Use json_encode to escape JS vars

functions/GetStuList.fnc.php

@@ -308,6 +308,7 @@ function GetStuList(&$extra=array())
 
 function makeContactInfo($student_id,$column)
 {	global $contacts_RET;
+	static $tiptitle = false;
 
 	if(count($contacts_RET[$student_id]))
 	{
@@ -328,7 +329,18 @@ function makeContactInfo($student_id,$column)
 	}
 	else
 		$tipmessage = _('This student has no contact information.');
-	return button('phone','','"#" onMouseOver=\'stm(["'._('Contact Information').'","'.str_replace('"','\"',str_replace("'",''',$tipmessage)).'"],tipmessageStyle); return false;\' onMouseOut=\'htm()\' onclick="return false;"');
+
+	$return = '<script>';
+
+	if (!$tiptitle)
+	{
+		$return .= 'var tiptitle='.json_encode(_('Contact Information')).';';
+		$tiptitle = true;
+	}
+
+	$return .= 'var tipmsg'.$student_id.'='.json_encode($tipmessage).';</script>';
+
+	return $return.button('phone','','"#" onMouseOver="stm([tiptitle,tipmsg'.$student_id.'],tipmessageStyle); return false;" onMouseOut="htm()" onclick="return false;"');
 }
 
 function removeDot00($value,$column)

modules/Attendance/TakeAttendance.php

@@ -256,7 +256,12 @@ function _makeTipMessage($value,$title)
 {	global $THIS_RET,$StudentPicturesPath;
 
 	if($StudentPicturesPath && ($file = @fopen($picture_path=$StudentPicturesPath.UserSyear().'/'.$THIS_RET['STUDENT_ID'].'.jpg','r') || $file = @fopen($picture_path=$StudentPicturesPath.(UserSyear()-1).'/'.$THIS_RET['STUDENT_ID'].'.jpg','r')))
-		return '<DIV onMouseOver=\'stm(["'.str_replace('"','\"',str_replace("'",'&#39;',$THIS_RET['FULL_NAME'])).'","<IMG SRC=\"'.str_replace('\\','\\\\',$picture_path).'\" width=\"150\">"],tipmessageStyle); return false;\' onMouseOut=\'htm()\' onclick="return false;">'.$value.'</DIV>';
+	{
+		$return = '<script>var tiptitle'.$THIS_RET['STUDENT_ID'].'='.json_encode($THIS_RET['FULL_NAME']).'; var tipmsg'.$THIS_RET['STUDENT_ID'].'='.json_encode('<IMG SRC="'.$picture_path.'" width="150" />').';</script>';
+
+
+		return $return.'<DIV onMouseOver="stm([tiptitle'.$THIS_RET['STUDENT_ID'].',tipmsg'.$THIS_RET['STUDENT_ID'].'],tipmessageStyle); return false;" onMouseOut="htm()" onclick="return false;">'.$value.'</DIV>';
+	}
 	else
 		return $value;
 }
@@ -276,4 +281,4 @@ function makeAttendanceReason($student_id,$column)
 		return $current_RET[$student_id][1]['ATTENDANCE_REASON'];
 	}
 }
-?>
\ No newline at end of file
+?>

modules/Attendance/TeacherCompletion.php

@@ -69,6 +69,8 @@ $RET = DBGet(DBQuery($sql),array(),array('STAFF_ID'));
 
