From fbf05a159bc1a688940c16dc304eaaf140188b01 Mon Sep 17 00:00:00 2001
From: wei <>
Date: Fri, 28 Jul 2006 07:56:03 +0000
Subject: Time-Tracker Demo: Escape html entities in output.

---
 demos/time-tracker/index.php                             |  7 +++++++
 .../protected/pages/TimeTracker/CategoryDataList.tpl     |  6 +++---
 .../time-tracker/protected/pages/TimeTracker/Login.page  |  1 +
 .../protected/pages/TimeTracker/MainLayout.tpl           |  2 +-
 .../protected/pages/TimeTracker/ReportProject.page       | 16 ++++++++--------
 .../protected/pages/TimeTracker/ReportProject.php        |  8 +++++++-
 .../protected/pages/TimeTracker/ReportResource.page      | 16 ++++++++--------
 .../protected/pages/TimeTracker/ReportResource.php       | 11 ++++++++++-
 .../time-tracker/protected/pages/TimeTracker/SiteMap.tpl |  6 +++---
 .../protected/pages/TimeTracker/TimeEntryList.tpl        |  6 +++---
 .../protected/pages/TimeTracker/UserList.page            |  4 ++--
 11 files changed, 53 insertions(+), 30 deletions(-)

diff --git a/demos/time-tracker/index.php b/demos/time-tracker/index.php
index 0f8f412a..69e6b5c5 100644
--- a/demos/time-tracker/index.php
+++ b/demos/time-tracker/index.php
@@ -14,6 +14,13 @@ if(!is_writable($runtimePath))
 
 require_once($frameworkPath);
 
+function h($text)
+{
+	$app = Prado::getApplication()->getGlobalization();
+	$charset = $app ? $app->getCharset() : 'UTF-8';
+	return htmlentities($text, ENT_QUOTES, $charset);
+}
+
 $application=new TApplication;
 $application->run();
 
diff --git a/demos/time-tracker/protected/pages/TimeTracker/CategoryDataList.tpl b/demos/time-tracker/protected/pages/TimeTracker/CategoryDataList.tpl
index 7a19dadb..0b62300c 100644
--- a/demos/time-tracker/protected/pages/TimeTracker/CategoryDataList.tpl
+++ b/demos/time-tracker/protected/pages/TimeTracker/CategoryDataList.tpl
@@ -16,9 +16,9 @@
 
