Add html_escape to HTML elements with gettext value

git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/phpsurveyor@2278 b72ed6b6-b9f8-46b5-92b4-906544132732

admin/activate.php

@@ -465,12 +465,12 @@
 	if (isset($surveynotprivate) && $surveynotprivate) //This survey is tracked, and therefore a tokens table MUST exist
 	{
 		$activateoutput .= $clang->gT("This is not an anonymous survey. A token table must also be created.")."<br /><br />\n";
-		$activateoutput .= "<input type='submit' value='".$clang->gT("Initialise Tokens")."' onClick=\"window.open('$scriptname?action=tokens&amp;sid={$_GET['sid']}&amp;createtable=Y', '_top')\" />\n";
+		$activateoutput .= "<input type='submit' value='".html_escape($clang->gT("Initialise Tokens"))."' onClick=\"window.open('$scriptname?action=tokens&amp;sid={$_GET['sid']}&amp;createtable=Y', '_top')\" />\n";
 	}
 	elseif (isset($surveyallowsregistration) && $surveyallowsregistration == "TRUE")
 	{
 		$activateoutput .= $clang->gT("This survey allows public registration. A token table must also be created.")."<br /><br />\n";
-		$activateoutput .= "<input type='submit' value='".$clang->gT("Initialise Tokens")."' onClick=\"window.open('$scriptname?action=tokens&amp;sid={$_GET['sid']}&amp;createtable=Y', '_top')\" />\n";
+		$activateoutput .= "<input type='submit' value='".html_escape($clang->gT("Initialise Tokens"))."' onClick=\"window.open('$scriptname?action=tokens&amp;sid={$_GET['sid']}&amp;createtable=Y', '_top')\" />\n";
 	}
 	else
 	{

admin/assessments.php

@@ -161,12 +161,12 @@
 		$assessmentsoutput.= "<td>
 			   <table width='100%'>
 				<tr><td align='center'><form method='post' action='admin.php?sid=$surveyid'>
-				 <input type='submit' value='".$clang->gT("Edit")."' />
+				 <input type='submit' value='".html_escape($clang->gT("Edit"))."' />
 				 <input type='hidden' name='action' value='assessmentedit' />
 				 <input type='hidden' name='id' value='".$assess['id']."' />
 				 </form></td>
 				 <td align='center'><form method='post' action='admin.php?sid=$surveyid'>
-				 <input type='submit' value='".$clang->gT("Delete")."' onClick='return confirm(\"".$clang->gT("Are you sure you want to delete this entry.")."\")' />
+				 <input type='submit' value='".html_escape($clang->gT("Delete"))."' onClick='return confirm(\"".$clang->gT("Are you sure you want to delete this entry.")."\")' />
 				 <input type='hidden' name='action' value='assessmentdelete' />
 				 <input type='hidden' name='id' value='".$assess['id']."' />
 				 </form>

admin/browse.php

@@ -67,7 +67,7 @@
 	."<strong><font color='red'>".$clang->gT("Error")."</font></strong><br />\n"
 	. $clang->gT("The defined surveyor database does not exist")."<br />\n"
 	. $clang->gT("Either your selected database has not yet been created or there is a problem accessing it.")."<br /><br />\n"
-	."<input type='submit' value='".$clang->gT("Main Admin Screen")."' onClick=\"window.open('$scriptname', '_top')\"><br />\n"
+	."<input type='submit' value='".html_escape($clang->gT("Main Admin Screen"))."' onClick=\"window.open('$scriptname', '_top')\"><br />\n"
 	."</td></tr></table>\n"
 	."</body>\n</html>";
 	return;
@@ -118,7 +118,7 @@
 	."\t<tr bgcolor='#CCCCCC'><td align='center'>$setfont\n"
 	."<strong><font color='red'>".$clang->gT("Error")."</font></strong><br />\n"
 	. $clang->gT("There is no matching survey.")." ($surveyid)<br /><br />\n"
-	."<input type='submit' value='".$clang->gT("Main Admin Screen")."' onClick=\"window.open('$scriptname', '_top')\"><br />\n"
+	."<input type='submit' value='".html_escape($clang->gT("Main Admin Screen"))."' onClick=\"window.open('$scriptname', '_top')\"><br />\n"
 	."</td></tr></table>\n"
 	."</body>\n</html>";
 	return;
@@ -517,7 +517,7 @@
 	."\t\t\t<img src='$imagefiles/blank.gif' width='31' height='20' border='0' hspace='0' align='right' alt='' />\n"
 	."\t\t\t".$clang->gT("Records Displayed:")."<input type='text' size='4' value='$dtcount2' name='limit'>\n"
 	."\t\t\t".$clang->gT("Starting From:")."<input type='text' size='4' value='$start' name='start'>\n"
-	."\t\t\t<input type='submit' value='".$clang->gT("Show")."'>\n"
+	."\t\t\t<input type='submit' value='".html_escape($clang->gT("Show"))."'>\n"
 	."\t\t</font>\n"
 	."\t\t<input type='hidden' name='sid' value='$surveyid'>\n"
 	."\t\t<input type='hidden' name='action' value='all'>\n");