 if(!$_REQUEST['period'])
 {
+	$tiptitle = false;
+
 	foreach($RET as $staff_id=>$periods)
 	{
 		$i++;
@@ -76,7 +78,19 @@ if(!$_REQUEST['period'])
 		foreach($periods as $period)
 		{
 			if(!isset($_REQUEST['_ROSARIO_PDF']))
-				$staff_RET[$i][$period['PERIOD_ID']] .= button($period['COMPLETED']=='Y'?'check':'x','','"#" onMouseOver=\'stm(["'._('Course Title').'","'.str_replace('"','\"',str_replace("'",''',$period['COURSE_TITLE'])).'"],tipmessageStyle); return false;\' onMouseOut=\'htm()\' onclick="return false;"').' ';
+			{
+				$tipJS = '<script>';
+
+				if (!$tiptitle)
+				{
+					$tipJS .= 'var tiptitle='.json_encode(_('Course Title')).';';
+					$tiptitle = true;
+				}
+
+				$tipJS .= 'var tipmsg'.$period['PERIOD_ID'].'='.json_encode($period['COURSE_TITLE']).';</script>';
+
+				$staff_RET[$i][$period['PERIOD_ID']] .= $tipJS.button($period['COMPLETED']=='Y'?'check':'x','','"#" onMouseOver="stm([tiptitle,tipmsg'.$period['PERIOD_ID'].'],tipmessageStyle); return false;" onMouseOut="htm()" onclick="return false;"').' ';
+			}
 			else
 				$staff_RET[$i][$period['PERIOD_ID']] = ($period['COMPLETED']=='Y'?_('Yes'):_('No'))." ";
 		}

modules/Food_Service/Student.inc.php

@@ -43,23 +43,34 @@ if(!$_REQUEST['modfunc'] && UserStudentID())
 	echo '<TABLE class="width-100p cellpadding-6">';
 	echo '<TR>';
 	echo '<TD>';
+
 	// warn if account non-existent (balance query failed)
 	if($student['BALANCE']=='')
 	{
 		echo TextInput(array($student['ACCOUNT_ID'],'<span style="color:red">'.$student['ACCOUNT_ID'].'</span>'),'food_service[ACCOUNT_ID]',_('Account ID'),'size=12 maxlength=10');
+
 		$warning = _('Non-existent account!');
-		echo button('warning','','"#" onMouseOver=\'stm(["'._('Warning').'","'.str_replace('"','\"',str_replace("'",'&#39;',$warning)).'"],tipmessageStyle); return false;\' onMouseOut=\'htm()\' onclick="return false;"');
+
+		$tipJS = '<script>var tiptitle1='.json_encode(_('Warning')).'; var tipmsg1='.json_encode($warning).';</script>';
+
+		echo $tipJS.button('warning','','"#" onMouseOver="stm([tiptitle1,tipmsg1],tipmessageStyle); return false;" onMouseOut="htm()" onclick="return false;"');
 	}
 	else
 	 	echo TextInput($student['ACCOUNT_ID'],'food_service[ACCOUNT_ID]','Account ID','size=12 maxlength=10');
+
 	// warn if other students associated with the same account
 	if(count($xstudents))
 	{
 		$warning = _('Other students associated with the same account').':<BR />';
+
 		foreach($xstudents as $xstudent)
-			$warning .= '&nbsp;'.str_replace('\'','&#39;',$xstudent['FULL_NAME']).'<BR />';
-		echo button('warning','','"#" onMouseOver=\'stm(["'._('Warning').'","'.str_replace('"','\"',str_replace("'",'&#39;',$warning)).'"],tipmessageStyle); return false;\' onMouseOut=\'htm()\' onclick="return false;"');
+			$warning .= '&nbsp;'.$xstudent['FULL_NAME'].'<BR />';
+
+		$tipJS = '<script>var tiptitle2='.json_encode(_('Warning')).'; var tipmsg2='.json_encode($warning).';</script>';
+
+		echo $tipJS.button('warning','','"#" onMouseOver="stm([tiptitle2,tipmsg2],tipmessageStyle); return false;" onMouseOut="htm()" onclick="return false;"');
 	}
+
 	echo '</TD>';
 	$options = array('Inactive'=>_('Inactive'),'Disabled'=>_('Disabled'),'Closed'=>_('Closed'));
 	echo '<TD>'.SelectInput($student['STATUS'],'food_service[STATUS]',_('Status'),$options,_('Active')).'</TD>';

