[foundation-web] Make $error safe for HTML output purposes
- From: Olav Vitters <ovitters src gnome org>
- To: svn-commits-list gnome org
- Subject: [foundation-web] Make $error safe for HTML output purposes
- Date: Sat, 6 Jun 2009 09:01:04 -0400 (EDT)
commit bc342f9fbfc99ffc1a4b33cecdd963e30901820b
Author: Olav Vitters <olav bkor dhs org>
Date: Sat Jun 6 15:00:37 2009 +0200
Make $error safe for HTML output purposes
---
foundation.gnome.org/vote/blt.wml | 10 +++++-----
foundation.gnome.org/vote/include/step4-commit.php | 8 ++++----
foundation.gnome.org/vote/results.wml | 6 +++---
foundation.gnome.org/vote/vote.wml | 8 ++++----
foundation.gnome.org/vote/votes.wml | 12 ++++++------
5 files changed, 22 insertions(+), 22 deletions(-)
diff --git a/foundation.gnome.org/vote/blt.wml b/foundation.gnome.org/vote/blt.wml
index 4cc3ce9..39a9682 100644
--- a/foundation.gnome.org/vote/blt.wml
+++ b/foundation.gnome.org/vote/blt.wml
@@ -50,7 +50,7 @@ if ($display && $election_id >= 0) {
$error .= "The specified election/referendum does not exist.\n";
$display = FALSE;
} else if (!elec_election_has_ended ($election)) {
- $error .= "The voting period for the specified ".elec_election_get_type ($election)." starts on ".$election["voting_start"]." (UTC) and ends on ".$election["voting_end"]." (UTC). It is not possible to see the results now.\n";
+ $error .= "The voting period for the specified ".htmlspecialchars(elec_election_get_type ($election))." starts on ".htmlspecialchars($election["voting_start"])." (UTC) and ends on ".htmlspecialchars($election["voting_end"])." (UTC). It is not possible to see the results now.\n";
$display = FALSE;
}
}
@@ -59,7 +59,7 @@ if ($display && $election_id >= 0) {
if ($display) {
$choices = elec_choices_get ($handle, $election_id);
if ($choices === FALSE) {
- $error .= "The ".elec_election_get_type ($election)." is not properly set up.\n";
+ $error .= "The ".htmlspecialchars(elec_election_get_type ($election))." is not properly set up.\n";
$display = FALSE;
}
}
@@ -73,7 +73,7 @@ if (isset ($election) && $election !== FALSE) {
if ($display) {
$anon_tokens = elec_get_anon_tokens_for_election ($handle, $election_id);
if ($anon_tokens === FALSE) {
- $error .= "Can not get the anonymous tokens for this ".elec_election_get_type ($election).".\n";
+ $error .= "Can not get the anonymous tokens for this ".htmlspecialchars(elec_election_get_type ($election)).".\n";
$display = FALSE;
}
}
@@ -93,7 +93,7 @@ if ($display) {
$votes = elec_get_votes_for_anon_token ($handle, $anon_token["id"]);
if ($votes === FALSE) {
echo "1 999 0\n";
- $error .= "Can not get votes for anonymous token ".$anon_token["anon_token"]."\n";
+ $error .= "Can not get votes for anonymous token ".htmlspecialchars($anon_token["anon_token"])."\n";
} else if (count ($votes) == 0) {
echo "1 0\n";
} else {
@@ -103,7 +103,7 @@ if ($display) {
echo $choices_pos[$vote["choice_id"]]." ";
else {
echo "999 ";
- $error .= "There was an unkown vote for anonymous token ".$anon_token["anon_token"].": ".$vote["choice_id"]."\n";
+ $error .= "There was an unkown vote for anonymous token ".htmlspecialchars($anon_token["anon_token"]).": ".htmlspecialchars($vote["choice_id"])."\n";
}
}
echo "0\n";
diff --git a/foundation.gnome.org/vote/include/step4-commit.php b/foundation.gnome.org/vote/include/step4-commit.php
index 208616e..2532fbe 100644
--- a/foundation.gnome.org/vote/include/step4-commit.php
+++ b/foundation.gnome.org/vote/include/step4-commit.php
@@ -58,7 +58,7 @@ function step4_do () {
} while ($anon_token_id === FALSE && $i < 10);
if ($anon_token_id === FALSE) {
- $error .= "Can not create an anonymous token: ".mysql_error ($handle)."<br />\n";
+ $error .= "Can not create an anonymous token: ".htmlspecialchars(mysql_error ($handle))."<br />\n";
elec_sql_rollback ($handle);
return $result;
}
@@ -71,7 +71,7 @@ function step4_do () {
$res = elec_insert_new_vote ($handle, $anon_token_id, $vote, $index);
if (!$res) {
- $error .= "Can not insert a vote: ".mysql_error ($handle)."<br />\n";
