private function _getListItemHtml($node)
{
if (!isset($this->deleteRestrictionLevels)) {
$this->deleteRestrictionLevels = $this->getPropertyObject()->getDeleteReistrictionLevels();
$this->addRestrictionLevels = $this->getPropertyObject()->getAddReistrictionLevels();
$this->allowAdd = !(isset($this->addRestrictionLevels[0]) && $this->addRestrictionLevels[0] === '*');
$this->allowDelete = !(isset($this->deleteRestrictionLevels[0]) && $this->deleteRestrictionLevels[0] === '*');
}
$listContent = '';
$nodeName = isset($node['name']) ? __($node['name']) : __($node->getName());
$nodeUnitId = $node->getUnitId();
$displayNodeName = !empty($nodeUnitId) ? $nodeUnitId . " : " . $nodeName : $nodeName;
$displayNodeName = escape_once($displayNodeName);
$nodeDescription = isset($node['description']) ? __($node['description']) : __($node->getDescription());
$displayNodeDescription = escape_once($nodeDescription);
if (!empty($nodeDescription)) {
$listContent .= "<span id=\"span_{$node['id']}\" class=\"labelNode tiptip\" title=\"{$displayNodeDescription}\">{$displayNodeName}</span>";
} else {
$listContent .= "<span id=\"span_{$node['id']}\" class=\"labelNode\">{$displayNodeName}</span>";
}
$listContent .= content_tag('a', $displayNodeName, array('href' => '#?', 'id' => 'treeLink_edit_' . $node['id'], 'class' => 'editLink'));
$listContent .= ' ';
if ($this->allowAdd && !in_array($node['level'], $this->addRestrictionLevels)) {
$listContent .= content_tag('a', ' +', array('href' => '#?', 'id' => 'treeLink_addChild_' . $node['id'], 'style' => 'text-decoration: none;', 'class' => 'addButton'));
}
$listContent .= ' ';
if ($node['id'] != 1 && $this->allowDelete && !in_array($node['level'], $this->deleteRestrictionLevels)) {
$listContent .= content_tag('a', ' x', array('href' => '#?', 'id' => 'treeLink_delete_' . $node['id'], 'style' => 'text-decoration: none;', 'class' => 'deleteButton'));
}
return "<li id=\"node_{$node['id']}\">" . $listContent;
}
function _tag_options($options = array())
{
$options = _parse_attributes($options);
$html = '';
foreach ($options as $key => $value) {
$html .= ' ' . $key . '="' . escape_once($value) . '"';
}
return $html;
}
/**
* Transform kanji in the input Japanese text into links to the Study area,
* and add class for Javascript popup with the Heisig keywords.
*
* @param string $j_text Japanese text in utf-8 from validated post data.
* @return string Japanese text as HTML code.
*/
protected function transformJapaneseText($j_text)
{
coreToolkit::loadHelpers('Tag');
$j_text = escape_once(trim($j_text));
// collect associative array of known kanji => kanji, framenum, keyword
$kanjis = ReviewsPeer::getKnownKanji($this->getUser()->getUserId(), array('kanji', 'keyword'));
$known = array();
foreach ($kanjis as $i => $kanjiData) {
$known[$kanjiData['kanji']] = $kanjiData;
}
// wrap known kanji in text with links to Study area and hooks for javascript tooltip
foreach ($known as $kanji => $info) {
$url = '/study/?search=' . $info['framenum'];
$rep = '<a href="' . $url . '" class="j" title="' . $info['keyword'] . '">' . $kanji . '</a>';
$j_text = str_replace($kanji, $rep, $j_text);
}
// assumes lines end with \r\n
$j_text = preg_replace('/[\\r\\n]+/', '<br/>', $j_text);
return $j_text;
}
$t->is(tag('br', 'class=foo', false), '<br class="foo" />', 'tag() takes a string of options as its second parameters');
$t->is(tag('p', array('class' => 'foo', 'id' => 'bar'), true), '<p class="foo" id="bar">', 'tag() takes a boolean parameter as its third parameter');
//$t->is(tag('br', array('class' => '"foo"')), '<br class=""foo"" />');
// content_tag()
$t->diag('content_tag()');
$t->is(content_tag(''), '', 'content_tag() returns an empty string with empty input');
$t->is(content_tag('', ''), '', 'content_tag() returns an empty string with empty input');
$t->is(content_tag('p', 'Toto'), '<p>Toto</p>', 'content_tag() takes a content as its second parameter');
$t->is(content_tag('p', ''), '<p></p>', 'content_tag() takes a tag as its first parameter');
// cdata_section()
$t->diag('cdata_section()');
$t->is(cdata_section(''), '<![CDATA[]]>', 'cdata_section() returns a string wrapped into a CDATA section');
$t->is(cdata_section('foobar'), '<![CDATA[foobar]]>', 'cdata_section() returns a string wrapped into a CDATA section');
