diff --git a/themes/blueprint/templates/Auth/AbstractBase/login.phtml b/themes/blueprint/templates/Auth/AbstractBase/login.phtml
index ee38214e7d5fb45287a29500cbc40cf63d1d4f87..13e7018fe5eeabd746f702ab28fb7deebd7a56dc 100644
--- a/themes/blueprint/templates/Auth/AbstractBase/login.phtml
+++ b/themes/blueprint/templates/Auth/AbstractBase/login.phtml
@@ -19,5 +19,5 @@
<a class="forgot_password" href="<?=$this->url('myresearch-recover')?>"><?=$this->transEsc('Forgot Password')?></a>
<? endif; ?>
<? else: ?>
- <a href="<?=$this->escapeHtml($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
+ <a href="<?=$this->escapeHtmlAttr($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
<? endif; ?>
diff --git a/themes/blueprint/templates/Auth/AbstractBase/loginfields.phtml b/themes/blueprint/templates/Auth/AbstractBase/loginfields.phtml
index 707a379f5e475b4a61c1d1a44eccf13753ff5a06..3398d2bf4a674fad8ba7fc0348da9833547cf94b 100644
--- a/themes/blueprint/templates/Auth/AbstractBase/loginfields.phtml
+++ b/themes/blueprint/templates/Auth/AbstractBase/loginfields.phtml
@@ -1,5 +1,5 @@
<label class="span-2" for="login_username"><?=$this->transEsc('Username')?>:</label>
-<input id="login_username" type="text" name="username" value="<?=$this->escapeHtml($this->request->get('username'))?>" size="15" class="mainFocus <?=$this->jqueryValidation(array('required'=>'This field is required'))?>"/>
+<input id="login_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>" size="15" class="mainFocus <?=$this->jqueryValidation(array('required'=>'This field is required'))?>"/>
<br class="clear"/>
<label class="span-2" for="login_password"><?=$this->transEsc('Password')?>:</label>
<input id="login_password" type="password" name="password" size="15" class="<?=$this->jqueryValidation(array('required'=>'This field is required'))?>"/>
diff --git a/themes/blueprint/templates/Auth/Database/create.phtml b/themes/blueprint/templates/Auth/Database/create.phtml
index ebdcaaed0d94139dbee0c2795bd200e6e8c7a674..340d5ae37d61dc2d9c97f9aa609e07ce3868dac1 100644
--- a/themes/blueprint/templates/Auth/Database/create.phtml
+++ b/themes/blueprint/templates/Auth/Database/create.phtml
@@ -1,14 +1,14 @@
<label class="span-3" for="account_firstname"><?=$this->transEsc('First Name')?>:</label>
-<input id="account_firstname" type="text" name="firstname" value="<?=$this->escapeHtml($this->request->get('firstname'))?>" size="30"
+<input id="account_firstname" type="text" name="firstname" value="<?=$this->escapeHtmlAttr($this->request->get('firstname'))?>" size="30"
class="mainFocus <?=$this->jqueryValidation(array('required'=>'This field is required'))?>"/><br class="clear"/>
<label class="span-3" for="account_lastname"><?=$this->transEsc('Last Name')?>:</label>
-<input id="account_lastname" type="text" name="lastname" value="<?=$this->escapeHtml($this->request->get('lastname'))?>" size="30"
+<input id="account_lastname" type="text" name="lastname" value="<?=$this->escapeHtmlAttr($this->request->get('lastname'))?>" size="30"
class="<?=$this->jqueryValidation(array('required'=>'This field is required'))?>"/><br class="clear"/>
<label class="span-3" for="account_email"><?=$this->transEsc('Email Address')?>:</label>
-<input id="account_email" type="text" name="email" value="<?=$this->escapeHtml($this->request->get('email'))?>" size="30"
+<input id="account_email" type="text" name="email" value="<?=$this->escapeHtmlAttr($this->request->get('email'))?>" size="30"
class="<?=$this->jqueryValidation(array('required'=>'This field is required', 'email'=>'Email address is invalid'))?>"/><br class="clear"/>
<label class="span-3" for="account_username"><?=$this->transEsc('Desired Username')?>:</label>
-<input id="account_username" type="text" name="username" value="<?=$this->escapeHtml($this->request->get('username'))?>" size="30"
+<input id="account_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>" size="30"
class="<?=$this->jqueryValidation(array('required'=>'This field is required'))?>"/><br class="clear"/>
<label class="span-3" for="account_password"><?=$this->transEsc('Password')?>:</label>
<input id="account_password" type="password" name="password" size="15"
diff --git a/themes/blueprint/templates/Auth/MultiILS/loginfields.phtml b/themes/blueprint/templates/Auth/MultiILS/loginfields.phtml
index 0280a810eed5651075c6e2e44ef8b8982533604c..fd5dd3c1a39e80c5ecf84122be48d86aea76ff83 100644
--- a/themes/blueprint/templates/Auth/MultiILS/loginfields.phtml
+++ b/themes/blueprint/templates/Auth/MultiILS/loginfields.phtml
@@ -2,12 +2,12 @@
<?$currentTarget = $this->request->get('target'); if (!$currentTarget) $currentTarget = $this->auth()->getManager()->getDefaultLoginTarget();?>
<select id="login_target" name="target">
<?foreach ($this->auth()->getManager()->getLoginTargets() as $target):?>
- <option value="<?=$this->escapeHtml($target)?>"<?=($target == $currentTarget ? ' selected="selected"' : '')?>><?=$this->transEsc("source_$target", null, $target)?></option>
+ <option value="<?=$this->escapeHtmlAttr($target)?>"<?=($target == $currentTarget ? ' selected="selected"' : '')?>><?=$this->transEsc("source_$target", null, $target)?></option>
<? endforeach ?>
</select>
<br class="clear"/>
<label class="span-2" for="login_username"><?=$this->transEsc('Username')?>:</label>
-<input id="login_username" type="text" name="username" value="<?=$this->escapeHtml($this->request->get('username'))?>" size="15" class="mainFocus <?=$this->jqueryValidation(array('required'=>'This field is required'))?>"/>
+<input id="login_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>" size="15" class="mainFocus <?=$this->jqueryValidation(array('required'=>'This field is required'))?>"/>
<br class="clear"/>
<label class="span-2" for="login_password"><?=$this->transEsc('Password')?>:</label>
<input id="login_password" type="password" name="password" size="15" class="<?=$this->jqueryValidation(array('required'=>'This field is required'))?>"/>
diff --git a/themes/blueprint/templates/Auth/Shibboleth/login.phtml b/themes/blueprint/templates/Auth/Shibboleth/login.phtml
index 94f44ef3d93574b3e3bcc672e4abbf1042b762f4..3feb62a33fd7e3948fdb6324a1ed056932524397 100644
--- a/themes/blueprint/templates/Auth/Shibboleth/login.phtml
+++ b/themes/blueprint/templates/Auth/Shibboleth/login.phtml
@@ -1,3 +1,3 @@
<? $account = $this->auth()->getManager(); ?>
<? $sessionInitiator = $account->getSessionInitiator($this->serverUrl($this->url('myresearch-home'))); ?>
-<a href="<?=$this->escapeHtml($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
+<a href="<?=$this->escapeHtmlAttr($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
diff --git a/themes/blueprint/templates/Helpers/openurl.phtml b/themes/blueprint/templates/Helpers/openurl.phtml
index ffddfedadd2346c3045207cab1606a91f88acefc..fb2dbd91658554393aebc742f72b7e798c41606e 100644
--- a/themes/blueprint/templates/Helpers/openurl.phtml
+++ b/themes/blueprint/templates/Helpers/openurl.phtml
@@ -3,25 +3,25 @@
if ($this->openUrlEmbed) {
$class = ' class="fulltext openUrlEmbed openurl_id:' . $this->openUrlId . '"';
} elseif ($this->openUrlWindow) {
- $class = ' class="fulltext openUrlWindow window_settings:' . $this->escapeHtml($this->openUrlWindow) . '"';
+ $class = ' class="fulltext openUrlWindow window_settings:' . $this->escapeHtmlAttr($this->openUrlWindow) . '"';
} else {
$class = '';
}
?>
-<a href="<?=$this->escapeHtml($this->openUrlBase . '?' . $this->openUrl)?>"<?=$class?>>
+<a href="<?=$this->escapeHtmlAttr($this->openUrlBase . '?' . $this->openUrl)?>"<?=$class?>>
<? /* put the openUrl here in a span (COinS almost) so we can retrieve it later */ ?>
- <span title="<?=$this->escapeHtml($this->openUrl)?>" class="openUrl"></span>
+ <span title="<?=$this->escapeHtmlAttr($this->openUrl)?>" class="openUrl"></span>
<? if ($this->openUrlGraphic): ?>
<?
$style = '';
if ($this->openUrlGraphicWidth) {
- $style .= 'width:' . $this->escapeHtml($this->openUrlGraphicWidth) . 'px;';
+ $style .= 'width:' . $this->escapeHtmlAttr($this->openUrlGraphicWidth) . 'px;';
}
if ($this->openUrlGraphicHeight) {
- $style .= 'height:' . $this->escapeHtml($this->openUrlGraphicHeight) . 'px;';
+ $style .= 'height:' . $this->escapeHtmlAttr($this->openUrlGraphicHeight) . 'px;';
}
?>
- <img src="<?=$this->escapeHtml($this->openUrlGraphic)?>" alt="<?=$this->transEsc('Get full text')?>" style="<?=$style?>" />
+ <img src="<?=$this->escapeHtmlAttr($this->openUrlGraphic)?>" alt="<?=$this->transEsc('Get full text')?>" style="<?=$style?>" />
<? else: ?>
<?=$this->transEsc('Get full text')?>
<? endif; ?>
diff --git a/themes/blueprint/templates/Recommend/AuthorInfo.phtml b/themes/blueprint/templates/Recommend/AuthorInfo.phtml
index baeb778dbd8c1f9086ef7b9d150c1e0e0479ff43..9609eb13f67a6dd577e2ef40479ccc120bf69201 100644
--- a/themes/blueprint/templates/Recommend/AuthorInfo.phtml
+++ b/themes/blueprint/templates/Recommend/AuthorInfo.phtml
@@ -4,12 +4,12 @@
<h2><?=$this->info['name'] ?></h2>
<? if (isset($this->info['image'])): ?>
- <img src="<?=$this->info['image'] ?>" alt="<?=$this->escapeHtml($this->info['altimage']) ?>" width="150px" class="alignleft recordcover"/>
+ <img src="<?=$this->info['image'] ?>" alt="<?=$this->escapeHtmlAttr($this->info['altimage']) ?>" width="150px" class="alignleft recordcover"/>
<? endif; ?>
<?=preg_replace('/___baseurl___/', $this->url('search-results'), $this->info['description']) ?>
- <div class="providerLink"><a class="wikipedia" href="http://<?=$this->info['wiki_lang'] ?>.wikipedia.org/wiki/<?=$this->escapeHtml($this->info['name']/*url*/) ?>" target="new"><?=$this->transEsc('wiki_link') ?></a></div>
+ <div class="providerLink"><a class="wikipedia" href="http://<?=$this->info['wiki_lang'] ?>.wikipedia.org/wiki/<?=$this->escapeHtmlAttr($this->info['name']/*url*/) ?>" target="new"><?=$this->transEsc('wiki_link') ?></a></div>
<div class="clear"></div>
</div>
diff --git a/themes/blueprint/templates/Recommend/CollectionSideFacets.phtml b/themes/blueprint/templates/Recommend/CollectionSideFacets.phtml
index 2bd168e5ab4c7ce8c9b75a960a4598b6cc01c6b2..6eb163b306a2989607ce14aba99b530c23e8fa0c 100644
--- a/themes/blueprint/templates/Recommend/CollectionSideFacets.phtml
+++ b/themes/blueprint/templates/Recommend/CollectionSideFacets.phtml
@@ -22,10 +22,10 @@
<dt><?=$this->transEsc('Keyword Filter')?></dt>
<dd style="padding: 0">
<form method="get" action="" name="keywordFilterForm" id="keywordFilterForm" class="keywordFilterForm">
- <input id="keywordFilter_lookfor" type="text" name="lookfor" size="27" value="<?=$this->escapeHtml($keywordFilter)?>"/>
+ <input id="keywordFilter_lookfor" type="text" name="lookfor" size="27" value="<?=$this->escapeHtmlAttr($keywordFilter)?>"/>
<? foreach ($this->recommend->getResults()->getParams()->getFilterList(true) as $field => $filters): ?>
<? foreach ($filters as $filter): ?>
- <input type="hidden" name="filter[]" value="<?=$this->escapeHtml($filter['field'])?>:"<?=$this->escapeHtml($filter['value'])?>"" />
+ <input type="hidden" name="filter[]" value="<?=$this->escapeHtmlAttr($filter['field'])?>:"<?=$this->escapeHtmlAttr($filter['value'])?>"" />
<? endforeach; ?>
<? endforeach; ?>
<input type="submit" name="submit" value="<?=$this->transEsc('Set')?>"/>
diff --git a/themes/blueprint/templates/Recommend/EuropeanaResults.phtml b/themes/blueprint/templates/Recommend/EuropeanaResults.phtml
index c48c7a8cf10f68300ad9779ec82263487bbdae69..dee1a15902be9643d80dab491618a5d67de63787 100644
--- a/themes/blueprint/templates/Recommend/EuropeanaResults.phtml
+++ b/themes/blueprint/templates/Recommend/EuropeanaResults.phtml
@@ -12,9 +12,9 @@
<li class="suggestedResult <? (++$i % 2) ? 'alt ' : ''?>record<?=$i?>">
<div class="resultitem">
<? if (isset($work['enclosure'])): ?>
- <span class="europeanaImg"><img src="<?=$this->escapeHtml($work['enclosure'])?>" id="europeanaImage<?=$this->escapeHtml($workKey)?>" style="display: none;" class="europeanaImage" onload="document.getElementById('europeanaImage<?=$this->escapeHtml($workKey)?>').style.display = 'inline';"/></span>
+ <span class="europeanaImg"><img src="<?=$this->escapeHtmlAttr($work['enclosure'])?>" id="europeanaImage<?=$this->escapeHtmlAttr($workKey)?>" style="display: none;" class="europeanaImage" onload="document.getElementById('europeanaImage<?=$this->escapeHtmlAttr($workKey)?>').style.display = 'inline';"/></span>
<? endif; ?>
- <a href="<?=$this->escapeHtml($work['link'])?>" target="_blank">
+ <a href="<?=$this->escapeHtmlAttr($work['link'])?>" target="_blank">
<span><?=$this->escapeHtml($this->truncate($work['title'], 90))?></span>
</a>
<div class="clearer"></div>
@@ -22,7 +22,7 @@
<? endforeach; ?>
</ul>
<p class="olSubjectMore">
- <a href="<?=$this->escapeHtml($data['sourceLink'])?>" title="<?=$this->escapeHtml($data['feedTitle'])?>" target="_blank">
+ <a href="<?=$this->escapeHtmlAttr($data['sourceLink'])?>" title="<?=$this->escapeHtmlAttr($data['feedTitle'])?>" target="_blank">
<?=$this->transEsc('more')?>...
</a>
</p>
diff --git a/themes/blueprint/templates/Recommend/OpenLibrarySubjects.phtml b/themes/blueprint/templates/Recommend/OpenLibrarySubjects.phtml
index d070a96b0989b44a86cbf9d8219ad2d2d1fac2f7..540a990f1fca532bb5a84ee7699661ae62da2d65 100644
--- a/themes/blueprint/templates/Recommend/OpenLibrarySubjects.phtml
+++ b/themes/blueprint/templates/Recommend/OpenLibrarySubjects.phtml
@@ -8,9 +8,9 @@
<a href="http://openlibrary.org<?=$work['key']?>" title="<?=$this->transEsc('Get full text')?>" target="_blank">
<span class="olSubjectCover">
<? if (isset($work['cover_id']) && !empty($work['cover_id'])): ?>
- <img src="http://covers.openlibrary.org/b/<?=$this->escapeHtml($work['cover_id_type'])?>/<?=$this->escapeHtml($work['cover_id'])?>-S.jpg" class="olSubjectImage" alt="<?=$this->escapeHtml($work['title'])?>" />
+ <img src="http://covers.openlibrary.org/b/<?=$this->escapeHtmlAttr($work['cover_id_type'])?>/<?=$this->escapeHtmlAttr($work['cover_id'])?>-S.jpg" class="olSubjectImage" alt="<?=$this->escapeHtmlAttr($work['title'])?>" />
<? else: ?>
- <img src="<?=$this->imageLink('noCover2.gif')?>" class="olSubjectImage" alt="<?=$this->escapeHtml($work['title'])?>" />
+ <img src="<?=$this->imageLink('noCover2.gif')?>" class="olSubjectImage" alt="<?=$this->escapeHtmlAttr($work['title'])?>" />
<? endif; ?>
</span>
<span><?=$this->escapeHtml($this->truncate($work['title'], 50))?></span>
diff --git a/themes/blueprint/templates/Recommend/RandomRecommend.phtml b/themes/blueprint/templates/Recommend/RandomRecommend.phtml
index c66550b99471310ac21afc7b1c5add5f1b8ebd5c..2cfc3e9854a02f5f1417b67aa03f0d7f384d7eaf 100644
--- a/themes/blueprint/templates/Recommend/RandomRecommend.phtml
+++ b/themes/blueprint/templates/Recommend/RandomRecommend.phtml
@@ -12,11 +12,11 @@
<? $smallThumb = $this->record($driver)->getThumbnail('small'); $mediumThumb = $this->record($driver)->getThumbnail('medium'); ?>
<? if ($smallThumb): ?>
<a href="<?=$this->recordLink()->getUrl($driver)?>">
- <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtml($smallThumb);?>"/>
+ <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtmlAttr($smallThumb);?>"/>
</a>
<?elseif($mediumThumb):?>
<a href="<?=$this->recordLink()->getUrl($driver)?>">
- <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtml($mediumThumb);?>"/>
+ <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtmlAttr($mediumThumb);?>"/>
</a>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="recordcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
diff --git a/themes/blueprint/templates/Recommend/SideFacets.phtml b/themes/blueprint/templates/Recommend/SideFacets.phtml
index b73a7bcd11f4044767ccefcb0cddc0844c322013..e0eec75f4875a3e2b21b20c3e26dd7cc5e628574 100644
--- a/themes/blueprint/templates/Recommend/SideFacets.phtml
+++ b/themes/blueprint/templates/Recommend/SideFacets.phtml
@@ -4,10 +4,10 @@
<? $checkboxFilters = $results->getParams()->getCheckboxFacets(); if (count($checkboxFilters) > 0): ?>
<? foreach ($checkboxFilters as $current): ?>
<div class="checkboxFilter<?=($results->getResultTotal() < 1 && !$current['selected'] && !$current['alwaysVisible']) ? ' hide' : ''?>">
- <input type="checkbox" name="filter[]" value="<?=$this->escapeHtml($current['filter'])?>"
- <?=$current['selected'] ? 'checked="checked"' : ''?> id="<?=$this->escapeHtml(str_replace(' ', '', $current['desc']))?>"
+ <input type="checkbox" name="filter[]" value="<?=$this->escapeHtmlAttr($current['filter'])?>"
+ <?=$current['selected'] ? 'checked="checked"' : ''?> id="<?=$this->escapeHtmlAttr(str_replace(' ', '', $current['desc']))?>"
onclick="document.location.href='<?=$current['selected'] ? $results->getUrlQuery()->removeFilter($current['filter']) : $results->getUrlQuery()->addFilter($current['filter'])?>';" />
- <label for="<?=$this->escapeHtml(str_replace(' ', '', $current['desc']))?>"><?=$this->transEsc($current['desc'])?></label>
+ <label for="<?=$this->escapeHtmlAttr(str_replace(' ', '', $current['desc']))?>"><?=$this->transEsc($current['desc'])?></label>
</div>
<? endforeach; ?>
<? endif; ?>
@@ -47,27 +47,27 @@
<? if ($rangeFacets[$title]['type'] == 'date'): ?>
<? /* Load the publication date slider UI widget */ $this->headScript()->appendFile('pubdate_slider.js'); ?>
<? endif; ?>
- <form action="" name="<?=$this->escapeHtml($title)?>Filter" id="<?=$this->escapeHtml($title)?>Filter">
+ <form action="" name="<?=$this->escapeHtmlAttr($title)?>Filter" id="<?=$this->escapeHtmlAttr($title)?>Filter">
<?=$results->getUrlQuery()->asHiddenFields(array('page' => '/./', 'filter' => "/^{$title}:.*/"))?>
- <input type="hidden" name="<?=$this->escapeHtml($rangeFacets[$title]['type'])?>range[]" value="<?=$this->escapeHtml($title)?>"/>
- <fieldset class="publishDateLimit" id="<?=$this->escapeHtml($title)?>">
+ <input type="hidden" name="<?=$this->escapeHtmlAttr($rangeFacets[$title]['type'])?>range[]" value="<?=$this->escapeHtmlAttr($title)?>"/>
+ <fieldset class="publishDateLimit" id="<?=$this->escapeHtmlAttr($title)?>">
<legend><?=$this->transEsc($cluster['label'])?></legend>
- <label for="<?=$this->escapeHtml($title)?>from"><?=$this->transEsc('date_from')?>:</label>
- <input type="text" size="4" maxlength="4" class="yearbox" name="<?=$this->escapeHtml($title)?>from" id="<?=$this->escapeHtml($title)?>from" value="<?=isset($rangeFacets[$title]['values'][0])?$this->escapeHtml($rangeFacets[$title]['values'][0]):''?>" />
- <label for="<?=$this->escapeHtml($title)?>to"><?=$this->transEsc('date_to')?>:</label>
- <input type="text" size="4" maxlength="4" class="yearbox" name="<?=$this->escapeHtml($title)?>to" id="<?=$this->escapeHtml($title)?>to" value="<?=isset($rangeFacets[$title]['values'][1])?$this->escapeHtml($rangeFacets[$title]['values'][1]):''?>" />
- <div id="<?=$this->escapeHtml($title)?>Slider" class="<?=$this->escapeHtml($rangeFacets[$title]['type'])?>Slider"></div>
- <input type="submit" value="<?=$this->transEsc('Set')?>" id="<?=$this->escapeHtml($title)?>goButton"/>
+ <label for="<?=$this->escapeHtmlAttr($title)?>from"><?=$this->transEsc('date_from')?>:</label>
+ <input type="text" size="4" maxlength="4" class="yearbox" name="<?=$this->escapeHtmlAttr($title)?>from" id="<?=$this->escapeHtmlAttr($title)?>from" value="<?=isset($rangeFacets[$title]['values'][0])?$this->escapeHtmlAttr($rangeFacets[$title]['values'][0]):''?>" />
+ <label for="<?=$this->escapeHtmlAttr($title)?>to"><?=$this->transEsc('date_to')?>:</label>
+ <input type="text" size="4" maxlength="4" class="yearbox" name="<?=$this->escapeHtmlAttr($title)?>to" id="<?=$this->escapeHtmlAttr($title)?>to" value="<?=isset($rangeFacets[$title]['values'][1])?$this->escapeHtmlAttr($rangeFacets[$title]['values'][1]):''?>" />
+ <div id="<?=$this->escapeHtmlAttr($title)?>Slider" class="<?=$this->escapeHtmlAttr($rangeFacets[$title]['type'])?>Slider"></div>
