/** * Fill header */ private function fillHeader() { global $lng, $ilUser, $ilCtrl; $icon = false; if ($this->icon_path != "") { $icon = true; $this->setCurrentBlock("header_image"); if ($this->icon_desc != "") { $this->setVariable("IMAGE_DESC", $lng->txt("icon") . " " . $this->icon_desc); $this->setVariable("IMAGE_ALT", $lng->txt("icon") . " " . $this->icon_desc); } $this->setVariable("IMG_HEADER", $this->icon_path); $this->parseCurrentBlock(); $header = true; } if ($this->title != "") { $this->title = ilUtil::stripScriptHTML($this->title); $this->setVariable("HEADER", $this->title); if ($this->title_url != "") { $this->setVariable("HEADER_URL", ' href="' . $this->title_url . '"'); } if ($this->getTitleColor() != "") { $this->setVariable("HEADER_COLOR", " style=\"color: #" . $this->getTitleColor() . "\""); } if ($icon) { //$this->setVariable("HICONCL", "ilHeaderHasIcon"); } $header = true; } if ($header) { $this->setCurrentBlock("header_image"); $this->parseCurrentBlock(); } if ($this->title_desc != "") { $this->setCurrentBlock("header_desc"); $this->setVariable("H_DESCRIPTION", $this->title_desc); $this->parseCurrentBlock(); } $header = $this->getHeaderActionMenu(); if ($header) { $this->setCurrentBlock("head_action_inner"); $this->setVariable("HEAD_ACTION", $header); $this->parseCurrentBlock(); $this->touchBlock("head_action"); } if (count((array) $this->title_alerts)) { foreach ($this->title_alerts as $alert) { $this->setCurrentBlock('header_alert'); if (!($alert['propertyNameVisible'] === false)) { $this->setVariable('H_PROP', $alert['property'] . ':'); } $this->setVariable('H_VALUE', $alert['value']); $this->parseCurrentBlock(); } } // add file upload drop zone in header if ($this->enable_fileupload != null) { $ref_id = $this->enable_fileupload; $upload_id = "dropzone_" . $ref_id; include_once "./Services/FileUpload/classes/class.ilFileUploadGUI.php"; $upload = new ilFileUploadGUI($upload_id, $ref_id, true); $this->setVariable("FILEUPLOAD_DROPZONE_ID", " id=\"{$upload_id}\""); $this->setCurrentBlock("header_fileupload"); $this->setVariable("HEADER_FILEUPLOAD_SCRIPT", $upload->getHTML()); $this->parseCurrentBlock(); } }
/** * Show frameset */ function show($a_get_only = false) { global $ilSetting; if ($ilSetting->get("tree_frame") == "right") { $main = "LEFT"; $side = "RIGHT"; } else { $main = "RIGHT"; $side = "LEFT"; } $tpl = new ilTemplate("tpl.frameset.html", true, false); $tpl->setVariable("LOCATION_STYLESHEET", ilUtil::getStyleSheetLocation()); $tpl->setVariable("PAGETITLE", "- " . ilUtil::stripScriptHTML($this->frameset_title)); $tpl->setVariable("SRC_" . $main, $this->main_frame_source); $tpl->setVariable("SRC_" . $side, $this->side_frame_source); $tpl->setVariable("TITLE_" . $main, $this->main_frame_title); $tpl->setVariable("TITLE_" . $side, $this->side_frame_title); $tpl->setVariable("NAME_" . $main, $this->main_frame_name); $tpl->setVariable("NAME_" . $side, $this->side_frame_name); $tpl->setVariable("WIDTH_" . $main, $this->getMainWidth()); $tpl->setVariable("WIDTH_" . $side, $this->getSideWidth()); if ($ilSetting->get('short_inst_name') != "") { $tpl->setVariable("WINDOW_TITLE", $ilSetting->get('short_inst_name')); } else { $tpl->setVariable("WINDOW_TITLE", "ILIAS"); } if ($a_get_only) { return $tpl->get(); } else { $tpl->show("DEFAULT", false); } }
/** * Remove unsecure tags * * @static * */ public static function secureString($a_str, $a_strip_html = true, $a_allow = "") { // check whether all allowed tags can be made secure $only_secure = true; $allow_tags = explode(">", $a_allow); $sec_tags = ilUtil::getSecureTags(); $allow_array = array(); foreach ($allow_tags as $allow) { if ($allow != "") { $allow = str_replace("<", "", $allow); if (!in_array($allow, $sec_tags)) { $only_secure = false; } $allow_array[] = $allow; } } // default behaviour: allow only secure tags 1:1 if (($only_secure || $a_allow == "") && $a_strip_html) { if ($a_allow == "") { $allow_array = array("b", "i", "strong", "em", "code", "cite", "gap", "sub", "sup", "pre", "strike"); } // this currently removes parts of strings like "a <= b" // because "a <= b" is treated like "<spam onclick='hurt()'>ss</spam>" $a_str = ilUtil::maskSecureTags($a_str, $allow_array); $a_str = strip_tags($a_str); // strip all other tags $a_str = ilUtil::unmaskSecureTags($a_str, $allow_array); // a possible solution could be something like: // $a_str = str_replace("<", "<", $a_str); // $a_str = str_replace(">", ">", $a_str); // $a_str = ilUtil::unmaskSecureTags($a_str, $allow_array); // // output would be ok then, but input fields would show // "a <= b" for input "a <= b" if data is brought back to a form } else { // only for scripts, that need to allow more/other tags and parameters if ($a_strip_html) { $a_str = ilUtil::stripScriptHTML($a_str, $a_allow); } } return $a_str; }
/** * Fill header */ private function fillHeader() { global $lng, $ilUser, $ilCtrl; if ($this->frame_fixed_width) { $this->setVariable("FRAME_FIXED_WIDTH", " ilFrameFixedWidth"); } $icon = false; if ($this->icon_path != "") { $icon = true; if ($this->icon_desc != "") { $this->setCurrentBlock("header_image_desc"); $this->setVariable("IMAGE_DESC", $lng->txt("icon") . " " . $this->icon_desc); $this->parseCurrentBlock(); } $this->setCurrentBlock("header_image"); if ($this->icon_desc != "") { $this->setVariable("IMAGE_ALT", $lng->txt("icon") . " " . $this->icon_desc); } else { // empty alt tag for images that, e.g. are directly attached in heading // and would only repeat the heading text $this->setVariable("IMAGE_ALT", ""); } $this->setVariable("IMG_HEADER", $this->icon_path); $this->parseCurrentBlock(); $header = true; } if ($this->title != "") { $this->title = ilUtil::stripScriptHTML($this->title); $this->setVariable("HEADER", $this->title); if ($icon) { $this->setVariable("HICONCL", "ilHeaderHasIcon"); } $header = true; } if ($header) { $this->setCurrentBlock("header_image"); $this->parseCurrentBlock(); } if ($this->title_desc != "") { $this->setCurrentBlock("header_desc"); $this->setVariable("H_DESCRIPTION", $this->title_desc); $this->parseCurrentBlock(); } $header = $this->getHeaderActionMenu(); if ($header) { $this->setCurrentBlock("head_action_inner"); $this->setVariable("HEAD_ACTION", $header); $this->parseCurrentBlock(); $this->touchBlock("head_action"); } if (count((array) $this->title_alerts)) { foreach ($this->title_alerts as $alert) { $this->setCurrentBlock('header_alert'); if (!($alert['propertyNameVisible'] === false)) { $this->setVariable('H_PROP', $alert['property'] . ':'); } $this->setVariable('H_VALUE', $alert['value']); $this->parseCurrentBlock(); } } }