From 522c5e7cfa4d7e8d2dfdff91cb1119c615d522ec Mon Sep 17 00:00:00 2001 From: Dominique Fournier Date: Wed, 14 Nov 2018 15:51:27 +0000 Subject: [PATCH] form : Add htmlspecialchars in display errors to allow '<' error message git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@4703 bf3deb0d-5f1a-0410-827f-c0cc1f45334c --- form.php | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/form.php b/form.php index 5e1e311..61621d8 100644 --- a/form.php +++ b/form.php @@ -196,7 +196,7 @@ class form { $this->loggingCallable (LOG_ERR, "Unknown FORM method (GET or POST allowed)"); - throw new Exception (dgettext("domframework", + throw new \Exception (dgettext("domframework", "Unknown FORM method (GET or POST allowed)")); } @@ -207,10 +207,10 @@ class form { $this->checkToken ($values[$this->csrfField]); } - catch (Exception $e) + catch (\Exception $e) { $this->loggingCallable (LOG_ERR, $e->getMessage ()); - throw new Exception (dgettext("domframework", + throw new \Exception (dgettext("domframework", "Can not read the data from the form : ". "Expired or missing CSRF Token"), 500); } @@ -252,7 +252,7 @@ class form { $this->loggingCallable (LOG_ERR, "Can't display a form without defined field"); - throw new Exception ("Can't display a form without defined field", 500); + throw new \Exception ("Can't display a form without defined field", 500); } if (isset ($_SESSION)) $_SESSION["domframework"]["form"][$this->formName]["fields"] = @@ -361,7 +361,9 @@ class form } if ($focusElement !== null) $res .= "\n"; + $focusElement."').focus();". + "var formFocusElement='".$this->formName."_". + $focusElement."';\n"; $res .= "\n"; return $res; } @@ -776,7 +778,8 @@ class formfield $res .= "".$this->help.""; if (isset ($this->help) && isset ($this->errors)) $res .= "
"; - if (isset ($this->errors)) $res .= $this->errors[1]; + if (isset ($this->errors)) + $res .= htmlspecialchars ($this->errors[1]); $res .= "\n"; } $res .= " \n"; // End controls @@ -865,7 +868,8 @@ class formfield $res .= "".$this->help.""; if (isset ($this->help) && isset ($this->errors)) $res .= "
"; - if (isset ($this->errors)) $res .= $this->errors[1]; + if (isset ($this->errors)) + $res .= htmlspecialchars ($this->errors[1]); $res .= "\n"; } $res .= " \n"; // End controls @@ -945,7 +949,8 @@ class formfield $res .= "".$this->help.""; if (isset ($this->help) && isset ($this->errors)) $res .= "
"; - if (isset ($this->errors)) $res .= $this->errors[1]; + if (isset ($this->errors)) + $res .= htmlspecialchars ($this->errors[1]); $res .= "\n"; } $res .= " \n"; // End controls @@ -1064,7 +1069,8 @@ class formfield $res .= "".$this->help.""; if (isset ($this->help) && isset ($this->errors)) $res .= "
"; - if (isset ($this->errors)) $res .= $this->errors[1]; + if (isset ($this->errors)) + $res .= htmlspecialchars ($this->errors[1]); $res .= "\n"; } } @@ -1183,7 +1189,8 @@ class formfield $res .= "".$this->help.""; if (isset ($this->help) && isset ($this->errors)) $res .= "
"; - if (isset ($this->errors)) $res .= $this->errors[1]; + if (isset ($this->errors)) + $res .= htmlspecialchars ($this->errors[1]); $res .= "\n"; } $res .= " \n"; // End controls @@ -1253,7 +1260,8 @@ class formfield $res .= "".$this->help.""; if (isset ($this->help) && isset ($this->errors)) $res .= "
"; - if (isset ($this->errors)) $res .= $this->errors[1]; + if (isset ($this->errors)) + $res .= htmlspecialchars ($this->errors[1]); $res .= "\n"; } $res .= " \n"; // End controls @@ -1334,7 +1342,8 @@ class formfield $res .= "".$this->help.""; if (isset ($this->help) && isset ($this->errors)) $res .= "
"; - if (isset ($this->errors)) $res .= $this->errors[1]; + if (isset ($this->errors)) + $res .= htmlspecialchars ($this->errors[1]); $res .= "\n"; }