Changeset 16079

Show
Ignore:
Timestamp:
04/14/08 13:40:02 (8 months ago)
Author:
rambo
Message:

forward port r16078

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/midcom/midcom.helper.search/config/manifest.inc

    r15038 r16079  
    3030    ( 
    3131        'midcom' => array(), 
     32        'midcom_helper_xsspreventer' => array(), 
    3233        'http_request' => array 
    3334        ( 

  • trunk/midcom/midcom.helper.search/style/advanced_form.php

    r14997 r16079  
    4545 
    4646midcom_helper_search_process_node($nap->get_root_node(), $nap, $topics, $components, ''); 
    47 $query = htmlspecialchars($data['query'], ENT_QUOTES); 
     47$_MIDCOM->load_library('midcom.helper.xsspreventer'); 
     48$query = midcom_helper_xsspreventer::escape_attribute($data['query']); 
    4849 
    4950?> 
     
    5556    <tr> 
    5657        <td><?php echo $data['l10n']->get('query');?>:</td> 
    57         <td><input type='text' style="width: 20em;" name='query' value='&(query);' /></td> 
     58        <td><input type='text' style="width: 20em;" name='query' value=&(query:h); /></td> 
    5859    </tr> 
    5960    <tr> 

  • trunk/midcom/midcom.helper.search/style/basic_form.php

    r14997 r16079  
    22//$data =& $_MIDCOM->get_custom_context_data('request_data'); 
    33$prefix = $_MIDCOM->get_context_data(MIDCOM_CONTEXT_ANCHORPREFIX); 
    4 $query = htmlspecialchars($data['query'], ENT_QUOTES); 
     4$_MIDCOM->load_library('midcom.helper.xsspreventer'); 
     5$query = midcom_helper_xsspreventer::escape_attribute($data['query']); 
    56?> 
    67<form method='get' name='midcom_helper_search_form' action='&(prefix);result/' class='midcom.helper.search'> 
    78<label for="midcom_helper_search_query"> 
    89<?php echo $data['l10n']->get('query');?>: 
    9 <input type='text' size='60' name='query' id='midcom_helper_search_query' value='&(query);' /> 
     10<input type='text' size='60' name='query' id='midcom_helper_search_query' value=&(query:h); /> 
    1011</label> 
    1112<input type='hidden' name='type' value='basic' /> 

  • trunk/midcom/org.openpsa.qbpager/config/manifest.inc

    r15038 r16079  
    2121    ( 
    2222        'midcom' => array(), 
     23        'midcom_helper_xsspreventer' => array(), 
    2324    ), 
    2425), 

  • trunk/midcom/org.openpsa.qbpager/pager.php

    r15691 r16079  
    172172        { 
    173173            debug_add("{$page_var} has value: {$_REQUEST[$page_var]}"); 
    174             $this->_current_page = $_REQUEST[$page_var]; 
     174            $this->_current_page = (int)$_REQUEST[$page_var]; 
    175175        } 
    176176        if (   array_key_exists($results_var, $_REQUEST) 
     
    178178        { 
    179179            debug_add("{$results_var} has value: {$_REQUEST[$results_var]}"); 
    180             $this->results_per_page = $_REQUEST[$results_var]; 
     180            $this->results_per_page = (int)$_REQUEST[$results_var]; 
    181181        } 
    182182        $this->_offset = ($this->_current_page-1)*$this->results_per_page; 
     
    204204    function _get_query_string() 
    205205    { 
    206     $query_string = ''; 
    207         foreach(explode('&',$_SERVER["QUERY_STRING"]) as $key) 
    208         { 
    209             if( !preg_match('/org_openpsa_qbpager/', $key) 
    210         && $key != '') 
    211             { 
    212         $query_string .= '&amp;'.$key; 
     206        $query_string = ''; 
     207        foreach(explode('&', $_SERVER["QUERY_STRING"]) as $key) 
     208        { 
     209            if (   strpos($key, 'org_openpsa_qbpager') === false 
     210                && $key != '') 
     211            { 
     212                $query_string .= '&amp;' . $key; 
    213213            } 
    214214        } 
     
    222222    function show_previousnext($acl_checks=false) 
    223223    { 
     224        $_MIDCOM->load_library('midcom.helper.xsspreventer'); 
    224225        $this->_request_data['prefix'] = $this->_prefix; 
    225226        $this->_request_data['current_page'] = $this->_current_page; 
     
    247248        { 
    248249            $previous = $data['current_page'] - 1; 
    249             echo "\n<a class=\"previous_page\" href=\"?{$page_var}={$previous}" . $this->_get_query_string() . "\">" . $this->_l10n->get('previous') . "</a>"; 
     250            echo "\n<a class=\"previous_page\" href=" . midcom_helper_xsspreventer::escape_attribute("?{$page_var}={$previous}" . $this->_get_query_string()) . ">" . $this->_l10n->get('previous') . "</a>"; 
    250251        } 
    251252 
     
    253254        { 
    254255            $next = $data['current_page'] + 1; 
    255             echo "\n<a class=\"next_page\" href=\"?{$page_var}={$next}" . $this->_get_query_string() . "\">" . $this->_l10n->get('next') . "</a>"; 
     256            echo "\n<a class=\"next_page\" href=" . midcom_helper_xsspreventer::escape_attribute("?{$page_var}={$next}" . $this->_get_query_string()) . ">" . $this->_l10n->get('next') . "</a>"; 
    256257        } 
    257258 
     
    266267    function show_pages($acl_checks=false) 
    267268    { 
     269        $_MIDCOM->load_library('midcom.helper.xsspreventer'); 
    268270        $this->_request_data['prefix'] = $this->_prefix; 
    269271        $this->_request_data['current_page'] = $this->_current_page; 
     