modules/Food_Service/Students/Accounts.php

@@ -118,24 +118,35 @@ if(UserStudentID() && empty($_REQUEST['modfunc']))
 	echo '<TABLE class="width-100p cellpadding-6">';
 	echo '<TR>';
 	echo '<TD>';
+
 	// warn if account non-existent (balance query failed)
 	if($student['BALANCE']=='')
 	{
 		//var_dump($student['ACCOUNT_ID']);
 		echo TextInput(array($student['ACCOUNT_ID'],'<span style="color:red">'.$student['ACCOUNT_ID'].'</span>'),'food_service[ACCOUNT_ID]',_('Account ID'),'size=12 maxlength=10');
+
 		$warning = _('Non-existent account!');
-		echo button('warning','','"#" onMouseOver=\'stm(["'._('Warning').'","'.str_replace('"','\"',str_replace("'",'&#39;',$warning)).'"],tipmessageStyle); return false;\' onMouseOut=\'htm()\' onclick="return false;"');
+
+		$tipJS = '<script>var tiptitle1='.json_encode(_('Warning')).'; var tipmsg1='.json_encode($warning).';</script>';
+
+		echo $tipJS.button('warning','','"#" onMouseOver="stm([tiptitle1,tipmsg1],tipmessageStyle); return false;" onMouseOut="htm()" onclick="return false;"');
 	}
 	else
 	 	echo TextInput($student['ACCOUNT_ID'],'food_service[ACCOUNT_ID]',_('Account ID'),'size=12 maxlength=10');
+
 	// warn if other students associated with the same account
 	if(count($xstudents))
 	{
 		$warning = _('Other students associated with the same account').':<BR />';
+
 		foreach($xstudents as $xstudent)
-			$warning .= '&nbsp;'.str_replace('\'','&#39;',$xstudent['FULL_NAME']).'<BR />';
-		echo button('warning','','"#" onMouseOver=\'stm(["'._('Warning').'","'.str_replace('"','\"',str_replace("'",'&#39;',$warning)).'"],tipmessageStyle); return false;\' onMouseOut=\'htm()\' onclick="return false;"');
+			$warning .= '&nbsp;'.$xstudent['FULL_NAME'].'<BR />';
+
+		$tipJS = '<script>var tiptitle2='.json_encode(_('Warning')).'; var tipmsg2='.json_encode($warning).';</script>';
+
+		echo $tipJS.button('warning','','"#" onMouseOver="stm([tiptitle2,tipmsg2],tipmessageStyle); return false;" onMouseOut="htm()" onclick="return false;"');
 	}
+
 	echo '</TD>';
 	$options = array('Inactive'=>_('Inactive'),'Disabled'=>_('Disabled'),'Closed'=>_('Closed'));
 	echo '<TD>'.SelectInput($student['STATUS'],'food_service[STATUS]',_('Status'),$options,_('Active')).'</TD>';

modules/Food_Service/User.inc.php

@@ -34,17 +34,23 @@ if(!$_REQUEST['modfunc'] && UserStaffID())
 	echo '<TD class="valign-top">';
 	echo '<TABLE class="width-100p"><TR>';
 
-        echo '<TD class="valign-top">'.NoInput(($staff['BALANCE']<0?'<span style="color:red">':'').$staff['BALANCE'].($staff['BALANCE']<0?'</span>':''),'Balance');
+	echo '<TD class="valign-top">'.NoInput(($staff['BALANCE']<0?'<span style="color:red">':'').$staff['BALANCE'].($staff['BALANCE']<0?'</span>':''),'Balance');
+
+	// warn if account non-existent (balance query failed)
 	if(!$staff['ACCOUNT_ID'])
 	{
 		$warning = _('This user does not have a Meal Account.');
-		echo '<BR />'.button('warning','','"#" onMouseOver=\'stm(["'._('Warning').'","'.str_replace('"','\"',str_replace("'",'&#39;',$warning)).'"],tipmessageStyle); return false;\' onMouseOut=\'htm()\' onclick="return false;"');
+
+		$tipJS = '<script>var tiptitle1='.json_encode(_('Warning')).'; var tipmsg1='.json_encode($warning).';</script>';
+
+		echo '<BR />'.$tipJS.button('warning','','"#" onMouseOver="stm([tiptitle1,tipmsg1],tipmessageStyle); return false;" onMouseOut="htm()" onclick="return false;"');
 	}
+
 	echo '</TD>';
 
