From e2cd3ed0128c44003a5daee2cc2eadf8ee12d784 Mon Sep 17 00:00:00 2001 From: toyomoyo Date: Fri, 23 Feb 2007 06:03:09 +0000 Subject: [PATCH] merged nick's fix for MDL-8582, ampersand in course name/shortname causes xtheml strict problems --- blocks/admin/block_admin.php | 4 ++-- blocks/course_list/block_course_list.php | 8 +++---- course/index.php | 10 ++++---- course/lib.php | 10 ++++---- lib/weblib.php | 30 +++++++++++++++++------- 5 files changed, 37 insertions(+), 25 deletions(-) diff --git a/blocks/admin/block_admin.php b/blocks/admin/block_admin.php index ebc31816eb..b0b7c5f616 100644 --- a/blocks/admin/block_admin.php +++ b/blocks/admin/block_admin.php @@ -164,10 +164,10 @@ class block_admin extends block_list { if (empty($course->metacourse) && ($course->id!==SITEID)) { if (has_capability('moodle/legacy:guest', $context, NULL, false)) { // Are a guest now - $this->content->items[]=''.get_string('enrolme', '', $course->shortname).''; + $this->content->items[]=''.get_string('enrolme', '', s($course->shortname)).''; $this->content->icons[]=''; } else if (has_capability('moodle/role:unassignself', $context, NULL, false)) { // Have some role - $this->content->items[]=''.get_string('unenrolme', '', $course->shortname).''; + $this->content->items[]=''.get_string('unenrolme', '', s($course->shortname)).''; $this->content->icons[]=''; } } diff --git a/blocks/course_list/block_course_list.php b/blocks/course_list/block_course_list.php index 3e9a2ba5db..b68b5b6407 100644 --- a/blocks/course_list/block_course_list.php +++ b/blocks/course_list/block_course_list.php @@ -44,8 +44,8 @@ class block_course_list extends block_list { continue; } $linkcss = $course->visible ? "" : " class=\"dimmed\" "; - $this->content->items[]="shortname\" ". - "href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->fullname"; + $this->content->items[]="shortname) . "\" ". + "href=\"$CFG->wwwroot/course/view.php?id=$course->id\">" . s($course->fullname) . ""; $this->content->icons[]=$icon; } $this->title = get_string('mycourses'); @@ -62,7 +62,7 @@ class block_course_list extends block_list { if (count($categories) > 1 || (count($categories) == 1 && count_records('course') > 200)) { // Just print top level category links foreach ($categories as $category) { $linkcss = $category->visible ? "" : " class=\"dimmed\" "; - $this->content->items[]="wwwroot/course/category.php?id=$category->id\">$category->name"; + $this->content->items[]="wwwroot/course/category.php?id=$category->id\">" . s($category->name) . ""; $this->content->icons[]=$icon; } $this->content->icons[] = ''; @@ -77,7 +77,7 @@ class block_course_list extends block_list { if ($courses) { foreach ($courses as $course) { $linkcss = $course->visible ? "" : " class=\"dimmed\" "; - $this->content->items[]="shortname\" ". + $this->content->items[]="shortname)."\" ". "href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->fullname"; $this->content->icons[]=$icon; } diff --git a/course/index.php b/course/index.php index 8e63f08ef1..b45ba8a409 100644 --- a/course/index.php +++ b/course/index.php @@ -106,9 +106,9 @@ $newcategory->name = $form->addcategory; $newcategory->sortorder = 999; if (!insert_record('course_categories', $newcategory)) { - notify("Could not insert the new category '$newcategory->name'"); + notify("Could not insert the new category '" . s($newcategory->name) . "'"); } else { - notify(get_string('categoryadded', '', $newcategory->name)); + notify(get_string('categoryadded', '', s($newcategory->name))); } } } @@ -145,11 +145,11 @@ /// Finally delete the category itself if (delete_records('course_categories', 'id', $deletecat->id)) { - notify(get_string('categorydeleted', '', $deletecat->name)); + notify(get_string('categorydeleted', '', s($deletecat->name))); } } else { - $strdeletecategorycheck = get_string('deletecategorycheck','',$deletecat->name); + $strdeletecategorycheck = get_string('deletecategorycheck','', s($deletecat->name)); notice_yesno($strdeletecategorycheck, "index.php?delete=$delete&sure=".md5($deletecat->timemodified)."