..) attributes, javascript: urls, and special characters.
| static public stripUnsafeHtml ( $input ) : string | ||
| $input | string input string | |
| return | string | |
/**
* Extracts variables for a given column from a data element
* so that they may be assigned to template before rendering.
* @param $row GridRow
* @param $column GridColumn
* @return array
*/
function getTemplateVarsFromRowColumn($row, $column)
{
$element =& $row->getData();
$columnId = $column->getId();
assert(!empty($columnId));
switch ($columnId) {
case 'url':
return array('label' => '<a href="' . PKPString::stripUnsafeHtml($element['url']) . '" target="_blank">' . PKPString::stripUnsafeHtml($element['url']) . '</a>');
case 'shares':
return array('label' => $element['shares']);
}
}
/**
* Get cell actions associated with this row/column combination
* @param $row GridRow
* @param $column GridColumn
* @return array an array of LinkAction instances
*/
function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITION_DEFAULT)
{
assert($column->getId() == 'task');
$templateMgr = TemplateManager::getManager($request);
$notification = $row->getData();
$contextDao = Application::getContextDAO();
$context = $contextDao->getById($notification->getContextId());
$notificationMgr = new NotificationManager();
$router = $request->getRouter();
$templateMgr->assign(array('notificationMgr' => $notificationMgr, 'notification' => $notification, 'context' => $context, 'notificationObjectTitle' => $this->_getTitle($notification), 'message' => PKPString::stripUnsafeHtml($notificationMgr->getNotificationMessage($request, $notification))));
// See if we're working in a multi-context environment
$user = $request->getUser();
$contextDao = Application::getContextDAO();
$contexts = $contextDao->getAvailable($user ? $user->getId() : null)->toArray();
$templateMgr->assign('isMultiContext', count($contexts) > 1);
return array(new LinkAction('details', new AjaxAction($router->url($request, null, null, 'markRead', null, array('redirect' => 1, 'selectedElements' => array($notification->getId())))), $templateMgr->fetch('controllers/grid/tasks/task.tpl')));
}
/**
* Format the contents of the email
* @param $emailLogEntry EmailLogEntry
* @return string Formatted email
*/
function _formatEmail($emailLogEntry)
{
assert(is_a($emailLogEntry, 'EmailLogEntry'));
$text = array();
$text[] = __('email.from') . ': ' . htmlspecialchars($emailLogEntry->getFrom());
$text[] = __('email.to') . ': ' . htmlspecialchars($emailLogEntry->getRecipients());
$text[] = __('email.subject') . ': ' . htmlspecialchars($emailLogEntry->getSubject());
$text[] = $emailLogEntry->getBody();
return nl2br(PKPString::stripUnsafeHtml(implode(PHP_EOL . PHP_EOL, $text)));
}
/**
* @copydoc Form::fetch()
*/
function fetch($request)
{
$context = $request->getContext();
$user = $request->getUser();
// Get the review method options.
$reviewAssignmentDao = DAORegistry::getDAO('ReviewAssignmentDAO');
$reviewMethods = $reviewAssignmentDao->getReviewMethodsTranslationKeys();
$submission = $this->getSubmission();
$templateMgr = TemplateManager::getManager($request);
$templateMgr->assign('reviewMethods', $reviewMethods);
$templateMgr->assign('reviewerActions', $this->getReviewerFormActions());
$reviewFormDao = DAORegistry::getDAO('ReviewFormDAO');
$reviewForms = array(0 => __('editor.article.selectReviewForm'));
$reviewFormsIterator = $reviewFormDao->getActiveByAssocId(Application::getContextAssocType(), $context->getId());
while ($reviewForm = $reviewFormsIterator->next()) {
$reviewForms[$reviewForm->getId()] = $reviewForm->getLocalizedTitle();
}
$templateMgr->assign('reviewForms', $reviewForms);
$templateMgr->assign('emailVariables', array('reviewerName' => __('user.name'), 'responseDueDate' => __('reviewer.submission.responseDueDate'), 'reviewDueDate' => __('reviewer.submission.reviewDueDate'), 'submissionReviewUrl' => __('common.url'), 'reviewerUserName' => __('user.username'), 'contextName' => $context->getLocalizedName(), 'contextUrl' => __('common.url'), 'editorialContactSignature' => PKPString::stripUnsafeHtml($user->getContactSignature()), 'submissionTitle' => PKPString::stripUnsafeHtml($submission->getLocalizedTitle()), 'submissionAbstract' => PKPString::html2text($submission->getLocalizedAbstract())));
// Allow the default template
$templateKeys[] = $this->_getMailTemplateKey($request->getContext());
// Determine if the current user can use any custom templates defined.
