some things related to filtering, and xhtml in sendmail

diff --git a/include/profil.func.inc.php b/include/profil.func.inc.php
index 6428a89..a2d815c 100644 (file)
--- a/include/profil.func.inc.php
+++ b/include/profil.func.inc.php
@@ -20,17 +20,6 @@ function replace_ifset_i_j(&$var,$req,$i,$j) {
   }
 }
 
-//pour afficher qqchose en html par un modifier smarty
-function _print_html_modifier($string){
-  return htmlentities($string);
-}
-
-
-//pour afficher depuis le php
-function print_html($string){
-  echo _print_html_modifier($string);
-}
-
 //pour rentrer qqchose dans la base
 function put_in_db($string){
   return trim(addslashes($string));

diff --git a/include/profil.inc.php b/include/profil.inc.php
index 9d95951..bc41c21 100644 (file)
--- a/include/profil.inc.php
+++ b/include/profil.inc.php
@@ -4,9 +4,6 @@ require_once('tabs.inc.php');
 
 require_once('profil.func.inc.php');
 
-$page->register_modifier('print_html','_print_html_modifier');
 $page->register_function('draw_onglets','draw_all_tabs');
 
-
-
 ?>

diff --git a/include/profil/profil_mentor.inc.php b/include/profil/profil_mentor.inc.php
index 54b3e2e..ccee9ac 100644 (file)
--- a/include/profil/profil_mentor.inc.php
+++ b/include/profil/profil_mentor.inc.php
@@ -8,7 +8,7 @@ function affiche_pays(){
            if ($i%2) echo '<tr class="pair">'; else echo '<tr class="impair">';
 ?>
        <td class="colg">
-       <span class="valeur"><?php print_html($mentor_pays[$i]);?></span>
+       <span class="valeur"><?php htmlspecialchars($mentor_pays[$i]);?></span>
        </td>
        <td class="colm">
        <span class="valeur">&nbsp;&nbsp;</span>

diff --git a/include/xorg.page.inc.php b/include/xorg.page.inc.php
index 0a43e68..60ed0e7 100644 (file)
--- a/include/xorg.page.inc.php
+++ b/include/xorg.page.inc.php
@@ -24,7 +24,7 @@ function function_dyn($params) {
 }
 
 function escape_html(&$string) {
-    return is_string($string) ? htmlspecialchars($string) : $string;
+    return is_string($string) ? htmlspecialchars($string, ENT_QUOTES) : $string;
 }
 
 class XorgPage extends DiogenesCorePage {

diff --git a/templates/profil/adresses.tpl b/templates/profil/adresses.tpl
index 961fa95..2167fbf 100644 (file)
--- a/templates/profil/adresses.tpl
+++ b/templates/profil/adresses.tpl
@@ -1,4 +1,4 @@
-{* $Id: adresses.tpl,v 1.2 2004-07-17 11:58:56 x2000habouzit Exp $ *}
+{* $Id: adresses.tpl,v 1.3 2004-08-24 11:45:19 x2000habouzit Exp $ *}
 