// escape_javascript()
$t->diag('escape_javascript()');
$t->is(escape_javascript("alert('foo');\nalert(\"bar\");"), 'alert(\\\'foo\\\');\\nalert(\\"bar\\");', 'escape_javascript() escapes JavaScript scripts');
// _get_option()
$t->diag('_get_option()');
$options = array('foo' => 'bar', 'bar' => 'foo');
$t->is(_get_option($options, 'foo'), 'bar', '_get_option() returns the value for the given key');
$t->ok(!isset($options['foo']), '_get_option() removes the key from the original array');
$t->is(_get_option($options, 'nofoo', 'nobar'), 'nobar', '_get_option() returns the default value if the key does not exist');
// escape_once()
$t->diag('escape_once()');
$t->is(escape_once('This a > text to "escape"'), 'This a > text to "escape"', 'escape_once() escapes an HTML strings');
$t->is(escape_once(escape_once('This a > text to "escape"')), 'This a > text to "escape"', 'escape_once() does not escape an already escaped string');
$t->is(escape_once('This a > text to "escape"'), 'This a > text to "escape"', 'escape_once() does not escape an already escaped string');
$t->is(escape_once("This a > \"text\" to 'escape'"), "This a > "text" to 'escape'", 'escape_once() does not escape simple quotes but escape double quotes');
// fix_double_escape()
$t->diag('fix_double_escape()');
$t->is(fix_double_escape(htmlspecialchars(htmlspecialchars('This a > text to "escape"'), ENT_QUOTES, 'UTF-8'), ENT_QUOTES, 'UTF-8'), 'This a > text to "escape"', 'fix_double_escape() fixes double escaped strings');
/**
* Returns a <textarea> tag, optionally wrapped with an inline rich-text JavaScript editor.
*
* The texarea_tag helper generates a standard HTML <textarea> tag and can be manipulated with
* any number of standard HTML parameters via the <i>$options</i> array variable. However, the
* textarea tag also has the unique capability of being transformed into a WYSIWYG rich-text editor
* such as TinyMCE (http://tinymce.moxiecode.com) very easily with the use of some specific options:
*
* <b>Options:</b>
* - rich: A rich text editor class (for example sfRichTextEditorTinyMCE for TinyMCE).
*
* <b>Examples:</b>
* <code>
* echo textarea_tag('notes');
* </code>
*
* <code>
* echo textarea_tag('description', 'This is a description', array('rows' => 10, 'cols' => 50));
* </code>
*
* @param string field name
* @param string populated field value
* @param array additional HTML compliant <textarea> tag parameters
*
* @return string <textarea> tag optionally wrapped with a rich-text WYSIWYG editor
*/
function textarea_tag($name, $content = null, $options = array())
{
$options = _parse_attributes($options);
if ($size = _get_option($options, 'size')) {
list($options['cols'], $options['rows']) = split('x', $size, 2);
}
// rich control?
if ($rich = _get_option($options, 'rich', false)) {
if (true === $rich) {
$rich = sfConfig::get('sf_rich_text_editor_class', 'TinyMCE');
}
// switch for backward compatibility
switch ($rich) {
case 'tinymce':
$rich = 'TinyMCE';
break;
case 'fck':
$rich = 'FCK';
break;
}
$editorClass = 'sfRichTextEditor' . $rich;
if (!class_exists($editorClass)) {
throw new sfConfigurationException(sprintf('The rich text editor "%s" does not exist.', $editorClass));
}
$sfEditor = new $editorClass();
if (!in_array('sfRichTextEditor', class_parents($sfEditor))) {
throw new sfConfigurationException(sprintf('The editor "%s" must extend sfRichTextEditor.', $editorClass));
}
$sfEditor->initialize($name, $content, $options);
return $sfEditor->toHTML();
}
return content_tag('textarea', escape_once(is_object($content) ? $content->__toString() : $content), array_merge(array('name' => $name, 'id' => get_id_from_name(_get_option($options, 'id', $name), null)), _convert_options($options)));
}
function _data_value($arr, $key, $default = false)
{
if ($arr && isset($arr[$key])) {
return escape_once($arr[$key]);
}
return escape_once($default);
}
/**
* Return a story formatted for display.
*
* The input story is ESCAPED before html tags are inserted for the formatting.
* It is assumed strip_tags() was used previously. The returned string should not be escaped
* again in the view template.
*
* @param String $story
* @param String $keyword
* @param Boolean $bSubstituteLinks True to show frame number references as links otherwise plain text.
* @return String
*/
public static function getFormattedStory($story, $keyword, $bSubstituteLinks = true)
{
// Links helper is used by getFormattedKanjiLink() call
coreToolkit::loadHelpers(array('Tag', 'Url'));
// minimal punctuation : upper case first beginning of text
$s = phpToolkit::mb_ucfirst($story);
//echo error_reporting();exit;
// minimal punctuation : end sentence with dot.
if (preg_match('/[^.!?]$/', $s)) {
$s = $s . '.';
}
// remove extra spaces
$s = preg_replace('/\\s\\s+/u', ' ', $s);
// format mnemonic keyword if keyword is found within text
$keywords = explode(rtkBook::EDITION_SEPARATOR, $keyword);
if (count($keywords) > 1) {
// use 4th edition keyword if multiple edition keyword
$keyword = $keywords[1];
}
// remove trailing '?' or '...'
$keyword = preg_replace('/\\s*\\.\\.\\.$|\\s*\\?$/', '', $keyword);
// fixes highlighting keywords like "lead (metal)" or "abyss [old]"
if (strstr($keyword, '(')) {
$keyword = preg_replace('/\\s+\\([^\\)]+\\)/', '', $keyword);
}
if (strstr($keyword, '[')) {
$keyword = preg_replace('/\\s+\\[[^\\]]+\\]/', '', $keyword);
}
if (strlen($keyword) == 1) {
$keyword = $keyword . '($|\\s+)';
}
// escape text before adding html tags, replace the single quotes with another
// special character because the escaping uses htmlspecialchars() inserts '
// and then the '#' character is matched by another regexp as the #keyword# marker
$s = str_replace('\'', '`', $s);
$s = escape_once($s);
$s = preg_replace('/(^|\\s+)(' . $keyword . ')/i', '<strong>$1$2</strong>', $s);
// format mnemonic #keyword#
$s = preg_replace('/#([^#]+)#/ui', '<strong>$1</strong>', $s);
// format mnemonic *primitives*
$s = preg_replace('/\\*([^\\*]+)\\*/ui', '<em>$1</em>', $s);
// $s = preg_replace("/{([0-9]+)}/", "<a href=\"?framenum=$1\">frame $1</a>", $s);
if ($bSubstituteLinks) {
$s = preg_replace_callback('/{([0-9]+)}/', array('StoriesPeer', 'getFormattedKanjiLink'), $s);
} else {
$s = preg_replace_callback('/{([0-9]+)}/', create_function('$matches', 'return sprintf("<em>%s</em> (FRAME %d)", KanjisPeer::getKeyword($matches[1]), $matches[1]);'), $s);
}
// Now restore the single quotes (as escaped single quotes)
$s = str_replace('`', ''', $s);
return $s;
}
<h1>Output Escaping Tests</h1> <?php echo escape_once($dangerous_message); ?>
include_partial('SideColumn', array('framenum' => $framenum));
?>
<div class="col-main col-box col-box-top">
<?php
if (!$framenum) {
?>
<div class="app-header">
<h2>Search : No results</h2>
<div class="clearboth"></div>
</div>
<p> Sorry, there are no results for "<strong><?php
echo escape_once($_params->get('search'));
?>
</strong>".</p>
<?php
} else {
?>
<div id="EditStoryComponent">
<div class="app-header">
<h2>Lesson <?php
echo $kanjiData->lessonnum;
?>
</h2>
<div class="clearboth"></div>
</div>
/**
* Create a <textarea> element, with content.
*
* @param string Name attribute
* @param mixed Default content
* @param array Optional attributes
*/
function textarea_tag($name, $content = null, $options = array())
{
$_request = coreContext::getInstance()->getRequest();
// repopulate with get/post data
$content = $_request->getParameter($name, $content);
// add css class
$options = _parse_attributes($options);
$options = array_merge(array('name' => $name, 'id' => get_id_from_name($name)), $options);
_check_field_error($name, $options);
return content_tag('textarea', escape_once(is_object($content) ? $content->__toString() : $content), _convert_options($options));
}
function _tag_options($options = array(), $raw = false)
{
static $sf_incremental_id = 0;
$options = _parse_attributes($options);
$response = sfContext::getInstance()->getResponse();
$script = $response->getParameter('script', '', 'symfony/view/UJS');
$html = '';
$id = isset($options['id']) ? $options['id'] : false;
foreach ($options as $key => $value)
{
if(strpos($key, 'on') !== 0 || $raw)
{
// regular attribute
$html .= ' '.$key.'="'.escape_once($value).'"';
}
else
{
// event handler
if(!$id)
{
$id = UJS_incremental_id();
$html .= ' id="'.$id.'"';
}
use_javascript('/sfUJSPlugin/js/jquery');
if(is_array($value))
{
$behaviour = array();
foreach($value as $behaviour_single)
{
$behaviour[] = "function() { ".escape_once($behaviour_single)." }";
}
$behaviour = implode(' ,', $behaviour);
}
else
{
$behaviour = "function() { ".escape_once($value)." }";
}
$script .= "$('#".$id."').".
substr($key, 2, strlen($key) - 2).
"( ".$behaviour." );\n";
}
$response->setParameter('script', $script, 'symfony/view/UJS');
}
return $html;
}
<tr><td>Timezone :</td><td><?php
echo rtkTimezones::$timezones[(string) $user['timezone']];
?>
</td></tr>
</table>
<table cellspacing="0" class="blocky">
<tr class="head">
<th colspan="2">Member Stats</th>
</tr>
<tr><td>Kanji Count :</td><td><?php
echo escape_once($kanji_count);
?>
</td></tr>
<tr><td>Total Reviews :</td><td><?php
echo escape_once($total_reviews);
?>
</td></tr>
<tr><td>Joined :</td><td><?php
echo date('j M Y', $user['ts_joindate']);
?>
</td></tr>
<tr><td>Last Login:</td><td><?php
echo time_ago_in_words($user['ts_lastlogin'], true);
?>
ago</td></tr>
</table>
<?php
if ($forum_uid && $self_account) {
?>
/**
* Inserts a page view into the supplied link's onclick attribute.
*
* @throws sfViewException if "track_as" option is absent
*
* @param sfGoogleAnalyticsTracker $tracker
* @param string $link
* @param array $options
*
* @return string
*/
function _add_onclick_tracking(sfGoogleAnalyticsTracker $tracker, $link, $options = array())
{
if (!isset($options['track_as'])) {
throw new sfViewException(sprintf('{%s} The "track_as" parameter is required.', basename(__FILE__)));
}
$tracker = sfContext::getInstance()->getRequest()->getTracker();
if ($tracker->isEnabled()) {
$onclick = $tracker->forgePageViewFunction($options['track_as'], $options);
$onclick = escape_once($onclick);
$link = str_replace('onclick="', 'onclick="' . $onclick . ' ', $link);
}
return $link;
}
include_partial('SideColumn', array('framenum' => $kanjiData ? $kanjiData->framenum : 0));
?>
<div class="col-main col-box col-box-top">
<?php
if (!$kanjiData) {
?>
<div class="app-header">
<h2>Search : No results</h2>
<div class="clearboth"></div>
</div>
<p> Sorry, there are no results for "<strong><?php
echo escape_once($_params->get('id'));
?>
</strong>".</p>
<?php
} else {
?>
<div id="EditStoryComponent">
<div class="app-header">
<h2>Lesson <?php
echo $kanjiData->lessonnum;
?>
</h2>
<div class="clearboth"></div>
</div>
/**
* Returns a <textarea> tag, optionally wrapped with an inline rich-text JavaScript editor.
*
* The texarea_tag helper generates a standard HTML <textarea> tag and can be manipulated with
* any number of standard HTML parameters via the <i>$options</i> array variable. However, the
* textarea tag also has the unique capability of being transformed into a WYSIWYG rich-text editor
* such as TinyMCE (http://tinymce.moxiecode.com) very easily with the use of some specific options:
*
* <b>Options:</b>
* - rich: A rich text editor class (for example sfRichTextEditorTinyMCE for TinyMCE).
*
* <b>Examples:</b>
* <code>
* echo textarea_tag('notes');
* </code>
*
* <code>
* echo textarea_tag('description', 'This is a description', array('rows' => 10, 'cols' => 50));
* </code>
*
* @param string field name
* @param string populated field value
* @param array additional HTML compliant <textarea> tag parameters
*
* @return string <textarea> tag optionally wrapped with a rich-text WYSIWYG editor
*/
function textarea_tag($name, $content = null, $options = array())
{
$options = _parse_attributes($options);
if ($size = _get_option($options, 'size')) {
list($options['cols'], $options['rows']) = split('x', $size, 2);
}
return content_tag('textarea', escape_once(is_object($content) ? $content->__toString() : $content), array_merge(array('name' => $name, 'id' => get_id_from_name(_get_option($options, 'id', $name), null)), _convert_options($options)));
}
<div class="layout-home">
<?php
include_partial('home/homeSide');
?>
<div class="col-main">
<div class="col-box col-box-top content">
<h2>Member Profile</h2>
<p> Sorry, the user <strong><?php
echo escape_once($_request->getParameter('username'));
?>
</strong> could not be found.</p>
<p>What's next:</p>
<ul>
<li><a href="javascript:history.go(-1)">Go back to previous page</a></li>
<li><?php
echo link_to('Go to Homepage', '@homepage');
?>
</li>
</ul>
</div>
</div>
</div>