5f85fcd863
I reviewed character escaping everywhere with the following ideas: * use a single common function to escape user data: `escape` using `htmlspecialchars`. * sanitize fields in `index.php` after reading them from datastore and before sending them to templates. It means no escaping function in Twig templates. 2 reasons: * it reduces risks of security issue for future user made templates * more readable templates * sanitize user configuration fields after loading them.
62 lines
3 KiB
HTML
62 lines
3 KiB
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<head>{include="includes"}</head>
|
|
<body>
|
|
<div id="pageheader">{include="page.header"}</div>
|
|
<div class="daily">
|
|
<div class="dailyAbout">
|
|
All links of one day<br>in a single page.<br>
|
|
{if="$previousday"} <a href="?do=daily&day={$previousday}"><b><</b>Previous day</a>{else}<b><</b>Previous day{/if}
|
|
-
|
|
{if="$nextday"}<a href="?do=daily&day={$nextday}">Next day<b>></b></a>{else}Next day<b>></b>{/if}
|
|
<br><br>
|
|
<a href="?do=dailyrss" title="1 RSS entry per day"><img src="images/feed-icon-14x14.png#" alt="rss_feed">Daily RSS Feed</a>
|
|
</div>
|
|
<div class="dailyTitle"><img src="../images/floral_left.png" width="51" height="50" class="nomobile" alt="floral_left"> The Daily Shaarli <img src="../images/floral_right.png" width="51" height="50" class="nomobile" alt="floral_right"></div>
|
|
<div class="dailyDate"><span class="nomobile">———————————</span> {function="strftime('%A %d, %B %Y', $day)"} <span class="nomobile">———————————</span></div>
|
|
<div class="clear"></div>
|
|
|
|
{if="$linksToDisplay"}
|
|
{loop="cols"}
|
|
{if="isset($value[0])"}
|
|
<div id="daily_col{$counter+1}">
|
|
{loop="value"}
|
|
{$link=$value}
|
|
<div class="dailyEntry">
|
|
<div class="dailyEntryPermalink">
|
|
<a href="?{$link.linkdate|smallHash}">
|
|
<img src="../images/squiggle2.png" width="25" height="26" title="permalink" alt="permalink">
|
|
</a>
|
|
</div>
|
|
{if="!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()"}
|
|
<div class="dailyEntryLinkdate">
|
|
<a href="?{$link.linkdate|smallHash}">{function="strftime('%c', $link.timestamp)"}</a>
|
|
</div>
|
|
{/if}
|
|
{if="$link.tags"}
|
|
<div class="dailyEntryTags">
|
|
{loop="link.taglist"}
|
|
{$value} -
|
|
{/loop}
|
|
</div>
|
|
{/if}
|
|
<div class="dailyEntryTitle">
|
|
<a href="{$link.url}">{$link.title}</a>
|
|
</div>
|
|
{if="$link.thumbnail"}
|
|
<div class="dailyEntryThumbnail">{$link.thumbnail}</div>
|
|
{/if}
|
|
<div class="dailyEntryDescription">{$link.formatedDescription}</div>
|
|
</div>
|
|
{/loop}
|
|
</div>
|
|
{/if}
|
|
{/loop}
|
|
{else}
|
|
<div class="dailyNoEntry">No articles on this day.</div>
|
|
{/if}
|
|
<div id="closing"><img src="../images/squiggle_closing.png" width="66" height="61" alt="-"></div>
|
|
</div>
|
|
{include="page.footer"}
|
|
</body>
|
|
</html>
|