fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-29 15:22:15 +09:00
Code Issues Projects Releases Packages Wiki Activity

Use escape more consistently

Browse source 
여기저기 htmlspecialchars가 들어 있는 것을 escape로 통일
This commit is contained in:
Kijin Sung 2018-10-10 15:07:51 +09:00
parent d63da57045
commit c54fa8dab1
14 changed files with 44 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/addon/tpl/addon_list.html
View file

@ -51,8 +51,8 @@
<td>
<a href="{getUrl('act', 'dispAddonAdminSetup', 'selected_addon', $addon->addon_name)}">{$lang->cmd_setup}</a>
</td>
<td><input type="checkbox" name="pc_on[]" title="PC" value="{htmlspecialchars($addon->addon_name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" checked="checked"|cond="$addon->activated && !$addon->isBlacklisted" disabled="disabled"|cond="$addon->isBlacklisted" /></td>
<td><input type="checkbox" name="mobile_on[]" title="Mobile" value="{htmlspecialchars($addon->addon_name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" checked="checked"|cond="$addon->mactivated && !$addon->isBlacklisted" disabled="disabled"|cond="$addon->isBlacklisted" /></td>
<td><input type="checkbox" name="pc_on[]" title="PC" value="{escape($addon->addon_name, false)}" checked="checked"|cond="$addon->activated && !$addon->isBlacklisted" disabled="disabled"|cond="$addon->isBlacklisted" /></td>
<td><input type="checkbox" name="mobile_on[]" title="Mobile" value="{escape($addon->addon_name, false)}" checked="checked"|cond="$addon->mactivated && !$addon->isBlacklisted" disabled="disabled"|cond="$addon->isBlacklisted" /></td>
<td><a cond="$addon->remove_url" href="{$addon->remove_url}&amp;return_url={urlencode(getRequestUriByServerEnviroment())}">{$lang->cmd_delete}</a></td>
</tr>
</tbody>

4
modules/addon/tpl/setup_addon.html
View file

@ -55,8 +55,8 @@
<div class="x_control-group">
<label class="x_control-label" for="{$var->name}"|cond="$var->type != 'textarea'" for="lang_{$var->name}"|cond="$var->type == 'textarea'">{$var->title}</label>
<div class="x_controls">
<input cond="$var->type == 'text'" type="text" name="{$var->name}" id="{$var->name}" value="{htmlspecialchars($var->value, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}">
<textarea cond="$var->type == 'textarea'" name="{$var->name}" id="{$var->name}" class="lang_code" rows="8" cols="42">{htmlspecialchars($var->value, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}</textarea>
<input cond="$var->type == 'text'" type="text" name="{$var->name}" id="{$var->name}" value="{escape($var->value)}">
<textarea cond="$var->type == 'textarea'" name="{$var->name}" id="{$var->name}" class="lang_code" rows="8" cols="42">{escape($var->value)}</textarea>
<select cond="$var->type == 'select'" name="{$var->name}" id="{$var->name}">
<option loop="$var->options => $option" value="{$option->value}" selected="selected"|cond="$var->value == $option->value">{$option->title}</option>
</select>