diff --git a/include/class_msgPool.inc b/include/class_msgPool.inc
index 02b01fca16667d846d04efaa955269332abde919..8d84b5f98e24725559daf7c94393eccf12737ea0 100644
--- a/include/class_msgPool.inc
+++ b/include/class_msgPool.inc
@@ -293,72 +293,114 @@ class msgPool
/*!
* \brief Text for a cancel button
+ *
+ * \param bool $escape Whether to escape the result
*/
- public static function cancelButton ()
+ public static function cancelButton ($escape = TRUE)
{
- return htmlescape(_('Cancel'));
+ if ($escape) {
+ return htmlescape(_('Cancel'));
+ } else {
+ return _('Cancel');
+ }
}
/*!
* \brief Text for a ok button
+ *
+ * \param bool $escape Whether to escape the result
*/
- public static function okButton ()
+ public static function okButton ($escape = TRUE)
{
- return htmlescape(_('Ok'));
+ if ($escape) {
+ return htmlescape(_('Ok'));
+ } else {
+ return _('Ok');
+ }
}
/*!
* \brief Text for an apply button
+ *
+ * \param bool $escape Whether to escape the result
*/
- public static function applyButton ()
+ public static function applyButton ($escape = TRUE)
{
- return htmlescape(_('Apply'));
+ if ($escape) {
+ return htmlescape(_('Apply'));
+ } else {
+ return _('Apply');
+ }
}
/*!
* \brief Text for a save button
+ *
+ * \param bool $escape Whether to escape the result
*/
- public static function saveButton ()
+ public static function saveButton ($escape = TRUE)
{
- return htmlescape(_('Save'));
+ if ($escape) {
+ return htmlescape(_('Save'));
+ } else {
+ return _('Save');
+ }
}
/*!
* \brief Text for an add button
*
- * \param string $what Text for the button
+ * \param bool $escape Whether to escape the result
*/
- public static function addButton ($what = '')
+ public static function addButton ($escape = TRUE)
{
- return htmlescape(($what == '') ? sprintf(_('Add')) : sprintf(_('Add %s'), $what));
+ if ($escape) {
+ return htmlescape(_('Add'));
+ } else {
+ return _('Add');
+ }
}
/*!
* \brief Text for an delete button
*
- * \param string $what Text for the button
+ * \param bool $escape Whether to escape the result
*/
- public static function delButton ($what = '')
+ public static function delButton ($escape = TRUE)
{
- return htmlescape(($what == '') ? sprintf(_('Delete')) : sprintf(_('Delete %s'), $what));
+ if ($escape) {
+ return htmlescape(_('Delete'));
+ } else {
+ return _('Delete');
+ }
}
/*!
* \brief Text for an edit button
*
- * \param string $what Text for the button
+ * \param bool $escape Whether to escape the result
*/
- public static function editButton ($what = '')
+ public static function editButton ($escape = TRUE)
{
- return htmlescape(($what == '') ? sprintf(_('Edit...')) : sprintf(_('Edit %s...'), $what));
+ if ($escape) {
+ return htmlescape(_('Edit...'));
+ } else {
+ return _('Edit...');
+ }
}
/*!
* \brief Text for a back button
+ *
+ * \param bool $escape Whether to escape the result
*/
- public static function backButton ()
+ public static function backButton ($escape = TRUE)
{
- return htmlescape(_('Back'));
+ if ($escape) {
+ return htmlescape(_('Back'));
+ } else {
+ return _('Back');
+ }
}
/*!
