bitPickups/friendica_2020-09-1_sharedHosting
1
0
Fork 0
Code Pull requests Activity

Merge pull request #6204 from annando/escaping

Browse source 
We are now escaping many template fields
This commit is contained in:
Hypolite Petovan 2018-11-26 16:31:13 -05:00 committed by GitHub
commit 5a929c587f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
82 changed files with 555 additions and 561 deletions
Download patch file Download diff file Expand all files Collapse all files

2
view/templates/admin/addon_details.tpl
View file

@ -18,7 +18,7 @@
</p>
{{if $screenshot}}
<a href="{{$screenshot.0}}" class='screenshot'><img src="{{$screenshot.0}}" alt="{{$screenshot.1}}" /></a>
<a href="{{$screenshot.0}}" class='screenshot'><img src="{{$screenshot.0}}" alt="{{$screenshot.1|escape}}" /></a>
{{/if}}
{{if $admin_form}}

8
view/templates/admin/contactblock.tpl
View file

@ -32,10 +32,10 @@
{{foreach $contacts as $contact}}
<tr>
<td class="checkbox"><input type="checkbox" class="contacts_ckbx" id="id_contact_{{$contact.id}}" name="contacts[]" value="{{$contact.id}}"/></td>
<td><img class="icon" src="{{$contact.micro}}" alt="{{$contact.nickname}}" title="{{$contact.nickname}}"></td>
<td class="name">{{$contact.name}}</td>
<td class="addr">{{$contact.addr}}</td>
<td class="addr"><a href="{{$contact.url}}" title="{{$contact.nickname}}" >{{$contact.url}}</a></td>
<td><img class="icon" src="{{$contact.micro}}" alt="{{$contact.nickname|escape}}" title="{{$contact.nickname|escape}}"></td>
<td class="name">{{$contact.name|escape}}</td>
<td class="addr">{{$contact.addr|escape}}</td>
<td class="addr"><a href="{{$contact.url}}" title="{{$contact.nickname|escape}}" >{{$contact.url}}</a></td>
</tr>
{{/foreach}}
</tbody>

6
view/templates/admin/site.tpl
View file

@ -39,7 +39,7 @@
});
</script>
<div id='adminpage'>
<h1>{{$title}} - {{$page}}</h1>
<h1>{{$title|escape}} - {{$page|escape}}</h1>
<form action="{{$baseurl}}/admin/site" method="post">
<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
@ -145,7 +145,7 @@
{{include file="field_input.tpl" field=$dbclean_expire_conv}}
<div class="submit"><input type="submit" name="page_site" value="{{$submit|escape:'html'}}" /></div>
<h3>{{$worker_title}}</h3>
<h3>{{$worker_title|escape}}</h3>
{{include file="field_input.tpl" field=$maxloadavg}}
{{include file="field_input.tpl" field=$min_memory}}
{{include file="field_input.tpl" field=$worker_queues}}
@ -155,7 +155,7 @@
<div class="submit"><input type="submit" name="page_site" value="{{$submit|escape:'html'}}" /></div>
<h3>{{$relay_title}}</h3>
<h3>{{$relay_title|escape}}</h3>
{{include file="field_checkbox.tpl" field=$relay_subscribe}}
{{include file="field_input.tpl" field=$relay_server}}
{{include file="field_checkbox.tpl" field=$relay_directly}}

