From nobunobu @ users.sourceforge.jp Sun Dec 3 00:36:01 2006 From: nobunobu @ users.sourceforge.jp (NobuNobu) Date: Sun, 3 Dec 2006 00:36:01 +0900 Subject: [xoops-cvslog 5958] CVS update: xoops2jp/html/core Message-ID: <20061202153601.9C8612AC166@users.sourceforge.jp> Index: xoops2jp/html/core/XCube_Controller.class.php diff -u xoops2jp/html/core/XCube_Controller.class.php:1.1.2.7 xoops2jp/html/core/XCube_Controller.class.php:1.1.2.8 --- xoops2jp/html/core/XCube_Controller.class.php:1.1.2.7 Mon Nov 27 15:55:01 2006 +++ xoops2jp/html/core/XCube_Controller.class.php Sun Dec 3 00:36:01 2006 @@ -1,7 +1,7 @@ _mBlockChain = array(); @@ -121,6 +130,8 @@ $this->mSetupUser =& new XCube_Delegate(); $this->mExecute =& new XCube_Delegate(); + $this->mSetupTextFilter =& new XCube_Delegate(); + $this->mSetupTextFilter->add('XCube_TextFilter::getInstance',XCUBE_DELEGATE_PRIORITY_FINAL); } /** @@ -160,6 +171,8 @@ $this->_setupLanguage(); + $this->_setupTextFilter(); + $this->_setupConfig(); // @@ -284,6 +297,21 @@ $this->mRoot->mLanguageManager =& new XCube_LanguageManager(); } + + /** + * Creates the instance of Text Filter class, and sets it to member + * property. + * + * @access protected + */ + function _setupTextFilter() + { + $textFilter = null; + $this->mSetupTextFilter->call(new XCube_Ref($textFilter)); + $this->mRoot->setTextFilter($textFilter); + } + + /** * This member function is overridden. Loads site configuration informations, * and sets them to the member property. Index: xoops2jp/html/core/XCube_Root.class.php diff -u xoops2jp/html/core/XCube_Root.class.php:1.1.2.4 xoops2jp/html/core/XCube_Root.class.php:1.1.2.5 --- xoops2jp/html/core/XCube_Root.class.php:1.1.2.4 Sat Oct 21 20:08:53 2006 +++ xoops2jp/html/core/XCube_Root.class.php Sun Dec 3 00:36:01 2006 @@ -1,7 +1,7 @@ mPermissionManager; } + function setTextFilter(&$textFilter) + { + $this->mTextFilter =& $textFilter; + } + + function &getTextFilter() + { + if (!empty($this->mTextFilter)) return $this->mTextFilter; + if (!empty($this->mController)) { //ToDo: This case is for _LEGACY_PREVENT_EXEC_COMMON_ status; + $this->mController->mSetupTextFilter->call(new XCube_Ref($this->mTextFilter)); + return $this->mTextFilter; + } + } + /** * Sets the role manager object. */ Index: xoops2jp/html/core/XCube_TextFilter.class.php diff -u /dev/null xoops2jp/html/core/XCube_TextFilter.class.php:1.1.2.1 --- /dev/null Sun Dec 3 00:36:01 2006 +++ xoops2jp/html/core/XCube_TextFilter.class.php Sun Dec 3 00:36:01 2006 @@ -0,0 +1,29 @@ + From nobunobu @ users.sourceforge.jp Sun Dec 3 00:36:01 2006 From: nobunobu @ users.sourceforge.jp (NobuNobu) Date: Sun, 3 Dec 2006 00:36:01 +0900 Subject: [xoops-cvslog 5959] CVS update: xoops2jp/html/modules/legacy/kernel Message-ID: <20061202153601.C9B612AC168@users.sourceforge.jp> Index: xoops2jp/html/modules/legacy/kernel/Legacy_Controller.class.php diff -u xoops2jp/html/modules/legacy/kernel/Legacy_Controller.class.php:1.1.2.26 xoops2jp/html/modules/legacy/kernel/Legacy_Controller.class.php:1.1.2.27 --- xoops2jp/html/modules/legacy/kernel/Legacy_Controller.class.php:1.1.2.26 Mon Nov 27 15:54:52 2006 +++ xoops2jp/html/modules/legacy/kernel/Legacy_Controller.class.php Sun Dec 3 00:36:01 2006 @@ -18,6 +18,7 @@ require_once XOOPS_ROOT_PATH . "/modules/legacy/kernel/Legacy_CacheInformation.class.php"; require_once XOOPS_ROOT_PATH . "/modules/legacy/kernel/Legacy_PublicControllerStrategy.class.php"; +require_once XOOPS_ROOT_PATH . "/modules/legacy/kernel/Legacy_TextFilter.class.php"; require_once XOOPS_ROOT_PATH . "/modules/legacy/class/Legacy_Debugger.class.php"; /** @@ -105,7 +106,9 @@ $this->mSetupDebugger =& new XCube_Delegate(); $this->mSetupDebugger->add('Legacy_DebuggerManager::createInstance'); - + + $this->mSetupTextFilter->add('Legacy_TextFilter::getInstance',XCUBE_DELEGATE_PRIORITY_FINAL-1); + set_magic_quotes_runtime(0); // ^^; } @@ -167,14 +170,14 @@ $this->_setupLanguage(); + $this->_setupTextFilter(); + $this->_setupConfig(); $this->_setupDebugger(); $this->_processPreBlockFilter(); // What's !? -// $this->_processHostAbstractLayer(); // Move it into prepare() - $this->_setupSession(); $this->_setupUser(); @@ -223,9 +226,9 @@ function _setupEnvironment() { parent::_setupEnvironment(); - require_once XOOPS_ROOT_PATH."/include/version.php"; + require_once XOOPS_ROOT_PATH.'/include/version.php'; - require_once XOOPS_ROOT_PATH."/settings/definition.inc.php"; + require_once XOOPS_ROOT_PATH.'/settings/definition.inc.php'; define("XOOPS_LEGACY_PATH",XOOPS_MODULE_PATH."/".XOOPS_LEGACY_PROC_NAME); require_once XOOPS_ROOT_PATH.'/include/functions.php'; @@ -233,11 +236,11 @@ require_once XOOPS_ROOT_PATH.'/kernel/object.php'; require_once XOOPS_ROOT_PATH.'/class/criteria.php'; require_once XOOPS_ROOT_PATH.'/class/token.php'; - require_once XOOPS_ROOT_PATH."/class/module.textsanitizer.php"; + require_once XOOPS_ROOT_PATH.'/class/module.textsanitizer.php'; - require_once XOOPS_LEGACY_PATH."/kernel/object.php"; // ToDo (here?) - require_once XOOPS_LEGACY_PATH."/kernel/handler.php"; // ToDo - require_once XOOPS_ROOT_PATH."/core/XCube_Utils.class.php"; // ToDo + require_once XOOPS_LEGACY_PATH.'/kernel/object.php'; // ToDo (here?) + require_once XOOPS_LEGACY_PATH.'/kernel/handler.php'; // ToDo + require_once XOOPS_ROOT_PATH.'/core/XCube_Utils.class.php'; // ToDo require_once XOOPS_ROOT_PATH.'/class/xoopssecurity.php'; $GLOBALS['xoopsSecurity'] =& new XoopsSecurity(); Index: xoops2jp/html/modules/legacy/kernel/Legacy_TextFilter.class.php diff -u /dev/null xoops2jp/html/modules/legacy/kernel/Legacy_TextFilter.class.php:1.1.2.1 --- /dev/null Sun Dec 3 00:36:01 2006 +++ xoops2jp/html/modules/legacy/kernel/Legacy_TextFilter.class.php Sun Dec 3 00:36:01 2006 @@ -0,0 +1,25 @@ + From nobunobu @ users.sourceforge.jp Sun Dec 3 00:48:30 2006 From: nobunobu @ users.sourceforge.jp (NobuNobu) Date: Sun, 3 Dec 2006 00:48:30 +0900 Subject: [xoops-cvslog 5960] CVS update: xoops2jp/html/class Message-ID: <20061202154830.6EEFE2AC043@users.sourceforge.jp> Index: xoops2jp/html/class/module.textsanitizer.php