-        echo '</TR></TABLE>';
-        echo '</TD></TR></TABLE>';
-        echo '<HR>';
+	echo '</TR></TABLE>';
+	echo '</TD></TR></TABLE>';
+	echo '<HR>';
 
 	echo '<TABLE class="width-100p cellspacing-0 cellpadding-0">';
 	echo '<TR><TD class="valign-top">';

modules/Food_Service/Users/Accounts.php

@@ -118,24 +118,30 @@ if(UserStaffID() && empty($_REQUEST['modfunc']))
 
 	echo '<BR />';
 	PopTable('header',_('Account Information'),'width="100%"');
-        echo '<TABLE class="width-100p">';
-        echo '<TR>';
-        echo '<TD class="valign-top">';
-        echo '<TABLE class="width-100p"><TR>';
+	echo '<TABLE class="width-100p">';
+	echo '<TR>';
+	echo '<TD class="valign-top">';
+	echo '<TABLE class="width-100p"><TR>';
 
 	echo '<TD class="valign-top">'.NoInput($staff['FULL_NAME'],$staff['STAFF_ID']);
+
+	// warn if other users associated with the same account
 	if(!$staff['ACCOUNT_ID'])
 	{
 		$warning = _('This user does not have a Meal Account.');
-		echo '<BR />'.button('warning','','"#" onMouseOver=\'stm(["'._('Warning').'","'.str_replace('"','\"',str_replace("'",'&#39;',$warning)).'"],tipmessageStyle); return false;\' onMouseOut=\'htm()\' onclick="return false;"');
+
+		$tipJS = '<script>var tiptitle1='.json_encode(_('Warning')).'; var tipmsg1='.json_encode($warning).';</script>';
+
+		echo '<BR />'.$tipJS.button('warning','','"#" onMouseOver="stm([tiptitle1,tipmsg1],tipmessageStyle); return false;" onMouseOut="htm()" onclick="return false;"');
 	}
+
 	echo '</TD>';
 
-        echo '<TD class="valign-top">'.NoInput(red($staff['BALANCE']),_('Balance')).'</TD>';
+	echo '<TD class="valign-top">'.NoInput(red($staff['BALANCE']),_('Balance')).'</TD>';
 
-        echo '</TR></TABLE>';
-        echo '</TD></TR></TABLE>';
-        echo '<HR>';
+	echo '</TR></TABLE>';
+	echo '</TD></TR></TABLE>';
+	echo '<HR>';
 
 	echo '<TABLE class="width-100p cellspacing-0 cellpadding-0">';
 	echo '<TR><TD class="valign-top">';

modules/Grades/FinalGrades.php

@@ -170,7 +170,9 @@ if(isset($_REQUEST['modfunc']) && $_REQUEST['modfunc']=='save')
 					foreach($commentsB_RET as $comment)
 						$tipmessage .= $comment[1]['SORT_ORDER'].' - '.$comment[1]['TITLE'].'<BR />';
 
-					$tipmessage = button('comment',_('Comment Codes'),'"#" onmouseover=\'stm(["'._('Report Card Comments').'","'.str_replace('"','\"',str_replace("'",'&#39;',$tipmessage)).'"],tipmessageStyle); return false;\' onmouseout=\'htm()\' onclick="return false;"',24);
+					$tipJS = '<script>var tiptitle='.json_encode(_('Report Card Comments')).'; var tipmsg='.json_encode($tipmessage).';</script>';
+
+					$tipmessage = $tipJS.button('comment',_('Comment Codes'),'"#" onmouseover="stm([tiptitle,tipmsg],tipmessageStyle); return false;" onmouseout="htm()" onclick="return false;"',24);
 
