diff options
author | wei <> | 2006-07-28 07:56:03 +0000 |
---|---|---|
committer | wei <> | 2006-07-28 07:56:03 +0000 |
commit | fbf05a159bc1a688940c16dc304eaaf140188b01 (patch) | |
tree | 9346b49526b9ef908e59039244b2f3c220f5a530 | |
parent | ff6db29dff9b4778b97d2234d08cdcc10770562a (diff) |
Time-Tracker Demo: Escape html entities in output.
11 files changed, 53 insertions, 30 deletions
diff --git a/demos/time-tracker/index.php b/demos/time-tracker/index.php index 0f8f412a..69e6b5c5 100644 --- a/demos/time-tracker/index.php +++ b/demos/time-tracker/index.php @@ -14,6 +14,13 @@ if(!is_writable($runtimePath)) require_once($frameworkPath);
+function h($text)
+{
+ $app = Prado::getApplication()->getGlobalization();
+ $charset = $app ? $app->getCharset() : 'UTF-8';
+ return htmlentities($text, ENT_QUOTES, $charset);
+}
+
$application=new TApplication;
$application->run();
diff --git a/demos/time-tracker/protected/pages/TimeTracker/CategoryDataList.tpl b/demos/time-tracker/protected/pages/TimeTracker/CategoryDataList.tpl index 7a19dadb..0b62300c 100644 --- a/demos/time-tracker/protected/pages/TimeTracker/CategoryDataList.tpl +++ b/demos/time-tracker/protected/pages/TimeTracker/CategoryDataList.tpl @@ -16,9 +16,9 @@ <prop:ItemTemplate>
<tr>
- <td class="categoryName"><%# $this->DataItem->Name %></td>
- <td class="abbrev"><%# $this->DataItem->Abbreviation %></td>
- <td class="duration"><%# $this->DataItem->EstimateDuration %></td>
+ <td class="categoryName"><%# h($this->DataItem->Name) %></td>
+ <td class="abbrev"><%# h($this->DataItem->Abbreviation) %></td>
+ <td class="duration"><%# h($this->DataItem->EstimateDuration) %></td>
<td class="edit">
<com:TButton Text="Edit" CommandName="edit"/>
<com:TButton Text="Delete" CommandName="delete"
diff --git a/demos/time-tracker/protected/pages/TimeTracker/Login.page b/demos/time-tracker/protected/pages/TimeTracker/Login.page index dbc16de1..3109b4c5 100644 --- a/demos/time-tracker/protected/pages/TimeTracker/Login.page +++ b/demos/time-tracker/protected/pages/TimeTracker/Login.page @@ -34,5 +34,6 @@ </div>
<div class="create">
<a href="?page=TimeTracker.UserCreate">Create New User</a>
+ </div>
</fieldset>
</com:TContent>
\ No newline at end of file diff --git a/demos/time-tracker/protected/pages/TimeTracker/MainLayout.tpl b/demos/time-tracker/protected/pages/TimeTracker/MainLayout.tpl index 2d8bad44..915b2fb3 100644 --- a/demos/time-tracker/protected/pages/TimeTracker/MainLayout.tpl +++ b/demos/time-tracker/protected/pages/TimeTracker/MainLayout.tpl @@ -13,7 +13,7 @@ </h1>
<div class="minheading">
<h2 class="login">
- <com:TLabel CssClass="name" Text="Welcome <%= $this->User->Name %>" />
+ <com:TLabel CssClass="name" Text="Welcome <%= h($this->User->Name) %>" />
<com:THyperLink
Text="Login"
NavigateUrl=<%= $this->Service->constructUrl('TimeTracker.Login') %>
diff --git a/demos/time-tracker/protected/pages/TimeTracker/ReportProject.page b/demos/time-tracker/protected/pages/TimeTracker/ReportProject.page index 38c8d86d..5f961da4 100644 --- a/demos/time-tracker/protected/pages/TimeTracker/ReportProject.page +++ b/demos/time-tracker/protected/pages/TimeTracker/ReportProject.page @@ -22,9 +22,9 @@ <th>Est. Completion</th>
</tr>
<tr>
- <td><%# $this->DataItem->ProjectName %></td>
- <td><%# $this->DataItem->EstimateHours %></td>
- <td><%# $this->DataItem->ActualHours %></td>
+ <td><%# h($this->DataItem->ProjectName) %></td>
+ <td><%# h($this->DataItem->EstimateHours) %></td>
+ <td><%# h($this->DataItem->ActualHours) %></td>
<td>
<com:System.I18N.TDateFormat
Pattern="dd/MM/yyyy"
@@ -49,9 +49,9 @@ <th>Actual Hours</th>
</tr>
<tr>
- <td><%# $this->DataItem->CategoryName %></td>
- <td><%# $this->DataItem->EstimateHours %></td>
- <td><%# $this->DataItem->ActualHours %></td>
+ <td><%# h($this->DataItem->CategoryName) %></td>
+ <td><%# h($this->DataItem->EstimateHours) %></td>
+ <td><%# h($this->DataItem->ActualHours) %></td>
</tr>
@@ -60,10 +60,10 @@ <!-- member -->
<tr>
<td colspan="2">
- <%# $this->DataItem['username'] %>
+ <%# h($this->DataItem['username']) %>
</td>
<td>
- <%# $this->DataItem['hours'] %>
+ <%# h($this->DataItem['hours']) %>
</td>
</tr>
<!-- //member -->
diff --git a/demos/time-tracker/protected/pages/TimeTracker/ReportProject.php b/demos/time-tracker/protected/pages/TimeTracker/ReportProject.php index fea372be..fcb1c865 100644 --- a/demos/time-tracker/protected/pages/TimeTracker/ReportProject.php +++ b/demos/time-tracker/protected/pages/TimeTracker/ReportProject.php @@ -22,11 +22,17 @@ class ReportProject extends TPage public function generateReport_Clicked($sender, $param)
{
+ if(count($this->projectList->SelectedValues) > 0)
+ $this->showReport();
+ }
+
+ protected function showReport()
+ {
$reportDao = $this->Application->Modules['daos']->getDao('ReportDao');
$reports = $reportDao->getTimeReportsByProjectIDs($this->projectList->SelectedValues);
$this->views->ActiveViewIndex = 1;
$this->projects->DataSource = $reports;
- $this->projects->dataBind();
+ $this->projects->dataBind();
}
public function project_itemCreated($sender, $param)
diff --git a/demos/time-tracker/protected/pages/TimeTracker/ReportResource.page b/demos/time-tracker/protected/pages/TimeTracker/ReportResource.page index 5e112505..e72fd0f2 100644 --- a/demos/time-tracker/protected/pages/TimeTracker/ReportResource.page +++ b/demos/time-tracker/protected/pages/TimeTracker/ReportResource.page @@ -31,9 +31,9 @@ <com:TView>
<h3>Beginning Date</h3>
- <h4><%= $this->dateFrom->Date %></h4>
+ <h4><%= h($this->dateFrom->Date) %></h4>
<h3>Ending Date</h3>
- <h4><%= $this->dateTo->Date %></h4>
+ <h4><%= h($this->dateTo->Date) %></h4>
<com:TRepeater ID="resource_report" OnItemCreated="resource_report_itemCreated" EnableViewState="false">
<prop:ItemTemplate>
@@ -43,8 +43,8 @@ <th>Total Hours</th>
</tr>
<tr>
- <td><%# $this->DataItem->Username %></td>
- <td><%# $this->DataItem->TotalHours %></td>
+ <td><%# h($this->DataItem->Username) %></td>
+ <td><%# h($this->DataItem->TotalHours) %></td>
</tr>
</table>
@@ -68,10 +68,10 @@ Pattern="dd/MM/yyyy"
Value=<%# $this->DataItem->ReportDate %> />
</td>
- <td><%# $this->DataItem->ProjectName %></td>
- <td><%# $this->DataItem->CategoryName %></td>
- <td><%# $this->DataItem->Duration %></td>
- <td><%# $this->DataItem->Description %></td>
+ <td><%# h($this->DataItem->ProjectName) %></td>
+ <td><%# h($this->DataItem->CategoryName) %></td>
+ <td><%# h($this->DataItem->Duration) %></td>
+ <td><%# h($this->DataItem->Description) %></td>
</tr>
</prop:ItemTemplate>
</com:TRepeater>
diff --git a/demos/time-tracker/protected/pages/TimeTracker/ReportResource.php b/demos/time-tracker/protected/pages/TimeTracker/ReportResource.php index a233e127..03fc7115 100644 --- a/demos/time-tracker/protected/pages/TimeTracker/ReportResource.php +++ b/demos/time-tracker/protected/pages/TimeTracker/ReportResource.php @@ -34,6 +34,15 @@ class ReportResource extends TPage public function generateReport_Clicked($sender, $param)
{
+ if(count($this->projectList->SelectedValues) > 0
+ && count($this->resourceList->SelectedValues) >0)
+ {
+ $this->showReport();
+ }
+ }
+
+ protected function showReport()
+ {
$this->views->ActiveViewIndex = 1;
$reportDao = $this->Application->Modules['daos']->getDao('ReportDao');
$projects = $this->projectList->SelectedValues;
