Skip to content

Commit

Permalink
Merge pull request #231 from Capping-CPCA/html-decode
Browse files Browse the repository at this point in the history 
Encoded HTML Entities
  • Loading branch information
@blackjack26
blackjack26 committed Dec 15, 2017
2 parents 6efd0f0 + 5cde5b4 commit fdf6418
Show file tree
Hide file tree
Showing 15 changed files with 57 additions and 48 deletions.
4 changes: 2 additions & 2 deletions views/classes/classes.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,14 +86,14 @@
<div class="d-flex flex-row justify-content-center flex-wrap">
<?php
while ($r = pg_fetch_assoc($result)) {
$topicname = $r['topicname'];
$topicname = htmlentities($r['topicname']);
// Adds a zero-width space to break words after a forward slash
$topicname = str_replace('/', '/&#8203;', $topicname);
?>
<div class="card text-center result-card">
<div class="card-body">
<h4 class="card-title"><?= $topicname ?></h4>
<h6 class="card-subtitle text-muted"><?= $r['description'] ?></h6>
<h6 class="card-subtitle text-muted"><?= htmlentities($r['description']) ?></h6>
</div>
<div class="card-footer d-flex flex-row justify-content-center">
<a href="/classes/view/<?= $r['classid'] ?>">
Expand Down
6 changes: 3 additions & 3 deletions views/classes/classes_archives.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@
if (isset($confirmDelete) && $confirmDelete && isset($class)) {

$c = pg_fetch_assoc($db->query("SELECT topicname FROM classes WHERE classid = $1", [$class]));
$className = $c['topicname'];
$className = htmlentities($c['topicname']);

?>
<form class="card warning-card" method="post" action="/classes/archive">
Expand Down Expand Up @@ -141,8 +141,8 @@
?>
<div class="card text-center result-card">
<div class="card-body">
<h4 class="card-title"><?= $r['topicname'] ?></h4>
<h6 class="card-subtitle text-muted"><?= $r['description'] ?></h6>
<h4 class="card-title"><?= htmlentities($r['topicname']) ?></h4>
<h6 class="card-subtitle text-muted"><?= htmlentities($r['description']) ?></h6>
</div>
<div class="card-footer d-flex flex-row justify-content-center">
<a>
Expand Down
4 changes: 2 additions & 2 deletions views/classes/classes_delete.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,10 +53,10 @@
<div class="page-wrapper">
<form class="card warning-card" method="post" action="<?= $_SERVER['REQUEST_URI'] ?>">
<h4 class="card-header card-title">
<?= $class['topicname'] ?>
<?= htmlentities($class['topicname']) ?>
</h4>
<div class="card-body">
You are about to delete class "<?= $class['topicname'] ?>". Are you sure
You are about to delete class "<?= htmlentities($class['topicname']) ?>". Are you sure
you want to delete this class?
</div>
<div class="card-footer text-right">
Expand Down
4 changes: 2 additions & 2 deletions views/classes/classes_modify.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,8 @@

# Validate form information, display errors if needed
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$name = isset($_POST['name']) ? htmlentities(trim($_POST['name'])) : $name;
$desc = isset($_POST['desc']) ? htmlentities(trim($_POST['desc'])) : $desc;
$name = isset($_POST['name']) ? html_entity_decode(trim($_POST['name'])) : $name;
$desc = isset($_POST['desc']) ? html_entity_decode(trim($_POST['desc'])) : $desc;

$valid = true;

Expand Down
4 changes: 2 additions & 2 deletions views/classes/classes_view.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@
</div>
<div class="form-wrapper card view-card">
<h4 class="card-header text-left">
<?php echo $class['topicname'] . ($class['df'] == 'f' ? '' : ' <span class="badge badge-secondary">Deleted</span>') ?>
<?= htmlentities($class['topicname']) . ($class['df'] == 'f' ? '' : ' <span class="badge badge-secondary">Deleted</span>') ?>
<?php if (hasRole(Role::Coordinator) && $class['df'] == 'f') { ?>
<div class="float-right">
<a href="/classes/edit/<?= $id ?>"><button class="btn btn-outline-secondary btn-sm">Edit</button></a>
Expand All @@ -55,7 +55,7 @@
<div class="card-body d-flex justify-content-center flex-column">
<h4>Description</h4>
<div class="d-flex justify-content-center">
<?= !empty($class['description']) ? $class['description'] : '<span class="font-italic">No Description</span>' ?>
<?= !empty($class['description']) ? htmlentities($class['description']) : '<span class="font-italic">No Description</span>' ?>
</div>
<br />
<h4>Curricula</h4>
Expand Down
2 changes: 1 addition & 1 deletion views/curricula/curricula.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@
<div class="d-flex flex-row justify-content-center flex-wrap">
<?php
while ($r = pg_fetch_assoc($result)) {
$curriculumname = $r['curriculumname'];
$curriculumname = htmlentities($r['curriculumname']);
// Adds a zero-width space to break words after a forward slash
$curriculumname = str_replace('/', '/&#8203;', $curriculumname);
?>
Expand Down
14 changes: 8 additions & 6 deletions views/curricula/curricula_add_class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
$allTopics = $db->execute("get_other_classes", [$id]);

