Fixed some problems where special characters could be used where they shouldn't be. Also fixed a couple of template inconsistencies.

2002-11-04 04:30:21 +00:00 · 2002-11-04 04:30:21 +00:00 · 4d3c8cc5a3
commit 4d3c8cc5a3
parent 6e9f024c3f
6 changed files with 74 additions and 66 deletions
--- a/docs/upgrades/upgrade_4.6.9-4.7.0.sql
+++ b/docs/upgrades/upgrade_4.6.9-4.7.0.sql
--- a/lib/WebGUI/Discussion.pm
+++ b/lib/WebGUI/Discussion.pm
@ -180,7 +180,7 @@ sub deleteMessageConfirm {
 #-------------------------------------------------------------------
 sub formatHeader {
 	my ($output, $subject);
-	$subject = formatSubject($_[0]);
+	$subject = $_[0];
 	if ($_[5] ne "") {
 		$subject = '<a href="'.$_[5].'">'.$subject.'</a>';
 	}
@ -204,14 +204,6 @@ sub formatMessage {
        return $output;
 }

-#-------------------------------------------------------------------
-sub formatSubject {
-        my $output;
-        $output = $_[0];
-        $output = WebGUI::HTML::filter($output,'all');
-        return $output;
-}
-
 #-------------------------------------------------------------------
 sub getMessage {
 	my (%message);
@ -239,7 +231,7 @@ sub post {
 			'',$message{status})
 			.'<p>'.formatMessage($message{message});
 		$message{message} = "";
-		$message{subject} = formatSubject("Re: ".$message{subject}) unless ($message{subject} =~ /^Re:/);
+		$message{subject} = "Re: ".$message{subject} unless ($message{subject} =~ /^Re:/);
 		$session{form}{mid} = "new";
 		$f->hidden("replyTo",$session{form}{replyTo});
       		if ($session{user}{userId} == 1) {
@ -256,7 +248,6 @@ sub post {
 		$footer = formatHeader($message{subject},$message{userId},$message{username},$message{dateOfPost},$message{views},
 			'',$message{status})
 			.'<p>'.formatMessage($message{message});
-		$message{subject} = formatSubject($message{subject});
 	}
       	$f->hidden("func","postSave");
        $f->hidden("wid",$session{form}{wid});
@ -276,7 +267,9 @@ sub postSave {
 	my ($u, $rid, $status, $username, $pid);
        if ($session{form}{subject} eq "") {
        	$session{form}{subject} = WebGUI::International::get(232);
-        }
+        } else {
+		$session{form}{subject} = WebGUI::HTML::filter($session{form}{subject},'all');
+	}
 	if ($session{form}{message} eq "") {
              		$session{form}{subject} .= ' '.WebGUI::International::get(233);
        }
--- a/lib/WebGUI/Operation/Account.pm
+++ b/lib/WebGUI/Operation/Account.pm
@ -96,6 +96,9 @@ sub _hasBadUsername {
 	if ($_[0] eq "") {
 		$error .= '<li>'.WebGUI::International::get(725);
 	}
+	unless ($_[0] =~ /^[A-Za-z0-9\-\_\.\,\@]+$/) {
+		$error .= '<li>'.WebGUI::International::get(747);
+	}
 	($otherUser) = WebGUI::SQL->quickArray("select username from users where username='$_[0]'");
 	if ($otherUser ne "" && $otherUser ne $session{user}{username}) {
 		$error .= '<li>'.WebGUI::International::get(77).' "'.$_[0].'too", "'.$_[0].'2", '
--- a/lib/WebGUI/Wobject/FAQ.pm
+++ b/lib/WebGUI/Wobject/FAQ.pm
@ -177,7 +177,7 @@ sub www_moveQuestionUp {

 #-------------------------------------------------------------------
 sub www_view {
-	my (%question, $controls, $sth, %var, @qa, @toc);
+	my (%question, $controls, $sth, %var, @qa);
 	tie %question,'Tie::CPHash';
 	if ($session{var}{adminOn}) {
 		$var{addquestion} .= '<a href="'.WebGUI::URL::page('func=editQuestion&wid='.$_[0]->get("wobjectId")).'">'
@ -185,10 +185,6 @@ sub www_view {
 	}
 	$sth = WebGUI::SQL->read("select * from FAQ_question where wobjectId=".$_[0]->get("wobjectId")." order by sequenceNumber");
 	while (%question = $sth->hash) {
-		push(@toc,{
-			questionId=>$question{FAQ_questionId},
-			question=>$question{question}
-			});
 		if ($session{var}{adminOn}) {
 			$controls = deleteIcon('func=deleteQuestion&wid='.$_[0]->get("wobjectId").'&qid='.$question{FAQ_questionId})
 				.editIcon('func=editQuestion&wid='.$_[0]->get("wobjectId").'&qid='.$question{FAQ_questionId})
@ -197,14 +193,13 @@ sub www_view {
 				.' ';
 		}
                push(@qa,{
-                        questionId=>$question{FAQ_questionId},
-                        answer=>$question{answer},
-			question=>$question{question},
-			controls=>$controls
+                        "qa.Id"=>$question{FAQ_questionId},
+                        "qa.answer"=>$question{answer},
+			"qa.question"=>$question{question},
+			"qa.controls"=>$controls
                        });
 	}
 	$sth->finish;
-	$var{toc_loop} = \@toc;
 	$var{qa_loop} = \@qa;
 	return $_[0]->processMacros($_[0]->displayTitle.$_[0]->processTemplate($_[0]->get("templateId"),\%var));
 }
--- a/lib/WebGUI/Wobject/MessageBoard.pm
+++ b/lib/WebGUI/Wobject/MessageBoard.pm
@ -110,7 +110,6 @@ sub www_view {
 		from discussion where wobjectId=".$_[0]->get("wobjectId")." and pid=0 
 		and (status='Approved' or userId=$session{user}{userId}) order by messageId desc");
 	while (%data = $sth->hash) {
-		$data{subject} = WebGUI::Discussion::formatSubject($data{subject});
 		if ($i >= ($_[0]->get("messagesPerPage")*$pn) && $i < ($_[0]->get("messagesPerPage")*($pn+1))) {
 			@last = WebGUI::SQL->quickArray("select messageId,dateOfPost,username,subject,userId 
 				from discussion where wobjectId=".$_[0]->get("wobjectId")." and rid=$data{messageId} 
--- a/lib/WebGUI/Wobject/Product.pm
+++ b/lib/WebGUI/Wobject/Product.pm
@ -510,44 +510,41 @@ sub www_view {
 	#---brochure
        if ($_[0]->get("brochure")) {
                $file = WebGUI::Attachment->new($_[0]->get("brochure"),$_[0]->get("wobjectId"));
-                $var{brochure} = '<a href="'.$file->getURL.'"><img src="'.$file->getIcon.'" border=0 align="absmiddle"> '
-			.WebGUI::International::get(13,$namespace).'</a>';
-		$var{brochureURL} = $file->getURL;
+                $var{"brochure.icon"} = $file->getIcon;
+		$var{"brochure.label"} = WebGUI::International::get(13,$namespace);
+		$var{"brochure.URL"} = $file->getURL;
        }
 	#---manual
        if ($_[0]->get("manual")) {
                $file = WebGUI::Attachment->new($_[0]->get("manual"),$_[0]->get("wobjectId"));
-                $var{manual} = '<a href="'.$file->getURL.'"><img src="'.$file->getIcon.'" border=0 align="absmiddle"> '
-			.WebGUI::International::get(14,$namespace).'</a>';
-		$var{manualURL} = $file->getURL;
+                $var{"manual.icon"} = $file->getIcon;
+		$var{"manual.label"} = WebGUI::International::get(14,$namespace);
+		$var{"manual.URL"} = $file->getURL;
        }
 	#---warranty
        if ($_[0]->get("warranty")) {
                $file = WebGUI::Attachment->new($_[0]->get("warranty"),$_[0]->get("wobjectId"));
-                $var{warranty} = '<a href="'.$file->getURL.'"><img src="'.$file->getIcon.'" border=0 align="absmiddle"> '
-			.WebGUI::International::get(15,$namespace).'</a>';
-		$var{warrantyURL} = $file->getURL;
+                $var{"warranty.icon"} = $file->getIcon;
+		$var{"warranty.label"} = WebGUI::International::get(15,$namespace);
+		$var{"warranty.URL"} = $file->getURL;
        }
 	#---image1
        if ($_[0]->get("image1")) {
                $file = WebGUI::Attachment->new($_[0]->get("image1"),$_[0]->get("wobjectId"));
-                $var{image1} = '<img src="'.$file->getURL.'" border=0>';
-                $var{image1thumbnail} = '<a href="'.$file->getURL.'"><img src="'.$file->getThumbnail.'" border=0></a>';
-		$var{image1url} = $file->getURL;
+                $var{thumbnail1} = $file->getThumbnail;
+		$var{image1} = $file->getURL;
        }
 	#---image2
        if ($_[0]->get("image2")) {
                $file = WebGUI::Attachment->new($_[0]->get("image2"),$_[0]->get("wobjectId"));
-                $var{image2} = '<img src="'.$file->getURL.'" border=0>';
-                $var{image2thumbnail} = '<a href="'.$file->getURL.'"><img src="'.$file->getThumbnail.'" border=0></a>';
-		$var{image2url} = $file->getURL;
+                $var{thumbnail2} = $file->getThumbnail;
+		$var{image2} = $file->getURL;
        }
 	#---image3
        if ($_[0]->get("image3")) {
                $file = WebGUI::Attachment->new($_[0]->get("image3"),$_[0]->get("wobjectId"));
