diff options
| author | Nathan Kinkade <nath@nkinka.de> | 2008-03-08 20:15:19 +0000 |
|---|---|---|
| committer | Nathan Kinkade <nath@nkinka.de> | 2008-03-08 20:15:19 +0000 |
| commit | 71d8569f0c49ca79c93a1eb3bc9130e862261911 (patch) | |
| tree | 0acb526554aa217277b0bc2ff5c362a215cc6994 /templates | |
| parent | 5a0b2aaf9877019e1dfcff304a0469857cfe3171 (diff) | |
HTML escape user entered text, and fixed display of long username in header.
Diffstat (limited to 'templates')
| -rw-r--r-- | templates/edit_food.tpl | 4 | ||||
| -rw-r--r-- | templates/edit_meal.tpl | 4 | ||||
| -rw-r--r-- | templates/food_match.tpl | 47 | ||||
| -rw-r--r-- | templates/food_quantity.tpl | 2 | ||||
| -rw-r--r-- | templates/food_search.tpl | 14 | ||||
| -rw-r--r-- | templates/header.tpl | 2 |
6 files changed, 15 insertions, 58 deletions
diff --git a/templates/edit_food.tpl b/templates/edit_food.tpl index 9c9c379..3cf5b75 100644 --- a/templates/edit_food.tpl +++ b/templates/edit_food.tpl @@ -8,7 +8,9 @@ <div><span style='text-decoration: underline;'><strong>Saved foods</strong></span></div> {if $savedFoods} {foreach from=$savedFoods item=savedFood} - <div name='savedFoods' id='savedFood-{$savedFood.id}'><a href='{$smarty.server.REQUEST_URI}' title='{$savedFood.description}' onclick='loadFoodToEdit("{$savedFood.id}"); return false;'>{$savedFood.description|truncate:25:" ..."}</a></div> + <div name='savedFoods' id='savedFood-{$savedFood.id}'> + <a href='{$smarty.server.REQUEST_URI}' title='{$savedFood.description|escape:"html"}' onclick='loadFoodToEdit("{$savedFood.id}"); return false;'>{$savedFood.description|escape:"html"|truncate:25:" ..."}</a> + </div> {/foreach} {else} No saved foods. diff --git a/templates/edit_meal.tpl b/templates/edit_meal.tpl index b0362fb..b741395 100644 --- a/templates/edit_meal.tpl +++ b/templates/edit_meal.tpl @@ -10,7 +10,9 @@ </div> {if $savedMeals} {foreach from=$savedMeals item=savedMeal} - <div name='savedMeals' id='savedMeal-{$savedMeal.id}'><a href='{$smarty.server.REQUEST_URI}' title='{$savedMeal.description}' onclick='loadMealToEdit({$savedMeal.id}); return false;'>{$savedMeal.description|truncate:25:" ..."}</a></div> + <div name='savedMeals' id='savedMeal-{$savedMeal.id}'> + <a href='{$smarty.server.REQUEST_URI}' title='{$savedMeal.description}' onclick='loadMealToEdit({$savedMeal.id}); return false;'>{$savedMeal.description|escape:"html"|truncate:25:" ..."}</a> + </div> {/foreach} {else} No saved meals. diff --git a/templates/food_match.tpl b/templates/food_match.tpl deleted file mode 100644 index 3b9ca3f..0000000 --- a/templates/food_match.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{$header} -<div id='columnContainer'> - - <div id='middleColumn'> - <div id='middleData'> - <p class='small'> - <strong>Search text</strong>: '{$searchString}'<br /> - <strong>Search type</strong>: {$searchType}/{$wordType}<br /> - <strong>Category</strong>: {$foodCategoryName} - </p> - -{if isset($searchResults)} - <p>The following items matched your search:</p> - - <p class='nowrap'> - {foreach from=$searchResults item=searchResult} - <a href='food_weight.php?ndb_no={$searchResult.ndb_no}'>{$searchResult.long_desc}</a><br /> - {/foreach} - </p> -{else} - <p> - <span class='msgError'>No items matched your search!</span><br /> - </p> - <p> - Would you like to <a href='index.php?{$queryString}'>refine your search</a>? - </p> - <p> - Don't understand the search options? See the <a href='faq.php#searching'>FAQ</a> on searching. - </p> -{/if} - </div> - </div> - - <div id='leftColumn'> - <div id='leftData'> - {$sidebar_left} - </div> - </div> - - <div id='rightColumn'> - <div id='rightData'> - {$sidebar_right} - </div> - </div> - -</div> -{$footer} diff --git a/templates/food_quantity.tpl b/templates/food_quantity.tpl index 7da4cd8..4f4e6d9 100644 --- a/templates/food_quantity.tpl +++ b/templates/food_quantity.tpl @@ -4,7 +4,7 @@ <div id='middleColumn'> <div id='middleData'> <div> - <strong>You selected</strong>: {$foodQuantities[0].foodDesc}<br /> + <strong>You selected</strong>: {$foodQuantities[0].foodDesc|escape}<br /> {if ! empty($foodQuantities[0].sciname)} <strong>Scientific name</strong>: <span style='text-decoration: italic;'>{$foodQuantities[0].sciname}</span> {/if} diff --git a/templates/food_search.tpl b/templates/food_search.tpl index 85a6690..9b41c02 100644 --- a/templates/food_search.tpl +++ b/templates/food_search.tpl @@ -4,10 +4,10 @@ <div id='middleColumn'> <div id='middleData'> <div> - <strong>Search text</strong>: '{$searchString}'<br /> - <strong>Search type</strong>: {$searchType}/{$wordType}<br /> - <strong>Category</strong>: {$foodCatName}<br /> - <strong>Sort by</strong>: {$sortType} + <strong>Search text</strong>: '{$searchString|escape:"html"}'<br /> + <strong>Search type</strong>: {$searchType|escape:"html"}/{$wordType|escape:"html"}<br /> + <strong>Category</strong>: {$foodCatName|escape:"html"}<br /> + <strong>Sort by</strong>: {$sortType|escape:"html"} </div> {if isset($searchResults)} <div style='margin-top: 2ex;'> @@ -34,11 +34,11 @@ {foreach from=$searchResults item=searchResult} <div> {if $searchResult.category == "userFood"} - <a href='view_food.php?{$searchResult.food}&description={$searchResult.foodDesc}'>{$searchResult.foodDesc}</a> + <a href='view_food.php?{$searchResult.food}&description={$searchResult.foodDesc|escape:"html"}'>{$searchResult.foodDesc|escape:"html"}</a> {elseif $searchResult.category == "userMeal"} - <a href='view_meal.php?meal={$searchResult.food}&description={$searchResult.foodDesc}'>{$searchResult.foodDesc}</a> + <a href='view_meal.php?meal={$searchResult.food}&description={$searchResult.foodDesc|escape:"html"}'>{$searchResult.foodDesc|escape:"html"}</a> {else} - <a href='food_quantity.php?food={$searchResult.food}'>{$searchResult.foodDesc}</a> + <a href='food_quantity.php?food={$searchResult.food}'>{$searchResult.foodDesc|escape:"html"}</a> {/if} </div> {/foreach} diff --git a/templates/header.tpl b/templates/header.tpl index d280975..ca7371d 100644 --- a/templates/header.tpl +++ b/templates/header.tpl @@ -19,7 +19,7 @@ {if isset($isLoggedIn)} <div id='headerMiddle'></div> <div id='headerRight'> - Hi {$smarty.session.user.username}.<br /> + Hi {$smarty.session.user.username|escape:"html"}.<br /> [<a href='logout.php'>Logout</a>] </div> |