 					DrawHeader('',$tipmessage);
 				}

modules/Grades/InputFinalGrades.php

@@ -630,9 +630,11 @@ if(!isset($_REQUEST['_ROSARIO_PDF']))
 	if(count($commentsB_RET))
 	{
 		foreach($commentsB_RET as $comment)
-			$tipmessage .= $comment[1]['SORT_ORDER'].' - '.str_replace("'",'&acute;',$comment[1]['TITLE']).'<BR />';
-//		$tipmessage = button('comment','Comment Codes','# onClick=\'stm(["Report Card Comments","'.$tipmessage.'"],["white","#333366","","","",,"black","#e8e8ff","","","",,,,2,"#333366",2,,,,,"",5,3,50,50]);\'','');
-		$tipmessage = button('comment',_('Comment Codes'),'"#" onmouseover=\'stm(["'._('Report Card Comments').'","'.str_replace('"','\"',str_replace("'",'&#39;',$tipmessage)).'"],tipmessageStyle); return false;\' onmouseout=\'htm()\' onclick="return false;"',24);
+			$tipmessage .= $comment[1]['SORT_ORDER'].' - '.$comment[1]['TITLE'].'<BR />';
+
+		$tipJS = '<script>var tiptitle='.json_encode(_('Report Card Comments')).'; var tipmsg='.json_encode($tipmessage).';</script>';
+
+		$tipmessage = $tipJS.button('comment',_('Comment Codes'),'"#" onmouseover="stm([tiptitle,tipmsg],tipmessageStyle); return false;" onmouseout="htm()" onclick="return false;"',24);
 	}
 
 //modif Francois: add label on checkbox

modules/Grades/StudentGrades.php

@@ -302,18 +302,34 @@ else
 function _makeTipTitle($value,$column)
 {	global $THIS_RET;
 
+	static $tiptitle = false;
+
 	if(($THIS_RET['DESCRIPTION'] || $THIS_RET['ASSIGNED_DATE'] || $THIS_RET['DUE_DATE']) && !isset($_REQUEST['_ROSARIO_PDF']))
 	{
 		if($THIS_RET['DESCRIPTION'])
 		{
-			$tip_title = str_replace(array("'",'"'),array(''','”'),$THIS_RET['DESCRIPTION']);
-			$tip_title = _('Description').': '.str_replace("\r\n",'<BR />',$tip_title);
+			$tipmsg = $THIS_RET['DESCRIPTION'];
+			$tipmsg = _('Description').': '.str_replace("\r\n",'<BR />',$tipmsg);
 		}
+
 		if($THIS_RET['ASSIGNED_DATE'])
-			$tip_title .= ($tip_title?'<BR />':'')._('Assigned').': '.ProperDate($THIS_RET['ASSIGNED_DATE']);
+			$tipmsg .= ($tipmsg?'<BR />':'')._('Assigned').': '.ProperDate($THIS_RET['ASSIGNED_DATE']);
+
 		if($THIS_RET['DUE_DATE'])
-			$tip_title .= ($tip_title?'<BR />':'')._('Due').': '.ProperDate($THIS_RET['DUE_DATE']);
-		$tip_title = '<A HREF="#" onMouseOver=\'stm(["'._('Details').'","'.str_replace('"','\"',str_replace("'",'&#39;',$tip_title)).'"],tipmessageStyle); return false;\' onMouseOut="htm();" onclick="return false;">'.$value.'</A>';
+			$tipmsg .= ($tipmsg?'<BR />':'')._('Due').': '.ProperDate($THIS_RET['DUE_DATE']);
+
+		$tipJS = '<script>';
+
+		if (!$tiptitle)
+		{
+			$tipJS .= 'var tiptitle='.json_encode(_('Details')).';';
+
+			$tiptitle = true;
+		}
+
+		$tipJS .= 'var tipmsg'.$THIS_RET['ASSIGNMENT_ID'].'='.json_encode($tipmsg).';</script>';
+
+		$tip_title = $tipJS.'<A HREF="#" onMouseOver="stm([tiptitle,tipmsg'.$THIS_RET['ASSIGNMENT_ID'].'],tipmessageStyle); return false;" onMouseOut="htm();" onclick="return false;">'.$value.'</A>';
 	}
 	else
 		$tip_title = $value;
@@ -382,4 +398,4 @@ function bargraph2($x,$lo=0,$hi=0)
 	else
 		return '<div style="float:left;">&nbsp;</div>';
 }
-?>
\ No newline at end of file
+?>