$roleDao = DAORegistry::getDAO('RoleDAO');
$userRoles = $roleDao->getByUserId($user->getId(), $submission->getContextId());
foreach ($userRoles as $userRole) {
if (in_array($userRole->getId(), array(ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR, ROLE_ID_ASSISTANT))) {
$emailTemplateDao = DAORegistry::getDAO('EmailTemplateDAO');
$customTemplates = $emailTemplateDao->getCustomTemplateKeys(Application::getContextAssocType(), $submission->getContextId());
$templateKeys = array_merge($templateKeys, $customTemplates);
break;
}
}
foreach ($templateKeys as $templateKey) {
$template = new SubmissionMailTemplate($submission, $templateKey, null, null, null, false);
$template->assignParams(array());
$templates[$templateKey] = $template->getSubject();
}
$templateMgr->assign('templates', $templates);
// Get the reviewer user groups for the create new reviewer/enroll existing user tabs
$context = $request->getContext();
$userGroupDao = DAORegistry::getDAO('UserGroupDAO');
/* @var $userGroupDao UserGroupDAO */
$reviewRound = $this->getReviewRound();
$reviewerUserGroups = $userGroupDao->getUserGroupsByStage($context->getId(), $reviewRound->getStageId(), false, false, ROLE_ID_REVIEWER);
$userGroups = array();
while ($userGroup = $reviewerUserGroups->next()) {
$userGroups[$userGroup->getId()] = $userGroup->getLocalizedName();
}
$this->setData('userGroups', $userGroups);
return parent::fetch($request);
}
/**
* Import all free-text/review form reviews to paste into message
* @param $args array
* @param $request PKPRequest
* @return JSONMessage JSON object
*/
function importPeerReviews($args, $request)
{
// Retrieve the authorized submission.
$submission = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION);
// Retrieve the current review round.
$reviewRound = $this->getAuthorizedContextObject(ASSOC_TYPE_REVIEW_ROUND);
// Retrieve peer reviews.
$reviewAssignmentDao = DAORegistry::getDAO('ReviewAssignmentDAO');
$submissionCommentDao = DAORegistry::getDAO('SubmissionCommentDAO');
$reviewFormResponseDao = DAORegistry::getDAO('ReviewFormResponseDAO');
$reviewFormElementDao = DAORegistry::getDAO('ReviewFormElementDAO');
$reviewAssignments = $reviewAssignmentDao->getBySubmissionId($submission->getId(), $reviewRound->getId());
$reviewIndexes = $reviewAssignmentDao->getReviewIndexesForRound($submission->getId(), $reviewRound->getId());
AppLocale::requireComponents(LOCALE_COMPONENT_PKP_SUBMISSION);
$body = '';
$textSeparator = '------------------------------------------------------';
foreach ($reviewAssignments as $reviewAssignment) {
// If the reviewer has completed the assignment, then import the review.
if ($reviewAssignment->getDateCompleted() != null && !$reviewAssignment->getCancelled()) {
// Get the comments associated with this review assignment
$submissionComments = $submissionCommentDao->getSubmissionComments($submission->getId(), COMMENT_TYPE_PEER_REVIEW, $reviewAssignment->getId());
$body .= "<br><br>{$textSeparator}<br>";
// If it is an open review, show reviewer's name.
if ($reviewAssignment->getReviewMethod() == SUBMISSION_REVIEW_METHOD_OPEN) {
$body .= $reviewAssignment->getReviewerFullName() . "<br>\n";
} else {
$body .= __('submission.comments.importPeerReviews.reviewerLetter', array('reviewerLetter' => PKPString::enumerateAlphabetically($reviewIndexes[$reviewAssignment->getId()]))) . "<br>\n";
}
while ($comment = $submissionComments->next()) {
// If the comment is viewable by the author, then add the comment.
if ($comment->getViewable()) {
$body .= PKPString::stripUnsafeHtml($comment->getComments());
}
}
$body .= "<br>{$textSeparator}<br><br>";
if ($reviewFormId = $reviewAssignment->getReviewFormId()) {
$reviewId = $reviewAssignment->getId();
$reviewFormElements = $reviewFormElementDao->getByReviewFormId($reviewFormId);
if (!$submissionComments) {
$body .= "{$textSeparator}<br>";
$body .= __('submission.comments.importPeerReviews.reviewerLetter', array('reviewerLetter' => PKPString::enumerateAlphabetically($reviewIndexes[$reviewAssignment->getId()]))) . '<br><br>';
}
while ($reviewFormElement = $reviewFormElements->next()) {
if (!$reviewFormElement->getIncluded()) {
continue;
}
$body .= PKPString::stripUnsafeHtml($reviewFormElement->getLocalizedQuestion());
$reviewFormResponse = $reviewFormResponseDao->getReviewFormResponse($reviewId, $reviewFormElement->getId());
if ($reviewFormResponse) {
$possibleResponses = $reviewFormElement->getLocalizedPossibleResponses();
if (in_array($reviewFormElement->getElementType(), $reviewFormElement->getMultipleResponsesElementTypes())) {
if ($reviewFormElement->getElementType() == REVIEW_FORM_ELEMENT_TYPE_CHECKBOXES) {
$body .= '<ul>';
foreach ($reviewFormResponse->getValue() as $value) {
$body .= '<li>' . PKPString::stripUnsafeHtml($possibleResponses[$value]) . '</li>';
}
$body .= '</ul>';
} else {
$body .= '<blockquote>' . PKPString::stripUnsafeHtml($possibleResponses[$reviewFormResponse->getValue()]) . '</blockquote>';
}
$body .= '<br>';
} else {
$body .= '<blockquote>' . htmlspecialchars($reviewFormResponse->getValue()) . '</blockquote>';
}
}
}
$body .= "{$textSeparator}<br><br>";
}
}
}
if (empty($body)) {
return new JSONMessage(false, __('editor.review.noReviews'));
} else {
return new JSONMessage(true, $body);
}
}
