Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-37507 repositories: improved formatting of external resources

  • Loading branch information...
commit 954b35451112c333c0ae77dff25dafbf41587c26 1 parent 8d220cb
@FMCorz FMCorz authored samhemelryk committed
View
16 lib/form/filemanager.js
@@ -254,7 +254,7 @@ M.form_filemanager.init = function(Y, options) {
this.msg_dlg.set('headerContent', header);
this.msg_dlg_node.removeClass('fp-msg-info').removeClass('fp-msg-error').addClass('fp-msg-'+type)
- this.msg_dlg_node.one('.fp-msg-text').setContent(msg);
+ this.msg_dlg_node.one('.fp-msg-text').setContent(Y.Escape.html(msg));
this.msg_dlg.show();
},
is_disabled: function() {
@@ -325,7 +325,7 @@ M.form_filemanager.init = function(Y, options) {
}
this.mkdir_dialog.show();
Y.one('#fm-newname-'+scope.client_id).focus();
- Y.all('#fm-curpath-'+scope.client_id).setContent(this.currentpath)
+ Y.all('#fm-curpath-'+scope.client_id).setContent(Y.Escape.html(this.currentpath))
}, this);
} else {
this.filemanager.addClass('fm-nomkdir');
@@ -412,7 +412,7 @@ M.form_filemanager.init = function(Y, options) {
} else {
el.addClass('odd');
}
- el.one('.fp-path-folder-name').setContent(p[i].name).
+ el.one('.fp-path-folder-name').setContent(Y.Escape.html(p[i].name)).
on('click', function(e, path) {
e.preventDefault();
if (!this.is_disabled()) {
@@ -602,7 +602,7 @@ M.form_filemanager.init = function(Y, options) {
for (var i in licenses) {
var option = Y.Node.create('<option/>').
set('value', licenses[i].shortname).
- setContent(licenses[i].fullname);
+ setContent(Y.Escape.html(licenses[i].fullname));
node.appendChild(option)
}
},
@@ -621,7 +621,7 @@ M.form_filemanager.init = function(Y, options) {
node.setContent('');
for (var i in list) {
node.appendChild(Y.Node.create('<option/>').
- set('value', list[i]).setContent(list[i]))
+ set('value', list[i]).setContent(Y.Escape.html(list[i])));
}
},
update_file: function(confirmed) {
@@ -923,7 +923,7 @@ M.form_filemanager.init = function(Y, options) {
if (selectnode.one('.fp-'+attrs[i])) {
var value = (node[attrs[i]+'_f']) ? node[attrs[i]+'_f'] : (node[attrs[i]] ? node[attrs[i]] : '');
selectnode.one('.fp-'+attrs[i]).addClassIf('fp-unknown', ''+value == '')
- .one('.fp-value').setContent(value);
+ .one('.fp-value').setContent(Y.Escape.html(value));
}
}
// display thumbnail
@@ -948,7 +948,7 @@ M.form_filemanager.init = function(Y, options) {
selectnode.one('.fp-original').removeClass('fp-loading');
if (obj.original) {
node.original = obj.original;
- selectnode.one('.fp-original .fp-value').setContent(node.original);
+ selectnode.one('.fp-original .fp-value').setContent(Y.Escape.html(node.original));
} else {
selectnode.one('.fp-original .fp-value').setContent(M.str.repository.unknownsource);
}
@@ -976,7 +976,7 @@ M.form_filemanager.init = function(Y, options) {
for (var i in obj.references) {
node.reflist += '<li>'+obj.references[i]+'</li>';
}
- selectnode.one('.fp-reflist .fp-value').setContent(node.reflist);
+ selectnode.one('.fp-reflist .fp-value').setContent(Y.Escape.html(node.reflist));
