Commit 6a3a244b authored by chealer's avatar chealer

[FIX] Smarty {title} block escaping: more double-encoded browser titles for escaped $content

parent 071fe3d3
{if $blog_data.use_title_in_post eq 'y'}
{title url=$blogId|sefurl:blog}{$blog_data.title|escape}{/title}
{title url=$blogId|sefurl:blog}{$blog_data.title}{/title}
{/if}
{if $blog_data.use_breadcrumbs eq 'y'}
<div class="breadcrumbs"><a class="link" href="tiki-list_blogs.php">{tr}Blogs{/tr}</a> {$prefs.site_crumb_seper} <a class="link" href="tiki-view_blog.php?blogId={$post_info.blogId}">{$blog_data.title|escape}</a> {$prefs.site_crumb_seper} {$post_info.title|escape}</div>
......
{* $Id$ *}
{title help="Menus" url="tiki-admin_menu_options.php?menuId=$menuId" admpage="general&amp;cookietab=3"}{tr}Admin Menu:{/tr} {$editable_menu_info.name|escape}{/title}
{title help="Menus" url="tiki-admin_menu_options.php?menuId=$menuId" admpage="general&amp;cookietab=3"}{tr}Admin Menu:{/tr} {$editable_menu_info.name}{/title}
<div class="navbar">
{button href="tiki-admin_menus.php" _text="{tr}List menus{/tr}"}
......
{title url="tiki-admin_poll_options.php?pollId=$pollId"}{tr}Admin Polls:{/tr} {$menu_info.title|escape}{/title}
{title url="tiki-admin_poll_options.php?pollId=$pollId"}{tr}Admin Polls:{/tr} {$menu_info.title}{/title}
<div class="navbar">
{button href="tiki-admin_polls.php" _text="{tr}List polls{/tr}"}
......
{title url="tiki-admin_survey_questions.php?surveyId=$surveyId"}{tr}Edit survey questions:{/tr} {$survey_info.name|escape}{/title}
{title url="tiki-admin_survey_questions.php?surveyId=$surveyId"}{tr}Edit survey questions:{/tr} {$survey_info.name}{/title}
<div class="navbar">
{button href="tiki-admin_survey_questions.php?surveyId=$surveyId" _text="{tr}Add a New Question{/tr}"}
......
{* $Id$ *}
{title help="Adding+fields+to+a+tracker" url="tiki-admin_tracker_fields.php?trackerId=$trackerId"}{tr}Admin Tracker:{/tr} {$tracker_info.name|escape}{/title}
{title help="Adding+fields+to+a+tracker" url="tiki-admin_tracker_fields.php?trackerId=$trackerId"}{tr}Admin Tracker:{/tr} {$tracker_info.name}{/title}
{assign var='title' value="{tr}Admin Tracker:{/tr} "|cat:$tracker_info.name|escape}
<div class="navbar">
{include file="tracker_actions.tpl"}
......
{title url="tiki-blog_post.php?blogId=$blogId&amp;postId=$postId"}{if $postId gt 0}{tr}Edit Post{/tr}{else}{tr}New Post{/tr}{/if}{if !empty($blog_data.title)} - {$blog_data.title|escape}{/if}{/title}
{title url="tiki-blog_post.php?blogId=$blogId&amp;postId=$postId"}{if $postId gt 0}{tr}Edit Post{/tr}{else}{tr}New Post{/tr}{/if}{if !empty($blog_data.title)} - {$blog_data.title}{/if}{/title}
<div class="navbar">
{if $postId > 0}
......
......@@ -2,7 +2,7 @@
{title admpage="calendar"}
{if $displayedcals|@count eq 1}
{tr}Calendar:{/tr} {assign var=x value=$displayedcals[0]}{$infocals[$x].name|escape}
{tr}Calendar:{/tr} {assign var=x value=$displayedcals[0]}{$infocals[$x].name}
{else}
{tr}Calendar{/tr}
{/if}
......
......@@ -32,7 +32,7 @@
{/literal}
{/jq}
{if isset($new_user_validation) && $new_user_validation eq 'y'}
{title}{tr}Your account has been validated.{/tr}<br />{tr}You have to choose a password to use this account.{/tr}{/title}
{title}{tr}Your account has been validated.{/tr} {tr}You have to choose a password to use this account.{/tr}{/title}
{else}
{assign var='new_user_validation' value='n'}
{title}{tr}Change password enforced{/tr}{/title}
......
......@@ -4,7 +4,7 @@
{if $prefs.feature_breadcrumbs ne 'y'}
{title help="Directory" url="tiki-directory_browse.php?parent=$parent"}
{if $parent}
{tr}Directory:{/tr} {$parent_name|escape}
{tr}Directory:{/tr} {$parent_name}
{else}
{tr}Directory{/tr}
{/if}
......
......@@ -5,7 +5,7 @@
{title help="Articles"}
{if $articleId}
{tr}Edit:{/tr} {$title|escape}
{tr}Edit:{/tr} {$title}
{else}
{tr}Edit article{/tr}
{/if}
......
{if $blogId > 0}
{title help="Blogs" url="tiki-edit_blog.php?blogId=$blogId" admpage="blogs"}{tr}Edit Blog:{/tr} {$title|escape}{/title}
{title help="Blogs" url="tiki-edit_blog.php?blogId=$blogId" admpage="blogs"}{tr}Edit Blog:{/tr} {$title}{/title}
{else}
{title help="Blogs"}{tr}Create Blog{/tr}{/title}
{/if}
......
......@@ -7,7 +7,7 @@
{/if}
{if $subId}
{title help="Articles" url="tiki-edit_submission.php?subId=$subId"}{tr}Edit:{/tr} {$title|escape}{/title}
{title help="Articles" url="tiki-edit_submission.php?subId=$subId"}{tr}Edit:{/tr} {$title}{/title}
{else}
{title help="Articles"}{tr}Submit article{/tr}{/title}
{/if}
......
{title help="i18n" admpage="i18n"}{tr}Translate:{/tr}&nbsp;{$name|escape}{if isset($languageName)}&nbsp;({$languageName}, {$langpage|escape}){/if}{/title}
{title help="i18n" admpage="i18n"}{tr}Translate:{/tr}&nbsp;{$name}{if isset($languageName)}&nbsp;({$languageName}, {$langpage}){/if}{/title}
<div class="navbar">
{if $type eq 'wiki page'}
......
{title help="forums" admpage="forums"}{tr}Message queue for forum{/tr} {$forum_info.name|escape}{/title}
{title help="forums" admpage="forums"}{tr}Message queue for forum{/tr} {$forum_info.name}{/title}
<div class="navbar">
{button href="tiki-view_forum.php?forumId=$forumId" _text="{tr}Back to forum{/tr}"}
......
{title help="Forums" admpage="forums"}{tr}Reported messages for forum{/tr}&nbsp;{$forum_info.name|escape}{/title}
{title help="Forums" admpage="forums"}{tr}Reported messages for forum{/tr}&nbsp;{$forum_info.name}{/title}
<div class="navbar">
{button href="tiki-view_forum.php?forumId=$forumId" _text="{tr}Back to forum{/tr}"}
......
{title help="Spreadsheet"}{$title|escape}{/title}
{title help="Spreadsheet"}{$title}{/title}
<p>
{$description|escape}
......
{title help="Spreadsheet"}{tr}Spreadsheet History:{/tr} {$title|escape}{/title}
{title help="Spreadsheet"}{tr}Spreadsheet History:{/tr} {$title}{/title}
<div>
{$description|escape}
......
{title help="Spreadsheet"}{$title|escape}{/title}
{title help="Spreadsheet"}{$title}{/title}
<div>
{$description|escape}
......
......@@ -15,7 +15,7 @@
{tr}Files of $user{/tr}
{/if}
{else}
{$name|escape}
{$name}
{/if}
{/if}
{/strip}
......
{title help="Newsletters"}{tr}Sent editions{/tr}{if $nl_info}: {$nl_info.name|escape}{/if}{/title}
{title help="Newsletters"}{tr}Sent editions{/tr}{if $nl_info}: {$nl_info.name}{/if}{/title}
<div class="navbar">
{if $tiki_p_list_newsletters eq "y"}
......
{title help="notepad"}{tr}Reading note:{/tr}&nbsp;{$info.name|escape}{/title}
{title help="notepad"}{tr}Reading note:{/tr}&nbsp;{$info.name}{/title}
{include file='tiki-mytiki_bar.tpl'}
......
{* $Id$ *}
{capture}{if isset($smarty.request.objectName)}{tr}Object Watches:{/tr} {$smarty.request.objectName|escape}{else}{tr}Object Watches{/tr}{/if}{/capture}
{capture}{if isset($smarty.request.objectName)}{tr}Object Watches:{/tr} {$smarty.request.objectName}{else}{tr}Object Watches{/tr}{/if}{/capture}
{title help="Mail notifications"}{$smarty.capture.default}{/title}
{if isset($referer)}
......
{* $Id$ *}
{title help="Permission"}{if $objectType eq 'global'}{tr}Assign global permissions{/tr}{else}{tr}Assign permissions to {/tr}{tr}{$objectType|escape}:{/tr} {$objectName|escape}{/if}{/title}
{title help="Permission"}{if $objectType eq 'global'}{tr}Assign global permissions{/tr}{else}{tr}Assign permissions to {/tr}{tr}{$objectType}:{/tr} {$objectName}{/if}{/title}
<div class="navbar">
{if !empty($referer)}{button href="$referer" _text="{tr}Back{/tr}"}{/if}
......
{* $Id$ *}
{title admpage="wiki"}{tr}History:{/tr} {$page|escape}{/title}
{title admpage="wiki"}{tr}History:{/tr} {$page}{/title}
<div class="navbar">
{assign var=thispage value=$page|escape:url}
......
{title help="Quiz"}{tr}Stats for quiz:{/tr} {$quiz_info.name|escape}{/title}
{title help="Quiz"}{tr}Stats for quiz:{/tr} {$quiz_info.name}{/title}
<div class="navbar">
{button href="tiki-list_quizzes.php" _text="{tr}List Quizzes{/tr}"}
......
......@@ -6,7 +6,7 @@
{assign var=simpleMode value='n'}
{/if}
{title help="File+Galleries" admpage="fgal"}{if $editFileId}{tr}Edit File:{/tr} {$fileInfo.filename|escape}{else}{tr}Upload File{/tr}{/if}{/title}
{title help="File+Galleries" admpage="fgal"}{if $editFileId}{tr}Edit File:{/tr} {$fileInfo.filename}{else}{tr}Upload File{/tr}{/if}{/title}
{if !empty($galleryId) or (count($galleries) > 0 and $tiki_p_list_file_galleries eq 'y') or (isset($uploads) and count($uploads) > 0)}
<div class="navbar">
......
{if $prefs.art_home_title ne ''}
{title help="Articles" admpage="cms"}
{if $prefs.art_home_title eq 'topic' and !empty($topic)}{tr}{$topic|escape}{/tr}
{elseif $prefs.art_home_title eq 'type' and !empty($type)}{tr}{$type|escape}{/tr}
{if $prefs.art_home_title eq 'topic' and !empty($topic)}{tr}{$topic}{/tr}
{elseif $prefs.art_home_title eq 'type' and !empty($type)}{tr}{$type}{/tr}
{else}{tr}Articles{/tr}{/if}
{/title}
{/if}
......
{title help="FAQs"}{tr}{$faq_info.title|escape}{/tr}{/title}
{title help="FAQs"}{tr}{$faq_info.title}{/tr}{/title}
<div class="description">{$faq_info.description|escape}</div>
<div class="navbar">
......
{* $Id$ *}
{title help="forums" admpage="forums"}{$forum_info.name|escape}{/title}
{title help="forums" admpage="forums"}{$forum_info.name}{/title}
{if $forum_info.show_description eq 'y'}
<div class="description">{wiki}{$forum_info.description}{/wiki}</div>
......
{* $Id$ *}
{title help="forums" admpage="forums"}
{$forum_info.name|escape}
{if $prefs.feature_forum_topics_archiving eq 'y' && $thread_info.archived eq 'y'}<em>({tr}Archived{/tr})</em>{/if}
{$forum_info.name}
{if $prefs.feature_forum_topics_archiving eq 'y' && $thread_info.archived eq 'y'}({tr}Archived{/tr}){/if}
{/title}
<div class="navbar">
......
{* $Id$ *}
{title help="Spreadsheet"}{$title|escape}{/title}
{title help="Spreadsheet"}{$title}{/title}
<div class="description">
{$description|escape}
......
{* $Id$ *}
{title url="tiki-view_tracker.php?trackerId=$trackerId" adm="trackers"}{tr}Tracker:{/tr} {$tracker_info.name|escape}{/title}
{title url="tiki-view_tracker.php?trackerId=$trackerId" adm="trackers"}{tr}Tracker:{/tr} {$tracker_info.name}{/title}
<div class="navbar">
{if $prefs.feature_group_watches eq 'y' and ( $tiki_p_admin_users eq 'y' or $tiki_p_admin eq 'y' )}
......
{* $Id$ *}
{title help="trackers"}{$tracker_info.name|escape}{/title}
{title help="trackers"}{$tracker_info.name}{/title}
{if $print_page ne 'y'}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment