Commit d79a6769666164f07832a70f7ff94a4f7c566c32
1 parent
03c98e98
Merged in from DEV trunk...
KTS-2178 "cross site scripting" Implemented. Committed By: Conrad Reviewed By: Kevin git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/STABLE/trunk@6981 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
29 changed files
with
103 additions
and
103 deletions
plugins/tagcloud/templates/TagCloud/dashlet.smarty
| ... | ... | @@ -2,8 +2,8 @@ |
| 2 | 2 | <style type="text/css"> |
| 3 | 3 | #tagcloud a, a.link, a.visited, a.hover, a.active { |
| 4 | 4 | |
| 5 | -color: gray; | |
| 6 | -border-bottom: 0px; | |
| 5 | +color: gray; | |
| 6 | +border-bottom: 0px; | |
| 7 | 7 | text-decoration: none; |
| 8 | 8 | |
| 9 | 9 | } |
| ... | ... | @@ -17,9 +17,9 @@ There are no tags defined or accessible. |
| 17 | 17 | {else} |
| 18 | 18 | <div id=tagcloud> |
| 19 | 19 | {foreach from=$tags key=tag item=size} |
| 20 | - | |
| 21 | - <a href="{$url}&tag={$tag|urlencode}" style="font-size: {$size}px">{$tag}</a> | |
| 22 | - | |
| 20 | + | |
| 21 | + <a href="{$url}&tag={$tag|urlencode}" style="font-size: {$size}px">{$tag|sanitize}</a> | |
| 22 | + | |
| 23 | 23 | {/foreach} |
| 24 | 24 | </div> |
| 25 | 25 | {/if} | ... | ... |
templates/kt3/fields/base.smarty
| ... | ... | @@ -11,5 +11,5 @@ |
| 11 | 11 | <p class="errorMessage"></p> |
| 12 | 12 | {/if} |
| 13 | 13 | |
| 14 | - <input type="text" name="{$name}" {if $has_id}id="{$id}"{/if} {if $has_value}value="{$value}"{/if}{if ($options.autocomplete === false)}autocomplete="off"{/if} {if $options.width}size="{$options.width}"{/if} /><input type="hidden" name="kt_core_fieldsets_expect[{$name}]" value ="1" /> | |
| 14 | + <input type="text" name="{$name}" {if $has_id}id="{$id}"{/if} {if $has_value}value="{$value|sanitize}"{/if}{if ($options.autocomplete === false)}autocomplete="off"{/if} {if $options.width}size="{$options.width}"{/if} /><input type="hidden" name="kt_core_fieldsets_expect[{$name}]" value ="1" /> | |
| 15 | 15 | </div> | ... | ... |
templates/kt3/fields/password.smarty
| ... | ... | @@ -11,5 +11,5 @@ |
| 11 | 11 | <p class="errorMessage"></p> |
| 12 | 12 | {/if} |
| 13 | 13 | |
| 14 | - <input type="password" name="{$name}" {if $has_id}id="{$id}"{/if} {if $has_value}value="{$value}"{/if}{if ($options.autocomplete === false)}autocomplete="off"{/if}/><input type="hidden" name="kt_core_fieldsets_expect[{$name}]" value ="1" /> | |
| 14 | + <input type="password" name="{$name}" {if $has_id}id="{$id}"{/if} {if $has_value}value="{$value|sanitize}"{/if}{if ($options.autocomplete === false)}autocomplete="off"{/if}/><input type="hidden" name="kt_core_fieldsets_expect[{$name}]" value ="1" /> | |
| 15 | 15 | </div> | ... | ... |
templates/kt3/fields/statictext.smarty
| ... | ... | @@ -10,7 +10,7 @@ |
| 10 | 10 | {else} |
| 11 | 11 | <p class="errorMessage"></p> |
| 12 | 12 | {/if} |
| 13 | - | |
| 14 | - <p {if $has_id}id="{$id}"{/if}>{if $has_value}{$value}{/if}</p> | |
| 13 | + | |
| 14 | + <p {if $has_id}id="{$id}"{/if}>{if $has_value}{$value|sanitize}{/if}</p> | |
| 15 | 15 | <!-- <input type="hidden" name="kt_core_fieldsets_expect[{$name}]" value ="1" /> --> |
| 16 | 16 | </div> | ... | ... |
templates/kt3/fields/text.smarty
| ... | ... | @@ -10,11 +10,11 @@ |
| 10 | 10 | {else} |
| 11 | 11 | <p class="errorMessage"></p> |
| 12 | 12 | {/if} |
| 13 | - | |
| 13 | + | |
| 14 | 14 | <textarea name="{$name}" |
| 15 | 15 | {if $has_id} id="{$id}"{/if} |
| 16 | 16 | {if $options.rows} rows="{$options.rows}"{else} rows="7"{/if} |
| 17 | 17 | {if $options.cols} cols="{$options.cols}"{else} cols="45"{/if} |
| 18 | - >{if $has_value}{$value}{/if}</textarea> | |
| 18 | + >{if $has_value}{$value|sanitize}{/if}</textarea> | |
| 19 | 19 | <input type="hidden" name="kt_core_fieldsets_expect[{$name}]" value ="1" /> |
