#i62 - #i65

gone through every javascript invocation and making sure we adhere to our coding guidelines.


git-svn-id: file:///svn/phpbb/trunk@8099 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/includes/acp/acp_ban.php

@@ -97,9 +97,8 @@ class acp_ban
 			'S_USERNAME_BAN'	=> ($mode == 'user') ? true : false,
 			
 			'U_ACTION'			=> $this->u_action,
-			'U_FIND_USER'		=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=acp_ban&field=ban'),
-			)
-		);
+			'U_FIND_USERNAME'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=acp_ban&field=ban'),
+		));
 	}
 
 	/**
@@ -179,10 +178,10 @@ class acp_ban
 			foreach ($ban_length as $ban_id => $length)
 			{
 				$template->assign_block_vars('ban_length', array(
-					'BAN_ID'	=> $ban_id,
+					'BAN_ID'	=> (int) $ban_id,
 					'LENGTH'	=> $length,
-					'A_LENGTH'	=> addslashes($length))
-				);
+					'A_LENGTH'	=> addslashes($length),
+				));
 			}
 		}
 
@@ -193,8 +192,8 @@ class acp_ban
 				$template->assign_block_vars('ban_reason', array(
 					'BAN_ID'	=> $ban_id,
 					'REASON'	=> $reason,
-					'A_REASON'	=> addslashes(htmlspecialchars_decode($reason)))
-				);
+					'A_REASON'	=> addslashes(htmlspecialchars_decode($reason)),
+				));
 			}
 		}
 
@@ -205,8 +204,8 @@ class acp_ban
 				$template->assign_block_vars('ban_give_reason', array(
 					'BAN_ID'	=> $ban_id,
 					'REASON'	=> $reason,
-					'A_REASON'	=> addslashes(htmlspecialchars_decode($reason)))
-				);
+					'A_REASON'	=> addslashes(htmlspecialchars_decode($reason)),
+				));
 			}
 		}
 

phpBB/includes/acp/acp_board.php

@@ -784,7 +784,7 @@ class acp_board
 		$user->timezone = $old_tz;
 		$user->dst = $old_dst;
 
-		return "<select name=\"dateoptions\" id=\"dateoptions\" onchange=\"if (this.value == 'custom') { document.getElementById('$key').value = '$value'; } else { document.getElementById('$key').value = this.value; }\">$dateformat_options</select>
+		return "<select name=\"dateoptions\" id=\"dateoptions\" onchange=\"if (this.value == 'custom') { document.getElementById('" . addslashes($key) . "').value = '" . addslashes($value) . "'; } else { document.getElementById('" . addslashes($key) . "').value = this.value; }\">$dateformat_options</select>
 		<input type=\"text\" name=\"config[$key]\" id=\"$key\" value=\"$value\" maxlength=\"30\" />";
 	}
 }

phpBB/includes/acp/acp_email.php

@@ -235,7 +235,6 @@ class acp_email
 			'S_GROUP_OPTIONS'		=> $select_list,
 			'USERNAMES'				=> $usernames,
 			'U_FIND_USERNAME'		=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=acp_email&field=usernames'),
-			'UA_FIND_USERNAME'		=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=acp_email&field=usernames', false),
 			'SUBJECT'				=> $subject,
 			'MESSAGE'				=> $message,
 			'S_PRIORITY_OPTIONS'	=> $s_priority_options)

phpBB/includes/acp/acp_forums.php

@@ -344,7 +344,7 @@ class acp_forums
 
 						$template->assign_vars(array(
 							'U_PROGRESS_BAR'		=> $this->u_action . "&action=progress_bar&start=$topics_done&total={$row['forum_topics_real']}",
-							'UA_PROGRESS_BAR'		=> str_replace('&', '&', $this->u_action) . "&action=progress_bar&start=$topics_done&total={$row['forum_topics_real']}",
+							'UA_PROGRESS_BAR'		=> addslashes($this->u_action . "&action=progress_bar&start=$topics_done&total={$row['forum_topics_real']}"),
 							'S_CONTINUE_SYNC'		=> true,
 							'L_PROGRESS_EXPLAIN'	=> sprintf($user->lang['SYNC_IN_PROGRESS_EXPLAIN'], $topics_done, $row['forum_topics_real']))
 						);
@@ -358,7 +358,7 @@ class acp_forums
 
