iger
/
engelsystem
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge tag 'v3.4.1'

This commit is contained in:
Igor Scheller 2023-12-06 19:03:12 +01:00
parent 4e6ba3d684 efda1ffc1c
commit f2edb1a45c
31 changed files with 232 additions and 340 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
includes/controller/angeltypes_controller.php
View File

@ -72,7 +72,7 @@ function angeltype_delete_controller()
}
return [
sprintf(__('Delete angeltype %s'), $angeltype->name),
sprintf(__('Delete angeltype %s'), htmlspecialchars($angeltype->name)),
AngelType_delete_view($angeltype),
];
}
@ -154,7 +154,7 @@ function angeltype_edit_controller()
}
return [
sprintf(__('Edit %s'), $angeltype->name),
sprintf(__('Edit %s'), htmlspecialchars((string) $angeltype->name)),
AngelType_edit_view($angeltype, $supporter_mode),
];
}
@ -195,7 +195,7 @@ function angeltype_controller()
$isSupporter = !is_null($user_angeltype) && $user_angeltype->supporter;
return [
sprintf(__('Team %s'), $angeltype->name),
sprintf(__('Team %s'), htmlspecialchars($angeltype->name)),
AngelType_view(
$angeltype,
$members,
@ -324,7 +324,7 @@ function angeltypes_list_controller()
$angeltype->name = '<a href="'
. url('/angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype->id])
. '">'
. $angeltype->name
. htmlspecialchars($angeltype->name)
. '</a>';
$angeltype->actions = table_buttons($actions);

2
includes/controller/locations_controller.php
View File

@ -53,7 +53,7 @@ function location_controller(): array
$shiftCalendarRenderer = shiftCalendarRendererByShiftFilter($shiftsFilter);
return [
$location->name,
htmlspecialchars($location->name),
location_view($location, $shiftsFilterRenderer, $shiftCalendarRenderer),
];
}

9
includes/controller/shifts_controller.php
View File

@ -194,7 +194,7 @@ function shift_edit_controller()
foreach ($angeltypes as $angeltype_id => $angeltype_name) {
$angel_types_spinner .= form_spinner(
'angeltype_count_' . $angeltype_id,
$angeltype_name,
htmlspecialchars($angeltype_name),
$needed_angel_types[$angeltype_id],
[],
ScheduleShift::whereShiftId($shift->id)->first() ? true : false,
@ -216,7 +216,10 @@ function shift_edit_controller()
form_text('start', __('Start:'), $start->format('Y-m-d H:i')),
form_text('end', __('End:'), $end->format('Y-m-d H:i')),
form_textarea('description', __('Additional description'), $description),
form_info('', __('This description is for single shifts, otherwise please use the description in shift type.')),
form_info(
'',
__('This description is for single shifts, otherwise please use the description in shift type.')
),
'<h2>' . __('Needed angels') . '</h2>',
$angel_types_spinner,
form_submit('submit', __('form.save')),
@ -345,7 +348,7 @@ function shift_controller()
}
return [
$shift->shiftType->name,
htmlspecialchars($shift->shiftType->name),
Shift_view($shift, $shifttype, $location, $angeltypes, $shift_signup_state),
];
}

4
includes/controller/user_angeltypes_controller.php
View File

@ -37,7 +37,7 @@ function user_angeltypes_unconfirmed_hint()
foreach ($unconfirmed_user_angeltypes as $user_angeltype) {
$unconfirmed_links[] = '<a href="'
. url('/angeltypes', ['action' => 'view', 'angeltype_id' => $user_angeltype->angel_type_id])
. '">' . $user_angeltype->angelType->name
. '">' . htmlspecialchars($user_angeltype->angelType->name)
. ' (+' . $user_angeltype->count . ')'
. '</a>';
}
@ -418,7 +418,7 @@ function user_angeltype_join_controller(AngelType $angeltype)
}
return [
sprintf(__('Become a %s'), $angeltype->name),
sprintf(__('Become a %s'), htmlspecialchars($angeltype->name)),
UserAngelType_join_view($user, $angeltype),
];
}

6
includes/controller/users_controller.php
View File

@ -91,7 +91,7 @@ function user_delete_controller()
}
return [
sprintf(__('Delete %s'), $user_source->displayName),
sprintf(__('Delete %s'), htmlspecialchars($user_source->displayName)),
User_delete_view($user_source),
];
}
@ -182,7 +182,7 @@ function user_edit_vouchers_controller()
}
return [
sprintf(__('%s\'s vouchers'), $user_source->displayName),
sprintf(__('%s\'s vouchers'), htmlspecialchars($user_source->displayName)),
User_edit_vouchers_view($user_source),
];
}
@ -244,7 +244,7 @@ function user_controller()
}
return [
$user_source->displayName,
htmlspecialchars($user_source->displayName),
User_view(
$user_source,
auth()->can('admin_user'),

2
includes/engelsystem.php
View File

@ -23,7 +23,7 @@ if ($app->get('config')->get('maintenance')) {
http_response_code(503);
$url = $app->get(UrlGeneratorInterface::class);
$maintenance = file_get_contents(__DIR__ . '/../resources/views/layouts/maintenance.html');
$maintenance = str_replace('%APP_NAME%', $app->get('config')->get('app_name'), $maintenance);
$maintenance = str_replace('%APP_NAME%', htmlspecialchars($app->get('config')->get('app_name')), $maintenance);
$maintenance = str_replace('%ASSETS_PATH%', $url->to(''), $maintenance);
echo $maintenance;
die();

29
includes/helper/message_helper.php
View File

@ -17,11 +17,12 @@ function msg()
*
* @param string $msg
* @param bool $immediately
* @param bool $immediatelyRaw
* @return string
*/
function info($msg, $immediately = false)
function info($msg, $immediately = false, $immediatelyRaw = false)
{
return alert(NotificationType::INFORMATION, $msg, $immediately);
return alert(NotificationType::INFORMATION, $msg, $immediately, $immediatelyRaw);
}
/**
@ -29,11 +30,12 @@ function info($msg, $immediately = false)
*
* @param string $msg
* @param bool $immediately
* @param bool $immediatelyRaw
* @return string
*/
function warning($msg, $immediately = false)
function warning($msg, $immediately = false, $immediatelyRaw = false)
{
return alert(NotificationType::WARNING, $msg, $immediately);
return alert(NotificationType::WARNING, $msg, $immediately, $immediatelyRaw);
}
/**
@ -41,11 +43,12 @@ function warning($msg, $immediately = false)
*
* @param string $msg
* @param bool $immediately
* @param bool $immediatelyRaw
* @return string
*/
function error($msg, $immediately = false)
function error($msg, $immediately = false, $immediatelyRaw = false)
{
return alert(NotificationType::ERROR, $msg, $immediately);
return alert(NotificationType::ERROR, $msg, $immediately, $immediatelyRaw);
}
/**
@ -53,24 +56,27 @@ function error($msg, $immediately = false)
*
* @param string $msg
* @param bool $immediately
* @param bool $immediatelyRaw
* @return string
*/
function success($msg, $immediately = false)
function success($msg, $immediately = false, $immediatelyRaw = false)
{
return alert(NotificationType::MESSAGE, $msg, $immediately);
return alert(NotificationType::MESSAGE, $msg, $immediately, $immediatelyRaw);
}
/**
* Renders an alert message with the given alert-* class or sets it in session
*
* @see \Engelsystem\Controllers\HasUserNotifications
*
* @param NotificationType $type
* @param string $msg
* @param bool $immediately
* @param bool $immediatelyRaw
* @return string
*
* @see \Engelsystem\Controllers\HasUserNotifications
*
*/
function alert(NotificationType $type, $msg, $immediately = false)
function alert(NotificationType $type, $msg, $immediately = false, $immediatelyRaw = false)
{
if (empty($msg)) {
return '';
@ -87,6 +93,7 @@ function alert(NotificationType $type, $msg, $immediately = false)
['danger', 'warning', 'info', 'success'],
$type->value
);
$msg = $immediatelyRaw ? $msg : htmlspecialchars($msg);
return '<div class="alert alert-' . $type . '" role="alert">' . $msg . '</div>';
}