$curriculum = pg_fetch_assoc($db->query("SELECT * FROM curricula WHERE curriculumid = $1", [$id]));
$curriculumName = htmlentities($curriculum['curriculumname']);

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$classId = isset($_POST['class']) ? $_POST['class'] : '';
Expand Down Expand Up @@ -139,16 +140,17 @@
<div class="page-wrapper">
<?php if(isset($confirmDelete) && isset($classId)) {
$class = pg_fetch_assoc($db->query("SELECT * FROM classes WHERE classid = $1", [$classId]));
$topicName = $class['topicname'];
?>

<!-- Confirms remove class when class is referenced by attendance -->
<form class="card warning-card" method="post" action="<?= $_SERVER['REQUEST_URI'] ?>">
<h4 class="card-header card-title">
<?= $curriculum['curriculumname'] . ' - ' . $class['topicname'] ?>
<?= $curriculumName . ' - ' . $topicName ?>
</h4>
<div class="card-body">
The class "<?= $class['topicname'] ?>" is currently being used for attendance. Removing this class
from curriculum "<?= $curriculum['curriculumname'] ?>" will also remove any attendance for this
The class "<?= $topicName ?>" is currently being used for attendance. Removing this class
from curriculum "<?= $curriculumName ?>" will also remove any attendance for this
class in the curriculum.
<br /><br />
Are you sure you want to continue?
Expand All @@ -170,15 +172,15 @@ class in the curriculum.
$notification->display();
}
?>
<h2 class="display-4 text-center" style="font-size: 34px"><?= $curriculum['curriculumname'] ?></h2>
<h2 class="display-4 text-center" style="font-size: 34px"><?= $curriculumName ?></h2>
<form class="form" method="post" action="<?= $_SERVER['REQUEST_URI'] ?>" novalidate>
<h4>Add New Class</h4>
<select id="class-selector" class="form-control" name="class" required>
<option value="" disabled selected>Select a Class</option>
<?php
while ($t = pg_fetch_assoc($allTopics)) {
?>
<option value="<?= $t['classid'] ?>"><?= $t['topicname'] ?></option>
<option value="<?= $t['classid'] ?>"><?= htmlentities($t['topicname']) ?></option>
<?php
}
pg_free_result($allTopics);
Expand All @@ -196,7 +198,7 @@ class in the curriculum.
?>
<tr>
<td class="align-middle">
<span><?= $class['topicname'] ?></span>
<span><?= htmlentities($class['topicname']) ?></span>
</td>
<td class="text-right">
<form class="mb-0" method="post" action="<?= $_SERVER['REQUEST_URI'] ?>">
Expand Down
7 changes: 4 additions & 3 deletions views/curricula/curricula_archives.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,18 +120,19 @@
// Confirm Full Delete
if (isset($confirmDelete) && $confirmDelete && isset($curriculumId)) {
$curriculum = pg_fetch_assoc($db->query("SELECT * FROM curricula WHERE curriculumid = $1", [$curriculumId]));
$curriculumName = htmlentities($curriculum['curriculumname']);
?>
<form class="card warning-card" method="post" action="/curricula/archive">
<h4 class="card-header card-title">
<?= $curriculum['curriculumname'] ?>
<?= $curriculumName ?>
</h4>
<div class="card-body">
<?php
if(isset($warning)) {
echo "This curriculum is currently being used for attendance. Fully deleting this curriculum will also delete the ".
"attendance for this curriculum.<br /><br />Are you sure you want to continue?";
} else {
echo "You are about to fully delete curriculum \"".$curriculum['curriculumname']."\". Are you sure you want to fully delete this curriculum?";
echo "You are about to fully delete curriculum \"".$curriculumName."\". Are you sure you want to fully delete this curriculum?";
}
?>
</div>
Expand All @@ -148,7 +149,7 @@
?>
<div class="card text-center result-card">
<div class="card-body">
<h4 class="card-title"><?= $r['curriculumname'] ?></h4>
<h4 class="card-title"><?= htmlentities($r['curriculumname']) ?></h4>
</div>
<div class="card-footer d-flex flex-row justify-content-center">
<a>
Expand Down
7 changes: 5 additions & 2 deletions views/curricula/curricula_delete.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,16 +48,19 @@
}

include('header.php');

$curriculaName = htmlentities($curricula['curriculumname']);