16
view/templates/admin/users.tpl
View file

@ -35,8 +35,8 @@
<td class="email">{{$u.email}}</td>
<td class="checkbox"><input type="checkbox" class="pending_ckbx" id="id_pending_{{$u.hash}}" name="pending[]" value="{{$u.hash}}" /></td>
<td class="tools">
<a href="{{$baseurl}}/regmod/allow/{{$u.hash}}" title='{{$approve}}'><span class='icon like'></span></a>
<a href="{{$baseurl}}/regmod/deny/{{$u.hash}}" title='{{$deny}}'><span class='icon dislike'></span></a>
<a href="{{$baseurl}}/regmod/allow/{{$u.hash}}" title='{{$approve|escape}}'><span class='icon like'></span></a>
<a href="{{$baseurl}}/regmod/deny/{{$u.hash}}" title='{{$deny|escape}}'><span class='icon dislike'></span></a>
</td>
</tr>
<tr>
@ -79,8 +79,8 @@
<tbody>
{{foreach $users as $u}}
<tr>
<td><img class='icon' src="{{$u.micro}}" alt="{{$u.nickname}}" title="{{$u.nickname}}"></td>
<td class='name'><a href="{{$u.url}}" title="{{$u.nickname}}" >{{$u.name}}</a></td>
<td><img class='icon' src="{{$u.micro}}" alt="{{$u.nickname|escape}}" title="{{$u.nickname|escape}}"></td>
<td class='name'><a href="{{$u.url}}" title="{{$u.nickname|escape}}" >{{$u.name}}</a></td>
<td class='email'>{{$u.email}}</td>
<td class='register_date'>{{$u.register_date}}</td>
<td class='login_date'>{{$u.login_date}}</td>
@ -94,8 +94,8 @@
{{/if}}
<td class="tools">
{{if $u.is_deletable}}
<a href="{{$baseurl}}/admin/users/block/{{$u.uid}}?t={{$form_security_token}}" title='{{if $u.blocked}}{{$unblock}}{{else}}{{$block}}{{/if}}'><span class='icon block {{if $u.blocked==0}}dim{{/if}}'></span></a>
<a href="{{$baseurl}}/admin/users/delete/{{$u.uid}}?t={{$form_security_token}}" title='{{$delete}}' onclick="return confirm_delete('{{$u.name}}')"><span class='icon drop'></span></a>
<a href="{{$baseurl}}/admin/users/block/{{$u.uid}}?t={{$form_security_token}}" title='{{if $u.blocked}}{{$unblock|escape}}{{else}}{{$block|escape}}{{/if}}'><span class='icon block {{if $u.blocked==0}}dim{{/if}}'></span></a>
<a href="{{$baseurl}}/admin/users/delete/{{$u.uid}}?t={{$form_security_token}}" title='{{$delete|escape}}' onclick="return confirm_delete('{{$u.name}}')"><span class='icon drop'></span></a>
{{else}}
&nbsp;
{{/if}}
@ -122,8 +122,8 @@
<tbody>
{{foreach $deleted as $u}}
<tr>
<td><img class='icon' src="{{$u.micro}}" alt="{{$u.nickname}}" title="{{$u.nickname}}"></td>
<td class='name'><a href="{{$u.url}}" title="{{$u.nickname}}" >{{$u.name}}</a></td>
<td><img class='icon' src="{{$u.micro}}" alt="{{$u.nickname|escape}}" title="{{$u.nickname|escape}}"></td>
<td class='name'><a href="{{$u.url}}" title="{{$u.nickname|escape}}" >{{$u.name}}</a></td>
<td class='email'>{{$u.email}}</td>
<td class='register_date'>{{$u.register_date}}</td>
<td class='login_date'>{{$u.login_date}}</td>

4
view/templates/birthdays_reminder.tpl
View file

@ -1,10 +1,10 @@
{{if $count}}
<div id="birthday-notice" class="birthday-notice fakelink {{$classtoday}}" onclick="openClose('birthday-wrapper');">{{$event_reminders}} ({{$count}})</div>
<div id="birthday-wrapper" style="display: none;" ><div id="birthday-title">{{$event_title}}</div>
<div id="birthday-wrapper" style="display: none;" ><div id="birthday-title">{{$event_title|escape}}</div>
<div id="birthday-title-end"></div>
{{foreach $events as $event}}
<div class="birthday-list" id="birthday-{{$event.id}}"> <a href="{{$event.link}}">{{$event.title}}</a> {{$event.date}} </div>
<div class="birthday-list" id="birthday-{{$event.id}}"> <a href="{{$event.link}}">{{$event.title|escape}}</a> {{$event.date}} </div>
{{/foreach}}
</div>
{{/if}}

4
view/templates/contact_template.tpl
View file

@ -5,7 +5,7 @@
onmouseover="if (typeof t{{$contact.id}} != 'undefined') clearTimeout(t{{$contact.id}}); openMenu('contact-photo-menu-button-{{$contact.id}}')"
onmouseout="t{{$contact.id}}=setTimeout('closeMenu(\'contact-photo-menu-button-{{$contact.id}}\'); closeMenu(\'contact-photo-menu-{{$contact.id}}\');',200)" >
<a href="{{$contact.url}}" title="{{$contact.img_hover}}" /><img src="{{$contact.thumb}}" {{$contact.sparkle}} alt="{{$contact.name}}" /></a>
<a href="{{$contact.url}}" title="{{$contact.img_hover|escape}}" /><img src="{{$contact.thumb}}" {{$contact.sparkle}} alt="{{$contact.name|escape}}" /></a>
{{if $multiselect}}
<input type="checkbox" class="contact-select" name="contact_batch[]" value="{{$contact.id}}">
@ -31,7 +31,7 @@
<div class="contact-entry-desc">
<div class="contact-entry-name" id="contact-entry-name-{{$contact.id}}" >
{{$contact.name}}
{{$contact.name|escape}}
{{if $contact.account_type}} <span class="contact-entry-details" id="contact-entry-accounttype-{{$contact.id}}">({{$contact.account_type}})</span>{{/if}}
</div>
{{if $contact.alt_text}}<div class="contact-entry-details" id="contact-entry-rel-{{$contact.id}}" >{{$contact.alt_text}}</div>{{/if}}

