Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

MDL-37507 repositories: improved formatting of external resources

  • Loading branch information...
commit 93e9ea9989ec6e91153d9651c9a4bc7dac1cf9ce 1 parent b3daaad
@FMCorz FMCorz authored samhemelryk committed
View
4 lib/form/filemanager.js
@@ -287,7 +287,7 @@ M.form_filemanager.init = function(Y, options) {
var pathid = 'fm-path-node-'+this.client_id;
pathid += ('-'+count);
- var crumb = Y.Node.create('<a href="###" id="'+pathid+'">'+path[p].name+'</a>');
+ var crumb = Y.Node.create('<a href="###" id="'+pathid+'">'+Y.Escape.html(path[p].name)+'</a>');
breadcrumb.appendChild(arrow);
breadcrumb.appendChild(crumb);
@@ -399,7 +399,7 @@ M.form_filemanager.init = function(Y, options) {
}
break;
}
- var fullname = list[i].fullname;
+ var fullname = Y.Escape.html(list[i].fullname);
if (list[i].sortorder == 1) {
html = html.replace('___fullname___', '<strong><a title="'+fullname+'" href="'+url+'" id="'+fileid+'"><img src="'+list[i].icon+'" /> ' + fullname + '</a></strong>');
View
2  lib/outputrequirementslib.php
@@ -402,7 +402,7 @@ protected function find_module($component) {
case 'core_filepicker':
$module = array('name' => 'core_filepicker',
'fullpath' => '/repository/filepicker.js',
- 'requires' => array('base', 'node', 'node-event-simulate', 'json', 'async-queue', 'io-base', 'io-upload-iframe', 'io-form', 'yui2-button', 'yui2-container', 'yui2-layout', 'yui2-menu', 'yui2-treeview', 'yui2-dragdrop', 'yui2-cookie'),
+ 'requires' => array('base', 'node', 'node-event-simulate', 'json', 'async-queue', 'io-base', 'io-upload-iframe', 'io-form', 'escape', 'yui2-button', 'yui2-container', 'yui2-layout', 'yui2-menu', 'yui2-treeview', 'yui2-dragdrop', 'yui2-cookie'),
'strings' => array(array('add', 'repository'), array('back', 'repository'), array('cancel', 'moodle'), array('close', 'repository'),
array('cleancache', 'repository'), array('copying', 'repository'), array('date', 'repository'), array('downloadsucc', 'repository'),
array('emptylist', 'repository'), array('error', 'repository'), array('federatedsearch', 'repository'),
View
26 repository/filepicker.js
@@ -492,7 +492,7 @@ M.core_filepicker.init = function(Y, options) {
filename = node.shorttitle;
}
var filename_id = 'filname-link-'+client_id+'-'+String(count);
- title.innerHTML += '<a href="###" id="'+filename_id+'" title="'+node.title+'"><span>'+filename+"</span></a>";
+ title.innerHTML += '<a href="###" id="'+filename_id+'" title="'+Y.Escape.html(node.title)+'"><span>'+Y.Escape.html(filename)+"</span></a>";
if(node.thumbnail_width){
@@ -508,12 +508,12 @@ M.core_filepicker.init = function(Y, options) {
}
var img = document.createElement('img');
img.src = node.thumbnail;
- img.title = node.title;
+ img.title = Y.Escape.html(node.title);
if(node.thumbnail_alt) {
- img.alt = node.thumbnail_alt;
+ img.alt = Y.Escape.html(node.thumbnail_alt);
}
if(node.thumbnail_title) {
- img.title = node.thumbnail_title;
+ img.title = Y.Escape.html(node.thumbnail_title);
}
var link = document.createElement('A');
@@ -584,10 +584,10 @@ M.core_filepicker.init = function(Y, options) {
var panel = Y.one('#panel-'+client_id);
var form_id = 'fp-rename-form-'+client_id;
var html = '<div class="fp-rename-form" id="'+form_id+'">';
- html += '<p><img src="'+args.thumbnail+'" /></p>';
+ html += '<p><img src="'+args.thumbnail+'" alt="" /></p>';
html += '<table width="100%">';
html += '<tr><td class="mdl-right"><label for="newname-'+client_id+'">'+M.str.repository.saveas+':</label></td>';
- html += '<td class="mdl-left"><input type="text" id="newname-'+client_id+'" value="'+args.title+'" /></td></tr>';
+ html += '<td class="mdl-left"><input type="text" id="newname-'+client_id+'" value="'+Y.Escape.html(args.title)+'" /></td></tr>';
var le_checked = '';
var le_style = '';
@@ -606,7 +606,7 @@ M.core_filepicker.init = function(Y, options) {
if (!args.hasauthor) {
// the author of the file
html += '<tr><td class="mdl-right"><label for="text-author">'+M.str.repository.author+' :</label></td>';
- html += '<td class="mdl-left"><input id="text-author-'+client_id+'" type="text" name="author" value="'+this.options.author+'" /></td>';