 	<prop:ItemTemplate>
 	  <tr>
-	  	<td class="categoryName"><%# $this->DataItem->Name %></td>
-	  	<td class="abbrev"><%# $this->DataItem->Abbreviation %></td>
-	  	<td class="duration"><%# $this->DataItem->EstimateDuration %></td>
+	  	<td class="categoryName"><%# h($this->DataItem->Name) %></td>
+	  	<td class="abbrev"><%# h($this->DataItem->Abbreviation) %></td>
+	  	<td class="duration"><%# h($this->DataItem->EstimateDuration) %></td>
 	  	<td class="edit">
 	  		<com:TButton Text="Edit" CommandName="edit"/>	  			
 	  		<com:TButton Text="Delete" CommandName="delete"
diff --git a/demos/time-tracker/protected/pages/TimeTracker/Login.page b/demos/time-tracker/protected/pages/TimeTracker/Login.page
index dbc16de1..3109b4c5 100644
--- a/demos/time-tracker/protected/pages/TimeTracker/Login.page
+++ b/demos/time-tracker/protected/pages/TimeTracker/Login.page
@@ -34,5 +34,6 @@
   </div>
   <div class="create">
   	<a href="?page=TimeTracker.UserCreate">Create New User</a>
+  </div>
  </fieldset>
  </com:TContent>
\ No newline at end of file
diff --git a/demos/time-tracker/protected/pages/TimeTracker/MainLayout.tpl b/demos/time-tracker/protected/pages/TimeTracker/MainLayout.tpl
index 2d8bad44..915b2fb3 100644
--- a/demos/time-tracker/protected/pages/TimeTracker/MainLayout.tpl
+++ b/demos/time-tracker/protected/pages/TimeTracker/MainLayout.tpl
@@ -13,7 +13,7 @@
 </h1>
 <div class="minheading">
 <h2 class="login">
-	<com:TLabel CssClass="name" Text="Welcome <%= $this->User->Name %>" />
+	<com:TLabel CssClass="name" Text="Welcome <%= h($this->User->Name) %>" />
 	<com:THyperLink 
 		Text="Login"
 		NavigateUrl=<%= $this->Service->constructUrl('TimeTracker.Login') %>
diff --git a/demos/time-tracker/protected/pages/TimeTracker/ReportProject.page b/demos/time-tracker/protected/pages/TimeTracker/ReportProject.page
index 38c8d86d..5f961da4 100644
--- a/demos/time-tracker/protected/pages/TimeTracker/ReportProject.page
+++ b/demos/time-tracker/protected/pages/TimeTracker/ReportProject.page
@@ -22,9 +22,9 @@
 					<th>Est. Completion</th>
 				</tr>
 				<tr>
-					<td><%# $this->DataItem->ProjectName %></td>
-					<td><%# $this->DataItem->EstimateHours %></td>
-					<td><%# $this->DataItem->ActualHours %></td>
+					<td><%# h($this->DataItem->ProjectName) %></td>
+					<td><%# h($this->DataItem->EstimateHours) %></td>
+					<td><%# h($this->DataItem->ActualHours) %></td>
 					<td>
 						<com:System.I18N.TDateFormat 
 							Pattern="dd/MM/yyyy"
@@ -49,9 +49,9 @@
 					<th>Actual Hours</th>
 					</tr>
 					<tr>
-						<td><%# $this->DataItem->CategoryName %></td>
-						<td><%# $this->DataItem->EstimateHours %></td>
-						<td><%# $this->DataItem->ActualHours %></td>
+						<td><%# h($this->DataItem->CategoryName) %></td>
+						<td><%# h($this->DataItem->EstimateHours) %></td>
+						<td><%# h($this->DataItem->ActualHours) %></td>
 					</tr>
 					
 					
@@ -60,10 +60,10 @@
 					<!-- member -->				
 						<tr>
 							<td colspan="2">
-							<%# $this->DataItem['username'] %>
+							<%# h($this->DataItem['username']) %>
 						</td>
 						<td>
-							<%# $this->DataItem['hours'] %>
+							<%# h($this->DataItem['hours']) %>
 						</td>
 						</tr>
 					<!-- //member -->
diff --git a/demos/time-tracker/protected/pages/TimeTracker/ReportProject.php b/demos/time-tracker/protected/pages/TimeTracker/ReportProject.php
index fea372be..fcb1c865 100644
--- a/demos/time-tracker/protected/pages/TimeTracker/ReportProject.php
+++ b/demos/time-tracker/protected/pages/TimeTracker/ReportProject.php
@@ -21,12 +21,18 @@ class ReportProject extends TPage
 	}
 	
 	public function generateReport_Clicked($sender, $param)
+	{
+		if(count($this->projectList->SelectedValues) > 0)
+			$this->showReport();
+	}
+	
+	protected function showReport()
 	{
 		$reportDao = $this->Application->Modules['daos']->getDao('ReportDao');
 		$reports = $reportDao->getTimeReportsByProjectIDs($this->projectList->SelectedValues);
 		$this->views->ActiveViewIndex = 1;
 		$this->projects->DataSource = $reports;
-		$this->projects->dataBind();
+		$this->projects->dataBind();		
 	}
 	
 	public function project_itemCreated($sender, $param)
diff --git a/demos/time-tracker/protected/pages/TimeTracker/ReportResource.page b/demos/time-tracker/protected/pages/TimeTracker/ReportResource.page
index 5e112505..e72fd0f2 100644
--- a/demos/time-tracker/protected/pages/TimeTracker/ReportResource.page
+++ b/demos/time-tracker/protected/pages/TimeTracker/ReportResource.page
@@ -31,9 +31,9 @@
 	
