Index: branches/5.3.x/core/kernel/db/db_tag_processor.php
===================================================================
diff -u -N -r15698 -r15902
--- branches/5.3.x/core/kernel/db/db_tag_processor.php (.../db_tag_processor.php) (revision 15698)
+++ branches/5.3.x/core/kernel/db/db_tag_processor.php (.../db_tag_processor.php) (revision 15902)
@@ -1,6 +1,6 @@
Application->Phrase($filter_params['label']));
+ $block_params['label'] = $filter_params['label'];
if ( getArrayValue($view_filter, $filter_key) ) {
$submit = 0;
@@ -855,7 +855,7 @@
$field = $this->SelectParam($params, 'name,field');
if (!$this->Application->isAdmin) {
- // apply htmlspecialchars on all field values on Front-End
+ // don't apply kUtil::escape() on any field value on Front-End
$params['no_special'] = 'no_special';
}
@@ -901,8 +901,7 @@
}
if (!array_key_exists('no_special', $params) || !$params['no_special']) {
- // when no_special parameter NOT SET apply htmlspecialchars
- $value = htmlspecialchars($value, null, CHARSET);
+ $value = kUtil::escape($value);
}
if (array_key_exists('checked', $params) && $params['checked']) {
@@ -2094,6 +2093,8 @@
$element_type = 'text';
}
+ $formatter_class = $object->GetFieldOption($field, 'formatter');
+
switch ($element_type) {
case 'select':
case 'multiselect':
@@ -2107,6 +2108,7 @@
$options = $helper->GetValuesHash( $object->GetDBField($params['value_list_field']) );
}
+ $object->SetFieldOption($field, 'formatter', 'kOptionsFormatter');
$object->SetFieldOption($field, 'options', $options);
break;
@@ -2130,7 +2132,11 @@
$params['name'] = $params['blocks_prefix'] . $element_type;
// use $pass_params to pass 'SourcePrefix' parameter from PrintList to CustomInputName tag
- return $this->Application->ParseBlock($params, 1);
+ $ret = $this->Application->ParseBlock($params, 1);
+
+ $object->SetFieldOption($field, 'formatter', $formatter_class);
+
+ return $ret;
}
/**
@@ -2292,7 +2298,7 @@
}
if ( !array_key_exists('no_special', $params) || !$params['no_special'] ) {
- $ret = htmlspecialchars($ret, null, CHARSET);
+ $ret = kUtil::escape($ret);
}
return $ret;
@@ -2734,8 +2740,15 @@
}
$icon_url = $this->Application->BaseURL() . 'core/admin_templates/img/top_frame/icons/' . $button_icon;
- $button_code = '';
+ $button_onclick = '$form_name = ' . json_encode($form_name) . '; std_edit_item(' . json_encode($item_prefix) . ', ' . json_encode($template) . ');';
+ $button_code = '';
+
if ( !isset($params['pass']) ) {
$params['pass'] = 'm,' . $item_prefix;
}
@@ -2756,8 +2769,9 @@
unset($params['button_icon'], $params['button_class'], $params['button_title'], $params['template'], $params['item_prefix'], $params['temp_mode']);
// link from Front-End to Admin, don't remove "index.php"
- $edit_url = $this->Application->HREF($template, ADMIN_DIRECTORY, $params, 'index.php');
- $edit_form = '';
+ $form_name_escaped = kUtil::escape($form_name, kUtil::ESCAPE_HTML);
+ $edit_url = kUtil::escape($this->Application->HREF($template, ADMIN_DIRECTORY, $params, 'index.php'), kUtil::ESCAPE_HTML);
+ $edit_form = '';
if ( isset($params['forms_later']) && $params['forms_later'] ) {
$all_forms = $this->Application->GetVar('all_forms');
@@ -2966,9 +2980,9 @@
// always add search buttons
array_push($preset_info['toolbar_buttons'], 'search', 'search_reset_alt');
- $toolbar_buttons = array_map('addslashes', $preset_info['toolbar_buttons']);
+ $toolbar_buttons = array_values($preset_info['toolbar_buttons']); // reset index
- return $toolbar_buttons ? "'" . implode("', '", $toolbar_buttons) . "'" : 'false';
+ return $toolbar_buttons ? trim(json_encode($toolbar_buttons), '[]') : 'false';
}
/**