+ html += '<td class="mdl-left"><input id="text-author-'+client_id+'" type="text" name="author" value="'+Y.Escape.html(this.options.author)+'" /></td>';
html += '</tr>';
}
@@ -625,7 +625,7 @@ M.core_filepicker.init = function(Y, options) {
} else {
var selected = '';
}
- html += '<option value="'+licenses[i].shortname+'"'+selected+'>'+licenses[i].fullname+'</option>';
+ html += '<option value="'+licenses[i].shortname+'"'+selected+'>'+Y.Escape.html(licenses[i].fullname)+'</option>';
}
html += '</select></td></tr>';
}
@@ -1324,7 +1324,7 @@ M.core_filepicker.init = function(Y, options) {
}
// weather we use cache for this instance, this button will reload listing anyway
if(!r.norefresh) {
- var html = '<a href="###"><img src="'+M.util.image_url('a/refresh')+'" /> '+M.str.repository.refresh+'</a>';
+ var html = '<a href="###"><img src="'+M.util.image_url('a/refresh')+'" alt="" /> '+M.str.repository.refresh+'</a>';
var refresh = Y.Node.create(html);
refresh.on('click', function() {
this.list();
@@ -1333,7 +1333,7 @@ M.core_filepicker.init = function(Y, options) {
}
if(!r.nologin) {
var label = r.logouttext?r.logouttext:M.str.repository.logout;
- var html = '<a href="###"><img src="'+M.util.image_url('a/logout')+'" /> '+label+'</a>';
+ var html = '<a href="###"><img src="'+M.util.image_url('a/logout')+'" alt="" /> '+label+'</a>';
var logout = Y.Node.create(html);
logout.on('click', function() {
this.request({
@@ -1357,14 +1357,14 @@ M.core_filepicker.init = function(Y, options) {
var mgr = document.createElement('A');
mgr.href = r.manage;
mgr.target = "_blank";
- mgr.innerHTML = '<img src="'+M.util.image_url('a/setting')+'" /> '+M.str.repository.manageurl;
+ mgr.innerHTML = '<img src="'+M.util.image_url('a/setting')+'" alt="" /> '+M.str.repository.manageurl;
toolbar.appendChild(mgr);
}
if(r.help) {
var help = document.createElement('A');
help.href = r.help;
help.target = "_blank";
- help.innerHTML = '<img src="'+M.util.image_url('a/help')+'" /> '+M.str.repository.help;
+ help.innerHTML = '<img src="'+M.util.image_url('a/help')+'" alt="" /> '+M.str.repository.help;
toolbar.appendChild(help);
}
if(r.message) {
@@ -1487,7 +1487,7 @@ M.core_filepicker.init = function(Y, options) {
var link_path = p[i].path;
var link = document.createElement('A');
link.href = "###";
- link.innerHTML = p[i].name;
+ link.innerHTML = Y.Escape.html(p[i].name);
link.id = 'path-node-'+client_id+'-'+i;
var sep = Y.Node.create('<span>/</span>');
path.appendChild(link);
View
16 repository/filepicker.php
@@ -136,12 +136,12 @@
echo '<table>';
foreach ($search_result['list'] as $item) {
echo '<tr>';
- echo '<td><img src="'.$item['thumbnail'].'" />';
+ echo '<td><img src="'.$item['thumbnail'].'" alt="" />';
echo '</td><td>';
if (!empty($item['url'])) {
- echo html_writer::link($item['url'], $item['title'], array('target'=>'_blank'));
+ echo html_writer::link($item['url'], s($item['title']), array('target'=>'_blank'));
} else {
- echo $item['title'];
+ echo s($item['title']);
}
echo '</td>';
echo '<td>';
@@ -198,7 +198,7 @@
'draftpath'=>$draftpath,
'savepath'=>$savepath
));
- echo '<strong>' . html_writer::link($pathurl, $p['name']) . '</strong>';
+ echo '<strong>' . html_writer::link($pathurl, s($p['name'])) . '</strong>';
echo '<span> / </span>';
}
}
@@ -227,9 +227,9 @@
echo '<td><img src="'.$item['thumbnail'].'" />';
echo '</td><td>';
if (!empty($item['url'])) {
- echo html_writer::link($item['url'], $item['title'], array('target'=>'_blank'));
+ echo html_writer::link($item['url'], s($item['title']), array('target'=>'_blank'));
} else {
- echo $item['title'];
+ echo s($item['title']);
}
echo '</td>';
echo '<td>';
@@ -338,8 +338,8 @@
$aurl->params(array('savepath'=>$savepath, 'action' => 'list', 'repo_id' => $info->id, 'draftpath'=>$draftpath));
echo '<li>';
- echo '<img src="'.$info->icon.'" alt="'.$info->name.'" width="16" height="16" /> ';
- echo html_writer::link($aurl, $info->name);
+ echo html_writer::empty_tag('img', array('src'=>$info->icon, 'alt'=>$info->name, 'class'=>'icon icon-pre'));
+ echo html_writer::link($aurl, s($info->name));
echo '</li>';
}
echo '</ul>';
Please sign in to comment.
Something went wrong with that request. Please try again.