Skip to content
This repository has been archived by the owner on Nov 25, 2020. It is now read-only.

Commit

Permalink
Replace ' by " to avoid label truncating on users/teams listing. Bett…
Browse files Browse the repository at this point in the history 
…er sanitization and error catching on Team creation.
  • Loading branch information
@cdujeu
cdujeu committed Jan 6, 2016
1 parent a4a6078 commit 4d39038
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 6 deletions.
11 changes: 9 additions & 2 deletions core/src/plugins/conf.sql/class.sqlConfDriver.php
View file
Expand Up @@ -1203,10 +1203,17 @@ public function userTeamsActions($actionName, $httpVars, $fileVars)
switch ($actionName) {
case "user_team_create":
$userIds = $httpVars["user_ids"];
$teamLabel = $httpVars["team_label"];
$teamLabel = AJXP_Utils::sanitize($httpVars["team_label"], AJXP_SANITIZE_HTML_STRICT);
if(empty($teamLabel)){
throw new Exception("Empty Team Label!");
}
if(empty($userIds)){
throw new Exception("Please select some users for this team.");
}
$teamId = AJXP_Utils::slugify($teamLabel)."-".intval(rand(0,1000));
foreach ($userIds as $userId) {
$this->addUserToTeam($teamId, $userId, $teamLabel);
$id = AJXP_Utils::sanitize($userId, AJXP_SANITIZE_EMAILCHARS);
$this->addUserToTeam($teamId, $id, $teamLabel);
}
echo 'Created Team $teamId';
break;
Expand Down
8 changes: 4 additions & 4 deletions core/src/plugins/core.conf/class.AbstractConfDriver.php
View file
Expand Up @@ -1181,13 +1181,13 @@ public function switchAction($action, $httpVars, $fileVars)
}
$mess = ConfService::getMessages();
if ($regexp == null && !$usersOnly) {
$users .= "<li class='complete_group_entry' data-group='AJXP_GRP_/' data-label='".$mess["447"]."'><span class='user_entry_label'>".$mess["447"]."</span></li>";
$users .= "<li class='complete_group_entry' data-group='AJXP_GRP_/' data-label=\"".$mess["447"]."\"><span class='user_entry_label'>".$mess["447"]."</span></li>";
}
$indexGroup = 0;
if (!$usersOnly && isset($allGroups) && is_array($allGroups)) {
foreach ($allGroups as $groupId => $groupLabel) {
if ($regexp == null || preg_match("/$regexp/i", $groupLabel)) {
$users .= "<li class='complete_group_entry' data-group='$groupId' data-label='$groupLabel' data-entry_id='$groupId'><span class='user_entry_label'>".$groupLabel."</span></li>";
$users .= "<li class='complete_group_entry' data-group='$groupId' data-label=\"$groupLabel\" data-entry_id='$groupId'><span class='user_entry_label'>".$groupLabel."</span></li>";
$indexGroup++;
}
if($indexGroup == $limit) break;
Expand All @@ -1196,7 +1196,7 @@ public function switchAction($action, $httpVars, $fileVars)
if ($regexp == null && method_exists($this, "listUserTeams")) {
$teams = $this->listUserTeams();
foreach ($teams as $tId => $tData) {
$users.= "<li class='complete_group_entry' data-group='/AJXP_TEAM/$tId' data-label='[team] ".$tData["LABEL"]."'><span class='user_entry_label'>[team] ".$tData["LABEL"]."</span></li>";
$users.= "<li class='complete_group_entry' data-group='/AJXP_TEAM/$tId' data-label=\"[team] ".$tData["LABEL"]."\"><span class='user_entry_label'>[team] ".$tData["LABEL"]."</span></li>";
}
}
foreach ($allUsers as $userId => $userObject) {
Expand All @@ -1208,7 +1208,7 @@ public function switchAction($action, $httpVars, $fileVars)
if (ConfService::getCoreConf("USERS_LIST_HIDE_LOGIN", "conf") == true && $userLabel != $userId) {
$userDisplay = $userLabel;
}
$users .= "<li class='complete_user_entry' data-label='$userLabel' data-entry_id='$userId'><span class='user_entry_label'>".$userDisplay."</span></li>";
$users .= "<li class='complete_user_entry' data-label=\"$userLabel\" data-entry_id='$userId'><span class='user_entry_label'>".$userDisplay."</span></li>";
$index ++;
}
if($index == $limit) break;
Expand Down

0 comments on commit 4d39038

Please sign in to comment.