Commit baa07d47 authored by Côme Chilliet's avatar Côme Chilliet
Browse files

Fixes #4093 Fixing HTML errors in img src attributes

parent 0d4e40cc
<div style="font-size:20px;">
<img alt="" src="geticon.php?context=status&icon=object-locked&size=32" style="vertical-align:top;"/>&nbsp;{t}Locking conflict detected{/t}
<img alt="" src="geticon.php?context=status&amp;icon=object-locked&amp;size=32" style="vertical-align:top;"/>&nbsp;{t}Locking conflict detected{/t}
</div>
<p>
......
......@@ -25,19 +25,19 @@
</div>
<div>
<label for="username"><img class="center" src="{$personal_img}" alt="{t}Username{/t}" title="{t}Username{/t}"/>&nbsp;</label>
<label for="username"><img class="center" src="{$personal_img|escape}" alt="{t}Username{/t}" title="{t}Username{/t}"/>&nbsp;</label>
<input type="text" name="username" id="username" maxlength="40" value="{$username|escape}"
title="{t}Username{/t}" onFocus="nextfield= 'password';" />
<br />
<br />
<label for="password"><img class="center" src="{$password_img}" alt="{t}Password{/t}" title="{t}Password{/t}" />&nbsp;</label>
<label for="password"><img class="center" src="{$password_img|escape}" alt="{t}Password{/t}" title="{t}Password{/t}" />&nbsp;</label>
<input type="password" name="password" id="password" maxlength="40" value=""
title="{t}Password{/t}" onFocus="nextfield= 'login';" />
<br />
<a href="recovery.php">{t}I forgot my password{/t}</a>
</div>
<div>
<img class="center" src="{$directory_img}" alt="{t}Directory{/t}" title="{t}Directory{/t}" />&nbsp;
<img class="center" src="{$directory_img|escape}" alt="{t}Directory{/t}" title="{t}Directory{/t}" />&nbsp;
<select name="server" title="{t}Directory{/t}" onchange="javascript:document.mainform.submit();">
{html_options options=$server_options selected=$server_id}
</select>
......
......@@ -35,11 +35,11 @@
<div id="e_layerTitle{$i_ID}" class="msgtitle">
<h2>
{if $i_Type == $smarty.const.ERROR_DIALOG}
<img src="geticon.php?context=status&icon=dialog-error&size=32" class="center" alt="{t}Error{/t}"/>
<img src="geticon.php?context=status&amp;icon=dialog-error&amp;size=32" class="center" alt="{t}Error{/t}"/>
{elseif $i_Type == $smarty.const.WARNING_DIALOG}
<img src="geticon.php?context=status&icon=dialog-warning&size=32" class="center" alt="{t}Warning{/t}"/>
<img src="geticon.php?context=status&amp;icon=dialog-warning&amp;size=32" class="center" alt="{t}Warning{/t}"/>
{elseif $i_Type == $smarty.const.INFO_DIALOG || $i_Type == $smarty.const.CONFIRM_DIALOG}
<img src="geticon.php?context=status&icon=dialog-information&size=32" class="center" alt="{t}Information{/t}"/>
<img src="geticon.php?context=status&amp;icon=dialog-information&amp;size=32" class="center" alt="{t}Information{/t}"/>
{/if}
{$s_Title}
</h2>
......
......@@ -17,7 +17,7 @@
{$msg_dialogs}
<div id="window_titlebar">
<p>
<img class="center" src="geticon.php?context=status&icon=dialog-password&size=48" alt="{t}Password{/t}" title="{t}Password{/t}"/>
<img class="center" src="geticon.php?context=status&amp;icon=dialog-password&amp;size=48" alt="{t}Password{/t}" title="{t}Password{/t}"/>
{t}Lost password{/t}
</p>
</div>
......@@ -100,7 +100,7 @@
<div style="clear:both"></div>
{elseif $changed}
<div class="success">
<img class="center" src="geticon.php?context=status&icon=task-complete&size=16" alt="{t}Success{/t}" title="{t}Success{/t}">&nbsp;<b>{t}Your password has been changed successfully.{/t}</b><br/>
<img class="center" src="geticon.php?context=status&amp;icon=task-complete&amp;size=16" alt="{t}Success{/t}" title="{t}Success{/t}">&nbsp;<b>{t}Your password has been changed successfully.{/t}</b><br/>
<br/><a href="./">Return to login screen</a>
</div>
{else}
......