| 20 | 20 | </div> | ... | ... |
templates/kt3/notifications/subscriptions.AddDocument.smarty
| 1 | -<dt class="actionitem subscription">{$info.title}</dt> | |
| 1 | +<dt class="actionitem subscription">{$info.title|sanitize}</dt> | |
| 2 | 2 | <dd class="actionmessage"> |
| 3 | 3 | <!-- could break this up. --> |
| 4 | - {i18n arg_object_name=$info.object_name}The document "#object_name#" was added{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}to "#location_name#"{/i18n}{/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}. | |
| 4 | + {i18n arg_object_name=$info.object_name|sanitize}The document "#object_name#" was added{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}to "#location_name#"{/i18n}{/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}. | |
| 5 | 5 | <div class="actionoptions"> |
| 6 | 6 | {if !$is_broken} |
| 7 | 7 | <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Document{/i18n}</a> | ... | ... |
templates/kt3/notifications/subscriptions.AddFolder.smarty
| 1 | -<dt class="actionitem subscription">{$info.title}</dt> | |
| 1 | +<dt class="actionitem subscription">{$info.title|sanitize}</dt> | |
| 2 | 2 | <dd class="actionmessage"> |
| 3 | 3 | <!-- could break this up. --> |
| 4 | - {i18n arg_object_name=$info.object_name}The folder "#object_name#" was added{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}to "#location_name#"{/i18n}{/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}. | |
| 4 | + {i18n arg_object_name=$info.object_name|sanitize}The folder "#object_name#" was added{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}to "#location_name#"{/i18n}{/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}. | |
| 5 | 5 | <div class="actionoptions"> |
| 6 | 6 | {if !$is_broken} |
| 7 | 7 | <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View New Folder{/i18n}</a> | ... | ... |
templates/kt3/notifications/subscriptions.ArchivedDocument.smarty
| 1 | -<dt class="actionitem subscription">{$info.title}</dt> | |
| 1 | +<dt class="actionitem subscription">{$info.title|sanitize}</dt> | |
| 2 | 2 | <dd class="actionmessage"> |
| 3 | 3 | <!-- could break this up. --> |
| 4 | - {i18n arg_object_name=$info.object_name}The document "#object_name#"{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}from "#location_name#"{/i18n}{/if} {i18n}was archived{/i18n}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}. | |
| 5 | - <div class="actionoptions"> | |
| 4 | + {i18n arg_object_name=$info.object_name|sanitize}The document "#object_name#"{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}from "#location_name#"{/i18n}{/if} {i18n}was archived{/i18n}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}. | |
| 5 | + <div class="actionoptions"> | |
| 6 | 6 | <a href="{ktLink base="notify.php" query="id=`$info.notify_id`¬ify_action=clear"}">{i18n}Clear Alert{/i18n}</a> |
| 7 | 7 | </div> |
| 8 | 8 | </dd> | ... | ... |
templates/kt3/notifications/subscriptions.CheckInDocument.smarty
| 1 | -<dt class="actionitem subscription">{$info.title}</dt> | |
| 1 | +<dt class="actionitem subscription">{$info.title|sanitize}</dt> | |
| 2 | 2 | <dd class="actionmessage"> |
| 3 | 3 | <!-- could break this up. --> |
| 4 | - {i18n arg_object_name=$info.object_name}The document "#object_name#" has been checked in{/i18n}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}{if ($info.location_name !== null)}, {i18n arg_location_name=$info.location_name}in the folder "#location_name#"{/i18n}{/if}. | |
| 5 | - <div class="actionoptions"> | |
| 4 | + {i18n arg_object_name=$info.object_name|sanitize}The document "#object_name#" has been checked in{/i18n}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}{if ($info.location_name !== null)}, {i18n arg_location_name=$info.location_name}in the folder "#location_name#"{/i18n}{/if}. | |
