mirror of
https://github.com/phpbb/phpbb.git
synced 2025-08-10 18:54:08 +02:00
Merge remote-tracking branch 'p/ticket/11095-develop' into develop
* p/ticket/11095-develop: [ticket/11095] Restore brace on previous line. [ticket/11095] Docs and tests for phpbb_build_hidden_fields_for_query_params. [ticket/11095] Forward GET parameters into hidden fields for jumpbox. [ticket/11095] Python quoteattr port. [ticket/11095] Use get method in jumpboxes.
This commit is contained in:
Andreas Fischer
@@ -4893,13 +4893,108 @@ function phpbb_http_login($param)
|
||||
trigger_error('NOT_AUTHORISED');
|
||||
}
|
||||
|
||||
/**
|
||||
* Escapes and quotes a string for use as an HTML/XML attribute value.
|
||||
*
|
||||
* This is a port of Python xml.sax.saxutils quoteattr.
|
||||
*
|
||||
* The function will attempt to choose a quote character in such a way as to
|
||||
* avoid escaping quotes in the string. If this is not possible the string will
|
||||
* be wrapped in double quotes and double quotes will be escaped.
|
||||
*
|
||||
* @param string $data The string to be escaped
|
||||
* @param array $entities Associative array of additional entities to be escaped
|
||||
* @return string Escaped and quoted string
|
||||
*/
|
||||
function phpbb_quoteattr($data, $entities = null)
|
||||
{
|
||||
$data = str_replace('&', '&', $data);
|
||||
$data = str_replace('>', '>', $data);
|
||||
$data = str_replace('<', '<', $data);
|
||||
|
||||
$data = str_replace("\n", ' ', $data);
|
||||
$data = str_replace("\r", ' ', $data);
|
||||
$data = str_replace("\t", '	', $data);
|
||||
|
||||
if (!empty($entities))
|
||||
{
|
||||
$data = str_replace(array_keys($entities), array_values($entities), $data);
|
||||
}
|
||||
|
||||
if (strpos($data, '"') !== false)
|
||||
{
|
||||
if (strpos($data, "'") !== false)
|
||||
{
|
||||
$data = '"' . str_replace('"', '"', $data) . '"';
|
||||
}
|
||||
else
|
||||
{
|
||||
$data = "'" . $data . "'";
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$data = '"' . $data . '"';
|
||||
}
|
||||
|
||||
return $data;
|
||||
}
|
||||
|
||||
/**
|
||||
* Converts query string (GET) parameters in request into hidden fields.
|
||||
*
|
||||
* Useful for forwarding GET parameters when submitting forms with GET method.
|
||||
*
|
||||
* It is possible to omit some of the GET parameters, which is useful if
|
||||
* they are specified in the form being submitted.
|
||||
*
|
||||
* sid is always omitted.
|
||||
*
|
||||
* @param phpbb_request $request Request object
|
||||
* @param array $exclude A list of variable names that should not be forwarded
|
||||
* @return string HTML with hidden fields
|
||||
*/
|
||||
function phpbb_build_hidden_fields_for_query_params($request, $exclude = null)
|
||||
{
|
||||
$names = $request->variable_names(phpbb_request_interface::GET);
|
||||
$hidden = '';
|
||||
foreach ($names as $name)
|
||||
{
|
||||
// Sessions are dealt with elsewhere, omit sid always
|
||||
if ($name == 'sid')
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
// Omit any additional parameters requested
|
||||
if (!empty($exclude) && in_array($name, $exclude))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
$escaped_name = phpbb_quoteattr($name);
|
||||
|
||||
// Note: we might retrieve the variable from POST or cookies
|
||||
// here. To avoid exposing cookies, skip variables that are
|
||||
// overwritten somewhere other than GET entirely.
|
||||
$value = $request->variable($name, '', true);
|
||||
$get_value = $request->variable($name, '', true, phpbb_request_interface::GET);
|
||||
if ($value === $get_value)
|
||||
{
|
||||
$escaped_value = phpbb_quoteattr($value);
|
||||
$hidden .= "<input type='hidden' name=$escaped_name value=$escaped_value />";
|
||||
}
|
||||
}
|
||||
return $hidden;
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate page header
|
||||
*/
|
||||
function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum')
|
||||
{
|
||||
global $db, $config, $template, $SID, $_SID, $_EXTRA_URL, $user, $auth, $phpEx, $phpbb_root_path;
|
||||
global $phpbb_dispatcher;
|
||||
global $phpbb_dispatcher, $request;
|
||||
|
||||
if (defined('HEADER_INC'))
|
||||
{
|
||||
@@ -5088,6 +5183,8 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
|
||||
$timezone_name = $user->lang['timezones'][$timezone_name];
|
||||
}
|
||||
|
||||
$hidden_fields_for_jumpbox = phpbb_build_hidden_fields_for_query_params($request, array('f'));
|
||||
|
||||
// The following assigns all _common_ variables that may be used at any point in a template.