-                $var{image3} = '<img src="'.$file->getURL.'" border=0>';
-                $var{image3thumbnail} = '<a href="'.$file->getURL.'"><img src="'.$file->getThumbnail.'" border=0></a>';
-                $var{image3url} = $file->getURL;
+                $var{thumbnail3} = $file->getThumbnail;
+                $var{image3} = $file->getURL;
        }

 	#---features 
@ -564,7 +561,10 @@ sub www_view {
                                .moveUpIcon('func=moveFeatureUp&wid='.$_[0]->get("wobjectId").'&fid='.$data{Product_featureId})
                                .moveDownIcon('func=moveFeatureDown&wid='.$_[0]->get("wobjectId").'&fid='.$data{Product_featureId});
                }
-		push(@featureloop,{feature=>$data{feature},featureId=>$data{Product_featureId},controls=>$segment});
+		push(@featureloop,{
+			"feature.feature"=>$data{feature},
+			"feature.controls"=>$segment
+			});
        }
        $sth->finish;
 	$var{feature_loop} = \@featureloop;
@ -583,7 +583,10 @@ sub www_view {
                                .moveUpIcon('func=moveBenefitUp&wid='.$_[0]->get("wobjectId").'&bid='.$data{Product_benefitId})
                                .moveDownIcon('func=moveBenefitDown&wid='.$_[0]->get("wobjectId").'&bid='.$data{Product_benefitId});
                }
-		push(@benefitloop,{benefit=>$data{benefit},benefitId=>$data{Product_benefitId},controls=>$segment});
+		push(@benefitloop,{
+			"benefit.benefit"=>$data{benefit},
+			"benefit.controls"=>$segment
+			});
        }
        $sth->finish;
 	$var{benefit_loop} = \@benefitloop;
@ -602,8 +605,12 @@ sub www_view {
                                .moveUpIcon('func=moveSpecificationUp&wid='.$_[0]->get("wobjectId").'&sid='.$data{Product_specificationId})
                                .moveDownIcon('func=moveSpecificationDown&wid='.$_[0]->get("wobjectId").'&sid='.$data{Product_specificationId});
                }
-		push(@specificationloop,{specificationId=>$data{Product_specificationId},
-			controls=>$segment,specification=>$data{value},units=>$data{units},label=>$data{name}});
+		push(@specificationloop,{
+			"specification.controls"=>$segment,
+			"specification.specification"=>$data{value},
+			"specification.units"=>$data{units},
+			"specification.label"=>$data{name}
+			});
        }
        $sth->finish;
 	$var{specification_loop} = \@specificationloop;
@ -624,9 +631,11 @@ sub www_view {
                                .moveUpIcon('func=moveAccessoryUp&wid='.$_[0]->get("wobjectId").'&aid='.$data{accessoryWobjectId})
                                .moveDownIcon('func=moveAccessoryDown&wid='.$_[0]->get("wobjectId").'&aid='.$data{accessoryWobjectId});
                }
-		push(@accessoryloop,{URL=>WebGUI::URL::gateway($data{urlizedTitle}),title=>$data{title},
-			accessory=>'<a href="'.WebGUI::URL::gateway($data{urlizedTitle}).'">'.$data{title}.'</a>',
-			controls=>$segment});
+		push(@accessoryloop,{
+			"accessory.URL"=>WebGUI::URL::gateway($data{urlizedTitle}),
+			"accessory.title"=>$data{title},
+			"accessory.controls"=>$segment
+			});
        }
        $sth->finish;
 	$var{accessory_loop} = \@accessoryloop;
@ -648,9 +657,11 @@ sub www_view {
                                .moveDownIcon('func=moveRelatedDown&wid='.$_[0]->get("wobjectId").'&rid='.$data{relatedWobjectId});
                }
                $segment .= '&middot;<a href="'.WebGUI::URL::gateway($data{urlizedTitle}).'">'.$data{title}.'</a><br>';
-                push(@relatedloop,{URL=>WebGUI::URL::gateway($data{urlizedTitle}),title=>$data{title},
-                        specification=>'<a href="'.WebGUI::URL::gateway($data{urlizedTitle}).'">'.$data{title}.'</a>',
-                        controls=>$segment});
+                push(@relatedloop,{
+			"relatedproduct.URL"=>WebGUI::URL::gateway($data{urlizedTitle}),
+			"relatedproduct.title"=>$data{title},
+                        "relatedproduct.controls"=>$segment
+			});
        }
        $sth->finish;
 	$var{relatedproduct_loop} = \@relatedloop;