4
includes/pages/admin_free.php
View File

@ -100,9 +100,9 @@ function admin_free()
'name' => User_Nick_render($usr) . User_Pronoun_render($usr),
'shift_state' => User_shift_state_render($usr),
'last_shift' => User_last_shift_render($usr),
'dect' => sprintf('<a href="tel:%s">%1$s</a>', $usr->contact->dect),
'dect' => sprintf('<a href="tel:%s">%1$s</a>', htmlspecialchars((string) $usr->contact->dect)),
'email' => $usr->settings->email_human
? sprintf('<a href="mailto:%s">%1$s</a>', $email)
? sprintf('<a href="mailto:%s">%1$s</a>', htmlspecialchars((string) $email))
: icon('eye-slash'),
'actions' =>
auth()->can('admin_user')

10
includes/pages/admin_groups.php
View File

@ -31,11 +31,11 @@ function admin_groups()
$privileges_html = [];
foreach ($privileges as $privilege) {
$privileges_html[] = $privilege['name'];
$privileges_html[] = htmlspecialchars($privilege['name']);
}
$groups_table[] = [
'name' => $group->name,
'name' => htmlspecialchars($group->name),
'privileges' => join(', ', $privileges_html),
'actions' => button(
url(
@ -72,15 +72,15 @@ function admin_groups()
foreach ($privileges as $privilege) {
$privileges_form[] = form_checkbox(
'privileges[]',
$privilege->description . ' (' . $privilege->name . ')',
htmlspecialchars($privilege->description . ' (' . $privilege->name . ')'),
$privilege->selected != '',
$privilege->id,
'privilege-' . $privilege->name
'privilege-' . htmlspecialchars($privilege->name)
);
}
$privileges_form[] = form_submit('submit', __('form.save'));
$html .= page_with_title(__('Edit group') . ' ' . $group->name, [
$html .= page_with_title(__('Edit group') . ' ' . htmlspecialchars($group->name), [
form(
$privileges_form,
url('/admin-groups', ['action' => 'save', 'id' => $group->id])

6
includes/pages/admin_shifts.php
View File

@ -328,8 +328,8 @@ function admin_shifts()
. '<br>'
. location_name_render(Location::find($shift['location_id'])),
'title' =>
ShiftType::find($shifttype_id)->name
. ($shift['title'] ? '<br />' . $shift['title'] : ''),
htmlspecialchars(ShiftType::find($shifttype_id)->name)
. ($shift['title'] ? '<br />' . htmlspecialchars($shift['title']) : ''),
'needed_angels' => '',
];
foreach ($types as $type) {
@ -439,7 +439,7 @@ function admin_shifts()
$angel_types .= '<div class="col-sm-6 col-md-8 col-lg-6 col-xl-4 col-xxl-3">'
. form_spinner(
'angeltype_count_' . $type->id,
$type->name,
htmlspecialchars($type->name),
$needed_angel_types[$type->id],
[
'radio-name' => 'angelmode',