|
||||
$template->assign_vars(array(
|
||||
'SITENAME' => $config['sitename'],
|
||||
@@ -5102,6 +5199,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
|
||||
'RECORD_USERS' => $l_online_record,
|
||||
'PRIVATE_MESSAGE_INFO' => $l_privmsgs_text,
|
||||
'PRIVATE_MESSAGE_INFO_UNREAD' => $l_privmsgs_text_unread,
|
||||
'HIDDEN_FIELDS_FOR_JUMPBOX' => $hidden_fields_for_jumpbox,
|
||||
|
||||
'S_USER_NEW_PRIVMSG' => $user->data['user_new_privmsg'],
|
||||
'S_USER_UNREAD_PRIVMSG' => $user->data['user_unread_privmsg'],
|
||||
|
||||
@@ -10,13 +10,14 @@
|
||||
<!-- ENDIF -->
|
||||
|
||||
<!-- IF S_DISPLAY_JUMPBOX -->
|
||||
<form method="post" id="jumpbox" action="{S_JUMPBOX_ACTION}" onsubmit="if(this.f.value == -1){return false;}">
|
||||
<form method="get" id="jumpbox" action="{S_JUMPBOX_ACTION}" onsubmit="if(this.f.value == -1){return false;}">
|
||||
|
||||
<!-- IF $CUSTOM_FIELDSET_CLASS -->
|
||||
<fieldset class="{$CUSTOM_FIELDSET_CLASS}">
|
||||
<!-- ELSE -->
|
||||
<fieldset class="jumpbox">
|
||||
<!-- ENDIF -->
|
||||
{HIDDEN_FIELDS_FOR_JUMPBOX}
|
||||
<label for="f" accesskey="j"><!-- IF S_IN_MCP and S_MERGE_SELECT -->{L_SELECT_TOPICS_FROM}<!-- ELSEIF S_IN_MCP -->{L_MODERATE_FORUM}<!-- ELSE -->{L_JUMP_TO}<!-- ENDIF -->{L_COLON}</label>
|
||||
<select name="f" id="f" onchange="if(this.options[this.selectedIndex].value != -1){ document.forms['jumpbox'].submit() }">
|
||||
<!-- BEGIN jumpbox_forums -->
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
|
||||
<!-- IF S_DISPLAY_JUMPBOX -->
|
||||
<form method="post" name="jumpbox" action="{S_JUMPBOX_ACTION}" onsubmit="if(document.jumpbox.f.value == -1){return false;}">
|
||||
<form method="get" name="jumpbox" action="{S_JUMPBOX_ACTION}" onsubmit="if(document.jumpbox.f.value == -1){return false;}">
|
||||
|
||||
<table cellspacing="0" cellpadding="0" border="0">
|
||||
<tr>
|
||||
<td nowrap="nowrap"><span class="gensmall"><!-- IF S_IN_MCP and S_MERGE_SELECT -->{L_SELECT_TOPICS_FROM}<!-- ELSEIF S_IN_MCP -->{L_MODERATE_FORUM}<!-- ELSE -->{L_JUMP_TO}<!-- ENDIF -->{L_COLON}</span> <select name="f" onchange="if(this.options[this.selectedIndex].value != -1){ document.forms['jumpbox'].submit() }">
|
||||
<td nowrap="nowrap">{HIDDEN_FIELDS_FOR_JUMPBOX}<span class="gensmall"><!-- IF S_IN_MCP and S_MERGE_SELECT -->{L_SELECT_TOPICS_FROM}<!-- ELSEIF S_IN_MCP -->{L_MODERATE_FORUM}<!-- ELSE -->{L_JUMP_TO}<!-- ENDIF -->{L_COLON}</span> <select name="f" onchange="if(this.options[this.selectedIndex].value != -1){ document.forms['jumpbox'].submit() }">
|
||||
|
||||
<!-- BEGIN jumpbox_forums -->
|
||||
<!-- IF jumpbox_forums.S_FORUM_COUNT eq 1 --><option value="-1">------------------</option><!-- ENDIF -->
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
<!-- Note: no longer in use... -->
|
||||
|
||||
<form name="jumpbox" method="post" action="{S_JUMPBOX_ACTION}">
|
||||
<form name="jumpbox" method="get" action="{S_JUMPBOX_ACTION}">
|
||||
|
||||
{HIDDEN_FIELDS_FOR_JUMPBOX}
|
||||
<span class="gensmall">{L_JUMP_TO}{L_COLON}</span> <select name="f" onChange="if(this.options[this.selectedIndex].value != -1 && this.options[this.selectedIndex].value != document.jumpbox.current_f.value){ document.forms['jumpbox'].submit() }">
|
||||
|
||||
<!-- IF S_ENABLE_SELECT_ALL -->
|
||||
|
||||
Reference in New Issue
Block a user