div>\n";
 		$str .= $indent . "</div>\n";
 		return $str;
 	}
@@ -52,7 +55,7 @@ class FileUpload {
 	public function render($indent = "")
 	{
 		$str  = $indent . "<div class=\"input\">\n";
-		$str .= $indent . "  <div class=\"label\">". $this->label . "</div>\n";
+		$str .= $indent . "  <div class=\"label\">". xmlenc($this->label) . "</div>\n";
 		$str .= $indent . "  <div class=\"widget\"><input type=\"file\" name=\"" 
 			. $this->name. "\" accept=\"". $this->accept ."\"/></div>\n";
 		$str .= $indent . "</div>\n";
@@ -92,8 +95,8 @@ class CheckBox {
 	public function render($indent = "")
 	{
 		$str  = $indent . "<div class=\"input\">\n";
-		$str .= $indent . "  <div class=\"label\">". $this->label ."</div>\n";
-		$str .= $indent . "  <div class=\"widget\"><input type=\"checkbox\" name=\"vars[".$this->name."]\" value=\"".$this->value."\"/></div>\n";
+		$str .= $indent . "  <div class=\"label\">". xmlenc($this->label) ."</div>\n";
+		$str .= $indent . "  <div class=\"widget\"><input type=\"checkbox\" name=\"vars[".$this->name."]\" value=\"".xmlenc($this->value)."\"/></div>\n";
 		$str .= $indent . "</div>\n";
 		return $str;
 	}
@@ -113,12 +116,12 @@ class ComboBox {
 	public function render($indent = "")
 	{
 		$str  = $indent . "<div class=\"input\">\n";
-		$str .= $indent . "  <div class=\"label\">".$this->label."</div>\n";
+		$str .= $indent . "  <div class=\"label\">".xmlenc($this->label)."</div>\n";
 		$str .= $indent . "  <div class=\"widget\">\n";
 		$str .= $indent . "    <select name=\"vars[".$this->name."]\">\n";
 		foreach($this->values as $k => $v) {
-			if($v != $this->value) $str .= $indent . "      <option value=\"".$v."\">".$k."</option>\n";
-			else $str .= $indent .  "      <option value=\"".$v."\" selected>".$k."</option>\n";
+			if($v != $this->value) $str .= $indent . "      <option value=\"".xmlenc($v)."\">".xmlenc($k)."</option>\n";
+			else $str .= $indent .  "      <option value=\"".xmlenc($v)."\" selected>".xmlenc($k)."</option>\n";
 		}
 		$str .= $indent . "    </select>\n";
 		$str .= $indent . "  </div>\n";
@@ -139,7 +142,7 @@ class Hidden {
 	{
 		$str = "";
 		foreach($this->values as $key => $value) {
-			$str .= $indent . "<input type=\"hidden\" name=\"vars[".$key."]\" value=\"".$value."\"/>\n";
+			$str .= $indent . "<input type=\"hidden\" name=\"vars[".$key."]\" value=\"".xmlenc($value)."\"/>\n";
 		}
 		return $str;
 	}
@@ -159,8 +162,8 @@ class TextEdit {
 	function render($indent = "")
 	{
 		$str  = $indent . "<div class=\"input\">\n";
-		$str .= $indent . "  <div class=\"label\">". $this->label ."</div>\n";
-    $str .= $indent . "  <div class=\"widget\"><textarea rows=\"".$this->lines."\" class=\"textedit\" name=\"vars[".$this->name."]\">".$this->value."</textarea></div>\n";
+		$str .= $indent . "  <div class=\"label\">". xmlenc($this->label) ."</div>\n";
+    $str .= $indent . "  <div class=\"widget\"><textarea rows=\"".$this->lines."\" class=\"textedit\" name=\"vars[".$this->name."]\">".xmlenc($this->value)."</textarea></div>\n";
 		$str .= $indent . "</div>\n";
 		return $str;
 	}
@@ -189,7 +192,7 @@ class DateTimeEdit {
 		$year = date('Y',$t); 
 
 		$str  = $indent . "<div class=\"input\">\n";
-		$str .= $indent . "	<div class=\"label\">".$this->label."</div>\n";
+		$str .= $indent . "	<div class=\"label\">".xmlenc($this->label)."</div>\n";
 		$str .= $indent . "  <div class=\"widget\">\n";
 		$str .= $indent . "     <input style=\"width: 50px;\" name=\"vars[".$this->name."_year]\" value=\"".$year."\"/>";
 		$str .= "/<input style=\"width: 30px;\" name=\"vars[".$this->name."_month]\" value=\"".$month."\"/>";
@@ -237,7 +240,7 @@ class ImageComboBox {
 		else $numicons = sizeof($this->values);
 
 		$str  = $indent . "<div class=\"input\">\n";
-		$str .= $indent . "  <div class=\"label\">".$this->label."</div>\n";
+		$str .= $indent . "  <div class=\"label\">".xmlenc($this->label)."</div>\n";
 		$str .= $indent . "  <div class=\"widget\">\n";
 		$str .= $indent . "    <script type=\"text/javascript\">\n";
 		$str .= $indent . "    function setSelection(value)\n";
@@ -391,14 +394,14 @@ class MultiList {
 	function render($indent = "")
 	{
 		$str  = $indent . "<div class=\"input\">\n";
-		$str .= $indent . "  <div class=\"label\">". $this->label ."</div>\n";
+		$str .= $indent . "  <div class=\"label\">". xmlenc($this->label) ."</div>\n";
 		$str .= $indent . "  <div class=\"widget\">\n";
 		$str .= $indent . "    <select multiple size=\"8\" id=\"items\" name=\"".$this->name."[]\">\n";
 		if(sizeof($this->values)) {
 			foreach($this->values as $value => $active) {
 				if($active == true) $sel = " selected=\"true\"";
 				else $sel = "";
-				$str .= $indent . "      <option value=\"".$value."\"".$sel.">".$value."</option>\n";
+				$str .= $indent . "      <option value=\"".xmlenc($value)."\"".$sel.">".xmlenc($value)."</option>\n";
 			}
 		}
 		$str .= $indent . "    </select>\n";
-- 
cgit v1.2.3