diff --git a/include/management/snapshot/class_SnapshotAttribute.inc b/include/management/snapshot/class_SnapshotAttribute.inc
index eb4ad1e35f6ec983cc5eca833b99802bdf3ec9f3..df5975182bf00eefc26639bc3e1492741765dec9 100644
--- a/include/management/snapshot/class_SnapshotAttribute.inc
+++ b/include/management/snapshot/class_SnapshotAttribute.inc
@@ -103,7 +103,7 @@ class SnapshotsAttribute extends OrderedArrayAttribute
$img = $this->renderInputField(
'image', $id.'_restore_'.$key,
[
- 'src' => 'geticon.php?context=actions&icon=document-restore&size=16',
+ 'src' => 'geticon.php?context=actions&icon=document-restore&size=16',
'title' => _('Restore'),
'alt' => _('Restore'),
'class' => 'center'
diff --git a/include/simpleplugin/attributes/class_BaseSelectorAttribute.inc b/include/simpleplugin/attributes/class_BaseSelectorAttribute.inc
index 8a327b65776dfe5f6a0ef0eeb7e4e735ecf0f1be..757dd4a8e544729f189396186ed91b900a01c6c5 100644
--- a/include/simpleplugin/attributes/class_BaseSelectorAttribute.inc
+++ b/include/simpleplugin/attributes/class_BaseSelectorAttribute.inc
@@ -150,7 +150,7 @@ class BaseSelectorAttribute extends Attribute
$display = $this->renderInputField(
'text', '',
[
- 'value' => '{literal}'.htmlescape($this->getValue()).'{/literal}'
+ 'value' => $this->getValue()
]
);
} else {
diff --git a/include/simpleplugin/attributes/class_BooleanAttribute.inc b/include/simpleplugin/attributes/class_BooleanAttribute.inc
index 271516643f3f72a52a3773f8a5edf792104eee70..332d2bb8da86f8d0363b729e8dd98da53e14f004 100644
--- a/include/simpleplugin/attributes/class_BooleanAttribute.inc
+++ b/include/simpleplugin/attributes/class_BooleanAttribute.inc
@@ -105,10 +105,10 @@ class BooleanAttribute extends Attribute
$attributes = ($this->value ? ['checked' => 'checked'] : []);
if ($this->submitForm) {
$js = 'document.mainform.submit();';
- $attributes['onChange'] = 'javascript:'.htmlescape($js);
+ $attributes['onChange'] = 'javascript:'.$js;
} elseif (!empty($this->managedAttributes)) {
$js = $this->managedAttributesJS();
- $attributes['onChange'] = 'javascript:'.htmlescape($js);
+ $attributes['onChange'] = 'javascript:'.$js;
}
$display = $this->renderInputField('checkbox', $id, $attributes);
return $this->renderAcl($display);
diff --git a/include/simpleplugin/attributes/class_DateAttribute.inc b/include/simpleplugin/attributes/class_DateAttribute.inc
index e7db0007fdf4a1a3157829eac97410f05af3a3ae..5d4c29602eadc550dcf51a1be3c5193d3781c1cc 100644
--- a/include/simpleplugin/attributes/class_DateAttribute.inc
+++ b/include/simpleplugin/attributes/class_DateAttribute.inc
@@ -166,8 +166,8 @@ class DateAttribute extends Attribute
function renderFormInput (): string
{
$attributes = [
- 'value' => '{literal}'.htmlescape($this->getValue()).'{/literal}',
- 'pattern' => '{literal}[0-9]{4}-[0-9]{2}-[0-9]{2}{/literal}',
+ 'value' => $this->getValue(),
+ 'pattern' => '[0-9]{4}-[0-9]{2}-[0-9]{2}',
];
if ($this->minDate !== NULL) {
$attributes['min'] = $this->minDate->format('Y-m-d');
@@ -183,7 +183,7 @@ class DateAttribute extends Attribute
{
$id = $this->getHtmlId();
$attributes = [
- 'value' => '{literal}'.htmlescape($this->getValue()).'{/literal}'
+ 'value' => $this->getValue()
];
if ($this->isSubAttribute) {
$attributes['class'] = 'subattribute';
diff --git a/include/simpleplugin/attributes/class_FileAttribute.inc b/include/simpleplugin/attributes/class_FileAttribute.inc
index 7f9fe16909dbd70e62bb33df9b9c644cbe90055f..f391b8349dcc5815cf150fa1134b3a47b4131131 100644
--- a/include/simpleplugin/attributes/class_FileAttribute.inc
+++ b/include/simpleplugin/attributes/class_FileAttribute.inc
@@ -185,7 +185,7 @@ class FileDownloadAttribute extends FileAttribute
'title' => _('Download'),
'alt' => _('Download'),
'class' => 'center',
- 'src' => 'geticon.php?context=actions&icon=document-save&size=16',
+ 'src' => 'geticon.php?context=actions&icon=document-save&size=16',
]
);
}
@@ -418,15 +418,15 @@ class ImageAttribute extends FileAttribute
($this->disabled ? 'disabled="disabled"' : '').
' src="getbin.php?key='.$key.'"'.
' style="border:1px solid black;"'.
- ' alt="'.$this->getDescription().'"'.
- ' title="'.$this->getDescription().'"'.
+ ' alt="'.htmlescape($this->getDescription()).'"'.
+ ' title="'.htmlescape($this->getDescription()).'"'.
' /><br/>';
$display .= $this->renderInputField('file', $id);
$display .= $this->renderInputField(
'image', $id.'_upload',
[
'class' => 'center',
- 'src' => 'geticon.php?context=actions&icon=upload&size=16',
+ 'src' => 'geticon.php?context=actions&icon=upload&size=16',
'title' => _('Upload'),
'alt' => _('Upload')
]
@@ -436,7 +436,7 @@ class ImageAttribute extends FileAttribute
'image', $id.'_remove',
[
'class' => 'center',
- 'src' => 'geticon.php?context=actions&icon=remove&size=16',
+ 'src' => 'geticon.php?context=actions&icon=remove&size=16',
'title' => _('Remove'),
'alt' => _('Remove')
]
diff --git a/include/simpleplugin/attributes/class_IntAttribute.inc b/include/simpleplugin/attributes/class_IntAttribute.inc
index 9f9d28bd192dbb26c33e8221973c06f6735d7043..077db5bc664ce06bf658c93af94930cc4532a535 100644
--- a/include/simpleplugin/attributes/class_IntAttribute.inc
+++ b/include/simpleplugin/attributes/class_IntAttribute.inc
@@ -105,7 +105,7 @@ class IntAttribute extends Attribute
{
$id = $this->getHtmlId();
$attributes = [
- 'value' => '{literal}'.htmlescape($this->getValue()).'{/literal}'
+ 'value' => $this->getValue()
];
if ($this->min !== FALSE) {
$attributes['min'] = $this->min;
@@ -118,7 +118,7 @@ class IntAttribute extends Attribute
}
if (!empty($this->managedAttributes)) {
$js = $this->managedAttributesJS();
- $attributes['onChange'] = 'javascript:'.htmlescape($js);
+ $attributes['onChange'] = 'javascript:'.$js;
}
if ($this->isSubAttribute) {
$attributes['class'] = 'subattribute';
@@ -133,7 +133,7 @@ class IntAttribute extends Attribute
{
$id = $this->getHtmlId();
$attributes = [
- 'value' => '{literal}'.htmlescape($this->getValue()).'{/literal}'
+ 'value' => $this->getValue()
];
if ($this->isSubAttribute) {
$attributes['class'] = 'subattribute';
diff --git a/include/simpleplugin/attributes/class_MailsAttribute.inc b/include/simpleplugin/attributes/class_MailsAttribute.inc
index 021c24ff74a00c02fcf25188b3bfa16a47ac4e96..8b25c38d282a24b3eb4a991640af07be5e145505 100644
--- a/include/simpleplugin/attributes/class_MailsAttribute.inc
+++ b/include/simpleplugin/attributes/class_MailsAttribute.inc
@@ -97,18 +97,24 @@ class MailsAttribute extends DialogAttribute
$id = $this->getHtmlId();
$buttons = $this->renderInputField(
'submit', 'add'.$id,
- ['value' => '{msgPool type=addButton}', 'class' => 'subattribute']
+ [
+ 'class' => 'subattribute',
+ 'value' => msgPool::addButton(FALSE),
+ ]
);
$buttons .= $this->renderInputField(
'submit', 'add'.$id.'_dialog',
[
'class' => 'dialog subattribute',
- 'value' => '{msgPool type=addButton} (from list)'
+ 'value' => sprintf(_('%s (from list)'), msgPool::addButton(FALSE)),
]
);
$buttons .= $this->renderInputField(
'submit', 'del'.$id,
- ['value' => '{msgPool type=delButton}', 'class' => 'subattribute']
+ [
+ 'class' => 'subattribute',
+ 'value' => msgPool::delButton(FALSE),
+ ]
);
return $buttons;
}
diff --git a/include/simpleplugin/attributes/class_PhoneNumberAttribute.inc b/include/simpleplugin/attributes/class_PhoneNumberAttribute.inc
index 6d60068943b958802b154ba72538343882152a03..7b790c35926ea8232b63573ba1093cc2d236f74d 100644
--- a/include/simpleplugin/attributes/class_PhoneNumberAttribute.inc
+++ b/include/simpleplugin/attributes/class_PhoneNumberAttribute.inc
@@ -116,7 +116,7 @@ class PhoneNumberButtonAttribute extends PhoneNumberAttribute
'image', $id.'_edit',
[
'class' => 'center dialog',
- 'src' => 'geticon.php?context=actions&icon=document-edit&size=16',
+ 'src' => 'geticon.php?context=actions&icon=document-edit&size=16',