<div style="font-size:18px;">
<img alt="" src="geticon.php?context=status&icon=dialog-warning&size=32"/>&nbsp;{t}Warning{/t}
<img alt="" src="geticon.php?context=status&amp;icon=dialog-warning&amp;size=32"/>&nbsp;{t}Warning{/t}
</div>
<p>
{$intro}
......
......@@ -367,9 +367,9 @@ class CopyPasteHandler
$Copy_Paste = "&nbsp;<img class='center' src='images/lists/seperator.png' alt='' height='16' width='1'>&nbsp;";
if ($this->entries_queued()) {
$Copy_Paste .= "<input type='image' name='editPaste' class='center'
src='geticon.php?context=actions&icon=edit-paste&size=16' alt='"._("Paste")."'>&nbsp;";
src='geticon.php?context=actions&amp;icon=edit-paste&amp;size=16' alt='"._("Paste")."'>&nbsp;";
} else {
$Copy_Paste .= "<img class='center' src='geticon.php?context=actions&icon=edit-paste&size=16&disabled=1' alt=\""._("Cannot paste")."\">&nbsp;";
$Copy_Paste .= "<img class='center' src='geticon.php?context=actions&amp;icon=edit-paste&amp;size=16&amp;disabled=1' alt=\""._("Cannot paste")."\">&nbsp;";
}
return $Copy_Paste;
}
......
......@@ -175,9 +175,9 @@ class SnapShotDialog extends plugin
/* Add Elements to divselectbox */
$this->last_list = array_values($list_of_elements);
foreach ($this->last_list as $key => $entry) {
$actions = "<input type='image' src='geticon.php?context=actions&icon=document-restore&size=16' name='RestoreSnapshot_$key'
$actions = "<input type='image' src='geticon.php?context=actions&amp;icon=document-restore&amp;size=16' name='RestoreSnapshot_$key'
class='center' title='"._("Restore snapshot")."'>&nbsp;";
$actions .= "<input type='image' src='geticon.php?context=actions&icon=edit-delete&size=16' name='RemoveSnapshot_$key'
$actions .= "<input type='image' src='geticon.php?context=actions&amp;icon=edit-delete&amp;size=16' name='RemoveSnapshot_$key'
class='center' title='"._("Remove snapshot")."'>&nbsp;";
$time_stamp = date(_("Y-m-d, H:i:s"), preg_replace("/\-.*$/", "", $entry['gosaSnapshotTimestamp'][0]));
......
......@@ -254,7 +254,7 @@ class baseSelector {
// Draw submitter if required
if ($this->submitButton) {
$this->tree .= "&nbsp;<input class='center' type='image' src='geticon.php?context=actions&icon=submit&size=16' title='"._("Submit")."' name='submit_base_".$this->pid."' id='submit_base_".$this->pid."' alt='"._("Submit")."'>";
$this->tree .= "&nbsp;<input class='center' type='image' src='geticon.php?context=actions&amp;icon=submit&amp;size=16' title='"._("Submit")."' name='submit_base_".$this->pid."' id='submit_base_".$this->pid."' alt='"._("Submit")."'>";
}
$this->tree .= "<input type='submit' style='display:none' name='submit_tree_base_".$this->pid."' id='submit_tree_base_".$this->pid."'>";
$this->tree .= "<input type='hidden' name='bs_rebase_".$this->pid."' id='bs_rebase_".$this->pid."'>";
......
