if (is_string($var)) {
$var = str_replace('\\', '\\\\', $var);
$var = str_replace(array('\'', '"', "\n", "\r", "\0"), array('\\\'', '\\"', '\\n', '\\r', '\\0'), $var);
+ $var = str_replace('</', '<\/', $var); // XHTML compliance
} else if (is_array($var)) {
$var = array_map('addslashes_js', $var);
} else if (is_object($var)) {
echo '<br />';
$autorefresh = '<p align="center" class="note">'.get_string('pagerefreshes', 'message', $CFG->message_contacts_refresh).'</p>';
- $autorefresh = addslashes($autorefresh); // js escaping
+ $autorefresh = addslashes_js($autorefresh); // js escaping
// gracefully degrade JS autorefresh
echo '<script type="text/javascript">
echo ' parent.messages.document.write("<html><head><title> <\/title>");'."\n";
echo ' parent.messages.document.write("<meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\" />");'."\n";
echo ' parent.messages.document.write("<base target=\"_blank\" />");'."\n";
- echo ' parent.messages.document.write("'.addslashes($stylesheetshtml).'");'."\n";
+ echo ' parent.messages.document.write("'.addslashes_js($stylesheetshtml).'");'."\n";
echo ' parent.messages.document.write("<\/head><body class=\"message course-1\" id=\"message-messages\"><div style=\"display: none\" id=\"messagestarted\"> <\/div>");'."\n";
echo '}'."\n";
$options = new object();
$options->para = false;
$options->newlines = true;
- $printmessage = format_text($message->message, $message->format, $options, 0);
- $printmessage = str_replace("\r", ' ', $printmessage);
- $printmessage = str_replace("\n", ' ', $printmessage);
+ $printmessage = format_text($message->message, $message->format, $options);
$printmessage = '<div class="message other"><span class="author">'.s($userfullname).'</span> '.
'<span class="time">['.$time.']</span>: '.
'<span class="content">'.$printmessage.'</span></div>';
- $printmessage = addslashes($printmessage); // So Javascript can write it
- $printmessage = str_replace('</', '<\/', $printmessage); // XHTML compliance
+ $printmessage = addslashes_js($printmessage); // So Javascript can write it
echo "parent.messages.document.write('".$printmessage."');\n";
/// Move the entry to the other table
$options = NULL;
$options->para = false;
$options->newlines = true;
- $message = format_text($message, $format, $options, 0);
+ $message = format_text($message, $format, $options);
- $message = str_replace("\r", ' ', $message);
- $message = str_replace("\n", ' ', $message);
$time = userdate(time(), get_string('strftimedaytime'));
$message = '<div class="message me"><span class="author">'.fullname($USER).'</span> '.
'<span class="time">['.$time.']</span>: '.
'<span class="content">'.$message.'</span></div>';
- $message = addslashes($message); // So Javascript can write it
- $message = str_replace('</', '<\/', $message); // XHTML compliance
+ $message = addslashes_js($message); // So Javascript can write it
/// Then write it to our own message screen immediately
echo "\n<script type=\"text/javascript\">\n<!--\n";
/// required stylesheets
$stylesheetshtml = '';
foreach ($CFG->stylesheets as $stylesheet) {
- $stylesheetshtml .= '<link rel=\\"stylesheet\\" type=\\"text/css\\" href=\\"'.$stylesheet.'\\" />';
+ $stylesheetshtml .= '<link rel="stylesheet" type="text/css" href="'.$stylesheet.'" />';
}
// use ob to be able to send Content-Length headers
parent.msg.document.write("<html><head>");
parent.msg.document.write("<meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\" />");
parent.msg.document.write("<base target=\"_blank\" />");
- parent.msg.document.write("<?php echo $stylesheetshtml ?>");
+ parent.msg.document.write("<?php echo addslashes_js($stylesheetshtml) ?>");
parent.msg.document.write("<\/head><body class=\"mod-chat-gui_header_js course-<?php echo $chatuser->course ?>\" id=\"mod-chat-gui_header_js-jsupdate\"><div style=\"display: none\" id=\"msgStarted\"> <\/div>");
}
<?php
$refreshusers = true;
}
$us[$message->userid] = $timenow - $message->timestamp;
- echo "parent.msg.document.write('".addslashes($formatmessage->html)."\\n');\n";
+ echo "parent.msg.document.write('".addslashes_js($formatmessage->html)."\\n');\n";
}
}
/// required stylesheets
$stylesheetshtml = '';
foreach ($CFG->stylesheets as $stylesheet) {
- $stylesheetshtml .= '<link rel=\\"stylesheet\\" type=\\"text/css\\" href=\\"'.$stylesheet.'\\" />';
+ $stylesheetshtml .= '<link rel="stylesheet" type="text/css" href="'.$stylesheet.'" />';
}
?>
parent.msg.document.write("<html><head>");
parent.msg.document.write("<meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\" />");
parent.msg.document.write("<base target=\"_blank\" />");
- parent.msg.document.write("<?php echo $stylesheetshtml ?>");
+ parent.msg.document.write("<?php echo addslashes_js($stylesheetshtml) ?>");
parent.msg.document.write("</head><body class=\"mod-chat-gui_header_js course-<?php echo $chatuser->course ?>\" id=\"mod-chat-gui_header_js-jsupdate\"><div style=\"display: none\" id=\"msgStarted\"> </div>");
}
//]]>
$refreshusers = true;
}
$us[$message->userid] = $timenow - $message->timestamp;
- echo "parent.msg.document.write('".addslashes($formatmessage->html )."\\n');\n";
+ echo "parent.msg.document.write('".addslashes_js($formatmessage->html )."\\n');\n";
}
// from the last message printed...
<!--
document.write('<input type="button" value="<?php echo $buttontext ?>" onclick="javascript: <?php
if ($strconfirmstartattempt) {
- echo "if (confirm(\\'".addslashes($strconfirmstartattempt)."\\'))";
+ echo "if (confirm(\\'".addslashes_js($strconfirmstartattempt)."\\'))";
}
?> window.open(\'<?php echo $attempturl ?>\', \'<?php echo $window ?>\', \'<?php echo $windowoptions ?>\'); " />');
// -->
projects / moodle.git / commitdiff