 	<com:TView>
 		 <h3>Beginning Date</h3>
-		 <h4><%= $this->dateFrom->Date %></h4> 	 
+		 <h4><%= h($this->dateFrom->Date) %></h4> 	 
 		 <h3>Ending Date</h3>
-		 <h4><%= $this->dateTo->Date %></h4>
+		 <h4><%= h($this->dateTo->Date) %></h4>
 		 
 		 <com:TRepeater ID="resource_report" OnItemCreated="resource_report_itemCreated" EnableViewState="false">
 		 	<prop:ItemTemplate>
@@ -43,8 +43,8 @@
 		 			<th>Total Hours</th>
 		 		</tr>
 		 		<tr>
-		 			<td><%# $this->DataItem->Username %></td>
-		 			<td><%# $this->DataItem->TotalHours %></td>
+		 			<td><%# h($this->DataItem->Username) %></td>
+		 			<td><%# h($this->DataItem->TotalHours) %></td>
 		 		</tr>
 		 	</table>
 		 	
@@ -68,10 +68,10 @@
 							Pattern="dd/MM/yyyy"
 							Value=<%# $this->DataItem->ReportDate %> />
 				</td>
-		 		<td><%# $this->DataItem->ProjectName %></td>
-		 		<td><%# $this->DataItem->CategoryName %></td>
-		 		<td><%# $this->DataItem->Duration %></td>
-		 		<td><%# $this->DataItem->Description %></td>
+		 		<td><%# h($this->DataItem->ProjectName) %></td>
+		 		<td><%# h($this->DataItem->CategoryName) %></td>
+		 		<td><%# h($this->DataItem->Duration) %></td>
+		 		<td><%# h($this->DataItem->Description) %></td>
 		 	</tr>
 		 	</prop:ItemTemplate>
 		 	</com:TRepeater>
diff --git a/demos/time-tracker/protected/pages/TimeTracker/ReportResource.php b/demos/time-tracker/protected/pages/TimeTracker/ReportResource.php
index a233e127..03fc7115 100644
--- a/demos/time-tracker/protected/pages/TimeTracker/ReportResource.php
+++ b/demos/time-tracker/protected/pages/TimeTracker/ReportResource.php
@@ -33,6 +33,15 @@ class ReportResource extends TPage
 	}	
 	
 	public function generateReport_Clicked($sender, $param)
+	{
+		if(count($this->projectList->SelectedValues) > 0
+			&& count($this->resourceList->SelectedValues) >0)
+		{
+			$this->showReport();
+		}
+	}
+
+	protected function showReport()
 	{
 		$this->views->ActiveViewIndex = 1;
 		$reportDao = $this->Application->Modules['daos']->getDao('ReportDao');
@@ -43,7 +52,7 @@ class ReportResource extends TPage
 		
 		$report = $reportDao->getUserProjectTimeReports($users, $projects, $start, $end);
 		$this->resource_report->DataSource = $report;
-		$this->resource_report->dataBind();
+		$this->resource_report->dataBind();		
 	}
 	