48
includes/pages/admin_user.php
View File

@ -49,7 +49,7 @@ function admin_user()
$html .= ' ' . __('If the angel is active, it can claim a goodie. If goodie is set to \'Yes\', the angel already got their goodie.');
}
}
$html .= '<br /><br />';
$html .= '<br><br>';
$html .= '<form action="'
. url('/admin-user', ['action' => 'save', 'id' => $user_id])
. '" method="post">' . "\n";
@ -58,20 +58,32 @@ function admin_user()
$html .= '<input type="hidden" name="Type" value="Normal">' . "\n";
$html .= '<tr><td>' . "\n";
$html .= '<table>' . "\n";
$html .= ' <tr><td>' . __('general.nick') . '</td><td>' . '<input size="40" name="eNick" value="' . $user_source->name . '" class="form-control" maxlength="24"></td></tr>' . "\n";
$html .= ' <tr><td>' . __('general.nick') . '</td><td>'
. '<input size="40" name="eNick" value="' . htmlspecialchars($user_source->name) . '" class="form-control" maxlength="24">'
. '</td></tr>' . "\n";
$html .= ' <tr><td>' . __('Last login') . '</td><td><p class="help-block">'
. ($user_source->last_login_at ? $user_source->last_login_at->format(__('general.datetime')) : '-')
. '</p></td></tr>' . "\n";
if (config('enable_user_name')) {
$html .= ' <tr><td>' . __('settings.profile.firstname') . '</td><td>' . '<input size="40" name="eName" value="' . $user_source->personalData->last_name . '" class="form-control" maxlength="64"></td></tr>' . "\n";
$html .= ' <tr><td>' . __('settings.profile.lastname') . '</td><td>' . '<input size="40" name="eVorname" value="' . $user_source->personalData->first_name . '" class="form-control" maxlength="64"></td></tr>' . "\n";
$html .= ' <tr><td>' . __('settings.profile.firstname') . '</td><td>'
. '<input size="40" name="eName" value="' . htmlspecialchars((string) $user_source->personalData->last_name) . '" class="form-control" maxlength="64">'
. '</td></tr>' . "\n";
$html .= ' <tr><td>' . __('settings.profile.lastname') . '</td><td>'
. '<input size="40" name="eVorname" value="' . htmlspecialchars((string) $user_source->personalData->first_name) . '" class="form-control" maxlength="64">'
. '</td></tr>' . "\n";
}
$html .= ' <tr><td>' . __('settings.profile.mobile') . '</td><td>' . '<input type= "tel" size="40" name="eHandy" value="' . $user_source->contact->mobile . '" class="form-control" maxlength="40"></td></tr>' . "\n";
$html .= ' <tr><td>' . __('settings.profile.mobile') . '</td><td>'
. '<input type= "tel" size="40" name="eHandy" value="' . htmlspecialchars((string) $user_source->contact->mobile) . '" class="form-control" maxlength="40">'
. '</td></tr>' . "\n";
if (config('enable_dect')) {
$html .= ' <tr><td>' . __('general.dect') . '</td><td>' . '<input size="40" name="eDECT" value="' . $user_source->contact->dect . '" class="form-control" maxlength="40"></td></tr>' . "\n";
$html .= ' <tr><td>' . __('general.dect') . '</td><td>'
. '<input size="40" name="eDECT" value="' . htmlspecialchars((string) $user_source->contact->dect) . '" class="form-control" maxlength="40">'
. '</td></tr>' . "\n";
}
if ($user_source->settings->email_human) {
$html .= ' <tr><td>' . __('general.email') . '</td><td>' . '<input type="email" size="40" name="eemail" value="' . $user_source->email . '" class="form-control" maxlength="254"></td></tr>' . "\n";
$html .= ' <tr><td>' . __('general.email') . '</td><td>'
. '<input type="email" size="40" name="eemail" value="' . htmlspecialchars($user_source->email) . '" class="form-control" maxlength="254">'
. '</td></tr>' . "\n";
}
if ($goodie_tshirt) {
$html .= ' <tr><td>' . __('user.shirt_size') . '</td><td>'
@ -135,11 +147,11 @@ function admin_user()
$html .= '</table>' . "\n" . '</td><td></td></tr>';
$html .= '</td></tr>' . "\n";
$html .= '</table>' . "\n" . '<br />' . "\n";
$html .= '</table>' . "\n" . '<br>' . "\n";
$html .= '<button type="submit" class="btn btn-primary">' . __('form.save') . '</button>' . "\n";
$html .= '</form>';
$html .= '<hr />';
$html .= '<hr>';
$html .= form_info('', __('Please visit the angeltypes page or the users profile to manage the users angeltypes.'));
@ -148,14 +160,18 @@ function admin_user()
. '" method="post">' . "\n";
$html .= form_csrf();
$html .= '<table>' . "\n";
$html .= ' <tr><td>' . __('settings.password') . '</td><td>' . '<input type="password" size="40" name="new_pw" value="" class="form-control" autocomplete="new-password"></td></tr>' . "\n";
$html .= ' <tr><td>' . __('password.reset.confirm') . '</td><td>' . '<input type="password" size="40" name="new_pw2" value="" class="form-control" autocomplete="new-password"></td></tr>' . "\n";
$html .= ' <tr><td>' . __('settings.password') . '</td><td>'
. '<input type="password" size="40" name="new_pw" value="" class="form-control" autocomplete="new-password">'
. '</td></tr>' . "\n";
$html .= ' <tr><td>' . __('password.reset.confirm') . '</td><td>'
. '<input type="password" size="40" name="new_pw2" value="" class="form-control" autocomplete="new-password">'
. '</td></tr>' . "\n";
$html .= '</table>' . "\n" . '<br />' . "\n";
$html .= '</table>' . "\n" . '<br>' . "\n";
$html .= '<button type="submit" class="btn btn-primary">' . __('form.save') . '</button>' . "\n";
$html .= '</form>';
$html .= '<hr />';
$html .= '<hr>';
/** @var Group $my_highest_group */
$my_highest_group = $user->groups()->orderByDesc('id')->first();
@ -183,7 +199,9 @@ function admin_user()
$html .= '<div class="form-check">'
. '<input class="form-check-input" type="checkbox" id="' . $group->id . '" name="groups[]" value="' . $group->id . '" '
. ($group->selected ? ' checked="checked"' : '')
. ' /><label class="form-check-label" for="' . $group->id . '">' . $group->name . '</label></div>';
. ' /><label class="form-check-label" for="' . $group->id . '">'
. htmlspecialchars($group->name)
. '</label></div>';
}
$html .= '</div><br>';
@ -191,7 +209,7 @@ function admin_user()
$html .= '<button type="submit" class="btn btn-primary">' . __('form.save') . '</button>' . "\n";
$html .= '</form>';
$html .= '<hr />';
$html .= '<hr>';
}
$html .= buttons([

11
includes/pages/user_shifts.php
View File

@ -381,15 +381,6 @@ function ical_hint()
. '<p id="collapseApiKey" class="collapse"><code>' . $user->api_key . '</code></p>';
}
/**
* @param array $array
* @return array
*/
function get_ids_from_array($array)
{
return $array['id'];
}
/**
* @param array $items
* @param array $selected
@ -422,7 +413,7 @@ function make_select($items, $selected, $name, $title = null, $ownSelect = [])
$htmlItems[] = '<div class="form-check">'
. '<input class="form-check-input" type="checkbox" id="' . $id . '" name="' . $name . '[]" value="' . $i['id'] . '" '
. (in_array($i['id'], $selected) ? ' checked="checked"' : '')
. '><label class="form-check-label" for="' . $id . '">' . $i['name'] . '</label>'
. '><label class="form-check-label" for="' . $id . '">' . htmlspecialchars($i['name']) . '</label>'
. (!isset($i['enabled']) || $i['enabled'] ? '' : icon('mortarboard-fill'))
. '</div>';
}