| 5 | + <div class="actionoptions"> | |
| 6 | 6 | {if !$is_broken} |
| 7 | 7 | <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Document{/i18n}</a> |
| 8 | 8 | {else} | ... | ... |
templates/kt3/notifications/subscriptions.CheckOutDocument.smarty
| 1 | -<dt class="actionitem subscription">{$info.title}</dt> | |
| 1 | +<dt class="actionitem subscription">{$info.title|sanitize}</dt> | |
| 2 | 2 | <dd class="actionmessage"> |
| 3 | 3 | <!-- could break this up. --> |
| 4 | - {i18n arg_object_name=$info.object_name}The document "#object_name#" has been checked out{/i18n}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}{if ($info.location_name !== null)}, {i18n arg_location_name=$info.location_name}from the folder "#location_name#"{/i18n}{/if}. | |
| 5 | - <div class="actionoptions"> | |
| 4 | + {i18n arg_object_name=$info.object_name|sanitize}The document "#object_name#" has been checked out{/i18n}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}{if ($info.location_name !== null)}, {i18n arg_location_name=$info.location_name}from the folder "#location_name#"{/i18n}{/if}. | |
| 5 | + <div class="actionoptions"> | |
| 6 | 6 | {if !$is_broken} |
| 7 | 7 | <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Document{/i18n}</a> |
| 8 | 8 | {else} | ... | ... |
templates/kt3/notifications/subscriptions.DiscussDocument.smarty
| 1 | -<dt class="actionitem subscription">{$info.title}</dt> | |
| 1 | +<dt class="actionitem subscription">{$info.title|sanitize}</dt> | |
| 2 | 2 | <dd class="actionmessage"> |
| 3 | 3 | <!-- could break this up. --> |
| 4 | - {if ($info.has_actor)} | |
| 5 | - {$info.actor_name} {i18n}has added to the discussion around document{/i18n} "{$info.object_name}". | |
| 6 | - {else} | |
| 7 | - The discussion around document "{$info.object_name}" has been updated. | |
| 4 | + {if ($info.has_actor)} | |
| 5 | + {$info.actor_name} {i18n}has added to the discussion around document{/i18n} "{$info.object_name|sanitize}". | |
| 6 | + {else} | |
| 7 | + The discussion around document "{$info.object_name|sanitize}" has been updated. | |
| 8 | 8 | {/if} |
| 9 | - <div class="actionoptions"> | |
| 9 | + <div class="actionoptions"> | |
| 10 | 10 | {if !$is_broken} |
| 11 | 11 | <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Document{/i18n}</a> |
| 12 | 12 | {else} | ... | ... |
templates/kt3/notifications/subscriptions.ModifyDocument.smarty
| 1 | -<dt class="actionitem subscription">{$info.title}</dt> | |
| 1 | +<dt class="actionitem subscription">{$info.title|sanitize}</dt> | |
| 2 | 2 | <dd class="actionmessage"> |
| 3 | 3 | <!-- could break this up. --> |
| 4 | - {i18n arg_object_name=$info.object_name}The document "#object_name#" has been changed{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}in the folder "#location_name#"{/i18n}{/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}. | |
| 5 | - <div class="actionoptions"> | |
| 4 | + {i18n arg_object_name=$info.object_name|sanitize}The document "#object_name#" has been changed{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}in the folder "#location_name#"{/i18n}{/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}. | |
| 5 | + <div class="actionoptions"> | |
| 6 | 6 | {if !$is_broken} |
| 7 | 7 | <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Document{/i18n}</a> |
| 8 | 8 | {else} | ... | ... |
templates/kt3/notifications/subscriptions.MoveDocument.smarty
| 1 | -<dt class="actionitem subscription">{$info.title}</dt> | |
| 1 | +<dt class="actionitem subscription">{$info.title|sanitize}</dt> | |
| 2 | 2 | <dd class="actionmessage"> |
| 3 | 3 | <!-- could break this up. --> |
