Add remove_xss

chamilo · May 14, 2021 · f8e0033 · f8e0033
1 parent 37b4d93
commit f8e0033
Show file tree

Hide file tree

Showing 4 changed files with 104 additions and 86 deletions.
diff --git a/main/template/default/user_portal/classic_courses_with_category.tpl b/main/template/default/user_portal/classic_courses_with_category.tpl
@@ -10,13 +10,13 @@
                         <div class="col-md-2">
                             {% if item.visibility == constant('COURSE_VISIBILITY_CLOSED') and not item.current_user_is_teacher %}
                                 <span class="thumbnail">
-                                        {% if item.thumbnails != '' %}
-                                            <img src="{{ item.thumbnails }}" title="{{ item.title }}"
-                                                 alt="{{ item.title }}"/>
-                                        {% else %}
-                                            {{ 'blackboard.png' | img(48, item.title ) }}
-                                        {% endif %}
-                                    </span>
+                                    {% if item.thumbnails != '' %}
+                                        <img src="{{ item.thumbnails }}" title="{{ item.title }}"
+                                             alt="{{ item.title }}"/>
+                                    {% else %}
+                                        {{ 'blackboard.png' | img(48, item.title ) }}
+                                    {% endif %}
+                                </span>
                             {% else %}
                                 <a href="{{ item.link }}" class="thumbnail">
                                     {% if item.thumbnails != '' %}
@@ -46,14 +46,17 @@
                                 </div>
                             {% endif %}
                             <h4 class="course-items-title">
-                                {% if item.visibility == constant('COURSE_VISIBILITY_CLOSED') and not item.current_user_is_teacher %}
-                                    {{ item.title }} {{ item.code_course }} {{ item.url_marker }}
-                                {% else %}
-                                    <a href="{{ item.link }}">
+                                {% set title %}
+                                    {% if item.visibility == constant('COURSE_VISIBILITY_CLOSED') and not item.current_user_is_teacher %}
                                         {{ item.title }} {{ item.code_course }} {{ item.url_marker }}
-                                    </a>
-                                    {{ item.notifications }}
-                                {% endif %}
+                                    {% else %}
+                                        <a href="{{ item.link }}">
+                                            {{ item.title }} {{ item.code_course }} {{ item.url_marker }}
+                                        </a>
+                                        {{ item.notifications }}
+                                    {% endif %}
+                                {% endset %}
+                                {{ title |  remove_xss }}
                             </h4>
                             <div class="course-items-session">
                                 <div class="list-teachers">

diff --git a/main/template/default/user_portal/grid_courses_with_category.tpl b/main/template/default/user_portal/grid_courses_with_category.tpl
@@ -12,36 +12,39 @@
                         <div class="col-xs-12 col-sm-6 col-md-4">
                             <div class="items">
                                 <div class="image">
-                                    {% if item.is_special_course %}
-                                        <div class="pin">{{ item.icon }}</div>
-                                    {% endif %}
-                                    {% if item.visibility == constant('COURSE_VISIBILITY_CLOSED') and not item.current_user_is_teacher %}
-                                        <img src="{{ item.image }}" class="img-responsive">
-                                    {% else %}
-                                        <a title="{{ item.title }}" href="{{ item.link }}">
-                                            <img src="{{ item.image }}" alt="{{ item.title }}" class="img-responsive">
-                                        </a>
-                                    {% endif %}
-                                    {% if item.category != '' %}
-                                        <span class="category">{{ item.category }}</span>
-                                        <div class="cribbon"></div>
-                                    {% endif %}
-                                    {% if item.edit_actions != '' %}
-                                        <div class="admin-actions">
-                                            {% if item.document == '' %}
-                                                <a class="btn btn-default btn-sm" href="{{ item.edit_actions }}">
-                                                    <i class="fa fa-pencil" aria-hidden="true"></i>
-                                                </a>
-                                            {% else %}
-                                                <div class="btn-group" role="group">
+                                    {% set title %}
+                                        {% if item.is_special_course %}
+                                            <div class="pin">{{ item.icon }}</div>
+                                        {% endif %}
+                                        {% if item.visibility == constant('COURSE_VISIBILITY_CLOSED') and not item.current_user_is_teacher %}
+                                            <img src="{{ item.image }}" class="img-responsive">
+                                        {% else %}
+                                            <a title="{{ item.title }}" href="{{ item.link }}">
+                                                <img src="{{ item.image }}" alt="{{ item.title }}" class="img-responsive">
+                                            </a>
+                                        {% endif %}
+                                        {% if item.category != '' %}
+                                            <span class="category">{{ item.category }}</span>
+                                            <div class="cribbon"></div>
+                                        {% endif %}
+                                        {% if item.edit_actions != '' %}
+                                            <div class="admin-actions">
+                                                {% if item.document == '' %}
                                                     <a class="btn btn-default btn-sm" href="{{ item.edit_actions }}">
                                                         <i class="fa fa-pencil" aria-hidden="true"></i>
                                                     </a>
-                                                    {{ item.document }}
-                                                </div>
-                                            {% endif %}
-                                        </div>
-                                    {% endif %}
+                                                {% else %}
+                                                    <div class="btn-group" role="group">
+                                                        <a class="btn btn-default btn-sm" href="{{ item.edit_actions }}">
+                                                            <i class="fa fa-pencil" aria-hidden="true"></i>
+                                                        </a>
+                                                        {{ item.document }}
+                                                    </div>
+                                                {% endif %}
+                                            </div>
+                                        {% endif %}
+                                    {% endset %}
+                                    {{ title |  remove_xss }}
                                 </div>
                                 <div class="description">
                                     <div class="block-title">