138
includes/sys_form.php
View File

@ -46,31 +46,6 @@ function form_spinner(string $name, string $label, int $value, array $data_attri
', $id);
}
/**
* Render a bootstrap datepicker
*
* @param string $name Name of the parameter
* @param string $label Label
* @param int|Carbon $value Unix Timestamp
* @param string $start_date Earliest possible date
* @param string $end_date
* @return string HTML
*/
function form_date($name, $label, $value, $start_date = '', $end_date = '')
{
$dom_id = $name . '-date';
$value = ($value instanceof Carbon) ? $value->getTimestamp() : $value;
$value = is_numeric($value) ? date('Y-m-d', $value) : '';
$start_date = is_numeric($start_date) ? date('Y-m-d', $start_date) : '';
$end_date = is_numeric($end_date) ? date('Y-m-d', $end_date) : '';
return form_element(
$label,
'<input class="form-control" id="' . $dom_id . '" type="date" placeholder="YYYY-MM-DD" pattern="[0-9]{4}-[0-9]{2}-[0-9]{2}" min="' . $start_date . '" max="' . $end_date . '" name="' . $name . '" value="' . htmlspecialchars((string) $value) . '" autocomplete="off">',
$dom_id
);
}
/**
* Render a bootstrap datepicker
*
@ -94,24 +69,6 @@ function form_datetime(string $name, string $label, $value)
', $dom_id, $name, htmlspecialchars($value ? $value->format('Y-m-d H:i') : '')), $dom_id);
}
/**
* Rendert eine Liste von Checkboxen für ein Formular
*
* @param string $name Die Namen der Checkboxen werden aus name_key gebildet
* @param string $label Die Beschriftung der Liste
* @param array $items Array mit den einzelnen Checkboxen
* @param array $selected Array mit den Keys, die ausgewählt sind
* @return string
*/
function form_checkboxes($name, $label, $items, $selected)
{
$html = form_element($label, '');
foreach ($items as $key => $item) {
$html .= form_checkbox($name . '_' . $key, $item, in_array($key, $selected));
}
return $html;
}
/**
* Rendert eine Checkbox
*
@ -129,14 +86,15 @@ function form_checkbox($name, $label, $selected, $value = 'checked', $html_id =
}
return '<div class="form-check">'
. '<input class="form-check-input" type="checkbox" id="' . $html_id . '" name="' . $name . '" value="' . htmlspecialchars((string) $value) . '" '
. '<input class="form-check-input" type="checkbox" id="' . $html_id . '" '
. 'name="' . htmlspecialchars($name) . '" value="' . $value . '" '
. ($selected ? ' checked="checked"' : '') . ' /><label class="form-check-label" for="' . $html_id . '">'
. $label
. '</label></div>';
}
/**
* Rendert einen Radio
* Renders a radio button
*
* @param string $name
* @param string $label
@ -233,67 +191,6 @@ function form_text($name, $label, $value, $disabled = false, $maxlength = null,
);
}
/**
* Renders a text input with placeholder instead of label.
*
* @param string $name Input name
* @param string $placeholder Placeholder
* @param string $value The value
* @param boolean $disabled Is the field enabled?
* @return string
*/
function form_text_placeholder($name, $placeholder, $value, $disabled = false)
{
$disabled = $disabled ? ' disabled="disabled"' : '';
return form_element(
'',
'<input class="form-control" id="form_' . $name . '" type="text" name="' . $name
. '" value="' . htmlspecialchars((string) $value) . '" placeholder="' . $placeholder
. '" ' . $disabled . '/>'
);
}
/**
* Rendert ein Formular-Emailfeld
*
* @param string $name
* @param string $label
* @param string $value
* @param bool $disabled
* @param string|null $autocomplete
* @param int|null $maxlength
*
* @return string
*/
function form_email($name, $label, $value, $disabled = false, $autocomplete = null, $maxlength = null)
{
$disabled = $disabled ? ' disabled="disabled"' : '';
$autocomplete = $autocomplete ? ' autocomplete="' . $autocomplete . '"' : '';
$maxlength = $maxlength ? ' maxlength=' . (int) $maxlength : '';
return form_element(
$label,
'<input class="form-control" id="form_' . $name . '" type="email" name="' . $name . '" value="'
. htmlspecialchars((string) $value) . '" ' . $disabled . $autocomplete . $maxlength . '/>',
'form_' . $name
);
}
/**
* Rendert ein Formular-Dateifeld
*
* @param string $name
* @param string $label
* @return string
*/
function form_file($name, $label)
{
return form_element(
$label,
sprintf('<input id="form_%1$s" type="file" name="%1$s" />', $name),
'form_' . $name
);
}
/**
* Rendert ein Formular-Passwortfeld
*
@ -309,7 +206,7 @@ function form_password($name, $label, $autocomplete, $disabled = false)
return form_element(
$label,
sprintf(
'<input class="form-control" id="form_%1$s" type="password" name="%1$s" minlength="%2$s" value="" autocomplete="%3$s"%4$s/>',
'<input class="form-control" id="form_%1$s" type="password" name="%1$s" minlength="%2$s" value="" autocomplete="%3$s" %4$s>',
$name,
config('min_password_length'),
$autocomplete,
@ -319,25 +216,6 @@ function form_password($name, $label, $autocomplete, $disabled = false)
);
}
/**
* Renders a password input with placeholder instead of label.
*
* @param string $name
* @param string $placeholder
* @param bool $disabled
* @return string
*/
function form_password_placeholder($name, $placeholder, $disabled = false)
{
$disabled = $disabled ? ' disabled="disabled"' : '';
return form_element(
'',
'<input class="form-control" id="form_' . $name . '" type="password" name="'
. $name . '" value="" placeholder="' . $placeholder . '" ' . $disabled . '/>',
'form_' . $name
);
}
/**
* Rendert ein Formular-Textfeld
*
@ -464,9 +342,13 @@ function html_select_key($dom_id, $name, $rows, $selected, $selectText = '')
}
foreach ($rows as $key => $row) {
if (($key == $selected) || ($row === $selected)) {
$html .= '<option value="' . $key . '" selected="selected">' . $row . '</option>';
$html .= '<option value="' . htmlspecialchars($key) . '" selected="selected">'
. htmlspecialchars($row)
. '</option>';
} else {
$html .= '<option value="' . $key . '">' . $row . '</option>';
$html .= '<option value="' . htmlspecialchars($key) . '">'
. htmlspecialchars($row)
. '</option>';
}
}
$html .= '</select>';

15
includes/sys_menu.php
View File

@ -69,15 +69,22 @@ function make_navigation()
}
$title = ((array) $options)[0];
$menu[] = toolbar_item_link(url(str_replace('_', '-', $menu_page)), '', $title, $menu_page == $page);
$menu[] = toolbar_item_link(
url(str_replace('_', '-', $menu_page)),
'',
$title,
$menu_page == $page
);
}
$menu = make_location_navigation($menu);
$admin_menu = [];
$admin_pages = [
// path => name
// path => [name, permission]
// Examples:
// path => name,
// path => [name, permission],
'admin_arrive' => 'Arrive angels',
'admin_active' => 'Active angels',
'users' => ['All Angels', 'admin_user'],
@ -104,7 +111,7 @@ function make_navigation()
$title = ((array) $options)[0];
$admin_menu[] = toolbar_dropdown_item(
url(str_replace('_', '-', $menu_page)),
__($title),
htmlspecialchars(__($title)),
$menu_page == $page
);
}

54
includes/sys_page.php
View File

@ -2,9 +2,7 @@
use Engelsystem\Helpers\Carbon;
use Engelsystem\Http\Exceptions\HttpTemporaryRedirect;
use Engelsystem\Models\BaseModel;
use Engelsystem\ValidationResult;
use Illuminate\Support\Collection;
/**
* Provide page/request helper functions
@ -63,41 +61,6 @@ function throw_redirect($url)
throw new HttpTemporaryRedirect($url);
}
/**
* Echoes given output and dies.
*
* @param string $output String to display
*/
function raw_output($output = '')
{
echo $output;
die();
}
/**
* Helper function for transforming list of entities into array for select boxes.
*
* @param array|Collection $data The data array
* @param string $key_name name of the column to use as id/key
* @param string $value_name name of the column to use as displayed value
*
* @return array|Collection
*/
function select_array($data, $key_name, $value_name)
{
if ($data instanceof Collection) {
return $data->mapWithKeys(function (BaseModel $model) use ($key_name, $value_name) {
return [$model->{$key_name} => $model->{$value_name}];
});
}
$return = [];
foreach ($data as $value) {
$return[$value[$key_name]] = $value[$value_name];
}
return $return;
}
/**
* Returns an int[] from given request param name.
*
@ -185,23 +148,6 @@ function strip_request_item($name, $default_value = null)
return $default_value;
}
/**
* Returns REQUEST value or default value (null) if not set.
*
* @param string $name
* @param string|null $default_value
* @return mixed|null
*/
function strip_request_tags($name, $default_value = null)
{
$request = request();
if ($request->has($name)) {
return strip_tags($request->input($name));
}
return $default_value;
}
/**
* Testet, ob der angegebene REQUEST Wert ein Integer ist, bzw.
* eine ID sein könnte.