modules/Grades/TeacherCompletion.php

@@ -61,6 +61,8 @@ $RET = DBGet(DBQuery($sql),array(),array('STAFF_ID'));
 
 if(!$_REQUEST['period'])
 {
+	$tiptitle = false;
+
 	foreach($RET as $staff_id=>$periods)
 	{
 		$i++;
@@ -68,7 +70,19 @@ if(!$_REQUEST['period'])
 		foreach($periods as $period)
 		{
 			if(!isset($_REQUEST['_ROSARIO_PDF']))
-				$staff_RET[$i][$period['PERIOD_ID']] .= button($period['COMPLETED']=='Y'?'check':'x','','"#" onMouseOver=\'stm(["'._('Course Title').'","'.str_replace('"','\"',str_replace("'",''',$period['COURSE_TITLE'])).'"],tipmessageStyle); return false;\' onMouseOut=\'htm()\' onclick="return false;"').' ';
+			{
+				$tipJS = '<script>';
+
+				if (!$tiptitle)
+				{
+					$tipJS .= 'var tiptitle='.json_encode(_('Course Title')).';';
+					$tiptitle = true;
+				}
+
+				$tipJS .= 'var tipmsg'.$period['PERIOD_ID'].'='.json_encode($period['COURSE_TITLE']).';</script>';
+
+				$staff_RET[$i][$period['PERIOD_ID']] .= $tipJS.button($period['COMPLETED']=='Y'?'check':'x','','"#" onMouseOver="stm([tiptitle,tipmsg'.$period['PERIOD_ID'].'],tipmessageStyle); return false;" onMouseOut="htm()" onclick="return false;"').' ';
+			}
 			else
 				$staff_RET[$i][$period['PERIOD_ID']] = $period['COMPLETED']=='Y'?_('Yes').' ':_('No').' ';
 		}
@@ -97,4 +111,4 @@ else
 	
 	ListOutput($RET,array('FULL_NAME'=>_('Teacher'),'COURSE_TITLE'=>_('Course'),'COMPLETED'=>_('Completed')),sprintf(_('Teacher who enters grades for %s'), $period_title),sprintf(_('Teachers who enter grades for %s'), $period_title),false,array('STAFF_ID'));
 }
-?>
\ No newline at end of file
+?>

modules/Students/includes/Address.inc.php

@@ -368,7 +368,10 @@ if(empty($_REQUEST['modfunc']))
 							$ximages .= ' <IMG SRC="assets/mailbox_button.png" height="24">';
 						$warning .= '<b>'.str_replace(array("'",'"'),array('&#39;','&rdquo;'),$xstudent['FULL_NAME']).'</b>'.$ximages.'';
 					}
-					echo '<TH>'.button('warning','','"#" onMouseOver=\'stm(["'._('Warning').'","'.str_replace('"','\"',str_replace("'",'&#39;',$warning)).'"],tipmessageStyle); return false;\' onMouseOut=\'htm()\' onclick="return false;"').'</TH>';
+
+					$tipJS = '<script>var tiptitle1='.json_encode(_('Warning')).'; var tipmsg1='.json_encode($warning).';</script>';
+
+					echo '<TH>'.$tipJS.button('warning','','"#" onMouseOver="stm([tiptitle1,tipmsg1],tipmessageStyle); return false;" onMouseOut="htm()" onclick="return false;"').'</TH>';
 				}
 				else
 					echo '<TH>&nbsp;</TH>';
@@ -506,6 +509,7 @@ if(empty($_REQUEST['modfunc']))
 
