..) attributes, javascript: urls, and special characters.
static public stripUnsafeHtml ( $input ) : string | ||
$input | string input string | |
return | string |
/** * Extracts variables for a given column from a data element * so that they may be assigned to template before rendering. * @param $row GridRow * @param $column GridColumn * @return array */ function getTemplateVarsFromRowColumn($row, $column) { $element =& $row->getData(); $columnId = $column->getId(); assert(!empty($columnId)); switch ($columnId) { case 'url': return array('label' => '<a href="' . PKPString::stripUnsafeHtml($element['url']) . '" target="_blank">' . PKPString::stripUnsafeHtml($element['url']) . '</a>'); case 'shares': return array('label' => $element['shares']); } }
/** * Get cell actions associated with this row/column combination * @param $row GridRow * @param $column GridColumn * @return array an array of LinkAction instances */ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITION_DEFAULT) { assert($column->getId() == 'task'); $templateMgr = TemplateManager::getManager($request); $notification = $row->getData(); $contextDao = Application::getContextDAO(); $context = $contextDao->getById($notification->getContextId()); $notificationMgr = new NotificationManager(); $router = $request->getRouter(); $templateMgr->assign(array('notificationMgr' => $notificationMgr, 'notification' => $notification, 'context' => $context, 'notificationObjectTitle' => $this->_getTitle($notification), 'message' => PKPString::stripUnsafeHtml($notificationMgr->getNotificationMessage($request, $notification)))); // See if we're working in a multi-context environment $user = $request->getUser(); $contextDao = Application::getContextDAO(); $contexts = $contextDao->getAvailable($user ? $user->getId() : null)->toArray(); $templateMgr->assign('isMultiContext', count($contexts) > 1); return array(new LinkAction('details', new AjaxAction($router->url($request, null, null, 'markRead', null, array('redirect' => 1, 'selectedElements' => array($notification->getId())))), $templateMgr->fetch('controllers/grid/tasks/task.tpl'))); }
/** * Format the contents of the email * @param $emailLogEntry EmailLogEntry * @return string Formatted email */ function _formatEmail($emailLogEntry) { assert(is_a($emailLogEntry, 'EmailLogEntry')); $text = array(); $text[] = __('email.from') . ': ' . htmlspecialchars($emailLogEntry->getFrom()); $text[] = __('email.to') . ': ' . htmlspecialchars($emailLogEntry->getRecipients()); $text[] = __('email.subject') . ': ' . htmlspecialchars($emailLogEntry->getSubject()); $text[] = $emailLogEntry->getBody(); return nl2br(PKPString::stripUnsafeHtml(implode(PHP_EOL . PHP_EOL, $text))); }
/** * @copydoc Form::fetch() */ function fetch($request) { $context = $request->getContext(); $user = $request->getUser(); // Get the review method options. $reviewAssignmentDao = DAORegistry::getDAO('ReviewAssignmentDAO'); $reviewMethods = $reviewAssignmentDao->getReviewMethodsTranslationKeys(); $submission = $this->getSubmission(); $templateMgr = TemplateManager::getManager($request); $templateMgr->assign('reviewMethods', $reviewMethods); $templateMgr->assign('reviewerActions', $this->getReviewerFormActions()); $reviewFormDao = DAORegistry::getDAO('ReviewFormDAO'); $reviewForms = array(0 => __('editor.article.selectReviewForm')); $reviewFormsIterator = $reviewFormDao->getActiveByAssocId(Application::getContextAssocType(), $context->getId()); while ($reviewForm = $reviewFormsIterator->next()) { $reviewForms[$reviewForm->getId()] = $reviewForm->getLocalizedTitle(); } $templateMgr->assign('reviewForms', $reviewForms); $templateMgr->assign('emailVariables', array('reviewerName' => __('user.name'), 'responseDueDate' => __('reviewer.submission.responseDueDate'), 'reviewDueDate' => __('reviewer.submission.reviewDueDate'), 'submissionReviewUrl' => __('common.url'), 'reviewerUserName' => __('user.username'), 'contextName' => $context->getLocalizedName(), 'contextUrl' => __('common.url'), 'editorialContactSignature' => PKPString::stripUnsafeHtml($user->getContactSignature()), 'submissionTitle' => PKPString::stripUnsafeHtml($submission->getLocalizedTitle()), 'submissionAbstract' => PKPString::html2text($submission->getLocalizedAbstract()))); // Allow the default template $templateKeys[] = $this->_getMailTemplateKey($request->getContext()); // Determine if the current user can use any custom templates defined. $roleDao = DAORegistry::getDAO('RoleDAO'); $userRoles = $roleDao->getByUserId($user->getId(), $submission->getContextId()); foreach ($userRoles as $userRole) { if (in_array($userRole->getId(), array(ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR, ROLE_ID_ASSISTANT))) { $emailTemplateDao = DAORegistry::getDAO('EmailTemplateDAO'); $customTemplates = $emailTemplateDao->getCustomTemplateKeys(Application::getContextAssocType(), $submission->getContextId()); $templateKeys = array_merge($templateKeys, $customTemplates); break; } } foreach ($templateKeys as $templateKey) { $template = new SubmissionMailTemplate($submission, $templateKey, null, null, null, false); $template->assignParams(array()); $templates[$templateKey] = $template->getSubject(); } $templateMgr->assign('templates', $templates); // Get the reviewer user groups for the create new reviewer/enroll existing user tabs $context = $request->getContext(); $userGroupDao = DAORegistry::getDAO('UserGroupDAO'); /* @var $userGroupDao UserGroupDAO */ $reviewRound = $this->getReviewRound(); $reviewerUserGroups = $userGroupDao->getUserGroupsByStage($context->getId(), $reviewRound->getStageId(), false, false, ROLE_ID_REVIEWER); $userGroups = array(); while ($userGroup = $reviewerUserGroups->next()) { $userGroups[$userGroup->getId()] = $userGroup->getLocalizedName(); } $this->setData('userGroups', $userGroups); return parent::fetch($request); }
/** * Import all free-text/review form reviews to paste into message * @param $args array * @param $request PKPRequest * @return JSONMessage JSON object */ function importPeerReviews($args, $request) { // Retrieve the authorized submission. $submission = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION); // Retrieve the current review round. $reviewRound = $this->getAuthorizedContextObject(ASSOC_TYPE_REVIEW_ROUND); // Retrieve peer reviews. $reviewAssignmentDao = DAORegistry::getDAO('ReviewAssignmentDAO'); $submissionCommentDao = DAORegistry::getDAO('SubmissionCommentDAO'); $reviewFormResponseDao = DAORegistry::getDAO('ReviewFormResponseDAO'); $reviewFormElementDao = DAORegistry::getDAO('ReviewFormElementDAO'); $reviewAssignments = $reviewAssignmentDao->getBySubmissionId($submission->getId(), $reviewRound->getId()); $reviewIndexes = $reviewAssignmentDao->getReviewIndexesForRound($submission->getId(), $reviewRound->getId()); AppLocale::requireComponents(LOCALE_COMPONENT_PKP_SUBMISSION); $body = ''; $textSeparator = '------------------------------------------------------'; foreach ($reviewAssignments as $reviewAssignment) { // If the reviewer has completed the assignment, then import the review. if ($reviewAssignment->getDateCompleted() != null && !$reviewAssignment->getCancelled()) { // Get the comments associated with this review assignment $submissionComments = $submissionCommentDao->getSubmissionComments($submission->getId(), COMMENT_TYPE_PEER_REVIEW, $reviewAssignment->getId()); $body .= "<br><br>{$textSeparator}<br>"; // If it is an open review, show reviewer's name. if ($reviewAssignment->getReviewMethod() == SUBMISSION_REVIEW_METHOD_OPEN) { $body .= $reviewAssignment->getReviewerFullName() . "<br>\n"; } else { $body .= __('submission.comments.importPeerReviews.reviewerLetter', array('reviewerLetter' => PKPString::enumerateAlphabetically($reviewIndexes[$reviewAssignment->getId()]))) . "<br>\n"; } while ($comment = $submissionComments->next()) { // If the comment is viewable by the author, then add the comment. if ($comment->getViewable()) { $body .= PKPString::stripUnsafeHtml($comment->getComments()); } } $body .= "<br>{$textSeparator}<br><br>"; if ($reviewFormId = $reviewAssignment->getReviewFormId()) { $reviewId = $reviewAssignment->getId(); $reviewFormElements = $reviewFormElementDao->getByReviewFormId($reviewFormId); if (!$submissionComments) { $body .= "{$textSeparator}<br>"; $body .= __('submission.comments.importPeerReviews.reviewerLetter', array('reviewerLetter' => PKPString::enumerateAlphabetically($reviewIndexes[$reviewAssignment->getId()]))) . '<br><br>'; } while ($reviewFormElement = $reviewFormElements->next()) { if (!$reviewFormElement->getIncluded()) { continue; } $body .= PKPString::stripUnsafeHtml($reviewFormElement->getLocalizedQuestion()); $reviewFormResponse = $reviewFormResponseDao->getReviewFormResponse($reviewId, $reviewFormElement->getId()); if ($reviewFormResponse) { $possibleResponses = $reviewFormElement->getLocalizedPossibleResponses(); if (in_array($reviewFormElement->getElementType(), $reviewFormElement->getMultipleResponsesElementTypes())) { if ($reviewFormElement->getElementType() == REVIEW_FORM_ELEMENT_TYPE_CHECKBOXES) { $body .= '<ul>'; foreach ($reviewFormResponse->getValue() as $value) { $body .= '<li>' . PKPString::stripUnsafeHtml($possibleResponses[$value]) . '</li>'; } $body .= '</ul>'; } else { $body .= '<blockquote>' . PKPString::stripUnsafeHtml($possibleResponses[$reviewFormResponse->getValue()]) . '</blockquote>'; } $body .= '<br>'; } else { $body .= '<blockquote>' . htmlspecialchars($reviewFormResponse->getValue()) . '</blockquote>'; } } } $body .= "{$textSeparator}<br><br>"; } } } if (empty($body)) { return new JSONMessage(false, __('editor.review.noReviews')); } else { return new JSONMessage(true, $body); } }