19
includes/sys_template.php
View File

@ -72,17 +72,6 @@ function tabs($tabs, $selected = 0)
]);
}
/**
* Display muted (grey) text.
*
* @param string $text
* @return string
*/
function mute($text)
{
return '<span class="text-muted">' . $text . '</span>';
}
/**
* Renders a bootstrap label with given content and class.
*
@ -188,7 +177,7 @@ function toolbar_item_link($href, $icon, $label, $active = false)
return '<li class="nav-item">'
. '<a class="nav-link ' . ($active ? 'active" aria-current="page"' : '"') . ' href="' . $href . '">'
. ($icon != '' ? '<span class="bi bi-' . $icon . '"></span> ' : '')
. $label
. htmlspecialchars($label)
. '</a>'
. '</li>';
}
@ -196,11 +185,11 @@ function toolbar_item_link($href, $icon, $label, $active = false)
function toolbar_dropdown_item(string $href, string $label, bool $active, string $icon = null): string
{
return strtr(
'<li><a class="dropdown-item{active}"{aria} href="{href}">{icon} {label}</a></li>',
'<li><a class="dropdown-item{active}" {aria} href="{href}">{icon} {label}</a></li>',
[
'{href}' => $href,
'{icon}' => $icon === null ? '' : '<i class="bi bi-' . $icon . '"></i>',
'{label}' => $label,
'{label}' => htmlspecialchars($label),
'{active}' => $active ? ' active' : '',
'{aria}' => $active ? ' aria-current="page"' : '',
]
@ -235,7 +224,7 @@ EOT;
$template,
[
'{class}' => $active ? ' active' : '',
'{label}' => $label,
'{label}' => htmlspecialchars($label),
'{submenu}' => join("\n", $submenu),
]
);

35
includes/view/AngelTypes_view.php
View File

@ -26,7 +26,7 @@ function AngelType_name_render(AngelType $angeltype, $plain = false)
}
return '<a href="' . angeltype_link($angeltype->id) . '">'
. ($angeltype->restricted ? icon('mortarboard-fill') : '') . $angeltype->name
. ($angeltype->restricted ? icon('mortarboard-fill') : '') . htmlspecialchars($angeltype->name)
. '</a>';
}
@ -63,7 +63,7 @@ function AngelType_delete_view(AngelType $angeltype)
$link = button($angeltype->id
? url('/angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype->id])
: url('/angeltypes'), icon('chevron-left'), 'btn-sm');
return page_with_title($link . ' ' . sprintf(__('Delete angeltype %s'), $angeltype->name), [
return page_with_title($link . ' ' . sprintf(__('Delete angeltype %s'), htmlspecialchars($angeltype->name)), [
info(sprintf(__('Do you want to delete angeltype %s?'), $angeltype->name), true),
form([
buttons([
@ -87,7 +87,11 @@ function AngelType_edit_view(AngelType $angeltype, bool $supporter_mode)
? url('/angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype->id])
: url('/angeltypes'), icon('chevron-left'), 'btn-sm');
return page_with_title(
$link . ' ' . ($angeltype->id ? sprintf(__('Edit %s'), $angeltype->name) : __('Create angeltype')),
$link . ' ' . (
$angeltype->id ?
sprintf(__('Edit %s'), htmlspecialchars((string) $angeltype->name)) :
__('Create angeltype')
),
[
$angeltype->id ?
buttons([
@ -96,7 +100,7 @@ function AngelType_edit_view(AngelType $angeltype, bool $supporter_mode)
msg(),
form([
$supporter_mode
? form_info(__('general.name'), $angeltype->name)
? form_info(__('general.name'), htmlspecialchars($angeltype->name))
: form_text('name', __('general.name'), $angeltype->name),
$supporter_mode
? form_info(__('angeltypes.restricted'), $angeltype->restricted ? __('Yes') : __('No'))
@ -267,7 +271,7 @@ function AngelType_view_members(AngelType $angeltype, $members, $admin_user_ange
foreach ($members as $member) {
$member->name = User_Nick_render($member) . User_Pronoun_render($member);
if (config('enable_dect')) {
$member['dect'] = $member->contact->dect;
$member['dect'] = htmlspecialchars((string) $member->contact->dect);
}
if ($angeltype->requires_driver_license) {
$member['wants_to_drive'] = icon_bool($member->license->wantsToDrive());
@ -430,7 +434,7 @@ function AngelType_view(
) {
$link = button(url('/angeltypes'), icon('chevron-left'), 'btn-sm');
return page_with_title(
$link . ' ' . sprintf(__('Team %s'), $angeltype->name),
$link . ' ' . sprintf(__('Team %s'), htmlspecialchars($angeltype->name)),
[
AngelType_view_buttons($angeltype, $user_angeltype, $admin_angeltypes, $supporter, $user_driver_license, $user),
msg(),
@ -493,7 +497,7 @@ function AngelType_view_info(
$info[] = '<h3>' . __('general.description') . '</h3>';
$parsedown = new Parsedown();
if ($angeltype->description != '') {
$info[] = $parsedown->parse($angeltype->description);
$info[] = $parsedown->parse(htmlspecialchars($angeltype->description));
}
list($supporters, $members_confirmed, $members_unconfirmed) = AngelType_view_members(
@ -567,9 +571,20 @@ function AngelType_view_info(
function AngelTypes_render_contact_info(AngelType $angeltype)
{
$info = [
__('general.name') => [$angeltype->contact_name, $angeltype->contact_name],
__('general.dect') => config('enable_dect') ? [sprintf('<a href="tel:%s">%1$s</a>', $angeltype->contact_dect), $angeltype->contact_dect] : null,
__('general.email') => [sprintf('<a href="mailto:%s">%1$s</a>', $angeltype->contact_email), $angeltype->contact_email],
__('general.name') => [
htmlspecialchars($angeltype->contact_name),
htmlspecialchars($angeltype->contact_name),
],
__('general.dect') => config('enable_dect')
? [
sprintf('<a href="tel:%s">%1$s</a>', htmlspecialchars($angeltype->contact_dect)),
htmlspecialchars($angeltype->contact_dect),
]
: null,
__('general.email') => [
sprintf('<a href="mailto:%s">%1$s</a>', htmlspecialchars($angeltype->contact_email)),
htmlspecialchars($angeltype->contact_email),
],
];
$contactInfo = [];
foreach ($info as $name => $data) {

17
includes/view/Locations_view.php
View File

@ -24,13 +24,16 @@ function location_view(Location $location, ShiftsFilterRenderer $shiftsFilterRen
if ($location->description) {
$description = '<h3>' . __('general.description') . '</h3>';
$parsedown = new Parsedown();
$description .= $parsedown->parse($location->description);
$description .= $parsedown->parse(htmlspecialchars($location->description));
}
$dect = '';
if (config('enable_dect') && $location->dect) {
$dect = heading(__('Contact'), 3)
. description([__('general.dect') => sprintf('<a href="tel:%s">%1$s</a>', $location->dect)]);
. description([__('general.dect') => sprintf(
'<a href="tel:%s">%1$s</a>',
htmlspecialchars($location->dect)
)]);
}
$tabs = [];
@ -39,7 +42,7 @@ function location_view(Location $location, ShiftsFilterRenderer $shiftsFilterRen
'<div class="map">'
. '<iframe style="width: 100%%; min-height: 400px; border: 0 none;" src="%s"></iframe>'
. '</div>',
$location->map_url
htmlspecialchars($location->map_url)
);
}
@ -60,7 +63,7 @@ function location_view(Location $location, ShiftsFilterRenderer $shiftsFilterRen
$link = button(url('/admin/locations'), icon('chevron-left'), 'btn-sm');
return page_with_title(
(auth()->can('admin_locations') ? $link . ' ' : '') .
icon('pin-map-fill') . $location->name,
icon('pin-map-fill') . htmlspecialchars($location->name),
[
$assignNotice,
auth()->can('admin_locations') ? buttons([
@ -85,8 +88,10 @@ function location_view(Location $location, ShiftsFilterRenderer $shiftsFilterRen
function location_name_render(Location $location)
{
if (auth()->can('view_locations')) {
return '<a href="' . location_link($location) . '">' . icon('pin-map-fill') . $location->name . '</a>';
return '<a href="' . location_link($location) . '">'
. icon('pin-map-fill') . htmlspecialchars($location->name)
. '</a>';
}
return icon('pin-map-fill') . $location->name;
return icon('pin-map-fill') . htmlspecialchars($location->name);
}

