added default escaping for smarty

author Andreas Gohr <gohr@cosmocode.de>

Wed, 13 Jun 2007 14:39:39 +0000 (16:39 +0200)

committer Andreas Gohr <gohr@cosmocode.de>

Wed, 13 Jun 2007 14:39:39 +0000 (16:39 +0200)
author Andreas Gohr <gohr@cosmocode.de>
Wed, 13 Jun 2007 14:39:39 +0000 (16:39 +0200)
committer Andreas Gohr <gohr@cosmocode.de>
Wed, 13 Jun 2007 14:39:39 +0000 (16:39 +0200)
diff --git a/init.php b/init.php

index 9bd00d2e916282635f4b7414c7ed672ab147816a..ec981fa620969c9d7f4a3fe986743a9ee9d4d93a 100644 (file)
--- a/init.php
+++ b/init.php
@@ -37,4 +37,5 @@
    $smarty->use_sub_dirs  = 0;
    $smarty->template_dir  = './templates';
    $smarty->force_compile = $conf['smartycompile'];
+  $smarty->default_modifiers = 'escape:"htmlall":"UTF-8"';
  ?>
diff --git a/templates/entry_edit.tpl b/templates/entry_edit.tpl

index 02def0bc4e4d5e9b66def8d9484d765de5ce3f60..00453cafd4bb2d5fb33298c07efc38b49a479a76 100644 (file)
--- a/templates/entry_edit.tpl
+++ b/templates/entry_edit.tpl
@@ -9,7 +9,7 @@
  
  <form action="entry.php" method="post" enctype="multipart/form-data" accept-charset="utf-8">
  <input type="hidden" name="MAX_FILE_SIZE" value="2000000" />
-<input type="hidden" name="dn" value="{$entry.dn|escape}" />
+<input type="hidden" name="dn" value="{$entry.dn}" />
  <input type="hidden" name="save" value="1" />
  
