[Mrbs-commits] SF.net SVN: mrbs:[2200] mrbs/trunk/web/edit_entry.php

Fri, 16 Dec 2011 10:06:53 -0800 

Revision: 2200
          http://mrbs.svn.sourceforge.net/mrbs/?rev=2200&view=rev
Author:   cimorrison
Date:     2011-12-16 18:06:43 +0000 (Fri, 16 Dec 2011)
Log Message:
-----------
Escaped JavaScript strings

Modified Paths:
--------------
    mrbs/trunk/web/edit_entry.php

Modified: mrbs/trunk/web/edit_entry.php
===================================================================
--- mrbs/trunk/web/edit_entry.php       2011-12-16 16:24:26 UTC (rev 2199)
+++ mrbs/trunk/web/edit_entry.php       2011-12-16 18:06:43 UTC (rev 2200)
@@ -990,7 +990,7 @@
     // null strings and spaces only strings not allowed
     if(/(^$)|(^\s+$)/.test(form.name.value))
     {
-      alert ( "<?php echo get_vocab("you_have_not_entered") . '\n' . 
get_vocab("brief_description") ?>");
+      alert("<?php echo escape_js(get_vocab('you_have_not_entered')) . '\n' . 
escape_js(get_vocab('brief_description')) ?>");
       return false;
     }
   }
@@ -1001,7 +1001,7 @@
   var dateDiff = getDateDifference(form);
   if (dateDiff < 0)
   {
-    alert('<?php echo get_vocab("start_after_end_long")?>');
+    alert("<?php echo escape_js(get_vocab('start_after_end_long'))?>");
     return false;
   }
 
@@ -1026,7 +1026,7 @@
       form.rep_type[<?php echo REP_N_WEEKLY ?>].checked && 
       (!n || n < 2))
   {
-    alert("<?php echo get_vocab("you_have_not_entered") . '\n' . 
get_vocab("useful_n-weekly_value") ?>");
+    alert("<?php echo escape_js(get_vocab('you_have_not_entered')) . '\n' . 
escape_js(get_vocab('useful_n-weekly_value')) ?>");
     return false;
   }
   
@@ -1036,7 +1036,7 @@
   // has been chosen
   if (form.elements['rooms'].selectedIndex == -1 )
   {
-    alert("<?php echo get_vocab("you_have_not_selected") . '\n' . 
get_vocab("valid_room") ?>");
+    alert("<?php echo escape_js(get_vocab('you_have_not_selected')) . '\n' . 
escape_js(get_vocab('valid_room')) ?>");
     return false;
   }
   
@@ -1071,11 +1071,7 @@
                label = $("label[for="+value+"]").html();
                label = label.replace(/:$/, '');
                alert('"' + label + '" ' +
-                 <?php echo '"'.
-                         str_replace('"', '\\"',
-                                     get_vocab("is_mandatory_field")
-                                    ).
-                         '"'; ?>);
+                 <?php echo '"' . escape_js(get_vocab('is_mandatory_field')) . 
'"'; ?>);
                return_val = false;
              }
            });

This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.


------------------------------------------------------------------------------
Learn Windows Azure Live!  Tuesday, Dec 13, 2011
Microsoft is holding a special Learn Windows Azure training event for 
developers. It will provide a great way to learn Windows Azure and what it 
provides. You can attend the event by watching it streamed LIVE online.  
Learn more at http://p.sf.net/sfu/ms-windowsazure
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits

Reply via email to