 	public function resource_report_itemCreated($sender, $param)
diff --git a/demos/time-tracker/protected/pages/TimeTracker/SiteMap.tpl b/demos/time-tracker/protected/pages/TimeTracker/SiteMap.tpl
index 5bea2811..0d79c1e2 100644
--- a/demos/time-tracker/protected/pages/TimeTracker/SiteMap.tpl
+++ b/demos/time-tracker/protected/pages/TimeTracker/SiteMap.tpl
@@ -5,14 +5,14 @@
 	</li>
 	<com:TPlaceHolder Visible=<%= $this->User->isInRole('manager') %> >
 	<li class="<com:TPlaceHolder ID="ReportMenu" />">
-		<span class="menuitem">Reports</span>
+		<a class="menuitem" href="?page=TimeTracker.ReportProject">Reports</a>
 		<ul class="level2">
 			<li><a href="?page=TimeTracker.ReportProject">Project Reports</a></li>
 			<li><a href="?page=TimeTracker.ReportResource">Resources Report</a></li>
 		</ul>
 	</li>
 	<li class="<com:TPlaceHolder ID="ProjectMenu" />">
-		<span class="menuitem">Projects</span>
+		<a class="menuitem" href="?page=TimeTracker.ProjectList">Projects</a>
 		<ul class="level2">
 			<li><a href="?page=TimeTracker.ProjectDetails">Create New Project</a></li>
 			<li><a href="?page=TimeTracker.ProjectList">List Projects</a></li>
@@ -21,7 +21,7 @@
 	</com:TPlaceHolder>
 	<com:TPlaceHolder Visible=<%= $this->User->isInRole('admin') %> >
 	<li class="<com:TPlaceHolder ID="AdminMenu" />">
-		<span class="menuitem">Adminstration</span>
+		<a class="menuitem" href="?page=TimeTracker.UserList">Adminstration</a>
 		<ul class="level2">
 			<li><a href="?page=TimeTracker.UserCreate">Create New User</a></li>
 			<li><a href="?page=TimeTracker.UserList">List Users</a></li>
diff --git a/demos/time-tracker/protected/pages/TimeTracker/TimeEntryList.tpl b/demos/time-tracker/protected/pages/TimeTracker/TimeEntryList.tpl
index ace8a95b..29f426ee 100644
--- a/demos/time-tracker/protected/pages/TimeTracker/TimeEntryList.tpl
+++ b/demos/time-tracker/protected/pages/TimeTracker/TimeEntryList.tpl
@@ -25,9 +25,9 @@
 	</prop:FooterTemplate>
 	<prop:ItemTemplate>
 	  <tr>
-	  	<td class="categoryName"><%# $this->DataItem->Category->Name %></td>
-	  	<td class="description"><%# $this->DataItem->Description %></td>
-	  	<td class="duration"><%# $this->DataItem->Duration %></td>
+	  	<td class="categoryName"><%# h($this->DataItem->Category->Name) %></td>
+	  	<td class="description"><%# h($this->DataItem->Description) %></td>
+	  	<td class="duration"><%# h($this->DataItem->Duration) %></td>
 	  	<td class="date">
 	  		<com:System.I18N.TDateFormat 
 	  			Pattern="dd/MM/yyyy"
diff --git a/demos/time-tracker/protected/pages/TimeTracker/UserList.page b/demos/time-tracker/protected/pages/TimeTracker/UserList.page
index 3696e1db..e1f69e7a 100644
--- a/demos/time-tracker/protected/pages/TimeTracker/UserList.page
+++ b/demos/time-tracker/protected/pages/TimeTracker/UserList.page
@@ -12,8 +12,8 @@
 	</tr>
   </prop:HeaderTemplate>
   <prop:ItemTemplate>
-	<tr class="row0">
	<td><%#$this->DataItem->Name %></td>
	<td><%#$this->DataItem->EmailAddress %></td>
	</tr>
  </prop:ItemTemplate>
  <prop:AlternatingItemTemplate>
	<tr class="row1">
	<td><%#$this->DataItem->Name %></td>
-	<td><%#$this->DataItem->EmailAddress %></td>
+	<tr class="row0">
	<td><%# h($this->DataItem->Name) %></td>
	<td><%# h($this->DataItem->EmailAddress) %></td>
	</tr>
  </prop:ItemTemplate>
  <prop:AlternatingItemTemplate>
	<tr class="row1">
	<td><%# h($this->DataItem->Name) %></td>
+	<td><%# h($this->DataItem->EmailAddress) %></td>
 	</tr>
  </prop:AlternatingItemTemplate>
  <prop:FooterTemplate>
	</table>
  </prop:FooterTemplate>
 </com:TRepeater>
 <div style="padding:1em">
-- 
cgit v1.2.3