  <table width="100%">
@@ -20,19 +20,19 @@
  {* always required ... if $fields.name *}
          <tr>
            <td align="right" valign="top" nowrap="nowrap">{$lang.name}:</td>
-          <td><input type="text" class="input" name="entry[name]" value="{$entry.name|escape}" id="firstfield"></td>
+          <td><input type="text" class="input" name="entry[name]" value="{$entry.name}" id="firstfield"></td>
          </tr>
  {* /if *}
  {if $fields.givenname}
          <tr>
            <td align="right" valign="top" nowrap="nowrap">{$lang.givenname}:</td>
-          <td><input type="text" class="input" name="entry[givenname]" value="{$entry.givenname|escape}"></td>
+          <td><input type="text" class="input" name="entry[givenname]" value="{$entry.givenname}"></td>
          </tr>
  {/if}
  {if $fields.title}
          <tr>
            <td align="right" valign="top" nowrap="nowrap">{$lang.title}:</td>
-          <td><input type="text" class="input" name="entry[title]" value="{$entry.title|escape}"></td>
+          <td><input type="text" class="input" name="entry[title]" value="{$entry.title}"></td>
          </tr>
  {/if}
        </table>
@@ -56,70 +56,70 @@
          <tr>
            <td align="right" valign="top" nowrap="nowrap">{$lang.organization}:</td>
            <td>
-            <input type="text" class="input" name="entry[organization]" value="{$entry.organization|escape}">
+            <input type="text" class="input ac" name="entry[organization]" value="{$entry.organization}">
            </td>
          </tr>
  {/if}
  {if $fields.office}
          <tr>
            <td align="right" valign="top" nowrap="nowrap">{$lang.office}:</td>
-          <td><input type="text" class="input" name="entry[office]" value="{$entry.office|escape}"></td>
+          <td><input type="text" class="input" name="entry[office]" value="{$entry.office}"></td>
          </tr>
  {/if}
  {if $fields.street}
          <tr>
            <td align="right" valign="top" nowrap="nowrap">{$lang.street}:</td>
-          <td><input type="text" class="input" name="entry[street]" value="{$entry.street|escape}"></td>
+          <td><input type="text" class="input ac" name="entry[street]" value="{$entry.street}"></td>
          </tr>
  {/if}
  {if $fields.zip}
          <tr>
            <td align="right" valign="top" nowrap="nowrap">{$lang.zip}:</td>
-          <td><input type="text" class="input" name="entry[zip]" value="{$entry.zip|escape}"></td>
+          <td><input type="text" class="input" name="entry[zip]" value="{$entry.zip}"></td>
          </tr>
  {/if}
  {if $fields.location}
          <tr>
            <td align="right" valign="top" nowrap="nowrap">{$lang.location}:</td>
-          <td><input type="text" class="input" name="entry[location]" value="{$entry.location|escape}"></td>
+          <td><input type="text" class="input ac" name="entry[location]" value="{$entry.location}"></td>
          </tr>
  {/if}
  {if $fields.state}
          <tr>
            <td align="right" valign="top" nowrap="nowrap">{$lang.state}:</td>
-          <td><input type="text" class="input" name="entry[state]" value="{$entry.state|escape}"></td>
+          <td><input type="text" class="input ac" name="entry[state]" value="{$entry.state}"></td>
          </tr>
  {/if}
  {if $fields.country}
          <tr>
            <td align="right" valign="top">{$lang.country}:</td>
            <td>
-            <input type="text" class="inputbr" name="entry[country]" value="{$entry.country|escape}"><br>
+            <input type="text" class="input ac" name="entry[country]" value="{$entry.country}"><br>
            </td>
          </tr>
  {/if}
  {if $fields.phone}
          <tr>
            <td align="right" valign="top" nowrap="nowrap">{$lang.phone}:</td>
-          <td><input type="text" class="input" name="entry[phone]" value="{$entry.phone|escape}"></td>
+          <td><input type="text" class="input" name="entry[phone]" value="{$entry.phone}"></td>
          </tr>
  {/if}
  {if $fields.switchboard}
          <tr>
            <td align="right" valign="top" nowrap="nowrap">{$lang.switchboard}:</td>
-          <td><input type="text" class="input" name="entry[switchboard]" value="{$entry.switchboard|escape}"></td>
+          <td><input type="text" class="input" name="entry[switchboard]" value="{$entry.switchboard}"></td>
          </tr>
  {/if}
  {if $fields.fax}
          <tr>
            <td align="right" valign="top" nowrap="nowrap">{$lang.fax}:</td>
-          <td><input type="text" class="input" name="entry[fax]" value="{$entry.fax|escape}"></td>
+          <td><input type="text" class="input" name="entry[fax]" value="{$entry.fax}"></td>
          </tr>
  {/if}
  {if $fields.pager}
          <tr>
            <td align="right" valign="top" nowrap="nowrap">{$lang.pager}:</td>
-          <td><input type="text" class="input" name="entry[pager]" value="{$entry.pager|escape}"></td>
+          <td><input type="text" class="input" name="entry[pager]" value="{$entry.pager}"></td>
          </tr>
  {/if}
  {if $fields.manager}
@@ -136,13 +136,13 @@
  {if $fields.position}
          <tr>
            <td align="right" valign="top">{$lang.position}:</td>
-          <td><input type="text" class="input" name="entry[position]" value="{$entry.position|escape}"></td>
+          <td><input type="text" class="input ac" name="entry[position]" value="{$entry.position}"></td>
          </tr>
  {/if}
  {if $fields.department}
          <tr>
            <td align="right" valign="top">{$lang.department}:</td>
-          <td><input type="text" class="input" name="entry[department]" value="{$entry.department|escape}"></td>
+          <td><input type="text" class="input ac" name="entry[department]" value="{$entry.department}"></td>
          </tr>
  {/if}
  
@@ -158,25 +158,25 @@
  {if $fields.homestreet}
          <tr>
            <td align="right" valign="top" nowrap="nowrap">{$lang.homestreet}:</td>
-          <td><textarea name="entry[homestreet]" class="input" rows="2" cols="30">{$entry.homestreet|escape}</textarea></td>
+          <td><textarea name="entry[homestreet]" class="input" rows="2" cols="30">{$entry.homestreet}</textarea></td>
          </tr>
  {/if}
  {if $fields.homephone}
          <tr>
            <td align="right" valign="top" nowrap="nowrap">{$lang.homephone}:</td>
-          <td><input type="text" class="input" name="entry[homephone]" value="{$entry.homephone|escape}"></td>
+          <td><input type="text" class="input" name="entry[homephone]" value="{$entry.homephone}"></td>
          </tr>
  {/if}
  {if $fields.mobile}
          <tr>
            <td align="right" valign="top" nowrap="nowrap">{$lang.mobile}:</td>
-          <td><input type="text" class="input" name="entry[mobile]" value="{$entry.mobile|escape}"></td>
+          <td><input type="text" class="input" name="entry[mobile]" value="{$entry.mobile}"></td>
          </tr>
  {/if}
  {if $fields.url}
          <tr>
            <td align="right" valign="top" nowrap="nowrap">{$lang.url}:</td>
-          <td><input type="text" class="input" name="entry[url]" value="{$entry.url|escape}"></td>
+          <td><input type="text" class="input ac" name="entry[url]" value="{$entry.url}"></td>
          </tr>
  {/if}
  {if $fields.photo}
@@ -194,19 +194,19 @@
  {if $fields.birthday}
          <tr>
            <td align="right" valign="top">{$lang.birthday}:<br><span class="hint">({$lang.msg_dateformat})</span></td>
-          <td><input type="text" class="input" name="entry[birthday]" value="{$entry.birthday|escape}" maxlength="10"></td>
+          <td><input type="text" class="input" name="entry[birthday]" value="{$entry.birthday}" maxlength="10"></td>
          </tr>
  {/if}
  {if $fields.anniversary}
          <tr>
            <td align="right" valign="top" nowrap="nowrap">{$lang.anniversary}:<br><span class="hint">({$lang.msg_dateformat})</span></td>
-          <td><input type="text" class="input" name="entry[anniversary]" value="{$entry.anniversary|escape}" maxlength="10"></td>
+          <td><input type="text" class="input" name="entry[anniversary]" value="{$entry.anniversary}" maxlength="10"></td>
          </tr>
  {/if}
  {if $fields.spouse}
          <tr>
            <td align="right" valign="top" nowrap="nowrap">{$lang.spouse}:</td>
-          <td><input type="text" class="input" name="entry[spouse]" value="{$entry.spouse|escape}"></td>
+          <td><input type="text" class="input" name="entry[spouse]" value="{$entry.spouse}"></td>
          </tr>
  {/if}
  
