Skip to content
Snippets Groups Projects
Commit 5d30a7a2 authored by David Siegfried's avatar David Siegfried
Browse files

prevent xss, closes #895

parent f12ae512
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app/views/course/plus/index.php
+ 223
246
View file @ 5d30a7a2
<?php <?
/* /*
* Copyright (c) 2012 Rasmus Fuhse <fuhse@data-quest.de> * Copyright (c) 2012 Rasmus Fuhse <fuhse@data-quest.de>
...@@ -8,261 +8,238 @@ ...@@ -8,261 +8,238 @@
* published by the Free Software Foundation; either version 2 of * published by the Free Software Foundation; either version 2 of
* the License, or (at your option) any later version. * the License, or (at your option) any later version.
*/ */
use Studip\Button, Studip\LinkButton;
use Studip\Button;
?> ?>
<form action="<?= URLHelper::getLink($save_url) ?>" method="post" class="default"> <form action="<?= URLHelper::getLink($save_url) ?>" method="post" class="default">
<?= CSRFProtection::tokenTag() ?> <?= CSRFProtection::tokenTag() ?>
<input name="uebernehmen" value="1" type="hidden"> <input name="uebernehmen" value="1" type="hidden">
<table class="default nohover plus"> <table class="default nohover plus">
<!-- <caption><?=_("Inhaltselemente")?></caption> --> <!-- <caption><?= _("Inhaltselemente") ?></caption> -->
<tbody> <tbody>
<? <? foreach ($available_modules as $category => $pluginlist) : ?>
foreach ($available_modules as $category => $pluginlist) { <?
$visibility = ""; $visibility = '';
if ($_SESSION['plus']['displaystyle'] != 'category' && $category != 'Funktionen von A-Z') { if ($_SESSION['plus']['displaystyle'] != 'category' && $category != 'Funktionen von A-Z') {
$visibility = "invisible"; $visibility = 'invisible';
} }
if (isset($_SESSION['plus']) && !$_SESSION['plus']['Kategorie'][$category] && $category != 'Funktionen von A-Z') { if (isset($_SESSION['plus']) && !$_SESSION['plus']['Kategorie'][$category] && $category != 'Funktionen von A-Z') {
$visibility = "invisible"; $visibility = 'invisible';
} }
?>
?> <tr class="<?= $visibility; ?>">
<tr class="<?= $visibility; ?>"> <th colspan=3>
<th colspan=3> <?= htmlReady($category) ?>
<?= htmlReady($category) ?> </th>
</th> </tr>
</tr> <? foreach ($pluginlist as $key => $val) : ?>
<?
<? foreach ($pluginlist as $key => $val) { if ($val['type'] == 'plugin') {
$plugin = $val['object'];
if ($val['type'] == 'plugin') { $plugin_activated = $plugin->isActivated();
$plugin = $val['object']; $info = $plugin->getMetadata();
$plugin_activated = $plugin->isActivated();
$info = $plugin->getMetadata(); //Checkbox
$anchor = 'p_' . $plugin->getPluginId();
//Checkbox $cb_disabled = '';
$anchor = 'p_' . $plugin->getPluginId(); $cb_checked = $plugin_activated ? "checked" : "";
$cb_name = 'plugin_' . $plugin->getPluginId();
$cb_disabled = ''; $pluginname = $val['displayname'];
$cb_checked = $plugin_activated ? "checked" : ""; $url = $plugin->isCorePlugin() ? $GLOBALS['ABSOLUTE_URI_STUDIP'] : $plugin->getPluginURL();
$pluginvisibility = $val['visibility'];
$pluginname = $val['displayname']; }
$URL = $plugin->isCorePlugin() ? $GLOBALS['ABSOLUTE_URI_STUDIP'] : $plugin->getPluginURL(); ?>
$pluginvisibility = $val['visibility'];
} <tr id="<?= htmlReady($anchor); ?>"
?> class="<?= $visibility; ?> <?= $pre_check != null ? ' quiet' : '' ?>">
<td class="element" colspan=3>