 <div class="blocunite_tab">
   <table class="bicol" cellspacing="0" cellpadding="0" summary="Profil: Adresses personnelles">
@@ -67,7 +67,7 @@
         <span class="titre">{if $adr.nouvelle != 'new'}Adresse n°{$smarty.section.i.index}{else}Nouvelle adresse{/if}</span><br />
       </td>
       <td class="cold">
-        <input type="text" name="adr1[{$adrid}]" size="43" maxlength="88" value="{$adr.adr1|print_html}" />
+        <input type="text" name="adr1[{$adrid}]" size="43" maxlength="88" value="{$adr.adr1}" />
       </td>
     </tr>
     <tr>
@@ -75,7 +75,7 @@
         &nbsp;
       </td>
       <td class="cold">
-        <input type="text" name="adr2[{$adrid}]" size="43" maxlength="88" value="{$adr.adr2|print_html}" />
+        <input type="text" name="adr2[{$adrid}]" size="43" maxlength="88" value="{$adr.adr2}" />
       </td>
     </tr>
     <tr>
@@ -83,7 +83,7 @@
         &nbsp;
       </td>
       <td class="cold">
-        <input type="text" name="adr3[{$adrid}]" size="43" maxlength="88" value="{$adr.adr3|print_html}" />
+        <input type="text" name="adr3[{$adrid}]" size="43" maxlength="88" value="{$adr.adr3}" />
       </td>
     </tr>
     <tr>
@@ -91,9 +91,9 @@
         <span class="titre">Code postal / Ville</span><br />
       </td>
       <td class="cold">
-        <input type="text" name="cp[{$adrid}]" value="{$adr.cp|print_html}" size="7" maxlength="18" />
+        <input type="text" name="cp[{$adrid}]" value="{$adr.cp}" size="7" maxlength="18" />
         &nbsp;
-        <input type="text" name="ville[{$adrid}]" value="{$adr.ville|print_html}" size="32" maxlength="78" />
+        <input type="text" name="ville[{$adrid}]" value="{$adr.ville}" size="32" maxlength="78" />
       </td>
     </tr>
     <tr>
@@ -174,10 +174,10 @@
           <span class="titre">Téléphone associé</span>
         </td>
         <td>
-          <input type="text" size="19" maxlength="28" name="tel[{$adrid}]" value="{$adr.tel|print_html}" />
+          <input type="text" size="19" maxlength="28" name="tel[{$adrid}]" value="{$adr.tel}" />
           &nbsp;
           <span class="titre">Fax</span>
-          <input type="text" size="19" maxlength="28" name="fax[{$adrid}]" value="{$adr.fax|print_html}" />
+          <input type="text" size="19" maxlength="28" name="fax[{$adrid}]" value="{$adr.fax}" />
         </td>
       </tr>
       <tr><td colspan="5">&nbsp;</td></tr>

diff --git a/templates/profil/emploi.tpl b/templates/profil/emploi.tpl
index c292896..8859968 100644 (file)
--- a/templates/profil/emploi.tpl
+++ b/templates/profil/emploi.tpl
@@ -1,4 +1,4 @@
-{* $Id: emploi.tpl,v 1.3 2004-07-31 13:37:19 x2000coic Exp $ *}
+{* $Id: emploi.tpl,v 1.4 2004-08-24 11:45:19 x2000habouzit Exp $ *}
 