} else {
selectnode.one('.fp-reflist .fp-value').setContent('');
}
View
2  lib/outputrequirementslib.php
@@ -395,7 +395,7 @@ protected function find_module($component) {
case 'core_filepicker':
$module = array('name' => 'core_filepicker',
'fullpath' => '/repository/filepicker.js',
- 'requires' => array('base', 'node', 'node-event-simulate', 'json', 'async-queue', 'io-base', 'io-upload-iframe', 'io-form', 'yui2-treeview', 'panel', 'cookie', 'datatable', 'datatable-sort', 'resize-plugin', 'dd-plugin', 'moodle-core_filepicker'),
+ 'requires' => array('base', 'node', 'node-event-simulate', 'json', 'async-queue', 'io-base', 'io-upload-iframe', 'io-form', 'yui2-treeview', 'panel', 'cookie', 'datatable', 'datatable-sort', 'resize-plugin', 'dd-plugin', 'escape', 'moodle-core_filepicker'),
'strings' => array(array('lastmodified', 'moodle'), array('name', 'moodle'), array('type', 'repository'), array('size', 'repository'),
array('invalidjson', 'repository'), array('error', 'moodle'), array('info', 'moodle'),
array('nofilesattached', 'repository'), array('filepicker', 'repository'), array('logout', 'repository'),
View
33 repository/filepicker.js
@@ -175,15 +175,24 @@ YUI.add('moodle-core_filepicker', function(Y) {
/** return the name of the file (different attributes in FileManager and FilePicker) */
var file_get_filename = function(node) {
return node.title ? node.title : node.fullname;
- }
+ };
/** return display name of the file (different attributes in FileManager and FilePicker) */
var file_get_displayname = function(node) {
- return node.shorttitle ? node.shorttitle : file_get_filename(node);
- }
+ var displayname = node.shorttitle ? node.shorttitle : file_get_filename(node);
+ return Y.Escape.html(displayname);
+ };
/** return file description (different attributes in FileManager and FilePicker) */
var file_get_description = function(node) {
- return node.description ? node.description : (node.thumbnail_title ? node.thumbnail_title : file_get_filename(node));
- }
+ var description = '';
+ if (node.description) {
+ description = node.description;
+ } else if (node.thumbnail_title) {
+ description = node.thumbnail_title;
+ } else {
+ description = file_get_filename(node);
+ }
+ return Y.Escape.html(description);
+ };
/** help funciton for tree view */
var build_tree = function(node, level) {
// prepare file name with icon
@@ -401,7 +410,7 @@ YUI.add('moodle-core_filepicker', function(Y) {
imgdiv.setStyleAdv('width', width).setStyleAdv('height', height);
var img = Y.Node.create('<img/>').setAttrs({
title: file_get_description(node),
- alt: node.thumbnail_alt ? node.thumbnail_alt : file_get_filename(node)}).
+ alt: Y.Escape.html(node.thumbnail_alt ? node.thumbnail_alt : file_get_filename(node))}).
setStyle('maxWidth', ''+width+'px').
setStyle('maxHeight', ''+height+'px');
img.setImgSrc(src, node.realthumbnail, lazyloading);
@@ -738,7 +747,7 @@ M.core_filepicker.init = function(Y, options) {
this.fpnode.one('.fp-content').setContent(M.core_filepicker.templates.error);
this.fpnode.one('.fp-content .fp-error').
addClass(errorcode).