diff -u xoops2jp/html/class/module.textsanitizer.php:1.2.8.9.2.1 xoops2jp/html/class/module.textsanitizer.php:1.2.8.9.2.2 --- xoops2jp/html/class/module.textsanitizer.php:1.2.8.9.2.1 Sat Oct 14 13:51:56 2006 +++ xoops2jp/html/class/module.textsanitizer.php Sun Dec 3 00:48:30 2006 @@ -1,5 +1,5 @@ mXoopsCodePostFilter =& new XCube_Delegate(); $this->mXoopsCodePostFilter->register('MyTextSanitizer.XoopsCodePostFilter'); + + $this->mCodePreConvPre =& new XCube_Delegate(); + $this->mCodePreConvPre->register('MyTextSanitizer.CodePreConvPre'); + + $this->mCodeConvPre =& new XCube_Delegate(); + $this->mCodeConvPre->register('MyTextSanitizer.CodeConvPre'); + + $root =& XCube_Root::getSingleton(); + $this->mTextFilter =& $root->getTextFilter(); + } /** @@ -163,9 +188,9 @@ $patterns = array("/(^|[^]_a-z0-9-=\"'\/])([a-z]+?):\/\/([^, \r\n\"\(\)'<>]+)/i", "/(^|[^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([^, \r\n\"\(\)'<>]+)/i", "/(^|[^]_a-z0-9-=\"'\/])ftp\.([a-z0-9\-]+)\.([^, \r\n\"\(\)'<>]+)/i", "/(^|[^]_a-z0-9-=\"'\/:\.])([a-z0-9\-_\.]+?)@([^, \r\n\"\(\)'<>\[\]]+)/i"); $replacements = array("\\1\\2://\\3", "\\1www.\\2.\\3", "\\1ftp.\\2.\\3", "\\1\\2@\\3"); - // RaiseEvent 'MyTextSanitizer.MakeClickablePre' ('Legacy.TextSanitizer.MakeClicablePre') + // RaiseEvent 'MyTextSanitizer.MakeClickablePre' // Delegate may replace makeClickable conversion table - // varArgs : + // Args : // 'patterns' [I/O] : &Array of pattern RegExp // 'replacements' [I/O] : &Array of replacing string // @@ -173,9 +198,9 @@ $text = preg_replace($patterns, $replacements, $text); - // RaiseEvent : 'MyTextSanitizer.MakeClickablePostFilter' ('Legacy.TextSanitizer.MakeClicablePostFilter') + // RaiseEvent : 'MyTextSanitizer.MakeClickablePostFilter' // Delegate may convert output text with quickApplyFilter rule - // varArgs : + // Args : // 'string' [I/O] : Text to convert; // $this->mMakeClickablePostFilter->call(new XCube_Ref($text)); @@ -251,20 +276,20 @@ $patterns[] = "/about:/si"; $replacements[] = "about :"; - // RaiseEvent 'MyTextSanitizer.XoopsCodePre' ('Legacy.TextSanitizer.XoopsCodePre') + // RaiseEvent 'MyTextSanitizer.XoopsCodePre' // Delegate may replace conversion table - // varArgs : + // Args : // 'patterns' [I/O] : &Array of pattern RegExp // 'replacements' [I/O] : &Array of replacing string // 'allowimage' [I] : xoopsCodeDecode $allowimage parameter // $this->mXoopsCodePre->call(new XCube_Ref($patterns), new XCube_Ref($replacements), $allowimage); - + $text = preg_replace($patterns, $replacements, $text); - // RaiseEvent : 'MyTextSanitizer.XoopsCodePostFilter' ('Legacy.TextSanitizer.XoopsCodePostFilter') + // RaiseEvent : 'MyTextSanitizer.XoopsCodePostFilter' // Delegate may convert output text with quickApplyFilter rule - // varArgs : + // Args : // 'string' [I/O] : Text to convert; // 'allowimage' [I] : xoopsCodeDecode $allowimage parameter // @@ -349,13 +374,17 @@ * for displaying data in html textbox forms * * @param string $text + * @param bool $forEdit (experimental) * * @return string */ - function &htmlSpecialChars($text) + function &htmlSpecialChars($text, $forEdit=false) { - //return preg_replace("/&/i", '&', htmlspecialchars($text, ENT_QUOTES)); - $ret = preg_replace(array("/&/i", "/ /i"), array('&', '&nbsp;'), htmlspecialchars($text, ENT_QUOTES)); + if (!