<tr id="<?= htmlReady($anchor);?>" class="<?= $visibility; ?> <?= $pre_check != null ? ' quiet' : '' ?>"> <div class="plus_basic">
<td class="element" colspan=3>
<input type="checkbox"
<div class="plus_basic"> id="<?= $key ?>"
name="<?= $key ?>"
<!-- checkbox --> data-moduleclass="<?= htmlReady($val['moduleclass']) ?>"
<input type="checkbox" data-key="<?= htmlReady($val['modulkey']) ?>"
id="<?= $pluginname ?>" value="TRUE" <?= $cb_disabled ?> <?= $cb_checked ?>
name="<?= $cb_name ?>" onClick="STUDIP.Plus.setModule.call(this);">
data-moduleclass="<?= htmlReady($val['moduleclass']) ?>" <div class="element_header">
data-key="<?= htmlReady($val['modulkey']) ?>" <!-- Name -->
value="TRUE" <?= $cb_disabled ?> <?= $cb_checked ?> <label for="<?= $key ?>">
onClick="STUDIP.Plus.setModule.call(this);"> <strong><?= htmlReady($pluginname) ?></strong>
<? if ($cb_checked) : ?>
<div class="element_header"> <?= Icon::create(
$pluginvisibility === 'autor' ? 'visibility-visible' : 'visibility-invisible',
<!-- Name --> Icon::ROLE_INFO,
<label for="<?= $pluginname ?>"> [
<strong><?= htmlReady($pluginname) ?></strong> 'title' => sprintf(
<? if ($cb_checked) : ?> _('%s für Studierende'),
<?=Icon::create( $pluginvisibility === 'autor' ? _('Sichtbar') : _('Unsichtbar')
$pluginvisibility === 'autor' ? 'visibility-visible' : 'visibility-invisible', )
Icon::ROLE_INFO, ]
['title' => sprintf(_('%s für Studierende'), $pluginvisibility === 'autor' ? _('Sichtbar') : _('Unsichtbar'))] ) ?>
)?> <? endif ?>
<? endif ?> </label>
</label> </div>
<div class="element_description">
</div> <? if (isset($info['icon'])) : ?>
<? /* TODO: Plugins should use class "Icon" */ ?>
<div class="element_description"> <? if (is_string($info['icon'])) : ?>
<img class="plugin_icon text-bottom" alt=""
<!-- icon --> src="<?= htmlReady($url . "/" . $info['icon']) ?> ">
<? if (isset($info['icon'])) : ?> <? else: ?>
<? /* TODO: Plugins should use class "Icon" */ ?> <?= $info['icon']->asImg(['class' => 'plugin_icon text-bottom', 'alt' => '']) ?>
<? if (is_string($info['icon'])) : ?> <? endif ?>
<img class="plugin_icon text-bottom" alt="" src="<?= $URL . "/" . $info['icon'] ?> "> <? endif ?>
<? else: ?> <strong class="shortdesc">
<?= $info['icon']->asImg(['class' => 'plugin_icon text-bottom', 'alt' => '']) ?> <? if (isset($info['descriptionshort'])) : ?>
<? endif ?> <? foreach (explode('\n', $info['descriptionshort']) as $descriptionshort) : ?>
<? endif ?> <?= htmlReady($descriptionshort) ?>
<? endforeach ?>
<!-- shortdesc --> <? endif ?>
<strong class="shortdesc"> <? if (!isset($info['descriptionshort'])) : ?>
<? if (isset($info['descriptionshort'])) : ?> <? if (isset($info['summary'])) : ?>
<? foreach (explode('\n', $info['descriptionshort']) as $descriptionshort) { ?> <?= htmlReady($info['summary']) ?>
<?= htmlReady($descriptionshort) ?> <? elseif (isset($info['description'])) : ?>
<? } ?> <?= htmlReady($info['description']) ?>
<? endif ?> <? else: ?>
<? if (!isset($info['descriptionshort'])) : ?> <?= _('Keine Beschreibung vorhanden.') ?>
<? if (isset($info['summary'])) : ?> <? endif ?>
<?= htmlReady($info['summary']) ?> <? endif ?>
<? elseif (isset($info['description'])) : ?> </strong>
<?= htmlReady($info['description']) ?> </div>
<? else: ?> <? if ($plugin_activated) : ?>
<?= _("Keine Beschreibung vorhanden.") ?> <?
