Added htmlspecialchars() filter where needed in edit course request forms

62e23c98 · Tim Steiner · ce87d5ef · 62e23c98 · 62e23c98 · 62e23c98
Commit 62e23c98 authored 18 years ago by Tim Steiner
--- a/application/views/request/course_id.xhtml
+++ b/application/views/request/course_id.xhtml
 <fieldset class="two_column">
    <label>
        <h2>Subject</h2>
-        <input type="text" name="subject" value="<?php echo htmlentities($this->course->subject); ?>" />
+        <input type="text" name="subject" value="<?php echo htmlspecialchars($this->course->subject); ?>" />
    </label>
    <label>
        <h2>Course Number</h2>
-        <input type="text" name="courseNumber" value="<?php echo htmlentities($this->course->courseNumber); ?>" />
+        <input type="text" name="courseNumber" value="<?php echo htmlspecialchars($this->course->courseNumber); ?>" />
    </label>
    <label>
        <h2>Alpha Suffix (opt.)</h2>
-        <input type="text" name="courseLetter" value="<?php echo htmlentities($this->course->courseLetter); ?>" />
+        <input type="text" name="courseLetter" value="<?php echo htmlspecialchars($this->course->courseLetter); ?>" />
    </label>
    <label>
        <h2>Title</h2>
-        <input type="text" name="title" value="<?php echo htmlentities($this->course->title); ?>" />
+        <input type="text" name="title" value="<?php echo htmlspecialchars($this->course->title); ?>" />
    </label>
 </fieldset>

 <fieldset>
    <label>
        <h2>Prerequisites (text)</h2>
-        <textarea name="prerequisite" class="mceEditor"><?php echo $this->course->prerequisite; ?></textarea>
+        <textarea name="prerequisite" class="mceEditor"><?php echo htmlspecialchars($this->course->prerequisite); ?></textarea>
    </label>
 </fieldset>
\ No newline at end of file
--- a/application/views/request/graduate_tie_in.xhtml
+++ b/application/views/request/graduate_tie_in.xhtml
 <fieldset>
    <label>
        <h2>Notes (will appear in italics)</h2>
-        <textarea name="notes" class="mceEditor"><?php echo $this->course->notes; ?></textarea>
+        <textarea name="notes" class="mceEditor"><?php echo htmlspecialchars($this->course->notes); ?></textarea>
    </label>
    <label>
        <h2>Description</h2>
-        <textarea name="description" class="mceEditor"><?php echo $this->course->description; ?></textarea>
+        <textarea name="description" class="mceEditor"><?php echo htmlspecialchars($this->course->description); ?></textarea>
    </label>
 </fieldset>

@@ -14,18 +14,18 @@
    <h2>Graduate Tie-in</h2>
    <label>
        <h3>Credits</h3>
-        <input type="text" name="gradTieIn[credits]" value ="<?php echo $this->course->gradTieIn->credits; ?>" />
+        <input type="text" name="gradTieIn[credits]" value ="<?php echo htmlspecialchars($this->course->gradTieIn->credits); ?>" />
    </label>
    <label>
        <h3>Notes</h3>
-        <textarea name="gradTieIn[notes]" class="mceEditor"><?php echo $this->course->gradTieIn->notes; ?></textarea>
+        <textarea name="gradTieIn[notes]" class="mceEditor"><?php echo htmlspecialchars($this->course->gradTieIn->notes); ?></textarea>
    </label>
 </fieldset>

 <fieldset>
    <label>
        <h2>Prerequisites (text)</h2>
-        <textarea name="gradTieIn[prerequisites]" class="mceEditor"><?php echo $this->course->gradTieIn->prerequisites; ?></textarea>
+        <textarea name="gradTieIn[prerequisites]" class="mceEditor"><?php echo htmlspecialchars($this->course->gradTieIn->prerequisites); ?></textarea>
    </label>
 </fieldset>


--- a/application/views/request/supportive_material.xhtml
+++ b/application/views/request/supportive_material.xhtml
 <fieldset>
    <label>
        <h2>Justification</h2>
-        <textarea name="request[justification]" class="mceEditor"><?php echo $this->request->justification; ?></textarea>
+        <textarea name="request[justification]" class="mceEditor"><?php echo htmlspecialchars($this->request->justification); ?></textarea>
    </label>
 </fieldset>

 <fieldset>
    <label>
        <h2>Syllabus</h2>
-        <?php echo $this->request->getFileByType(RequestFile::SYLLABUS_TYPE)->title; ?>
+        <?php echo htmlspecialchars($this->request->getFileByType(RequestFile::SYLLABUS_TYPE)->title); ?>
        <input type="file" name="request[<?php echo RequestFile::SYLLABUS_TYPE; ?>]" />
    </label>
    <label>
@@ -21,7 +21,7 @@
 <fieldset>
    <label>
        <h2>Crosslist Memo</h2>
-        <?php echo $this->request->getFileByType(RequestFile::CROSSLIST_MEMO_TYPE)->title; ?>
+        <?php echo htmlspecialchars($this->request->getFileByType(RequestFile::CROSSLIST_MEMO_TYPE)->title); ?>
        <input type="file" name="request[<?php echo RequestFile::CROSSLIST_MEMO_TYPE; ?>]" />
    </label>
    <label>
@@ -35,7 +35,7 @@
 <fieldset>
    <label>
        <h2>IS Narrative Documentation</h2>
-        <?php echo $this->request->getFileByType(RequestFile::IS_NARRATIVE_TYPE)->title; ?>
+        <?php echo htmlspecialchars($this->request->getFileByType(RequestFile::IS_NARRATIVE_TYPE)->title); ?>
        <input type="file" name="request[<?php echo RequestFile::IS_NARRATIVE_TYPE; ?>]" />
    </label>
    <label>