12
includes/view/PublicDashboard_view.php
View File

@ -19,7 +19,9 @@ function public_dashboard_view($stats, $free_shifts, $highlighted_news)
if ($highlighted_news->isNotEmpty()) {
$first_news = $highlighted_news->first();
$news = div('alert alert-warning text-center', [
'<a href="' . url('/news/' . $first_news->id) . '"><strong>' . $first_news->title . '</strong></a>',
'<a href="' . url('/news/' . $first_news->id) . '">'
. '<strong>' . htmlspecialchars($first_news->title) . '</strong>'
. '</a>',
]);
}
@ -93,17 +95,17 @@ function public_dashboard_shift_render($shift)
$panel_body = icon('clock-history') . $shift['start'] . ' - ' . $shift['end'];
$panel_body .= ' (' . $shift['duration'] . '&nbsp;h)';
$panel_body .= '<br>' . icon('list-task') . $shift['shifttype_name'];
$panel_body .= '<br>' . icon('list-task') . htmlspecialchars($shift['shifttype_name']);
if (!empty($shift['title'])) {
$panel_body .= ' (' . $shift['title'] . ')';
$panel_body .= ' (' . htmlspecialchars($shift['title']) . ')';
}
$panel_body .= '<br>' . icon('pin-map-fill') . $shift['location_name'];
$panel_body .= '<br>' . icon('pin-map-fill') . htmlspecialchars($shift['location_name']);
foreach ($shift['needed_angels'] as $needed_angels) {
$panel_body .= '<br>' . icon('person')
. '<span class="text-' . $shift['style'] . '">'
. $needed_angels['need'] . ' &times; ' . $needed_angels['angeltype_name']
. $needed_angels['need'] . ' &times; ' . htmlspecialchars($needed_angels['angeltype_name'])
. '</span>';
}

6
includes/view/ShiftCalendarShiftRenderer.php
View File

@ -29,7 +29,7 @@ class ShiftCalendarShiftRenderer
{
$info_text = '';
if ($shift->title != '') {
$info_text = icon('info-circle') . $shift->title . '<br>';
$info_text = icon('info-circle') . htmlspecialchars($shift->title) . '<br>';
}
list($shift_signup_state, $shifts_row) = $this->renderShiftNeededAngeltypes(
$shift,
@ -197,7 +197,7 @@ class ShiftCalendarShiftRenderer
: $inner_text . '<br />'
. button(
url('/user-angeltypes', ['action' => 'add', 'angeltype_id' => $angeltype->id]),
sprintf(__('Become %s'), $angeltype->name),
sprintf(__('Become %s'), htmlspecialchars($angeltype->name)),
'btn-sm'
),
// Shift collides or user is already signed up: No signup allowed
@ -260,7 +260,7 @@ class ShiftCalendarShiftRenderer
}
$shift_heading = $shift->start->format('H:i') . ' &dash; '
. $shift->end->format('H:i') . ' &mdash; '
. $shift->shiftType->name;
. htmlspecialchars($shift->shiftType->name);
if ($needed_angeltypes_count > 0) {
$shift_heading = '<span class="badge bg-light text-danger me-1">' . $needed_angeltypes_count . '</span> ' . $shift_heading;

14
includes/view/ShiftEntry_view.php
View File

@ -19,7 +19,7 @@ function ShiftEntry_delete_view_admin(Shift $shift, AngelType $angeltype, User $
return page_with_title(ShiftEntry_delete_title(), [
info(sprintf(
__('Do you want to sign off %s from shift %s from %s to %s as %s?'),
User_Nick_render($signoff_user),
$signoff_user->displayName,
$shift->shiftType->name,
$shift->start->format(__('general.datetime')),
$shift->end->format(__('general.datetime')),
@ -92,7 +92,7 @@ function ShiftEntry_create_view_admin(
) {
$start = $shift->start->format(__('general.datetime'));
return page_with_title(
ShiftEntry_create_title() . ': ' . $shift->shiftType->name
ShiftEntry_create_title() . ': ' . htmlspecialchars($shift->shiftType->name)
. ' <small title="' . $start . '" data-countdown-ts="' . $shift->start->timestamp . '">%c</small>',
[
Shift_view_header($shift, $location),
@ -125,7 +125,7 @@ function ShiftEntry_create_view_supporter(
) {
$start = $shift->start->format(__('general.datetime'));
return page_with_title(
ShiftEntry_create_title() . ': ' . $shift->shiftType->name
ShiftEntry_create_title() . ': ' . htmlspecialchars($shift->shiftType->name)
. ' <small title="' . $start . '" data-countdown-ts="' . $shift->start->timestamp . '">%c</small>',
[
Shift_view_header($shift, $location),
@ -154,7 +154,7 @@ function ShiftEntry_create_view_user(Shift $shift, Location $location, AngelType
{
$start = $shift->start->format(__('general.datetime'));
return page_with_title(
ShiftEntry_create_title() . ': ' . $shift->shiftType->name
ShiftEntry_create_title() . ': ' . htmlspecialchars($shift->shiftType->name)
. ' <small title="' . $start . '" data-countdown-ts="' . $shift->start->timestamp . '">%c</small>',
[
Shift_view_header($shift, $location),
@ -230,9 +230,9 @@ function ShiftEntry_edit_view(
form([
form_info(__('Angel:'), User_Nick_render($angel)),
form_info(__('Date, Duration:'), $date),
form_info(__('Location:'), $location),
form_info(__('Title:'), $title),
form_info(__('Type:'), $type),
form_info(__('Location:'), htmlspecialchars($location)),
form_info(__('Title:'), htmlspecialchars($title)),
form_info(__('Type:'), htmlspecialchars($type)),
$comment,
join('', $freeload_form),
form_submit('submit', __('form.save')),