6
view/templates/event_stream_item.tpl
View file

@ -1,16 +1,16 @@
<div class="vevent">
<div class="summary event-summary">{{$title}}</div>
<div class="summary event-summary">{{$title|escape}}</div>
<div class="event-start">
<span class="event-label">{{$dtstart_label}}</span>&nbsp;
<span class="dtstart" title="{{$dtstart_title}}">{{$dtstart_dt}}</span>
<span class="dtstart" title="{{$dtstart_title|escape}}">{{$dtstart_dt}}</span>
</div>
{{if $finish}}
<div class="event-end">
<span class="event-label">{{$dtend_label}}</span>&nbsp;
<span class="dtend" title="{{$dtend_title}}">{{$dtend_dt}}</span>
<span class="dtend" title="{{$dtend_title|escape}}">{{$dtend_dt}}</span>
</div>
{{/if}}

4
view/templates/events_reminder.tpl
View file

@ -1,10 +1,10 @@
{{if $count}}
<div id="event-notice" class="birthday-notice fakelink {{$classtoday}}" onclick="openClose('event-wrapper');">{{$event_reminders}} ({{$count}})</div>
<div id="event-wrapper" style="display: none;" ><div id="event-title">{{$event_title}}</div>
<div id="event-wrapper" style="display: none;" ><div id="event-title">{{$event_title|escape}}</div>
<div id="event-title-end"></div>
{{foreach $events as $event}}
<div class="event-list" id="event-{{$event.id}}"> <a class="ajax-popupbox" href="events/?id={{$event.id}}">{{$event.title}}</a> - {{$event.date}} </div>
<div class="event-list" id="event-{{$event.id}}"> <a class="ajax-popupbox" href="events/?id={{$event.id}}">{{$event.title|escape}}</a> - {{$event.date}} </div>
{{/foreach}}
</div>
{{/if}}

4
view/templates/files.tpl
View file

@ -1,4 +1,4 @@
{{foreach $items as $item }}
<p>{{$item.title}} ({{$item.mime}}) ({{$item.filename}})</p>
<p>{{$item.title|escape}} ({{$item.mime|escape}}) ({{$item.filename|escape}})</p>
{{/foreach}}
{{include "paginate.tpl"}}
{{include "paginate.tpl"}}