<? endif ?> $actionMenu = ActionMenu::get();
<? endif ?> $actionMenu->addLink(
</strong> $controller->url_for('/edittool/' . $key),
</div> _('Optionen bearbeiten'),
Icon::create('edit'),
['data-dialog' => 'size=auto']
<? if ($plugin_activated) : ?> );
<?php if (method_exists($plugin, 'deleteContent')) {
$actionMenu = ActionMenu::get(); $actionMenu->addLink(
$controller->url_for('/index', ['deleteContent' => 1, 'name' => $key]),
$actionMenu->addLink( _('Inhalte löschen'),
$controller->url_for('/edittool/' . $key), Icon::create('trash')
_('Optionen bearbeiten'), );
Icon::create('edit', Icon::ROLE_CLICKABLE, ['size' => 20]), }
['data-dialog' => 'size=auto']
);
if (method_exists($plugin, 'deleteContent')) {
$actionMenu->addLink(
$controller->url_for('/index', ['deleteContent' => 1, 'name' => $key]),
_('Inhalte löschen'),
Icon::create('trash', Icon::ROLE_CLICKABLE, ['size' => 20])
);
}
?>
<div style="float: right">
<?= $actionMenu->render() ?>
</div>
<? endif ?>
</div>
<? if ($_SESSION['plus']['View'] == 'openall' || !isset($_SESSION['plus'])) { ?>
<div class="plus_expert hidden-tiny-down">
<div class="screenshot_holder">
<? if (isset($info['screenshot']) || isset($info['screenshots'])) :
if(isset($info['screenshots'])){
$title = $info['screenshots']['pictures'][0]['title'];
$source = $info['screenshots']['path'].'/'.$info['screenshots']['pictures'][0]['source'];
} else {
$fileext = end(explode(".", $info['screenshot']));
$title = str_replace("_"," ",basename($info['screenshot'], ".".$fileext));
$source = $info['screenshot'];
}
?>
<a href="<?= $URL . "/" . $source ?>"
data-lightbox="<?= $pluginname ?>" data-title="<?= $title ?>">
<img class="big_thumb" src="<?= $URL . "/" . $source ?>"
alt="<?= $pluginname ?>"/>
</a>
<?
if (isset($info['additionalscreenshots']) || (isset($info['screenshots']) && count($info['screenshots']) > 1) ) {
?> ?>
<div style="float: right">
<div class="thumb_holder"> <?= $actionMenu->render() ?>
<? if (isset($info['screenshots'])){ </div>
$counter = count($info['screenshots']['pictures']); <? endif ?>
$cstart = 1; </div>
} else {
$counter = count($info['additionalscreenshots']); <? if ($_SESSION['plus']['View'] === 'openall' || !isset($_SESSION['plus'])) : ?>
$cstart = 0; <div class="plus_expert hidden-tiny-down">
} ?> <div class="screenshot_holder">
<? if (isset($info['screenshot']) || isset($info['screenshots'])) :
<? for ($i = $cstart; $i < $counter; $i++) { if (isset($info['screenshots'])) {
$title = $info['screenshots']['pictures'][0]['title'];
if (isset($info['screenshots'])){ $source = $info['screenshots']['path'] . '/' . $info['screenshots']['pictures'][0]['source'];
$title = $info['screenshots']['pictures'][$i]['title'];
$source = $info['screenshots']['path'].'/'.$info['screenshots']['pictures'][$i]['source'];
} else { } else {
$fileext = end(explode(".", $info['additionalscreenshots'][$i])); $fileext = pathinfo($info['screenshot'], PATHINFO_EXTENSION);
$title = str_replace("_"," ",basename($info['additionalscreenshots'][$i], ".".$fileext)); $title = str_replace('_', ' ', basename($info['screenshot'], ".$fileext"));
$source = $info['additionalscreenshots'][$i]; $source = $info['screenshot'];
} }
?>
?> <a href="<?= htmlReady("$url/$source") ?>"
data-lightbox="<?= htmlReady($pluginname) ?>"
<a href="<?= $URL . "/" . $source ?>" data-title="<?= htmlReady($title) ?>">
data-lightbox="<?= $pluginname ?>" <img class="big_thumb" src="<?= htmlReady("$url/$source") ?>"
data-title="<?= $title ?>"> alt="<?= htmlReady($pluginname) ?>"/>
<img class="small_thumb"
src="<?= $URL . "/" . $source ?>"
alt="<?= $pluginname ?>"/>
</a> </a>
<? } ?> <? if (isset($info['additionalscreenshots'])
|| (isset($info['screenshots']) && count($info['screenshots']) > 1)) :?>
<div class="thumb_holder">
<?
if (isset($info['screenshots'])) {
$counter = count($info['screenshots']['pictures']);
$cstart = 1;
} else {
$counter = count($info['additionalscreenshots']);
$cstart = 0;
}
?>
<? for ($i = $cstart; $i < $counter; $i++) :?>
<?