+ $error .= "Can not insert a vote: ".htmlspecialchars(mysql_error ($handle))."<br />\n";
elec_sql_rollback ($handle);
return $result;
}
@@ -81,14 +81,14 @@ function step4_do () {
$res = elec_sql_remove_tmp_token ($handle, $election_id, $email, $tmp_token);
if (!$res) {
- $error .= "Can not remove temporary token: ".mysql_error ($handle)."<br />\n";
+ $error .= "Can not remove temporary token: ".htmlspecialchars(mysql_error ($handle))."<br />\n";
elec_sql_rollback ($handle);
return $result;
}
$res = elec_sql_commit ($handle);
if (!$res) {
- $error .= "Can not commit the vote: ".mysql_error ($handle)."<br />\n";
+ $error .= "Can not commit the vote: ".htmlspecialchars(mysql_error ($handle))."<br />\n";
return $result;
}
diff --git a/foundation.gnome.org/vote/results.wml b/foundation.gnome.org/vote/results.wml
index 200a21b..b17bbb4 100644
--- a/foundation.gnome.org/vote/results.wml
+++ b/foundation.gnome.org/vote/results.wml
@@ -35,7 +35,7 @@ if ($display && $election_id >= 0) {
$error .= "The specified election/referendum does not exist.<br />\n";
$display = FALSE;
} else if (!elec_election_has_ended ($election)) {
- $error .= "The voting period for the specified ".elec_election_get_type ($election)." starts on ".$election["voting_start"]." (UTC) and ends on ".$election["voting_end"]." (UTC). It is not possible to see the results now.<br />\n";
+ $error .= "The voting period for the specified ".htmlspecialchars(elec_election_get_type ($election))." starts on ".htmlspecialchars($election["voting_start"])." (UTC) and ends on ".htmlspecialchars($election["voting_end"])." (UTC). It is not possible to see the results now.<br />\n";
$display = FALSE;
}
else
@@ -49,7 +49,7 @@ if (isset ($election) && $election !== FALSE) {
{
echo "<h1>Results for the ".htmlspecialchars($election["name"])."</h1>\n";
} else {
- $error .= "The voting period for the specified ".elec_election_get_type ($election)." has closed, but the results of the election have not yet been calculated. It is not possible to see the results now.<br />\n";
+ $error .= "The voting period for the specified ".htmlspecialchars(elec_election_get_type ($election))." has closed, but the results of the election have not yet been calculated. It is not possible to see the results now.<br />\n";
echo "<p>In the meantime, you can look at the <a href=\"votes.php?election_id=".rawurlencode($election_id)."\">list of all votes</a> and verify that your vote is correct.</p>\n";
$display = FALSE;
}
@@ -64,7 +64,7 @@ if ($display) {
}
if (isset ($error) && $error != "") {
- echo "<div class=\"error\">".htmlspecialchars($error)."</div>\n";;
+ echo "<div class=\"error\">".$error."</div>\n";;
echo "<p>If you don't understand the error, you should probably contact the Membership and Elections Committee, which can be reached at <a href=\"mailto:elections gnome org\">elections gnome org</a>.</p>\n";
}
diff --git a/foundation.gnome.org/vote/vote.wml b/foundation.gnome.org/vote/vote.wml
index ae119a7..06166af 100644
--- a/foundation.gnome.org/vote/vote.wml
+++ b/foundation.gnome.org/vote/vote.wml
@@ -43,7 +43,7 @@ if ($election_id == -1) {
$error .= "The specified election/referendum does not exist.<br />\n";
$step = 0;
} else if (!elec_election_is_current ($election)) {
- $error .= "The voting period for the specified ".elec_election_get_type ($election)." starts on ".$election["voting_start"]." (UTC) and ends on ".$election["voting_end"]." (UTC). It is not possible to vote now.<br />\n";
+ $error .= "The voting period for the specified ".htmlspecialchars(elec_election_get_type ($election))." starts on ".htmlspecialchars($election["voting_start"])." (UTC) and ends on ".htmlspecialchars($election["voting_end"])." (UTC). It is not possible to vote now.<br />\n";
$step = 0;
}
}
@@ -65,7 +65,7 @@ if ($step > 1) {
$choices = elec_choices_get ($handle, $election_id);
if (!elec_verify_elections ($choices)) {
- $error .= "The ".elec_election_get_type ($election)." is not properly set up.\n";
