Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixes broken rendering trying to parse against <script> input values.
  • Loading branch information
FrederickChan committed Mar 10, 2021
1 parent bed0f7d commit 08d6c2e
Show file tree
Hide file tree
Showing 15 changed files with 52 additions and 11 deletions.
2 changes: 1 addition & 1 deletion includes/dynamics/includes/form_buttons.php
Expand Up @@ -20,7 +20,7 @@
function form_button($input_name, $title, $input_value, array $options = []) {
$html = "";

$input_value = stripinput($input_value);
$input_value = clean_input_value($input_value);

$default_options = [
'input_id' => $input_name,
Expand Down
2 changes: 2 additions & 0 deletions includes/dynamics/includes/form_checkbox.php
Expand Up @@ -28,6 +28,8 @@ function form_checkbox($input_name, $label = '', $input_value = '0', array $opti

$locale = fusion_get_locale('', LOCALE.LOCALESET.'global.php');

$input_value = clean_input_value($input_value);

$default_options = [
'input_id' => $input_name,
'inline' => FALSE,
Expand Down
17 changes: 8 additions & 9 deletions includes/dynamics/includes/form_colorpicker.php
Expand Up @@ -17,18 +17,17 @@
| written permission from the original author(s).
+--------------------------------------------------------*/
function form_colorpicker($input_name, $label = '', $input_value = '', array $options = []) {

$locale = fusion_get_locale();

if (!defined("COLORPICKER")) {
define("COLORPICKER", TRUE);
$input_value = clean_input_value($input_value);

if (defined('BOOTSTRAP4')) {
add_to_head("<link href='".DYNAMICS."assets/colorpick/bs4/css/bootstrap-colorpicker.min.css' rel='stylesheet'>");
add_to_head("<script src='".DYNAMICS."assets/colorpick/bs4/js/bootstrap-colorpicker.min.js'></script>");
} else {
add_to_head("<link href='".DYNAMICS."assets/colorpick/css/bootstrap-colorpicker.min.css' rel='stylesheet'>");
add_to_head("<script src='".DYNAMICS."assets/colorpick/js/bootstrap-colorpicker.min.js'></script>");
}
if (defined('BOOTSTRAP4')) {
fusion_load_script(DYNAMICS.'assets/colorpick/bs4/css/bootstrap-colorpicker.min.css', 'css');
fusion_load_script(DYNAMICS.'assets/colorpick/bs4/js/bootstrap-colorpicker.min.js');
} else {
fusion_load_script(DYNAMICS.'assets/colorpick/css/bootstrap-colorpicker.min.css', 'css');
fusion_load_script(DYNAMICS.'assets/colorpick/js/bootstrap-colorpicker.min.js');
}

$title = $label ? stripinput($label) : ucfirst(strtolower(str_replace("_", " ", $input_name)));
Expand Down
2 changes: 2 additions & 0 deletions includes/dynamics/includes/form_contact.php
Expand Up @@ -28,6 +28,8 @@ function form_contact($input_name, $label, $input_value = "", $options = []) {

$locale = fusion_get_locale();

$input_value = clean_input_value($input_value);

$title = $label ? stripinput($label) : ucfirst(strtolower(str_replace("_", " ", $input_name)));

$id = trim($input_name, "[]");
Expand Down
2 changes: 2 additions & 0 deletions includes/dynamics/includes/form_datepicker.php
Expand Up @@ -84,6 +84,8 @@ function form_datepicker($input_name, $label = '', $input_value = '', array $opt

$locale = fusion_get_locale();

$input_value = clean_input_value($input_value);

if (!defined('DATEPICKER')) {
define('DATEPICKER', TRUE);
if (file_exists(DYNAMICS."assets/datepicker/locale/tooltip/".$locale['datepicker'].".js")) {
Expand Down
3 changes: 3 additions & 0 deletions includes/dynamics/includes/form_fileinput.php
Expand Up @@ -30,8 +30,11 @@ function form_fileinput($input_name, $label = '', $input_value = FALSE, array $o
$locale = fusion_get_locale();

$title = $label ? stripinput($label) : ucfirst(strtolower(str_replace("_", " ", $input_name)));

$input_name = (isset($input_name) && (!empty($input_name))) ? stripinput($input_name) : "";

$input_value = clean_input_value($input_value);