| 4 | - {i18n arg_object_name=$info.object_name}The document "#object_name#" has been moved{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}to the folder "#location_name#"{/i18n}{/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}. | |
| 5 | - <div class="actionoptions"> | |
| 4 | + {i18n arg_object_name=$info.object_name|sanitize}The document "#object_name#" has been moved{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}to the folder "#location_name#"{/i18n}{/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}. | |
| 5 | + <div class="actionoptions"> | |
| 6 | 6 | {if !$is_broken} |
| 7 | 7 | <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View New Location{/i18n}</a> |
| 8 | 8 | {else} |
| 9 | 9 | <span class="descriptiveText">{i18n}Location is no longer available{/i18n}</span> |
| 10 | 10 | {/if} |
| 11 | - | |
| 11 | + | |
| 12 | 12 | | <a href="{ktLink base="notify.php" query="id=`$info.notify_id`¬ify_action=clear"}">{i18n}Clear Alert{/i18n}</a> |
| 13 | 13 | </div> |
| 14 | 14 | </dd> | ... | ... |
templates/kt3/notifications/subscriptions.RemoveChildDocument.smarty
| 1 | -<dt class="actionitem subscription">{$info.title}</dt> | |
| 1 | +<dt class="actionitem subscription">{$info.title|sanitize}</dt> | |
| 2 | 2 | <dd class="actionmessage"> |
| 3 | 3 | <!-- could break this up. --> |
| 4 | - {i18n arg_object_name=$info.object_name}The document "#object_name#" has been removed{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}from the folder "#location_name#"{/i18n} ({i18n}to which you are subscribed{/i18n}){/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}. | |
| 5 | - <div class="actionoptions"> | |
| 4 | + {i18n arg_object_name=$info.object_name|sanitize}The document "#object_name#" has been removed{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}from the folder "#location_name#"{/i18n} ({i18n}to which you are subscribed{/i18n}){/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}. | |
| 5 | + <div class="actionoptions"> | |
| 6 | 6 | {if !$is_broken} |
| 7 | 7 | <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Folder{/i18n}</a> |
| 8 | 8 | {else} | ... | ... |
templates/kt3/notifications/subscriptions.RemoveChildFolder.smarty
| 1 | -<dt class="actionitem subscription">{$info.title}</dt> | |
| 1 | +<dt class="actionitem subscription">{$info.title|sanitize}</dt> | |
| 2 | 2 | <dd class="actionmessage"> |
| 3 | 3 | <!-- could break this up. --> |
| 4 | - {i18n arg_object_name=$info.object_name}The folder "#object_name#" has been removed{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}from "#location_name#"{/i18n}{/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}. | |
| 4 | + {i18n arg_object_name=$info.object_name|sanitize}The folder "#object_name#" has been removed{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}from "#location_name#"{/i18n}{/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}. | |
| 5 | 5 | <div class="actionoptions"> |
| 6 | 6 | {if !$is_broken} |
| 7 | - <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Folder{/i18n}</a> | |
| 7 | + <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Folder{/i18n}</a> | |
| 8 | 8 | {else} |
| 9 | 9 | <span class="descriptiveText">{i18n}Location is no longer available{/i18n}</span> |
| 10 | 10 | {/if} |
| 11 | - | |
| 11 | + | |
| 12 | 12 | | <a href="{ktLink base="notify.php" query="id=`$info.notify_id`¬ify_action=clear"}">{i18n}Clear Alert{/i18n}</a> |
| 13 | 13 | </div> |
| 14 | 14 | </dd> | ... | ... |
templates/kt3/notifications/subscriptions.RemoveSubscribedDocument.smarty
| 1 | -<dt class="actionitem subscription">{$info.title}</dt> | |
| 1 | +<dt class="actionitem subscription">{$info.title|sanitize}</dt> | |
| 2 | 2 | <dd class="actionmessage"> |
| 3 | 3 | <!-- could break this up. --> |
