Skip to content

Commit

Permalink
Output cleanup v8 (#11989)
Browse files Browse the repository at this point in the history
* Merge

* Output cleanup in colors
  • Loading branch information
KorvinSzanto committed Mar 27, 2024
1 parent ff06c29 commit f2ea49b
Show file tree
Hide file tree
Showing 9 changed files with 19 additions and 13 deletions.
2 changes: 1 addition & 1 deletion concrete/blocks/file/view.php
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
?>
<div class="ccm-block-file">
<a href="<?php echo $forceDownload ? $f->getForceDownloadURL() : $f->getDownloadURL();
?>"><?php echo stripslashes($controller->getLinkText()) ?></a>
?>"><?php echo h(stripslashes($controller->getLinkText())) ?></a>
</div>


Expand Down
2 changes: 1 addition & 1 deletion concrete/controllers/dialog/express/preset/delete.php
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ public function remove_search_preset()
}
if (!$this->error->has()) {
$response = new EditResponse();
$response->setMessage(t('%s deleted successfully.', $searchPreset->getPresetName()));
$response->setMessage(t('%s deleted successfully.', h($searchPreset->getPresetName())));
$response->setAdditionalDataAttribute('presetID', $presetID);
$em = $this->app->make(\Doctrine\ORM\EntityManager::class);
$em->remove($searchPreset);
Expand Down
2 changes: 1 addition & 1 deletion concrete/controllers/dialog/file/preset/delete.php
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ public function remove_search_preset()
}
if (!$this->error->has()) {
$response = new EditResponse();
$response->setMessage(t('%s deleted successfully.', $searchPreset->getPresetName()));
$response->setMessage(t('%s deleted successfully.', h($searchPreset->getPresetName())));
$response->setAdditionalDataAttribute('presetID', $presetID);
$node = TreeNodeSearchPreset::getNodeBySavedSearchID($presetID);
if (is_object($node)) {
Expand Down
2 changes: 1 addition & 1 deletion concrete/controllers/dialog/search/preset/delete.php
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ public function remove_search_preset()
}
if (!$this->error->has()) {
$response = new EditResponse();
$response->setMessage(t('%s deleted successfully.', $searchPreset->getPresetName()));
$response->setMessage(t('%s deleted successfully.', h($searchPreset->getPresetName())));
$response->setAdditionalDataAttribute('presetID', $presetID);
$em = $this->app->make(EntityManager::class);
$em->remove($searchPreset);
Expand Down
2 changes: 1 addition & 1 deletion concrete/controllers/dialog/search/preset/edit.php
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ public function edit_search_preset()
}
if (!$this->error->has()) {
$response = new EditResponse();
$response->setMessage(t('%s edited successfully.', $newPresetName));
$response->setMessage(t('%s edited successfully.', h($newPresetName)));
$response->setAdditionalDataAttribute('presetID', $presetID);
$response->setAdditionalDataAttribute('actionURL', (string) $this->getSavedSearchBaseURL($searchPreset));
$searchPreset->setPresetName($newPresetName);
Expand Down
8 changes: 4 additions & 4 deletions concrete/single_pages/dashboard/system/calendar/colors.php
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,14 @@
<div class="form-inline">
<?=$form->label('defaultBackgroundColor', t('Background'))?>
&nbsp;
<?=$color->output('defaultBackgroundColor', $defaultBackgroundColor)?>
<?=$color->output('defaultBackgroundColor', h($defaultBackgroundColor))?>
</div>
</div>
<div class="form-group col-sm-5">
<div class="form-inline">
<?=$form->label('defaultTextColor', t('Text'))?>
&nbsp;
<?=$color->output('defaultTextColor', $defaultTextColor)?>
<?=$color->output('defaultTextColor', h($defaultTextColor))?>
</div>
</div>
</div>
Expand Down Expand Up @@ -53,8 +53,8 @@
<tr>
<td style="text-align: center; width: 10px"><?=$form->checkbox('override[]', $topic->getTreeNodeID(), $checked)?></td>
<td style="width: 50%"><?=$topic->getTreeNodeDisplayName()?></td>
<td><?=$color->output('backgroundColor[' . $topic->getTreeNodeID() . ']', $backgroundColor)?></td>
<td><?=$color->output('textColor[' . $topic->getTreeNodeID() . ']', $textColor)?></td>
<td><?=$color->output('backgroundColor[' . $topic->getTreeNodeID() . ']', h($backgroundColor))?></td>
<td><?=$color->output('textColor[' . $topic->getTreeNodeID() . ']', h($textColor))?></td>
</tr>
<?php
}
Expand Down
10 changes: 8 additions & 2 deletions concrete/src/StyleCustomizer/Inline/StyleSet.php
Original file line number Diff line number Diff line change
Expand Up @@ -247,8 +247,14 @@ public static function populateFromRequest(Request $request)

$v = $post->get('customClass');
if (is_array($v)) {
$set->setCustomClass(implode(' ', $v));
$return = true;
$v = array_filter($v, function ($class) {
return preg_match('/^-?[_a-zA-Z]+[_a-zA-Z0-9-]*$/', $class);
});

if (count($v) > 0) {
$set->setCustomClass(implode(' ', $v));
$return = true;
}
}

$v = trim($post->get('customID', ''));
Expand Down
2 changes: 1 addition & 1 deletion concrete/views/dialogs/search/preset/delete.php
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<?= $token->output('remove_search_preset'); ?>
<?= $form->hidden('presetID', $searchPreset->getId()); ?>
<?= $form->hidden('objectID', $controller->getObjectID()); ?>
<p><?= t('Are you sure you want to remove the "%s" search preset?', $searchPreset->getPresetName()); ?></p>
<p><?= t('Are you sure you want to remove the "%s" search preset?', h($searchPreset->getPresetName())); ?></p>

<div class="dialog-buttons">
<button class="btn btn-default" data-dialog-action="cancel"><?= t('Cancel'); ?></button>
Expand Down
2 changes: 1 addition & 1 deletion concrete/views/dialogs/search/preset/edit.php
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<?= $form->hidden('objectID', $controller->getObjectID()); ?>
<div class="form-group">
<?= $form->label('presetName', t('Name')); ?>
<?= $form->text('presetName', $searchPreset->getPresetName()); ?>
<?= $form->text('presetName', h($searchPreset->getPresetName())); ?>
</div>

<div class="dialog-buttons">
Expand Down

0 comments on commit f2ea49b

Please sign in to comment.