Permalink
Browse files

xmlEntities special chars in user_list_authorized_users action for XM…

…L parsing.

Remove text ellipsis on user-badge-label for better handling of long group names.
Fix gui-debug template
  • Loading branch information...
1 parent 079f906 commit 013f337834395b9d340b8124157373aebd9a113a @cdujeu cdujeu committed Sep 14, 2016
@@ -284,10 +284,8 @@ div#react_share_form div.user-badge .user-badge-label {
-webkit-flex: 5;
-ms-flex: 5;
flex: 5;
- padding: 13px 0;
- white-space: nowrap;
- overflow: hidden;
- text-overflow: ellipsis;
+ padding: 9px 0;
+ line-height: 25px;
}
div#react_share_form div.user-badge:last-of-type {
border-bottom: 0;
@@ -299,10 +299,8 @@ div#react_share_form {
flex-direction: row;
.user-badge-label {
flex: 5;
- padding: 13px 0;
- white-space: nowrap;
- overflow: hidden;
- text-overflow: ellipsis;
+ padding: 9px 0;
+ line-height: 25px;
}
&:last-of-type {
border-bottom: 0;
@@ -54,6 +54,7 @@
use Pydio\Core\PluginFramework\Plugin;
use Pydio\Core\PluginFramework\PluginsService;
use Pydio\Core\Services\ConfService;
+use Pydio\Core\Utils\Vars\StringHelper;
use Zend\Diactoros\Response\JsonResponse;
defined('AJXP_EXEC') or die( 'Access not allowed');
@@ -1226,19 +1227,20 @@ public function switchAction(ServerRequestInterface $requestInterface, ResponseI
$crtValue = InputFilter::sanitize($crtValue, InputFilter::SANITIZE_HTML_STRICT);
}
if ($regexp != null && (!count($allUsers) || (!empty($crtValue) && !array_key_exists(strtolower($crtValue), $allUsers))) && ConfService::getContextConf($ctx, "USER_CREATE_USERS", "conf") && !$existingOnly) {
- $users .= "<li class='complete_user_entry_temp' data-temporary='true' data-label='$crtValue'><span class='user_entry_label'>$crtValue (".$mess["448"].")</span></li>";
+ $users .= "<li class='complete_user_entry_temp' data-temporary='true' data-label=\"".StringHelper::xmlEntities($crtValue)."\"><span class='user_entry_label'>".StringHelper::xmlEntities($crtValue." (".$mess["448"]).")</span></li>";
} else if ($existingOnly && !empty($crtValue)) {
- $users .= "<li class='complete_user_entry_temp' data-temporary='true' data-label='$crtValue' data-entry_id='$crtValue'><span class='user_entry_label'>$crtValue</span></li>";
+ $users .= "<li class='complete_user_entry_temp' data-temporary='true' data-label=\"".StringHelper::xmlEntities($crtValue)."\" data-entry_id=\"".StringHelper::xmlEntities($crtValue)."\"><span class='user_entry_label'>".StringHelper::xmlEntities($crtValue)."</span></li>";
}
$mess = LocaleService::getMessages();
if (!$usersOnly && (empty($regexp) || preg_match($pregexp, $mess["447"]))) {
- $users .= "<li class='complete_group_entry' data-group='AJXP_GRP_/' data-label=\"".$mess["447"]."\"><span class='user_entry_label'>".$mess["447"]."</span></li>";
+ $users .= "<li class='complete_group_entry' data-group='AJXP_GRP_/' data-label=\"".StringHelper::xmlEntities($mess["447"])."\"><span class='user_entry_label'>".StringHelper::xmlEntities($mess["447"])."</span></li>";
}
$indexGroup = 0;
if (!$usersOnly && isset($allGroups) && is_array($allGroups)) {
foreach ($allGroups as $groupId => $groupLabel) {
if ($regexp == null || preg_match($pregexp, $groupLabel)) {
- $users .= "<li class='complete_group_entry' data-group='$groupId' data-label=\"$groupLabel\" data-entry_id='$groupId'><span class='user_entry_label'>".$groupLabel."</span></li>";
+ $groupLabel = StringHelper::xmlEntities($groupLabel);
+ $users .= "<li class='complete_group_entry' data-group='$groupId' data-label=\"".$groupLabel."\" data-entry_id='$groupId'><span class='user_entry_label'>".$groupLabel."</span></li>";
$indexGroup++;
}
if($indexGroup == $limit) break;
@@ -1248,7 +1250,8 @@ public function switchAction(ServerRequestInterface $requestInterface, ResponseI
$teams = $this->listUserTeams($ctx->getUser());
foreach ($teams as $tId => $tData) {
if($regexp == null || preg_match($pregexp, $tData["LABEL"])){
- $users.= "<li class='complete_group_entry' data-group='/AJXP_TEAM/$tId' data-label=\"[team] ".$tData["LABEL"]."\"><span class='user_entry_label'>[team] ".$tData["LABEL"]."</span></li>";
+ $teamLabel = StringHelper::xmlEntities($tData["LABEL"]);
+ $users.= "<li class='complete_group_entry' data-group='/AJXP_TEAM/$tId' data-label=\"[team] ".$teamLabel."\"><span class='user_entry_label'>[team] ".$teamLabel."</span></li>";
}
}
}
@@ -1263,7 +1266,9 @@ public function switchAction(ServerRequestInterface $requestInterface, ResponseI
$userDisplay = $userLabel;
}
$userIsExternal = $userObject->hasParent() ? "true":"false";
- $users .= "<li class='complete_user_entry' data-external=\"$userIsExternal\" data-label=\"$userLabel\" data-avatar='$userAvatar' data-entry_id='$userId'><span class='user_entry_label'>".$userDisplay."</span></li>";
+ $userLabel = StringHelper::xmlEntities($userLabel);
+ $userDisplay = StringHelper::xmlEntities($userDisplay);
+ $users .= "<li class='complete_user_entry' data-external=\"$userIsExternal\" data-label=\"".$userLabel."\" data-avatar='$userAvatar' data-entry_id='$userId'><span class='user_entry_label'>".$userDisplay."</span></li>";
$index ++;
}
if($index == $limit) break;

0 comments on commit 013f337

Please sign in to comment.