| 4 | - {i18n arg_object_name=$info.object_name}The document "#object_name#" to which you were subscribed, has been removed{/i18n}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}. | |
| 5 | - <div class="actionoptions"> | |
| 4 | + {i18n arg_object_name=$info.object_name|sanitize}The document "#object_name#" to which you were subscribed, has been removed{/i18n}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}. | |
| 5 | + <div class="actionoptions"> | |
| 6 | 6 | <a href="{ktLink base="notify.php" query="id=`$info.notify_id`¬ify_action=clear"}">{i18n}Clear Alert{/i18n}</a> |
| 7 | 7 | </div> |
| 8 | 8 | </dd> | ... | ... |
templates/kt3/notifications/subscriptions.RemoveSubscribedFolder.smarty
| 1 | -<dt class="actionitem subscription">{$info.title}</dt> | |
| 1 | +<dt class="actionitem subscription">{$info.title|sanitize}</dt> | |
| 2 | 2 | <dd class="actionmessage"> |
| 3 | 3 | <!-- could break this up. --> |
| 4 | - {i18n arg_object_name=$info.object_name}The folder "#object_name#" to which you were subscribed, has been removed{/i18n}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}. | |
| 5 | - <div class="actionoptions"> | |
| 4 | + {i18n arg_object_name=$info.object_name|sanitize}The folder "#object_name#" to which you were subscribed, has been removed{/i18n}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}. | |
| 5 | + <div class="actionoptions"> | |
| 6 | 6 | <a href="{ktLink base="notify.php" query="id=`$info.notify_id`¬ify_action=clear"}">{i18n}Clear Alert{/i18n}</a> |
| 7 | 7 | </div> |
| 8 | 8 | </dd> | ... | ... |
templates/kt3/notifications/subscriptions.RestoreDocument.smarty
| 1 | -<dt class="actionitem subscription">{$info.title}</dt> | |
| 1 | +<dt class="actionitem subscription">{$info.title|sanitize}</dt> | |
| 2 | 2 | <dd class="actionmessage"> |
| 3 | 3 | <!-- could break this up. --> |
| 4 | - {i18n arg_object_name=$info.object_name}The document "#object_name#" has been restored by an administrator.{/i18n} | |
| 5 | - <div class="actionoptions"> | |
| 4 | + {i18n arg_object_name=$info.object_name|sanitize}The document "#object_name#" has been restored by an administrator.{/i18n} | |
| 5 | + <div class="actionoptions"> | |
| 6 | 6 | <a href="{ktLink base="notify.php" query="id=`$info.notify_id`¬ify_action=clear"}">{i18n}Clear Alert{/i18n}</a> |
| 7 | 7 | </div> |
| 8 | 8 | </dd> | ... | ... |
templates/kt3/notifications/subscriptions.generic.smarty
| 1 | -<dt class="actionitem subscription">{$info.title}</dt> | |
| 1 | +<dt class="actionitem subscription">{$info.title|sanitize}</dt> | |
| 2 | 2 | <dd class="actionmessage"> |
| 3 | 3 | <div class="actionoptions"> |
| 4 | 4 | <a href="{ktLink base="notify.php" query="id=`$info.notify_id`¬ify_action=clear"}">{i18n}Clear Alert{/i18n}</a> | ... | ... |
templates/kt3/reorderdisplay.smarty
| ... | ... | @@ -16,7 +16,7 @@ |
| 16 | 16 | <td> |
| 17 | 17 | <input type="hidden" class="reorder-field" name="position[]" value="{$iPosition}" /> |
| 18 | 18 | <input type="hidden" name="id[]" value="{$aItem.id}" /> |
| 19 | - {$aItem.title} | |
| 19 | + {$aItem.title|sanitize} | |
| 20 | 20 | </td> |
| 21 | 21 | <td><a href="#" class="reorder-up ktAction ktMoveUp"> </a></td> |
| 22 | 22 | <td><a href="#" class="reorder-down ktAction ktMoveDown"> </a></td> | ... | ... |
templates/kt3/standard_page.smarty
| ... | ... | @@ -182,7 +182,7 @@ |
| 182 | 182 | <div class="error_dashlet_rightrepeat_bottom"></div> |
| 183 | 183 | <div class="error_dashlet_leftrepeat_bottom"></div> |
| 184 | 184 | {foreach item=sError from=$page->errStack} |
| 185 | - <p>{$sError}</p> | |
| 185 | + <p>{$sError|sanitize}</p> | |
| 186 | 186 | {/foreach} |
| 187 | 187 | <div class="error_dashlet_topleft_small"></div> |
| 188 | 188 | <div class="error_dashlet_toprepeat_small"></div> |
| ... | ... | @@ -199,7 +199,7 @@ |