 					// find other students associated with this person
 					$xstudents = DBGet(DBQuery("SELECT s.STUDENT_ID,s.FIRST_NAME||' '||s.LAST_NAME AS FULL_NAME,STUDENT_RELATION,CUSTODY,EMERGENCY FROM STUDENTS s,STUDENTS_JOIN_PEOPLE sjp WHERE s.STUDENT_ID=sjp.STUDENT_ID AND sjp.PERSON_ID='".$contact['PERSON_ID']."' AND sjp.STUDENT_ID!='".UserStudentID()."'"));
+
 					if(count($xstudents))
 					{
 						$warning = _('Other students associated with this person').':<BR />';
@@ -518,7 +522,10 @@ if(empty($_REQUEST['modfunc']))
 								$ximages .= ' <IMG SRC="assets/emergency_button.png" height="24">';
 							$warning .= '<b>'.str_replace(array("'",'"'),array('&#39;','&rdquo;'),$xstudent['FULL_NAME']).'</b> ('.($xstudent['STUDENT_RELATION']?str_replace(array("'",'"'),array('&#39;','&rdquo;'),$xstudent['STUDENT_RELATION']):'---').')'.$ximages.'<BR />';
 						}
-						$images .= ' '.button('warning','','"#" onMouseOver=\'stm(["'._('Warning').'","'.str_replace('"','\"',str_replace("'",'&#39;',$warning)).'"],tipmessageStyle); return false;\' onMouseOut=\'htm()\' onclick="return false;"');
+
+						$tipJS = '<script>var tiptitle2='.json_encode(_('Warning')).'; var tipmsg2='.json_encode($warning).';</script>';
+
+						$images .= ' '.$tipJS.button('warning','','"#" onMouseOver="stm([tiptitle2,tipmsg2],tipmessageStyle); return false;" onMouseOut="htm()" onclick="return false;"');
 					}
 
 					if($contact['CUSTODY']=='Y')
@@ -718,12 +725,14 @@ if(empty($_REQUEST['modfunc']))
 									echo '<TD style="width:20px;">'.button('remove','','"Modules.php?modname='.$_REQUEST['modname'].'&include='.$_REQUEST['include'].'&modfunc=delete&address_id='.$_REQUEST['address_id'].'&person_id='.$_REQUEST['person_id'].'&contact_id='.$info['ID'].'"').'</TD>';
 								else
 									echo '<TD></TD>';
-                                echo '<TD><DIV id="info_'.$info['ID'].'"><div class="onclick" onclick=\'addHTML("';
-								
-								$toEscape = '<TABLE><TR><TD>'.TextInput($info['VALUE'],'values[PEOPLE_JOIN_CONTACTS]['.$info['ID'].'][VALUE]','','',false).'<BR />'.str_replace("'",'&#39;',_makeAutoSelectInputX($info['TITLE'],'TITLE','PEOPLE_JOIN_CONTACTS','',$info_options,$info['ID'],false)).'</TD></TR></TABLE>';
-								echo str_replace('"','\"',$toEscape);
-								
-								echo '","info_'.$info['ID'].'",true);\'><span class="underline-dots">'.$info['VALUE'].'</span><BR /><span class="legend-gray">'.$info['TITLE'].'</span></div></DIV></TD>';
+
+								$toEscape = '<TABLE><TR><TD>'.TextInput($info['VALUE'],'values[PEOPLE_JOIN_CONTACTS]['.$info['ID'].'][VALUE]','','',false).'<BR />'._makeAutoSelectInputX($info['TITLE'],'TITLE','PEOPLE_JOIN_CONTACTS','',$info_options,$info['ID'],false).'</TD></TR></TABLE>';
+
+								echo '<script> var info_'.$info['ID'].'='.json_encode($toEscape).';</script>';
+
+								echo '<TD><DIV id="info_'.$info['ID'].'"><div class="onclick" onclick=\'addHTML(info_'.$info['ID'];
+
+								echo ',"info_'.$info['ID'].'",true);\'><span class="underline-dots">'.$info['VALUE'].'</span><BR /><span class="legend-gray">'.$info['TITLE'].'</span></div></DIV></TD>';
 								echo '</TR>';
 							}
 						}