 				$template->assign_vars(array(
 					'U_PROGRESS_BAR'		=> $this->u_action . '&action=progress_bar',
-					'UA_PROGRESS_BAR'		=> str_replace('&', '&', $this->u_action) . '&action=progress_bar',
+					'UA_PROGRESS_BAR'		=> addslashes($this->u_action . '&action=progress_bar'),
 					'S_CONTINUE_SYNC'		=> true,
 					'L_PROGRESS_EXPLAIN'	=> sprintf($user->lang['SYNC_IN_PROGRESS_EXPLAIN'], 0, $row['forum_topics_real']))
 				);
@@ -831,8 +831,8 @@ class acp_forums
 			'U_ACTION'		=> $this->u_action . '&parent_id=' . $this->parent_id,
 
 			'U_PROGRESS_BAR'	=> $this->u_action . '&action=progress_bar',
-			'UA_PROGRESS_BAR'	=> str_replace('&', '&', $this->u_action) . '&action=progress_bar')
-		);
+			'UA_PROGRESS_BAR'	=> addslashes($this->u_action . '&action=progress_bar'),
+		));
 	}
 
 	/**

phpBB/includes/acp/acp_groups.php

@@ -558,7 +558,6 @@ class acp_groups
 
 					'U_BACK'			=> $u_back,
 					'U_SWATCH'			=> append_sid("{$phpbb_admin_path}swatch.$phpEx", 'form=settings&name=group_colour'),
-					'UA_SWATCH'			=> append_sid("{$phpbb_admin_path}swatch.$phpEx", 'form=settings&name=group_colour', false),
 					'U_ACTION'			=> "{$this->u_action}&action=$action&g=$group_id",
 					'L_AVATAR_EXPLAIN'	=> sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], round($config['avatar_filesize'] / 1024)),
 					)
@@ -628,9 +627,8 @@ class acp_groups
 					'U_ACTION'			=> $this->u_action . "&g=$group_id",
 					'U_BACK'			=> $this->u_action,
 					'U_FIND_USERNAME'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=list&field=usernames'),
-					'UA_FIND_USERNAME'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=list&field=usernames', false),
-					'U_DEFAULT_ALL'		=> "{$this->u_action}&action=default&g=$group_id")
-				);
+					'U_DEFAULT_ALL'		=> "{$this->u_action}&action=default&g=$group_id",
+				));
 
 				// Grab the members
 				$sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_regdate, u.user_posts, u.group_id, ug.group_leader, ug.user_pending 

phpBB/includes/acp/acp_icons.php

@@ -241,6 +241,7 @@ class acp_icons
 				{
 					$template->assign_block_vars('items', array(
 						'IMG'		=> $img,
+						'A_IMG'		=> addslashes($img),
 						'IMG_SRC'	=> $phpbb_root_path . $img_path . '/' . $img,
 
 						'CODE'		=> ($mode == 'smilies' && isset($img_row['code'])) ? $img_row['code'] : '',

phpBB/includes/acp/acp_modules.php

@@ -310,7 +310,7 @@ class acp_modules
 					// Name options
 					$s_name_options .= '<option value="' . $option . '"' . (($option == $module_data['module_basename']) ? ' selected="selected"' : '') . '>' . $this->lang_name($values['title']) . ' [' . $this->module_class . '_' . $option . ']</option>';
 
-					$template->assign_block_vars('m_names', array('NAME' => $option));
+					$template->assign_block_vars('m_names', array('NAME' => $option, 'A_NAME' => addslashes($option)));
 
 					// Build module modes
 					foreach ($values['modes'] as $m_mode => $m_values)

phpBB/includes/acp/acp_permissions.php

@@ -332,8 +332,7 @@ class acp_permissions
 					$template->assign_vars(array(
 						'S_SELECT_USER'			=> true,
 						'U_FIND_USERNAME'		=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_victim&field=username&select_single=true'),
-						'UA_FIND_USERNAME'		=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_victim&field=username&select_single=true', false))
-					);
+					));
 
 				break;
 