$template_choices = ['classic', 'modern', 'thumbnail'];

$default_options = [
Expand Down
3 changes: 3 additions & 0 deletions includes/dynamics/includes/form_geomap.php
Expand Up @@ -29,6 +29,9 @@
function form_geo($input_name, $label = "", $input_value = "", array $options = []) {

$locale = fusion_get_locale();

$input_value = clean_input_value($input_value);

$title = (isset($title) && (!empty($title))) ? $title : ucfirst(strtolower(str_replace("_", " ", $input_name)));
$countries = [];
require(INCLUDES.'geomap/geomap.inc.php');
Expand Down
4 changes: 4 additions & 0 deletions includes/dynamics/includes/form_hidden.php
Expand Up @@ -24,7 +24,11 @@
* @return string
*/
function form_hidden($input_name, $label = "", $input_value = "", array $options = []) {

$title = $label ? stripinput($label) : ucfirst(strtolower(str_replace("_", " ", $input_name)));

$input_value = clean_input_value($input_value);

$html = '';
$default_options = [
'input_id' => $input_name,
Expand Down
11 changes: 11 additions & 0 deletions includes/dynamics/includes/form_main.php
Expand Up @@ -86,6 +86,17 @@ function clean_input_name($value) {
return preg_replace($re, '', $value);
}

function clean_input_value($value) {
if (is_string($value)) {
return descript($value);
}
if (is_array($value)) {
return array_map('descript', $value);
}
return '';
}


function load_select2_script() {
static $loaded = FALSE;
if ($loaded === FALSE) {
Expand Down
2 changes: 2 additions & 0 deletions includes/dynamics/includes/form_name.php
Expand Up @@ -33,6 +33,8 @@ function form_name($input_name, $label = "", $input_value = FALSE, array $option
$input_value['2'] = '';
}

$input_value = clean_input_value($input_value);

$options += [
'input_id' => $input_name,
'required' => FALSE,
Expand Down
4 changes: 4 additions & 0 deletions includes/dynamics/includes/form_ordering.php
Expand Up @@ -66,6 +66,10 @@ function form_select_order($title, $input_name, $input_id, $option_array, $input
}
$multiple = ($is_multiple == "1") ? "multiple" : "";
}

$input_value = clean_input_value($input_value);


$html = "";
$html .= "<div class='form-group ".$state_validation." lres'><label class='col-lg-3 control-label' for='$input_id'>$title</label>";
$html .= "<div class='col-lg-9'>";
Expand Down
4 changes: 4 additions & 0 deletions includes/dynamics/includes/form_select.php
Expand Up @@ -109,6 +109,9 @@ function form_select($input_name, $label, $input_value, $options = []) {
];

$options += $default_options;

$input_value = clean_input_value($input_value);

$disable_opts = '';
if ($options['disable_opts']) {
$disable_opts = is_array($options['disable_opts']) ? $options['disable_opts'] : explode(',', $options['disable_opts']);
Expand Down Expand Up @@ -528,6 +531,7 @@ function form_user_select($input_name, $label = "", $input_value = FALSE, array
$locale = fusion_get_locale();

$title = $label ? stripinput($label) : ucfirst(strtolower(str_replace("_", " ", $input_name)));
$input_value = clean_input_value($input_value);

$default_options = [
'required' => FALSE,
Expand Down
2 changes: 2 additions & 0 deletions includes/dynamics/includes/form_text.php
Expand Up @@ -55,6 +55,8 @@ function form_text($input_name, $label = "", $input_value = "", array $options =

$input_id = trim(str_replace("[", "-", $input_name), "]");

$input_value = clean_input_value($input_value);

$default_options = [
'type' => 'text',
'required' => FALSE,
Expand Down
3 changes: 3 additions & 0 deletions includes/dynamics/includes/form_textarea.php
Expand Up @@ -78,6 +78,9 @@ function form_textarea($input_name, $label = '', $input_value = '', array $optio

$options += $default_options;

$input_value = clean_input_value($input_value);


if ($options['type'] == "tinymce") {

$options['tinymce'] = !empty($options['tinymce']) && in_array($options['tinymce'], [TRUE, 'simple', 'advanced']) ? $options['tinymce'] : "simple";
Expand Down

0 comments on commit 08d6c2e

Please sign in to comment.