@@ -217,7 +217,7 @@
          {foreach from=$entry.mail item=mail}
          <tr>
            <td align="right" valign="top" nowrap="nowrap">{$lang.mail} {counter}:</td>
-          <td><input type="text" class="input" name="entry[mail][]" value="{$mail|escape}"></td>
+          <td><input type="text" class="input" name="entry[mail][]" value="{$mail}"></td>
          </tr>
          {/foreach}
          <tr>
@@ -232,13 +232,13 @@
  {if $fields.instantmessenger}
          <tr>
            <td align="right" valign="top">{$lang.instantmessenger}:</td>
-          <td><input type="text" class="input" name="entry[instantmessenger]" value="{$entry.instantmessenger|escape}"></td>
+          <td><input type="text" class="input" name="entry[instantmessenger]" value="{$entry.instantmessenger}"></td>
          </tr>
  {/if}
  {if $fields.ipphone}
          <tr>
            <td align="right" valign="top">{$lang.ipphone}:</td>
-          <td><input type="text" class="input" name="entry[ipphone]" value="{$entry.ipphone|escape}"></td>
+          <td><input type="text" class="input" name="entry[ipphone]" value="{$entry.ipphone}"></td>
          </tr>
  {/if}
  
@@ -260,14 +260,14 @@
          <tr>
            <td align="right" valign="top" nowrap="nowrap">{$lang.marker}:<br><span class="hint">({$lang.msg_tagsep})</span></td>
            <td>
-            <textarea class="input" name="entry[markers]" id="tageditlookup">{$entry.markers|escape}</textarea><div id="tageditresult" class="autocomplete"></div>
+            <textarea class="input" name="entry[markers]" id="tageditlookup">{$entry.markers}</textarea>
            </td>
          </tr>
  {/if}
  {if $fields.note}
          <tr>
            <td align="right" valign="top">{$lang.note}:</td>
-          <td align="right"><textarea class="input" rows="6" cols="30" name="entry[note]" class="note">{$entry.note|escape}</textarea></td>
+          <td align="right"><textarea class="input" rows="6" cols="30" name="entry[note]" class="note">{$entry.note}</textarea></td>
          </tr>
  {/if}
  
@@ -279,7 +279,7 @@
          <tr>
            <td align="right" valign="top">{$lang.certificate}:</td>
            <td>
-            <textarea name="entry[certificate]" class="input" rows="6" cols="28" onClick="this.form.elements['entry[certificate]'].select();">{$entry.certificate|escape}</textarea>
+            <textarea name="entry[certificate]" class="input" rows="6" cols="28" onClick="this.form.elements['entry[certificate]'].select();">{$entry.certificate}</textarea>
              <br><input type="button" name="clearCert" value="Clear" onClick="if (confirm('Are you sure?')) this.form.elements['entry[certificate]'].value='';">
            </td>
          </tr>
@@ -287,14 +287,14 @@
  {if $fields.domain}
          <tr>
            <td align="right" valign="top">{$lang.domain}:</td>
-          <td><input type="text" class="input" name="entry[domain]" value="{$entry.domain|escape}"></td>
+          <td><input type="text" class="input" name="entry[domain]" value="{$entry.domain}"></td>
          </tr>
  {/if}
  {if $fields.timezone}
          <tr>
            <td align="right" valign="top">{$lang.timezone}:</td>
            <td>
-            <input type="text" class="inputbr" name="entry[timezone]" value="{$entry.timezone|escape}"><br>
+            <input type="text" class="inputbr" name="entry[timezone]" value="{$entry.timezone}"><br>
            </td>
          </tr>
  {/if}
diff --git a/templates/entry_show.tpl b/templates/entry_show.tpl

index e9678b60ef87d3e1fcec345c084f36a0acc9619d..3f0c5f22dfdc619475b0c8755e1e7cf66bc30987 100644 (file)
--- a/templates/entry_show.tpl
+++ b/templates/entry_show.tpl
@@ -1,7 +1,7 @@
  {include file="header.tpl"}
  