admin/conditions.php

@@ -617,7 +617,7 @@
 	."\t</tr>\n";
 
 	$conditionsoutput .= "\t<tr><td colspan='3' align='center'>\n"
-	."<input type='submit' value='".$clang->gT("Copy Conditions")."' onclick=\"return confirm('".$clang->gT("Are you sure you want to copy these condition(s) to the questions you have selected?")."')\" />"
+	."<input type='submit' value='".html_escape($clang->gT("Copy Conditions"))."' onclick=\"return confirm('".$clang->gT("Are you sure you want to copy these condition(s) to the questions you have selected?")."')\" />"
 	."\t\t\n";
 
 	$conditionsoutput .= "<input type='hidden' name='subaction' value='copyconditions' />\n"
@@ -677,8 +677,8 @@
 ."\t</tr>\n"
 ."\t<tr>\n"
 ."\t\t<td colspan='3' align='center'>\n"
-."\t\t\t<input type='reset' value='".$clang->gT("Clear")."' onClick=\"clearAnswers()\" />\n"
-."\t\t\t<input type='submit' value='".$clang->gT("Add Condition")."' />\n"
+."\t\t\t<input type='reset' value='".html_escape($clang->gT("Clear"))."' onClick=\"clearAnswers()\" />\n"
+."\t\t\t<input type='submit' value='".html_escape($clang->gT("Add Condition"))."' />\n"
 ."<input type='hidden' name='sid' value='$surveyid' />\n"
 ."<input type='hidden' name='qid' value='$qid' />\n"
 ."<input type='hidden' name='subaction' value='insertcondition' />\n"
@@ -694,7 +694,7 @@
 ."\t\t</td>\n";
 $conditionsoutput .= "\t<tr bgcolor='#CDCDCD'><td colspan=3 height='10'></td></tr>\n"
 ."\t\t<tr><td colspan='3' align='center'>\n"
-."\t\t\t<input type='submit' value='".$clang->gT("Close Window")."' onClick=\"window.close()\"  />\n"
+."\t\t\t<input type='submit' value='".html_escape($clang->gT("Close Window"))."' onClick=\"window.close()\"  />\n"
 ."\t\t</td>\n"
 ."\t</tr>\n";
 $conditionsoutput .= "\t<tr><td colspan='3'></td></tr>\n"

admin/createdb.php

@@ -52,7 +52,7 @@
    if (modify_database(dirname(__FILE__).'/install/create-'.$databasetype.'.sql'))
    {
    echo sprintf($clang->gT("Database `%s` has been successfully populated."),$dbname)."</font></strong></font><br /><br />\n";
-   echo "<input type='submit' value='".$clang->gT("Main Admin Screen")."' onClick='location.href=\"$scriptname\"'>";
+   echo "<input type='submit' value='".html_escape($clang->gT("Main Admin Screen"))."' onClick='location.href=\"$scriptname\"'>";
    exit;
    }
     else
@@ -68,7 +68,7 @@
 	echo $clang->gT("Database Information not provided. This script must be run from admin.php only.");
 
 	echo "<br /><br />\n";
-	echo "<input type='submit' value='".$clang->gT("Main Admin Screen")."' onClick='location.href=\"$scriptname\"'>";
+	echo "<input type='submit' value='".html_escape($clang->gT("Main Admin Screen"))."' onClick='location.href=\"$scriptname\"'>";
 	exit;
 }
 