25
includes/view/Shifts_view.php
View File

@ -24,8 +24,8 @@ function Shift_view_header(Shift $shift, Location $location)
'<h4>' . __('title.title') . '</h4>',
'<p class="lead">'
. ($shift->url != ''
? '<a href="' . $shift->url . '">' . $shift->title . '</a>'
: $shift->title)
? '<a href="' . htmlspecialchars($shift->url) . '">' . htmlspecialchars($shift->title) . '</a>'
: htmlspecialchars($shift->title))
. '</p>',
]),
div('col-sm-3 col-xs-6', [
@ -98,7 +98,7 @@ function Shift_signup_button_render(Shift $shift, AngelType $angeltype)
url('/angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype->id]),
sprintf(
__('Become %s'),
$angeltype->name
htmlspecialchars($angeltype->name)
)
);
}
@ -175,8 +175,15 @@ function Shift_view(
$buttons = [
$shift_admin ? button(shift_edit_link($shift), icon('pencil') . __('edit')) : '',
$shift_admin ? button(shift_delete_link($shift), icon('trash') . __('delete')) : '',
$admin_shifttypes ? button(url('/admin/shifttypes/' . $shifttype->id), $shifttype->name) : '',
$admin_locations ? button(location_link($location), icon('pin-map-fill') . $location->name) : '',
$admin_shifttypes
? button(url('/admin/shifttypes/' . $shifttype->id), htmlspecialchars($shifttype->name))
: '',
$admin_locations
? button(
location_link($location),
icon('pin-map-fill') . htmlspecialchars($location->name)
)
: '',
];
}
$buttons[] = button(
@ -193,8 +200,8 @@ function Shift_view(
]),
div('col-sm-6', [
'<h2>' . __('general.description') . '</h2>',
$parsedown->parse($shifttype->description),
$parsedown->parse($shift->description),
$parsedown->parse(htmlspecialchars($shifttype->description)),
$parsedown->parse(htmlspecialchars($shift->description)),
]),
]);
@ -206,7 +213,9 @@ function Shift_view(
$link = button(url('/user-shifts'), icon('chevron-left'), 'btn-sm');
return page_with_title(
$link . ' ' . $shift->shiftType->name . ' <small title="' . $start . '" data-countdown-ts="' . $shift->start->timestamp . '">%c</small>',
$link . ' '
. htmlspecialchars($shift->shiftType->name)
. ' <small title="' . $start . '" data-countdown-ts="' . $shift->start->timestamp . '">%c</small>',
$content
);
}

6
includes/view/UserAngelTypes_view.php
View File

@ -138,7 +138,7 @@ function UserAngelType_add_view(AngelType $angeltype, $users_source, $user_id)
{
$users = [];
foreach ($users_source as $user_source) {
$users[$user_source->id] = User_Nick_render($user_source);
$users[$user_source->id] = $user_source->displayName;
}
return page_with_title(__('Add user to angeltype'), [
@ -151,7 +151,7 @@ function UserAngelType_add_view(AngelType $angeltype, $users_source, $user_id)
),
]),
form([
form_info(__('Angeltype'), $angeltype->name),
form_info(__('Angeltype'), htmlspecialchars($angeltype->name)),
form_checkbox('auto_confirm_user', __('Confirm user'), true),
form_select('user_id', __('general.user'), $users, $user_id),
form_submit('submit', __('Add')),
@ -166,7 +166,7 @@ function UserAngelType_add_view(AngelType $angeltype, $users_source, $user_id)
*/
function UserAngelType_join_view($user, AngelType $angeltype)
{
return page_with_title(sprintf(__('Become a %s'), $angeltype->name), [
return page_with_title(sprintf(__('Become a %s'), htmlspecialchars($angeltype->name)), [
msg(),
info(sprintf(
__('Do you really want to add %s to %s?'),

4
includes/view/UserHintsRenderer.php
View File

@ -20,9 +20,9 @@ class UserHintsRenderer
if (!empty($hint)) {
if ($important) {
$this->important = true;
$this->hints[] = error($hint, true);
$this->hints[] = error($hint, true, true);
} else {
$this->hints[] = info($hint, true);
$this->hints[] = info($hint, true, true);
}
}
}

64
includes/view/User_view.php
View File

@ -93,9 +93,9 @@ function Users_view(
foreach ($users as $user) {
$u = [];
$u['name'] = User_Nick_render($user) . User_Pronoun_render($user);
$u['first_name'] = $user->personalData->first_name;
$u['last_name'] = $user->personalData->last_name;
$u['dect'] = sprintf('<a href="tel:%s">%1$s</a>', $user->contact->dect);
$u['first_name'] = htmlspecialchars((string) $user->personalData->first_name);
$u['last_name'] = htmlspecialchars((string) $user->personalData->last_name);
$u['dect'] = sprintf('<a href="tel:%s">%1$s</a>', htmlspecialchars((string) $user->contact->dect));
$u['arrived'] = icon_bool($user->state->arrived);
if (config('enable_voucher')) {
$u['got_voucher'] = $user->state->got_voucher;
@ -272,7 +272,7 @@ function User_view_shiftentries($needed_angel_type)
{
$shift_info = '<br><b><a href="'
. url('/angeltypes', ['action' => 'view', 'angeltype_id' => $needed_angel_type['id']])
. '">' . $needed_angel_type['name'] . '</a>:</b> ';
. '">' . htmlspecialchars($needed_angel_type['name']) . '</a>:</b> ';
$shift_entries = [];
foreach ($needed_angel_type['users'] as $user_shift) {
@ -298,9 +298,9 @@ function User_view_shiftentries($needed_angel_type)
*/
function User_view_myshift(Shift $shift, $user_source, $its_me)
{
$shift_info = '<a href="' . shift_link($shift) . '">' . $shift->shiftType->name . '</a>';
$shift_info = '<a href="' . shift_link($shift) . '">' . htmlspecialchars($shift->shiftType->name) . '</a>';
if ($shift->title) {
$shift_info .= '<br /><a href="' . shift_link($shift) . '">' . $shift->title . '</a>';
$shift_info .= '<br /><a href="' . shift_link($shift) . '">' . htmlspecialchars($shift->title) . '</a>';
}
foreach ($shift->needed_angeltypes as $needed_angel_type) {
$shift_info .= User_view_shiftentries($needed_angel_type);
@ -319,7 +319,7 @@ function User_view_myshift(Shift $shift, $user_source, $its_me)
];
if ($its_me) {
$myshift['comment'] = $shift->user_comment;
$myshift['comment'] = htmlspecialchars($shift->user_comment);
}
if ($shift->freeloaded) {
@ -328,7 +328,9 @@ function User_view_myshift(Shift $shift, $user_source, $its_me)
. '</p>';
if (auth()->can('user_shifts_admin')) {
$myshift['comment'] .= '<br />'
. '<p class="text-danger">' . __('Freeloaded') . ': ' . $shift->freeloaded_comment . '</p>';
. '<p class="text-danger">'
. __('Freeloaded') . ': ' . htmlspecialchars($shift->freeloaded_comment)
. '</p>';
} else {
$myshift['comment'] .= '<br /><p class="text-danger">' . __('Freeloaded') . '</p>';
}
@ -452,7 +454,7 @@ function User_view_worklog(Worklog $worklog, $admin_user_worklog_privilege)
'duration' => sprintf('%.2f', $worklog->hours) . ' h',
'location' => '',
'shift_info' => __('Work log entry'),
'comment' => $worklog->comment . '<br>'
'comment' => htmlspecialchars($worklog->comment) . '<br>'
. sprintf(
__('Added by %s at %s'),
User_Nick_render($worklog->creator),
@ -543,9 +545,15 @@ function User_view(
)
. htmlspecialchars($user_source->name)
. (config('enable_user_name') ? ' <small>' . $user_name . '</small>' : '')
. ((auth()->can('user.info.show') && $user_source->state->user_info)
? (' <small><span class="bi bi-info-circle-fill text-info" data-bs-toggle="tooltip" title="'
. htmlspecialchars($user_source->state->user_info) . '"></span></small>') : ''),
. (
(auth()->can('user.info.show') && $user_source->state->user_info)
? (
' <small><span class="bi bi-info-circle-fill text-info" data-bs-toggle="tooltip" title="'
. htmlspecialchars($user_source->state->user_info)
. '"></span></small>'
)
: ''
),
[
msg(),
div('row', [
@ -608,8 +616,8 @@ function User_view(
config('enable_dect') && $user_source->contact->dect ?
heading(
icon('phone')
. ' <a href="tel:' . $user_source->contact->dect . '">'
. $user_source->contact->dect
. ' <a href="tel:' . htmlspecialchars($user_source->contact->dect) . '">'
. htmlspecialchars($user_source->contact->dect)
. '</a>'
)
: '',
@ -617,8 +625,8 @@ function User_view(
$user_source->settings->mobile_show ?
heading(
icon('phone')
. ' <a href="tel:' . $user_source->contact->mobile . '">'
. $user_source->contact->mobile
. ' <a href="tel:' . htmlspecialchars($user_source->contact->mobile) . '">'
. htmlspecialchars($user_source->contact->mobile)
. '</a>'
)
: ''
@ -639,19 +647,20 @@ function User_view(
($its_me || $admin_user_privilege) ? '<h2>' . __('Shifts') . '</h2>' : '',
$myshifts_table,
($its_me && $nightShiftsConfig['enabled'] && $goodie_enabled) ? info(
icon('info-circle') . sprintf(
__('Your night shifts between %d and %d am count twice for the %s score.'),
sprintf(
icon('info-circle') . __('Your night shifts between %d and %d am count twice for the %s score.'),
$nightShiftsConfig['start'],
$nightShiftsConfig['end'],
($goodie_tshirt ? __('T-shirt') : __('goodie'))
),
true,
true
) : '',
$its_me && count($shifts) == 0
? error(sprintf(
__('Go to the <a href="%s">shifts table</a> to sign yourself up for some shifts.'),
url('/user-shifts')
), true)
), true, true)
: '',
$its_me ? ical_hint() : '',
]
@ -781,7 +790,7 @@ function User_angeltypes_render($user_angeltypes)
$class = 'text-warning';
}
$output[] = '<a href="' . angeltype_link($angeltype->id) . '" class="' . $class . '">'
. ($angeltype->pivot->supporter ? icon('patch-check') : '') . $angeltype->name
. ($angeltype->pivot->supporter ? icon('patch-check') : '') . htmlspecialchars($angeltype->name)
. '</a>';
}
return div('col-md-2', [
@ -798,7 +807,7 @@ function User_groups_render($user_groups)
{
$output = [];
foreach ($user_groups as $group) {
$output[] = __($group->name);
$output[] = __(htmlspecialchars($group->name));
}
return div('col-md-2', [
@ -818,9 +827,11 @@ function User_oauth_render(User $user)
$output = [];
foreach ($user->oauth as $oauth) {
$output[] = __(
isset($config[$oauth->provider]['name'])
? $config[$oauth->provider]['name']
: Str::ucfirst($oauth->provider)
htmlspecialchars(
isset($config[$oauth->provider]['name'])
? $config[$oauth->provider]['name']
: Str::ucfirst($oauth->provider)
)
);
}
@ -965,7 +976,10 @@ function render_user_tshirt_hint()
function render_user_dect_hint()
{
$user = auth()->user();
if ((config('required_user_fields')['dect'] || $user->state->arrived) && config('enable_dect') && !$user->contact->dect) {
if (
(config('required_user_fields')['dect'] || $user->state->arrived)
&& config('enable_dect') && !$user->contact->dect
) {
$text = __('dect.required.hint');
return render_profile_link($text);
}