16
view/templates/hovercard.tpl
View file

@ -3,15 +3,15 @@
<div class="hover-card-header left-align">
<div class="hover-card-pic left-align">
<span class="image-wrapper medium">
<a href="{{$profile.url}}" title="{{$profile.name}}"><img href="" class="left-align thumbnail" src="{{$profile.thumb}}" alt="{{$profile.name}}"></a>
<a href="{{$profile.url}}" title="{{$profile.name|escape}}"><img href="" class="left-align thumbnail" src="{{$profile.thumb}}" alt="{{$profile.name|escape}}"></a>
</span>
</div>
<div class="hover-card-content">
<div class="profile-entry-name">
<h4 class="left-align1"><a href="{{$profile.url}}">{{$profile.name}}</a></h4>{{if $profile.account_type}}<span>{{$profile.account_type}}</span>{{/if}}
<h4 class="left-align1"><a href="{{$profile.url}}">{{$profile.name|escape}}</a></h4>{{if $profile.account_type}}<span>{{$profile.account_type}}</span>{{/if}}
</div>
<div class="profile-details">
<span class="profile-addr">{{$profile.addr}}</span>
<span class="profile-addr">{{$profile.addr|escape}}</span>
{{if $profile.network}}<span class="profile-network"> ({{$profile.network}})</span>{{/if}}
</div>
{{*{{if $profile.about}}<div class="profile-details profile-about">{{$profile.about}}</div>{{/if}}*}}
@ -21,13 +21,13 @@
{{* here are the differnt actions like privat message, poke, delete and so on *}}
{{* @todo we have two different photo menus one for contacts and one for items at the network stream. We currently use the contact photo menu, so the items options are missing We need to move them *}}
<div class="hover-card-actions-social">
{{if $profile.actions.pm}}<a class="btn btn-labeled btn-primary btn-sm" onclick="addToModal('{{$profile.actions.pm.1}}')" aria-label="{{$profile.actions.pm.0}}" title="{{$profile.actions.pm.0}}"><i class="fa fa-envelope" aria-hidden="true"></i></a>{{/if}}
{{if $profile.actions.poke}}<a class="btn btn-labeled btn-primary btn-sm" onclick="addToModal('{{$profile.actions.poke.1}}')" aria-label="{{$profile.actions.poke.0}}" title="{{$profile.actions.poke.0}}"><i class="fa fa-heartbeat" aria-hidden="true"></i></a>{{/if}}
{{if $profile.actions.pm}}<a class="btn btn-labeled btn-primary btn-sm" onclick="addToModal('{{$profile.actions.pm.1}}')" aria-label="{{$profile.actions.pm.0}}" title="{{$profile.actions.pm.0|escape}}"><i class="fa fa-envelope" aria-hidden="true"></i></a>{{/if}}
{{if $profile.actions.poke}}<a class="btn btn-labeled btn-primary btn-sm" onclick="addToModal('{{$profile.actions.poke.1}}')" aria-label="{{$profile.actions.poke.0}}" title="{{$profile.actions.poke.0|escape}}"><i class="fa fa-heartbeat" aria-hidden="true"></i></a>{{/if}}
</div>
<div class="hover-card-actions-connection">
{{if $profile.actions.network}}<a class="btn btn-labeled btn-primary btn-sm" href="{{$profile.actions.network.1}}" aria-label="{{$profile.actions.network.0}}" title="{{$profile.actions.network.0}}"><i class="fa fa-cloud" aria-hidden="true"></i></a>{{/if}}
{{if $profile.actions.edit}}<a class="btn btn-labeled btn-primary btn-sm" href="{{$profile.actions.edit.1}}" aria-label="{{$profile.actions.edit.0}}" title="{{$profile.actions.edit.0}}"><i class="fa fa-user" aria-hidden="true"></i></a>{{/if}}
{{if $profile.actions.follow}}<a class="btn btn-labeled btn-primary btn-sm" href="{{$profile.actions.follow.1}}" aria-label="{{$profile.actions.follow.0}}" title="{{$profile.actions.follow.0}}"><i class="fa fa-user-plus" aria-hidden="true"></i></a>{{/if}}
{{if $profile.actions.network}}<a class="btn btn-labeled btn-primary btn-sm" href="{{$profile.actions.network.1}}" aria-label="{{$profile.actions.network.0}}" title="{{$profile.actions.network.0|escape}}"><i class="fa fa-cloud" aria-hidden="true"></i></a>{{/if}}
{{if $profile.actions.edit}}<a class="btn btn-labeled btn-primary btn-sm" href="{{$profile.actions.edit.1}}" aria-label="{{$profile.actions.edit.0}}" title="{{$profile.actions.edit.0|escape}}"><i class="fa fa-user" aria-hidden="true"></i></a>{{/if}}
{{if $profile.actions.follow}}<a class="btn btn-labeled btn-primary btn-sm" href="{{$profile.actions.follow.1}}" aria-label="{{$profile.actions.follow.0}}" title="{{$profile.actions.follow.0|escape}}"><i class="fa fa-user-plus" aria-hidden="true"></i></a>{{/if}}
</div>
</div>
</div>

4
view/templates/photo_album.tpl
View file

@ -10,8 +10,8 @@
{{foreach $photos as $photo}}
<div class="photo-album-image-wrapper" id="photo-album-image-wrapper-{{$photo.id}}">
<a href="{{$photo.link}}" class="photo-album-photo-link" id="photo-album-photo-link-{{$photo.id}}" title="{{$photo.title}}">
<img src="{{$photo.src}}" alt="{{if $photo.album.name}}{{$photo.album.name}}{{elseif $photo.desc}}{{$photo.desc}}{{elseif $photo.alt}}{{$photo.alt}}{{else}}{{$photo.unknown}}{{/if}}" title="{{$photo.title}}" class="photo-album-photo lframe resize{{$photo.twist}}" id="photo-album-photo-{{$photo.id}}" />
<a href="{{$photo.link}}" class="photo-album-photo-link" id="photo-album-photo-link-{{$photo.id}}" title="{{$photo.title|escape}}">
<img src="{{$photo.src}}" alt="{{if $photo.album.name}}{{$photo.album.name|escape}}{{elseif $photo.desc}}{{$photo.desc}}{{elseif $photo.alt}}{{$photo.alt|escape}}{{else}}{{$photo.unknown}}{{/if}}" title="{{$photo.title|escape}}" class="photo-album-photo lframe resize{{$photo.twist}}" id="photo-album-photo-{{$photo.id}}" />
<p class='caption'>{{$photo.desc}}</p>
</a>
</div>

8
view/templates/photo_top.tpl
View file

@ -1,9 +1,7 @@
<div class="photo-top-image-wrapper lframe" id="photo-top-image-wrapper-{{$photo.id}}">
<a href="{{$photo.link}}" class="photo-top-photo-link" id="photo-top-photo-link-{{$photo.id}}" title="{{$photo.title}}">
<img src="{{$photo.src}}" alt="{{$photo.alt}}" title="{{$photo.title}}" class="photo-top-photo{{$photo.twist}}" id="photo-top-photo-{{$photo.id}}" />
<a href="{{$photo.link}}" class="photo-top-photo-link" id="photo-top-photo-link-{{$photo.id}}" title="{{$photo.title|escape}}">
<img src="{{$photo.src}}" alt="{{$photo.alt|escape}}" title="{{$photo.title|escape}}" class="photo-top-photo{{$photo.twist}}" id="photo-top-photo-{{$photo.id}}" />
</a>
<div class="photo-top-album-name"><a href="{{$photo.album.link}}" class="photo-top-album-link" title="{{$photo.album.alt}}" >{{$photo.album.name}}</a></div>
<div class="photo-top-album-name"><a href="{{$photo.album.link}}" class="photo-top-album-link" title="{{$photo.album.alt|escape}}" >{{$photo.album.name|escape}}</a></div>
</div>

2
view/templates/photo_view.tpl
View file

@ -12,7 +12,7 @@
</div>
{{if $prevlink}}<div id="photo-prev-link"><a href="{{$prevlink.0}}">{{$prevlink.1}}</a></div>{{/if}}
<div id="photo-photo"><a href="{{$photo.href}}" title="{{$photo.title}}"><img src="{{$photo.src}}" /></a></div>
<div id="photo-photo"><a href="{{$photo.href}}" title="{{$photo.title|escape}}"><img src="{{$photo.src}}" /></a></div>
{{if $nextlink}}<div id="photo-next-link"><a href="{{$nextlink.0}}">{{$nextlink.1}}</a></div>{{/if}}
<div id="photo-photo-end"></div>
<div id="photo-caption">{{$desc}}</div>

8
view/templates/profile_vcard.tpl
View file

@ -1,16 +1,16 @@
<div class="vcard h-card">
<div class="fn label p-name">{{$profile.name}}</div>
<div class="fn label p-name">{{$profile.name|escape}}</div>
{{if $profile.addr}}<div class="p-addr">{{$profile.addr}}</div>{{/if}}
{{if $profile.addr}}<div class="p-addr">{{$profile.addr|escape}}</div>{{/if}}
{{if $profile.pdesc}}<div class="title">{{$profile.pdesc}}</div>{{/if}}
{{if $profile.picdate}}
<div id="profile-photo-wrapper"><a href="{{$profile.url}}"><img class="photo u-photo" width="175" height="175" src="{{$profile.photo}}?rev={{$profile.picdate}}" alt="{{$profile.name}}"></a></div>
<div id="profile-photo-wrapper"><a href="{{$profile.url}}"><img class="photo u-photo" width="175" height="175" src="{{$profile.photo}}?rev={{$profile.picdate}}" alt="{{$profile.name|escape}}"></a></div>
{{else}}
<div id="profile-photo-wrapper"><a href="{{$profile.url}}"><img class="photo u-photo" width="175" height="175" src="{{$profile.photo}}" alt="{{$profile.name}}"></a></div>
<div id="profile-photo-wrapper"><a href="{{$profile.url}}"><img class="photo u-photo" width="175" height="175" src="{{$profile.photo}}" alt="{{$profile.name|escape}}"></a></div>
{{/if}}
{{if $account_type}}<div class="account-type">{{$account_type}}</div>{{/if}}
{{if $profile.network_name}}<dl class="network"><dt class="network-label">{{$network}}</dt><dd class="x-network">{{$profile.network_name}}</dd></dl>{{/if}}

4
view/templates/remote_friends_common.tpl
View file

@ -6,12 +6,12 @@
<div class="profile-match-wrapper">
<div class="profile-match-photo">
<a href="{{$item.url}}">
<img src="{{$item.photo}}" width="80" height="80" alt="{{$item.name}}" title="{{$item.name}}" />
<img src="{{$item.photo}}" width="80" height="80" alt="{{$item.name|escape}}" title="{{$item.name|escape}}" />
</a>
</div>
<div class="profile-match-break"></div>
<div class="profile-match-name">
<a href="{{$item.url}}" title="{{$item.name}}">{{$item.name}}</a>
<a href="{{$item.url}}" title="{{$item.name|escape}}">{{$item.name|escape}}</a>
</div>
<div class="profile-match-end"></div>
</div>

10
view/templates/search_item.tpl
View file

@ -6,8 +6,8 @@
<div class="wall-item-photo-wrapper" id="wall-item-photo-wrapper-{{$item.id}}"
onmouseover="if (typeof t{{$item.id}} != 'undefined') clearTimeout(t{{$item.id}}); openMenu('wall-item-photo-menu-button-{{$item.id}}')"
onmouseout="t{{$item.id}}=setTimeout('closeMenu(\'wall-item-photo-menu-button-{{$item.id}}\'); closeMenu(\'wall-item-photo-menu-{{$item.id}}\');',200)">
<a href="{{$item.profile_url}}" target="redir" title="{{$item.linktitle}}" class="wall-item-photo-link" id="wall-item-photo-link-{{$item.id}}">
<img src="{{$item.thumb}}" class="wall-item-photo{{$item.sparkle}}" id="wall-item-photo-{{$item.id}}" style="height: 80px; width: 80px;" alt="{{$item.name}}" /></a>
<a href="{{$item.profile_url}}" target="redir" title="{{$item.linktitle|escape}}" class="wall-item-photo-link" id="wall-item-photo-link-{{$item.id}}">
<img src="{{$item.thumb}}" class="wall-item-photo{{$item.sparkle}}" id="wall-item-photo-{{$item.id}}" style="height: 80px; width: 80px;" alt="{{$item.name|escape}}" /></a>
<span onclick="openClose('wall-item-photo-menu-{{$item.id}}');" class="fakelink wall-item-photo-menu-button" id="wall-item-photo-menu-button-{{$item.id}}">menu</span>
<div class="wall-item-photo-menu" id="wall-item-photo-menu-{{$item.id}}">
<ul>
@ -23,12 +23,12 @@
</div>
</div>
<div class="wall-item-author">
<a href="{{$item.profile_url}}" target="redir" title="{{$item.linktitle}}" class="wall-item-name-link"><span class="wall-item-name{{$item.sparkle}}" id="wall-item-name-{{$item.id}}" >{{$item.name}}</span></a>
<a href="{{$item.profile_url}}" target="redir" title="{{$item.linktitle|escape}}" class="wall-item-name-link"><span class="wall-item-name{{$item.sparkle}}" id="wall-item-name-{{$item.id}}" >{{$item.name|escape}}</span></a>
<div class="wall-item-ago" id="wall-item-ago-{{$item.id}}" title="{{$item.localtime}}">{{$item.ago}}</div>
</div>
<div class="wall-item-content" id="wall-item-content-{{$item.id}}" >
<div class="wall-item-title" id="wall-item-title-{{$item.id}}">{{$item.title}}</div>
<div class="wall-item-title" id="wall-item-title-{{$item.id}}">{{$item.title|escape}}</div>
<div class="wall-item-title-end"></div>
<div class="wall-item-body" id="wall-item-body-{{$item.id}}" >{{$item.body}}</div>
{{if $item.has_cats}}
@ -54,7 +54,7 @@
<div class="wall-item-conv" id="wall-item-conv-{{$item.id}}" >
{{if $item.conv}}
<a href='{{$item.conv.href}}' id='context-{{$item.id}}' title='{{$item.conv.title}}'>{{$item.conv.title}}</a>
<a href='{{$item.conv.href}}' id='context-{{$item.id}}' title='{{$item.conv.title|escape}}'>{{$item.conv.title|escape}}</a>
{{/if}}
</div>

2
view/templates/settings/display.tpl
View file

@ -21,7 +21,7 @@
{{include file="field_checkbox.tpl" field=$infinite_scroll}}
{{include file="field_checkbox.tpl" field=$bandwidth_saver}}
{{include file="field_checkbox.tpl" field=$smart_threading}}
<h2>{{$calendar_title}}</h2>
<h2>{{$calendar_title|escape}}</h2>
{{include file="field_select.tpl" field=$first_day_of_week}}