$forEdit) { + $ret = $this->mTextFilter->ToShow($text); + } else { + $ret = $this->mTextFilter->ToEdit($text); + } return $ret; } @@ -385,11 +414,11 @@ **/ function &displayTarea(&$text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1) { + $text = $this->codePreConv($text, $xcode); // Ryuji_edit(2003-11-18) if ($html != 1) { // html not allowed - $text =& $this->htmlSpecialChars($text); + $text = $this->mTextFilter->ToShow($text); } - $text = $this->codePreConv($text, $xcode); // Ryuji_edit(2003-11-18) $text =& $this->makeClickable($text); if ($smiley != 0) { // process smiley @@ -426,11 +455,11 @@ function &previewTarea(&$text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1) { $text =& $this->stripSlashesGPC($text); + $text = $this->codePreConv($text, $xcode); // Ryuji_edit(2003-11-18) if ($html != 1) { // html not allowed - $text =& $this->htmlSpecialChars($text); + $text = $this->mTextFilter->ToShow($text); } - $text = $this->codePreConv($text, $xcode); // Ryuji_edit(2003-11-18) $text =& $this->makeClickable($text); if ($smiley != 0) { // process smiley @@ -493,8 +522,17 @@ */ function codePreConv($text, $xcode = 1) { if($xcode != 0){ - $patterns = "/\[code](.*)\[\/code\]/esU"; - $replacements = "'[code]'.base64_encode('$1').'[/code]'"; + $patterns = array(); + $replacements = array(); + $patterns[] = "/\[code](.*)\[\/code\]/esU"; + $replacements[] = "'[code]'.base64_encode('$1').'[/code]'"; + // RaiseEvent 'MyTextSanitizer.CodePreConvePre' + // Delegate may replace conversion table + // Args : + // 'patterns' [I/O] : &Array of pattern RegExp + // 'replacements' [I/O] : &Array of replacing string + // + $this->mCodePreConvPre->call(new XCube_Ref($patterns), new XCube_Ref($replacements)); $text = preg_replace($patterns, $replacements, $text); } return $text; @@ -502,16 +540,30 @@ function codeConv($text, $xcode = 1, $image = 1){ if($xcode != 0){ - $patterns = "/\[code](.*)\[\/code\]/esU"; + $patterns = array(); + $replacements = array(); + // RaiseEvent 'MyTextSanitizer.CodeConvPre' + // Delegate may replace conversion table + // Args : + // 'patterns' [I/O] : &Array of pattern RegExp + // 'replacements' [I/O] : &Array of replacing string + // 'allowimage' [I] : xoopsCodeDecode $allowimage parameter + // Caution : + // - Conversion table order should be reverse order with codePreConv conversion table. + // So, conversion rule for[code] is defined after call delegate function. + // - Conversion rule should treat input string as raw text(not sanitized). + // + $this->mCodeConvPre->call(new XCube_Ref($patterns), new XCube_Ref($replacements), $image); + + $patterns[] = "/\[code](.*)\[\/code\]/esU"; if ($image != 0) { // image allowed - $replacements = "'
'.MyTextSanitizer::codeSanitizer('$1').'
