Knah-Tsaeb/MyShaarli
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
MyShaarli/tpl/linklist.html
ArthurHoaro 5f85fcd863 Working on shaarli/Shaarli#224 
I reviewed character escaping everywhere with the following ideas:

  * use a single common function to escape user data: `escape` using `htmlspecialchars`.
  * sanitize fields in `index.php` after reading them from datastore and before sending them to templates.
  	It means no escaping function in Twig templates.
    2 reasons:
    * it reduces risks of security issue for future user made templates
    * more readable templates
  * sanitize user configuration fields after loading them.
2015-06-23 16:35:36 +02:00

145 lines
6.1 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<link type="text/css" rel="stylesheet" href="../inc/awesomplete.css" />
{include="includes"}
</head>
<body>
<div id="pageheader">
{include="page.header"}
<div id="headerform" class="search">
<form method="GET" class="searchform" name="searchform">
<input type="text" tabindex="1" id="searchform_value" name="searchterm" placeholder="Search text" value=""> <input type="submit" value="Search" class="bigbutton"></form>
<form method="GET" class="tagfilter" name="tagfilter">
<input type="text" tabindex="2" name="searchtags" id="tagfilter_value" placeholder="Filter by tag" value="" list="tagsList" autocomplete="off" class="awesomplete" data-minChars="1">
<datalist id="tagsList">
{loop="$tags"}<option>{$key}</option>{/loop}
</datalist>
<input type="submit" value="Search" class="bigbutton">
</form>
</div>
</div>
<div id="linklist">
{include="linklist.paging"}
{if="count($links)==0"}
<div id="searchcriteria">Nothing found.</i></div>
{else}
{if="$search_type=='fulltext'"}
<div id="searchcriteria">{$result_count} results for <i>{$search_crits}</i></div>
{/if}
{if="$search_type=='tags'"}
<div id="searchcriteria">{$result_count} results for tags <i>
{loop="search_crits"}
<span class="linktag" title="Remove tag"><a href="?removetag={$value}">{$value} <span class="remove">x</span></a></span>
{/loop}</i></div>
{/if}
{/if}
<ul>
{loop="links"}
<li{if="$value.class"} class="{$value.class}"{/if}>
<a id="{$value.linkdate|smallHash}"></a>
<div class="thumbnail">{$value.url|thumbnail}</div>
<div class="linkcontainer">
{if="isLoggedIn()"}
<div class="linkeditbuttons">
<form method="GET" class="buttoneditform"><input type="hidden" name="edit_link" value="{$value.linkdate}"><input type="image" alt="Edit" src="images/edit_icon.png#" title="Edit" class="button_edit"></form><br>
<form method="POST" class="buttoneditform"><input type="hidden" name="lf_linkdate" value="{$value.linkdate}">
<input type="hidden" name="token" value="{$token}"><input type="hidden" name="delete_link"><input type="image" alt="Delete" src="images/delete_icon.png#" title="Delete" class="button_delete" onClick="return confirmDeleteLink();"></form>
</div>
{/if}
<span class="linktitle"><a href="{$redirector}{$value.url}">{$value.title}</a></span>
<br>
{if="$value.description"}<div class="linkdescription">{$value.description}</div>{/if}
{if="!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()"}
<span class="linkdate" title="Permalink"><a href="?{$value.linkdate|smallHash}">{function="strftime('%c', $value.timestamp)"} - permalink</a> - </span>
{else}
<span class="linkdate" title="Short link here"><a href="?{$value.linkdate|smallHash}">permalink</a> - </span>
{/if}
{if="$GLOBALS['config']['ARCHIVE_ORG']"}
<span class="linkarchive"><a href="https://web.archive.org/web/{$value.url}">archive</a> - </span>
{/if}
<div class="linkqrcode"><a href="http://qrfree.kaywa.com/?l=1&amp;s=8&amp;d={$scripturl|urlencode}%3F{$value.linkdate|smallHash}"
onclick="return showQrCode(this);" class="qrcode" data-permalink="{$scripturl}?{$value.linkdate|smallHash}">
<img src="images/qrcode.png#" alt="QR-Code" title="{function="strftime('%c', $value.timestamp)"}"></a></div> -
<a href="{$value.url}"><span class="linkurl" title="Short link">{$value.url}</span></a><br>
{if="$value.tags"}
<div class="linktaglist">
{loop="value.taglist"}<span class="linktag" title="Add tag"><a href="?addtag={$value|urlencode}">{$value}</a></span> {/loop}
</div>
{/if}
</div>
</li>
{/loop}
</ul>
{include="linklist.paging"}
</div>
{include="page.footer"}
<script>
// Remove any displayed QR-Code
function remove_qrcode()
{
var elem = document.getElementById("permalinkQrcode");
if (elem) elem.parentNode.removeChild(elem);
return false;
}
function isCanvasSupported(){
var elem = document.createElement('canvas');
return !!(elem.getContext && elem.getContext('2d'));
}
// Show the QR-Code of a permalink (when the QR-Code icon is clicked).
function showQrCode(caller,loading)
{
if( !isCanvasSupported() ) return true;
// Dynamic javascript lib loading: We only load qr.js if the QR code icon is clicked:
if (typeof(qr)=='undefined') // Load qr.js only if not present.
{
loading = typeof loading !== 'undefined' ? loading : false;
if (!loading) // If javascript lib is still loading, do not append script to body.
{
var element = document.createElement("script");
element.src = "inc/qr-1.1.3.min.js";
document.body.appendChild(element);
}
setTimeout(function() { showQrCode(caller,true);}, 200); // Retry in 200 milliseconds.
return false;
}
// Remove previous qrcode if present.
remove_qrcode();
// Build the div which contains the QR-Code:
var element = document.createElement('div');
element.id="permalinkQrcode";
// Make QR-Code div commit sepuku when clicked:
element.addEventListener('click', remove_qrcode ); // Works on every canvas supported browser
// Build the QR-Code:
var image = qr.image({size: 8,value: caller.getAttribute('data-permalink')});
if (image)
{
element.appendChild(image);
element.innerHTML+= "<br>Click to close";
caller.parentNode.appendChild(element);
}
else
{
element.innerHTML="Your browser does not seem to be HTML5 compatible.";
}
return false;
}
</script>
<script src="inc/awesomplete.min.js#"></script>
</body>
</html>
Reference in a new issue View git blame Copy permalink