@@ -92,15 +92,15 @@
 		echo $clang->gT("Database has been created.")."</font></strong></font><br /><br />\n";
 		echo $clang->gT("Please click below to populate the database")."<br /><br />\n";
 		echo "<form method='post'>";
-		echo "<input type='submit' name='createdbstep2' value='".$clang->gT("Populate Database")."' onClick='location.href=\"createdb.php\"'></form>";
+		echo "<input type='submit' name='createdbstep2' value='".html_escape($clang->gT("Populate Database"))."' onClick='location.href=\"createdb.php\"'></form>";
 	}
 	else
 	{
 		echo "<strong>$setfont<font color='red'>".$clang->gT("Error")."</font></strong></font><br />\n";
 		echo $clang->gT("Could not create database")." ($dbname)<br /><font size='1'>\n";
 		echo $connect->ErrorMsg();
 		echo "</font><br /><br />\n";
-		echo "<input type='submit' value='".$clang->gT("Main Admin Screen")."' onClick='location.href=\"$scriptname\"'>";
+		echo "<input type='submit' value='".html_escape($clang->gT("Main Admin Screen"))."' onClick='location.href=\"$scriptname\"'>";
 	}
 }
 echo "</td></tr></table>\n";

admin/dataentry.php

@@ -152,7 +152,7 @@
 						$dataentryoutput .= "<input type='hidden' name='$key' value='$val'>\n";
 					}
 				}
-				$dataentryoutput .= "</td></tr><tr><td></td><td><input type='submit' value='".$clang->gT("submit")."'>
+				$dataentryoutput .= "</td></tr><tr><td></td><td><input type='submit' value='".html_escape($clang->gT("submit"))."'>
 					 <input type='hidden' name='sid' value='$surveyid'>
 					 <input type='hidden' name='surveytable' value='".$_POST['surveytable']."'>
 					 <input type='hidden' name='subaction' value='".$_POST['action']."'>
@@ -1169,7 +1169,7 @@
 		{
 			$dataentryoutput .= "	<tr>
 						<td bgcolor='#CCCCCC' align='center'>
-						 <input type='submit' value='".$clang->gT("Update Entry")."'>
+						 <input type='submit' value='".html_escape($clang->gT("Update Entry"))."'>
 						 <input type='hidden' name='id' value='$id'>
 						 <input type='hidden' name='sid' value='$surveyid'>
 						 <input type='hidden' name='subaction' value='update'>
@@ -1217,7 +1217,7 @@ function saveshow(value)
 			."</div>\n";
 			$dataentryoutput .= "	<tr>
 					<td bgcolor='#CCCCCC' align='center'>
-					 <input type='submit' value='".$clang->gT("submit")."'>
+					 <input type='submit' value='".html_escape($clang->gT("submit"))."'>
 					 <input type='hidden' name='sid' value='$surveyid'>
 					 <input type='hidden' name='subaction' value='insert'>
 					 <input type='hidden' name='surveytable' value='{$dbprefix}survey_$surveyid'>
@@ -2156,7 +2156,7 @@ function saveshow(value)
 			}
 			$dataentryoutput .= "\t<tr>\n";
 			$dataentryoutput .= "\t\t<td colspan='3' align='center' bgcolor='#CCCCCC'>$setfont\n";
-			$dataentryoutput .= "\t\t\t<input type='submit' value='".$clang->gT("submit")."' />\n";
+			$dataentryoutput .= "\t\t\t<input type='submit' value='".html_escape($clang->gT("submit"))."' />\n";
 			$dataentryoutput .= "\t\t</font></td>\n";
 			$dataentryoutput .= "\t</tr>\n";
 		}
@@ -2175,7 +2175,7 @@ function saveshow(value)
 			$dataentryoutput .= "\t\t<td colspan='3' align='center' bgcolor='#CCCCCC'>$setfont\n";
 			$dataentryoutput .= "\t\t\t<font color='red'><strong>".$clang->gT("Error")."</strong></font><br />\n";
 			$dataentryoutput .= "\t\t\t".$clang->gT("The survey you selected does not exist")."</font><br /><br />\n";
-			$dataentryoutput .= "\t\t\t<input type='submit' value='".$clang->gT("Main Admin Screen")."' onClick=\"window.open('$scriptname', '_top')\">\n";
+			$dataentryoutput .= "\t\t\t<input type='submit' value='".html_escape($clang->gT("Main Admin Screen"))."' onClick=\"window.open('$scriptname', '_top')\">\n";
 			$dataentryoutput .= "\t\t</td>\n";
 			$dataentryoutput .= "\t</tr>\n";
 			$dataentryoutput .= "</table>";