modules/Users/includes/General_Info.inc.php

@@ -44,7 +44,7 @@ if(AllowEdit() && !isset($_REQUEST['_ROSARIO_PDF']))
 		echo '<TABLE><TR class="st"><TD>'.SelectInput($staff['TITLE'],'staff[TITLE]',_('Title'),$titles_array,'').'</TD><TD>'.TextInput($staff['FIRST_NAME'],'staff[FIRST_NAME]',($staff['FIRST_NAME']==''?'<span class="legend-red">':'')._('First Name').($staff['FIRST_NAME']==''?'</span>':''),'maxlength=50 required', ($_REQUEST['moodle_create_user'] ? false : true)).'</TD><TD>'.TextInput($staff['MIDDLE_NAME'],'staff[MIDDLE_NAME]',_('Middle Name'),'maxlength=50').'</TD><TD>'.TextInput($staff['LAST_NAME'],'staff[LAST_NAME]',($staff['LAST_NAME']==''?'<span class="legend-red">':'')._('Last Name').($staff['LAST_NAME']==''?'</span>':''),'maxlength=50 required', ($_REQUEST['moodle_create_user'] ? false : true)).'</TD><TD>'.SelectInput($staff['NAME_SUFFIX'],'staff[NAME_SUFFIX]',_('Suffix'),$suffixes_array,'').'</TD></TR></TABLE>';
 	else
 	{
-		$user_name = '<TABLE><TR class="st"><TD>'.SelectInput($staff['TITLE'],'staff[TITLE]',_('Title'),$titles_array,'','',false).'</TD><TD>'.TextInput($staff['FIRST_NAME'],'staff[FIRST_NAME]',_('First Name'),'maxlength=50 required',false).'</TD><TD>'.TextInput($staff['MIDDLE_NAME'],'staff[MIDDLE_NAME]',_('Middle Name'),'maxlength=50',false).'</TD><TD>'.TextInput(str_replace("'",'&#39;',$staff['LAST_NAME']),'staff[LAST_NAME]',_('Last Name'),'maxlength=50 required',false).'</TD><TD>'.SelectInput($staff['NAME_SUFFIX'],'staff[NAME_SUFFIX]',_('Suffix'),$suffixes_array,'','',false).'</TD></TR></TABLE>';
+		$user_name = '<TABLE><TR class="st"><TD>'.SelectInput($staff['TITLE'],'staff[TITLE]',_('Title'),$titles_array,'','',false).'</TD><TD>'.TextInput($staff['FIRST_NAME'],'staff[FIRST_NAME]',_('First Name'),'maxlength=50 required',false).'</TD><TD>'.TextInput($staff['MIDDLE_NAME'],'staff[MIDDLE_NAME]',_('Middle Name'),'maxlength=50',false).'</TD><TD>'.TextInput($staff['LAST_NAME'],'staff[LAST_NAME]',_('Last Name'),'maxlength=50 required',false).'</TD><TD>'.SelectInput($staff['NAME_SUFFIX'],'staff[NAME_SUFFIX]',_('Suffix'),$suffixes_array,'','',false).'</TD></TR></TABLE>';
 
 		echo '<script>var user_name='.json_encode($user_name).';</script>';
 

modules/misc/Export.php

@@ -288,7 +288,13 @@ else
 		foreach($fields as $field=>$title)
 		{
 			$i++;
-            echo '<TD><label><INPUT type="checkbox" onclick=\'addHTML("'.str_replace('"','\"','<LI>'.str_replace("'",'&#39',ParseMLField($title)).'</LI>').'","names_div",false);addHTML("'.str_replace('"','\"','<INPUT type="hidden" name="fields['.$field.']" value="Y" />').'","fields_div",false);this.disabled=true\' />&nbsp;'.ParseMLField($title).'</label>';
+
+			echo '<TD>';
+
+			$addJS = '<script>var field'.$field.'='.json_encode('<LI>'.ParseMLField($title).'</LI>').'; var fielddiv'.$field.'='.json_encode('<INPUT type="hidden" name="fields['.$field.']" value="Y" />').';</script>';
+
+			echo $addJS.'<label><INPUT type="checkbox" onclick=\'addHTML(field'.$field.',"names_div",false);addHTML(fielddiv'.$field.',"fields_div",false);this.disabled=true\' />&nbsp;'.ParseMLField($title).'</label>';
+
 			if(ParseMLField($category,'default')=='Address' && $field=='PARENTS')
 			{
 				$relations_RET = DBGet(DBQuery("SELECT DISTINCT STUDENT_RELATION FROM STUDENTS_JOIN_PEOPLE ORDER BY STUDENT_RELATION"));