6
resources/views/admin/schedule/edit.twig
View File

@ -2,9 +2,11 @@
{% import 'macros/base.twig' as m %}
{% import 'macros/form.twig' as f %}
{% block title %}
{% block title %}{{ schedule ? __('schedule.edit.title') : __('schedule.import.title') }}{% endblock %}
{% block content_title %}
{{ m.button(m.icon('chevron-left'), url('/admin/schedule'), 'secondary', 'sm') }}
{{ schedule ? __('schedule.edit.title') : __('schedule.import.title') }}
{{ block('title') }}
{% endblock %}
{% block row_content %}

6
resources/views/admin/schedule/load.twig
View File

@ -2,9 +2,11 @@
{% import 'macros/base.twig' as m %}
{% import 'macros/form.twig' as f %}
{% block title %}
{% block title %}{{ __('schedule.import.load.title') }}{% endblock %}
{% block content_title %}
{{ m.button(m.icon('chevron-left'), url('/admin/schedule'), 'secondary', 'sm') }}
{{ __('schedule.import.load.title') }}
{{ block('title') }}
{% endblock %}
{% block row_content %}

4
resources/views/emails/angeltype-added.twig
View File

@ -3,9 +3,9 @@
{% set url=url('/angeltypes', {'action': 'view', 'angeltype_id': angeltype.id}) %}
{% block introduction %}
{{ __('notification.angeltype.added.introduction', [angeltype.name, url])|raw }}
{{ __('notification.angeltype.added.introduction', [angeltype.name|e, url])|raw }}
{% endblock %}
{% block message %}
{{ __('notification.angeltype.added.text', [angeltype.name, url])|raw }}
{{ __('notification.angeltype.added.text', [angeltype.name|e, url])|raw }}
{% endblock %}

4
resources/views/emails/angeltype-confirmed.twig
View File

@ -3,9 +3,9 @@
{% set url=url('/angeltypes', {'action': 'view', 'angeltype_id': angeltype.id}) %}
{% block introduction %}
{{ __('notification.angeltype.confirmed.introduction', [angeltype.name, url])|raw }}
{{ __('notification.angeltype.confirmed.introduction', [angeltype.name|e, url])|raw }}
{% endblock %}
{% block message %}
{{ __('notification.angeltype.confirmed.text', [angeltype.name, url])|raw }}
{{ __('notification.angeltype.confirmed.text', [angeltype.name|e, url])|raw }}
{% endblock %}

2
resources/views/pages/login.twig
View File

@ -7,7 +7,7 @@
<div class="col-md-12">
<div class="row mb-3 mt-5">
<div class="col-sm-12 text-center" id="welcome-title">
<h2>{{ __('login.welcome', [config('name') ~ m.angel() ~ (config('app_name')|upper) ])|raw }}</h2>
<h2>{{ __('login.welcome', [config('name')|e ~ m.angel() ~ (config('app_name')|upper|e) ])|raw }}</h2>
</div>
</div>

2
resources/views/pages/registration.twig
View File

@ -290,7 +290,7 @@
<div class="col-sm-6 col-md-4 col-lg-3 col-xl-2">
{{ f.checkbox(
'angel_types_' ~ angelType.id,
angelType.name ~ (angelType.restricted ? ' ' ~ m.icon('mortarboard-fill', 'text-body') : ''),
angelType.name|e ~ (angelType.restricted ? ' ' ~ m.icon('mortarboard-fill', 'text-body') : ''),
{
'value': angelType.id,
'raw_label': true,