?>

<div class="page-wrapper">
<form class="card warning-card" method="post" action="<?= $_SERVER['REQUEST_URI'] ?>">
<h4 class="card-header card-title">
<?= $curricula['curriculumname'] ?>
<?= $curriculaName ?>
</h4>
<div class="card-body">
<?php
echo "You are about to delete curriculum \"". $curricula['curriculumname'] . "\". Are you sure you want to delete this curriculum?";
echo "You are about to delete curriculum \"". $curriculaName . "\". Are you sure you want to delete this curriculum?";
?>
</div>
<div class="card-footer text-right">
Expand Down
6 changes: 3 additions & 3 deletions views/curricula/curricula_modify.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,8 @@

# Validate form information, display errors if needed
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$name = isset($_POST['name']) ? htmlentities(trim($_POST['name'])) : $name;
$miss = isset($_POST['miss']) ? htmlentities($_POST['miss']) : $miss;
$name = isset($_POST['name']) ? html_entity_decode(trim($_POST['name'])) : $name;
$miss = isset($_POST['miss']) ? html_entity_decode($_POST['miss']) : $miss;

$valid = true;

Expand Down Expand Up @@ -127,7 +127,7 @@
}
?>
<?php if (isset($curricula)) { ?>
<h2 class="display-4 text-center" style="font-size: 34px"><?= $curricula['curriculumname'] ?></h2>
<h2 class="display-4 text-center" style="font-size: 34px"><?= htmlentities($curricula['curriculumname']) ?></h2>
<?php } ?>
<form class="form" method="post" action="<?= $_SERVER['REQUEST_URI'] ?>" novalidate>
<h4>Information</h4>
Expand Down
4 changes: 2 additions & 2 deletions views/curricula/curricula_view.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@
</div>
<div class="form-wrapper card view-card">
<h4 class="card-header text-left">
<?= $curricula['curriculumname'] ?>
<?= htmlentities($curriculaName) ?>
<?php if (hasRole(Role::Coordinator)) { ?>
<div class="float-right">
<a href="/curricula/edit/<?= $id ?>"><button class="btn btn-outline-secondary btn-sm">Edit</button></a>
Expand Down Expand Up @@ -83,7 +83,7 @@
while($class = pg_fetch_assoc($topics)) {
?>
<tr>
<td class="pl-2 align-middle"><?= $class['topicname'] ?></td>
<td class="pl-2 align-middle"><?= htmlentities($class['topicname']) ?></td>
<td class="pr-2 text-right">
<a href="/classes/view/<?= $class['classid'] ?>">
<button class="btn btn-outline-secondary btn-sm">View</button>
Expand Down
8 changes: 4 additions & 4 deletions views/locations/locations.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@
<div class="d-flex flex-row justify-content-center flex-wrap">
<?php
while ($r = pg_fetch_assoc($result)) {
$sitename = $r['sitename'];
$sitename = htmlentities($r['sitename']);
// Adds a zero-width space to break words after a forward slash
$sitename = str_replace('/', '/&#8203;', $sitename);
?>
Expand All @@ -87,14 +87,14 @@
<h6 class="card-subtitle text-muted"><?= $r['sitetype'] ?></h6>
</div>
<div class="card-footer d-flex flex-row justify-content-center">
<a href="/locations/view/<?= $r['sitename'] ?>">
<a href="/locations/view/<?= urlencode($r['sitename']) ?>">
<button class="btn btn-outline-secondary btn-sm ml-2">View</button>
</a>
<?php if (hasRole(Role::Coordinator)) { ?>
<a href="/locations/edit/<?= $r['sitename'] ?>">
<a href="/locations/edit/<?= urlencode($r['sitename']) ?>">
<button class="btn btn-outline-secondary btn-sm ml-2">Edit</button>
</a>
<a href="/locations/delete/<?= $r['sitename'] ?>">
<a href="/locations/delete/<?= urlencode($r['sitename']) ?>">
<button class="btn btn-outline-danger btn-sm ml-2">Delete</button>
</a>
<?php } ?>
Expand Down
6 changes: 3 additions & 3 deletions views/locations/locations_delete.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
array_shift($params);

# Get site name from params
$sitename = rawurldecode(implode('/', $params));
$sitename = urldecode(rawurldecode(implode('/', $params)));

$db->prepare("get_site", "SELECT * FROM sites WHERE sitename = $1");
$result = $db->execute("get_site", [$sitename]);
Expand Down Expand Up @@ -79,12 +79,12 @@
<div class="page-wrapper">
<form class="card warning-card" method="post" action="<?= $_SERVER['REQUEST_URI'] ?>">
<h4 class="card-header card-title">
<?= $site['sitename'] ?>
<?= htmlentities($site['sitename']) ?>
</h4>
<div class="card-body">
<?php
if ($notConnected) {
echo "You are about to delete location \"" . $site['sitename'] . "\". Are you sure ".
echo "You are about to delete location \"" . htmlentities($site['sitename']) . "\". Are you sure ".
"you want to delete this location?";
} else if (hasRole(Role::Superuser)) {
echo "This location is currently being used for attendance. Fully deleting this location will also delete the ".
Expand Down
19 changes: 10 additions & 9 deletions views/locations/locations_modify.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
array_shift($params);

# Get site name from params
$sitename = rawurldecode(implode('/', $params));
$sitename = urldecode(rawurldecode(implode('/', $params)));

# Prepare SQL statements for later use
$db->prepare("get_site", "SELECT * FROM sites WHERE sitename = $1");
Expand Down Expand Up @@ -80,14 +80,14 @@

# Validate form information, display errors if needed
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$oldName = $name;
$name = isset($_POST['name']) ? htmlentities($_POST['name']) : $name;
$type = isset($_POST['type']) ? htmlentities($_POST['type']) : $type;
$street_address = isset($_POST['addr']) ? htmlentities($_POST['addr']) : $street_address;
$apartment = isset($_POST['apt']) ? htmlentities($_POST['apt']) : $apartment;
$city = isset($_POST['city']) ? htmlentities($_POST['city']) : $city;
$state = isset($_POST['state']) ? htmlentities($_POST['state']) : $state;
$zip = isset($_POST['zip']) ? htmlentities($_POST['zip']) : $zip;
$oldName = html_entity_decode($name);
$name = isset($_POST['name']) ? html_entity_decode($_POST['name']) : $name;
$type = isset($_POST['type']) ? html_entity_decode($_POST['type']) : $type;
$street_address = isset($_POST['addr']) ? html_entity_decode($_POST['addr']) : $street_address;
$apartment = isset($_POST['apt']) ? html_entity_decode($_POST['apt']) : $apartment;
$city = isset($_POST['city']) ? html_entity_decode($_POST['city']) : $city;
$state = isset($_POST['state']) ? html_entity_decode($_POST['state']) : $state;
$zip = isset($_POST['zip']) ? html_entity_decode($_POST['zip']) : $zip;

// Logic for parsing the address into the address number and street name.
$street_num = NULL;
Expand Down Expand Up @@ -155,6 +155,7 @@
$errorMsg = "Location with name \"$name\" already exists.";
}
$errorState = $state;
die(pg_result_error($res));
}
} else {
$success = false;
Expand Down
10 changes: 6 additions & 4 deletions views/locations/locations_view.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,13 @@
array_shift($params);

# Get topic name from params
$sitename = rawurldecode(implode('/', $params));
$sitename = urldecode(rawurldecode(implode('/', $params)));

$result = $db->query("SELECT * FROM sites WHERE sitename = $1", [$sitename]);

# If no results, class doesn't exist, redirect
if (pg_num_rows($result) == 0) {
header('Location: /classes');
header('Location: /locations');
die();
}

Expand All @@ -50,9 +50,11 @@

$full_address = (isset($address['addressnumber']) ? ($address['addressnumber'].' ') : '') .
(isset($address['street']) ? $address['street'] : '');
$full_address = htmlentities($full_address);

if (isset($zip)) {
$location = $zipcode['city'] . ' ' . $zipcode['state'] . ' ' . $zipcode['zipcode'];
$location = htmlentities($location);
}

include('header.php');
Expand All @@ -61,7 +63,7 @@
<button class="cpca btn" onclick="goBack()"><i class="fa fa-arrow-left"></i> Back</button>
<div class="form-wrapper card view-card">
<h4 class="card-header text-left">
<?= $site['sitename'] ?>
<?= htmlentities($site['sitename']) ?>
<?php if (hasRole(Role::Coordinator)) { ?>
<div class="float-right">
<a href="/locations/edit/<?= implode('/', $params) ?>"><button class="btn btn-outline-secondary btn-sm">Edit</button></a>
Expand All @@ -82,7 +84,7 @@
<h4>Address</h4>
<div class="ml-2">
<p class="mb-1"><b>Street: </b><?= empty($full_address) ? 'Not specified' : $full_address ?></p>
<p class="mb-1"><b>Apartment: </b><?= empty($address['aptinfo']) ? 'Not specified' : $address['aptinfo'] ?></p>
<p class="mb-1"><b>Apartment: </b><?= empty($address['aptinfo']) ? 'Not specified' : htmlentities($address['aptinfo']) ?></p>
<p class="mb-1"><b>Location: </b><?= isset($location) ? $location : 'Not specified' ?></p>
</div>
</div>
Expand Down

0 comments on commit fdf6418

Please sign in to comment.