@@ -43,7 +52,7 @@ class ReportResource extends TPage $report = $reportDao->getUserProjectTimeReports($users, $projects, $start, $end);
$this->resource_report->DataSource = $report;
- $this->resource_report->dataBind();
+ $this->resource_report->dataBind();
}
public function resource_report_itemCreated($sender, $param)
diff --git a/demos/time-tracker/protected/pages/TimeTracker/SiteMap.tpl b/demos/time-tracker/protected/pages/TimeTracker/SiteMap.tpl index 5bea2811..0d79c1e2 100644 --- a/demos/time-tracker/protected/pages/TimeTracker/SiteMap.tpl +++ b/demos/time-tracker/protected/pages/TimeTracker/SiteMap.tpl @@ -5,14 +5,14 @@ </li>
<com:TPlaceHolder Visible=<%= $this->User->isInRole('manager') %> >
<li class="<com:TPlaceHolder ID="ReportMenu" />">
- <span class="menuitem">Reports</span>
+ <a class="menuitem" href="?page=TimeTracker.ReportProject">Reports</a>
<ul class="level2">
<li><a href="?page=TimeTracker.ReportProject">Project Reports</a></li>
<li><a href="?page=TimeTracker.ReportResource">Resources Report</a></li>
</ul>
</li>
<li class="<com:TPlaceHolder ID="ProjectMenu" />">
- <span class="menuitem">Projects</span>
+ <a class="menuitem" href="?page=TimeTracker.ProjectList">Projects</a>
<ul class="level2">
<li><a href="?page=TimeTracker.ProjectDetails">Create New Project</a></li>
<li><a href="?page=TimeTracker.ProjectList">List Projects</a></li>
@@ -21,7 +21,7 @@ </com:TPlaceHolder>
<com:TPlaceHolder Visible=<%= $this->User->isInRole('admin') %> >
<li class="<com:TPlaceHolder ID="AdminMenu" />">
- <span class="menuitem">Adminstration</span>
+ <a class="menuitem" href="?page=TimeTracker.UserList">Adminstration</a>
<ul class="level2">
<li><a href="?page=TimeTracker.UserCreate">Create New User</a></li>
<li><a href="?page=TimeTracker.UserList">List Users</a></li>
diff --git a/demos/time-tracker/protected/pages/TimeTracker/TimeEntryList.tpl b/demos/time-tracker/protected/pages/TimeTracker/TimeEntryList.tpl index ace8a95b..29f426ee 100644 --- a/demos/time-tracker/protected/pages/TimeTracker/TimeEntryList.tpl +++ b/demos/time-tracker/protected/pages/TimeTracker/TimeEntryList.tpl @@ -25,9 +25,9 @@ </prop:FooterTemplate>
<prop:ItemTemplate>
<tr>
- <td class="categoryName"><%# $this->DataItem->Category->Name %></td>
- <td class="description"><%# $this->DataItem->Description %></td>
- <td class="duration"><%# $this->DataItem->Duration %></td>
+ <td class="categoryName"><%# h($this->DataItem->Category->Name) %></td>
+ <td class="description"><%# h($this->DataItem->Description) %></td>
+ <td class="duration"><%# h($this->DataItem->Duration) %></td>
<td class="date">
<com:System.I18N.TDateFormat
Pattern="dd/MM/yyyy"
diff --git a/demos/time-tracker/protected/pages/TimeTracker/UserList.page b/demos/time-tracker/protected/pages/TimeTracker/UserList.page index 3696e1db..e1f69e7a 100644 --- a/demos/time-tracker/protected/pages/TimeTracker/UserList.page +++ b/demos/time-tracker/protected/pages/TimeTracker/UserList.page @@ -12,8 +12,8 @@ </tr>
</prop:HeaderTemplate>
<prop:ItemTemplate>
- <tr class="row0">
<td><%#$this->DataItem->Name %></td>
<td><%#$this->DataItem->EmailAddress %></td>
</tr>
</prop:ItemTemplate>
<prop:AlternatingItemTemplate>
<tr class="row1">
<td><%#$this->DataItem->Name %></td>
- <td><%#$this->DataItem->EmailAddress %></td>
+ <tr class="row0">
<td><%# h($this->DataItem->Name) %></td>
<td><%# h($this->DataItem->EmailAddress) %></td>
</tr>
</prop:ItemTemplate>
<prop:AlternatingItemTemplate>
<tr class="row1">
<td><%# h($this->DataItem->Name) %></td>
+ <td><%# h($this->DataItem->EmailAddress) %></td>
</tr>
</prop:AlternatingItemTemplate>
<prop:FooterTemplate>
</table>
</prop:FooterTemplate>
</com:TRepeater>
<div style="padding:1em">
|