    304306            if ($previous != 1) 
    305307            { 
    306                 echo "\n<a class=\"first_page\" href=\"?{$page_var}=1" . $this->_get_query_string() . "\">" . $this->_l10n->get('first') . "</a>"; 
    307             } 
    308             echo "\n<a class=\"previous_page\" href=\"?{$page_var}={$previous}" . $this->_get_query_string() . "\">" . $this->_l10n->get('previous') . "</a>"; 
     308                echo "\n<a class=\"first_page\" href=" . midcom_helper_xsspreventer::escape_attribute("?{$page_var}=1" . $this->_get_query_string()) . ">" . $this->_l10n->get('first') . "</a>"; 
     309            } 
     310            echo "\n<a class=\"previous_page\" href=" . midcom_helper_xsspreventer::escape_attribute("?{$page_var}={$previous}" . $this->_get_query_string()) . ">" . $this->_l10n->get('previous') . "</a>"; 
    309311        } 
    310312 
     
    321323                continue; 
    322324            } 
    323             echo "\n<a class=\"select_page\" href=\"?{$page_var}={$page}" . $this->_get_query_string() . "\">{$page}</a>"; 
     325            echo "\n<a class=\"select_page\" href=" . midcom_helper_xsspreventer::escape_attribute("?{$page_var}={$page}" . $this->_get_query_string()) . ">{$page}</a>"; 
    324326        } 
    325327 
     
    327329        { 
    328330            $next = $data['current_page'] + 1; 
    329             echo "\n<a class=\"next_page\" href=\"?{$page_var}={$next}" . $this->_get_query_string() . "\">" . $this->_l10n->get('next') . "</a>"; 
     331            echo "\n<a class=\"next_page\" href=" . midcom_helper_xsspreventer::escape_attribute("?{$page_var}={$next}" . $this->_get_query_string()) . ">" . $this->_l10n->get('next') . "</a>"; 
    330332 
    331333            if ($next != $data['page_count']) 
    332334            { 
    333                 echo "\n<a class=\"last_page\" href=\"?{$page_var}={$data['page_count']}" . $this->_get_query_string() . "\">" . $this->_l10n->get('last') . "</a>"; 
     335                echo "\n<a class=\"last_page\" href=" . midcom_helper_xsspreventer::escape_attribute("?{$page_var}={$data['page_count']}" . $this->_get_query_string()) . ">" . $this->_l10n->get('last') . "</a>"; 
    334336            } 
    335337        } 
     
    345347    function show_pages_as_xml($acl_checks=false, $echo=true) 
    346348    { 
     349        $_MIDCOM->load_library('midcom.helper.xsspreventer'); 
    347350        $pages_xml_str = "<pages "; 
    348351         
     
    393396            if ($previous != 1) 
    394397            { 
    395                 $pages_xml_str .= "<page class=\"first_page\" number=\"1\" url=\"?{$page_var}=1" . $this->_get_query_string() . "\"><![CDATA[" . $this->_l10n->get('first') . "]]></page>\n"; 
    396             } 
    397                 $pages_xml_str .= "<page class=\"previous_page\" number=\"{$previous}\" url=\"?{$page_var}={$previous}" . $this->_get_query_string() . "\"><![CDATA[" . $this->_l10n->get('previous') . "]]></page>\n"; 
     398                $pages_xml_str .= "<page class=\"first_page\" number=\"1\" url=" . midcom_helper_xsspreventer::escape_attribute("?{$page_var}=1" . $this->_get_query_string()) . "><![CDATA[" . $this->_l10n->get('first') . "]]></page>\n"; 
     399            } 
     400                $pages_xml_str .= "<page class=\"previous_page\" number=\"{$previous}\" url=" . midcom_helper_xsspreventer::escape_attribute("?{$page_var}={$previous}" . $this->_get_query_string()) . "><![CDATA[" . $this->_l10n->get('previous') . "]]></page>\n"; 
    398401        } 
    399402 
     
    412415            } 
    413416             
    414             $pages_xml_str .= "<page class=\"select_page\" number=\"{$page}\" url=\"?{$page_var}={$page}" . $this->_get_query_string() . "\">{$page}</page>\n"; 
     417            $pages_xml_str .= "<page class=\"select_page\" number=\"{$page}\" url=" . midcom_helper_xsspreventer::escape_attribute("?{$page_var}={$page}" . $this->_get_query_string()) . ">{$page}</page>\n"; 
    415418        } 
    416419 
     
    418421        { 
    419422            $next = $data['current_page'] + 1; 
    420             $pages_xml_str .= "<page class=\"next_page\" number=\"{$next}\" url=\"?{$page_var}={$next}" . $this->_get_query_string() . "\"><![CDATA[" . $this->_l10n->get('next') . "]]></page>\n"; 
     423            $pages_xml_str .= "<page class=\"next_page\" number=\"{$next}\" url=" . midcom_helper_xsspreventer::escape_attribute("?{$page_var}={$next}" . $this->_get_query_string()) . "><![CDATA[" . $this->_l10n->get('next') . "]]></page>\n"; 
    421424 
    422425            if ($next != $data['page_count']) 
    423426            { 
    424                 $pages_xml_str .= "<page class=\"last_page\" number=\"{$data['page_count']}\" url=\"?{$page_var}={$data['page_count']}" . $this->_get_query_string() . "\"><![CDATA[" . $this->_l10n->get('last') . "]]></page>\n"; 
     427                $pages_xml_str .= "<page class=\"last_page\" number=\"{$data['page_count']}\" url=" . midcom_helper_xsspreventer::escape_attribute("?{$page_var}={$data['page_count']}" . $this->_get_query_string()) . "><![CDATA[" . $this->_l10n->get('last') . "]]></page>\n"; 
    425428            } 
    426429        }