| 199 | 199 | <div class="info_dashlet_rightrepeat_bottom"></div> |
| 200 | 200 | <div class="info_dashlet_leftrepeat_bottom"></div> |
| 201 | 201 | {foreach item=sInfo from=$page->infoStack} |
| 202 | - <p>{$sInfo}</p> | |
| 202 | + <p>{$sInfo|sanitize}</p> | |
| 203 | 203 | {/foreach} |
| 204 | 204 | <div class="info_dashlet_topleft_small"></div> |
| 205 | 205 | <div class="info_dashlet_toprepeat_small"></div> | ... | ... |
templates/kt3/view_folder_history.smarty
| 1 | -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Folder Transaction History{/i18n}:<br />{$folder->getName()}</h2> | |
| 1 | +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Folder Transaction History{/i18n}:<br />{$folder->getName()|sanitize}</h2> | |
| 2 | 2 | |
| 3 | 3 | <p class="descriptiveText">{i18n}This page provides details of all activities that have been carried out on the folder.{/i18n}</p> |
| 4 | 4 | ... | ... |
templates/ktcore/action/delete.smarty
| 1 | -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Delete Document{/i18n}:<br />{$context->oDocument->getName()}</h2> | |
| 1 | +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Delete Document{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2> | |
| 2 | 2 | |
| 3 | 3 | <p class="descriptiveText">{i18n}Deleting a document marks it as no longer |
| 4 | 4 | being displayed. The document management system does not remove the | ... | ... |
templates/ktcore/document/admin/force_checkin_confirm.smarty
| ... | ... | @@ -5,11 +5,11 @@ |
| 5 | 5 | <h3>{i18n}Document Details{/i18n}</h3> |
| 6 | 6 | <dl class="metadata"> |
| 7 | 7 | <dt>{i18n}Document Name{/i18n}</dt> |
| 8 | - <dd>{$document->getName()}</dd> | |
| 9 | - | |
| 8 | + <dd>{$document->getName()|sanitize}</dd> | |
| 9 | + | |
| 10 | 10 | <dt>{i18n}Location{/i18n}</dt> |
| 11 | 11 | <dd>{$document->getDisplayPath()}</dd> |
| 12 | - | |
| 12 | + | |
| 13 | 13 | <dt>{i18n}Checked out by{/i18n}</dt> |
| 14 | 14 | {if ($checkout_user !== null)} |
| 15 | 15 | <dd> | ... | ... |
templates/ktcore/document/edit.smarty
| ... | ... | @@ -11,7 +11,7 @@ |
| 11 | 11 | |
| 12 | 12 | {$context->oPage->requireCSSResource('resources/css/kt-treewidget.css')} |
| 13 | 13 | |
| 14 | -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Edit Metadata{/i18n}:<br />{$context->oDocument->getName()}</h2> | |
| 14 | +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Edit Metadata{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2> | |
| 15 | 15 | |
| 16 | 16 | {capture assign=link}{addQS}action=selectType&fDocumentId={$document->getId()}{/addQS}{/capture} |
| 17 | 17 | <p class="descriptiveText">{i18n arg_link=$link arg_name=$type_name}Change the <strong><a href="#link#">document type</a></strong>. The current type is "#name#"{/i18n}</p> | ... | ... |
templates/ktcore/workflow/editState.smarty
| ... | ... | @@ -20,7 +20,7 @@ td.false { background-color: #ffaaaa; text-align: centre } |
| 20 | 20 | {/literal}{/capture} |
| 21 | 21 | {$context->oPage->requireCSSStandalone($sCSS)} |
| 22 | 22 | |
| 23 | -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}State{/i18n}:<br />{$oState->getName()}</h2> | |
| 23 | +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}State{/i18n}:<br />{$oState->getName()|sanitize}</h2> | |
| 24 | 24 | |
| 25 | 25 | <p class="descriptiveText">{i18n}As documents move through their lifecycle, they |
| 26 | 26 | are placed in certain <strong>states</strong>. For example, an invoice | ... | ... |
templates/ktcore/workflow/editTransition.smarty
| 1 | -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Transition{/i18n}:<br />{$oTransition->getName()}</h2> | |
| 1 | +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Transition{/i18n}:<br />{$oTransition->getName()|sanitize}</h2> | |
| 2 | 2 | |
| 3 | 3 | <form action="{$smarty.server.PHP_SELF}" method="POST"> |
| 4 | 4 | <fieldset> |
| ... | ... | @@ -32,79 +32,79 @@ requirement.{/i18n}</p> |
| 32 | 32 | occur when a transition is performed, and to control who can perform the transition. Some triggers |
| 33 | 33 | perform <strong>both</strong> of these functions, especially if performing the action requires that |
| 34 | 34 | certain conditions are in place before the action will occur.{/i18n}</p> |
| 35 | - | |
| 35 | + | |
| 36 | 36 | <form method="POST" action="{$smarty.server.PHP_SELF}"> |
| 37 | 37 | |
| 38 | 38 | <input type="hidden" name="action" value="addTrigger" /> |
| 39 | 39 | <input type="hidden" name="fWorkflowId" value="{$oWorkflow->getId()}" /> |
| 40 | 40 | <input type="hidden" name="fTransitionId" value="{$oTransition->getId()}" /> |
| 41 | - | |
| 41 | + | |
| 42 | 42 | {foreach item=oWidget from=$add_trigger_fields} |
| 43 | 43 | {$oWidget->render()} |
| 44 | - {/foreach} | |
| 45 | - | |
| 44 | + {/foreach} | |
| 45 | + | |
| 46 | 46 | <div class="form_actions"> |
| 47 | 47 | <input type="submit" value="Add Trigger" /> |
| 48 | 48 | </div> |
| 49 | 49 | </form> |
| 50 | - | |
| 50 | + | |
| 51 | 51 | <h3>{i18n}Guards{/i18n}</h3> |
| 52 | - | |
| 52 | + | |
| 53 | 53 | <p class="descriptiveText">{i18n}Items which control whether a given user can perform this transition |
| 54 | 54 | on a specific document. <strong>All of these must allow the user to perform the transition.</strong>{/i18n}</p> |
| 55 | 55 | {if empty($aGuardTriggers)} |
| 56 | - <div class="ktInfoMessage"><span>{i18n}Anybody (with the ability to see the document) can perform this transition.{/i18n}</span></div> | |
| 56 | + <div class="ktInfoMessage"><span>{i18n}Anybody (with the ability to see the document) can perform this transition.{/i18n}</span></div> | |
| 57 | 57 | {else} |
| 58 | - | |
| 58 | + | |
| 59 | 59 | <table class="kt_collection narrow" cellspacing="0"> |
| 60 | 60 | <thead> |
| 61 | 61 | <tr> |
| 62 | - <th>{i18n}Trigger{/i18n}</th> | |
| 63 | - <th>{i18n}Configuration{/i18n}</th> | |
| 64 | - <th>{i18n}Edit{/i18n}</th> | |
| 65 | - <th>{i18n}Delete{/i18n}</th> | |
| 66 | - </tr> | |
| 67 | - </thead> | |
| 62 | + <th>{i18n}Trigger{/i18n}</th> | |
| 63 | + <th>{i18n}Configuration{/i18n}</th> | |
| 64 | + <th>{i18n}Edit{/i18n}</th> | |
| 65 | + <th>{i18n}Delete{/i18n}</th> | |
| 66 | + </tr> | |
| 67 | + </thead> | |
| 68 | 68 | <tbody> |
| 69 | 69 | {foreach from=$aGuardTriggers item=oTrigger} |
| 70 | 70 | <tr> |
| 71 | 71 | <td>{$oTrigger->getName()}</td> |
| 72 | 72 | <td>{$oTrigger->getConfigDescription()}</td> |
| 73 | 73 | <td>{if $oTrigger->bIsConfigurable}<a class="ktAction ktEdit" href="{addQS}action=editTrigger&fWorkflowId={$oWorkflow->getId()}&fTransitionId={$oTransition->getId()}&fTriggerInstanceId={$oTrigger->getConfigId()}{/addQS}">edit</a>{else}—{/if}</td> |
| 74 | - <td><a class="ktAction ktDelete" href="{addQS}action=deleteTrigger&fWorkflowId={$oWorkflow->getId()}&fTransitionId={$oTransition->getId()}&fTriggerInstanceId={$oTrigger->getConfigId()}{/addQS}">delete</a></td> | |
| 74 | + <td><a class="ktAction ktDelete" href="{addQS}action=deleteTrigger&fWorkflowId={$oWorkflow->getId()}&fTransitionId={$oTransition->getId()}&fTriggerInstanceId={$oTrigger->getConfigId()}{/addQS}">delete</a></td> | |
| 75 | 75 | </tr> |
| 76 | - {/foreach} | |
| 76 | + {/foreach} | |
| 77 | 77 | </tbody> |
| 78 | - </table> | |
| 79 | - | |
| 78 | + </table> | |
| 79 | + | |
| 80 | 80 | {/if} |
| 81 | 81 | <h3>Actions</h3> |
| 82 | 82 | |
| 83 | - <p class="descriptiveText">{i18n}Actions which are performed when the document follows the transition.{/i18n}</p> | |
| 83 | + <p class="descriptiveText">{i18n}Actions which are performed when the document follows the transition.{/i18n}</p> | |