diff --git a/main/template/default/user_portal/grid_courses_without_category.tpl b/main/template/default/user_portal/grid_courses_without_category.tpl
@@ -5,39 +5,42 @@
                 <div class="col-xs-12 col-sm-6 col-md-4">
                     <div class="items my-courses">
                         <div class="image">
-                            {% if item.is_special_course %}
-                                <div class="pin">{{ item.icon }}</div>
-                            {% endif %}
-                            {% if item.visibility == constant('COURSE_VISIBILITY_CLOSED') and not item.current_user_is_teacher %}
-                                <img src="{{ item.image }}" class="img-responsive">
-                            {% else %}
-                                {% set title %}
-                                <a title="{{ item.title }}" href="{{ item.link }}">
-                                    <img src="{{ item.image }}" alt="{{ item.title }}" class="img-responsive">
-                                </a>
-                                {% endset %}
-                                {{ title |  remove_xss }}
-                            {% endif %}
-                            {% if item.category != '' %}
-                                <span class="category">{{ item.category }}</span>
-                                <div class="cribbon"></div>
-                            {% endif %}
-                            {% if item.edit_actions != '' %}
-                                <div class="admin-actions">
-                                    {% if item.document == '' %}
-                                        <a class="btn btn-default btn-sm" href="{{ item.edit_actions }}">
-                                            <i class="fa fa-pencil" aria-hidden="true"></i>
-                                        </a>
-                                    {% else %}
-                                        <div class="btn-group" role="group">
+                            {% set title %}
+                                {% if item.is_special_course %}
+                                    <div class="pin">{{ item.icon }}</div>
+                                {% endif %}
+                                {% if item.visibility == constant('COURSE_VISIBILITY_CLOSED') and not item.current_user_is_teacher %}
+                                    <img src="{{ item.image }}" class="img-responsive">
+                                {% else %}
+                                    {% set title %}
+                                    <a title="{{ item.title }}" href="{{ item.link }}">
+                                        <img src="{{ item.image }}" alt="{{ item.title }}" class="img-responsive">
+                                    </a>
+                                    {% endset %}
+                                    {{ title |  remove_xss }}
+                                {% endif %}
+                                {% if item.category != '' %}
+                                    <span class="category">{{ item.category }}</span>
+                                    <div class="cribbon"></div>
+                                {% endif %}
+                                {% if item.edit_actions != '' %}
+                                    <div class="admin-actions">
+                                        {% if item.document == '' %}
                                             <a class="btn btn-default btn-sm" href="{{ item.edit_actions }}">
                                                 <i class="fa fa-pencil" aria-hidden="true"></i>
                                             </a>
-                                            {{ item.document }}
-                                        </div>
-                                    {% endif %}
-                                </div>
-                            {% endif %}
+                                        {% else %}
+                                            <div class="btn-group" role="group">
+                                                <a class="btn btn-default btn-sm" href="{{ item.edit_actions }}">
+                                                    <i class="fa fa-pencil" aria-hidden="true"></i>
+                                                </a>
+                                                {{ item.document }}
+                                            </div>
+                                        {% endif %}
+                                    </div>
+                                {% endif %}
+                            {% endset %}
+                            {{ title |  remove_xss }}
                         </div>
                         <div class="description">
                             <div class="block-title">

diff --git a/main/template/default/user_portal/grid_session.tpl b/main/template/default/user_portal/grid_session.tpl
@@ -4,15 +4,18 @@
     <div class="col-xs-12 col-sm-6 col-md-4">
         <div class="items items-sessions">
             <div class="image">
-                {% if course.visibility == constant('COURSE_VISIBILITY_CLOSED') or course.requirements %}
-                    <span title="{{ course.name }}" >
-                        <img src="{{ course.image }}" class="img-responsive">
-                    </span>
-                {% else %}
-                    <a title="{{ course.name }}" href="{{ course.link }}">
-                        <img src="{{ course.image }}" class="img-responsive">
-                    </a>
-                {% endif %}
+                {% set title %}
+                    {% if course.visibility == constant('COURSE_VISIBILITY_CLOSED') or course.requirements %}
+                        <span title="{{ course.name }}" >
+                            <img src="{{ course.image }}" class="img-responsive">
+                        </span>
+                    {% else %}
+                        <a title="{{ course.name }}" href="{{ course.link }}">
+                            <img src="{{ course.image }}" class="img-responsive">
+                        </a>
+                    {% endif %}
+                {% endset %}
+                {{ title |  remove_xss }}
 
                 {% if course.category != '' and show_category %}
                     <span class="category">{{ course.category }}</span>
@@ -38,12 +41,15 @@
             <div class="description">
                 <div class="block-title">
                   <h4 class="title">
-                      {% if course.visibility == constant('COURSE_VISIBILITY_CLOSED') or course.requirements %}
-                          {{ course.name }}
-                          <span class="code-title">{{ course.visual_code }}</span>
-                      {% else %}
-                          {{ course.title }}
-                      {% endif %}
+                      {% set title %}
+                          {% if course.visibility == constant('COURSE_VISIBILITY_CLOSED') or course.requirements %}
+                              {{ course.name }}
+                              <span class="code-title">{{ course.visual_code }}</span>
+                          {% else %}
+                              {{ course.title }}
+                          {% endif %}
+                      {% endset %}
+                      {{ title |  remove_xss }}
                   </h4>
                 </div>
                 <div class="block-author">
@@ -116,6 +122,7 @@
         {% if row.course_list_session_style %}
             {# If not style then no show header #}
             <div class="panel-heading">
+
                 {% if row.course_list_session_style == 1 or row.course_list_session_style == 2 %}
                     {# Session link #}
                     {% if remove_session_url == true %}
@@ -155,6 +162,8 @@
                        {{ row.collapsable_link }}
                     </div>
                 {% endif %}
+
+
             </div>
         {% endif %}