From 617bd4bd2eafbe446c4e664ab41249a3439f8dc2 Mon Sep 17 00:00:00 2001
From: Demian Katz <demian.katz@villanova.edu>
Date: Fri, 14 Sep 2012 07:11:03 -0400
Subject: [PATCH] Adjusted wording; added missing escape; fixed some standards
 compliance issues (uppercase POST, <style> inside <body>).

---
 .../templates/install/fixdatabase.phtml       |  2 +-
 .../templates/upgrade/fixanonymoustags.phtml  |  2 +-
 .../templates/upgrade/fixmetadata.phtml       |  2 +-
 .../templates/upgrade/getdbcredentials.phtml  |  2 +-
 .../blueprint/templates/upgrade/showsql.phtml | 23 +++++++++----------
 5 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/themes/blueprint/templates/install/fixdatabase.phtml b/themes/blueprint/templates/install/fixdatabase.phtml
index 5601c15e143..fd981534ab2 100644
--- a/themes/blueprint/templates/install/fixdatabase.phtml
+++ b/themes/blueprint/templates/install/fixdatabase.phtml
@@ -11,7 +11,7 @@
 
 <p>To create a new database for VuFind, please fill in this form:</p>
 
-<form method="POST">
+<form method="post">
   <table>
     <tbody>
       <tr><td>New database name: </td><td><input type="text" name="dbname" value="<?=$this->escapeHtml($this->dbname)?>"/></td></tr>
diff --git a/themes/blueprint/templates/upgrade/fixanonymoustags.phtml b/themes/blueprint/templates/upgrade/fixanonymoustags.phtml
index 759c5b930da..ffad6960b7a 100644
--- a/themes/blueprint/templates/upgrade/fixanonymoustags.phtml
+++ b/themes/blueprint/templates/upgrade/fixanonymoustags.phtml
@@ -20,7 +20,7 @@ an administrator) to associate with old anonymous tags.</p>
 
 <br />
 
-<form method="POST" action="<?=$this->url('upgrade-fixanonymoustags')?>">
+<form method="post" action="<?=$this->url('upgrade-fixanonymoustags')?>">
   <?=$this->transEsc('Username') ?>: <input type="text" name="username" /> <input type="submit" name="submit" value="<?=$this->transEsc('Submit') ?>" /><br /><br />
   <input type="submit" name="skip" value="<?=$this->transEsc('skip_step') ?>." onclick="return confirm('<?=$this->transEsc('skip_confirm') ?>');"/>
 </form>
\ No newline at end of file
diff --git a/themes/blueprint/templates/upgrade/fixmetadata.phtml b/themes/blueprint/templates/upgrade/fixmetadata.phtml
index 40ebeb0ac67..d25aa35b9c9 100644
--- a/themes/blueprint/templates/upgrade/fixmetadata.phtml
+++ b/themes/blueprint/templates/upgrade/fixmetadata.phtml
@@ -13,7 +13,7 @@ but it will improve the user experience by allowing proper sorting of favorites
 
 <br />
 
-<form method="POST" action="<?=$this->url('upgrade-fixmetadata')?>">
+<form method="post" action="<?=$this->url('upgrade-fixmetadata')?>">
   <input type="submit" name="submit" value="<?=$this->transEsc('fix_metadata') ?>." /><br /><br />
   <input type="submit" name="skip" value="<?=$this->transEsc('skip_fix_metadata') ?>." onclick="return confirm('<?=$this->transEsc('skip_confirm') ?>');"/>
 </form>
\ No newline at end of file
diff --git a/themes/blueprint/templates/upgrade/getdbcredentials.phtml b/themes/blueprint/templates/upgrade/getdbcredentials.phtml
index 7a9433f9ef2..e0851b2f33c 100644
--- a/themes/blueprint/templates/upgrade/getdbcredentials.phtml
+++ b/themes/blueprint/templates/upgrade/getdbcredentials.phtml
@@ -11,7 +11,7 @@
 <p>VuFind's database structure needs to be updated for the new version.  Please enter a database username and password
 with permission to alter and create tables.</p>
 
-<form method="POST" action="<?=$this->url('upgrade-getdbcredentials')?>">
+<form method="post" action="<?=$this->url('upgrade-getdbcredentials')?>">
   <table>
     <tbody>
       <tr><td>MySQL Root User: </td><td><input type="text" name="dbrootuser" value="<?=$this->escapeHtml($this->dbrootuser)?>"/></td></tr>
diff --git a/themes/blueprint/templates/upgrade/showsql.phtml b/themes/blueprint/templates/upgrade/showsql.phtml
index 7aba031e15a..4af0746d0d6 100644
--- a/themes/blueprint/templates/upgrade/showsql.phtml
+++ b/themes/blueprint/templates/upgrade/showsql.phtml
@@ -4,21 +4,20 @@
 
     // Set up breadcrumbs:
     $this->layout()->breadcrumbs = '<em>' . $this->transEsc('Upgrade VuFind') . '</em>';
+
+    // Set up styles:
+    $this->headstyle()->appendStyle(
+        "pre {\n"
+        . "  padding:8px; margin:1em 2em; background:#EEE; border:1px dashed #CCC;\n"
+        . "}\n"
+    );
 ?>
-<style>
-    pre {
-        padding:8px;
-        margin:1em 2em;
-        background:#EEE;
-        border:1px dashed #CCC;
-    }
-</style>
 <h1><?=$this->transEsc('Upgrade VuFind')?></h1>
 <?=$this->flashmessages()?>
-<p>Save this SQL somewhere safe:</p>
+<p>These SQL statements can be used to manually upgrade your database:</p>
 
-<pre><?=trim($this->sql) ?></pre>
+<pre><?=$this->escapeHtml(trim($this->sql))?></pre>
 
-<form method="POST" action="<?=$this->url('upgrade-showsql')?>">
-    <input type="submit" name="continue" value="Next">
+<form method="post" action="<?=$this->url('upgrade-showsql')?>">
+  <input type="submit" name="continue" value="Next" />
 </form>
\ No newline at end of file
-- 
GitLab