| 84 | 84 | {if empty($aActionTriggers)} |
| 85 | - <div class="ktInfoMessage"><span>{i18n}No actions are performed when this transition occurs.{/i18n}</span></div> | |
| 85 | + <div class="ktInfoMessage"><span>{i18n}No actions are performed when this transition occurs.{/i18n}</span></div> | |
| 86 | 86 | {else} |
| 87 | - | |
| 87 | + | |
| 88 | 88 | <table class="kt_collection narrow" cellspacing="0"> |
| 89 | 89 | <thead> |
| 90 | 90 | <tr> |
| 91 | - <th>{i18n}Trigger{/i18n}</th> | |
| 92 | - <th>{i18n}Configuration{/i18n}</th> | |
| 93 | - <th>{i18n}Edit{/i18n}</th> | |
| 94 | - <th>{i18n}Delete{/i18n}</th> | |
| 95 | - </tr> | |
| 96 | - </thead> | |
| 91 | + <th>{i18n}Trigger{/i18n}</th> | |
| 92 | + <th>{i18n}Configuration{/i18n}</th> | |
| 93 | + <th>{i18n}Edit{/i18n}</th> | |
| 94 | + <th>{i18n}Delete{/i18n}</th> | |
| 95 | + </tr> | |
| 96 | + </thead> | |
| 97 | 97 | <tbody> |
| 98 | 98 | {foreach from=$aActionTriggers item=oTrigger} |
| 99 | 99 | <tr> |
| 100 | 100 | <td>{$oTrigger->getName()}</td> |
| 101 | 101 | <td>{$oTrigger->getConfigDescription()}</td> |
| 102 | 102 | <td>{if $oTrigger->bIsConfigurable}<a class="ktAction ktEdit" href="{addQS}action=editTrigger&fWorkflowId={$oWorkflow->getId()}&fTransitionId={$oTransition->getId()}&fTriggerInstanceId={$oTrigger->getConfigId()}{/addQS}">edit</a>{else}—{/if}</td> |
| 103 | - <td><a class="ktAction ktDelete" href="{addQS}action=deleteTrigger&fWorkflowId={$oWorkflow->getId()}&fTransitionId={$oTransition->getId()}&fTriggerInstanceId={$oTrigger->getConfigId()}{/addQS}">delete</a></td> | |
| 103 | + <td><a class="ktAction ktDelete" href="{addQS}action=deleteTrigger&fWorkflowId={$oWorkflow->getId()}&fTransitionId={$oTransition->getId()}&fTriggerInstanceId={$oTrigger->getConfigId()}{/addQS}">delete</a></td> | |
| 104 | 104 | </tr> |
| 105 | - {/foreach} | |
| 105 | + {/foreach} | |
| 106 | 106 | </tbody> |
| 107 | - </table> | |
| 108 | - | |
| 109 | - {/if} | |
| 107 | + </table> | |
| 108 | + | |
| 109 | + {/if} | |
| 110 | 110 | </fieldset> | ... | ... |
templates/ktcore/workflow/editWorkflow.smarty
| 1 | 1 | {$context->oPage->requireCSSResource('resources/css/workflow-admin.css')} |
| 2 | 2 | |
| 3 | -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Workflow Overview{/i18n}:<br />{$oWorkflow->getName()}</h2> | |
| 3 | +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Workflow Overview{/i18n}:<br />{$oWorkflow->getName()|sanitize}</h2> | |
| 4 | 4 | |
| 5 | 5 | |
| 6 | 6 | <form action="{$smarty.server.PHP_SELF}" method="POST"> |
| ... | ... | @@ -34,17 +34,17 @@ or use the "Workflow" menu on the left to create new ones.{/i18n}</p> |
| 34 | 34 | <li>{i18n}Notified groups & roles{/i18n}: |
| 35 | 35 | {$context->getNotificationStringForState($oState)} |
| 36 | 36 | </li> |
| 37 | - | |
| 37 | + | |
| 38 | 38 | <li>{i18n}Controlled Actions available{/i18n}: |
| 39 | 39 | {$context->getActionStringForState($oState)} |
| 40 | 40 | </li> |
| 41 | - | |
| 41 | + | |
| 42 | 42 | <li>{i18n}Permissions overridden{/i18n}: {$context->getPermissionStringForState($oState)}</li> |
| 43 | - | |
| 43 | + | |
| 44 | 44 | <li>{i18n}Transitions available{/i18n}: |
| 45 | 45 | {$context->getTransitionFromStringForState($oState)} |
| 46 | 46 | </li> |
| 47 | - | |
| 47 | + | |
| 48 | 48 | <li>{i18n}Transitions to this state{/i18n}: |
| 49 | 49 | {$context->getTransitionToStringForState($oState)} |
| 50 | 50 | </li> | ... | ... |
templates/ktstandard/PDFPlugin/PDFPlugin.smarty
| 1 | -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Generate PDF of{/i18n}:<br />{$context->oDocument->getName()}</h2> | |
| 1 | +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Generate PDF of{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2> | |
| 2 | 2 | |
| 3 | 3 | {$form->render()} | ... | ... |