+ <input type="submit" value="<?=$this->transEsc('Set')?>" id="<?=$this->escapeHtmlAttr($title)?>goButton"/>
</fieldset>
</form>
<? else: ?>
<dl class="narrowList navmenu<? if(!in_array($title, $collapsedFacets)): ?> open<? endif ?>">
- <dt class="facet_<?=$this->escapeHtml($title)?>"><?=$this->transEsc($cluster['label'])?></dt>
+ <dt class="facet_<?=$this->escapeHtmlAttr($title)?>"><?=$this->transEsc($cluster['label'])?></dt>
<? $i = 0; foreach ($cluster['list'] as $thisFacet): ?>
<? if (++$i == 6): ?>
- <dd id="more<?=$this->escapeHtml($title)?>"><a href="#" onclick="moreFacets('<?=$this->escapeHtml($title)?>'); return false;"><?=$this->transEsc('more')?> ...</a></dd>
+ <dd id="more<?=$this->escapeHtmlAttr($title)?>"><a href="#" onclick="moreFacets('<?=$this->escapeHtmlAttr($title)?>'); return false;"><?=$this->transEsc('more')?> ...</a></dd>
</dl>
- <dl class="narrowList navmenu offscreen<? if(!in_array($title, $collapsedFacets)): ?> open<? endif ?>" id="narrowGroupHidden_<?=$this->escapeHtml($title)?>">
+ <dl class="narrowList navmenu offscreen<? if(!in_array($title, $collapsedFacets)): ?> open<? endif ?>" id="narrowGroupHidden_<?=$this->escapeHtmlAttr($title)?>">
<? endif; ?>
<? if ($thisFacet['isApplied']): ?>
<dd class="facet<?=$thisFacet['operator'] ?> applied"<? if($thisFacet['operator'] == 'OR'): ?> href="<?=$this->currentPath().$results->getUrlQuery()->removeFacet($title, $thisFacet['value'], true, $thisFacet['operator']) ?>"<? endif ?>><?=$this->escapeHtml($thisFacet['displayText'])?> <img src="<?=$this->imageLink('silk/tick.png')?>" alt="Selected"/></dd>
@@ -80,7 +80,7 @@
</dd>
<? endif; ?>
<? endforeach; ?>
- <? if ($i > 5): ?><dd><a href="#" onclick="lessFacets('<?=$this->escapeHtml($title)?>'); return false;"><?=$this->transEsc('less')?> ...</a></dd><? endif; ?>
+ <? if ($i > 5): ?><dd><a href="#" onclick="lessFacets('<?=$this->escapeHtmlAttr($title)?>'); return false;"><?=$this->transEsc('less')?> ...</a></dd><? endif; ?>
</dl>
<? endif; ?>
<? endforeach; ?>
diff --git a/themes/blueprint/templates/Recommend/SummonBestBets.phtml b/themes/blueprint/templates/Recommend/SummonBestBets.phtml
index 305e3afdba0ccb17142a85336f4f3c00cd931e0b..3302226bb5ab23f8d4de157b955d1deec90666a8 100644
--- a/themes/blueprint/templates/Recommend/SummonBestBets.phtml
+++ b/themes/blueprint/templates/Recommend/SummonBestBets.phtml
@@ -3,7 +3,7 @@
<? foreach ($summonBestBets as $current): ?>
<p>
<? if (isset($current['link']) && !empty($current['link'])):?>
- <a href="<?=$this->escapeHtml($current['link'])?>"><?=$this->escapeHtml($current['title'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($current['link'])?>"><?=$this->escapeHtml($current['title'])?></a>
<? else: ?>
<b><?=$this->escapeHtml($current['title'])?></b>
<? endif; ?>
diff --git a/themes/blueprint/templates/Recommend/SummonDatabases.phtml b/themes/blueprint/templates/Recommend/SummonDatabases.phtml
index ab16b72a7372ebed385bc16a4a4aa92a7a7aa3e5..507840f253d1ed4a9266f5c5ff48a3732988f5a0 100644
--- a/themes/blueprint/templates/Recommend/SummonDatabases.phtml
+++ b/themes/blueprint/templates/Recommend/SummonDatabases.phtml
@@ -2,7 +2,7 @@
<div class="authorbox">
<p><?=$this->transEsc('summon_database_recommendations')?></p>
<? foreach ($summonDatabases as $current): ?>
- <p><a href="<?=$this->escapeHtml($current['link'])?>"><?=$this->escapeHtml($current['title'])?></a><br/><?=$this->escapeHtml($current['description'])?></p>
+ <p><a href="<?=$this->escapeHtmlAttr($current['link'])?>"><?=$this->escapeHtml($current['title'])?></a><br/><?=$this->escapeHtml($current['description'])?></p>
<? endforeach; ?>
</div>
<? endif; ?>
\ No newline at end of file
diff --git a/themes/blueprint/templates/Recommend/SummonTopics.phtml b/themes/blueprint/templates/Recommend/SummonTopics.phtml
index 15f4f8095250aa7d09546a7b13f09de447ec4f21..076c8895617d1d2a1943e75eb9674d7deff45f1e 100644
--- a/themes/blueprint/templates/Recommend/SummonTopics.phtml
+++ b/themes/blueprint/templates/Recommend/SummonTopics.phtml
@@ -5,7 +5,7 @@
<p>
<a href="<?=$this->url('summon-search')?>?lookfor=%22<?=urlencode($summonTopics['title'])?>%22"><?=$this->escapeHtml($summonTopics['title'])?></a><br />
<? if (isset($summonTopics['snippet'])): ?><?=$this->escapeHtml($summonTopics['snippet'])?><? endif; ?>
- <? if (isset($summonTopics['sourceLink'])): ?><a href="<?=$this->escapeHtml($summonTopics['sourceLink'])?>"><?=$this->transEsc('more')?>...</a><? endif; ?>
+ <? if (isset($summonTopics['sourceLink'])): ?><a href="<?=$this->escapeHtmlAttr($summonTopics['sourceLink'])?>"><?=$this->transEsc('more')?>...</a><? endif; ?>
</p>
<? endif; ?>
<? if (isset($summonTopics['relatedTopics']) && !empty($summonTopics['relatedTopics'])): ?>
diff --git a/themes/blueprint/templates/Recommend/WebResults.phtml b/themes/blueprint/templates/Recommend/WebResults.phtml
index 768d72c22ee20f81be10c4a93158beb841620102..701bd836951a71d9f0f87217c2e18072dab493bb 100644
--- a/themes/blueprint/templates/Recommend/WebResults.phtml
+++ b/themes/blueprint/templates/Recommend/WebResults.phtml
@@ -5,7 +5,7 @@
<ul class="similar">
<? foreach ($results as $driver): ?>
<li>
- <a href="<?=$this->escapeHtml($driver->getUrl())?>" class="title"><?
+ <a href="<?=$this->escapeHtmlAttr($driver->getUrl())?>" class="title"><?
$summHighlightedTitle = $driver->getHighlightedTitle();
$summTitle = $driver->getTitle();
if (!empty($summHighlightedTitle)) {
diff --git a/themes/blueprint/templates/RecordDriver/LibGuides/result-list.phtml b/themes/blueprint/templates/RecordDriver/LibGuides/result-list.phtml
index 1bd183a17da95e5718afe200adaf7cdccf627d67..f956d8d46df1a09ef6c9c6e30c2de5acec5f68a8 100644
--- a/themes/blueprint/templates/RecordDriver/LibGuides/result-list.phtml
+++ b/themes/blueprint/templates/RecordDriver/LibGuides/result-list.phtml
@@ -3,7 +3,7 @@
?>
<div class="listentry span-15">
<div class="resultItemLine1">
- <a href="<?=$this->escapeHtml($url)?>" class="title"><?
+ <a href="<?=$this->escapeHtmlAttr($url)?>" class="title"><?
$summTitle = $this->driver->getTitle();
if (!empty($summTitle)) {
echo $this->escapeHtml($this->truncate($summTitle, 180));
diff --git a/themes/blueprint/templates/RecordDriver/Pazpar2/result-list.phtml b/themes/blueprint/templates/RecordDriver/Pazpar2/result-list.phtml
index e89ae99d31cffe683329d9ed97eed3588b13cd6d..20c98d30a591c9dfdc9bd68f4578cfc626390909 100644
--- a/themes/blueprint/templates/RecordDriver/Pazpar2/result-list.phtml
+++ b/themes/blueprint/templates/RecordDriver/Pazpar2/result-list.phtml
@@ -1,8 +1,8 @@
-<div class="result source<?=$this->escapeHtml($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
+<div class="result source<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
<div class="span-2">
<? if ($summThumb = $this->record($this->driver)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -78,7 +78,7 @@
<? endif; ?>
<? if (!is_array($urls)) $urls = array(); foreach ($urls as $current): ?>
<br/>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
<? endforeach; ?>
<? endif; ?>
@@ -95,4 +95,4 @@
<div class="clear"></div>
</div>
-<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtml($openUrl).'"></span>':''?>
+<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtmlAttr($openUrl).'"></span>':''?>
diff --git a/themes/blueprint/templates/RecordDriver/SolrDefault/collection-info.phtml b/themes/blueprint/templates/RecordDriver/SolrDefault/collection-info.phtml
index 0d43b2c810f14e181d17672dee5cf4ed8c4624d0..67d13724aece187e427f6601d77746f9a22f424e 100644
--- a/themes/blueprint/templates/RecordDriver/SolrDefault/collection-info.phtml
+++ b/themes/blueprint/templates/RecordDriver/SolrDefault/collection-info.phtml
@@ -3,8 +3,8 @@
<? $mediumThumb = $this->record($this->driver)->getThumbnail('medium'); $largeThumb = $this->record($this->driver)->getThumbnail('large'); ?>
<? if ($mediumThumb): ?>
<div class="floatright">
- <? if ($largeThumb): ?><a href="<?=$this->escapeHtml($largeThumb)?>"><? endif; ?>
- <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtml($mediumThumb);?>"/>
+ <? if ($largeThumb): ?><a href="<?=$this->escapeHtmlAttr($largeThumb)?>"><? endif; ?>
+ <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtmlAttr($mediumThumb);?>"/>
<? if ($largeThumb): ?></a><? endif; ?>
</div>
<? endif; ?>
@@ -123,7 +123,7 @@
<? $i = 0; foreach ($field as $subfield): ?>
<?=($i++ == 0) ? '' : ' > '?>
<? $subject = trim($subject . ' ' . $subfield); ?>
- <a title="<?=$this->escapeHtml($subject)?>" href="<?=$this->record($this->driver)->getLink('subject', $subject)?>" class="subjectHeading"><?=$this->escapeHtml($subfield)?></a>
+ <a title="<?=$this->escapeHtmlAttr($subject)?>" href="<?=$this->record($this->driver)->getLink('subject', $subject)?>" class="subjectHeading"><?=$this->escapeHtml($subfield)?></a>
<? endforeach; ?>
</div>
<? endforeach; ?>
@@ -141,7 +141,7 @@
<th><?=$this->transEsc('Online Access')?>: </th>
<td>
<? foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
<? endforeach; ?>
<? if ($openUrl): ?>
<?=$this->openUrl($openUrl)?><br/>
diff --git a/themes/blueprint/templates/RecordDriver/SolrDefault/core.phtml b/themes/blueprint/templates/RecordDriver/SolrDefault/core.phtml
index 0eddc23ee9cec91a76c23e3cec66b9a45476d9a3..ef274968ce5c44bd92148d56bfba8f19d154ddce 100644
--- a/themes/blueprint/templates/RecordDriver/SolrDefault/core.phtml
+++ b/themes/blueprint/templates/RecordDriver/SolrDefault/core.phtml
@@ -146,7 +146,7 @@
<? $i = 0; foreach ($field as $subfield): ?>
<?=($i++ == 0) ? '' : ' > '?>
<? $subject = trim($subject . ' ' . $subfield); ?>
- <a title="<?=$this->escapeHtml($subject)?>" href="<?=$this->record($this->driver)->getLink('subject', $subject)?>" class="subjectHeading"><?=$this->escapeHtml($subfield)?></a>
+ <a title="<?=$this->escapeHtmlAttr($subject)?>" href="<?=$this->record($this->driver)->getLink('subject', $subject)?>" class="subjectHeading"><?=$this->escapeHtml($subfield)?></a>
<? endforeach; ?>
</div>
<? endforeach; ?>
@@ -164,7 +164,7 @@
<th><?=$this->transEsc('Online Access')?>: </th>
<td>
<? foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
<? endforeach; ?>
<? if ($openUrl): ?>
<?=$this->openUrl($openUrl)?><br/>
@@ -218,8 +218,8 @@
<? /* Display thumbnail if appropriate: */ ?>
<? $mediumThumb = $this->record($this->driver)->getThumbnail('medium'); $largeThumb = $this->record($this->driver)->getThumbnail('large'); ?>
<? if ($mediumThumb): ?>
- <? if ($largeThumb): ?><a href="<?=$this->escapeHtml($largeThumb)?>"><? endif; ?>
- <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtml($mediumThumb);?>"/>
+ <? if ($largeThumb): ?><a href="<?=$this->escapeHtmlAttr($largeThumb)?>"><? endif; ?>
+ <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtmlAttr($mediumThumb);?>"/>
<? if ($largeThumb): ?></a><? endif; ?>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="recordcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
@@ -228,7 +228,7 @@
<? /* Display qrcode if appropriate: */ ?>
<? $QRCode = $this->record($this->driver)->getQRCode("core"); ?>
<? if($QRCode): ?>
- <img alt="<?=$this->transEsc('QR Code')?>" class="qrcode" src="<?=$this->escapeHtml($QRCode);?>"/>
+ <img alt="<?=$this->transEsc('QR Code')?>" class="qrcode" src="<?=$this->escapeHtmlAttr($QRCode);?>"/>
<? endif; ?>
<? if ($this->userlist()->getMode() !== 'disabled'): ?>
diff --git a/themes/blueprint/templates/RecordDriver/SolrDefault/list-entry.phtml b/themes/blueprint/templates/RecordDriver/SolrDefault/list-entry.phtml
index 9713dace5c87c7ada410e252cd273c4b8087e4d3..c2acdf7c1a7e3b4859e07d67030991346d3570cf 100644
--- a/themes/blueprint/templates/RecordDriver/SolrDefault/list-entry.phtml
+++ b/themes/blueprint/templates/RecordDriver/SolrDefault/list-entry.phtml
@@ -10,11 +10,11 @@
$user_id = $this->user ? $this->user->id : null;
}
?>
-<div class="listentry recordId source<?=$this->escapeHtml($source)?><?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>" id="record<?=$this->escapeHtml($id)?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
+<div class="listentry recordId source<?=$this->escapeHtmlAttr($source)?><?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>" id="record<?=$this->escapeHtmlAttr($id)?>">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
<div class="span-2">
<? if ($listThumb = $this->record($this->driver)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($listThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($listThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -91,7 +91,7 @@
<? endif; ?>
<? if (!is_array($urls)) $urls = array(); foreach ($urls as $current): ?>
<br/>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
<? endforeach; ?>
<? endif; ?>
@@ -114,7 +114,7 @@
: $this->url('userList', array('id' => $list_id));
$deleteUrl .= '?delete=' . urlencode($id) . '&source=' . urlencode($source);
?>
- <a href="<?=$deleteUrl?>" title="<?=$this->transEsc('confirm_delete_brief')?>" class="delete tool source<?=$this->escapeHtml($source)?>"><?=$this->transEsc('Delete')?></a>
+ <a href="<?=$deleteUrl?>" title="<?=$this->transEsc('confirm_delete_brief')?>" class="delete tool source<?=$this->escapeHtmlAttr($source)?>"><?=$this->transEsc('Delete')?></a>
</div>
<? endif; ?>
diff --git a/themes/blueprint/templates/RecordDriver/SolrDefault/result-grid.phtml b/themes/blueprint/templates/RecordDriver/SolrDefault/result-grid.phtml
index 8f9552dbfe6f1f2b542b565e62d4a89657eaad3c..5031504dbf7d265a36e14ce0926d2547cae47d9f 100644
--- a/themes/blueprint/templates/RecordDriver/SolrDefault/result-grid.phtml
+++ b/themes/blueprint/templates/RecordDriver/SolrDefault/result-grid.phtml
@@ -1,11 +1,11 @@
-<div class="gridRecordBox source<?=$this->escapeHtml($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
+<div class="gridRecordBox source<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
<span class="gridImageBox">
<a href="<?=$this->recordLink()->getUrl($this->driver)?>">
<? if ($summThumb = $this->record($this->driver)->getThumbnail('large')): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="gridImage" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="gridImage" alt="<?=$this->transEsc('Cover Image')?>"/>
<? elseif ($summThumb = $this->record($this->driver)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="gridImage" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="gridImage" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="gridImage" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -36,7 +36,7 @@
<? if ($this->driver->replaceURLsWithOpenURL()) $urls = array(); // clear URL list if replace setting is active ?>
<? endif; ?>
<? if (!is_array($urls)) $urls = array(); foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
<br/>
<? endforeach; ?>
<? else: ?>
@@ -47,4 +47,4 @@
</div>
</div>
-<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtml($openUrl).'"></span>':''?>
+<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtmlAttr($openUrl).'"></span>':''?>
diff --git a/themes/blueprint/templates/RecordDriver/SolrDefault/result-list.phtml b/themes/blueprint/templates/RecordDriver/SolrDefault/result-list.phtml
index 64fa8682fcd0e3207439984208a3d23e17beff81..7a6126e06ad7b38f802800f99e5a209fc6a6a511 100644
--- a/themes/blueprint/templates/RecordDriver/SolrDefault/result-list.phtml
+++ b/themes/blueprint/templates/RecordDriver/SolrDefault/result-list.phtml
@@ -1,9 +1,9 @@
-<div class="result source<?=$this->escapeHtml($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
+<div class="result source<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
<div class="span-2">
<a href="<?=$this->recordLink()->getUrl($this->driver)?>">
<? if ($summThumb = $this->record($this->driver)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -126,7 +126,7 @@
<? endif; ?>
<? if (!is_array($urls)) $urls = array(); foreach ($urls as $current): ?>
<br/>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
<? endforeach; ?>
<? endif; ?>
@@ -148,9 +148,9 @@
// Add JS Variables for QrCode
$this->jsTranslations()->addStrings(array('qrcode_hide' => 'qrcode_hide', 'qrcode_show' => 'qrcode_show'));
?>
- <a href="<?=$this->escapeHtml($QRCode);?>" class="qrcodeLink"><?=$this->transEsc('qrcode_show')?></a>
+ <a href="<?=$this->escapeHtmlAttr($QRCode);?>" class="qrcodeLink"><?=$this->transEsc('qrcode_show')?></a>
<div class="qrcodeHolder">
- <img alt="<?=$this->transEsc('QR Code')?>" class="qrcode" src="<?=$this->escapeHtml($QRCode);?>"/>
+ <img alt="<?=$this->transEsc('QR Code')?>" class="qrcode" src="<?=$this->escapeHtmlAttr($QRCode);?>"/>
</div>
<? endif; ?>
@@ -166,7 +166,7 @@
<? $this->headScript()->appendFile('search_hierarchyTree.js'); ?>
<? foreach ($trees as $hierarchyID => $hierarchyTitle): ?>
<div class="hierarchyTreeLink">
- <input type="hidden" value="<?=$this->escapeHtml($hierarchyID)?>" class="hiddenHierarchyId" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($hierarchyID)?>" class="hiddenHierarchyId" />
<a class="hierarchyTreeLinkText" href="<?=$this->recordLink()->getTabUrl($this->driver, 'HierarchyTree')?>?hierarchy=<?=urlencode($hierarchyID)?>#tabnav" title="<?=$this->transEsc('hierarchy_tree')?>">
<?=$this->transEsc('hierarchy_view_context')?><? if (count($trees) > 1): ?>: <?=$this->escapeHtml($hierarchyTitle)?><? endif; ?>
</a>
@@ -178,4 +178,4 @@
<div class="clear"></div>
</div>
-<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtml($openUrl).'"></span>':''?>
+<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtmlAttr($openUrl).'"></span>':''?>
diff --git a/themes/blueprint/templates/RecordDriver/SolrDefault/toolbar.phtml b/themes/blueprint/templates/RecordDriver/SolrDefault/toolbar.phtml
index 21f4916fa76d3b121c55944e83fae74e60bc538f..59dfc5148fb11bd372273e8ed03b59094c98749d 100644
--- a/themes/blueprint/templates/RecordDriver/SolrDefault/toolbar.phtml
+++ b/themes/blueprint/templates/RecordDriver/SolrDefault/toolbar.phtml
@@ -22,7 +22,7 @@
<a href="<?=$this->recordLink()->getActionUrl($this->driver, 'Export')?>" class="export exportMenu"><?=$this->transEsc('Export Record')?></a>
<ul class="menu offscreen" id="exportMenu">
<? foreach ($exportFormats as $exportFormat): ?>
- <li><a <? if ($this->export()->needsRedirect($exportFormat)): ?>target="<?=$this->escapeHtml($exportFormat)?>Main" <? endif; ?>href="<?=$this->recordLink()->getActionUrl($this->driver, 'Export')?>?style=<?=$this->escapeHtml($exportFormat)?>"><?=$this->transEsc('Export to')?> <?=$this->escapeHtml($exportFormat)?></a></li>
+ <li><a <? if ($this->export()->needsRedirect($exportFormat)): ?>target="<?=$this->escapeHtmlAttr($exportFormat)?>Main" <? endif; ?>href="<?=$this->recordLink()->getActionUrl($this->driver, 'Export')?>?style=<?=$this->escapeHtmlAttr($exportFormat)?>"><?=$this->transEsc('Export to')?> <?=$this->escapeHtml($exportFormat)?></a></li>
<? endforeach; ?>
</ul>
</li>
@@ -40,7 +40,7 @@
<? if ($cart->isActive()): ?>
<div class="cartSummary">
<form method="post" name="addForm" action="<?=$this->url('cart-home')?>">
- <input id="cartId" type="hidden" name="ids[]" value="<?=$this->escapeHtml($cartId)?>" />
+ <input id="cartId" type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($cartId)?>" />
<noscript>
<? if ($cart->contains($cartId)): ?>
<input type="submit" class="button cart bookbagDelete" name="delete" value="<?=$this->transEsc('Remove from Book Bag')?>"/>
diff --git a/themes/blueprint/templates/RecordDriver/SolrWeb/result-list.phtml b/themes/blueprint/templates/RecordDriver/SolrWeb/result-list.phtml
index ddff0daa97f0bd071f90766507d2b4537b48c066..f9e9fc43193b3124261e067571e813e188286d0b 100644
--- a/themes/blueprint/templates/RecordDriver/SolrWeb/result-list.phtml
+++ b/themes/blueprint/templates/RecordDriver/SolrWeb/result-list.phtml
@@ -3,7 +3,7 @@
?>
<div class="listentry span-15">
<div class="resultItemLine1">
- <a href="<?=$this->escapeHtml($url)?>" class="title"><?