 {section name=adresses_pro loop=2}
 {assign var='i' value=$smarty.section.adresses_pro.index} 
@@ -41,7 +41,7 @@
       </td>
       <td class="cold">
         <input type="text" size="35" maxlength="100" name="entreprise[{$i}]"
-        value="{$entreprise.$i|print_html}" />
+        value="{$entreprise.$i}" />
       </td>
     </tr>
     <tr>
@@ -70,7 +70,7 @@
       </td>
       <td class="cold">
         <input type="text" size="35" maxlength="120" name="poste[{$i}]"
-        value="{$poste.$i|print_html}" />
+        value="{$poste.$i}" />
       </td>
     </tr>
     <tr>
@@ -112,7 +112,7 @@
         <span class="titre">Adresse professionnelle</span>
       </td>
       <td class="cold">
-        <input type="text" name="adrpro1[{$i}]" size="40" maxlength="88" value="{$adrpro1.$i|print_html}" />
+        <input type="text" name="adrpro1[{$i}]" size="40" maxlength="88" value="{$adrpro1.$i}" />
       </td>
     </tr>
     <tr>
@@ -120,7 +120,7 @@
         &nbsp;
       </td>
       <td class="cold">
-        <input type="text" name="adrpro2[{$i}]" size="40" maxlength="88" value="{$adrpro2.$i|print_html}" />
+        <input type="text" name="adrpro2[{$i}]" size="40" maxlength="88" value="{$adrpro2.$i}" />
       </td>
     </tr>
     <tr>
@@ -128,7 +128,7 @@
         &nbsp;
       </td>
       <td class="cold">
-        <input type="text" name="adrpro3[{$i}]" size="40" maxlength="88" value="{$adrpro3.$i|print_html}" />
+        <input type="text" name="adrpro3[{$i}]" size="40" maxlength="88" value="{$adrpro3.$i}" />
       </td>
     </tr>
     <tr>
@@ -136,7 +136,7 @@
         <span class="titre">Code postal</span><br />
       </td>
       <td class="cold">
-        <input type="text" name="cppro[{$i}]" value="{$cppro.$i|print_html}" size="8" maxlength="8" />
+        <input type="text" name="cppro[{$i}]" value="{$cppro.$i}" size="8" maxlength="8" />
       </td>
     </tr>
     <tr>
@@ -144,7 +144,7 @@
         <span class="titre">Ville</span><br />
       </td>
       <td class="cold">
-        <input type="text" name="villepro[{$i}]" value="{$villepro.$i|print_html}" size="40" maxlength="50" />
+        <input type="text" name="villepro[{$i}]" value="{$villepro.$i}" size="40" maxlength="50" />
       </td>
     </tr>
     <tr>
@@ -197,7 +197,7 @@
         <span class="titre">Téléphone professionnel</span>
       </td>
       <td>
-        <input type="text" size="18" maxlength="18" name="telpro[{$i}]" value="{$telpro.$i|print_html}" />
+        <input type="text" size="18" maxlength="18" name="telpro[{$i}]" value="{$telpro.$i}" />
         &nbsp;
       </td>
     </tr>
@@ -206,7 +206,7 @@
         <span class="titre">Fax</span>
       </td>
       <td>
-        <input type="text" size="18" maxlength="18" name="faxpro[{$i}]" value="{$faxpro.$i|print_html}" />
+        <input type="text" size="18" maxlength="18" name="faxpro[{$i}]" value="{$faxpro.$i}" />
       </td>
     </tr>
   </table>
@@ -244,7 +244,7 @@
             Comment remplir mon CV ?</a></span>
       </td>
       <td class="dcold">
-        <textarea name="cv" rows="15" cols="33">{$cv|print_html}</textarea>
+        <textarea name="cv" rows="15" cols="33">{$cv}</textarea>
       </td>
     </tr>
   </table>

diff --git a/templates/profil/general.tpl b/templates/profil/general.tpl
index 6ce4d22..4ae6063 100644 (file)
--- a/templates/profil/general.tpl
+++ b/templates/profil/general.tpl
@@ -1,4 +1,4 @@
-{* $Id: general.tpl,v 1.4 2004-08-07 11:26:47 x2000coic Exp $ *}
+{* $Id: general.tpl,v 1.5 2004-08-24 11:45:19 x2000habouzit Exp $ *}
 
 {include file="applis.js.tpl"}
 <div class="blocunite_tab">
@@ -173,7 +173,7 @@
       </td>
       <td class="cold">
         <input type="text" size="18" maxlength="18" name="mobile"
-        value="{$mobile|print_html}" />
+        value="{$mobile}" />
       </td>
     </tr>
     <tr>
@@ -200,7 +200,7 @@
       </td>
       <td class="dcold">
         <input type="text" size="35" maxlength="95" name="web"  
-        value="{$web|print_html}" />
+        value="{$web}" />
       </td>
     </tr>
     <tr>
@@ -227,7 +227,7 @@
         <span class="comm">Commentaire? ICQ? etc...</span>
       </td>
       <td class="dcold">
-        <textarea name="libre" rows="3" cols="29" >{$libre|print_html}</textarea>
+        <textarea name="libre" rows="3" cols="29" >{$libre}</textarea>
       </td>
     </tr>
   </table>

diff --git a/templates/profil/mentor.tpl b/templates/profil/mentor.tpl
index 9c05f16..3ad4ec7 100644 (file)
--- a/templates/profil/mentor.tpl
+++ b/templates/profil/mentor.tpl
@@ -1,4 +1,4 @@
-{* $Id: mentor.tpl,v 1.3 2004-07-17 12:18:03 x2000habouzit Exp $ *}
+{* $Id: mentor.tpl,v 1.4 2004-08-24 11:45:19 x2000habouzit Exp $ *}
 