......@@ -303,7 +303,7 @@ class listing {
isset($config['sortType'])) {
$this->sortAttribute = $config['sortAttribute'];
$this->sortType = $config['sortType'];
$sorter = "&nbsp;<img class='center' title='".($this->sortDirection[$index]?_("Up"):_("Down"))."' src='geticon.php?context=actions&size=16&icon=view-sort-".($this->sortDirection[$index]?"descending":"ascending")."' alt='".($this->sortDirection[$index]?_('Sort up'):_('Sort down'))."'>";
$sorter = "&nbsp;<img class='center' title='".($this->sortDirection[$index]?_("Up"):_("Down"))."' src='geticon.php?context=actions&amp;size=16&amp;icon=view-sort-".($this->sortDirection[$index]?"descending":"ascending")."' alt='".($this->sortDirection[$index]?_('Sort up'):_('Sort down'))."'>";
}
$sortable = (isset($config['sortAttribute']));
......@@ -472,7 +472,7 @@ class listing {
foreach ($this->objectTypes as $objectType) {
if (isset($this->objectTypeCount[$objectType['label']])) {
$label = _($objectType['label']);
$result .= "<img class='center' src='".$objectType['image']."' title='$label' alt='$label'>&nbsp;".$this->objectTypeCount[$objectType['label']]."&nbsp;&nbsp;&nbsp;&nbsp;";
$result .= "<img class='center' src='".htmlentities($objectType['image'], ENT_COMPAT, 'UTF-8')."' title='$label' alt='$label'>&nbsp;".$this->objectTypeCount[$objectType['label']]."&nbsp;&nbsp;&nbsp;&nbsp;";
}
}
......@@ -950,7 +950,7 @@ class listing {
}
if ($type) {
$this->objectDnMapping[$dn] = $type;
$result = "<img class='center' title='".LDAP::fix($dn)."' src='".$this->objectTypes[$type]["image"]."' alt='$type'/>";
$result = "<img class='center' title='".LDAP::fix($dn)."' src='".htmlentities($this->objectTypes[$type]['image'], ENT_COMPAT, 'UTF-8')."' alt='$type'/>";
if (!isset($this->objectTypeCount[$this->objectTypes[$type]['label']])) {
$this->objectTypeCount[$this->objectTypes[$type]['label']] = 0;
}
......@@ -1030,7 +1030,7 @@ class listing {
if ($action['type'] == "entry") {
$label = $this->processElementFilter($action['label'], $this->entries[$row], $row);
$image = $this->processElementFilter($action['image'], $this->entries[$row], $row);
$result .= "<input class='center' type='image' src='$image' title='$label' alt='$label' ".
$result .= "<input class='center' type='image' src='".htmlentities($image, ENT_COMPAT, 'UTF-8')."' title='$label' alt='$label' ".
"name='listing_".$action['name']."_$row' style='padding:1px'>";
}
......@@ -1142,30 +1142,30 @@ class listing {
/* Draw root button */
if ($enableRoot) {
$result["ROOT"] = "<input class='center' type='image' src='geticon.php?context=actions&icon=go-first&size=16' ".
$result["ROOT"] = "<input class='center' type='image' src='geticon.php?context=actions&amp;icon=go-first&amp;size=16' ".
"title='"._("Go to root department")."' name='ROOT' alt='"._("Root")."'>";
} else {
$result["ROOT"] = "<img src='geticon.php?context=actions&icon=go-first&size=16&disabled=1' class='center' alt='"._("Root")."'>";
$result["ROOT"] = "<img src='geticon.php?context=actions&amp;icon=go-first&amp;size=16&amp;disabled=1' class='center' alt='"._("Root")."'>";
}
/* Draw back button */
if ($enableBack) {
$result["BACK"] = "<input class='center' type='image' src='geticon.php?context=actions&icon=go-up&size=16' ".
$result["BACK"] = "<input class='center' type='image' src='geticon.php?context=actions&amp;icon=go-up&amp;size=16' ".
"title='"._("Go up one department")."' alt='"._("Up")."' name='BACK'>";
} else {
$result["BACK"] = "<img src='geticon.php?context=actions&icon=go-up&size=16&disabled=1' class='center' alt='"._("Up")."'>";
$result["BACK"] = "<img src='geticon.php?context=actions&amp;icon=go-up&amp;size=16&amp;disabled=1' class='center' alt='"._("Up")."'>";
}
/* Draw home button */
if ($enableHome) {
$result["HOME"] = '<input class="center" type="image" src="geticon.php?context=actions&icon=go-home&size=16"'.
$result["HOME"] = '<input class="center" type="image" src="geticon.php?context=actions&amp;icon=go-home&amp;size=16"'.
' title="'._("Go to user's department").'" alt="'._('Home').'" name="HOME"/>';
} else {
$result["HOME"] = "<img src='geticon.php?context=actions&icon=go-home&size=16&disabled=1' class='center' alt='"._("Home")."'>";
$result["HOME"] = "<img src='geticon.php?context=actions&amp;icon=go-home&amp;size=16&amp;disabled=1' class='center' alt='"._("Home")."'>";
}
/* Draw reload button, this button is enabled everytime */
$result["RELOAD"] = "<input class='center optional' type='image' src='geticon.php?context=actions&icon=view-refresh&size=16' ".
$result["RELOAD"] = "<input class='center optional' type='image' src='geticon.php?context=actions&amp;icon=view-refresh&amp;size=16' ".
"title='"._("Reload list")."' name='REFRESH' alt='"._("Submit")."'>";
return $result;
......@@ -1296,7 +1296,7 @@ class listing {
.'<a href="#" onClick="'
."document.getElementById('actionmenu').value='$action';document.getElementById('exec_act').click();"
.'">'
.'<img src="'.$icon.'" alt="'.$action.'" class="center">&nbsp;'.$name.'</a>'
.'<img src="'.htmlentities($icon, ENT_COMPAT, 'UTF-8').'" alt="'.$action.'" class="center">&nbsp;'.$name.'</a>'
.'</li>';
}
......@@ -1335,7 +1335,7 @@ class listing {
if (isset($action['label'])) {
$img = "";
if (isset($action['image'])) {
$img = "<img class='center' src='".$action['image']."' alt='".$action['label']."'/>&nbsp;";
$img = "<img class='center' src='".htmlentities($action['image'], ENT_COMPAT, 'UTF-8')."' alt='".$action['label']."'/>&nbsp;";
}
$result .= "<li id='actionmenu_".strtolower($action['label'])."'$separator><a href='#'>$img"._($action['label'])."&nbsp;<img src='images/forward-arrow.png' alt='forward arrow'/></a>";
}
......@@ -1599,7 +1599,7 @@ class listing {
if ($this->copyPasteHandler->entries_queued()) {
$result .= $this->renderActionMenuActionLink($separator, 'paste', _('Paste'), 'geticon.php?context=actions&icon=edit-paste&size=16');
} else {
$result .= "<li$separator><a href='#'><img src='geticon.php?context=actions&icon=edit-paste&size=16&disabled=1' alt='paste' class='center'>&nbsp;"._("Paste")."</a></li>";
$result .= "<li$separator><a href='#'><img src='geticon.php?context=actions&amp;icon=edit-paste&amp;size=16&amp;disabled=1' alt='paste' class='center'>&nbsp;"._("Paste")."</a></li>";
}
}
......@@ -1624,7 +1624,7 @@ class listing {
if ($cut) {
if ($ui->is_cutable($dn, $category, $class)) {
$result .= '<input class="center" type="image"'.
' src="geticon.php?context=actions&icon=edit-cut&size=16"'.
' src="geticon.php?context=actions&amp;icon=edit-cut&amp;size=16"'.
' alt="'._('Cut').'" name="listing_cut_'.$row.'" title="'._('Cut this entry').'"'.
' style="padding:1px">';
} else {
......@@ -1636,7 +1636,7 @@ class listing {
if ($copy) {
if ($ui->is_copyable($dn, $category, $class)) {
$result .= '<input class="center" type="image"'.
' src="geticon.php?context=actions&icon=edit-copy&size=16"'.
' src="geticon.php?context=actions&amp;icon=edit-copy&amp;size=16"'.
' alt="'._('Copy').'" name="listing_copy_'.$row.'" title="'._('Copy this entry').'"'.
' style="padding:1px">';
} else {
......@@ -1672,7 +1672,7 @@ class listing {
if ($restore) {
$result .= $this->renderActionMenuActionLink($separator, 'restore', _('Restore snapshots'), 'geticon.php?context=actions&icon=document-restore&size=16');
} else {
$result .= "<li$separator><a href='#'><img src='geticon.php?context=actions&icon=document-restore&size=16&disabled=1' alt='restore' class='center'>&nbsp;"._("Restore snapshots")."</a></li>";
$result .= "<li$separator><a href='#'><img src='geticon.php?context=actions&amp;icon=document-restore&amp;size=16&amp;disabled=1' alt='restore' class='center'>&nbsp;"._("Restore snapshots")."</a></li>";
}
}
......@@ -1686,7 +1686,7 @@ class listing {
$result = "";
// Draw entries
$result .= "<li$separator id='actionmenu_exportList'><a href='#'><img class='center' src='geticon.php?context=actions&icon=document-export&size=16' alt='export'>&nbsp;"._("Export list")."&nbsp;<img src='images/forward-arrow.png' alt='arrow'></a><ul class='level3'>";
$result .= "<li$separator id='actionmenu_exportList'><a href='#'><img class='center' src='geticon.php?context=actions&amp;icon=document-export&amp;size=16' alt='export'>&nbsp;"._("Export list")."&nbsp;<img src='images/forward-arrow.png' alt='arrow'></a><ul class='level3'>";
// Export CVS as build in exporter
foreach ($this->exporter as $action => $exporter) {
......@@ -1720,17 +1720,17 @@ class listing {
// Do we have snapshots for this dn?
if ($this->snapshotHandler->hasSnapshots($dn)) {
$result .= "<input class='center' type='image' src='geticon.php?context=actions&icon=document-restore&size=16' ".
$result .= "<input class='center' type='image' src='geticon.php?context=actions&amp;icon=document-restore&amp;size=16' ".
"alt='"._("Restore snapshot")."' name='listing_restore_$row' title='".
_("Restore snapshot")."' style='padding:1px'>";
} else {
$result .= "<img src='geticon.php?context=actions&icon=document-restore&size=16&disabled=1' alt='restore' class='center' style='padding:1px'>";
$result .= "<img src='geticon.php?context=actions&amp;icon=document-restore&amp;size=16&amp;disabled=1' alt='restore' class='center' style='padding:1px'>";
}
}
// Draw snapshot button
if ($ui->allow_snapshot_create($dn, $category)) {
$result .= "<input class='center' type='image' src='geticon.php?context=actions&icon=snapshot&size=16' ".
$result .= "<input class='center' type='image' src='geticon.php?context=actions&amp;icon=snapshot&amp;size=16' ".
"alt='"._("Create snapshot")."' name='listing_snapshot_$row' title='".
_("Create a new snapshot from this object")."' style='padding:1px'>";
} else {
......
......@@ -161,7 +161,7 @@ class msg_dialog
$display .=
"<table style='width:100%; border:2px solid red;'>
<tr><td style='vertical-align:top;padding:10px'>
<img src='geticon.php?context=status&icon=dialog-error&size=32' alt='{t}Error{/t}'/>
<img src='geticon.php?context=status&amp;icon=dialog-error&amp;size=32' alt='{t}Error{/t}'/>
</td><td style='width:100%'>
<b>".$this->s_Title."</b><br>
".$this->s_Message."<br><br>
......
......@@ -195,7 +195,7 @@ class objects
}
if ($icon && isset($infos['icon'])) {
$text = '<img alt="'.$infos['name'].'" title="'.$dn.'" src="'.$infos['icon'].'" class="center"/>&nbsp;'.$text;
$text = '<img alt="'.$infos['name'].'" title="'.$dn.'" src="'.htmlentities($infos['icon'], ENT_COMPAT, 'UTF-8').'" class="center"/>&nbsp;'.$text;
}
return '<a href="'.$href.'">'.$text.'</a>';
......
......@@ -243,7 +243,7 @@ function DEBUG($level, $line, $function, $file, $data, $info = "")
if (session::global_get('DEBUGLEVEL') & $level) {
if ($first) {
echo '<div id="debug_handling" class="notice">'.