+ <a href="<?=$this->escapeHtmlAttr($url)?>" class="title"><?
$summHighlightedTitle = $this->driver->getHighlightedTitle();
$summTitle = $this->driver->getTitle();
if (!empty($summHighlightedTitle)) {
diff --git a/themes/blueprint/templates/RecordTab/hierarchytree.phtml b/themes/blueprint/templates/RecordTab/hierarchytree.phtml
index a6db5ac829a892f582f5a1eccb3ad3f3a1642ae8..97a95e437598300acc131d9508daf513e0b37586 100644
--- a/themes/blueprint/templates/RecordTab/hierarchytree.phtml
+++ b/themes/blueprint/templates/RecordTab/hierarchytree.phtml
@@ -43,8 +43,8 @@
<div id="treeSearchLimitReached"><?=$this->transEsc('tree_search_limit_reached_html', array('%%url%%' => $this->url('search-results'), '%%limit%%' => $this->tab->getSearchLimit()))?></div>
<? endif; ?>
<div id="hierarchyTree">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" class="hiddenRecordId" />
- <input type="hidden" value="<?=$this->escapeHtml($activeTree)?>" class="hiddenHierarchyId" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" class="hiddenRecordId" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($activeTree)?>" class="hiddenHierarchyId" />
<input type="hidden" value="<?=isset($this->treeContext) ? $this->treeContext : 'Record'?>" class="hiddenContext" />
<? if ($this->layout()->getTemplate() != 'layout/lightbox'): ?>
<noscript>
diff --git a/themes/blueprint/templates/RecordTab/holdingsils.phtml b/themes/blueprint/templates/RecordTab/holdingsils.phtml
index a720ed4de8239ba3c619ef6435a63924f08cac10..f8f5a2272904a0a3ecfc70a167d2ec1c1bc9b1c3 100644
--- a/themes/blueprint/templates/RecordTab/holdingsils.phtml
+++ b/themes/blueprint/templates/RecordTab/holdingsils.phtml
@@ -16,7 +16,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_holdings_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? endif; ?>
@@ -40,7 +40,7 @@
<h3><?=$this->transEsc("Internet")?></h3>
<? if (!empty($urls)): ?>
<? foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
<? endforeach; ?>
<? endif; ?>
<? if ($openUrl): ?><?=$this->openUrl($openUrl);?><? endif; ?>
@@ -120,13 +120,13 @@
<? endif; ?>
<? /* Embed item structured data: library, barcode, call number */ ?>
<? if ($row['location']): ?>
- <meta property="seller" content="<?=$this->escapeHtml($row['location'])?>" />
+ <meta property="seller" content="<?=$this->escapeHtmlAttr($row['location'])?>" />
<? endif; ?>
<? if ($row['barcode']): ?>
- <meta property="serialNumber" content="<?=$this->escapeHtml($row['barcode'])?>" />
+ <meta property="serialNumber" content="<?=$this->escapeHtmlAttr($row['barcode'])?>" />
<? endif; ?>
<? if ($row['callnumber']): ?>
- <meta property="sku" content="<?=$this->escapeHtml($row['callnumber'])?>" />
+ <meta property="sku" content="<?=$this->escapeHtmlAttr($row['callnumber'])?>" />
<? endif; ?>
<? /* Declare that the item is to be borrowed, not for sale */ ?>
<link property="businessFunction" href="http://purl.org/goodrelations/v1#LeaseOut" />
diff --git a/themes/blueprint/templates/RecordTab/holdingsworldcat.phtml b/themes/blueprint/templates/RecordTab/holdingsworldcat.phtml
index f5afadfa6fa7474b7bd7f5a2da09326f968e44ee..190e7f869c17312f53081dc2c26a27b440aefa2e 100644
--- a/themes/blueprint/templates/RecordTab/holdingsworldcat.phtml
+++ b/themes/blueprint/templates/RecordTab/holdingsworldcat.phtml
@@ -5,7 +5,7 @@
<tr>
<th colspan="2">
<? if (isset($holding->electronicAddress->text) && !empty($holding->electronicAddress->text)): ?>
- <a href="<?=$this->escapeHtml($holding->electronicAddress->text)?>"><?=$this->escapeHtml($holding->physicalLocation)?></a>
+ <a href="<?=$this->escapeHtmlAttr($holding->electronicAddress->text)?>"><?=$this->escapeHtml($holding->physicalLocation)?></a>
<? else: ?>
<?=$this->escapeHtml($holding->physicalLocation)?>
<? endif; ?>
diff --git a/themes/blueprint/templates/RecordTab/reviews.phtml b/themes/blueprint/templates/RecordTab/reviews.phtml
index 876bcfa52dbb338d47342311dff3fe46080233d6..6ed98cb845e8216eac0c67b55d2dcfc2a26a7878 100644
--- a/themes/blueprint/templates/RecordTab/reviews.phtml
+++ b/themes/blueprint/templates/RecordTab/reviews.phtml
@@ -26,7 +26,7 @@
<p class="summary">
<?=isset($review['Content']) ? $review['Content'] : ''?>
<? if ((!isset($review['Content']) || empty($review['Content'])) && isset($review['ReviewURL'])): ?>
- <a target="new" href="<?=$this->escapeHtml($review['ReviewURL'])?>"><?=$this->transEsc('Read the full review online...')?></a>
+ <a target="new" href="<?=$this->escapeHtmlAttr($review['ReviewURL'])?>"><?=$this->transEsc('Read the full review online...')?></a>
<? endif; ?>
</p>
<?=isset($review['Copyright']) ? $review['Copyright'] : ''?>
diff --git a/themes/blueprint/templates/RecordTab/usercomments.phtml b/themes/blueprint/templates/RecordTab/usercomments.phtml
index 4ca9a99b252fec3050ce0c8547afa919f3963fdc..c2e66973e8599ebaa682ae437fc290d9d41fb56b 100644
--- a/themes/blueprint/templates/RecordTab/usercomments.phtml
+++ b/themes/blueprint/templates/RecordTab/usercomments.phtml
@@ -7,8 +7,8 @@
</ul>
<form name="commentRecord" id="commentRecord" action="<?=$this->recordLink()->getActionUrl($this->driver, 'AddComment')?>" method="post">
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>"/>
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>"/>
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>"/>
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>"/>
<label for="comment" class="offscreen"><?=$this->transEsc("Your Comment")?>:</label>
<textarea id="comment" name="comment" rows="4" cols="50" class="<?=$this->jqueryValidation(array('required'=>'This field is required'))?>"></textarea>
<br/><br/>
diff --git a/themes/blueprint/templates/admin/tags/checkbox.phtml b/themes/blueprint/templates/admin/tags/checkbox.phtml
index 35067fbf4329bc346624e06c73074e6cd50a6c26..ee58b72a9e49efe10c83458a4a52bccce543361e 100644
--- a/themes/blueprint/templates/admin/tags/checkbox.phtml
+++ b/themes/blueprint/templates/admin/tags/checkbox.phtml
@@ -1,3 +1,3 @@
<label for="<?=$this->prefix?>checkbox_<?=$this->tag['id']?>" class="offscreen"><?=$this->transEsc('Select this tag')?></label>
-<input id="<?=$this->prefix?>checkbox_<?=$this->tag['id']?>" type="checkbox" name="ids[]" value="<?=$this->escapeHtml($this->tag['id'])?>" class="checkbox_ui"/>
-<input type="hidden" name="idsAll[]" value="<?=$this->escapeHtml($this->tag['id'])?>" />
+<input id="<?=$this->prefix?>checkbox_<?=$this->tag['id']?>" type="checkbox" name="ids[]" value="<?=$this->escapeHtmlAttr($this->tag['id'])?>" class="checkbox_ui"/>
+<input type="hidden" name="idsAll[]" value="<?=$this->escapeHtmlAttr($this->tag['id'])?>" />
diff --git a/themes/blueprint/templates/ajax/export-favorites.phtml b/themes/blueprint/templates/ajax/export-favorites.phtml
index f1c079cc620b604e5b2bc1976f940ec8c7116aea..93fb0270e378d3a8addd445811a51e0d7b574832 100644
--- a/themes/blueprint/templates/ajax/export-favorites.phtml
+++ b/themes/blueprint/templates/ajax/export-favorites.phtml
@@ -1,5 +1,5 @@
<p>
- <a class="save" onclick="hideLightbox();" href="<?=$this->escapeHtml($this->url)?>"<?=$this->export()->needsRedirect($this->format) ? ' target="_blank"' : ''?>><?=
+ <a class="save" onclick="hideLightbox();" href="<?=$this->escapeHtmlAttr($this->url)?>"<?=$this->export()->needsRedirect($this->format) ? ' target="_blank"' : ''?>><?=
$this->export()->needsRedirect($this->format)
? $this->transEsc('export_redirect', array('%%service%%' => $this->translate($this->format)))
: $this->transEsc('export_download')
diff --git a/themes/blueprint/templates/ajax/resolverLinks.phtml b/themes/blueprint/templates/ajax/resolverLinks.phtml
index 3f0f3f9622b9c28be84d97ebff45d00f3bf90b59..45e4b8176aea91a331201d513cbebfda8040f92d 100644
--- a/themes/blueprint/templates/ajax/resolverLinks.phtml
+++ b/themes/blueprint/templates/ajax/resolverLinks.phtml
@@ -6,7 +6,7 @@
<? foreach ($this->electronic as $link): ?>
<li>
<? if (isset($link['href']) && !empty($link['href'])): ?>
- <a href="<?=$this->escapeHtml($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtml($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
+ <a href="<?=$this->escapeHtmlAttr($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtmlAttr($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
<? else: ?>
<?=isset($link['title'])?$this->escapeHtml($link['title']):''?> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
<? endif; ?>
@@ -22,7 +22,7 @@
<? foreach ($this->print as $link): ?>
<li>
<? if (isset($link['href']) && !empty($link['href'])): ?>
- <a href="<?=$this->escapeHtml($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtml($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
+ <a href="<?=$this->escapeHtmlAttr($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtmlAttr($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
<? else: ?>
<?=isset($link['title'])?$this->escapeHtml($link['title']):''?> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
<? endif; ?>
@@ -32,13 +32,13 @@
</div>
<? endif; ?>
<div class="openurls">
- <strong><a href="<?=$this->escapeHtml($this->openUrlBase)?>?<?=$this->escapeHtml($this->openUrl)?>"><?=$this->transEsc('More options')?></a></strong>
+ <strong><a href="<?=$this->escapeHtmlAttr($this->openUrlBase)?>?<?=$this->escapeHtmlAttr($this->openUrl)?>"><?=$this->transEsc('More options')?></a></strong>
<? if (!empty($this->services)): ?>
<ul>
<? foreach ($this->services as $link): ?>
<? if (isset($link['href']) && !empty($link['href'])): ?>
<li>
- <a href="<?=$this->escapeHtml($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtml($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a>
+ <a href="<?=$this->escapeHtmlAttr($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtmlAttr($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a>
</li>
<? endif; ?>
<? endforeach; ?>
diff --git a/themes/blueprint/templates/ajax/resultgooglemapinfo.phtml b/themes/blueprint/templates/ajax/resultgooglemapinfo.phtml
index 2a52b4d14eefa68257f3619ac060c26b91d2a80b..27fc94d18f726d9fa93be161abdd9e0a3a0139ec 100644
--- a/themes/blueprint/templates/ajax/resultgooglemapinfo.phtml
+++ b/themes/blueprint/templates/ajax/resultgooglemapinfo.phtml
@@ -6,7 +6,7 @@
<? $i++; ?>
<div class="mapInfoResult <? if ($i % 2 == 0): ?>alt <? endif; ?>record<?=$i ?>">
<div class="mapInfoResultThumb">
- <? if ($thumb = $this->record($record)->getThumbnail()): ?><img class="mapInfoResultThumbImg" src="<?=$this->escapeHtml($thumb) ?>" style="display:block"/><? endif; ?>
+ <? if ($thumb = $this->record($record)->getThumbnail()): ?><img class="mapInfoResultThumbImg" src="<?=$this->escapeHtmlAttr($thumb) ?>" style="display:block"/><? endif; ?>
</div>
<div class="mapInfoResultText">
diff --git a/themes/blueprint/templates/alphabrowse/home.phtml b/themes/blueprint/templates/alphabrowse/home.phtml
index ca05bc03c108e13d0efc2056b4f33a2c8c09d841..d0a304aa25ccbb0970af5241ed1f361052f628b1 100644
--- a/themes/blueprint/templates/alphabrowse/home.phtml
+++ b/themes/blueprint/templates/alphabrowse/home.phtml
@@ -8,11 +8,11 @@
<? ob_start(); ?>
<div class="alphaBrowsePageLinks">
<? if (isset($this->prevpage)): ?>
- <div class="alphaBrowsePrevLink"><a href="<?=$this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->prevpage))))?>">« <?=$this->transEsc('Prev')?></a></div>
+ <div class="alphaBrowsePrevLink"><a href="<?=$this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->prevpage))))?>">« <?=$this->transEsc('Prev')?></a></div>
<? endif; ?>
<? if (isset($this->nextpage)): ?>
- <div class="alphaBrowseNextLink"><a href="<?=$this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->nextpage))))?>"><?=$this->transEsc('Next')?> »</a></div>
+ <div class="alphaBrowseNextLink"><a href="<?=$this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->nextpage))))?>"><?=$this->transEsc('Next')?> »</a></div>
<? endif; ?>
<div class="clear"></div>
</div>
@@ -25,11 +25,11 @@
<label for="alphaBrowseForm_source"><?=$this->transEsc('Browse Alphabetically') ?></label>
<select id="alphaBrowseForm_source" name="source">
<? foreach ($this->alphaBrowseTypes as $key => $item): ?>
- <option value="<?=$this->escapeHtml($key) ?>"<? if ($this->source == $key): ?> selected="selected"<? endif; ?>><?=$this->transEsc($item) ?></option>
+ <option value="<?=$this->escapeHtmlAttr($key) ?>"<? if ($this->source == $key): ?> selected="selected"<? endif; ?>><?=$this->transEsc($item) ?></option>
<? endforeach; ?>
</select>
<label for="alphaBrowseForm_from"><?=$this->transEsc('starting from') ?></label>
- <input type="text" name="from" id="alphaBrowseForm_from" value="<?=$this->escapeHtml($this->from) ?>"/>
+ <input type="text" name="from" id="alphaBrowseForm_from" value="<?=$this->escapeHtmlAttr($this->from) ?>"/>
<input type="submit" value="<?=$this->transEsc('Browse') ?>"/>
</form>
</div>
@@ -40,8 +40,8 @@
<div class="alphaBrowseHeader"><?=$this->transEsc("alphabrowse_matches") ?></div>
<? foreach ($this->result['Browse']['items'] as $i => $item): ?>
- <div class="alphaBrowseEntry<? if ($i%2==1): echo ' alt'; endif; ?> alphaBrowseSource_<?=$this->escapeHtml($this->source)?>">
- <div class="alphaBrowseHeading alphaBrowseHeading_<?=$this->escapeHtml($this->source)?>">
+ <div class="alphaBrowseEntry<? if ($i%2==1): echo ' alt'; endif; ?> alphaBrowseSource_<?=$this->escapeHtmlAttr($this->source)?>">
+ <div class="alphaBrowseHeading alphaBrowseHeading_<?=$this->escapeHtmlAttr($this->source)?>">
<? if ($item['count'] > 0): ?>
<?/* linking using bib ids is generally more reliable than
doing searches for headings, but headings give shorter
@@ -51,7 +51,7 @@
<? else: ?>
<? $query = array('type' => ucwords($this->source) . 'Browse', 'lookfor' => '"' . addcslashes($item['heading'], '"') . '"'); ?>
<? endif; ?>
- <a href="<?=$this->escapeHtml($this->url('search-results', array(), array('query' => $query)))?>"><?=$this->escapeHtml($item['heading'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($this->url('search-results', array(), array('query' => $query)))?>"><?=$this->escapeHtml($item['heading'])?></a>
<? else: ?>
<?=$this->escapeHtml($item['heading'])?>
<? endif; ?>
@@ -78,7 +78,7 @@
<div class="title"><?=$this->transEsc('Use instead') ?>:</div>
<ul>
<? foreach ($item['useInstead'] as $heading): ?>
- <li><a href="<?=$this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => array('from' => $heading) + $baseQuery)))?>"><?=$this->escapeHtml($heading)?></a></li>
+ <li><a href="<?=$this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => array('from' => $heading) + $baseQuery)))?>"><?=$this->escapeHtml($heading)?></a></li>
<? endforeach; ?>
</ul>
</div>
@@ -89,7 +89,7 @@
<div class="title"><?=$this->transEsc('See also') ?>:</div>
<ul>
<? foreach ($item['seeAlso'] as $heading): ?>
- <li><a href="<?=$this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => array('from' => $heading) + $baseQuery)))?>"><?=$this->escapeHtml($heading)?></a></li>
+ <li><a href="<?=$this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => array('from' => $heading) + $baseQuery)))?>"><?=$this->escapeHtml($heading)?></a></li>
<? endforeach; ?>
</ul>
</div>
diff --git a/themes/blueprint/templates/cart/email.phtml b/themes/blueprint/templates/cart/email.phtml
index 190532c02ad9fc61ccdac4531be70887c97241b2..33f8ca5d0bacbbd8cd6869738f9323728ed864e6 100644
--- a/themes/blueprint/templates/cart/email.phtml
+++ b/themes/blueprint/templates/cart/email.phtml
@@ -10,7 +10,7 @@
<form action="<?=$this->url('cart-email')?>" method="post" name="bulkEmail">
<? foreach ($this->records as $current): ?>
<strong><?=$this->transEsc('Title')?>:</strong> <?=$this->escapeHtml($current->getBreadcrumb())?><br />
- <input type="hidden" name="ids[]" value="<?=$this->escapeHtml($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
+ <input type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
<? endforeach; ?>
<br />
<label class="displayBlock" for="email_to"><?=$this->transEsc('To')?>:</label>
diff --git a/themes/blueprint/templates/cart/export-success.phtml b/themes/blueprint/templates/cart/export-success.phtml
index 64efeba9798c6a1e1d78c967958e093eaefcedfd..86854934c1d9b0d36649ea240dad2278250f3271 100644
--- a/themes/blueprint/templates/cart/export-success.phtml
+++ b/themes/blueprint/templates/cart/export-success.phtml
@@ -1,2 +1,2 @@
<?=$this->transEsc('export_success')?>
-<a href="<?=$this->escapeHtml($this->url)?>" class="save"><?=$this->transEsc('export_download')?></a>
+<a href="<?=$this->escapeHtmlAttr($this->url)?>" class="save"><?=$this->transEsc('export_download')?></a>
diff --git a/themes/blueprint/templates/cart/export.phtml b/themes/blueprint/templates/cart/export.phtml
index 7080ec6b5e1e3cd8577a90f9ea78aba756bcb1ff..6c5da4a54b3bb3e9e4212412b22d0f500aef366e 100644
--- a/themes/blueprint/templates/cart/export.phtml
+++ b/themes/blueprint/templates/cart/export.phtml
@@ -14,13 +14,13 @@
<form method="post" action="<?=$this->url('cart-export')?>" name="exportForm" title="<?=$this->transEsc('Export Items')?>">
<? foreach ($this->records as $current): ?>
<strong><?=$this->transEsc('Title')?>:</strong> <?=$this->escapeHtml($current->getBreadcrumb())?><br />
- <input type="hidden" name="ids[]" value="<?=$this->escapeHtml($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
+ <input type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
<? endforeach; ?>
<br />
<label for="format"><?=$this->transEsc('Format')?>:</label>
<select name="format" id="format">
<? foreach ($this->exportOptions as $exportOption): ?>
- <option value="<?=$this->escapeHtml($exportOption)?>"><?=$this->transEsc($exportOption)?></option>
+ <option value="<?=$this->escapeHtmlAttr($exportOption)?>"><?=$this->transEsc($exportOption)?></option>
<? endforeach; ?>
</select>
<br/>
diff --git a/themes/blueprint/templates/cart/save.phtml b/themes/blueprint/templates/cart/save.phtml
index e138ded47e4a877444038b724883456fb7cb7470..7af76db68d9e17d8ab57a519186f5e9a1926070a 100644
--- a/themes/blueprint/templates/cart/save.phtml
+++ b/themes/blueprint/templates/cart/save.phtml
@@ -15,7 +15,7 @@
<? foreach ($this->records as $current): ?>
<? $idParams[] = urlencode('ids[]') . '=' . urlencode($current->getResourceSource() . '|' . $current->getUniqueId()) ?>
<strong><?=$this->transEsc('Title')?>:</strong> <?=$this->escapeHtml($current->getBreadcrumb())?><br />
- <input type="hidden" name="ids[]" value="<?=$this->escapeHtml($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
+ <input type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
<? endforeach; ?>
<label class="displayBlock" for="save_list"><?=$this->transEsc('Choose a List') ?></label>
diff --git a/themes/blueprint/templates/collection/view.phtml b/themes/blueprint/templates/collection/view.phtml
index 9d7b7a09e44b86db6fdc9b1db42e34c2a692bd70..0d1de2dfbf30a4db7c825fd1a762bdcfa2778055 100644
--- a/themes/blueprint/templates/collection/view.phtml
+++ b/themes/blueprint/templates/collection/view.phtml
@@ -19,8 +19,8 @@
<div class="<?=$tree ? 'span-23' : $this->layoutClass('mainbody')?>">
<?=$this->record($this->driver)->getToolbar()?>
- <div class="record recordId source<?=$this->escapeHtml($this->driver->getResourceSource())?>" id="record">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" class="hiddenId" id="record_id" />
+ <div class="record recordId source<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" id="record">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" class="hiddenId" id="record_id" />
<?=$this->flashmessages()?>
<? if (isset($this->scrollData) && ($this->scrollData['previousRecord'] || $this->scrollData['nextRecord'])): ?>
<div class="resultscroller">
@@ -58,7 +58,7 @@
<?=isset($activeTabObj) ? $this->record($this->driver)->getTab($activeTabObj) : '' ?>
</div>
- <span class="Z3988" title="<?=$this->escapeHtml($this->driver->getOpenURL())?>"></span>
+ <span class="Z3988" title="<?=$this->escapeHtmlAttr($this->driver->getOpenURL())?>"></span>
</div>
<? if (!$tree): ?>
diff --git a/themes/blueprint/templates/collections/home.phtml b/themes/blueprint/templates/collections/home.phtml
index 9d388c1ed85ae0937bacb969683cad81d34c7460..f2004f32abdc884eca1dc78d9efafba97ffff668 100644
--- a/themes/blueprint/templates/collections/home.phtml
+++ b/themes/blueprint/templates/collections/home.phtml
@@ -12,10 +12,10 @@
<? ob_start(); ?>
<div class="alphaBrowsePageLinks">
<? if (isset($prevpage)): ?>
- <div class="alphaBrowsePrevLink"><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($from)?>&page=<?=urlencode($prevpage)?><?=$this->escapeHtml($filterString)?>">« <?=$this->transEsc('Prev')?></a></div>
+ <div class="alphaBrowsePrevLink"><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($from)?>&page=<?=urlencode($prevpage)?><?=$this->escapeHtmlAttr($filterString)?>">« <?=$this->transEsc('Prev')?></a></div>
<? endif; ?>
<? if (isset($nextpage)): ?>
- <div class="alphaBrowseNextLink"><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($from)?>&page=<?=urlencode($nextpage)?><?=$this->escapeHtml($filterString)?>"><?=$this->transEsc('Next')?> »</a></div>
+ <div class="alphaBrowseNextLink"><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($from)?>&page=<?=urlencode($nextpage)?><?=$this->escapeHtmlAttr($filterString)?>"><?=$this->transEsc('Next')?> »</a></div>
<? endif; ?>
<div class="clear"></div>
</div>
@@ -34,22 +34,22 @@
}
}
?>
- <a href="<?=$this->escapeHtml($removalUrl)?>"><img src="<?=$this->imageLink('silk/delete.png')?>" alt="Delete"/></a>
- <a href="<?=$this->escapeHtml($removalUrl)?>"><?=$this->escapeHtml($filter['displayText'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($removalUrl)?>"><img src="<?=$this->imageLink('silk/delete.png')?>" alt="Delete"/></a>
+ <a href="<?=$this->escapeHtmlAttr($removalUrl)?>"><?=$this->escapeHtml($filter['displayText'])?></a>
</li>
<? endforeach; ?>
</ul>
<? endif; ?>
<div class="browseAlphabetSelector">
<? foreach ($letters as $letter): ?>
- <div class="browseAlphabetSelectorItem"><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($letter)?><?=$this->escapeHtml($filterString)?>"><?=$this->escapeHtml($letter)?></a></div>
+ <div class="browseAlphabetSelectorItem"><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($letter)?><?=$this->escapeHtmlAttr($filterString)?>"><?=$this->escapeHtml($letter)?></a></div>
<? endforeach; ?>
</div>
<div class="browseJumpTo">
<form method="GET" action="<?=$this->url('collections-home')?>" class="browseForm">
<input type="submit" value="<?=$this->transEsc('Jump to')?>" />
- <input type="text" name="from" value="<?=$this->escapeHtml($from)?>" />
+ <input type="text" name="from" value="<?=$this->escapeHtmlAttr($from)?>" />
</form>
</div>
diff --git a/themes/blueprint/templates/confirm/confirm.phtml b/themes/blueprint/templates/confirm/confirm.phtml
index 7e814bb5e58b134392e238e1d355f97e86eb7ac8..6731c009c405af57f914e157f3e58df6fcc60f17 100644
--- a/themes/blueprint/templates/confirm/confirm.phtml
+++ b/themes/blueprint/templates/confirm/confirm.phtml
@@ -4,21 +4,21 @@
<?=$this->flashmessages();?>
<div id="popupDetails" class="confirmDialog">
- <form action="<?=$this->escapeHtml($this->confirm)?>" method="post">
+ <form action="<?=$this->escapeHtmlAttr($this->confirm)?>" method="post">
<? if (isset($this->extras)): ?>
<? foreach ($this->extras as $extra=>$value): ?>
<? if (is_array($value)): ?>
<? foreach ($value as $current): ?>
- <input type="hidden" name="<?=$this->escapeHtml($extra) ?>[]" value="<?=$this->escapeHtml($current) ?>" />
+ <input type="hidden" name="<?=$this->escapeHtmlAttr($extra) ?>[]" value="<?=$this->escapeHtmlAttr($current) ?>" />
<? endforeach; ?>
<? else: ?>
- <input type="hidden" name="<?=$this->escapeHtml($extra) ?>" value="<?=$this->escapeHtml($value) ?>" />
+ <input type="hidden" name="<?=$this->escapeHtmlAttr($extra) ?>" value="<?=$this->escapeHtmlAttr($value) ?>" />
<? endif; ?>
<? endforeach; ?>
<? endif;?>
<input type="submit" name="confirm" value="<?=$this->transEsc('confirm_dialog_yes') ?>" />
</form>
- <form action="<?=$this->escapeHtml($this->cancel) ?>" method="post">
+ <form action="<?=$this->escapeHtmlAttr($this->cancel) ?>" method="post">
<input type="submit" name="cancel" value="<?=$this->transEsc('confirm_dialog_no') ?>" />
</form>
<div class="clearer"></div>
diff --git a/themes/blueprint/templates/error/index.phtml b/themes/blueprint/templates/error/index.phtml
index 346120b6cc4c16ea4fa7471d1454f2516b1df7c7..56cc0eebd6a7f8b392cfb31fd5c19dc8e534a904 100644
--- a/themes/blueprint/templates/error/index.phtml
+++ b/themes/blueprint/templates/error/index.phtml
@@ -8,7 +8,7 @@
<p>
<?=$this->transEsc('Please contact the Library Reference Department for assistance')?>
<br/>
- <? $supportEmail = $this->escapeHtml($this->systememail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systememail()); ?>
<a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a>
</p>
</div>
diff --git a/themes/blueprint/templates/header.phtml b/themes/blueprint/templates/header.phtml
index 556846dbfb04154a420bdc3cf9f9c79f53a7ddbb..52bba0e2114885353710158df78d195e10373e40 100644
--- a/themes/blueprint/templates/header.phtml
+++ b/themes/blueprint/templates/header.phtml
@@ -26,7 +26,7 @@
<label for="themeForm_ui"><?=$this->transEsc("Theme")?>:</label>
<select id="themeForm_ui" name="ui" class="jumpMenu">
<? foreach ($this->layout()->themeOptions as $current): ?>
- <option value="<?=$this->escapeHtml($current['name'])?>"<?=$current['selected'] ? ' selected="selected"' : ''?>><?=$this->transEsc($current['desc'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($current['name'])?>"<?=$current['selected'] ? ' selected="selected"' : ''?>><?=$this->transEsc($current['desc'])?></option>
<? endforeach; ?>
</select>
<noscript><input type="submit" value="<?=$this->transEsc("Set")?>" /></noscript>
diff --git a/themes/blueprint/templates/install/fixdatabase.phtml b/themes/blueprint/templates/install/fixdatabase.phtml
index c03ba347db4cfbbcef160f70eaf5c14779be37b0..ed5d0896d44ce64fdcab713db7729ce607ddaeff 100644
--- a/themes/blueprint/templates/install/fixdatabase.phtml
+++ b/themes/blueprint/templates/install/fixdatabase.phtml
@@ -15,12 +15,12 @@
<table>
<tbody>
<tr><td>Select database type: </td><td><select name="driver"><option value="mysql">MySQL</option><option <? if ($driver == 'pgsql'): ?>selected="selected" <? endif; ?>value="pgsql">PostgreSQL</option></select></td></tr>
- <tr><td>New database name: </td><td><input type="text" name="dbname" value="<?=$this->escapeHtml($this->dbname)?>"/></td></tr>
- <tr><td>New database user: </td><td><input type="text" name="dbuser" value="<?=$this->escapeHtml($this->dbuser)?>"/></td></tr>
+ <tr><td>New database name: </td><td><input type="text" name="dbname" value="<?=$this->escapeHtmlAttr($this->dbname)?>"/></td></tr>
+ <tr><td>New database user: </td><td><input type="text" name="dbuser" value="<?=$this->escapeHtmlAttr($this->dbuser)?>"/></td></tr>
<tr><td>New user password: </td><td><input type="password" name="dbpass" value=""/></td></tr>
<tr><td>Confirm new user password: </td><td><input type="password" name="dbpassconfirm" value=""/></td></tr>
- <tr><td>SQL Host: </td><td><input type="text" name="dbhost" value="<?=$this->escapeHtml($this->dbhost)?>"/></td></tr>
- <tr><td>SQL Root User: </td><td><input type="text" name="dbrootuser" value="<?=$this->escapeHtml($this->dbrootuser)?>"/></td></tr>
+ <tr><td>SQL Host: </td><td><input type="text" name="dbhost" value="<?=$this->escapeHtmlAttr($this->dbhost)?>"/></td></tr>
+ <tr><td>SQL Root User: </td><td><input type="text" name="dbrootuser" value="<?=$this->escapeHtmlAttr($this->dbrootuser)?>"/></td></tr>
<tr><td>SQL Root Password: </td><td><input type="password" name="dbrootpass" value=""/></td></tr>
<tr><td width="50%"></td><td><input type="submit" name="submit" value="<?=$this->transEsc('Submit') ?>" /></td></tr>
<tr><td>If you don't have the credentials or you wish to print the SQL out :</td><td>Click here to <input type="submit" name="printsql" value="Skip" /> credentials.</td></tr>
diff --git a/themes/blueprint/templates/install/fixils.phtml b/themes/blueprint/templates/install/fixils.phtml
index 89db3d57d628e762a65b8158b0570c455eebcc4d..0897324422eebc0d25f8d62835a4ab13717c1245 100644
--- a/themes/blueprint/templates/install/fixils.phtml
+++ b/themes/blueprint/templates/install/fixils.phtml
@@ -16,7 +16,7 @@
Pick a driver:
<select name="driver">
<? foreach ($this->drivers as $driver): ?>
- <option value="<?=$this->escapeHtml($driver)?>"><?=$this->escapeHtml($driver)?></option>
+ <option value="<?=$this->escapeHtmlAttr($driver)?>"><?=$this->escapeHtml($driver)?></option>
<? endforeach; ?>
</select>
<input type="submit"/>
diff --git a/themes/blueprint/templates/install/fixsolr.phtml b/themes/blueprint/templates/install/fixsolr.phtml
index 80f9336273652a5abafdaf610eb8c412bba578a4..6e6c7e7be77d4da4a2aa4a9559a681f533c9a500 100644
--- a/themes/blueprint/templates/install/fixsolr.phtml
+++ b/themes/blueprint/templates/install/fixsolr.phtml
@@ -13,6 +13,6 @@
<ol>
<li>Did you start the Solr server? See <a href="http://vufind.org/wiki/starting_and_stopping_vufind">Starting and Stopping VuFind</a> in the documentation.</li>
- <li>Have you checked the Solr admin panel for errors? You may be able to find it <a href="<?=$this->escapeHtml($this->userUrl)?>">here</a>.</li>
+ <li>Have you checked the Solr admin panel for errors? You may be able to find it <a href="<?=$this->escapeHtmlAttr($this->userUrl)?>">here</a>.</li>
<li>Are you using non-default Solr settings? If your Solr URL is not <strong><?=$this->escapeHtml($this->rawUrl)?></strong> or your core name is not <strong><?=$this->escapeHtml($this->core)?></strong>, you will need to customize the [Index] section of <?=$this->escapeHtml($this->configFile)?>.</li>
</ol>
\ No newline at end of file
diff --git a/themes/blueprint/templates/layout/layout.phtml b/themes/blueprint/templates/layout/layout.phtml
index 5ec2c3c5bb92a96d611245e96cee87c32bcf2f27..98e4bd09e93d561ae833cfb309a4bd1cae196109 100644
--- a/themes/blueprint/templates/layout/layout.phtml
+++ b/themes/blueprint/templates/layout/layout.phtml
@@ -74,7 +74,7 @@
</head>
<body>
<? if ($mobileViewLink = $this->mobileUrl()): // display 'return to mobile' link when applicable ?>
- <div class="mobileViewLink"><a href="<?=$this->escapeHtml($mobileViewLink)?>"><?=$this->transEsc("mobile_link")?></a></div>
+ <div class="mobileViewLink"><a href="<?=$this->escapeHtmlAttr($mobileViewLink)?>"><?=$this->transEsc("mobile_link")?></a></div>
<? endif; ?>
<div class="container">
<div class="header">
diff --git a/themes/blueprint/templates/myresearch/cataloglogin.phtml b/themes/blueprint/templates/myresearch/cataloglogin.phtml
index da71a03c08286bbc69ffaa6dfe28540de28b9bae..ddd308f2320f84e6fa260cd7831812b6393609c8 100644
--- a/themes/blueprint/templates/myresearch/cataloglogin.phtml
+++ b/themes/blueprint/templates/myresearch/cataloglogin.phtml
@@ -15,7 +15,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_login_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? else: ?>
diff --git a/themes/blueprint/templates/myresearch/checkedout.phtml b/themes/blueprint/templates/myresearch/checkedout.phtml
index f4ca98331fc6884a0b6ed9284ea7661136b48c41..87aedb53de7515352d17d45d1e17b5fd56c07fe1 100644
--- a/themes/blueprint/templates/myresearch/checkedout.phtml
+++ b/themes/blueprint/templates/myresearch/checkedout.phtml
@@ -31,14 +31,14 @@
<? if (isset($ilsDetails['renewable']) && $ilsDetails['renewable'] && isset($ilsDetails['renew_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $ilsDetails['renew_details']); ?>
<label for="checkbox_<?=$safeId?>" class="offscreen"><?=$this->transEsc("Select this record")?></label>
- <input type="checkbox" name="renewSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['renew_details'])?>" class="checkbox" style="margin-left: 0" id="checkbox_<?=$safeId?>" />
- <input type="hidden" name="renewAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['renew_details'])?>" />
+ <input type="checkbox" name="renewSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['renew_details'])?>" class="checkbox" style="margin-left: 0" id="checkbox_<?=$safeId?>" />
+ <input type="hidden" name="renewAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['renew_details'])?>" />
<? endif; ?>
<? endif; ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId())?>">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId())?>">
<div class="span-2">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -117,7 +117,7 @@
<div class="info"><?=$this->transEsc($ilsDetails['message'])?></div>
<? endif; ?>
<? if (isset($ilsDetails['renewable']) && $ilsDetails['renewable'] && isset($ilsDetails['renew_link'])): ?>
- <a href="<?=$this->escapeHtml($ilsDetails['renew_link'])?>"><?=$this->transEsc('renew_item')?></a>
+ <a href="<?=$this->escapeHtmlAttr($ilsDetails['renew_link'])?>"><?=$this->transEsc('renew_item')?></a>
<? endif; ?>
</div>
<div class="clear"></div>
diff --git a/themes/blueprint/templates/myresearch/delete.phtml b/themes/blueprint/templates/myresearch/delete.phtml
index f58a5c9ce4ac5cdbf8c3158af7e690ad90159ee5..4530871d0733aa7869870032dd2933f1dff4b338 100644
--- a/themes/blueprint/templates/myresearch/delete.phtml
+++ b/themes/blueprint/templates/myresearch/delete.phtml
@@ -14,8 +14,8 @@
<br />
<input class="submit" type="submit" name="submit" value="<?=$this->transEsc('Delete')?>"/>
<? foreach ($this->deleteIDS as $deleteID): ?>
- <input type="hidden" name="ids[]" value="<?=$this->escapeHtml($deleteID)?>" />
+ <input type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($deleteID)?>" />
<? endforeach; ?>
- <input type="hidden" name="listID" value="<?=$this->list?$this->escapeHtml($this->list->id):''?>" />
+ <input type="hidden" name="listID" value="<?=$this->list?$this->escapeHtmlAttr($this->list->id):''?>" />
</div>
</form>
\ No newline at end of file
diff --git a/themes/blueprint/templates/myresearch/edit.phtml b/themes/blueprint/templates/myresearch/edit.phtml
index 1c505bcbd2b148bb9fd1e360f03e1bc01256faac..8b53262c5f5faedbd903276487e84119991c8171 100644
--- a/themes/blueprint/templates/myresearch/edit.phtml
+++ b/themes/blueprint/templates/myresearch/edit.phtml
@@ -25,11 +25,11 @@
<? else: ?>
<? foreach ($this->savedData as $i=>$current): ?>
<strong><?=$this->transEsc('List') ?>: <?=$this->escapeHtml($current['listTitle'])?></strong>
- <a href="<?=$this->url('userList', array('id' => $current['listId'])) ?>?delete=<?=urlencode($this->driver->getUniqueId())?>&source=<?=urlencode($this->driver->getResourceSource())?>" id="<?=$this->escapeHtml($this->driver->getUniqueId())?>delete<?=$current['listId'] ?>" title="<?=$this->transEsc('confirm_delete')?>" class="holdCancel delete tool"></a>
+ <a href="<?=$this->url('userList', array('id' => $current['listId'])) ?>?delete=<?=urlencode($this->driver->getUniqueId())?>&source=<?=urlencode($this->driver->getResourceSource())?>" id="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>delete<?=$current['listId'] ?>" title="<?=$this->transEsc('confirm_delete')?>" class="holdCancel delete tool"></a>
<input type="hidden" name="lists[]" value="<?=$current['listId'] ?>"/>
<? if ($this->usertags()->getMode() !== 'disabled'): ?>
<label class="displayBlock" for="edit_tags<?=$current['listId'] ?>"><?=$this->transEsc('Tags') ?>:</label>
- <input id="edit_tags<?=$current['listId'] ?>" type="text" name="tags<?=$current['listId'] ?>" value="<?=$this->escapeHtml($current['tags'])?>" size="50"/>
+ <input id="edit_tags<?=$current['listId'] ?>" type="text" name="tags<?=$current['listId'] ?>" value="<?=$this->escapeHtmlAttr($current['tags'])?>" size="50"/>
<? endif; ?>
<label class="displayBlock" for="edit_notes<?=$current['listId'] ?>"><?=$this->transEsc('Notes') ?>:</label>
<textarea id="edit_notes<?=$current['listId'] ?>" class="displayBlock" name="notes<?=$current['listId'] ?>" rows="3" cols="50"><?=$this->escapeHtml($current['notes'])?></textarea>
diff --git a/themes/blueprint/templates/myresearch/holds.phtml b/themes/blueprint/templates/myresearch/holds.phtml
index 9e2f4930aa43b795839c5e3ce607fd925de9421a..34d6c2be38b601a8c865bb9b67d408bd4c456443 100644
--- a/themes/blueprint/templates/myresearch/holds.phtml
+++ b/themes/blueprint/templates/myresearch/holds.phtml
@@ -34,13 +34,13 @@
<? if ($this->cancelForm && isset($ilsDetails['cancel_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $resource->getUniqueId()); ?>
<label for="checkbox_<?=$safeId?>" class="offscreen"><?=$this->transEsc("Select this record")?></label>
- <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" />
- <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" class="checkbox" style="margin-left:0;" id="checkbox_<?=$safeId?>" />
+ <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" />
+ <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" class="checkbox" style="margin-left:0;" id="checkbox_<?=$safeId?>" />
<? endif; ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId()) ?>">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId()) ?>">
<div class="span-2">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -126,7 +126,7 @@
<p><strong><?=$this->transEsc("hold_queue_position") ?>:</strong> <?=$this->escapeHtml($ilsDetails['position']) ?></p>
<? endif; ?>
<? if (isset($ilsDetails['cancel_link'])): ?>
- <p><a href="<?=$this->escapeHtml($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("hold_cancel") ?></a></p>
+ <p><a href="<?=$this->escapeHtmlAttr($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("hold_cancel") ?></a></p>
<? endif; ?>
</div>
diff --git a/themes/blueprint/templates/myresearch/illrequests.phtml b/themes/blueprint/templates/myresearch/illrequests.phtml
index 0abf98321322b3bc83b73deaa9952c9e9424709a..6180be3e6b5967f465a8afd3792a9083c13bc1dc 100644
--- a/themes/blueprint/templates/myresearch/illrequests.phtml
+++ b/themes/blueprint/templates/myresearch/illrequests.phtml
@@ -34,13 +34,13 @@
<? if ($this->cancelForm && isset($ilsDetails['cancel_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $resource->getUniqueId()); ?>
<label for="checkbox_<?=$safeId?>" class="offscreen"><?=$this->transEsc("Select this record")?></label>
- <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" />
- <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" class="checkbox" style="margin-left:0;" id="checkbox_<?=$safeId?>" />
+ <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" />
+ <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" class="checkbox" style="margin-left:0;" id="checkbox_<?=$safeId?>" />
<? endif; ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId()) ?>">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId()) ?>">
<div class="span-2">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -135,7 +135,7 @@
<div class="info"><?=$this->transEsc("ill_request_canceled") . (is_string($ilsDetails['canceled']) ? ': ' . $ilsDetails['canceled'] : '') ?></div>
<? endif; ?>
<? if (isset($ilsDetails['cancel_link'])): ?>
- <p><a href="<?=$this->escapeHtml($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("ill_request_cancel") ?></a></p>
+ <p><a href="<?=$this->escapeHtmlAttr($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("ill_request_cancel") ?></a></p>
<? endif; ?>
</div>
diff --git a/themes/blueprint/templates/myresearch/login.phtml b/themes/blueprint/templates/myresearch/login.phtml
index c3a72bc034f8105a1dd4034a3456ab316193f928..9f893a08690b6739ad7eae61642b8228a1ba9b9f 100644
--- a/themes/blueprint/templates/myresearch/login.phtml
+++ b/themes/blueprint/templates/myresearch/login.phtml
@@ -23,7 +23,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_login_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? endif; ?>
diff --git a/themes/blueprint/templates/myresearch/mylist.phtml b/themes/blueprint/templates/myresearch/mylist.phtml
index 6a7eb6cba1fc135c429178e16a67097d4a436fab..31cf0cf50b22b2366415f24dac0dd2726882e771 100644
--- a/themes/blueprint/templates/myresearch/mylist.phtml
+++ b/themes/blueprint/templates/myresearch/mylist.phtml
@@ -49,8 +49,8 @@
</div>
<form method="post" name="bulkActionForm" action="<?=$this->url('cart-myresearchbulk')?>">
<? if (isset($list)): ?>
- <input type="hidden" name="listID" value="<?=$this->escapeHtml($list->id)?>" />
- <input type="hidden" name="listName" value="<?=$this->escapeHtml($list->title)?>" />
+ <input type="hidden" name="listID" value="<?=$this->escapeHtmlAttr($list->id)?>" />
+ <input type="hidden" name="listName" value="<?=$this->escapeHtmlAttr($list->title)?>" />
<? endif; ?>
<?=$this->context($this)->renderInContext('myresearch/bulk-action-buttons.phtml', array('idPrefix' => '', 'list' => isset($list) ? $list : null))?>
<ul class="recordSet">
diff --git a/themes/blueprint/templates/myresearch/profile.phtml b/themes/blueprint/templates/myresearch/profile.phtml
index 4b4aa1cafc558f503ed4e6148e0fbacf34350426..63a413dcc3350b08f211aa261e7d7b630fdf1c4d 100644
--- a/themes/blueprint/templates/myresearch/profile.phtml
+++ b/themes/blueprint/templates/myresearch/profile.phtml
@@ -34,7 +34,7 @@
?>
<select id="home_library" name="home_library">
<? foreach ($this->pickup as $lib): ?>
- <option value="<?=$this->escapeHtml($lib['locationID'])?>"<?=($selected == $lib['locationID'])?' selected="selected"':''?>><?=$this->escapeHtml($lib['locationDisplay'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($lib['locationID'])?>"<?=($selected == $lib['locationID'])?' selected="selected"':''?>><?=$this->escapeHtml($lib['locationDisplay'])?></option>
<? endforeach; ?>
</select>
<br class="clear"/>
diff --git a/themes/blueprint/templates/myresearch/storageretrievalrequests.phtml b/themes/blueprint/templates/myresearch/storageretrievalrequests.phtml
index 8ebc07d2b42419a5e30e491f16879ece140c3200..9f99c4dbfecd9327699678af3678ffbc6a4b69a6 100644
--- a/themes/blueprint/templates/myresearch/storageretrievalrequests.phtml
+++ b/themes/blueprint/templates/myresearch/storageretrievalrequests.phtml
@@ -34,13 +34,13 @@
<? if ($this->cancelForm && isset($ilsDetails['cancel_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $resource->getUniqueId()); ?>
<label for="checkbox_<?=$safeId?>" class="offscreen"><?=$this->transEsc("Select this record")?></label>
- <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" />
- <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" class="checkbox" style="margin-left:0;" id="checkbox_<?=$safeId?>" />
+ <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" />
+ <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" class="checkbox" style="margin-left:0;" id="checkbox_<?=$safeId?>" />
<? endif; ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId()) ?>">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId()) ?>">
<div class="span-2">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -132,7 +132,7 @@
<div class="info"><?=$this->transEsc("storage_retrieval_request_canceled") . (is_string($ilsDetails['canceled']) ? ': ' . $ilsDetails['canceled'] : '') ?></div>
<? endif; ?>
<? if (isset($ilsDetails['cancel_link'])): ?>
- <p><a href="<?=$this->escapeHtml($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("storage_retrieval_request_cancel") ?></a></p>
+ <p><a href="<?=$this->escapeHtmlAttr($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("storage_retrieval_request_cancel") ?></a></p>
<? endif; ?>
</div>
diff --git a/themes/blueprint/templates/primo/advanced.phtml b/themes/blueprint/templates/primo/advanced.phtml
index 76cc2a399d90cdc6f6ec12ac51a980a63259c874..a9b3ebeac6dd3eb3d0fa8893b6e4493967e2788d 100644
--- a/themes/blueprint/templates/primo/advanced.phtml
+++ b/themes/blueprint/templates/primo/advanced.phtml
@@ -55,19 +55,19 @@
<div class="field">
<select id="search_type<?=$i?>_<?=$j?>" name="type<?=$i?>[]">
<? foreach ($this->options->getAdvancedHandlers() as $searchVal => $searchDesc): ?>
- <option value="<?=$this->escapeHtml($searchVal)?>"<?=($currRow && $currRow->getHandler() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
+ <option value="<?=$this->escapeHtmlAttr($searchVal)?>"<?=($currRow && $currRow->getHandler() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
<? endforeach; ?>
</select>
</div>
<div class="operators">
<select id="searchForm_op<?=$i?>_<?=$j?>" name="op<?=$i?>[]">
<? foreach ($this->options->getAdvancedOperators() as $searchVal => $searchDesc): ?>
- <option value="<?=$this->escapeHtml($searchVal)?>"<?=($currRow && $currRow->getOperator() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
+ <option value="<?=$this->escapeHtmlAttr($searchVal)?>"<?=($currRow && $currRow->getOperator() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
<? endforeach; ?>
</select>
</div>
<div class="terms">
- <input id="search_lookfor<?=$i?>_<?=$j?>" type="text" value="<?=$currRow?$this->escapeHtml($currRow->getString()):''?>" size=30" name="lookfor<?=$i?>[]"/>
+ <input id="search_lookfor<?=$i?>_<?=$j?>" type="text" value="<?=$currRow?$this->escapeHtmlAttr($currRow->getString()):''?>" size=30" name="lookfor<?=$i?>[]"/>
</div>
<span class="clearer"></span>
</div>
@@ -78,7 +78,7 @@
</div>
<? $lastSort = $this->options->getLastSort(); if (!empty($lastSort)): ?>
- <input type="hidden" name="sort" value="<?=$this->escapeHtml($lastSort)?>" />
+ <input type="hidden" name="sort" value="<?=$this->escapeHtmlAttr($lastSort)?>" />
<? endif; ?>
<input type="submit" name="submit" value="<?=$this->transEsc("Find")?>"/>
</div>
@@ -93,7 +93,7 @@
<h4><?=$this->transEsc($field)?></h4>
<ul>
<? foreach ($data as $value): ?>
- <li><input type="checkbox" checked="checked" name="filter[]" value='<?=$this->escapeHtml($value['field'])?>:"<?=$this->escapeHtml($value['value'])?>"' /> <?=$this->escapeHtml($value['displayText'])?></li>
+ <li><input type="checkbox" checked="checked" name="filter[]" value='<?=$this->escapeHtmlAttr($value['field'])?>:"<?=$this->escapeHtmlAttr($value['value'])?>"' /> <?=$this->escapeHtml($value['displayText'])?></li>
<? endforeach; ?>
</ul>
</div>
diff --git a/themes/blueprint/templates/record/addtag.phtml b/themes/blueprint/templates/record/addtag.phtml
index 2ef0671e80dbd754f950f1ee20f96fd141191837..221450ac0549060fc06791ae77993447ca58b505 100644
--- a/themes/blueprint/templates/record/addtag.phtml
+++ b/themes/blueprint/templates/record/addtag.phtml
@@ -10,8 +10,8 @@
<h1 class="hideinlightbox"><?=$this->transEsc('Add Tag')?></h1>
<form action="" method="post" name="tagRecord">
<input type="hidden" name="submit" value="1" />
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<label for="addtag_tag"><?=$this->transEsc("Tags")?>:</label>
<input id="addtag_tag" type="text" name="tag" value="" size="40" class="mainFocus <?=$this->jqueryValidation(array('required'=>'This field is required'))?>"/>
<p><?=$this->transEsc("add_tag_note")?></p>
diff --git a/themes/blueprint/templates/record/checkbox.phtml b/themes/blueprint/templates/record/checkbox.phtml
index 53a20ca3acb35bb5102ac8b775aff6b07d2c6b72..edf332c2ba4cfb6eb80abf661d18d17dbf24ccf5 100644
--- a/themes/blueprint/templates/record/checkbox.phtml
+++ b/themes/blueprint/templates/record/checkbox.phtml
@@ -1,3 +1,3 @@
<label for="<?=$this->prefix?>checkbox_<?=$this->count?>" class="offscreen"><?=$this->transEsc('Select this record')?></label>
-<input id="<?=$this->prefix?>checkbox_<?=$this->count?>" type="checkbox" name="ids[]" value="<?=$this->escapeHtml($this->id)?>" class="checkbox_ui"/>
-<input type="hidden" name="idsAll[]" value="<?=$this->escapeHtml($this->id)?>" />
\ No newline at end of file
+<input id="<?=$this->prefix?>checkbox_<?=$this->count?>" type="checkbox" name="ids[]" value="<?=$this->escapeHtmlAttr($this->id)?>" class="checkbox_ui"/>
+<input type="hidden" name="idsAll[]" value="<?=$this->escapeHtmlAttr($this->id)?>" />
\ No newline at end of file
diff --git a/themes/blueprint/templates/record/email.phtml b/themes/blueprint/templates/record/email.phtml
index 6da616e604e1c3912ef5ebd98991a33d10cc7c14..45486d7f079efbe4b8667fc601fe9ec208d13c98 100644
--- a/themes/blueprint/templates/record/email.phtml
+++ b/themes/blueprint/templates/record/email.phtml
@@ -8,8 +8,8 @@
?>
<?=$this->flashmessages()?>
<form action="" method="post" name="emailRecord">
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<label class="displayBlock" for="email_to"><?=$this->transEsc('To')?>:</label>
<input id="email_to" type="text" name="to" value="<?=isset($this->to) ? $this->to : ''?>" size="40" class="mainFocus <?=$this->jqueryValidation(array('required'=>'This field is required', 'email'=>'Email address is invalid'))?>"/>
<? if (!$this->disableFrom): ?>
diff --git a/themes/blueprint/templates/record/hold.phtml b/themes/blueprint/templates/record/hold.phtml
index 1ef581c016d115c7513f2eac3b1ce2d4afe0b41c..f954a4b30774a692956b4479239d0e36fca818ba 100644
--- a/themes/blueprint/templates/record/hold.phtml
+++ b/themes/blueprint/templates/record/hold.phtml
@@ -50,7 +50,7 @@
</option>
<? endif; ?>
<? foreach ($this->requestGroups as $group): ?>
- <option value="<?=$this->escapeHtml($group['id'])?>"<?=($selected == $group['id']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($group['id'])?>"<?=($selected == $group['id']) ? ' selected="selected"' : ''?>>
<?=$this->escapeHtml($group['name'])?>
</option>
<? endforeach; ?>
@@ -73,7 +73,7 @@
<span id="pickUpLocationLabel"><strong><?=$this->transEsc("pick_up_location")?>:
<noscript> (<?=$this->transEsc("Please enable JavaScript.")?>)</noscript>
</strong></span>
- <select id="pickUpLocation" name="gatheredDetails[pickUpLocation]" data-default="<?=$this->escapeHtml($selected)?>">
+ <select id="pickUpLocation" name="gatheredDetails[pickUpLocation]" data-default="<?=$this->escapeHtmlAttr($selected)?>">
<? if ($selected === false): ?>
<option value="" selected="selected">
<?=$this->transEsc('select_pickup_location')?>
@@ -89,13 +89,13 @@
</option>
<? endif; ?>
<? foreach ($this->pickup as $lib): ?>
- <option value="<?=$this->escapeHtml($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
<?=$this->escapeHtml($lib['locationDisplay'])?>
</option>
<? endforeach; ?>
</select>
<? else: ?>
- <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtml($this->defaultPickup)?>" />
+ <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtmlAttr($this->defaultPickup)?>" />
<? endif; ?>
</div>
<? endif; ?>
diff --git a/themes/blueprint/templates/record/illrequest.phtml b/themes/blueprint/templates/record/illrequest.phtml
index a1ce38fe4ad7fcd3ea181af79dac85b629da0411..fe0b89bd33ab47b7acf0feeff1f8987f1cc77471 100644
--- a/themes/blueprint/templates/record/illrequest.phtml
+++ b/themes/blueprint/templates/record/illrequest.phtml
@@ -24,7 +24,7 @@
<strong><?=$this->transEsc('ill_request_item')?>:</strong><br/>
<select name="gatheredDetails[itemId]">
<? foreach ($this->items as $item): ?>
- <option value="<?=$this->escapeHtml($item['id'])?>"<?=($this->gatheredDetails['itemId'] == $item['id']) ? ' selected="selected"' : ''?>><?=$this->escapeHtml($item['name'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($item['id'])?>"<?=($this->gatheredDetails['itemId'] == $item['id']) ? ' selected="selected"' : ''?>><?=$this->escapeHtml($item['name'])?></option>
<? endforeach; ?>
</select>
</div>
@@ -43,7 +43,7 @@
<strong><?=$this->transEsc("ill_request_pick_up_library")?>:</strong><br/>
<select id="pickupLibrary" name="gatheredDetails[pickUpLibrary]">
<? foreach ($this->pickupLibraries as $lib): ?>
- <option value="<?=$this->escapeHtml($lib['id'])?>"<?=(($selected === false && isset($lib['isDefault']) && $lib['isDefault']) || $selected === $lib['id']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($lib['id'])?>"<?=(($selected === false && isset($lib['isDefault']) && $lib['isDefault']) || $selected === $lib['id']) ? ' selected="selected"' : ''?>>
<?=$this->transEsc('library_' . $lib['name'], null, $lib['name'])?>
</option>
<? endforeach; ?>
@@ -80,7 +80,7 @@
<strong><?=$this->transEsc("pick_up_location")?>:</strong><br/>
<select id="pickupLocation" name="gatheredDetails[pickUpLocation]">
<? foreach ($this->pickupLocations as $loc): ?>
- <option value="<?=$this->escapeHtml($loc['id'])?>"<?=(($selected === false && isset($loc['isDefault']) && $loc['isDefault']) || $selected === $loc['id']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($loc['id'])?>"<?=(($selected === false && isset($loc['isDefault']) && $loc['isDefault']) || $selected === $loc['id']) ? ' selected="selected"' : ''?>>
<?=$this->escapeHtml($loc['name'])?>
</option>
<? endforeach; ?>
@@ -92,7 +92,7 @@
<? if (in_array("requiredByDate", $this->extraFields)): ?>
<div>
<strong><?=$this->transEsc("hold_required_by")?>: </strong>
- <div id="requiredByHolder"><input id="requiredByDate" type="text" name="gatheredDetails[requiredBy]" value="<?=(isset($this->gatheredDetails['requiredBy']) && !empty($this->gatheredDetails['requiredBy'])) ? $this->escapeHtml($this->gatheredDetails['requiredBy']) : $this->escapeHtml($this->defaultRequiredDate)?>" size="8" /> <strong>(<?=$this->dateTime()->getDisplayDateFormat()?>)</strong></div>
+ <div id="requiredByHolder"><input id="requiredByDate" type="text" name="gatheredDetails[requiredBy]" value="<?=(isset($this->gatheredDetails['requiredBy']) && !empty($this->gatheredDetails['requiredBy'])) ? $this->escapeHtmlAttr($this->gatheredDetails['requiredBy']) : $this->escapeHtmlAttr($this->defaultRequiredDate)?>" size="8" /> <strong>(<?=$this->dateTime()->getDisplayDateFormat()?>)</strong></div>
</div>
<? endif; ?>
diff --git a/themes/blueprint/templates/record/save.phtml b/themes/blueprint/templates/record/save.phtml
index b458a19620aaf9c2588e0e8eee4a886ca227e13a..cb5b1be5e5d0db38f4e7d68eaad78295abdd1cc8 100644
--- a/themes/blueprint/templates/record/save.phtml
+++ b/themes/blueprint/templates/record/save.phtml
@@ -9,8 +9,8 @@
<h2><?=$this->transEsc("add_favorite_prefix") ?> <?=$this->escapeHtml($this->driver->getBreadcrumb())?> <?=$this->transEsc("add_favorite_suffix") ?></h2>
<form method="post" action="" name="saveRecord">
<input type="hidden" name="submit" value="1" />
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId()) ?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId()) ?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<? if (!empty($this->containingLists)): ?>
<p><?=$this->transEsc('This item is already part of the following list/lists') ?>:</p>
<ul>
diff --git a/themes/blueprint/templates/record/sms.phtml b/themes/blueprint/templates/record/sms.phtml
index 4c575547128668359b207604eb056ac5c872c8c4..e40b9b95951011845ee8d3a4251fdf32efa4f8a0 100644
--- a/themes/blueprint/templates/record/sms.phtml
+++ b/themes/blueprint/templates/record/sms.phtml
@@ -8,8 +8,8 @@
?>
<?=$this->flashmessages()?>
<form method="post" action="" name="smsRecord">
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<label class="span-2" for="sms_to"><?=$this->transEsc('Number')?>:</label>
<input id="sms_to" type="text" name="to" value="<?=isset($this->to) ? $this->to : $this->transEsc('sms_phone_number')?>"
onfocus="if (this.value=='<?=$this->transEsc('sms_phone_number')?>') this.value=''"
@@ -27,7 +27,7 @@
<select id="sms_provider" name="provider" class="<?=$this->jqueryValidation(array('required'=>'This field is required'))?>">
<option selected="selected" value=""><?=$this->transEsc('Select your carrier')?></option>
<? foreach ($this->carriers as $val => $details): ?>
- <option<?=(isset($this->provider) && $val == $this->provider) ? ' selected="selected"' : ''?> value="<?=$this->escapeHtml($val)?>"><?=$this->escapeHtml($details['name'])?></option>
+ <option<?=(isset($this->provider) && $val == $this->provider) ? ' selected="selected"' : ''?> value="<?=$this->escapeHtmlAttr($val)?>"><?=$this->escapeHtml($details['name'])?></option>
<? endforeach; ?>
</select>
<br/>
diff --git a/themes/blueprint/templates/record/storageretrievalrequest.phtml b/themes/blueprint/templates/record/storageretrievalrequest.phtml
index 89748cfa63d33c7e9c52ede748486241f9f4828f..f52793cbe8c6a5fa2ffa3ad1b2148eb4b00a988d 100644
--- a/themes/blueprint/templates/record/storageretrievalrequest.phtml
+++ b/themes/blueprint/templates/record/storageretrievalrequest.phtml
@@ -23,9 +23,9 @@
<input type="radio" id="storageRetrievalRequestTitle" name="gatheredDetails[level]" value="title"<?=isset($this->gatheredDetails['level']) && $this->gatheredDetails['level'] == 'title' ? ' checked="checked"' : ''?>>
<strong><label for="storageRetrievalRequestTitle"><?=$this->transEsc('storage_retrieval_request_reference')?></label></strong><br/>
<div id="storageRetrievalRequestReference" class="storageRetrievalRequestReference">
- <span class="label"><?=$this->transEsc('storage_retrieval_request_volume')?>:</span> <input type="text" name="gatheredDetails[volume]" value="<?=isset($this->gatheredDetails['volume']) ? $this->escapeHtml($this->gatheredDetails['volume']) : ''?>"></input><br/>
- <span class="label"><?=$this->transEsc('storage_retrieval_request_issue')?>:</span> <input type="text" name="gatheredDetails[issue]" value="<?=isset($this->gatheredDetails['issue']) ? $this->escapeHtml($this->gatheredDetails['issue']) : ''?>"></input><br/>
- <span class="label"><?=$this->transEsc('storage_retrieval_request_year')?>:</span> <input type="text" name="gatheredDetails[year]" value="<?=isset($this->gatheredDetails['year']) ? $this->escapeHtml($this->gatheredDetails['year']) : ''?>"></input><br/>
+ <span class="label"><?=$this->transEsc('storage_retrieval_request_volume')?>:</span> <input type="text" name="gatheredDetails[volume]" value="<?=isset($this->gatheredDetails['volume']) ? $this->escapeHtmlAttr($this->gatheredDetails['volume']) : ''?>"></input><br/>
+ <span class="label"><?=$this->transEsc('storage_retrieval_request_issue')?>:</span> <input type="text" name="gatheredDetails[issue]" value="<?=isset($this->gatheredDetails['issue']) ? $this->escapeHtmlAttr($this->gatheredDetails['issue']) : ''?>"></input><br/>
+ <span class="label"><?=$this->transEsc('storage_retrieval_request_year')?>:</span> <input type="text" name="gatheredDetails[year]" value="<?=isset($this->gatheredDetails['year']) ? $this->escapeHtmlAttr($this->gatheredDetails['year']) : ''?>"></input><br/>
</div>
</div>
<? endif; ?>
@@ -33,7 +33,7 @@
<? if (in_array("requiredByDate", $this->extraFields)): ?>
<div>
<strong><?=$this->transEsc("hold_required_by")?>: </strong>
- <div id="requiredByHolder"><input id="requiredByDate" type="text" name="gatheredDetails[requiredBy]" value="<?=(isset($this->gatheredDetails['requiredBy']) && !empty($this->gatheredDetails['requiredBy'])) ? $this->escapeHtml($this->gatheredDetails['requiredBy']) : $this->escapeHtml($this->defaultRequiredDate)?>" size="8" /> <strong>(<?=$this->dateTime()->getDisplayDateFormat()?>)</strong></div>
+ <div id="requiredByHolder"><input id="requiredByDate" type="text" name="gatheredDetails[requiredBy]" value="<?=(isset($this->gatheredDetails['requiredBy']) && !empty($this->gatheredDetails['requiredBy'])) ? $this->escapeHtmlAttr($this->gatheredDetails['requiredBy']) : $this->escapeHtmlAttr($this->defaultRequiredDate)?>" size="8" /> <strong>(<?=$this->dateTime()->getDisplayDateFormat()?>)</strong></div>
</div>
<? endif; ?>
@@ -57,13 +57,13 @@
</option>
<? endif; ?>
<? foreach ($this->pickup as $lib): ?>
- <option value="<?=$this->escapeHtml($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
<?=$this->escapeHtml($lib['locationDisplay'])?>
</option>
<? endforeach; ?>
</select>
<? else: ?>
- <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtml($this->defaultPickup)?>" />
+ <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtmlAttr($this->defaultPickup)?>" />
<? endif; ?>
</div>
<? endif; ?>
diff --git a/themes/blueprint/templates/record/view.phtml b/themes/blueprint/templates/record/view.phtml
index 1a17922774fdf06e870bff042dddb564b6a778eb..2635c53f858aea6ff91931c9fad773bc67cffdec 100644
--- a/themes/blueprint/templates/record/view.phtml
+++ b/themes/blueprint/templates/record/view.phtml
@@ -15,8 +15,8 @@
<div class="<?=$this->layoutClass('mainbody')?>">
<?=$this->record($this->driver)->getToolbar()?>
- <div class="record recordId source<?=$this->escapeHtml($this->driver->getResourceSource())?>" id="record">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" class="hiddenId" id="record_id" />
+ <div class="record recordId source<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" id="record">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" class="hiddenId" id="record_id" />
<?=$this->flashmessages()?>
<? if (isset($this->scrollData) && ($this->scrollData['previousRecord'] || $this->scrollData['nextRecord'])): ?>
<div class="resultscroller">
@@ -54,7 +54,7 @@
<?=isset($activeTabObj) ? $this->record($this->driver)->getTab($activeTabObj) : '' ?>
</div>
- <span class="Z3988" title="<?=$this->escapeHtml($this->driver->getOpenURL())?>"></span>
+ <span class="Z3988" title="<?=$this->escapeHtmlAttr($this->driver->getOpenURL())?>"></span>
</div>
<div class="<?=$this->layoutClass('sidebar')?>">
diff --git a/themes/blueprint/templates/search/advanced/checkbox-filters.phtml b/themes/blueprint/templates/search/advanced/checkbox-filters.phtml
index 1eba661ad22d9c5a0d134bf94f038c4db19aadea..972b1f017bacaa9e96d726949e4687015ec13c3a 100644
--- a/themes/blueprint/templates/search/advanced/checkbox-filters.phtml
+++ b/themes/blueprint/templates/search/advanced/checkbox-filters.phtml
@@ -3,8 +3,8 @@
<fieldset>
<? foreach ($this->checkboxFacets as $current): ?>
<div class="checkboxFilter">
- <input type="checkbox" name="filter[]" value="<?=$this->escapeHtml($current['filter'])?>" id="<?=$this->escapeHtml(str_replace(' ', '', $current['desc']))?>" <? if ($current['selected']): ?>checked="checked" <? endif; ?> />
- <label for="<?=$this->escapeHtml(str_replace(' ', '', $current['desc']))?>"><?=$this->transEsc($current['desc'])?></label>
+ <input type="checkbox" name="filter[]" value="<?=$this->escapeHtmlAttr($current['filter'])?>" id="<?=$this->escapeHtmlAttr(str_replace(' ', '', $current['desc']))?>" <? if ($current['selected']): ?>checked="checked" <? endif; ?> />
+ <label for="<?=$this->escapeHtmlAttr(str_replace(' ', '', $current['desc']))?>"><?=$this->transEsc($current['desc'])?></label>
</div>
<? endforeach; ?>
</fieldset>
diff --git a/themes/blueprint/templates/search/advanced/layout.phtml b/themes/blueprint/templates/search/advanced/layout.phtml
index d7ad979a7579fd5e06599a5fff26a279c4a91078..abcd8b1cded9a7dd418012071410781a7a937022 100644
--- a/themes/blueprint/templates/search/advanced/layout.phtml
+++ b/themes/blueprint/templates/search/advanced/layout.phtml
@@ -74,7 +74,7 @@
<?
$options = array('AND', 'OR', 'NOT');
foreach ($options as $option) {
- echo '<option value="' . $this->escapeHtml($option) . '"';
+ echo '<option value="' . $this->escapeHtmlAttr($option) . '"';
if ($groups && isset($groups[$i])) {
$operator = $groups[$i]->isNegated() ? 'NOT' : $groups[$i]->getOperator();
if ($operator == $option) {
@@ -106,13 +106,13 @@
<label <?=($j > 0)?'class="offscreen" ':''?>for="search_lookfor<?=$i?>_<?=$j?>"><?=$this->transEsc("adv_search_label")?>:</label>
</div>
<div class="terms">
- <input id="search_lookfor<?=$i?>_<?=$j?>" type="text" value="<?=$currRow?$this->escapeHtml($currRow->getString()):''?>" size="50" name="lookfor<?=$i?>[]"/>
+ <input id="search_lookfor<?=$i?>_<?=$j?>" type="text" value="<?=$currRow?$this->escapeHtmlAttr($currRow->getString()):''?>" size="50" name="lookfor<?=$i?>[]"/>
</div>
<div class="field">
<label for="search_type<?=$i?>_<?=$j?>"><?=$this->transEsc("in")?></label>
<select id="search_type<?=$i?>_<?=$j?>" name="type<?=$i?>[]">
<? foreach ($this->options->getAdvancedHandlers() as $searchVal => $searchDesc): ?>
- <option value="<?=$this->escapeHtml($searchVal)?>"<?=($currRow && $currRow->getHandler() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
+ <option value="<?=$this->escapeHtmlAttr($searchVal)?>"<?=($currRow && $currRow->getHandler() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
<? endforeach; ?>
</select>
</div>
@@ -130,7 +130,7 @@
<br/><br/>
<? $lastSort = $this->options->getLastSort(); if (!empty($lastSort)): ?>
- <input type="hidden" name="sort" value="<?=$this->escapeHtml($lastSort)?>" />
+ <input type="hidden" name="sort" value="<?=$this->escapeHtmlAttr($lastSort)?>" />
<? endif; ?>
<input type="submit" name="submit" value="<?=$this->transEsc("Find")?>"/>
<? if (isset($this->extraAdvancedControls)): ?>
@@ -152,7 +152,7 @@
<h4><?=$this->transEsc($field)?></h4>
<ul>
<? foreach ($data as $value): ?>
- <li><input type="checkbox" checked="checked" name="filter[]" value='<?=$this->escapeHtml($value['field'])?>:"<?=$this->escapeHtml($value['value'])?>"' /> <?=$this->escapeHtml($value['displayText'])?></li>
+ <li><input type="checkbox" checked="checked" name="filter[]" value='<?=$this->escapeHtmlAttr($value['field'])?>:"<?=$this->escapeHtmlAttr($value['value'])?>"' /> <?=$this->escapeHtml($value['displayText'])?></li>
<? endforeach; ?>
</ul>
</div>
diff --git a/themes/blueprint/templates/search/advanced/limit.phtml b/themes/blueprint/templates/search/advanced/limit.phtml
index 03e74bf0c9242d9f3dd824c62f276b54f00d053a..f9c9ccbebc8d860689545e1490d348c53efee6d8 100644
--- a/themes/blueprint/templates/search/advanced/limit.phtml
+++ b/themes/blueprint/templates/search/advanced/limit.phtml
@@ -11,7 +11,7 @@
<legend><?=$this->transEsc('Results per page')?></legend>
<select id="limit" name="limit">
<? foreach ($limitList as $limitVal): ?>
- <option value="<?=$this->escapeHtml($limitVal)?>"<?=($limitVal == $defaultLimit) ? 'selected="selected"' : ''?>><?=$this->escapeHtml($limitVal)?></option>
+ <option value="<?=$this->escapeHtmlAttr($limitVal)?>"<?=($limitVal == $defaultLimit) ? 'selected="selected"' : ''?>><?=$this->escapeHtml($limitVal)?></option>
<? endforeach; ?>
</select>
</fieldset>
diff --git a/themes/blueprint/templates/search/advanced/ranges.phtml b/themes/blueprint/templates/search/advanced/ranges.phtml
index 74d7240a09dbaa9aef2941626bf2cd8dcccc8f57..242dbe923088b73887f40d61aaf58e5207fc1508 100644
--- a/themes/blueprint/templates/search/advanced/ranges.phtml
+++ b/themes/blueprint/templates/search/advanced/ranges.phtml
@@ -1,17 +1,17 @@
<? if (isset($this->ranges) && !empty($this->ranges)): ?>
<? $params = $this->searchParams($this->searchClassId); $params->activateAllFacets(); ?>
- <? foreach ($this->ranges as $current): $escField = $this->escapeHtml($current['field']); ?>
+ <? foreach ($this->ranges as $current): $escField = $this->escapeHtmlAttr($current['field']); ?>
<? if ($current['type'] == 'date'): ?>
<? /* Load the publication date slider UI widget */ $this->headScript()->appendFile('pubdate_slider.js'); ?>
<? endif; ?>
- <input type="hidden" name="<?=$this->escapeHtml($current['type'])?>range[]" value="<?=$escField?>"/>
+ <input type="hidden" name="<?=$this->escapeHtmlAttr($current['type'])?>range[]" value="<?=$escField?>"/>
<fieldset class="publishDateLimit span-5" id="<?=$escField?>">
<legend><?=$this->transEsc($params->getFacetLabel($current['field']))?></legend>
<label for="<?=$escField?>from"><?=$this->transEsc('date_from')?>:</label>
- <input type="text" size="4" maxlength="4" class="yearbox" name="<?=$escField?>from" id="<?=$escField?>from" value="<?=$this->escapeHtml($current['values'][0])?>" />
+ <input type="text" size="4" maxlength="4" class="yearbox" name="<?=$escField?>from" id="<?=$escField?>from" value="<?=$this->escapeHtmlAttr($current['values'][0])?>" />
<label for="<?=$escField?>to"><?=$this->transEsc('date_to')?>:</label>
- <input type="text" size="4" maxlength="4" class="yearbox" name="<?=$escField?>to" id="<?=$escField?>to" value="<?=$this->escapeHtml($current['values'][1])?>" />
- <div id="<?=$escField?>Slider" class="<?=$this->escapeHtml($current['type'])?>Slider"></div>
+ <input type="text" size="4" maxlength="4" class="yearbox" name="<?=$escField?>to" id="<?=$escField?>to" value="<?=$this->escapeHtmlAttr($current['values'][1])?>" />
+ <div id="<?=$escField?>Slider" class="<?=$this->escapeHtmlAttr($current['type'])?>Slider"></div>
</fieldset>
<? endforeach; ?>
<? endif; ?>
diff --git a/themes/blueprint/templates/search/advanced/solr.phtml b/themes/blueprint/templates/search/advanced/solr.phtml
index 632c525c0a2a5778c1b6d272c0e7a59e9111b85f..ec1923f64448378f67f52c5c91891c979c2bbfa4 100644
--- a/themes/blueprint/templates/search/advanced/solr.phtml
+++ b/themes/blueprint/templates/search/advanced/solr.phtml
@@ -9,8 +9,8 @@
<? if (!empty($this->facetList)): ?>
<? foreach ($this->facetList as $field => $list): ?>
<div class="<?=($field=='callnumber-first')?'span-7':'span-4'?>">
- <label class="displayBlock" for="limit_<?=$this->escapeHtml(str_replace(' ', '', $field))?>"><?=$this->transEsc($list['label'])?>:</label>
- <select id="limit_<?=$this->escapeHtml(str_replace(' ', '', $field))?>" name="filter[]" multiple="multiple" size="10">
+ <label class="displayBlock" for="limit_<?=$this->escapeHtmlAttr(str_replace(' ', '', $field))?>"><?=$this->transEsc($list['label'])?>:</label>
+ <select id="limit_<?=$this->escapeHtmlAttr(str_replace(' ', '', $field))?>" name="filter[]" multiple="multiple" size="10">
<?
// Sort the current facet list alphabetically; we'll use this data
// along with the foreach below to display facet options in the
@@ -23,7 +23,7 @@
?>
<? foreach ($sorted as $i => $display): ?>
<? $value = $list['list'][$i]; ?>
- <option value="<?=$this->escapeHtml(($value['operator'] == 'OR' ? '~' : '') . $field . ':"' . $value['value'] . '"')?>"<?=(isset($value['selected']) && $value['selected'])?' selected="selected"':''?>><?=$this->escapeHtml($display)?></option>
+ <option value="<?=$this->escapeHtmlAttr(($value['operator'] == 'OR' ? '~' : '') . $field . ':"' . $value['value'] . '"')?>"<?=(isset($value['selected']) && $value['selected'])?' selected="selected"':''?>><?=$this->escapeHtml($display)?></option>
<? endforeach; ?>
</select>
</div>
@@ -34,8 +34,8 @@
<fieldset class="span-4">
<legend><?=$this->transEsc("Illustrated")?>:</legend>
<? foreach ($this->illustratedLimit as $current): ?>
- <input id="illustrated_<?=$this->escapeHtml($current['value'])?>" type="radio" name="illustration" value="<?=$this->escapeHtml($current['value'])?>"<?=$current['selected']?' checked="checked"':''?>/>
- <label for="illustrated_<?=$this->escapeHtml($current['value'])?>"><?=$this->transEsc($current['text'])?></label><br/>
+ <input id="illustrated_<?=$this->escapeHtmlAttr($current['value'])?>" type="radio" name="illustration" value="<?=$this->escapeHtmlAttr($current['value'])?>"<?=$current['selected']?' checked="checked"':''?>/>
+ <label for="illustrated_<?=$this->escapeHtmlAttr($current['value'])?>"><?=$this->transEsc($current['text'])?></label><br/>
<? endforeach; ?>
</fieldset>
<? endif; ?>
diff --git a/themes/blueprint/templates/search/advanced/summon.phtml b/themes/blueprint/templates/search/advanced/summon.phtml
index 9f15eda79237f85dc0900dcf0901ad0a2bfb23e0..2aa1c67cec42844a3047c9dbea66bf44d5b15029 100644
--- a/themes/blueprint/templates/search/advanced/summon.phtml
+++ b/themes/blueprint/templates/search/advanced/summon.phtml
@@ -9,8 +9,8 @@
<? if (!empty($this->facetList)): ?>
<? foreach ($this->facetList as $field => $list): ?>
<div class="span-5">
- <label class="displayBlock" for="limit_<?=$this->escapeHtml(str_replace(' ', '', $field))?>"><?=$this->transEsc($list['label'])?>:</label>
- <select id="limit_<?=$this->escapeHtml(str_replace(' ', '', $field))?>" name="filter[]" multiple="multiple" size="10">
+ <label class="displayBlock" for="limit_<?=$this->escapeHtmlAttr(str_replace(' ', '', $field))?>"><?=$this->transEsc($list['label'])?>:</label>
+ <select id="limit_<?=$this->escapeHtmlAttr(str_replace(' ', '', $field))?>" name="filter[]" multiple="multiple" size="10">
<?
// Sort the current facet list alphabetically; we'll use this data
// along with the foreach below to display facet options in the
@@ -23,7 +23,7 @@
?>
<? foreach ($sorted as $i => $display): ?>
<? $value = $list['list'][$i]; ?>
- <option value="<?=$this->escapeHtml(($value['operator'] == 'OR' ? '~' : '') . $field . ':"' . $value['value'] . '"')?>"<?=(isset($value['selected']) && $value['selected'])?' selected="selected"':''?>><?=$this->escapeHtml($display)?></option>
+ <option value="<?=$this->escapeHtmlAttr(($value['operator'] == 'OR' ? '~' : '') . $field . ':"' . $value['value'] . '"')?>"<?=(isset($value['selected']) && $value['selected'])?' selected="selected"':''?>><?=$this->escapeHtml($display)?></option>
<? endforeach; ?>
</select>
</div>
diff --git a/themes/blueprint/templates/search/controls/limit.phtml b/themes/blueprint/templates/search/controls/limit.phtml
index c1297968ff7b3f8eb2be2de08d02208a5e257f41..28269b34598ef5d92bd060231565f5d54c799b3d 100644
--- a/themes/blueprint/templates/search/controls/limit.phtml
+++ b/themes/blueprint/templates/search/controls/limit.phtml
@@ -4,7 +4,7 @@
<label for="limit"><?=$this->transEsc('Results per page')?></label>
<select id="limit" name="limit" class="jumpMenu">
<? foreach ($limitList as $limitVal => $limitData): ?>
- <option value="<?=$this->escapeHtml($limitVal)?>"<?=$limitData['selected']?' selected="selected"':''?>><?=$this->escapeHtml($limitData['desc'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($limitVal)?>"<?=$limitData['selected']?' selected="selected"':''?>><?=$this->escapeHtml($limitData['desc'])?></option>
<? endforeach; ?>
</select>
<noscript><input type="submit" value="<?=$this->transEsc("Set")?>" /></noscript>
diff --git a/themes/blueprint/templates/search/controls/sort.phtml b/themes/blueprint/templates/search/controls/sort.phtml
index 5b7863589903be9f13a7c18e8141bb5a36a12e11..d6b55615ee1cdf85e3ef2b4ca00acad09870d5c7 100644
--- a/themes/blueprint/templates/search/controls/sort.phtml
+++ b/themes/blueprint/templates/search/controls/sort.phtml
@@ -4,7 +4,7 @@
<label for="sort_options_1"><?=$this->transEsc('Sort')?></label>
<select id="sort_options_1" name="sort" class="jumpMenu">
<? foreach ($list as $sortType => $sortData): ?>
- <option value="<?=$this->escapeHtml($sortType)?>"<?=$sortData['selected']?' selected="selected"':''?>><?=$this->transEsc($sortData['desc'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($sortType)?>"<?=$sortData['selected']?' selected="selected"':''?>><?=$this->transEsc($sortData['desc'])?></option>
<? endforeach; ?>
</select>
<noscript><input type="submit" value="<?=$this->transEsc("Set")?>" /></noscript>
diff --git a/themes/blueprint/templates/search/email.phtml b/themes/blueprint/templates/search/email.phtml
index 18bb6b667f3edebfe4a9d7a720c170a67e3095a7..a87c97f8d60edce31e4e2be968c0cb8e629e386c 100644
--- a/themes/blueprint/templates/search/email.phtml
+++ b/themes/blueprint/templates/search/email.phtml
@@ -8,7 +8,7 @@
?>
<?=$this->flashmessages()?>
<form action="" method="post" name="emailSearch">
- <input type="hidden" name="url" value="<?=$this->escapeHtml($this->url)?>" />
+ <input type="hidden" name="url" value="<?=$this->escapeHtmlAttr($this->url)?>" />
<label class="displayBlock" for="email_to"><?=$this->transEsc('To')?>:</label>
<input id="email_to" type="text" name="to" value="<?=isset($this->to) ? $this->to : ''?>" size="40" class="mainFocus <?=$this->jqueryValidation(array('required'=>'This field is required', 'email'=>'Email address is invalid'))?>"/>
<? if (!$this->disableFrom): ?>
diff --git a/themes/blueprint/templates/search/home.phtml b/themes/blueprint/templates/search/home.phtml
index eccf9134a2649b179bfd02b0296d36f2fd314660..d66ca5745138bb03afae265da9b4a532e9096f49 100644
--- a/themes/blueprint/templates/search/home.phtml
+++ b/themes/blueprint/templates/search/home.phtml
@@ -21,7 +21,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_home_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? endif; ?>
diff --git a/themes/blueprint/templates/search/newitem.phtml b/themes/blueprint/templates/search/newitem.phtml
index 1817184e36c9cad9165734f32f23039989d9c752..68896bdde514791f1262a38780d603a1eacfb46f 100644
--- a/themes/blueprint/templates/search/newitem.phtml
+++ b/themes/blueprint/templates/search/newitem.phtml
@@ -12,8 +12,8 @@
<fieldset>
<legend><?=$this->transEsc('Range')?>:</legend>
<? foreach ($this->ranges as $key => $range): ?>
- <input id="newitem_range_<?=$this->escapeHtml($key)?>" type="radio" name="range" value="<?=$this->escapeHtml($range)?>"<?= ($key == 0) ? ' checked="checked"' : ''?>/>
- <label for="newitem_range_<?=$this->escapeHtml($key)?>">
+ <input id="newitem_range_<?=$this->escapeHtmlAttr($key)?>" type="radio" name="range" value="<?=$this->escapeHtmlAttr($range)?>"<?= ($key == 0) ? ' checked="checked"' : ''?>/>
+ <label for="newitem_range_<?=$this->escapeHtmlAttr($key)?>">
<?=($range == 1) ? $this->transEsc('Yesterday') : $this->transEsc('Past') . ' ' . $this->escapeHtml($range) . ' ' . $this->transEsc('Days')?>
</label>
<br/>
@@ -25,7 +25,7 @@
<label class="displayBlock" for="newitem_department"><?=$this->transEsc('Department')?>:</label>
<select id="newitem_department" name="department" size="10">
<? foreach ($this->fundList as $fundId => $fund): ?>
- <option value="<?=$this->escapeHtml($fundId)?>"><?=$this->transEsc($fund)?></option>
+ <option value="<?=$this->escapeHtmlAttr($fundId)?>"><?=$this->transEsc($fund)?></option>
<? endforeach; ?>
</select>
</div>
diff --git a/themes/blueprint/templates/search/reserves.phtml b/themes/blueprint/templates/search/reserves.phtml
index dd95e2cbfd307fc78ee5a8be8547d64936c2f300..02d39641af3f01e49125ecc86dd8ef574edb134c 100644
--- a/themes/blueprint/templates/search/reserves.phtml
+++ b/themes/blueprint/templates/search/reserves.phtml
@@ -13,7 +13,7 @@
<select name="course" id="reserves_by_course">
<option></option>
<? foreach ($this->courseList as $courseId => $courseName): ?>
- <option value="<?=$this->escapeHtml($courseId)?>"><?=$this->escapeHtml($courseName)?></option>
+ <option value="<?=$this->escapeHtmlAttr($courseId)?>"><?=$this->escapeHtml($courseName)?></option>
<? endforeach; ?>
</select>
<input type="submit" name="submit" value="<?=$this->transEsc('Find')?>"/>
@@ -27,7 +27,7 @@
<select name="inst" id="reserves_by_inst">
<option></option>
<? foreach ($this->instList as $instId => $instName): ?>
- <option value="<?=$this->escapeHtml($instId)?>"><?=$this->escapeHtml($instName)?></option>
+ <option value="<?=$this->escapeHtmlAttr($instId)?>"><?=$this->escapeHtml($instName)?></option>
<? endforeach; ?>
</select>
<input type="submit" name="submit" value="<?=$this->transEsc('Find')?>"/>
@@ -41,7 +41,7 @@
<select name="dept" id="reserves_by_dept">
<option></option>
<? foreach ($this->deptList as $deptId => $deptName): ?>
- <option value="<?=$this->escapeHtml($deptId)?>"><?=$this->escapeHtml($deptName)?></option>
+ <option value="<?=$this->escapeHtmlAttr($deptId)?>"><?=$this->escapeHtml($deptName)?></option>
<? endforeach; ?>
</select>
<input type="submit" name="submit" value="<?=$this->transEsc('Find')?>"/>
diff --git a/themes/blueprint/templates/search/reservessearch.phtml b/themes/blueprint/templates/search/reservessearch.phtml
index 36888cf0d6d35c270301dc3f6eac843424ff649c..9f93b9d06ff7ba5155dfdda0d2756759a48f03e0 100644
--- a/themes/blueprint/templates/search/reservessearch.phtml
+++ b/themes/blueprint/templates/search/reservessearch.phtml
@@ -13,7 +13,7 @@
<h3><?=$this->transEsc('Search For Items on Reserve')?></h3>
<form method="get" action="" name="reservesSearchForm" class="search">
<label for="reservesSearchForm_lookfor" class="offscreen"><?=$this->transEsc("Your search terms")?></label>
- <input id="reservesSearchForm_lookfor" type="text" name="lookfor" size="40" value="<?=$this->escapeHtml($reservesLookfor)?>" <?=$this->searchOptions('SolrReserves')->autocompleteEnabled() ? ' class="autocomplete searcher:SolrReserves type:Reserves"' : ''?> />
+ <input id="reservesSearchForm_lookfor" type="text" name="lookfor" size="40" value="<?=$this->escapeHtmlAttr($reservesLookfor)?>" <?=$this->searchOptions('SolrReserves')->autocompleteEnabled() ? ' class="autocomplete searcher:SolrReserves type:Reserves"' : ''?> />
<input type="submit" name="submit" value="<?=$this->transEsc("Find")?>"/>
</form>
<script type="text/javascript">$("#reservesSearchForm_lookfor").focus()</script>
@@ -52,7 +52,7 @@
</tr>
<? foreach ($this->results->getResults() as $record): ?>
<?
- $url = $this->currentPath() . $this->escapeHtml(
+ $url = $this->currentPath() . $this->escapeHtmlAttr(
'?inst=' . urlencode($record->getInstructorId())
. '&course=' . urlencode($record->getCourseId())
. '&dept=' . urlencode($record->getDepartmentId())
diff --git a/themes/blueprint/templates/search/searchbox.phtml b/themes/blueprint/templates/search/searchbox.phtml
index 212ef848fdb9504a2cc22e169b07fcb1e7b95a58..ad9dbb976f3d73b222c9066d502476731046d7dc 100644
--- a/themes/blueprint/templates/search/searchbox.phtml
+++ b/themes/blueprint/templates/search/searchbox.phtml
@@ -25,7 +25,7 @@
<li<?=$tab['selected'] ? ' class="active"' : ''?>>
<?
if (!$tab['selected']) {
- echo '<a href="' . $this->escapeHtml($tab['url']) . '">';
+ echo '<a href="' . $this->escapeHtmlAttr($tab['url']) . '">';
}
echo $this->transEsc($tab['label']);
if (!$tab['selected']) {
@@ -37,23 +37,23 @@
</ul>
<? endif; ?>
<? if ($this->searchType == 'advanced'): ?>
- <a href="<?=$this->url($advSearch)?>?edit=<?=$this->escapeHtml($this->searchId)?>" class="small"><?=$this->transEsc("Edit this Advanced Search")?></a> |
+ <a href="<?=$this->url($advSearch)?>?edit=<?=$this->escapeHtmlAttr($this->searchId)?>" class="small"><?=$this->transEsc("Edit this Advanced Search")?></a> |
<a href="<?=$this->url($advSearch)?>" class="small"><?=$this->transEsc("Start a new Advanced Search")?></a> |
<a href="<?=$this->url($searchHome)?>" class="small"><?=$this->transEsc("Start a new Basic Search")?></a>
<br/><?=$this->transEsc("Your search terms")?> : "<strong><?=$this->escapeHtml($this->lookfor)?></strong>"
<? else: ?>
<form method="get" action="<?=$this->url($basicSearch)?>" name="searchForm" id="searchForm" class="search">
<label for="searchForm_lookfor" class="offscreen"><?=$this->transEsc("Your search terms")?></label>
- <input id="searchForm_lookfor" type="text" name="lookfor" size="40" value="<?=$this->escapeHtml($this->lookfor)?>"<?=$this->searchbox()->autocompleteEnabled($this->searchClassId) ? ' class="autocomplete searcher:' . $this->escapeHtml($this->searchClassId) . ' typeSelector:searchForm_type"' : ''?>/>
+ <input id="searchForm_lookfor" type="text" name="lookfor" size="40" value="<?=$this->escapeHtmlAttr($this->lookfor)?>"<?=$this->searchbox()->autocompleteEnabled($this->searchClassId) ? ' class="autocomplete searcher:' . $this->escapeHtmlAttr($this->searchClassId) . ' typeSelector:searchForm_type"' : ''?>/>
<label for="searchForm_type" class="offscreen"><?=$this->transEsc("Search Type")?></label>
<? if ($handlerCount > 1): ?>
<select id="searchForm_type" name="type" data-native-menu="false">
<? foreach ($handlers as $handler): ?>
- <option value="<?=$this->escapeHtml($handler['value'])?>"<?=$handler['selected'] ? ' selected="selected"' : ''?>><?=$handler['indent'] ? '-- ' : ''?><?=$this->transEsc($handler['label'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($handler['value'])?>"<?=$handler['selected'] ? ' selected="selected"' : ''?>><?=$handler['indent'] ? '-- ' : ''?><?=$this->transEsc($handler['label'])?></option>
<? endforeach; ?>
</select>
<? elseif ($handlerCount == 1): ?>
- <input type="hidden" name="type" value="<?=$this->escapeHtml($handlers[0]['value'])?>" />
+ <input type="hidden" name="type" value="<?=$this->escapeHtmlAttr($handlers[0]['value'])?>" />
<? endif; ?>
<input type="submit" name="submit" value="<?=$this->transEsc("Find")?>"/>
<? if ($advSearch): ?>
@@ -68,7 +68,7 @@
<br />
<? foreach ($shards as $shard => $val): ?>
<? $isSelected = in_array($shard, $selectedShards); ?>
- <input type="checkbox" <?=$isSelected ? 'checked="checked" ' : ''?>name="shard[]" value='<?=$this->escapeHtml($shard)?>' /> <?=$this->transEsc($shard)?>
+ <input type="checkbox" <?=$isSelected ? 'checked="checked" ' : ''?>name="shard[]" value='<?=$this->escapeHtmlAttr($shard)?>' /> <?=$this->transEsc($shard)?>
<? endforeach; ?>
<? endif; ?>
<?
@@ -83,8 +83,8 @@
<input type="checkbox"<?=$defaultFilterState?> id="searchFormKeepFilters"/> <label for="searchFormKeepFilters"><?=$this->transEsc("basic_search_keep_filters")?></label>
<div class="offscreen">
<? foreach ($filterDetails as $current): ?>
- <input id="<?=$this->escapeHtml($current['id'])?>" type="checkbox"<?=$defaultFilterState?> name="filter[]" value="<?=$this->escapeHtml($current['value'])?>" />
- <label for="<?=$this->escapeHtml($current['id'])?>"><?=$this->escapeHtml($current['value'])?></label>
+ <input id="<?=$this->escapeHtmlAttr($current['id'])?>" type="checkbox"<?=$defaultFilterState?> name="filter[]" value="<?=$this->escapeHtmlAttr($current['value'])?>" />
+ <label for="<?=$this->escapeHtmlAttr($current['id'])?>"><?=$this->escapeHtml($current['value'])?></label>
<? endforeach; ?>
<? if (isset($hasDefaultsApplied) && $hasDefaultsApplied): ?>
<!-- this is a hidden element that flags whether or not default filters have been applied;
@@ -97,14 +97,14 @@
<?
/* Show hidden field for active search class when in combined handler mode. */
if ($this->searchbox()->combinedHandlersActive()) {
- echo '<input type="hidden" name="activeSearchClassId" value="' . $this->escapeHtml($this->searchClassId) . '" />';
+ echo '<input type="hidden" name="activeSearchClassId" value="' . $this->escapeHtmlAttr($this->searchClassId) . '" />';
}
/* Load hidden limit preference from Session */
if (!empty($lastLimit)) {
- echo '<input type="hidden" name="limit" value="' . $this->escapeHtml($lastLimit) . '" />';
+ echo '<input type="hidden" name="limit" value="' . $this->escapeHtmlAttr($lastLimit) . '" />';
}
if (!empty($lastSort)) {
- echo '<input type="hidden" name="sort" value="' . $this->escapeHtml($lastSort) . '" />';
+ echo '<input type="hidden" name="sort" value="' . $this->escapeHtmlAttr($lastSort) . '" />';
}
?>
</form>
diff --git a/themes/blueprint/templates/upgrade/getdbcredentials.phtml b/themes/blueprint/templates/upgrade/getdbcredentials.phtml
index 549e92ae558b94a47891ac6e1dce5594f101dd2a..471babd487ec53a6786413691801e73ef10adb9e 100644
--- a/themes/blueprint/templates/upgrade/getdbcredentials.phtml
+++ b/themes/blueprint/templates/upgrade/getdbcredentials.phtml
@@ -14,7 +14,7 @@ with permission to alter and create tables.</p>
<form method="post" action="<?=$this->url('upgrade-getdbcredentials')?>">
<table>
<tbody>
- <tr><td>MySQL Root User: </td><td><input type="text" name="dbrootuser" value="<?=$this->escapeHtml($this->dbrootuser)?>"/></td></tr>
+ <tr><td>MySQL Root User: </td><td><input type="text" name="dbrootuser" value="<?=$this->escapeHtmlAttr($this->dbrootuser)?>"/></td></tr>
<tr><td>MySQL Root Password: </td><td><input type="password" name="dbrootpass" value=""/></td></tr>
<tr><td></td><td><input type="submit" name="submit" value="<?=$this->transEsc('Submit') ?>" /></td></tr>
</tbody>
diff --git a/themes/bootprint/templates/RecordDriver/SolrDefault/result-list.phtml b/themes/bootprint/templates/RecordDriver/SolrDefault/result-list.phtml
index 01c9929128923a49a05595963fbab19ca0ea3cc6..005d65246892f2deb274d1369cd3980b3787b03b 100644
--- a/themes/bootprint/templates/RecordDriver/SolrDefault/result-list.phtml
+++ b/themes/bootprint/templates/RecordDriver/SolrDefault/result-list.phtml
@@ -1,10 +1,10 @@
<div class="row-fluid <?=$this->driver->supportsAjaxStatus()?' ajaxItem':''?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" class="hiddenSource" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" class="hiddenSource" />
<div class="span2 switch-margins left">
<a href="<?=$this->recordLink()->getUrl($this->driver)?>" class="title">
<? if ($summThumb = $this->record($this->driver)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -135,7 +135,7 @@
<? if (!is_array($urls)) $urls = array();
if(!$this->driver->isCollection()):
foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><i class="icon-external-link"></i> <?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a><br/>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><i class="icon-external-link"></i> <?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a><br/>
<? endforeach; ?>
<? endif; ?>
<? endif; ?>
@@ -159,9 +159,9 @@
$this->jsTranslations()->addStrings(array('qrcode_hide' => 'qrcode_hide', 'qrcode_show' => 'qrcode_show'));
?>
<span class="hidden-phone">
- <i class="icon-qrcode"></i> <a href="<?=$this->escapeHtml($QRCode);?>" class="qrcodeLink"><?=$this->transEsc('qrcode_show')?></a>
+ <i class="icon-qrcode"></i> <a href="<?=$this->escapeHtmlAttr($QRCode);?>" class="qrcodeLink"><?=$this->transEsc('qrcode_show')?></a>
<div class="qrcode hide">
- <img alt="<?=$this->transEsc('QR Code')?>" class="img-polaroid" src="<?=$this->escapeHtml($QRCode);?>"/>
+ <img alt="<?=$this->transEsc('QR Code')?>" class="img-polaroid" src="<?=$this->escapeHtmlAttr($QRCode);?>"/>
</div><br/>
</span>
<? endif; ?>
@@ -180,7 +180,7 @@
<? $trees = $this->driver->tryMethod('getHierarchyTrees'); if (!empty($trees)): ?>
<? foreach ($trees as $hierarchyID => $hierarchyTitle): ?>
<div class="hierarchyTreeLink">
- <input type="hidden" value="<?=$this->escapeHtml($hierarchyID)?>" class="hiddenHierarchyId" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($hierarchyID)?>" class="hiddenHierarchyId" />
<i class="icon-sitemap"></i>
<a class="hierarchyTreeLinkText modal-link" href="<?=$this->recordLink()->getTabUrl($this->driver, 'HierarchyTree')?>?hierarchy=<?=urlencode($hierarchyID)?>#tabnav" title="<?=$this->transEsc('hierarchy_tree')?>">
<?=$this->transEsc('hierarchy_view_context')?><? if (count($trees) > 1): ?>: <?=$this->escapeHtml($hierarchyTitle)?><? endif; ?>
@@ -191,4 +191,4 @@
</div>
</div>
-<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtml($openUrl).'"></span>':''?>
+<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtmlAttr($openUrl).'"></span>':''?>
diff --git a/themes/bootprint/templates/header.phtml b/themes/bootprint/templates/header.phtml
index d8d3e0bce95c018ba55deeec75895f25ae0daf7b..bff7bcf7acb028f46e48fa31add786dd1285ec89 100644
--- a/themes/bootprint/templates/header.phtml
+++ b/themes/bootprint/templates/header.phtml
@@ -38,7 +38,7 @@
<div class="controls">
<select onChange="document.themeForm.submit()" id="themeForm_ui" name="ui">
<? foreach ($this->layout()->themeOptions as $current): ?>
- <option value="<?=$this->escapeHtml($current['name'])?>"<?=$current['selected'] ? ' selected="selected"' : ''?>><?=$this->transEsc($current['desc'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($current['name'])?>"<?=$current['selected'] ? ' selected="selected"' : ''?>><?=$this->transEsc($current['desc'])?></option>
<? endforeach; ?>
</select>
<noscript><input type="submit" value="<?=$this->transEsc("Set")?>" /></noscript>
diff --git a/themes/bootprint/templates/myresearch/bulk-action-buttons.phtml b/themes/bootprint/templates/myresearch/bulk-action-buttons.phtml
index f7af278056945f165fbc2cc1d5b91babe74aa9d1..d3236184fbebe0c3a71f642623acd8661c5306b5 100644
--- a/themes/bootprint/templates/myresearch/bulk-action-buttons.phtml
+++ b/themes/bootprint/templates/myresearch/bulk-action-buttons.phtml
@@ -1,6 +1,6 @@
<? if (isset($list)): ?>
- <input type="hidden" name="listID" value="<?=$this->escapeHtml($list->id)?>" />
- <input type="hidden" name="listName" value="<?=$this->escapeHtml($list->title)?>" />
+ <input type="hidden" name="listID" value="<?=$this->escapeHtmlAttr($list->id)?>" />
+ <input type="hidden" name="listName" value="<?=$this->escapeHtmlAttr($list->title)?>" />
<? endif; ?>
<? $user = $this->auth()->isLoggedIn(); ?>
<label class="checkbox">
@@ -10,7 +10,7 @@
<span class="help-inline"><?=$this->transEsc('with_selected')?>: </span>
<button class="btn btn-link" type="submit" name="email" value="1" title="<?=$this->transEsc('email_selected')?>"><i class="icon-email"></i> <?=$this->transEsc('Email')?></button>
<? if ((!is_null($this->list) && $this->list->editAllowed($user)) || is_null($this->list) && $user): ?>
- <button class="btn btn-link" id="<?=$this->idPrefix?>delete_list_items_<?=!is_null($this->list) ? $this->escapeHtml($this->list->id) : ''?>" type="submit" name="delete" value="1" title="<?=$this->transEsc('delete_selected')?>"><i class="icon-trash"></i> <?=$this->transEsc('Delete')?></button>
+ <button class="btn btn-link" id="<?=$this->idPrefix?>delete_list_items_<?=!is_null($this->list) ? $this->escapeHtmlAttr($this->list->id) : ''?>" type="submit" name="delete" value="1" title="<?=$this->transEsc('delete_selected')?>"><i class="icon-trash"></i> <?=$this->transEsc('Delete')?></button>
<? endif; ?>
<? $exportOptions = $this->export()->getBulkOptions(); if (count($exportOptions) > 0): ?>
<button class="btn btn-link" type="submit" name="export" value="1" title="<?=$this->transEsc('export_selected')?>"><i class="icon-export"></i> <?=$this->transEsc('Export')?></button>
diff --git a/themes/bootprint/templates/myresearch/checkedout.phtml b/themes/bootprint/templates/myresearch/checkedout.phtml
index b04b4c5b66e0d3fcce166122e04d05b9feb46305..fc5ed68df33ab4839920ba8086f2bf81a32881d6 100644
--- a/themes/bootprint/templates/myresearch/checkedout.phtml
+++ b/themes/bootprint/templates/myresearch/checkedout.phtml
@@ -23,17 +23,17 @@
<? $i = 0; foreach ($this->transactions as $resource): ?>
<hr/>
<? $ilsDetails = $resource->getExtraDetail('ils_details'); ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId())?>" class="row-fluid">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId())?>" class="row-fluid">
<? if ($this->renewForm): ?>
<? if (isset($ilsDetails['renewable']) && $ilsDetails['renewable'] && isset($ilsDetails['renew_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $ilsDetails['renew_details']); ?>
- <input class="pull-left" type="checkbox" name="renewSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['renew_details'])?>" id="checkbox_<?=$safeId?>" />
- <input class="pull-left" type="hidden" name="renewAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['renew_details'])?>" />
+ <input class="pull-left" type="checkbox" name="renewSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['renew_details'])?>" id="checkbox_<?=$safeId?>" />
+ <input class="pull-left" type="hidden" name="renewAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['renew_details'])?>" />
<? endif; ?>
<? endif; ?>
<div class="span2 text-center">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -112,7 +112,7 @@
<div class="alert alert-info"><?=$this->transEsc($ilsDetails['message'])?></div>
<? endif; ?>
<? if (isset($ilsDetails['renewable']) && $ilsDetails['renewable'] && isset($ilsDetails['renew_link'])): ?>
- <a href="<?=$this->escapeHtml($ilsDetails['renew_link'])?>"><?=$this->transEsc('renew_item')?></a>
+ <a href="<?=$this->escapeHtmlAttr($ilsDetails['renew_link'])?>"><?=$this->transEsc('renew_item')?></a>
<? endif; ?>
</div>
</div>
diff --git a/themes/bootprint/templates/myresearch/holds.phtml b/themes/bootprint/templates/myresearch/holds.phtml
index b689c0775095505453ec499d31acb889d7e0842d..22fe25966b9ae8b5a90f9cc049d1019a56ab35e4 100644
--- a/themes/bootprint/templates/myresearch/holds.phtml
+++ b/themes/bootprint/templates/myresearch/holds.phtml
@@ -40,17 +40,17 @@
<hr/>
<? $iteration++; ?>
<? $ilsDetails = $resource->getExtraDetail('ils_details'); ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId()) ?>" class="row-fluid">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId()) ?>" class="row-fluid">
<? if ($this->cancelForm && isset($ilsDetails['cancel_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $resource->getUniqueId()); ?>
- <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" />
+ <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" />
<div class="pull-left">
- <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" id="checkbox_<?=$safeId?>" />
+ <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" id="checkbox_<?=$safeId?>" />
</div>
<? endif; ?>
<div class="span2 text-center">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -136,7 +136,7 @@
<p><strong><?=$this->transEsc("hold_queue_position") ?>:</strong> <?=$this->escapeHtml($ilsDetails['position']) ?></p>
<? endif; ?>
<? if (isset($ilsDetails['cancel_link'])): ?>
- <p><a href="<?=$this->escapeHtml($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("hold_cancel") ?></a></p>
+ <p><a href="<?=$this->escapeHtmlAttr($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("hold_cancel") ?></a></p>
<? endif; ?>
</div>
diff --git a/themes/bootprint/templates/myresearch/storageretrievalrequests.phtml b/themes/bootprint/templates/myresearch/storageretrievalrequests.phtml
index 8f3031a2998cbb7a66f38e3bd55a47164ae1e688..a3cfe87044101d4d1e5dafe07f9f3f97cfdc67c0 100644
--- a/themes/bootprint/templates/myresearch/storageretrievalrequests.phtml
+++ b/themes/bootprint/templates/myresearch/storageretrievalrequests.phtml
@@ -40,17 +40,17 @@
<hr/>
<? $iteration++; ?>
<? $ilsDetails = $resource->getExtraDetail('ils_details'); ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId()) ?>" class="row-fluid">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId()) ?>" class="row-fluid">
<? if ($this->cancelForm && isset($ilsDetails['cancel_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $resource->getUniqueId()); ?>
- <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" />
+ <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" />
<div class="pull-left">
- <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" id="checkbox_<?=$safeId?>" />
+ <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" id="checkbox_<?=$safeId?>" />
</div>
<? endif; ?>
<div class="span2 text-center">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -137,7 +137,7 @@
<div class="text-success"><?=$this->transEsc("storage_retrieval_request_canceled") . (is_string($ilsDetails['canceled']) ? ': ' . $ilsDetails['canceled'] : '') ?></div>
<? endif; ?>
<? if (isset($ilsDetails['cancel_link'])): ?>
- <p><a href="<?=$this->escapeHtml($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("storage_retrieval_request_cancel") ?></a></p>
+ <p><a href="<?=$this->escapeHtmlAttr($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("storage_retrieval_request_cancel") ?></a></p>
<? endif; ?>
</div>
diff --git a/themes/bootprint/templates/search/home.phtml b/themes/bootprint/templates/search/home.phtml
index 04b3d55136a90eb179f5e0c55c66a0fce872432f..09fd26e5ba80dc28e11de513221a3b504829eb49 100644
--- a/themes/bootprint/templates/search/home.phtml
+++ b/themes/bootprint/templates/search/home.phtml
@@ -23,7 +23,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_home_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? endif; ?>
diff --git a/themes/bootstrap/templates/Auth/AbstractBase/login.phtml b/themes/bootstrap/templates/Auth/AbstractBase/login.phtml
index 539c1e484b9ccbae3d9e959e8cd1e3df42858ba7..8411874fb7f243550cae45ea3f31f357cd581e4d 100644
--- a/themes/bootstrap/templates/Auth/AbstractBase/login.phtml
+++ b/themes/bootstrap/templates/Auth/AbstractBase/login.phtml
@@ -18,5 +18,5 @@
</div>
</form>
<? else: ?>
- <a href="<?=$this->escapeHtml($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
+ <a href="<?=$this->escapeHtmlAttr($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
<? endif; ?>
diff --git a/themes/bootstrap/templates/Auth/AbstractBase/loginfields.phtml b/themes/bootstrap/templates/Auth/AbstractBase/loginfields.phtml
index ef6f561fcf74a69f8b0e14dddb89d68ed5660d09..c29d356fe48fe70f7d6c354262fbad8fa89eade7 100644
--- a/themes/bootstrap/templates/Auth/AbstractBase/loginfields.phtml
+++ b/themes/bootstrap/templates/Auth/AbstractBase/loginfields.phtml
@@ -1,7 +1,7 @@
<div class="control-group">
<label class="control-label" for="login_username"><?=$this->transEsc('Username')?>:</label>
<div class="controls">
- <input id="login_username" type="text" name="username" value="<?=$this->escapeHtml($this->request->get('username'))?>"/>
+ <input id="login_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>"/>
</div>
</div>
<div class="control-group">
diff --git a/themes/bootstrap/templates/Auth/Database/create.phtml b/themes/bootstrap/templates/Auth/Database/create.phtml
index 1cce7762aafdaddfd9c39ea3f935bf0511f143f4..bf43e8bdbd378eb60f0a75f16dbb05bba975acd2 100644
--- a/themes/bootstrap/templates/Auth/Database/create.phtml
+++ b/themes/bootstrap/templates/Auth/Database/create.phtml
@@ -1,25 +1,25 @@
<div class="control-group">
<label class="control-label" for="account_firstname"><?=$this->transEsc('First Name')?>:</label>
<div class="controls">
- <input id="account_firstname" type="text" name="firstname" value="<?=$this->escapeHtml($this->request->get('firstname'))?>"/>
+ <input id="account_firstname" type="text" name="firstname" value="<?=$this->escapeHtmlAttr($this->request->get('firstname'))?>"/>
</div>
</div>
<div class="control-group">
<label class="control-label" for="account_lastname"><?=$this->transEsc('Last Name')?>:</label>
<div class="controls">
- <input id="account_lastname" type="text" name="lastname" value="<?=$this->escapeHtml($this->request->get('lastname'))?>"/>
+ <input id="account_lastname" type="text" name="lastname" value="<?=$this->escapeHtmlAttr($this->request->get('lastname'))?>"/>
</div>
</div>
<div class="control-group">
<label class="control-label" for="account_email"><?=$this->transEsc('Email Address')?>:</label>
<div class="controls">
- <input id="account_email" type="email" name="email" value="<?=$this->escapeHtml($this->request->get('email'))?>"/>
+ <input id="account_email" type="email" name="email" value="<?=$this->escapeHtmlAttr($this->request->get('email'))?>"/>
</div>
</div>
<div class="control-group">
<label class="control-label" for="account_username"><?=$this->transEsc('Desired Username')?>:</label>
<div class="controls">
- <input id="account_username" type="text" name="username" value="<?=$this->escapeHtml($this->request->get('username'))?>"/>
+ <input id="account_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>"/>
</div>
</div>
<div class="control-group">
diff --git a/themes/bootstrap/templates/Auth/MultiILS/loginfields.phtml b/themes/bootstrap/templates/Auth/MultiILS/loginfields.phtml
index 7f5dbee57dd94dd903407c577491f472e644692f..9cdedf2c298ff0014bd6dd71438a03f9746faf3d 100644
--- a/themes/bootstrap/templates/Auth/MultiILS/loginfields.phtml
+++ b/themes/bootstrap/templates/Auth/MultiILS/loginfields.phtml
@@ -4,7 +4,7 @@
<?$currentTarget = $this->request->get('target'); if (!$currentTarget) $currentTarget = $this->auth()->getManager()->getDefaultLoginTarget();?>
<select id="login_target" name="target">
<?foreach ($this->auth()->getManager()->getLoginTargets() as $target):?>
- <option value="<?=$this->escapeHtml($target)?>"<?=($target == $currentTarget ? ' selected="selected"' : '')?>><?=$this->transEsc("source_$target", null, $target)?></option>
+ <option value="<?=$this->escapeHtmlAttr($target)?>"<?=($target == $currentTarget ? ' selected="selected"' : '')?>><?=$this->transEsc("source_$target", null, $target)?></option>
<? endforeach ?>
</select>
</div>
@@ -12,7 +12,7 @@
<div class="control-group">
<label class="control-label" for="login_username"><?=$this->transEsc('Username')?>:</label>
<div class="controls">
- <input id="login_username" type="text" name="username" value="<?=$this->escapeHtml($this->request->get('username'))?>"/>
+ <input id="login_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>"/>
</div>
</div>
<div class="control-group">
diff --git a/themes/bootstrap/templates/Auth/Shibboleth/login.phtml b/themes/bootstrap/templates/Auth/Shibboleth/login.phtml
index 94f44ef3d93574b3e3bcc672e4abbf1042b762f4..3feb62a33fd7e3948fdb6324a1ed056932524397 100644
--- a/themes/bootstrap/templates/Auth/Shibboleth/login.phtml
+++ b/themes/bootstrap/templates/Auth/Shibboleth/login.phtml
@@ -1,3 +1,3 @@
<? $account = $this->auth()->getManager(); ?>
<? $sessionInitiator = $account->getSessionInitiator($this->serverUrl($this->url('myresearch-home'))); ?>
-<a href="<?=$this->escapeHtml($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
+<a href="<?=$this->escapeHtmlAttr($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
diff --git a/themes/bootstrap/templates/Helpers/openurl.phtml b/themes/bootstrap/templates/Helpers/openurl.phtml
index 469722bf8cb610a829df15a16b95eee785b85088..4e3d1f612f2c942e19edb0db34a534c6d2c47849 100644
--- a/themes/bootstrap/templates/Helpers/openurl.phtml
+++ b/themes/bootstrap/templates/Helpers/openurl.phtml
@@ -3,25 +3,25 @@
if ($this->openUrlEmbed) {
$class = ' class="fulltext openUrlEmbed openurl_id:' . $this->openUrlId . '"';
} elseif ($this->openUrlWindow) {
- $class = ' class="fulltext openUrlWindow window_settings:' . $this->escapeHtml($this->openUrlWindow) . '"';
+ $class = ' class="fulltext openUrlWindow window_settings:' . $this->escapeHtmlAttr($this->openUrlWindow) . '"';
} else {
$class = '';
}
?>
-<a href="<?=$this->escapeHtml($this->openUrlBase . '?' . $this->openUrl)?>"<?=$class?>>
+<a href="<?=$this->escapeHtmlAttr($this->openUrlBase . '?' . $this->openUrl)?>"<?=$class?>>
<? /* put the openUrl here in a span (COinS almost) so we can retrieve it later */ ?>
- <span title="<?=$this->escapeHtml($this->openUrl)?>" class="openUrl"></span>
+ <span title="<?=$this->escapeHtmlAttr($this->openUrl)?>" class="openUrl"></span>
<? if ($this->openUrlGraphic): ?>
<?