if (isset($info['screenshots'])) {
$title = $info['screenshots']['pictures'][$i]['title'];
$source = $info['screenshots']['path'] . '/' . $info['screenshots']['pictures'][$i]['source'];
} else {
$fileext = pathinfo($info['additionalscreenshots'][$i], PATHINFO_EXTENSION);
$title = str_replace('_', ' ', basename($info['additionalscreenshots'][$i], ".$fileext"));
$source = $info['additionalscreenshots'][$i];
}
?>
<a href="<?= htmlReady("$url/$source") ?>"
data-lightbox="<?= htmlReady($pluginname) ?>"
data-title="<?= htmlReady($title) ?>">
<img class="small_thumb"
src="<?= htmlReady("$url/$source") ?>"
alt="<?= htmlReady($pluginname) ?>">
</a>
<? endfor ?>
</div>
<? endif ?>
<? endif ?>
</div> </div>
<div class="descriptionbox">
<? } ?> <? if (isset($info['keywords'])) : ?>
<ul class="keywords">
<? endif ?> <? foreach (explode(';', $info['keywords']) as $keyword) : ?>
</div> <li><?= htmlReady($keyword) ?> </li>
<? endforeach ?>
<div class="descriptionbox"> </ul>
<? endif ?>
<!-- tags --> <? if (isset($info['descriptionlong'])) : ?>
<? if (isset($info['keywords'])) : ?> <? foreach (explode('\n', $info['descriptionlong']) as $descriptionlong) : ?>
<ul class="keywords"> <p class="longdesc">
<? foreach (explode(';', $info['keywords']) as $keyword) { <?= htmlReady($descriptionlong) ?>
echo '<li>' . htmlReady($keyword) . '</li>'; </p>
}?> <? endforeach ?>
</ul> <? endif ?>
<? endif ?> <? if (!isset($info['descriptionlong']) && isset($info['summary'])) : ?>
<p class="longdesc">
<!-- longdesc --> <? if (isset($info['description'])) : ?>
<? if (isset($info['descriptionlong'])) : ?> <?= htmlReady($info['description']) ?>
<? foreach (explode('\n', $info['descriptionlong']) as $descriptionlong) { ?> <? else: ?>
<p class="longdesc"> <?= _('Keine Beschreibung vorhanden.') ?>
<?= htmlReady($descriptionlong) ?> <? endif ?>
</p> </p>
<? } ?> <? endif ?>
<? endif ?> <? if (isset($info['homepage'])) : ?>
<p>
<? if (!isset($info['descriptionlong']) && isset($info['summary'])) : ?> <strong><?= _('Weitere Informationen:') ?></strong>
<p class="longdesc"> <a href="<?= htmlReady($info['homepage']) ?>">
<? if (isset($info['description'])) : ?> <?= htmlReady($info['homepage']) ?>
<?= htmlReady($info['description']) ?> </a>
<? else: ?> </p>
<?= _("Keine Beschreibung vorhanden.") ?> <? endif ?>
<? endif ?> <? if (isset($info['helplink'])) : ?>
</p> <a class="helplink" href=" <?= htmlReady($info['helplink']) ?> ">
<? endif ?> ...<?= _('mehr') ?>
</a>
<? if (isset($info['homepage'])) : ?> <? endif ?>
<p> </div>
<strong><?= _('Weitere Informationen:') ?></strong> </div>
<a href="<?= htmlReady($info['homepage']) ?>"><?= htmlReady($info['homepage']) ?></a>
</p>
<? endif ?>
<!-- helplink -->
<? if (isset($info['helplink'])) : ?>
<a class="helplink" href=" <?= htmlReady($info['helplink']) ?> ">...mehr</a>
<? endif ?> <? endif ?>
</td>
</div> </tr>
</div> <? endforeach ?>
<? } ?> <? endforeach ?>
</td> </tbody>
</tr> <tfoot>
<? <tr class="hidden-js">
} <td colspan="3">
} ?> <?= Button::create(_('An- / Ausschalten'), 'uebernehmen') ?>
</tbody> </td>
</tr>
<tfoot> </tfoot>
<tr class="hidden-js"> </table>
<td align="center" colspan="3">
<?= Button::create(_('An- / Ausschalten'), 'uebernehmen') ?>
</td>
</tr>
</tfoot>
</table>
</form> </form>
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment