| [vhffs-dev] [1104] Repeat after me: "Escaping stuff once is sometimes too much, so don' t escape twice". |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
Revision: 1104
Author: beuss
Date: 2007-12-04 12:14:04 +0000 (Tue, 04 Dec 2007)
Log Message:
-----------
Repeat after me: "Escaping stuff once is sometimes too much, so don't escape twice".
Modified Paths:
--------------
trunk/vhffs-api/src/Vhffs/Panel/Object.pm
trunk/vhffs-panel/admin/moderation.pl
trunk/vhffs-panel/admin/object/edit.pl
trunk/vhffs-panel/cvs/create.pl
trunk/vhffs-panel/git/create.pl
trunk/vhffs-panel/group/create.pl
trunk/vhffs-panel/group/prefs.pl
trunk/vhffs-panel/mail/create.pl
trunk/vhffs-panel/mysql/create.pl
trunk/vhffs-panel/object/resubmit.pl
trunk/vhffs-panel/pgsql/create.pl
trunk/vhffs-panel/repository/create.pl
trunk/vhffs-panel/svn/create.pl
trunk/vhffs-panel/web/create.pl
trunk/vhffs-panel/web/prefs.pl
Modified: trunk/vhffs-api/src/Vhffs/Panel/Object.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Object.pm 2007-12-03 20:56:08 UTC (rev 1103)
+++ trunk/vhffs-api/src/Vhffs/Panel/Object.pm 2007-12-04 12:14:04 UTC (rev 1104)
@@ -103,7 +103,7 @@
$template->param( SEND => gettext("Send") );
- $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $object->get_description ) );
+ $template->param( VALUE_DESCRIPTION => $object->get_description );
$template->param( VALUE_OID => $object->get_oid );
$template->param( VALUE_UID => $object->get_owner_uid );
$template->param( VALUE_USERNAME => Vhffs::User::get_name_by_uid( $vhffs , $object->get_owner_uid ));
Modified: trunk/vhffs-panel/admin/moderation.pl
===================================================================
--- trunk/vhffs-panel/admin/moderation.pl 2007-12-03 20:56:08 UTC (rev 1103)
+++ trunk/vhffs-panel/admin/moderation.pl 2007-12-04 12:14:04 UTC (rev 1104)
@@ -112,7 +112,7 @@
$subtemplate->param( GROUP => $group->get_groupname );
$subtemplate->param( OID => $_->get_oid );
- $subtemplate->param( DESCRIPTION => CGI::escapeHTML( $_->get_description ) );
+ $subtemplate->param( DESCRIPTION => $_->get_description );
$subtemplate->param( ACCEPT => gettext('Accept') );
$subtemplate->param( REFUSE => gettext('Refuse') );
$output .= $subtemplate->output;
Modified: trunk/vhffs-panel/admin/object/edit.pl
===================================================================
--- trunk/vhffs-panel/admin/object/edit.pl 2007-12-03 20:56:08 UTC (rev 1103)
+++ trunk/vhffs-panel/admin/object/edit.pl 2007-12-04 12:14:04 UTC (rev 1104)
@@ -99,7 +99,7 @@
$template->param( SEND => gettext("Send") );
- $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $object->get_description ) );
+ $template->param( VALUE_DESCRIPTION => $object->get_description );
$template->param( VALUE_OID => $object->get_oid );
$template->param( VALUE_UID => $object->get_owner_uid );
$template->param( VALUE_USERNAME => Vhffs::User::get_name_by_uid( $vhffs , $object->get_owner_uid ));
Modified: trunk/vhffs-panel/cvs/create.pl
===================================================================
--- trunk/vhffs-panel/cvs/create.pl 2007-12-03 20:56:08 UTC (rev 1103)
+++ trunk/vhffs-panel/cvs/create.pl 2007-12-04 12:14:04 UTC (rev 1104)
@@ -100,13 +100,13 @@
$panel->set_title( gettext('Create a CVS Repository') );
$template->param( REPOSITORY_NAME => gettext('Repository Name') );
- $template->param( REPOSITORY_VALUE => CGI::escapeHTML($reponame) );
+ $template->param( REPOSITORY_VALUE => $reponame );
$template->param( GROUP_NAME => gettext('Group owning this CVS') );
$template->param( GROUP => $group->get_groupname );
$template->param( SEND => gettext('Send') );
$template->param( DESCRIPTION => gettext('Description') );
- $template->param( DESCRIPTION_VALUE => CGI::escapeHTML($description) );
+ $template->param( DESCRIPTION_VALUE => $description );
$panel->build( $template );
$panel->display;
Modified: trunk/vhffs-panel/git/create.pl
===================================================================
--- trunk/vhffs-panel/git/create.pl 2007-12-03 20:56:08 UTC (rev 1103)
+++ trunk/vhffs-panel/git/create.pl 2007-12-04 12:14:04 UTC (rev 1104)
@@ -94,14 +94,14 @@
$panel->set_title( gettext('Create a git Repository') );
$template->param( REPOSITORY_NAME => gettext('Repository Name') );
- $template->param( REPOSITORY_VALUE => CGI::escapeHTML($reponame) );
+ $template->param( REPOSITORY_VALUE => $reponame );
$template->param( GROUP_NAME => gettext('Group owning this git repository') );
$template->param( GROUP => $groupname );
$template->param( GIT_SUFFIX => '.git' );
$template->param( SEND => gettext('Send') );
$template->param( DESCRIPTION => gettext('Description') );
- $template->param( DESCRIPTION_VALUE => CGI::escapeHTML($description) );
+ $template->param( DESCRIPTION_VALUE => $description );
$panel->build( $template );
$panel->display;
Modified: trunk/vhffs-panel/group/create.pl
===================================================================
--- trunk/vhffs-panel/group/create.pl 2007-12-03 20:56:08 UTC (rev 1103)
+++ trunk/vhffs-panel/group/create.pl 2007-12-04 12:14:04 UTC (rev 1104)
@@ -90,9 +90,9 @@
$template->param( SEND => gettext('Send') );
$template->param( DESCRIPTION => gettext('Description') );
$template->param( WARNING_PUBLIC => gettext("Please consider that this description is going to be displayed in the public area. So you have to write it in impersonal form. You should take care to write it with correct grammar and tenses. Take all the time you need to fill it with the best content you are able to do.") ) if $panel->is_public;
- $template->param( PROJECT_VALUE => CGI::escapeHTML( $groupname ) );
- $template->param( REALNAME_VALUE => CGI::escapeHTML( $realname ) );
- $template->param( DESCRIPTION_VALUE => CGI::escapeHTML( $description ) );
+ $template->param( PROJECT_VALUE => $groupname );
+ $template->param( REALNAME_VALUE => $realname );
+ $template->param( DESCRIPTION_VALUE => $description );
$panel->build( $template );
$panel->display;
Modified: trunk/vhffs-panel/group/prefs.pl
===================================================================
--- trunk/vhffs-panel/group/prefs.pl 2007-12-03 20:56:08 UTC (rev 1103)
+++ trunk/vhffs-panel/group/prefs.pl 2007-12-04 12:14:04 UTC (rev 1104)
@@ -208,9 +208,9 @@
$template->param( TEXT_OWNER => gettext("Project Owner") );
$template->param( VALUE_OWNER => $group->get_owner_username );
$template->param( TEXT_DESCRIPTION => gettext("Project Description") );
- $template->param( VALUE_DESCRIPTION => CGI::escapeHTML($group->get_description) );
+ $template->param( VALUE_DESCRIPTION => $group->get_description);
$template->param( TEXT_REALNAME => gettext('Project full name') );
- $template->param( VALUE_REALNAME => CGI::escapeHTML($group->get_realname) );
+ $template->param( VALUE_REALNAME => $group->get_realname);
$template->param( TEXT_MODIFY => gettext("Modify") );
$template->param( TEXT_DELETE_PROJECT => gettext("Delete this project") );
$template->param( TEXT_BEFORE_DELETE => gettext("This action is non-reversible. All services associated to this project will be DESTROYED.") );
Modified: trunk/vhffs-panel/mail/create.pl
===================================================================
--- trunk/vhffs-panel/mail/create.pl 2007-12-03 20:56:08 UTC (rev 1103)
+++ trunk/vhffs-panel/mail/create.pl 2007-12-04 12:14:04 UTC (rev 1104)
@@ -89,7 +89,7 @@
$panel->set_title( gettext('Create a mail space') );
$template->param( DOMAIN_TEXT => gettext('Domain') );
- $template->param( DOMAIN_VALUE => CGI::escapeHTML($domain) );
+ $template->param( DOMAIN_VALUE => $domain );
$template->param( GROUP_NAME => gettext('Group owning this mail domain') );
$template->param( GROUP => $groupname );
Modified: trunk/vhffs-panel/mysql/create.pl
===================================================================
--- trunk/vhffs-panel/mysql/create.pl 2007-12-03 20:56:08 UTC (rev 1103)
+++ trunk/vhffs-panel/mysql/create.pl 2007-12-04 12:14:04 UTC (rev 1104)
@@ -103,12 +103,12 @@
$template->param( GROUP_NAME => gettext('Group owning this database') );
$template->param( DB_PREFIX => $groupname.'_' );
$template->param( DB_SUFFIX => gettext('MySQL database name ') );
- $template->param( DB_SUFFIX_VALUE => CGI::escapeHTML($dbsuffix) );
+ $template->param( DB_SUFFIX_VALUE => $dbsuffix );
$template->param( DB_PASS => gettext('MySQL password for this database ') );
$template->param( GROUP => $groupname );
$template->param( SEND => gettext('Send') );
$template->param( DESCRIPTION => gettext('Description') );
- $template->param( DESCRIPTION_VALUE => CGI::escapeHTML($description) );
+ $template->param( DESCRIPTION_VALUE => $description );
$panel->build( $template );
$panel->display;
Modified: trunk/vhffs-panel/object/resubmit.pl
===================================================================
--- trunk/vhffs-panel/object/resubmit.pl 2007-12-03 20:56:08 UTC (rev 1103)
+++ trunk/vhffs-panel/object/resubmit.pl 2007-12-04 12:14:04 UTC (rev 1104)
@@ -123,10 +123,10 @@
$template->param( OBJECTNAME => $object->get_label );
$template->param( REFUSEREASON_TEXT => gettext('Reason of refusal') );
- $template->param( REFUSEREASON => CGI::escapeHTML( $object->get_refuse_reason ) );
+ $template->param( REFUSEREASON => $object->get_refuse_reason );
$template->param( DESCRIPTION_TEXT => gettext('Description') );
- $template->param( DESCRIPTION => CGI::escapeHTML( $object->get_description ) );
+ $template->param( DESCRIPTION => $object->get_description );
$template->param( WARNING_PUBLIC => gettext("Please consider that this description is going to be displayed in the public area. So you have to write it in impersonal form. You should take care to write it with correct grammar and tenses. Take all the time you need to fill it with the best content you are able to do.") ) if( $panel->is_public && ( $object->get_type == Vhffs::Constants::TYPE_GROUP || $object->get_type == Vhffs::Constants::TYPE_WEB ) );
Modified: trunk/vhffs-panel/pgsql/create.pl
===================================================================
--- trunk/vhffs-panel/pgsql/create.pl 2007-12-03 20:56:08 UTC (rev 1103)
+++ trunk/vhffs-panel/pgsql/create.pl 2007-12-04 12:14:04 UTC (rev 1104)
@@ -103,12 +103,12 @@
$template->param( GROUP_NAME => gettext("Group owning this database") );
$template->param( DB_PREFIX => $groupname.'_' );
$template->param( DB_SUFFIX => gettext("PostgreSQL database name ") );
- $template->param( DB_SUFFIX_VALUE => CGI::escapeHTML($dbsuffix) );
+ $template->param( DB_SUFFIX_VALUE => $dbsuffix );
$template->param( DB_PASS => gettext("PostgreSQL password for this database ") );
$template->param( GROUP => $groupname );
$template->param( SEND => gettext("Send") );
$template->param( DESCRIPTION => gettext("Description") );
- $template->param( DESCRIPTION_VALUE => CGI::escapeHTML($description) );
+ $template->param( DESCRIPTION_VALUE => $description );
$panel->build( $template );
$panel->display;
Modified: trunk/vhffs-panel/repository/create.pl
===================================================================
--- trunk/vhffs-panel/repository/create.pl 2007-12-03 20:56:08 UTC (rev 1103)
+++ trunk/vhffs-panel/repository/create.pl 2007-12-04 12:14:04 UTC (rev 1104)
@@ -96,7 +96,7 @@
$template->param( NAME => $groupname );
$template->param( SEND => gettext('Send') );
$template->param( DESCRIPTION => gettext('Description') );
- $template->param( DESCRIPTION_VALUE => CGI::escapeHTML($description) );
+ $template->param( DESCRIPTION_VALUE => $description );
$panel->build( $template );
$panel->display;
Modified: trunk/vhffs-panel/svn/create.pl
===================================================================
--- trunk/vhffs-panel/svn/create.pl 2007-12-03 20:56:08 UTC (rev 1103)
+++ trunk/vhffs-panel/svn/create.pl 2007-12-04 12:14:04 UTC (rev 1104)
@@ -94,13 +94,13 @@
$panel->set_title( gettext('Create a Subversion Repository') );
$template->param( REPOSITORY_NAME => gettext('Repository Name') );
- $template->param( REPOSITORY_VALUE => CGI::escapeHTML($reponame) );
+ $template->param( REPOSITORY_VALUE => $reponame);
$template->param( GROUP_NAME => gettext('Group owning this Subversion repository') );
$template->param( GROUP => $groupname );
$template->param( SEND => gettext('Send') );
$template->param( DESCRIPTION => gettext('Description') );
- $template->param( DESCRIPTION_VALUE => CGI::escapeHTML($description) );
+ $template->param( DESCRIPTION_VALUE => $description );
$panel->build( $template );
$panel->display;
}
Modified: trunk/vhffs-panel/web/create.pl
===================================================================
--- trunk/vhffs-panel/web/create.pl 2007-12-03 20:56:08 UTC (rev 1103)
+++ trunk/vhffs-panel/web/create.pl 2007-12-04 12:14:04 UTC (rev 1104)
@@ -95,14 +95,14 @@
$panel->set_title( gettext('Create a web space') );
$template->param( SERVERNAME_TEXT => gettext('Address (ServerName directive)') );
$template->param( SERVERNAME_WARNING => gettext('Be careful, if you want create www.domain.tld, you should create a webspace with domain.tld as servername. VHFFS redirect all request from www.domain.tld to domain.tld') );
- $template->param( SERVERNAME_VALUE => CGI::escapeHTML($servername) );
+ $template->param( SERVERNAME_VALUE => $servername );
$template->param( GROUP_NAME => gettext('Group owning this web space') );
$template->param( GROUP => $groupname );
$template->param( SEND => gettext('Send') );
$template->param( DESCRIPTION => gettext('Tell us what the use of this web space will be') );
$template->param( WARNING_PUBLIC => gettext('Please consider that this description is going to be displayed in the public area. So you have to write it in impersonal form. You should take care to write it with correct grammar and tenses. Take all the time you need to fill it with the best content you are able to do.') ) if $panel->is_public;
- $template->param( DESCRIPTION_VALUE => CGI::escapeHTML($description) );
+ $template->param( DESCRIPTION_VALUE => $description );
$panel->build( $template );
$panel->display;
Modified: trunk/vhffs-panel/web/prefs.pl
===================================================================
--- trunk/vhffs-panel/web/prefs.pl 2007-12-03 20:56:08 UTC (rev 1103)
+++ trunk/vhffs-panel/web/prefs.pl 2007-12-04 12:14:04 UTC (rev 1104)
@@ -97,7 +97,7 @@
#Show the current description
$template->param( TEXT_DESCRIPTION => gettext("Description of your webarea") );
- $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $web->get_description ) );
+ $template->param( VALUE_DESCRIPTION => $web->get_description );
$template->param( TEXT_SEND => gettext("Modify") );
$template->param( TEXT_ACL_ADMIN => gettext("Admin Rights on this object (ACL)") );