ifl/iflrandevu
1
1
Fork 0
forked from mirrors/easyappointments
Code Issues 6 Pull requests Releases 3 Activity

Apply the new escape helper function to the view files

Browse source
This commit is contained in:
Alex Tselegidis 2023-03-13 08:18:39 +01:00
parent 9b66e9fedc
commit 453c6e1302
7 changed files with 39 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
application/views/components/appointments_modal.php
View file

@ -43,6 +43,7 @@
// Group services by category, only if there is at least one service
// with a parent category.
$has_category = FALSE;
foreach ($available_services as $service)
{
if ( ! empty($service['category_id']))
@ -72,6 +73,7 @@
// We need the uncategorized services at the end of the list, so we will use
// another iteration only for the uncategorized services.
$grouped_services['uncategorized'] = [];
foreach ($available_services as $service)
{
if ($service['category_id'] == NULL)
@ -83,7 +85,7 @@
foreach ($grouped_services as $key => $group)
{
$group_label = $key !== 'uncategorized'
? $group[0]['category_name']
? e($group[0]['category_name'])
: 'Uncategorized';
if (count($group) > 0)
@ -93,7 +95,7 @@
foreach ($group as $service)
{
echo '<option value="' . $service['id'] . '">'
. $service['name'] . '</option>';
. e($service['name']) . '</option>';
}
echo '</optgroup>';
@ -105,7 +107,7 @@
foreach ($available_services as $service)
{
echo '<option value="' . $service['id'] . '">'
. $service['name'] . '</option>';
. e($service['name']) . '</option>';
}
}
?>
@ -137,8 +139,8 @@
</label>
<select id="appointment-status" class="form-control">
<?php foreach ($appointment_status_options as $appointment_status_option): ?>
<option value="<?= $appointment_status_option ?>">
<?= $appointment_status_option ?>
<option value="<?= e($appointment_status_option) ?>">
<?= e($appointment_status_option) ?>
</option>
<?php endforeach ?>
</select>

2
application/views/components/backend_footer.php
View file

@ -44,7 +44,7 @@
<div class="ms-lg-auto">
<strong id="footer-user-display-name">
<?= lang('hello') . ', ' . $user_display_name ?>!
<?= lang('hello') . ', ' . e($user_display_name) ?>!
</strong>
</div>
</div>

4
application/views/components/google_analytics_script.php
View file

@ -10,7 +10,7 @@
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,"script","//www.google-analytics.com/analytics.js","ga");
ga("create", "<?= $google_analytics_code ?>", "auto");
ga("create", "<?= e($google_analytics_code) ?>", "auto");
ga("send", "pageview");
</script>
<?php endif ?>
@ -21,7 +21,7 @@
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag("js", new Date());
gtag("config", "<?= $google_analytics_code ?>");
gtag("config", "<?= e($google_analytics_code) ?>");
</script>
<?php endif ?>

4
application/views/components/matomo_analytics_script.php
View file

@ -13,7 +13,7 @@
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function () {
var u = "<?= $matomo_analytics_url ?>";
var u = "<?= e($matomo_analytics_url) ?>";
_paq.push(['setTrackerUrl', u + 'matomo.php']);
_paq.push(['setSiteId', '1']);
var d = document, g = d.createElement('script'), s = d.getElementsByTagName('script')[0];
@ -24,7 +24,7 @@
</script>
<noscript>
<p><img src="<?= $matomo_analytics_url ?>matomo.php?idsite=1&amp;rec=1" style="border:0;" alt=""/></p>
<p><img src="<?= e($matomo_analytics_url) ?>matomo.php?idsite=1&amp;rec=1" style="border:0;" alt=""/></p>
</noscript>
<?php endif ?>

4
application/views/emails/account_recovery_email.php
View file

@ -16,7 +16,7 @@
<div class="email-container" style="width: 650px; border: 1px solid #eee;">
<div id="header" style="background-color: #429a82; height: 45px; padding: 10px 15px;">
<strong id="logo" style="color: white; font-size: 20px; margin-top: 10px; display: inline-block">
<?= $settings['company_name'] ?>
<?= e($settings['company_name']) ?>
</strong>
</div>
@ -37,7 +37,7 @@
</a>
|
<a href="<?= $settings['company_link'] ?>" style="text-decoration: none;">
<?= $settings['company_name'] ?>
<?= e($settings['company_name']) ?>
</a>
</div>
</div>

24
application/views/emails/appointment_deleted_email.php
View file

@ -21,7 +21,7 @@
<div class="email-container" style="width: 650px; border: 1px solid #eee;">
<div id="header" style="background-color: #429a82; height: 45px; padding: 10px 15px;">
<strong id="logo" style="color: white; font-size: 20px; margin-top: 10px; display: inline-block">
<?= $settings['company_name'] ?>
<?= e($settings['company_name']) ?>
</strong>
</div>
@ -44,7 +44,7 @@
<?= lang('service') ?>
</td>
<td style="padding: 3px;">
<?= $service['name'] ?>
<?= e($service['name']) ?>
</td>
</tr>
<tr>
@ -52,7 +52,7 @@
<?= lang('provider') ?>
</td>
<td style="padding: 3px;">
<?= $provider['first_name'] . ' ' . $provider['last_name'] ?>
<?= e($provider['first_name'] . ' ' . $provider['last_name']) ?>
</td>
</tr>
<tr>
@ -87,7 +87,7 @@
<?= lang('location') ?>
</td>
<td style="padding: 3px;">
<?= $appointment['location'] ?>
<?= e($appointment['location']) ?>
</td>
</tr>
<?php endif ?>
@ -98,7 +98,7 @@
<?= lang('notes') ?>
</td>
<td style="padding: 3px;">
<?= $appointment['notes'] ?>
<?= e($appointment['notes']) ?>
</td>
</tr>
<?php endif ?>
@ -114,7 +114,7 @@
<?= lang('name') ?>
</td>
<td style="padding: 3px;">
<?= $customer['first_name'] . ' ' . $customer['last_name'] ?>
<?= e($customer['first_name'] . ' ' . $customer['last_name']) ?>
</td>
</tr>
<tr>
@ -122,7 +122,7 @@
<?= lang('email') ?>
</td>
<td style="padding: 3px;">
<?= $customer['email'] ?>
<?= e($customer['email']) ?>
</td>
</tr>
<tr>
@ -130,7 +130,7 @@
<?= lang('phone_number') ?>
</td>
<td style="padding: 3px;">
<?= $customer['phone_number'] ?>
<?= e($customer['phone_number']) ?>
</td>
</tr>
<tr>
@ -138,7 +138,7 @@
<?= lang('address') ?>
</td>
<td style="padding: 3px;">
<?= $customer['address'] ?>
<?= e($customer['address']) ?>
</td>
</tr>
</table>
@ -148,7 +148,7 @@
</h2>
<p>
<?= $reason ?>
<?= e($reason) ?>
</p>
</div>
@ -159,8 +159,8 @@
Easy!Appointments
</a>
|
<a href="<?= $settings['company_link'] ?>" style="text-decoration: none;">
<?= $settings['company_name'] ?>
<a href="<?= e($settings['company_link']) ?>" style="text-decoration: none;">
<?= e($settings['company_name']) ?>
</a>
</div>
</div>

26
application/views/emails/appointment_saved_email.php
View file

@ -25,7 +25,7 @@
<div class="email-container" style="width: 650px; border: 1px solid #eee;">
<div id="header" style="background-color: #429a82; height: 45px; padding: 10px 15px;">
<strong id="logo" style="color: white; font-size: 20px; margin-top: 10px; display: inline-block">
<?= $settings['company_name'] ?>
<?= e($settings['company_name']) ?>
</strong>
</div>
@ -48,7 +48,7 @@
<?= lang('service') ?>
</td>
<td style="padding: 3px;">
<?= $service['name'] ?>
<?= e($service['name']) ?>
</td>
</tr>
<tr>
@ -56,7 +56,7 @@
<?= lang('provider') ?>
</td>
<td style="padding: 3px;">
<?= $provider['first_name'] . ' ' . $provider['last_name'] ?>
<?= e($provider['first_name'] . ' ' . $provider['last_name']) ?>
</td>
</tr>
<tr>
@ -91,7 +91,7 @@
<?= lang('location') ?>
</td>
<td style="padding: 3px;">
<?= $appointment['location'] ?>
<?= e($appointment['location']) ?>
</td>
</tr>
<?php endif ?>
@ -102,7 +102,7 @@
<?= lang('notes') ?>
</td>
<td style="padding: 3px;">
<?= $appointment['notes'] ?>
<?= e($appointment['notes']) ?>
</td>
</tr>
<?php endif ?>
@ -118,7 +118,7 @@
<?= lang('name') ?>
</td>
<td style="padding: 3px;">
<?= $customer['first_name'] . ' ' . $customer['last_name'] ?>
<?= e($customer['first_name'] . ' ' . $customer['last_name']) ?>
</td>
</tr>
<tr>
@ -126,7 +126,7 @@
<?= lang('email') ?>
</td>
<td style="padding: 3px;">
<?= $customer['email'] ?>
<?= e($customer['email']) ?>
</td>
</tr>
<tr>
@ -134,7 +134,7 @@
<?= lang('phone_number') ?>
</td>
<td style="padding: 3px;">
<?= $customer['phone_number'] ?>
<?= e($customer['phone_number']) ?>
</td>
</tr>
<tr>
@ -142,7 +142,7 @@
<?= lang('address') ?>
</td>
<td style="padding: 3px;">
<?= $customer['address'] ?>
<?= e($customer['address']) ?>
</td>
</tr>
</table>
@ -151,8 +151,8 @@
<?= lang('appointment_link_title') ?>
</h2>
<a href="<?= $appointment_link ?>" style="width: 600px;">
<?= $appointment_link ?>
<a href="<?= e($appointment_link) ?>" style="width: 600px;">
<?= e($appointment_link) ?>
</a>
</div>
@ -163,8 +163,8 @@
Easy!Appointments
</a>
|
<a href="<?= $settings['company_link'] ?>" style="text-decoration: none;">
<?= $settings['company_name'] ?>
<a href="<?= e($settings['company_link']) ?>" style="text-decoration: none;">
<?= e($settings['company_name']) ?>
</a>
</div>
</div>