admin/deactivate.php

@@ -61,7 +61,7 @@
 	$deactivateoutput .= "\t</tr>\n";
 	$deactivateoutput .= "\t<tr>\n";
 	$deactivateoutput .= "\t\t<td align='center'>\n";
-	$deactivateoutput .= "\t\t\t<input type='submit' value='".$clang->gT("De-Activate Survey")."' onClick=\"window.open('$scriptname?action=deactivate&amp;ok=Y&amp;sid={$_GET['sid']}', '_top')\">\n";
+	$deactivateoutput .= "\t\t\t<input type='submit' value='".html_escape($clang->gT("De-Activate Survey"))."' onClick=\"window.open('$scriptname?action=deactivate&amp;ok=Y&amp;sid={$_GET['sid']}', '_top')\">\n";
 	$deactivateoutput .= "\t\t<br />&nbsp;</td>\n";
 	$deactivateoutput .= "\t</tr>\n";
 	$deactivateoutput .= "</table><br />&nbsp;\n";
@@ -128,7 +128,7 @@
 	$deactivateoutput .= "\t</tr>\n";
 	$deactivateoutput .= "\t<tr>\n";
 	$deactivateoutput .= "\t\t<td align='center'>\n";
-	$deactivateoutput .= "\t\t\t<input type='submit' value='".$clang->gT("Main Admin Screen")."' onClick=\"window.open('$scriptname?sid={$_GET['sid']}', '_top')\">\n";
+	$deactivateoutput .= "\t\t\t<input type='submit' value='".html_escape($clang->gT("Main Admin Screen"))."' onClick=\"window.open('$scriptname?sid={$_GET['sid']}', '_top')\">\n";
 	$deactivateoutput .= "\t\t</td>\n";
 	$deactivateoutput .= "\t</tr>\n";
 	$deactivateoutput .= "</table>\n";

admin/deletesurvey.php

@@ -61,7 +61,7 @@
 	{
 		echo "<br /><font color='red'><strong>".$clang->gT("Error")."</strong></font><br />\n";
 		echo $clang->gT("You have not selected a survey to delete")."<br /><br />\n";
-		echo "<input type='submit' value='".$clang->gT("Main Admin Screen")."' onClick=\"window.open('$scriptname', '_top')\">\n";
+		echo "<input type='submit' value='".html_escape($clang->gT("Main Admin Screen"))."' onClick=\"window.open('$scriptname', '_top')\">\n";
 		echo "</td></tr></table>\n";
 		echo "</body>\n</html>";
 		exit;
@@ -93,8 +93,8 @@
 		echo "\t</tr>\n";
 		echo "\t<tr>\n";
 		echo "\t\t<td align='center'><br />\n";
-		echo "\t\t\t<input type='submit'  value='".$clang->gT("Cancel")."' onClick=\"window.open('admin.php?sid=$surveyid', '_top')\" /><br />\n";
-		echo "\t\t\t<input type='submit'  value='".$clang->gT("Delete")."' onClick=\"window.open('{$_SERVER['PHP_SELF']}?sid=$surveyid&amp;ok=Y','_top')\" />\n";
+		echo "\t\t\t<input type='submit'  value='".html_escape($clang->gT("Cancel"))."' onClick=\"window.open('admin.php?sid=$surveyid', '_top')\" /><br />\n";
+		echo "\t\t\t<input type='submit'  value='".html_escape($clang->gT("Delete"))."' onClick=\"window.open('{$_SERVER['PHP_SELF']}?sid=$surveyid&amp;ok=Y','_top')\" />\n";
 		echo "\t\t</td>\n";
 		echo "\t</tr>\n";
 		echo "</table>\n";
@@ -151,7 +151,7 @@
 		echo "\t<tr>\n";
 		echo "\t\t<td align='center'>$setfont<br />\n";
 		echo "\t\t\t<strong>".$clang->gT("This survey has been deleted.")."<br /><br />\n";
-		echo "\t\t\t<input type='submit' value='".$clang->gT("Main Admin Screen")."' onClick=\"window.open('$scriptname', '_top')\">\n";
+		echo "\t\t\t<input type='submit' value='".html_escape($clang->gT("Main Admin Screen"))."' onClick=\"window.open('$scriptname', '_top')\">\n";
 		echo "\t\t</strong></font></td>\n";
 		echo "\t</tr>\n";
 		echo "</table>\n";

admin/dumpgroup.php

@@ -56,7 +56,7 @@
 	echo "\t<tr bgcolor='#555555'><td colspan='2' height='4'><font size='1' face='verdana' color='white'><strong>".$clang->gT("Export Question")."</strong></td></tr>\n";
 	echo "\t<tr bgcolor='#CCCCCC'><td align='center'>$setfont\n";
 	echo "$setfont<br /><strong><font color='red'>".$clang->gT("Error")."</font></strong><br />\n"._EQ_NOGID."<br />\n";
-	echo "<br /><input type='submit' value='".$clang->gT("Main Admin Screen")."' onClick=\"window.open('$scriptname', '_top')\">\n";
+	echo "<br /><input type='submit' value='".html_escape($clang->gT("Main Admin Screen"))."' onClick=\"window.open('$scriptname', '_top')\">\n";
 	echo "\t</td></tr>\n";
 	echo "</table>\n";
 	echo "</body></html>\n";

admin/dumplabel.php

@@ -56,7 +56,7 @@
 	echo "\t<tr bgcolor='#555555'><td colspan='2' height='4'><font size='1' face='verdana' color='white'><strong>".$clang->gT("Export Label Set")."</strong></td></tr>\n";
 	echo "\t<tr bgcolor='#CCCCCC'><td align='center'>$setfont\n";
 	echo "$setfont<br /><strong><font color='red'>".$clang->gT("Error")."</font></strong><br />\n".$clang->gT("No LID has been provided. Cannot dump label set.")."<br />\n";
-	echo "<br /><input type='submit' value='".$clang->gT("Main Admin Screen")."' onClick=\"window.open('$scriptname', '_top')\">\n";
+	echo "<br /><input type='submit' value='".html_escape($clang->gT("Main Admin Screen"))."' onClick=\"window.open('$scriptname', '_top')\">\n";
 	echo "\t</td></tr>\n";
 	echo "</table>\n";
 	echo "</body></html>\n";

admin/dumpquestion.php

@@ -56,7 +56,7 @@
 	echo "\t<tr bgcolor='#555555'><td colspan='2' height='4'><font size='1' face='verdana' color='white'><strong>".$clang->gT("Export Question")."</strong></td></tr>\n";
 	echo "\t<tr bgcolor='#CCCCCC'><td align='center'>$setfont\n";
 	echo "$setfont<br /><strong><font color='red'>".$clang->gT("Error")."</font></strong><br />\n".$clang->gT("No QID has been provided. Cannot dump question.")."<br />\n";
-	echo "<br /><input type='submit' value='".$clang->gT("Main Admin Screen")."' onClick=\"window.open('$scriptname', '_top')\">\n";
+	echo "<br /><input type='submit' value='".html_escape($clang->gT("Main Admin Screen"))."' onClick=\"window.open('$scriptname', '_top')\">\n";
 	echo "\t</td></tr>\n";
 	echo "</table>\n";
 	echo "</body></html>\n";