&sesskey=$USER->sesskey", "index.php?sesskey=$USER->sesskey"); @@ -353,7 +353,7 @@ function print_category_edit($category, $displaylist, $parentslist, $depth=-1, $ $linkcss = $category->visible ? '' : ' class="dimmed" '; echo ''. - $category->name.''; + s($category->name).''; echo ''; echo ''.$category->coursecount.''; diff --git a/course/lib.php b/course/lib.php index 3123708988..d023cf7cea 100644 --- a/course/lib.php +++ b/course/lib.php @@ -1454,7 +1454,7 @@ function print_section_add_menus($course, $section, $modnames, $vertical=false, // check to see if user can add menus if (!has_capability('moodle/course:manageactivities', get_context_instance(CONTEXT_COURSE, $course->id))) { - return false; + return false; } static $resources = false; @@ -1557,9 +1557,9 @@ function make_categories_list(&$list, &$parents, $category=NULL, $path="") { if ($category) { if ($path) { - $path = $path.' / '.$category->name; + $path = $path.' / '.s($category->name); } else { - $path = $category->name; + $path = s($category->name); } $list[$category->id] = $path; } else { @@ -2208,7 +2208,7 @@ function make_editing_buttons($mod, $absolute=false, $moveselect=true, $indent=- $modcontext = get_context_instance(CONTEXT_MODULE, $mod->id); // no permission to edit if (!has_capability('moodle/course:manageactivities', $modcontext)) { - return false; + return false; } if (!isset($str)) { @@ -2284,7 +2284,7 @@ function make_editing_buttons($mod, $absolute=false, $moveselect=true, $indent=- } else { $groupmode = ""; } - + if (has_capability('moodle/course:update', get_context_instance(CONTEXT_COURSE, $mod->course))) { if ($moveselect) { $move = 'header); $output = ob_get_contents(); ob_end_clean(); @@ -2278,10 +2289,10 @@ function print_header_simple($title='', $heading='', $navigation='', $focus='', $shortname =''; if ($COURSE->id != SITEID) { - $shortname = ''. $COURSE->shortname .' ->'; + $shortname = ''. s($COURSE->shortname) .' ->'; } - $output = print_header($COURSE->shortname .': '. $title, $COURSE->fullname .' '. $heading, $shortname .' '. $navigation, $focus, $meta, + $output = print_header(s($COURSE->shortname) .': '. s($title), s($COURSE->fullname) .' '. s($heading), $shortname.' '. $navigation, $focus, $meta, $cache, $button, $menu, $usexml, $bodytags, true); if ($return) { @@ -2319,7 +2330,7 @@ function print_footer($course=NULL, $usercourse=NULL, $return=false) { $home = true; } else { $homelink = '
frametarget.' href="'.$CFG->wwwroot. - '/course/view.php?id='.$course->id.'">'.$course->shortname.'
'; + '/course/view.php?id='.$course->id.'">'.s($course->shortname).''; $home = false; } } else { @@ -2780,9 +2791,10 @@ function print_navigation ($navigation, $separator=0, $return=false) { if (! $site = get_site()) { $site->shortname = get_string('home'); } - $navigation = "
  • $separator ". str_replace('->', "
    • \n
  • $separator", $navigation) ."
    • \n"; + + $navigation = "
  • $separator ". str_replace('->', "
    • \n
  • $separator", s($navigation, false, false)) ."
    • \n"; $output .= '
  • frametarget.' onclick="this.target=\''.$CFG->framename.'\'" href="'. $CFG->wwwroot.((!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID)) && !empty($USER->id) && !empty($CFG->mymoodleredirect) && !isguest()) - ? '/my' : '') .'/">'. $site->shortname ."
    • \n". $navigation; + ? '/my' : '') .'/">'. s($site->shortname) ."\n". $navigation; $output .= "\n"; } -- 2.39.5