10
view/templates/vcard-widget.tpl
View file

@ -1,14 +1,14 @@
<div class="vcard h-card">
<div class="fn p-name">{{$name}}</div>
{{if $addr}}<div class="p-addr">{{$addr}}</div>{{/if}}
<div class="fn p-name">{{$name|escape}}</div>
{{if $addr}}<div class="p-addr">{{$addr|escape}}</div>{{/if}}
{{if $pdesc}}<div class="title p-job-title">{{$pdesc}}</div>{{/if}}
{{if $url}}
<div id="profile-photo-wrapper"><a href="{{$url}}"><img class="vcard-photo photo u-photo" style="width: 175px; height: 175px;" src="{{$photo}}" alt="{{$name}}" /></a></div>
<div id="profile-photo-wrapper"><a href="{{$url}}"><img class="vcard-photo photo u-photo" style="width: 175px; height: 175px;" src="{{$photo}}" alt="{{$name|escape}}" /></a></div>
{{else}}
<div id="profile-photo-wrapper"><img class="vcard-photo photo u-photo" style="width: 175px; height: 175px;" src="{{$photo}}" alt="{{$name}}" /></div>
<div id="profile-photo-wrapper"><img class="vcard-photo photo u-photo" style="width: 175px; height: 175px;" src="{{$photo}}" alt="{{$name|escape}}" /></div>
{{/if}}
{{if $account_type}}<div class="account-type">{{$account_type}}</div>{{/if}}
{{if $account_type}}<div class="account-type">{{$account_type|escape}}</div>{{/if}}
{{if $network_name}}<dl class="network"><dt class="network-label">{{$network}}</dt><dd class="x-network">{{$network_name}}</dd></dl>{{/if}}
<div id="profile-vcard-break"></div>
</div>

12
view/templates/wall_thread.tpl
View file

@ -19,15 +19,15 @@
{{if $item.owner_url}}
<div class="wall-item-photo-wrapper wwto" id="wall-item-ownerphoto-wrapper-{{$item.id}}" >
<a href="{{$item.owner_url}}" target="redir" title="{{$item.olinktitle|escape:'html'}}" class="wall-item-photo-link" id="wall-item-ownerphoto-link-{{$item.id}}">
<img src="{{$item.owner_photo}}" class="wall-item-photo{{$item.osparkle}}" id="wall-item-ownerphoto-{{$item.id}}" style="height: 80px; width: 80px;" alt="{{$item.owner_name}}" /></a>
<img src="{{$item.owner_photo}}" class="wall-item-photo{{$item.osparkle}}" id="wall-item-ownerphoto-{{$item.id}}" style="height: 80px; width: 80px;" alt="{{$item.owner_name|escape}}" /></a>
</div>
<div class="wall-item-arrowphoto-wrapper" ><img src="images/larrow.gif" alt="{{$item.wall}}" /></div>
<div class="wall-item-arrowphoto-wrapper" ><img src="images/larrow.gif" alt="{{$item.wall|escape}}" /></div>
{{/if}}
<div class="wall-item-photo-wrapper{{if $item.owner_url}} wwfrom{{/if}} p-author h-card" id="wall-item-photo-wrapper-{{$item.id}}"
onmouseover="if (typeof t{{$item.id}} != 'undefined') clearTimeout(t{{$item.id}}); openMenu('wall-item-photo-menu-button-{{$item.id}}')"
onmouseout="t{{$item.id}}=setTimeout('closeMenu(\'wall-item-photo-menu-button-{{$item.id}}\'); closeMenu(\'wall-item-photo-menu-{{$item.id}}\');',200)">
<a href="{{$item.profile_url}}" target="redir" title="{{$item.linktitle|escape:'html'}}" class="wall-item-photo-link u-url" id="wall-item-photo-link-{{$item.id}}">
<img src="{{$item.thumb}}" class="wall-item-photo{{$item.sparkle}} u-photo p-name" id="wall-item-photo-{{$item.id}}" style="height: 80px; width: 80px;" alt="{{$item.name}}" /></a>
<img src="{{$item.thumb}}" class="wall-item-photo{{$item.sparkle}} u-photo p-name" id="wall-item-photo-{{$item.id}}" style="height: 80px; width: 80px;" alt="{{$item.name|escape}}" /></a>
<span onclick="openClose('wall-item-photo-menu-{{$item.id}}');" class="fakelink wall-item-photo-menu-button" id="wall-item-photo-menu-button-{{$item.id}}">menu</span>
<div class="wall-item-photo-menu" id="wall-item-photo-menu-{{$item.id}}">
<ul>
@ -38,17 +38,17 @@
</div>
<div class="wall-item-photo-end"></div>
<div class="wall-item-wrapper" id="wall-item-wrapper-{{$item.id}}" >
{{if $item.lock}}<div class="wall-item-lock"><img src="images/lock_icon.gif" class="lockview" alt="{{$item.lock}}" onclick="lockview(event,{{$item.id}});" /></div>
{{if $item.lock}}<div class="wall-item-lock"><img src="images/lock_icon.gif" class="lockview" alt="{{$item.lock|escape}}" onclick="lockview(event,{{$item.id}});" /></div>
{{else}}<div class="wall-item-lock"></div>{{/if}}
<div class="wall-item-location" id="wall-item-location-{{$item.id}}">{{$item.location}}</div>
</div>
</div>
<div class="wall-item-author">
<a href="{{$item.profile_url}}" target="redir" title="{{$item.linktitle|escape:'html'}}" class="wall-item-name-link"><span class="wall-item-name{{$item.sparkle}}" id="wall-item-name-{{$item.id}}" >{{$item.name}}</span></a>{{if $item.owner_url}} {{$item.to}} <a href="{{$item.owner_url}}" target="redir" title="{{$item.olinktitle|escape:'html'}}" class="wall-item-name-link"><span class="wall-item-name{{$item.osparkle}}" id="wall-item-ownername-{{$item.id}}">{{$item.owner_name}}</span></a> {{$item.vwall}}{{/if}}<br />
<a href="{{$item.profile_url}}" target="redir" title="{{$item.linktitle|escape:'html'}}" class="wall-item-name-link"><span class="wall-item-name{{$item.sparkle}}" id="wall-item-name-{{$item.id}}" >{{$item.name|escape}}</span></a>{{if $item.owner_url}} {{$item.to}} <a href="{{$item.owner_url}}" target="redir" title="{{$item.olinktitle|escape:'html'}}" class="wall-item-name-link"><span class="wall-item-name{{$item.osparkle}}" id="wall-item-ownername-{{$item.id}}">{{$item.owner_name|escape}}</span></a> {{$item.vwall}}{{/if}}<br />
<div class="wall-item-ago" id="wall-item-ago-{{$item.id}}" title="{{$item.localtime|escape:'html'}}"><time class="dt-published" datetime="{{$item.localtime}}">{{$item.ago}}</time></div>
</div>
<div class="wall-item-content" id="wall-item-content-{{$item.id}}" >
<div class="wall-item-title p-name" id="wall-item-title-{{$item.id}}">{{$item.title}}</div>
<div class="wall-item-title p-name" id="wall-item-title-{{$item.id}}">{{$item.title|escape}}</div>
<div class="wall-item-title-end"></div>
<div class="wall-item-body" id="wall-item-body-{{$item.id}}" ><span class="e-content">{{$item.body}}<span>
<div class="body-tag">

8
view/templates/widget_forumlist.tpl
View file

@ -21,8 +21,8 @@ function showHideForumlist() {
{{if $forum.id <= $visible_forums}}
<li class="forum-widget-entry forum-{{$forum.cid}}" id="forum-widget-entry-{{$forum.id}}" role="menuitem">
<span class="notify badge pull-right"></span>
<a href="{{$forum.external_url}}" title="{{$forum.link_desc}}" class="label sparkle" target="_blank">
<img class="forumlist-img" src="{{$forum.micro}}" alt="{{$forum.link_desc}}" />
<a href="{{$forum.external_url}}" title="{{$forum.link_desc|escape}}" class="label sparkle" target="_blank">
<img class="forumlist-img" src="{{$forum.micro}}" alt="{{$forum.link_desc|escape}}" />
</a>
<a class="forum-widget-link {{if $forum.selected}}forum-selected{{/if}}" id="forum-widget-link-{{$forum.id}}" href="{{$forum.url}}" >{{$forum.name}}</a>
</li>
@ -31,8 +31,8 @@ function showHideForumlist() {
{{if $forum.id > $visible_forums}}
<li class="forum-widget-entry forum-{{$forum.cid}}" id="forum-widget-entry-extended-{{$forum.id}}" role="menuitem" style="display: none;">
<span class="notify badge pull-right"></span>
<a href="{{$forum.external_url}}" title="{{$forum.link_desc}}" class="label sparkle" target="_blank">
<img class="forumlist-img" src="{{$forum.micro}}" alt="{{$forum.link_desc}}" />
<a href="{{$forum.external_url}}" title="{{$forum.link_desc|escape}}" class="label sparkle" target="_blank">
<img class="forumlist-img" src="{{$forum.micro}}" alt="{{$forum.link_desc|escape}}" />
</a>
<a class="forum-widget-link {{if $forum.selected}}forum-selected{{/if}}" id="forum-widget-link-{{$forum.id}}" href="{{$forum.url}}" >{{$forum.name}}</a>
</li>