Jingga/oms-Media
1
0
Fork 0
mirror of https://github.com/Karaka-Management/oms-Media.git synced 2026-02-18 02:08:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add html escaping

Browse Source
This commit is contained in:
Dennis Eichhorn 2017-07-24 20:48:22 +02:00
parent a8f2dae3ea
commit 0bba3c6913
3 changed files with 26 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Theme/Backend/media-create.tpl.php
View File

@ -20,17 +20,17 @@ echo $this->getData('nav')->render(); ?>
<div class="row"> <div class="row">
<div class="col-xs-12 col-md-6"> <div class="col-xs-12 col-md-6">
<section class="box wf-100"> <section class="box wf-100">
<header><h1><?= $this->getText('Upload'); ?></h1></header> <header><h1><?= $this->getHtml('Upload') ?></h1></header>
<div class="inner"> <div class="inner">
<form method="POST" id="media-uploader" action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/media'); ?>"> <form method="POST" id="media-uploader" action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/media'); ?>">
<table class="layout wf-100"> <table class="layout wf-100">
<tr><td><label for="iName"><?= $this->getText('Name'); ?></label> <tr><td><label for="iName"><?= $this->getHtml('Name') ?></label>
<tr><td><input type="text" id="iName" name="name" placeholder="&#xf040;"> <tr><td><input type="text" id="iName" name="name" placeholder="&#xf040;">
<tr><td><label for="iDescription"><?= $this->getText('Description'); ?></label> <tr><td><label for="iDescription"><?= $this->getHtml('Description') ?></label>
<tr><td><textarea id="iDescription" name="description"></textarea> <tr><td><textarea id="iDescription" name="description"></textarea>
<tr><td><label for="iFiles"><?= $this->getText('Files'); ?></label> <tr><td><label for="iFiles"><?= $this->getHtml('Files') ?></label>
<tr><td><input type="file" id="iFiles" name="files" multiple><input name="media" type="hidden"> <tr><td><input type="file" id="iFiles" name="files" multiple><input name="media" type="hidden">
<tr><td><input type="submit" value="<?= $this->getText('Create', 0, 0); ?>"> <tr><td><input type="submit" value="<?= $this->getHtml('Create', 0, 0); ?>">
</table> </table>
</form> </form>
</div> </div>

28
Theme/Backend/media-list.tpl.php
View File

@ -28,18 +28,18 @@ echo $this->getData('nav')->render(); ?>
<div class="col-xs-12"> <div class="col-xs-12">
<div class="box wf-100"> <div class="box wf-100">
<table class="table red"> <table class="table red">
<caption><?= $this->getText('Media'); ?></caption> <caption><?= $this->getHtml('Media') ?></caption>
<thead> <thead>
<tr> <tr>
<td> <td>
<td class="wf-100"><?= $this->getText('Name'); ?> <td class="wf-100"><?= $this->getHtml('Name') ?>
<td><?= $this->getText('Type'); ?> <td><?= $this->getHtml('Type') ?>
<td><?= $this->getText('Size'); ?> <td><?= $this->getHtml('Size') ?>
<td><?= $this->getText('Creator'); ?> <td><?= $this->getHtml('Creator') ?>
<td><?= $this->getText('Created'); ?> <td><?= $this->getHtml('Created') ?>
<tfoot> <tfoot>
<tr> <tr>
<td colspan="3"><?= $footerView->render(); ?> <td colspan="3"><?= htmlspecialchars($footerView->render(), ENT_COMPAT, 'utf-8'); ?>
<tbody> <tbody>
<?php $count = 0; foreach($media as $key => $value) : $count++; <?php $count = 0; foreach($media as $key => $value) : $count++;
$url = \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/backend/media/single?{?}&id=' . $value->getId()); $url = \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/backend/media/single?{?}&id=' . $value->getId());
@ -72,15 +72,15 @@ echo $this->getData('nav')->render(); ?>
} }
?> ?>
<tr data-href="<?= $url; ?>"> <tr data-href="<?= $url; ?>">
<td><a href="<?= $url; ?>"><i class="fa fa-<?= $icon; ?>"></i></a> <td><a href="<?= $url; ?>"><i class="fa fa-<?= htmlspecialchars($icon, ENT_COMPAT, 'utf-8'); ?>"></i></a>
<td><a href="<?= $url; ?>"><?= $value->getName(); ?></a> <td><a href="<?= $url; ?>"><?= htmlspecialchars($value->getName(), ENT_COMPAT, 'utf-8'); ?></a>
<td><a href="<?= $url; ?>"><?= $value->getExtension(); ?></a> <td><a href="<?= $url; ?>"><?= htmlspecialchars($value->getExtension(), ENT_COMPAT, 'utf-8'); ?></a>
<td><a href="<?= $url; ?>"><?= $value->getSize(); ?></a> <td><a href="<?= $url; ?>"><?= htmlspecialchars($value->getSize(), ENT_COMPAT, 'utf-8'); ?></a>
<td><a href="<?= $url; ?>"><?= $value->getCreatedBy(); ?></a> <td><a href="<?= $url; ?>"><?= htmlspecialchars($value->getCreatedBy(), ENT_COMPAT, 'utf-8'); ?></a>
<td><a href="<?= $url; ?>"><?= $value->getCreatedAt()->format('Y-m-d H:i:s'); ?></a> <td><a href="<?= $url; ?>"><?= htmlspecialchars($value->getCreatedAt()->format('Y-m-d H:i:s'), ENT_COMPAT, 'utf-8'); ?></a>
<?php endforeach; ?> <?php endforeach; ?>
<?php if($count === 0) : ?> <?php if($count === 0) : ?>
<tr><td colspan="5" class="empty"><?= $this->getText('Empty', 0, 0); ?> <tr><td colspan="5" class="empty"><?= $this->getHtml('Empty', 0, 0); ?>
<?php endif; ?> <?php endif; ?>
</table> </table>
</div> </div>

14
Theme/Backend/media-single.tpl.php
View File

@ -25,18 +25,18 @@ echo $this->getData('nav')->render();
<div class="row"> <div class="row">
<div class="col-xs-12"> <div class="col-xs-12">
<section class="box wf-100"> <section class="box wf-100">
<header><h1><?= $media->getName() ?></h1></header> <header><h1><?= htmlspecialchars($media->getName() , ENT_COMPAT, 'utf-8'); ?></h1></header>
<div class="inner"> <div class="inner">
<table class="list w-100"> <table class="list w-100">
<tbody> <tbody>
<tr><td>Size<td class="wf-100"><?= $media->getSize(); ?> <tr><td>Size<td class="wf-100"><?= htmlspecialchars($media->getSize(), ENT_COMPAT, 'utf-8'); ?>
<tr><td>Created at<td><?= $media->getCreatedAt()->format('Y-m-d'); ?> <tr><td>Created at<td><?= htmlspecialchars($media->getCreatedAt()->format('Y-m-d'), ENT_COMPAT, 'utf-8'); ?>
<tr><td>Created by<td><?= $media->getCreatedBy(); ?> <tr><td>Created by<td><?= htmlspecialchars($media->getCreatedBy(), ENT_COMPAT, 'utf-8'); ?>
<tr><td>Description<td><?= $media->getDescription(); ?> <tr><td>Description<td><?= htmlspecialchars($media->getDescription(), ENT_COMPAT, 'utf-8'); ?>
<tr><td colspan="2">Content <tr><td colspan="2">Content
</table> </table>
<?php if(\phpOMS\System\File\FileUtils::getExtensionType($media->getExtension()) === \phpOMS\System\File\ExtensionType::IMAGE) : ?> <?php if(\phpOMS\System\File\FileUtils::getExtensionType($media->getExtension()) === \phpOMS\System\File\ExtensionType::IMAGE) : ?>
<div class="h-overflow"><img src="<?= $this->request->getUri()->getBase() . $media->getPath(); ?>"></div> <div class="h-overflow"><img src="<?= htmlspecialchars($this->request->getUri()->getBase() . $media->getPath(), ENT_COMPAT, 'utf-8'); ?>"></div>
<?php elseif($media->getExtension() === 'collection') : ?> <?php elseif($media->getExtension() === 'collection') : ?>
collection collection
<?php else : ?> <?php else : ?>
@ -45,7 +45,7 @@ echo $this->getData('nav')->render();
$output = htmlspecialchars(file_get_contents(__DIR__ . '/../../../../' . $media->getPath())); $output = htmlspecialchars(file_get_contents(__DIR__ . '/../../../../' . $media->getPath()));
$output = str_replace(["\r\n", "\r"], "\n", $output); $output = str_replace(["\r\n", "\r"], "\n", $output);
$output = explode("\n", $output); $output = explode("\n", $output);
foreach($output as $line) : ?><span><?= $line; ?></span><?php endforeach; ?> foreach($output as $line) : ?><span><?= htmlspecialchars($line, ENT_COMPAT, 'utf-8'); ?></span><?php endforeach; ?>
</pre> </pre>
<?php endif; ?> <?php endif; ?>
</div> </div>