  {if $entry.photo != ''}
-  <a href="img.php?dn={$entry.dn|escape:url}"><img src="img.php?dn={$entry.dn|escape:url}" align="right" class="photo" width="130" /></a>
+  <a href="img.php?dn={$entry.dn|escape:url}&amp;.jpg" rel="imagebox" title="{$entry.givenname} {$entry.name}"><img src="img.php?dn={$entry.dn|escape:url}" align="right" class="photo" width="130" /></a>
  {/if}
  <h1>
    <img src="pix/{$entry.type}.png" border="0" width="22" height="22" align="middle" title="{$entry.type}" />
diff --git a/templates/filter.tpl b/templates/filter.tpl

index 136776ba6ca958bc784a173b8b046e7b029d2bb0..73f783efc497cc87aa7a5f4f2a45cf68f8b5ac23 100644 (file)
--- a/templates/filter.tpl
+++ b/templates/filter.tpl
@@ -29,19 +29,7 @@
    <li><a href="index.php?filter=*">*</a></li>
  </ul>
  
-{if $conf.openxchange}
-  <div class="categories x">
-    <form method="get" action="index.php">
-      <select name="categories" class="searchfield">
-        <option value="">--- {$lang.categories} ---</option>
-        {html_options values=$categories output=$categories selected=$smarty.request.categories}
-      </select>
-      <input type="submit" value="{$lang.search}" class="searchbutton" />
-    </form>
-  </div>
-{/if}
-
-{if $conf.extended}
+{if $fields._marker}
    <div class="tags x">
      <form method="get" action="index.php" accept-charset="utf-8">
        <a href="tags.php" class="tag">{$lang.marker}</a>:
@@ -51,7 +39,6 @@
        <input type="submit" value="{$lang.search}" class="searchbutton" />
      </form>
    </div>
-  <div id="tagresult" class="autocomplete"></div>
  {/if}
  
  <div class="search x">
diff --git a/templates/header.tpl b/templates/header.tpl

index 290dd366b8e7bf18d5012e757026de8da0a26bb4..de543828814e0bb6ee6668d07b6e2eda74262a7d 100644 (file)
--- a/templates/header.tpl
+++ b/templates/header.tpl
@@ -4,7 +4,6 @@
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  
    <link rel="stylesheet" type="text/css" href="templates/layout.css" />
-
    <link rel="stylesheet" type="text/css" href="templates/style.css" />
  
    <script src="js/prototype.js" type="text/javascript"></script>
diff --git a/templates/list_entry.tpl b/templates/list_entry.tpl

index e6a9ed5dd9d145df1bf2b97a5ddd61273e7eca56..a6d7d55c1c1b03cc23466fde359a80d55c2e0930 100644 (file)
--- a/templates/list_entry.tpl
+++ b/templates/list_entry.tpl
@@ -17,7 +17,7 @@
    </td>
    <td class="result" width="16">
      {if $entry.photo}
-      <a href="img.php?dn={$entry.dn|escape:url}" target="_blank" title="{$lang.photo}"><img src="pix/image.png" border="0" width="16" height="16" align="middle" title="{$lang.photo}"></a>
+      <a href="img.php?dn={$entry.dn|escape:url}&amp;.jpg" rel="imagebox" target="_blank" title="{$entry.givenname|escape} {$entry.name|escape}"><img src="pix/image.png" border="0" width="16" height="16" align="middle" title="{$lang.photo}"></a>
      {else}
        &nbsp;
      {/if}
author	Andreas Gohr <gohr@cosmocode.de>
	Wed, 13 Jun 2007 14:39:39 +0000 (16:39 +0200)
committer	Andreas Gohr <gohr@cosmocode.de>
	Wed, 13 Jun 2007 14:39:39 +0000 (16:39 +0200)
init.php		patch \| blob \| history
templates/entry_edit.tpl		patch \| blob \| history
templates/entry_show.tpl		patch \| blob \| history
templates/filter.tpl		patch \| blob \| history
templates/header.tpl		patch \| blob \| history
templates/list_entry.tpl		patch \| blob \| history