'"; - //$text =& $this->xoopsCodeDecode($text); + $replacements[] = "'
'.MyTextSanitizer::codeSanitizer('$1').'
'"; } else { // image not allowed - $replacements = "'
'.MyTextSanitizer::codeSanitizer('$1', 0).'
'"; - //$text =& $this->xoopsCodeDecode($text, 0); + $replacements[] = "'
'.MyTextSanitizer::codeSanitizer('$1', 0).'
'"; } + $text = preg_replace($patterns, $replacements, $text); } return $text; @@ -520,17 +572,16 @@ function codeSanitizer($str, $image = 1){ if($image != 0){ $str = $this->xoopsCodeDecode( - $this->htmlSpecialChars(str_replace('\"', '"', base64_decode($str))) + htmlspecialchars(str_replace('\"', '"', base64_decode($str)),ENT_QUOTES) ); }else{ $str = $this->xoopsCodeDecode( - $this->htmlSpecialChars(str_replace('\"', '"', base64_decode($str))),0 + htmlspecialchars(str_replace('\"', '"', base64_decode($str)),ENT_QUOTES),0 ); } return $str; } - /**#@-*/ @@ -542,7 +593,7 @@ function sanitizeForDisplay($text, $allowhtml = 0, $smiley = 1, $bbcode = 1) { if ( $allowhtml == 0 ) { - $text = $this->htmlSpecialChars($text); + $text = $this->mTextFilter->ToShow($text); } else { //$config =& $GLOBALS['xoopsConfig']; //$allowed = $config['allowed_html']; @@ -563,7 +614,7 @@ { $text = $this->oopsStripSlashesGPC($text); if ( $allowhtml == 0 ) { - $text = $this->htmlSpecialChars($text); + $text = $this->mTextFilter->ToShow($text); } else { //$config =& $GLOBALS['xoopsConfig']; //$allowed = $config['allowed_html']; @@ -588,26 +639,26 @@ function makeTboxData4Show($text, $smiley=0) { - $text = $this->htmlSpecialChars($text); + $text = $this->mTextFilter->ToShow($text); return $text; } function makeTboxData4Edit($text) { - return $this->htmlSpecialChars($text); + return $this->mTextFilter->ToEdit($text); } function makeTboxData4Preview($text, $smiley=0) { $text = $this->stripSlashesGPC($text); - $text = $this->htmlSpecialChars($text); + $text = $this->mTextFilter->ToShow($text); return $text; } function makeTboxData4PreviewInForm($text) { $text = $this->stripSlashesGPC($text); - return $this->htmlSpecialChars($text); + return $this->mTextFilter->ToShow($text); } function makeTareaData4Save($text) @@ -623,7 +674,7 @@ function makeTareaData4Edit($text) { - return $this->htmlSpecialChars($text); + return $this->mTextFilter->ToEdit($text); } function &makeTareaData4Preview(&$text, $html=1, $smiley=1, $xcode=1) @@ -636,12 +687,12 @@ { //if magic_quotes_gpc is on, do stipslashes $text = $this->stripSlashesGPC($text); - return $this->htmlSpecialChars($text); + return $this->mTextFilter->ToShow($text); } function makeTareaData4InsideQuotes($text) { - return $this->htmlSpecialChars($text); + return $this->mTextFilter->ToShow($text); } function &oopsStripSlashesGPC($text) @@ -666,7 +717,7 @@ function &oopsHtmlSpecialChars($text) { - $ret = $this->htmlSpecialChars($text); + $ret = $this->mTextFilter->ToShow($text); return $ret; } From nobunobu @ users.sourceforge.jp Sun Dec 3 00:48:30 2006 From: nobunobu @ users.sourceforge.jp (NobuNobu) Date: Sun, 3 Dec 2006 00:48:30 +0900 Subject: [xoops-cvslog 5961] CVS update: xoops2jp/html/class/smarty/plugins Message-ID: <20061202154830.9CF682AC04D@users.sourceforge.jp> Index: xoops2jp/html/class/smarty/plugins/function.xoops_dhtmltarea.php diff -u xoops2jp/html/class/smarty/plugins/function.xoops_dhtmltarea.php:1.1.2.4 xoops2jp/html/class/smarty/plugins/function.xoops_dhtmltarea.php:1.1.2.4.2.1 --- xoops2jp/html/class/smarty/plugins/function.xoops_dhtmltarea.php:1.1.2.4 Thu Jul 13 17:24:46 2006 +++ xoops2jp/html/class/smarty/plugins/function.xoops_dhtmltarea.php Sun Dec 3 00:48:30 2006 @@ -10,7 +10,7 @@ * used. For format xoops_xxxx functions, we may change XoopsForm class * group. * - * @version $Id: function.xoops_dhtmltarea.php,v 1.1.2.4 2006/07/13 08:24:46 minahito Exp $ + * @version $Id: function.xoops_dhtmltarea.php,v 1.1.2.4.2.1 2006/12/02 15:48:30 nobunobu Exp $ */ /* @@ -43,6 +43,8 @@ } $form = null; + $root =& XCube_Root::getSingleton(); + $textFilter =& $root->getTextFilter(); if (isset($params['name'])) { // // Fetch major elements from $params. @@ -51,13 +53,13 @@ $class = isset($params['class']) ? trim($params['class']) : null; $cols = isset($params['cols']) ? intval($params['cols']) : XOOPS_DHTMLTAREA_DEFAULT_COLS; $rows = isset($params['rows']) ? intval($params['rows']) : XOOPS_DHTMLTAREA_DEFAULT_ROWS; - $value = isset($params['value']) ? trim($params['value']) : null; + $value = isset($params['value']) ? $textFilter->ToEdit(trim($params['value'])) : null; $id = isset($params['id']) ? trim($params['id']) : XOOPS_DHTMLTAREA_DEFID_PREFIX . $name; // // Build the object for output. // - $form =& new XoopsFormDhtmlTextArea($name, $name, htmlspecialchars($value), $rows, $cols); + $form =& new XoopsFormDhtmlTextArea($name, $name, $value, $rows, $cols); $form->setId($id); if ($class != null) { $form->setClass($class); Index: xoops2jp/html/class/smarty/plugins/function.xoops_input.php diff -u xoops2jp/html/class/smarty/plugins/function.xoops_input.php:1.1.2.9.2.1 xoops2jp/html/class/smarty/plugins/function.xoops_input.php:1.1.2.9.2.2 --- xoops2jp/html/class/smarty/plugins/function.xoops_input.php:1.1.2.9.2.1 Sun Nov 12 14:11:24 2006 +++ xoops2jp/html/class/smarty/plugins/function.xoops_input.php Sun Dec 3 00:48:30 2006 @@ -8,7 +8,7 @@ * $params['script']... This function have not impletented that yet. At * implementing, we will have to define the rule about sanitizing. * - * @version $Id: function.xoops_input.php,v 1.1.2.9.2.1 2006/11/12 05:11:24 tom_g3x Exp $ + * @version $Id: function.xoops_input.php,v 1.1.2.9.2.2 2006/12/02 15:48:30 nobunobu Exp $ */ /* @@ -44,10 +44,12 @@ // // Fetch major elements from $params. // + $root =& XCube_Root::getSingleton(); + $textFilter =& $root->getTextFilter(); $name = trim($params['name']); $key = isset($params['key']) ? trim($params['key']) : null; $type = isset($params['type']) ? strtolower(trim($params['type'])) : "text"; - $value = isset($params['value']) ? htmlspecialchars($params['value'], ENT_QUOTES) : null; + $value = isset($params['value']) ? $textFilter->ToEdit($params['value']) : null; $class = isset($params['class']) ? trim($params['class']) : null; $id = isset($params['id']) ? trim($params['id']) : XOOPS_INPUT_DEFID_PREFIX . $name; $size = isset($params['size']) ? intval($params['size']) : null; Index: xoops2jp/html/class/smarty/plugins/function.xoops_optionsArray.php diff -u xoops2jp/html/class/smarty/plugins/function.xoops_optionsArray.php:1.1.2.4.2.2 xoops2jp/html/class/smarty/plugins/function.xoops_optionsArray.php:1.1.2.4.2.3 --- xoops2jp/html/class/smarty/plugins/function.xoops_optionsArray.php:1.1.2.4.2.2 Sun Nov 12 14:11:24 2006 +++ xoops2jp/html/class/smarty/plugins/function.xoops_optionsArray.php Sun Dec 3 00:48:30 2006 @@ -30,10 +30,11 @@ $objectArr =& $params['from']; $default = isset($params['default']) ? $params['default'] : null; $id = isset($params['id']) ? $params['id'] : null; - + $root =& XCube_Root::getSingleton(); + $textFilter =& $root->getTextFilter(); foreach ($objectArr as $object) { - $value = htmlspecialchars($object->get($params['value']), ENT_QUOTES); - $label = htmlspecialchars($object->get($params['label']), ENT_QUOTES); + $value = $textFilter->ToShow($object->get($params['value'])); + $label = $textFilter->ToShow($object->get($params['label'])); $selected = ""; if (is_array($default) && in_array($object->get($params['value']), $default)) { Index: xoops2jp/html/class/smarty/plugins/function.xoops_textarea.php diff -u xoops2jp/html/class/smarty/plugins/function.xoops_textarea.php:1.1.2.5 xoops2jp/html/class/smarty/plugins/function.xoops_textarea.php:1.1.2.5.2.1 --- xoops2jp/html/class/smarty/plugins/function.xoops_textarea.php:1.1.2.5 Tue Aug 8 17:29:00 2006 +++ xoops2jp/html/class/smarty/plugins/function.xoops_textarea.php Sun Dec 3 00:48:30 2006 @@ -7,7 +7,7 @@ * $params['script']... This function have not impletented that yet. At * implementing, we will have to define the rule about sanitizing. * - * @version $Id: function.xoops_textarea.php,v 1.1.2.5 2006/08/08 08:29:00 tom_g3x Exp $ + * @version $Id: function.xoops_textarea.php,v 1.1.2.5.2.1 2006/12/02 15:48:30 nobunobu Exp $ */ /* @@ -37,6 +37,8 @@ function smarty_function_xoops_textarea($params, &$smarty) { + $root =& XCube_Root::getSingleton(); + $textFilter =& $root->getTextFilter(); if (isset($params['name'])) { // // Fetch major elements from $params. @@ -45,7 +47,7 @@ $class = isset($params['class']) ? trim($params['class']) : null; $cols = isset($params['cols']) ? intval($params['cols']) : XOOPS_TEXTAREA_DEFAULT_COLS; $rows = isset($params['rows']) ? intval($params['rows']) : XOOPS_TEXTAREA_DEFAULT_ROWS; - $value = isset($params['value']) ? htmlspecialchars($params['value'], ENT_QUOTES) : null; + $value = isset($params['value']) ? $textFilter->ToEdit($params['value']) : null; $id = isset($params['id']) ? trim($params['id']) : XOOPS_TEXTAREA_DEFID_PREFIX . $name; $readonly = isset($params['readonly']) ? trim($params['readonly']) : null; Index: xoops2jp/html/class/smarty/plugins/modifier.xoops_escape.php diff -u /dev/null xoops2jp/html/class/smarty/plugins/modifier.xoops_escape.php:1.1.2.1 --- /dev/null Sun Dec 3 00:48:30 2006 +++ xoops2jp/html/class/smarty/plugins/modifier.xoops_escape.php Sun Dec 3 00:48:30 2006 @@ -0,0 +1,42 @@ +getTextFilter(); + switch ($esc_type) { + case 'show': + return $textFilter->ToShow($string); + + case 'edit': + return $textFilter->ToEdit($string); + + case 'plain': + case 'link': + return htmlspecialchars($string, ENT_QUOTES); + + default: + return $string; + } +} +?> From nobunobu @ users.sourceforge.jp Sun Dec 3 00:48:30 2006 From: nobunobu @ users.sourceforge.jp (NobuNobu) Date: Sun, 3 Dec 2006 00:48:30 +0900 Subject: [xoops-cvslog 5962] CVS update: xoops2jp/html/modules/legacy/kernel Message-ID: <20061202154830.C02B02AC043@users.sourceforge.jp> Index: xoops2jp/html/modules/legacy/kernel/object.php diff -u xoops2jp/html/modules/legacy/kernel/object.php:1.1.2.1 xoops2jp/html/modules/legacy/kernel/object.php:1.1.2.2 --- xoops2jp/html/modules/legacy/kernel/object.php:1.1.2.1 Sat Oct 14 23:55:24 2006 +++ xoops2jp/html/modules/legacy/kernel/object.php Sun Dec 3 00:48:30 2006 @@ -158,7 +158,9 @@ break; case XOBJ_DTYPE_STRING: - $value = htmlspecialchars($this->mVars[$key]['value'], ENT_QUOTES); + $root =& XCube_Root::getSingleton(); + $textFilter =& $root->getTextFilter(); + $value = $textFilter->ToShow($this->mVars[$key]['value']); break; case XOBJ_DTYPE_TEXT: From nobunobu @ users.sourceforge.jp Sun Dec 3 00:48:30 2006 From: nobunobu @ users.sourceforge.jp (NobuNobu) Date: Sun, 3 Dec 2006 00:48:30 +0900 Subject: [xoops-cvslog 5963] CVS update: xoops2jp/html/modules/legacyRender/kernel Message-ID: <20061202154830.E67F62AC04D@users.sourceforge.jp> Index: xoops2jp/html/modules/legacyRender/kernel/Legacy_RenderSystem.class.php diff -u xoops2jp/html/modules/legacyRender/kernel/Legacy_RenderSystem.class.php:1.1.2.30.2.15 xoops2jp/html/modules/legacyRender/kernel/Legacy_RenderSystem.class.php:1.1.2.30.2.16 --- xoops2jp/html/modules/legacyRender/kernel/Legacy_RenderSystem.class.php:1.1.2.30.2.15 Sat Nov 25 19:01:30 2006 +++ xoops2jp/html/modules/legacyRender/kernel/Legacy_RenderSystem.class.php Sun Dec 3 00:48:30 2006 @@ -1,6 +1,6 @@ mController->mRoot; + $context =& $root->getContext(); + $textFilter =& $root->getTextFilter(); + // XoopsTpl default setup $this->mXoopsTpl =& new Legacy_XoopsTpl(); $this->mXoopsTpl->register_function("legacy_notifications_select", "LegacyRender_smartyfunction_notifications_select"); @@ -128,11 +132,6 @@ $this->mXoopsTpl->xoops_setCaching(0); - $this->mXoopsTpl->assign(array('xoops_requesturi' => htmlspecialchars($GLOBALS['xoopsRequestUri'], ENT_QUOTES), //@todo ????????????? - // set JavaScript /Weird, but need extra