'<img src="geticon.php?context=status&icon=dialog-information&size=22" alt="info icon" style="vertical-align:middle;margin-right:.2em;"/>'.
'<img src="geticon.php?context=status&amp;icon=dialog-information&amp;size=22" alt="info icon" style="vertical-align:middle;margin-right:.2em;"/>'.
'There is some debug output '.
'<button onClick="javascript:$$(\'div.debug_div\').each(function (a) { a.toggle(); });">Toggle</button>'.
'</div>';
......@@ -1861,7 +1861,7 @@ function range_selector($dcnt, $start, $range = 25, $post_var = FALSE)
if ($start > 0 ) {
$output .= " <a href= \"main.php?plug=".validate($_GET['plug'])."&amp;start=".
($start - $range)."\">".
'<img class="center" alt="back" src="geticon.php?context=actions&icon=previous&size=16"/></a>';
'<img class="center" alt="back" src="geticon.php?context=actions&amp;icon=previous&amp;size=16"/></a>';
}
/* Draw pages */
......@@ -1880,7 +1880,7 @@ function range_selector($dcnt, $start, $range = 25, $post_var = FALSE)
if ($start < ($dcnt - $range)) {
$output .= " <a href= \"main.php?plug=".validate($_GET['plug'])."&amp;start=".
($start + $range)."\">".
'<img class="center" alt="forward" src="geticon.php?context=actions&icon=next&size=16"/></a>';
'<img class="center" alt="forward" src="geticon.php?context=actions&amp;icon=next&amp;size=16"/></a>';
}
if ($post_var && $numpages) {
......
......@@ -196,14 +196,14 @@ function gosaRaiseError($errno, $errstr, $errfile, $errline)
<table width="100%">
<tr>
<td>
<img src="geticon.php?context=status&icon=dialog-warning&size=16" alt="" class="center"/>&nbsp;
<img src="geticon.php?context=status&amp;icon=dialog-warning&amp;size=16" alt="" class="center"/>&nbsp;
<strong style="font-size:14px">'.
_("Generating this page caused the PHP interpreter to raise some errors!").'
</strong>
</td>
<td align=right>
<a href="mailto:bugs@fusiondirectory.org?subject=FusionDirectory%20bugreport&amp;body=%BUGBODY%">
<img src="geticon.php?context=applications&icon=internet-mail&size=16" title="'._("Send bug report to the FusionDirectory Team").
<img src="geticon.php?context=applications&amp;icon=internet-mail&amp;size=16" title="'._("Send bug report to the FusionDirectory Team").
'" class="center" alt="'.("Mail icon").'">&nbsp;'._("Send bugreport").'
</a>
</td>
......
......@@ -16,7 +16,7 @@
<tr>
<td>
<label for="NAME">
<img src="geticon.php?context=actions&icon=system-search&size=16" align=middle>&nbsp;{t}Name{/t}
<img src="geticon.php?context=actions&amp;icon=system-search&amp;size=16" align=middle>&nbsp;{t}Name{/t}
</label>
</td>
<td>
......
......@@ -3,7 +3,7 @@
{$section}
</span>
<div>
<img src="{$attributes.groups_stats.img}" alt="group icon"/>
<img src="{$attributes.groups_stats.img|escape}" alt="group icon"/>
{t count=$attributes.groups_stats.nb 1=$attributes.groups_stats.nb plural="There are %1 groups:"}There is 1 group:{/t}
<ul>
{foreach from=$attributes.groups_stats.groups item=g}
......
......@@ -7,9 +7,9 @@
{foreach from=$attributes.stats item=stat}
<li>
{if isset($stat.href)}
<a href="{$stat.href}"><img style="vertical-align:middle;" src="{$stat.img}" alt=""/>&nbsp;{$stat.name}&nbsp;: {$stat.nb}</a>
<a href="{$stat.href}"><img style="vertical-align:middle;" src="{$stat.img|escape}" alt=""/>&nbsp;{$stat.name}&nbsp;: {$stat.nb}</a>
{else}
<img style="vertical-align:middle;" src="{$stat.img}" alt=""/>&nbsp;{$stat.name}&nbsp;: {$stat.nb}
<img style="vertical-align:middle;" src="{$stat.img|escape}" alt=""/>&nbsp;{$stat.name}&nbsp;: {$stat.nb}
{/if}
</li>
{/foreach}
......