'title' => _('Edit'),
'alt' => _('Edit')
]
diff --git a/include/simpleplugin/attributes/class_SetAttribute.inc b/include/simpleplugin/attributes/class_SetAttribute.inc
index d351832525e0260d0da6d77232895c738641028f..491671e35da31cca7cf284bba046544224b69de9 100644
--- a/include/simpleplugin/attributes/class_SetAttribute.inc
+++ b/include/simpleplugin/attributes/class_SetAttribute.inc
@@ -249,7 +249,7 @@ class SetAttribute extends Attribute
}
$attributes[$this->getLdapName()] = [
'htmlid' => $this->getForHtmlId(),
- 'label' => '{literal}'.$this->getLabel().'{/literal}',
+ 'label' => '{literal}'.htmlescape($this->getLabel()).'{/literal}',
'description' => ($this->isRequired() ? sprintf(_("%s (required)"), $this->getDescription()) : $this->getDescription()),
'input' => $this->renderAcl($this->renderOnlyFormInput()),
'subattribute' => $this->isSubAttribute,
@@ -303,8 +303,22 @@ class SetAttribute extends Attribute
function renderButtons ()
{
$id = $this->getHtmlId();
- $buttons = $this->renderInputField('submit', 'add'.$id, ['value' => '{msgPool type=addButton}', 'formnovalidate' => 'formnovalidate', 'class' => 'subattribute']);
- $buttons .= $this->renderInputField('submit', 'del'.$id, ['value' => '{msgPool type=delButton}', 'formnovalidate' => 'formnovalidate', 'class' => 'subattribute']);
+ $buttons = $this->renderInputField(
+ 'submit', 'add'.$id,
+ [
+ 'value' => msgPool::addButton(FALSE),
+ 'formnovalidate' => 'formnovalidate',
+ 'class' => 'subattribute',
+ ]
+ );
+ $buttons .= $this->renderInputField(
+ 'submit', 'del'.$id,
+ [
+ 'value' => msgPool::addButton(FALSE),
+ 'formnovalidate' => 'formnovalidate',
+ 'class' => 'subattribute',
+ ]
+ );
return $buttons;
}
@@ -527,7 +541,7 @@ class OrderedArrayAttribute extends SetAttribute
$img .= $this->renderInputField(
'image', $id.'_up_'.$key,
[
- 'src' => 'geticon.php?context=actions&icon=view-sort-descending&size=16',
+ 'src' => 'geticon.php?context=actions&icon=view-sort-descending&size=16',
'title' => _('Sort up'),
'alt' => _('Sort up'),
'class' => 'center',
@@ -541,7 +555,7 @@ class OrderedArrayAttribute extends SetAttribute
$img .= $this->renderInputField(
'image', $id.'_down_'.$key,
[
- 'src' => 'geticon.php?context=actions&icon=view-sort-ascending&size=16',
+ 'src' => 'geticon.php?context=actions&icon=view-sort-ascending&size=16',
'title' => _('Sort down'),
'alt' => _('Sort down'),
'class' => 'center',
@@ -557,7 +571,7 @@ class OrderedArrayAttribute extends SetAttribute
$img .= $this->renderInputField(
'image', $id.'_edit_'.$key,
[
- 'src' => 'geticon.php?context=actions&icon=document-edit&size=16',
+ 'src' => 'geticon.php?context=actions&icon=document-edit&size=16',
'title' => _('Edit'),
'alt' => _('Edit'),
'class' => 'center',
@@ -568,7 +582,7 @@ class OrderedArrayAttribute extends SetAttribute
$img .= $this->renderInputField(
'image', $id.'_del_'.$key,
[
- 'src' => 'geticon.php?context=actions&icon=edit-delete&size=16',
+ 'src' => 'geticon.php?context=actions&icon=edit-delete&size=16',
'title' => _('Delete'),
'alt' => _('Delete'),
'class' => 'center',
@@ -703,7 +717,14 @@ class OrderedArrayAttribute extends SetAttribute
function renderButtons ()
{
$id = $this->getHtmlId();
- $buttons = $this->renderInputField('submit', 'add'.$id, ['value' => '{msgPool type=addButton}', 'formnovalidate' => 'formnovalidate', 'class' => 'subattribute']);
+ $buttons = $this->renderInputField(
+ 'submit', 'add'.$id,
+ [
+ 'value' => msgPool::addButton(FALSE),
+ 'formnovalidate' => 'formnovalidate',
+ 'class' => 'subattribute',
+ ]
+ );
return $buttons;
}
}
diff --git a/include/simpleplugin/attributes/class_StringAttribute.inc b/include/simpleplugin/attributes/class_StringAttribute.inc
index c192092e73515ab340a1565e6163389710a0d45d..e5cf499b35914e311d09975218638b90123f42f0 100644
--- a/include/simpleplugin/attributes/class_StringAttribute.inc
+++ b/include/simpleplugin/attributes/class_StringAttribute.inc
@@ -75,17 +75,17 @@ class StringAttribute extends Attribute
{
$id = $this->getHtmlId();
$attributes = [
- 'value' => '{literal}'.htmlescape($this->getValue()).'{/literal}'
+ 'value' => $this->getValue()
];
if (!empty($this->managedAttributes)) {
$js = $this->managedAttributesJS();
- $attributes['onChange'] = 'javascript:'.htmlescape($js);
+ $attributes['onChange'] = 'javascript:'.$js;
}
if ($this->autocomplete !== NULL) {
$attributes['autocomplete'] = $this->autocomplete;
}
if ($this->html5pattern !== NULL) {
- $attributes['pattern'] = '{literal}'.htmlescape($this->html5pattern).'{/literal}';
+ $attributes['pattern'] = $this->html5pattern;
}
if ($this->isSubAttribute) {
$attributes['class'] = 'subattribute';
@@ -100,7 +100,7 @@ class StringAttribute extends Attribute
{
$id = $this->getHtmlId();
$attributes = [
- 'value' => '{literal}'.htmlescape($this->getValue()).'{/literal}'
+ 'value' => $this->getValue()
];
if ($this->autocomplete !== NULL) {
$attributes['autocomplete'] = $this->autocomplete;
diff --git a/include/simpleplugin/attributes/dialog/class_ButtonAttribute.inc b/include/simpleplugin/attributes/dialog/class_ButtonAttribute.inc
index 3cc870bdda7508203a2037b4f27e18ccf70da0ac..5861fdafada3aa3d930e3a1faa6e70563f6cd11a 100644
--- a/include/simpleplugin/attributes/dialog/class_ButtonAttribute.inc
+++ b/include/simpleplugin/attributes/dialog/class_ButtonAttribute.inc
@@ -41,7 +41,7 @@ class ButtonAttribute extends Attribute
$id = $this->getHtmlId();
$display = $this->renderInputField(
'submit', $id,
- ['value' => '{literal}'.htmlescape($this->buttonText).'{/literal}']
+ ['value' => $this->buttonText]
);
return $this->renderAcl($display);
}
diff --git a/include/simpleplugin/attributes/dialog/class_DialogAttribute.inc b/include/simpleplugin/attributes/dialog/class_DialogAttribute.inc
index 7af576eeca09ebd2630135cf15f7d3bd1693e0fa..c0bca3ee9da5812d7bdb00617201e46c846f5f81 100644
--- a/include/simpleplugin/attributes/dialog/class_DialogAttribute.inc
+++ b/include/simpleplugin/attributes/dialog/class_DialogAttribute.inc
@@ -96,7 +96,7 @@ abstract class DialogAttribute extends SetAttribute
{
$id = $this->getHtmlId();
$buttons = '';
- $dialogButtonValue = '{msgPool type=addButton}';
+ $dialogButtonValue = msgPool::addButton(FALSE);
if ($this->isTemplate()) {
$buttons .= $this->renderInputField(
'text', $id,
@@ -105,7 +105,7 @@ abstract class DialogAttribute extends SetAttribute
$buttons .= $this->renderInputField(
'submit', 'add'.$id,
[
- 'value' => '{msgPool type=addButton}',
+ 'value' => msgPool::addButton(FALSE),
'formnovalidate' => 'formnovalidate',
'class' => 'subattribute',
]
@@ -123,7 +123,7 @@ abstract class DialogAttribute extends SetAttribute
$buttons .= $this->renderInputField(
'submit', 'del'.$id,
[
- 'value' => '{msgPool type=delButton}',
+ 'value' => msgPool::delButton(FALSE),
'formnovalidate' => 'formnovalidate',
'class' => 'subattribute',
]
diff --git a/include/simpleplugin/attributes/dialog/class_DialogOrderedArrayAttribute.inc b/include/simpleplugin/attributes/dialog/class_DialogOrderedArrayAttribute.inc
index e47de9a6758456def123ae7d70bb9a2a525ad677..fc667d0222b8675ef6b49599be4c2493c36e91bf 100644
--- a/include/simpleplugin/attributes/dialog/class_DialogOrderedArrayAttribute.inc
+++ b/include/simpleplugin/attributes/dialog/class_DialogOrderedArrayAttribute.inc
@@ -74,7 +74,7 @@ abstract class DialogOrderedArrayAttribute extends OrderedArrayAttribute
'submit', 'add'.$id.'_dialog',
[
'class' => 'dialog subattribute',
- 'value' => '{msgPool type=addButton}',
+ 'value' => msgPool::addButton(FALSE),
'formnovalidate' => 'formnovalidate'
]
);
diff --git a/include/simpleplugin/attributes/dialog/class_ObjectAttribute.inc b/include/simpleplugin/attributes/dialog/class_ObjectAttribute.inc
index 45f22fbaea6ee8af058c2420eaefdd27ac66703a..5984a72af8000dd18c1b0fd9ceccadab7fcdb0aa 100644
--- a/include/simpleplugin/attributes/dialog/class_ObjectAttribute.inc
+++ b/include/simpleplugin/attributes/dialog/class_ObjectAttribute.inc
@@ -88,24 +88,24 @@ class ObjectAttribute extends DialogButtonAttribute
$display = $this->renderInputField(
'text', $id,
[
- 'value' => '{literal}'.htmlescape($this->getValue()).'{/literal}'
+ 'value' => $this->getValue()
]
);
} else {
- $display = '<img src="'.htmlescape($infos['icon']).'" alt="'.$infos['name'].'" class="center"/>';
+ $display = '<img src="'.htmlescape($infos['icon']).'" alt="'.htmlescape($infos['name']).'" class="center"/>';
if ($this->getValue() == '') {
- $display .= '<b>'._('None').'</b>';
+ $display .= '<b>'.htmlescape(_('None')).'</b>';
} elseif ($this->buttonText === NULL) {
- $display .= '<b>'._('Unknown').'</b>';
+ $display .= '<b>'.htmlescape(_('Unknown')).'</b>';
} else {
- $display .= '<a>'.$this->buttonText.'</a>';
+ $display .= '<a>'.htmlescape($this->buttonText).'</a>';
}
}
$display .= $this->renderInputField(
'image', $id.'_dialog',
[
'class' => 'center dialog',
- 'src' => 'geticon.php?context=actions&icon=document-edit&size=16',
+ 'src' => 'geticon.php?context=actions&icon=document-edit&size=16',
'title' => _('Edit'),
'alt' => _('Edit')
]
@@ -115,7 +115,7 @@ class ObjectAttribute extends DialogButtonAttribute
'image', $id.'_remove',
[
'class' => 'center',
- 'src' => 'geticon.php?context=actions&icon=remove&size=16',
+ 'src' => 'geticon.php?context=actions&icon=remove&size=16',
'title' => _('Remove'),
'alt' => _('Remove')
]
diff --git a/include/simpleplugin/class_Attribute.inc b/include/simpleplugin/class_Attribute.inc
index 07bfa17b2f31ab4940a8949978c15e252e75e481..f8d55cd2fb9a48ec011b25d432fcf1b51f1455e6 100644
--- a/include/simpleplugin/class_Attribute.inc
+++ b/include/simpleplugin/class_Attribute.inc
@@ -630,7 +630,7 @@ class Attribute
}
$attributes[$this->getLdapName()] = [
'htmlid' => $this->getForHtmlId(),
- 'label' => '{literal}'.$this->getLabel().'{/literal}',
+ 'label' => '{literal}'.htmlescape($this->getLabel()).'{/literal}',
'description' => ($this->isRequired() ? sprintf(_("%s (required)"), $this->getDescription()) : $this->getDescription()),
'input' => $input,
'subattribute' => $this->isSubAttribute,
@@ -789,13 +789,13 @@ class Attribute
protected function renderInputField (string $type, string $name, array $attributes = []): string
{
- $input = '<input type="'.$type.'" '.
- 'name="'.$name.'" id="'.$name.'"'.
+ $input = '{literal}<input type="'.htmlescape($type).'" '.
+ 'name="'.htmlescape($name).'" id="'.htmlescape($name).'"'.
($this->disabled ? ' disabled="disabled"' : '');
foreach ($attributes as $label => $value) {
- $input .= ' '.$label.'="'.$value.'"';
+ $input .= ' '.$label.'="'.htmlescape($value).'"';
}
- $input .= '/>';
+ $input .= '/>{/literal}';
return $input;
}
}