@@ -395,8 +394,7 @@ class acp_permissions
 						'S_DEFINED_GROUP_OPTIONS'	=> $items['group_ids_options'],
 						'S_ADD_GROUP_OPTIONS'		=> group_select_options(false, $items['group_ids'], (($user->data['user_type'] == USER_FOUNDER) ? false : 0)),
 						'U_FIND_USERNAME'			=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=add_user&field=username&select_single=true'),
-						'UA_FIND_USERNAME'			=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=add_user&field=username&select_single=true', false))
-					);
+					));
 
 				break;
 			}

phpBB/includes/acp/acp_prune.php

@@ -350,8 +350,8 @@ class acp_prune
 			'S_JOINED_OPTIONS'	=> $s_find_join_time,
 			'S_ACTIVE_OPTIONS'	=> $s_find_active_time,
 			'S_COUNT_OPTIONS'	=> $s_find_count,
-			'U_FIND_USER'		=> append_sid($phpbb_root_path . "memberlist.$phpEx", 'mode=searchuser&form=acp_prune&field=users'))
-		);
+			'U_FIND_USERNAME'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=acp_prune&field=users'),
+		));
 	}
 
 	/**

phpBB/includes/acp/acp_search.php

@@ -473,8 +473,8 @@ class acp_search
 			'S_INDEX'				=> true,
 			'U_ACTION'				=> $this->u_action,
 			'U_PROGRESS_BAR'		=> append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=progress_bar"),
-			'UA_PROGRESS_BAR'		=> append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=progress_bar", false))
-		);
+			'UA_PROGRESS_BAR'		=> addslashes(append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=progress_bar")),
+		));
 
 		if (isset($this->state[1]))
 		{

phpBB/includes/acp/acp_styles.php

@@ -987,7 +987,6 @@ parse_css_file = {PARSE_CSS_FILE}
 
 			$template->assign_block_vars('file', array(
 				'U_VIEWSOURCE'	=> $this->u_action . "&action=cache&id=$template_id&source=$file",
-				'UA_VIEWSOURCE'	=> str_replace('&', '&', $this->u_action) . "&action=cache&id=$template_id&source=$file",
 
 				'CACHED'		=> $user->format_date(filemtime("{$phpbb_root_path}cache/$filename")),
 				'FILENAME'		=> $file,
@@ -1454,6 +1453,7 @@ parse_css_file = {PARSE_CSS_FILE}
 			'U_ACTION'			=> $this->u_action . "&action=edit&id=$imageset_id",
 			'U_BACK'			=> $this->u_action,
 			'NAME'				=> $imageset_name,
+			'A_NAME'			=> addslashes($imageset_name),
 			'ERROR'				=> !$valid_name,
 			'IMG_SRC'			=> ($image_found) ? '../styles/' . $imageset_path . '/imageset/' . $img_val : 'images/no_image.png',
 			'IMAGE_SELECT'		=> $image_found

phpBB/includes/acp/acp_users.php

@@ -68,9 +68,7 @@ class acp_users
 
 				'S_SELECT_USER'		=> true,
 				'U_FIND_USERNAME'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_user&field=username&select_single=true'),
-				'UA_FIND_USERNAME'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_user&field=username&select_single=true', false),
-				)
-			);
+			));
 
 			return;
 		}

phpBB/includes/acp/auth.php

@@ -382,7 +382,7 @@ class auth_admin extends auth
 					continue;
 				}
 
-				$s_role_js_array[$row['role_id']] .= 'role_options[' . $row['role_id'] . '][\'' . $row['auth_option'] . '\'] = ' . $row['auth_setting'] . '; ';
+				$s_role_js_array[$row['role_id']] .= 'role_options[' . $row['role_id'] . '][\'' . addslashes($row['auth_option']) . '\'] = ' . $row['auth_setting'] . '; ';
 			}
 			$db->sql_freeresult($result);