 {literal}
 <script language="JavaScript" type="text/javascript">
@@ -100,7 +100,7 @@ notamment internationales sur la base desquels tu seras identifiable depuis
       <tr class="impair">
         {/if}
         <td class="colg">
-          <span class="valeur">{$mentor_pays.$i|print_html}</span>
+          <span class="valeur">{$mentor_pays.$i}</span>
         </td>
         <td class="colm">
           <span class="valeur">&nbsp;&nbsp;</span>
@@ -177,10 +177,10 @@ notamment internationales sur la base desquels tu seras identifiable depuis
           <tr class="impair">
             {/if}
             <td class="colg">
-              <span class="valeur">{$mentor_secteur.$i|print_html}</span>
+              <span class="valeur">{$mentor_secteur.$i}</span>
             </td>
             <td class="colm">
-              <span class="valeur">{$mentor_ss_secteur.$i|print_html}</span>
+              <span class="valeur">{$mentor_ss_secteur.$i}</span>
             </td>
             <td class="cold">
               <span class="lien"><a href="javascript:mentor_secteur_del('{$mentor_sid.$i}');">retirer</a></span>
@@ -246,7 +246,7 @@ notamment internationales sur la base desquels tu seras identifiable depuis
             </tr>
             <tr>
               <td colspan="3">
-                <textarea rows="8" cols="60" name="mentor_expertise">{$mentor_expertise|print_html}</textarea>
+                <textarea rows="8" cols="60" name="mentor_expertise">{$mentor_expertise}</textarea>
               </td>
             </tr>
           </table>

diff --git a/templates/sendmail.tpl b/templates/sendmail.tpl
index 9ab2bc0..d220011 100644 (file)
--- a/templates/sendmail.tpl
+++ b/templates/sendmail.tpl
@@ -1,4 +1,4 @@
-{* $Id: sendmail.tpl,v 1.3 2004-08-24 09:07:57 x2000habouzit Exp $ *}
+{* $Id: sendmail.tpl,v 1.4 2004-08-24 11:45:19 x2000habouzit Exp $ *}
 
 {dynamic}
 
@@ -21,8 +21,7 @@
   </li>
 </ul>
 
-<form action="{$smarty.server.REQUEST_URI}" method="POST">
-  <input type='hidden' name='signature' value='1' />
+<form action="{$smarty.server.REQUEST_URI}" method="post">
   <table class="bicol" cellpadding="2" cellspacing="0" summary="En-têtes du message">
     <tr> 
       <th colspan="2">en-têtes</th>
@@ -30,35 +29,36 @@
     <tr> 
       <td class="titre">de&nbsp;:</td>
       <td>
-        <input type='text' name='from' size=45 value="{if $smarty.request.from}
+        <input type='hidden' name='signature' value='1' />
+        <input type='text' name='from' size='45' value='{if $smarty.request.from}
 {$smarty.request.from}
 {else}
 "{$smarty.session.prenom} {$smarty.session.nom}" &lt;{$smarty.session.username}@polytechnique.org&gt;
-{/if}" />
+{/if}' />
       </td>
     </tr>
     <tr> 
       <td class="titre">à&nbsp;:</td>
       <td>
-        <input type='text' name='to' size=45 value="{$smarty.request.to}" />
+        <input type='text' name='to' size='45' value="{$smarty.request.to}" />
       </td>
     </tr>
     <tr> 
       <td class="titre">copie&nbsp;:</td>
       <td>
-        <input type='text' name='cc' size=45 value="{$smarty.request.cc}" />
+        <input type='text' name='cc' size='45' value="{$smarty.request.cc}" />
       </td>
     </tr>
     <tr> 
       <td class="titre">copie cachée&nbsp;:</td>
       <td>
-        <input type='text' name='bcc' size=45 value="{$smarty.request.bcc}" />
+        <input type='text' name='bcc' size='45' value="{$smarty.request.bcc}" />
       </td>
     </tr>
     <tr> 
       <td class="titre">sujet&nbsp;:</td>
       <td> 
-        <input type='text' name='sujet' size=45 value="{$smarty.request.sujet}" />
+        <input type='text' name='sujet' size='45' value="{$smarty.request.sujet}" />
       </td>
     </tr>
   </table>