......@@ -3,7 +3,7 @@
{$section}
</span>
<div>
<img src="{$attributes.users_stats.img}" alt="user icon"/>
<img src="{$attributes.users_stats.img|escape}" alt="user icon"/>
{t count=$attributes.users_stats.nb 1=$attributes.users_stats.nb plural="There are %1 users:"}There is 1 user:{/t}
<ul>
{foreach from=$attributes.users_stats.accounts item=acc}
......
<div style="padding:5px;">
<div style="font-size:18px;">
<img alt="" src="geticon.php?context=status&icon=dialog-warning&size=48" class="center"/>&nbsp;{t}Warning{/t}
<img alt="" src="geticon.php?context=status&amp;icon=dialog-warning&amp;size=48" class="center"/>&nbsp;{t}Warning{/t}
</div>
<p>
<ul>
......
......@@ -312,11 +312,11 @@ class acl_createedit extends acl
$action = "";
if ($this->acl_is_readable("gosaAclEntry")) {
$action .= "<input class='center' type='image' src='geticon.php?context=actions&icon=document-edit&size=16'
$action .= "<input class='center' type='image' src='geticon.php?context=actions&amp;icon=document-edit&amp;size=16'
alt='"._("Edit")."' name='cat_edit_$section' title='"._("Edit category ACL")."'>";
}
if ($this->acl_is_writeable("gosaAclEntry")) {
$action .= "<input class='center' type='image' src='geticon.php?context=actions&icon=edit-delete&size=16'
$action .= "<input class='center' type='image' src='geticon.php?context=actions&amp;icon=edit-delete&amp;size=16'
alt='"._("Delete")."' name='cat_del_$section' title='"._("Reset category ACL")."'>";
}
......
......@@ -71,12 +71,12 @@ class groupManagement extends simpleManagement
// Load information if needed
$ldap = $config->get_ldap_link();
$ldap->cat($dn);
$result = "<input class='center' type='image' src='geticon.php?context=types&icon=user-group&size=16' ".
$result = "<input class='center' type='image' src='geticon.php?context=types&amp;icon=user-group&amp;size=16' ".
"alt='"._('Posix')."' title='"._('Edit posix properties')."' ".
"name='listing_edit_tab_group_$row' style='padding:1px'/>";
if ($attrs = $ldap->fetch()) {
if (!objects::isOfType($attrs, 'group')) {
return '<input class="center" type="image" src="geticon.php?context=types&icon=role&size=16" '.
return '<input class="center" type="image" src="geticon.php?context=types&amp;icon=role&amp;size=16" '.
'alt="'._('Role').'" title="'._('Edit role properties').'" '.
'name="listing_edit_'.$row.'" style="padding:1px"/>';
}
......@@ -84,7 +84,7 @@ class groupManagement extends simpleManagement
if ($grouptab->is_this_account($attrs)) {
$infos = pluglist::pluginInfos($class);
if (isset($infos['plSmallIcon'])) {
$result .= "<input class='center' type='image' src='".$infos['plSmallIcon']."' ".
$result .= "<input class='center' type='image' src='".htmlentities($infos['plSmallIcon'], ENT_COMPAT, 'UTF-8')."' ".
"alt='".$infos['plShortName']."' title='".$infos['plShortName']."' ".
"name='listing_edit_tab_".$class."_$row' style='padding:1px'/>";
} else {
......@@ -108,7 +108,7 @@ class groupManagement extends simpleManagement
continue;
}
$info = objects::infos(ogroup::$objectTypes[$types[$i]]);
$result .= '<img class="center" src="'.$info['icon'].'" '.
$result .= '<img class="center" src="'.htmlentities($info['icon'], ENT_COMPAT, 'UTF-8').'" '.
'alt="'.$info['name'].'" title="'.$info['name'].'" style="padding:1px"/>';
}
if ($result == "") {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment