From 71d8569f0c49ca79c93a1eb3bc9130e862261911 Mon Sep 17 00:00:00 2001 From: Nathan Kinkade Date: Sat, 8 Mar 2008 20:15:19 +0000 Subject: HTML escape user entered text, and fixed display of long username in header. --- css/site.css | 6 +++--- templates/edit_food.tpl | 4 +++- templates/edit_meal.tpl | 4 +++- templates/food_match.tpl | 47 --------------------------------------------- templates/food_quantity.tpl | 2 +- templates/food_search.tpl | 14 +++++++------- templates/header.tpl | 2 +- 7 files changed, 18 insertions(+), 61 deletions(-) delete mode 100644 templates/food_match.tpl diff --git a/css/site.css b/css/site.css index 89310aa..5daa63e 100644 --- a/css/site.css +++ b/css/site.css @@ -70,7 +70,7 @@ a:hover.whiteLink { height: 55px; text-align: right; left: 60.5%; - width: 29%; + /*width: 29%;*/ top: 0; padding-top: 5px; } @@ -79,8 +79,8 @@ a:hover.whiteLink { position: absolute; height: 55px; text-align: center; - left: 89.5%; - width: 10%; + right: 1%; + /*width: 10%;*/ top: 0; padding-top: 5px; padding-left: 1ex; diff --git a/templates/edit_food.tpl b/templates/edit_food.tpl index 9c9c379..3cf5b75 100644 --- a/templates/edit_food.tpl +++ b/templates/edit_food.tpl @@ -8,7 +8,9 @@
Saved foods
{if $savedFoods} {foreach from=$savedFoods item=savedFood} -
{$savedFood.description|truncate:25:" ..."}
+
+ {$savedFood.description|escape:"html"|truncate:25:" ..."} +
{/foreach} {else} No saved foods. diff --git a/templates/edit_meal.tpl b/templates/edit_meal.tpl index b0362fb..b741395 100644 --- a/templates/edit_meal.tpl +++ b/templates/edit_meal.tpl @@ -10,7 +10,9 @@ {if $savedMeals} {foreach from=$savedMeals item=savedMeal} -
{$savedMeal.description|truncate:25:" ..."}
+
+ {$savedMeal.description|escape:"html"|truncate:25:" ..."} +
{/foreach} {else} No saved meals. diff --git a/templates/food_match.tpl b/templates/food_match.tpl deleted file mode 100644 index 3b9ca3f..0000000 --- a/templates/food_match.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{$header} -
- -
-
-

- Search text: '{$searchString}'
- Search type: {$searchType}/{$wordType}
- Category: {$foodCategoryName} -

- -{if isset($searchResults)} -

The following items matched your search:

- -

- {foreach from=$searchResults item=searchResult} - {$searchResult.long_desc}
- {/foreach} -

-{else} -

- No items matched your search!
-

-

- Would you like to refine your search? -

-

- Don't understand the search options? See the FAQ on searching. -

-{/if} -
-
- -
-
- {$sidebar_left} -
-
- -
-
- {$sidebar_right} -
-
- -
-{$footer} diff --git a/templates/food_quantity.tpl b/templates/food_quantity.tpl index 7da4cd8..4f4e6d9 100644 --- a/templates/food_quantity.tpl +++ b/templates/food_quantity.tpl @@ -4,7 +4,7 @@
- You selected: {$foodQuantities[0].foodDesc}
+ You selected: {$foodQuantities[0].foodDesc|escape}
{if ! empty($foodQuantities[0].sciname)} Scientific name: {$foodQuantities[0].sciname} {/if} diff --git a/templates/food_search.tpl b/templates/food_search.tpl index 85a6690..9b41c02 100644 --- a/templates/food_search.tpl +++ b/templates/food_search.tpl @@ -4,10 +4,10 @@
- Search text: '{$searchString}'
- Search type: {$searchType}/{$wordType}
- Category: {$foodCatName}
- Sort by: {$sortType} + Search text: '{$searchString|escape:"html"}'
+ Search type: {$searchType|escape:"html"}/{$wordType|escape:"html"}
+ Category: {$foodCatName|escape:"html"}
+ Sort by: {$sortType|escape:"html"}
{if isset($searchResults)}
@@ -34,11 +34,11 @@ {foreach from=$searchResults item=searchResult} {/foreach} diff --git a/templates/header.tpl b/templates/header.tpl index d280975..ca7371d 100644 --- a/templates/header.tpl +++ b/templates/header.tpl @@ -19,7 +19,7 @@ {if isset($isLoggedIn)}
- Hi {$smarty.session.user.username}.
+ Hi {$smarty.session.user.username|escape:"html"}.
[Logout]
-- cgit v1.2.3