+ $error .= "The ".htmlspecialchars(elec_election_get_type ($election))." is not properly set up.\n";
$step = 0;
}
@@ -220,7 +220,7 @@ if ($step >= 2) {
$res = elec_verify_vote_is_valid ($choices, $vote, $votes_array);
if ($res != "") {
- $error .= "The vote you made is not valid: ".$res."<br />\n";
+ $error .= "The vote you made is not valid: ".htmlspecialchars($res)."<br />\n";
$step = 2;
}
}
@@ -254,7 +254,7 @@ if (isset ($handle))
elec_sql_close ($handle);
if (isset ($error) && $error != "") {
- echo "<div class=\"error\">".htmlspecialchars($error)."</div>\n";;
+ echo "<div class=\"error\">".$error."</div>\n";;
echo "<p>If you don't understand the error, you should probably contact the Membership and Elections Committee, which can be reached at <a href=\"mailto:elections gnome org\">elections gnome org</a>.</p>\n";
}
diff --git a/foundation.gnome.org/vote/votes.wml b/foundation.gnome.org/vote/votes.wml
index 60e6376..4107726 100644
--- a/foundation.gnome.org/vote/votes.wml
+++ b/foundation.gnome.org/vote/votes.wml
@@ -35,7 +35,7 @@ if ($display && $election_id >= 0) {
$error .= "The specified election/referendum does not exist.<br />\n";
$display = FALSE;
} else if (!elec_election_has_ended ($election)) {
- $error .= "The voting period for the specified ".elec_election_get_type ($election)." starts on ".$election["voting_start"]." (UTC) and ends on ".$election["voting_end"]." (UTC). It is not possible to see the results now.<br />\n";
+ $error .= "The voting period for the specified ".htmlspecialchars(elec_election_get_type ($election))." starts on ".htmlspecialchars($election["voting_start"])." (UTC) and ends on ".htmlspecialchars($election["voting_end"])." (UTC). It is not possible to see the results now.<br />\n";
$display = FALSE;
}
}
@@ -47,7 +47,7 @@ if (isset ($election) && $election !== FALSE) {
if ($display) {
$anon_tokens = elec_get_anon_tokens_for_election ($handle, $election_id);
if ($anon_tokens === FALSE) {
- $error .= "Can not get the anonymous tokens for this ".elec_election_get_type ($election).".\n";
+ $error .= "Can not get the anonymous tokens for this ".htmlspecialchars(elec_election_get_type ($election)).".\n";
$display = FALSE;
}
}
@@ -55,7 +55,7 @@ if ($display) {
if ($display) {
$choices = elec_choices_get ($handle, $election_id);
if ($choices === FALSE) {
- $error .= "The ".elec_election_get_type ($election)." is not properly set up.\n";
+ $error .= "The ".htmlspecialchars(elec_election_get_type ($election))." is not properly set up.\n";
$display = FALSE;
}
}
@@ -89,7 +89,7 @@ if ($display) {
if ($votes === FALSE) {
echo "Can not access votes<br />for this anonymous token.";
- $error .= "Can not get votes for anonymous token ".$anon_token["anon_token"]."<br />\n";
+ $error .= "Can not get votes for anonymous token ".htmlspecialchars($anon_token["anon_token"])."<br />\n";
} else if (count ($votes) == 0) {
echo "This member chose to vote for<br />none of the possible choices.";
} else {
@@ -99,7 +99,7 @@ if ($display) {
echo "<li><em>".htmlspecialchars($votes["preference"])." ".htmlspecialchars($choices_name[$vote["choice_id"]])."</em></li>\n";
else {
echo "<li><em>Unknown value (".htmlspecialchars($vote["choice_id"]).")</em></li>\n";
- $error .= "There was an unkown vote for anonymous token ".$anon_token["anon_token"].": ".$vote["choice_id"]."<br />\n";
+ $error .= "There was an unkown vote for anonymous token ".htmlspecialchars($anon_token["anon_token"]).": ".htmlspecialchars($vote["choice_id"])."<br />\n";
}
}
echo "</ol>";
@@ -114,7 +114,7 @@ if ($display) {
}
if (isset ($error) && $error != "") {
- echo "<div class=\"error\">".htmlspecialchars($error)."</div>\n";;
+ echo "<div class=\"error\">".$error."</div>\n";;
echo "<p>If you don't understand the error, you should probably contact the Membership and Elections Committee, which can be reached at <a href=\"mailto:elections gnome org\">elections gnome org</a>.</p>\n";
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