- setContent(errortext);
+ setContent(Y.Escape.html(errortext));
},
/** displays message in a popup */
print_msg: function(msg, type) {
@@ -768,7 +777,7 @@ M.core_filepicker.init = function(Y, options) {
this.msg_dlg.set('headerContent', header);
this.msg_dlg_node.removeClass('fp-msg-info').removeClass('fp-msg-error').addClass('fp-msg-'+type)
- this.msg_dlg_node.one('.fp-msg-text').setContent(msg);
+ this.msg_dlg_node.one('.fp-msg-text').setContent(Y.Escape.html(msg));
this.msg_dlg.show();
},
view_files: function(appenditems) {
@@ -1106,7 +1115,7 @@ M.core_filepicker.init = function(Y, options) {
if (selectnode.one('.fp-'+attrs[i])) {
var value = (args[attrs[i]+'_f']) ? args[attrs[i]+'_f'] : (args[attrs[i]] ? args[attrs[i]] : '');
selectnode.one('.fp-'+attrs[i]).addClassIf('fp-unknown', ''+value == '')
- .one('.fp-value').setContent(value);
+ .one('.fp-value').setContent(Y.Escape.html(value));
}
}
},
@@ -1354,7 +1363,7 @@ M.core_filepicker.init = function(Y, options) {
this.hide_header();
this.list({'repo_id':repository_id});
}, this /*handler running scope*/, repository.id/*second argument of handler*/);
- node.one('.fp-repo-name').setContent(repository.name);
+ node.one('.fp-repo-name').setContent(Y.Escape.html(repository.name));
node.one('.fp-repo-icon').set('src', repository.icon);
if (i==0) {
node.addClass('first');
@@ -1609,7 +1618,7 @@ M.core_filepicker.init = function(Y, options) {
var option = Y.Node.create('<option/>').
set('selected', (this.options.defaultlicense==licenses[i].shortname)).
set('value', licenses[i].shortname).
- setContent(licenses[i].fullname);
+ setContent(Y.Escape.html(licenses[i].fullname));
node.appendChild(option)
}
},
@@ -1869,7 +1878,7 @@ M.core_filepicker.init = function(Y, options) {
} else {
el.addClass('odd');
}
- el.all('.fp-path-folder-name').setContent(p[i].name);
+ el.all('.fp-path-folder-name').setContent(Y.Escape.html(p[i].name));
el.on('click',
function(e, path) {
e.preventDefault();
View
16 repository/filepicker.php
@@ -142,12 +142,12 @@
if (isset($item['thumbnail_width'])) {
$style .= 'max-width:'.$item['thumbnail_width'].'px;';
}
- echo html_writer::empty_tag('img', array('src' => $item['thumbnail'], 'style' => $style));
+ echo html_writer::empty_tag('img', array('src' => $item['thumbnail'], 'alt' => '', 'style' => $style));
echo '</td><td>';
if (!empty($item['url'])) {
- echo html_writer::link($item['url'], $item['title'], array('target'=>'_blank'));
+ echo html_writer::link($item['url'], s($item['title']), array('target'=>'_blank'));
} else {
- echo $item['title'];
+ echo s($item['title']);
}
echo '</td>';
echo '<td>';
@@ -204,7 +204,7 @@
'draftpath'=>$draftpath,
'savepath'=>$savepath
));
- echo '<strong>' . html_writer::link($pathurl, $p['name']) . '</strong>';
+ echo '<strong>' . html_writer::link($pathurl, s($p['name'])) . '</strong>';
echo '<span> / </span>';
}
}
@@ -241,9 +241,9 @@
echo html_writer::empty_tag('img', array('src' => $item['thumbnail'], 'style' => $style));
echo '</td><td>';
if (!empty($item['url'])) {
- echo html_writer::link($item['url'], $item['title'], array('target'=>'_blank'));
+ echo html_writer::link($item['url'], s($item['title']), array('target'=>'_blank'));
} else {
- echo $item['title'];
+ echo s($item['title']);
}
echo '</td>';
echo '<td>';
@@ -393,8 +393,8 @@
$aurl->params(array('savepath'=>$savepath, 'action' => 'list', 'repo_id' => $info->id, 'draftpath'=>$draftpath));
echo '<li>';
- echo '<img src="'.$info->icon.'" alt="'.$info->name.'" width="16" height="16" /> ';
- echo html_writer::link($aurl, $info->name);
+ echo html_writer::empty_tag('img', array('src'=>$info->icon, 'alt'=>$info->name, 'class'=>'icon icon-pre'));
+ echo html_writer::link($aurl, s($info->name));
echo '</li>';
}
echo '</ul>';
Please sign in to comment.
Something went wrong with that request. Please try again.