$style = '';
if ($this->openUrlGraphicWidth) {
- $style .= 'width:' . $this->escapeHtml($this->openUrlGraphicWidth) . 'px;';
+ $style .= 'width:' . $this->escapeHtmlAttr($this->openUrlGraphicWidth) . 'px;';
}
if ($this->openUrlGraphicHeight) {
- $style .= 'height:' . $this->escapeHtml($this->openUrlGraphicHeight) . 'px;';
+ $style .= 'height:' . $this->escapeHtmlAttr($this->openUrlGraphicHeight) . 'px;';
}
?>
- <img src="<?=$this->escapeHtml($this->openUrlGraphic)?>" alt="<?=$this->transEsc('Get full text')?>" style="<?=$style?>" />
+ <img src="<?=$this->escapeHtmlAttr($this->openUrlGraphic)?>" alt="<?=$this->transEsc('Get full text')?>" style="<?=$style?>" />
<? else: ?>
<?=$this->transEsc('Get full text')?>
<? endif; ?>
diff --git a/themes/bootstrap/templates/Recommend/AuthorInfo.phtml b/themes/bootstrap/templates/Recommend/AuthorInfo.phtml
index 9ade3816dd3bc2200d67e11604da24212a1b2c4f..c8f821d030412618cb9cd1009524943a11f7ec51 100644
--- a/themes/bootstrap/templates/Recommend/AuthorInfo.phtml
+++ b/themes/bootstrap/templates/Recommend/AuthorInfo.phtml
@@ -4,11 +4,11 @@
<p class="lead"><?=$this->info['name'] ?></p>
<? if (isset($this->info['image'])): ?>
- <img class="pull-left pad" src="<?=$this->info['image'] ?>" alt="<?=$this->escapeHtml($this->info['altimage']) ?>" width="150px"/>
+ <img class="pull-left pad" src="<?=$this->info['image'] ?>" alt="<?=$this->escapeHtmlAttr($this->info['altimage']) ?>" width="150px"/>
<? endif; ?>
<?=preg_replace('/___baseurl___/', $this->url('search-results'), $this->info['description']) ?>
- <a class="wikipedia" href="http://<?=$this->info['wiki_lang'] ?>.wikipedia.org/wiki/<?=$this->escapeHtml($this->info['name']/*url*/) ?>" target="new"><?=$this->transEsc('wiki_link') ?></a>
+ <a class="wikipedia" href="http://<?=$this->info['wiki_lang'] ?>.wikipedia.org/wiki/<?=$this->escapeHtmlAttr($this->info['name']/*url*/) ?>" target="new"><?=$this->transEsc('wiki_link') ?></a>
</div>
<? endif; ?>
\ No newline at end of file
diff --git a/themes/bootstrap/templates/Recommend/CollectionSideFacets.phtml b/themes/bootstrap/templates/Recommend/CollectionSideFacets.phtml
index 93ac3d8487a9b96a627a7b099e7233be2b1e996a..56e46a1690df975d6b4b354ba1b072cb5ce73138 100644
--- a/themes/bootstrap/templates/Recommend/CollectionSideFacets.phtml
+++ b/themes/bootstrap/templates/Recommend/CollectionSideFacets.phtml
@@ -22,10 +22,10 @@
<li class="nav-header"><?=$this->transEsc('Keyword Filter')?></li>
<li>
<form method="get" action="" name="keywordFilterForm" id="keywordFilterForm" class="keywordFilterForm">
- <input id="keywordFilter_lookfor" type="text" name="lookfor" value="<?=$this->escapeHtml($keywordFilter)?>"/>
+ <input id="keywordFilter_lookfor" type="text" name="lookfor" value="<?=$this->escapeHtmlAttr($keywordFilter)?>"/>
<? foreach ($this->recommend->getResults()->getParams()->getFilterList(true) as $field => $filters): ?>
<? foreach ($filters as $filter): ?>
- <input type="hidden" name="filter[]" value="<?=$this->escapeHtml($filter['field'])?>:"<?=$this->escapeHtml($filter['value'])?>"" />
+ <input type="hidden" name="filter[]" value="<?=$this->escapeHtmlAttr($filter['field'])?>:"<?=$this->escapeHtmlAttr($filter['value'])?>"" />
<? endforeach; ?>
<? endforeach; ?>
<input class="btn" type="submit" name="submit" value="<?=$this->transEsc('Set')?>"/>
diff --git a/themes/bootstrap/templates/Recommend/EuropeanaResults.phtml b/themes/bootstrap/templates/Recommend/EuropeanaResults.phtml
index 4b2e26942afaf118001bad27764d430e1afa2f2d..aa7b5d54d6ce841ea5037c76f27c34f11b26a24a 100644
--- a/themes/bootstrap/templates/Recommend/EuropeanaResults.phtml
+++ b/themes/bootstrap/templates/Recommend/EuropeanaResults.phtml
@@ -12,9 +12,9 @@
<li class="suggestedResult <? (++$i % 2) ? 'alt ' : ''?>record<?=$i?>">
<div class="resultitem">
<? if (isset($work['enclosure'])): ?>
- <span class="europeanaImg"><img src="<?=$this->escapeHtml($work['enclosure'])?>" id="europeanaImage<?=$this->escapeHtml($workKey)?>"/></span>
+ <span class="europeanaImg"><img src="<?=$this->escapeHtmlAttr($work['enclosure'])?>" id="europeanaImage<?=$this->escapeHtmlAttr($workKey)?>"/></span>
<? endif; ?>
- <a href="<?=$this->escapeHtml($work['link'])?>" target="_blank">
+ <a href="<?=$this->escapeHtmlAttr($work['link'])?>" target="_blank">
<span><?=$this->escapeHtml($this->truncate($work['title'], 90))?></span>
</a>
<div class="clearfix"></div>
@@ -22,7 +22,7 @@
<? endforeach; ?>
</ul>
<p class="olSubjectMore">
- <a href="<?=$this->escapeHtml($data['sourceLink'])?>" title="<?=$this->escapeHtml($data['feedTitle'])?>" target="_blank">
+ <a href="<?=$this->escapeHtmlAttr($data['sourceLink'])?>" title="<?=$this->escapeHtmlAttr($data['feedTitle'])?>" target="_blank">
<?=$this->transEsc('more')?>...
</a>
</p>
diff --git a/themes/bootstrap/templates/Recommend/OpenLibrarySubjects.phtml b/themes/bootstrap/templates/Recommend/OpenLibrarySubjects.phtml
index 0ff984e793ee3146445b7099503ba9af1c31c42e..605100b82aeb43c7570253ac942ac8ab1638eebf 100644
--- a/themes/bootstrap/templates/Recommend/OpenLibrarySubjects.phtml
+++ b/themes/bootstrap/templates/Recommend/OpenLibrarySubjects.phtml
@@ -8,9 +8,9 @@
<a href="http://openlibrary.org<?=$work['key']?>" title="<?=$this->transEsc('Get full text')?>" target="_blank">
<span class="olSubjectCover">
<? if (isset($work['cover_id']) && !empty($work['cover_id'])): ?>
- <img src="http://covers.openlibrary.org/b/<?=$this->escapeHtml($work['cover_id_type'])?>/<?=$this->escapeHtml($work['cover_id'])?>-S.jpg" class="olSubjectImage" alt="<?=$this->escapeHtml($work['title'])?>" />
+ <img src="http://covers.openlibrary.org/b/<?=$this->escapeHtmlAttr($work['cover_id_type'])?>/<?=$this->escapeHtmlAttr($work['cover_id'])?>-S.jpg" class="olSubjectImage" alt="<?=$this->escapeHtmlAttr($work['title'])?>" />
<? else: ?>
- <img src="<?=$this->imageLink('noCover2.gif')?>" class="olSubjectImage" alt="<?=$this->escapeHtml($work['title'])?>" />
+ <img src="<?=$this->imageLink('noCover2.gif')?>" class="olSubjectImage" alt="<?=$this->escapeHtmlAttr($work['title'])?>" />
<? endif; ?>
</span>
<span><?=$this->escapeHtml($this->truncate($work['title'], 50))?></span>
diff --git a/themes/bootstrap/templates/Recommend/RandomRecommend.phtml b/themes/bootstrap/templates/Recommend/RandomRecommend.phtml
index 7f489269297c9bd0ebc2d19a549502d47f962cd5..e92d917f1e841f1a391c15f2ab94b952b5200ec5 100644
--- a/themes/bootstrap/templates/Recommend/RandomRecommend.phtml
+++ b/themes/bootstrap/templates/Recommend/RandomRecommend.phtml
@@ -10,11 +10,11 @@
$mediumThumb = $this->record($driver)->getThumbnail('medium'); ?>
<? if ($smallThumb): ?>
<a href="<?=$this->recordLink()->getUrl($driver)?>">
- <img alt="<?=$this->transEsc('Cover Image')?>" src="<?=$this->escapeHtml($smallThumb);?>"/><br />
+ <img alt="<?=$this->transEsc('Cover Image')?>" src="<?=$this->escapeHtmlAttr($smallThumb);?>"/><br />
</a>
<?elseif($mediumThumb):?>
<a href="<?=$this->recordLink()->getUrl($driver)?>">
- <img alt="<?=$this->transEsc('Cover Image')?>" src="<?=$this->escapeHtml($mediumThumb);?>"/><br />
+ <img alt="<?=$this->transEsc('Cover Image')?>" src="<?=$this->escapeHtmlAttr($mediumThumb);?>"/><br />
</a>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" alt="<?=$this->transEsc('No Cover Image')?>"/><br />
diff --git a/themes/bootstrap/templates/Recommend/SideFacets.phtml b/themes/bootstrap/templates/Recommend/SideFacets.phtml
index 09915b710c1b3071123a14852b4700394fd9a921..544372d8b9ea043c8a07dfe7fa631cc5af7c6053 100644
--- a/themes/bootstrap/templates/Recommend/SideFacets.phtml
+++ b/themes/bootstrap/templates/Recommend/SideFacets.phtml
@@ -6,8 +6,8 @@
<? foreach ($checkboxFilters as $current): ?>
<div class="checkboxFilter<?=($results->getResultTotal() < 1 && !$current['selected'] && !$current['alwaysVisible']) ? ' hide' : ''?>">
<label class="checkbox">
- <input type="checkbox" name="filter[]" value="<?=$this->escapeHtml($current['filter'])?>"
- <?=$current['selected'] ? 'checked="checked"' : ''?> id="<?=$this->escapeHtml(str_replace(' ', '', $current['desc']))?>"
+ <input type="checkbox" name="filter[]" value="<?=$this->escapeHtmlAttr($current['filter'])?>"
+ <?=$current['selected'] ? 'checked="checked"' : ''?> id="<?=$this->escapeHtmlAttr(str_replace(' ', '', $current['desc']))?>"
onclick="document.location.href='<?=$current['selected'] ? $results->getUrlQuery()->removeFilter($current['filter']) : $results->getUrlQuery()->addFilter($current['filter'])?>';" />
<?=$this->transEsc($current['desc'])?>
</label>
@@ -51,21 +51,21 @@
<? if (isset($rangeFacets[$title])): ?>
<li class="nav-header"><?=$this->transEsc($cluster['label'])?></li>
<li>
- <form class="form-inline text-center" action="" name="<?=$this->escapeHtml($title)?>Filter" id="<?=$this->escapeHtml($title)?>Filter">
+ <form class="form-inline text-center" action="" name="<?=$this->escapeHtmlAttr($title)?>Filter" id="<?=$this->escapeHtmlAttr($title)?>Filter">
<?=$results->getUrlQuery()->asHiddenFields(array('page' => "/./", 'filter' => "/^{$title}:.*/"))?>
- <input type="hidden" name="<?=$this->escapeHtml($rangeFacets[$title]['type'])?>range[]" value="<?=$this->escapeHtml($title)?>"/>
+ <input type="hidden" name="<?=$this->escapeHtmlAttr($rangeFacets[$title]['type'])?>range[]" value="<?=$this->escapeHtmlAttr($title)?>"/>
<div class="row-fluid">
- <label class="span6" for="<?=$this->escapeHtml($title)?>from">
+ <label class="span6" for="<?=$this->escapeHtmlAttr($title)?>from">
<?=$this->transEsc('date_from')?>:<br/>
- <input type="text" maxlength="4" class="span12" name="<?=$this->escapeHtml($title)?>from" id="<?=$this->escapeHtml($title)?>from" value="<?=isset($rangeFacets[$title]['values'][0])?$this->escapeHtml($rangeFacets[$title]['values'][0]):''?>" />
+ <input type="text" maxlength="4" class="span12" name="<?=$this->escapeHtmlAttr($title)?>from" id="<?=$this->escapeHtmlAttr($title)?>from" value="<?=isset($rangeFacets[$title]['values'][0])?$this->escapeHtmlAttr($rangeFacets[$title]['values'][0]):''?>" />
</label>
- <label class="span6" for="<?=$this->escapeHtml($title)?>to">
+ <label class="span6" for="<?=$this->escapeHtmlAttr($title)?>to">
<?=$this->transEsc('date_to')?>:<br/>
- <input type="text" maxlength="4" class="span12" name="<?=$this->escapeHtml($title)?>to" id="<?=$this->escapeHtml($title)?>to" value="<?=isset($rangeFacets[$title]['values'][1])?$this->escapeHtml($rangeFacets[$title]['values'][1]):''?>" />
+ <input type="text" maxlength="4" class="span12" name="<?=$this->escapeHtmlAttr($title)?>to" id="<?=$this->escapeHtmlAttr($title)?>to" value="<?=isset($rangeFacets[$title]['values'][1])?$this->escapeHtmlAttr($rangeFacets[$title]['values'][1]):''?>" />
</label>
</div>
<? if ($rangeFacets[$title]['type'] == 'date'): ?>
- <div class="row-fluid"><input type="text" class="span10 hidden" id="<?=$this->escapeHtml($title)?><?=$this->escapeHtml($rangeFacets[$title]['type'])?>Slider"/></div>
+ <div class="row-fluid"><input type="text" class="span10 hidden" id="<?=$this->escapeHtmlAttr($title)?><?=$this->escapeHtmlAttr($rangeFacets[$title]['type'])?>Slider"/></div>
<? endif; ?>
<input class="btn" type="submit" value="<?=$this->transEsc('Set')?>"/>
</form>
@@ -108,9 +108,9 @@ JS;
$thisFacet['displayText'] = "-";
}
?>
- <? $moreClass = 'narrowGroupHidden-'.$this->escapeHtml($title).' hidden'; ?>
+ <? $moreClass = 'narrowGroupHidden-'.$this->escapeHtmlAttr($title).' hidden'; ?>
<? if ($i == 6): ?>
- <li id="more-narrowGroupHidden-<?=$this->escapeHtml($title)?>"><a href="javascript:moreFacets('narrowGroupHidden-<?=$title ?>')"><?=$this->transEsc('more')?> ...</a></li>
+ <li id="more-narrowGroupHidden-<?=$this->escapeHtmlAttr($title)?>"><a href="javascript:moreFacets('narrowGroupHidden-<?=$title ?>')"><?=$this->transEsc('more')?> ...</a></li>
<? endif; ?>
<? if ($thisFacet['isApplied']): ?>
<li class="<? if ($i>5): ?><?=$moreClass ?><?endif ?><? if ($thisFacet['operator'] == 'OR'): ?> facetOR applied" href="<?=$this->currentPath().$results->getUrlQuery()->removeFacet($title, $thisFacet['value'], true, $thisFacet['operator']) ?><? endif ?>">
diff --git a/themes/bootstrap/templates/Recommend/SummonBestBets.phtml b/themes/bootstrap/templates/Recommend/SummonBestBets.phtml
index 305e3afdba0ccb17142a85336f4f3c00cd931e0b..3302226bb5ab23f8d4de157b955d1deec90666a8 100644
--- a/themes/bootstrap/templates/Recommend/SummonBestBets.phtml
+++ b/themes/bootstrap/templates/Recommend/SummonBestBets.phtml
@@ -3,7 +3,7 @@
<? foreach ($summonBestBets as $current): ?>
<p>
<? if (isset($current['link']) && !empty($current['link'])):?>
- <a href="<?=$this->escapeHtml($current['link'])?>"><?=$this->escapeHtml($current['title'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($current['link'])?>"><?=$this->escapeHtml($current['title'])?></a>
<? else: ?>
<b><?=$this->escapeHtml($current['title'])?></b>
<? endif; ?>
diff --git a/themes/bootstrap/templates/Recommend/SummonDatabases.phtml b/themes/bootstrap/templates/Recommend/SummonDatabases.phtml
index ab16b72a7372ebed385bc16a4a4aa92a7a7aa3e5..507840f253d1ed4a9266f5c5ff48a3732988f5a0 100644
--- a/themes/bootstrap/templates/Recommend/SummonDatabases.phtml
+++ b/themes/bootstrap/templates/Recommend/SummonDatabases.phtml
@@ -2,7 +2,7 @@
<div class="authorbox">
<p><?=$this->transEsc('summon_database_recommendations')?></p>
<? foreach ($summonDatabases as $current): ?>
- <p><a href="<?=$this->escapeHtml($current['link'])?>"><?=$this->escapeHtml($current['title'])?></a><br/><?=$this->escapeHtml($current['description'])?></p>
+ <p><a href="<?=$this->escapeHtmlAttr($current['link'])?>"><?=$this->escapeHtml($current['title'])?></a><br/><?=$this->escapeHtml($current['description'])?></p>
<? endforeach; ?>
</div>
<? endif; ?>
\ No newline at end of file
diff --git a/themes/bootstrap/templates/Recommend/SummonTopics.phtml b/themes/bootstrap/templates/Recommend/SummonTopics.phtml
index 15f4f8095250aa7d09546a7b13f09de447ec4f21..076c8895617d1d2a1943e75eb9674d7deff45f1e 100644
--- a/themes/bootstrap/templates/Recommend/SummonTopics.phtml
+++ b/themes/bootstrap/templates/Recommend/SummonTopics.phtml
@@ -5,7 +5,7 @@
<p>
<a href="<?=$this->url('summon-search')?>?lookfor=%22<?=urlencode($summonTopics['title'])?>%22"><?=$this->escapeHtml($summonTopics['title'])?></a><br />
<? if (isset($summonTopics['snippet'])): ?><?=$this->escapeHtml($summonTopics['snippet'])?><? endif; ?>
- <? if (isset($summonTopics['sourceLink'])): ?><a href="<?=$this->escapeHtml($summonTopics['sourceLink'])?>"><?=$this->transEsc('more')?>...</a><? endif; ?>
+ <? if (isset($summonTopics['sourceLink'])): ?><a href="<?=$this->escapeHtmlAttr($summonTopics['sourceLink'])?>"><?=$this->transEsc('more')?>...</a><? endif; ?>
</p>
<? endif; ?>
<? if (isset($summonTopics['relatedTopics']) && !empty($summonTopics['relatedTopics'])): ?>
diff --git a/themes/bootstrap/templates/Recommend/WebResults.phtml b/themes/bootstrap/templates/Recommend/WebResults.phtml
index 768d72c22ee20f81be10c4a93158beb841620102..701bd836951a71d9f0f87217c2e18072dab493bb 100644
--- a/themes/bootstrap/templates/Recommend/WebResults.phtml
+++ b/themes/bootstrap/templates/Recommend/WebResults.phtml
@@ -5,7 +5,7 @@
<ul class="similar">
<? foreach ($results as $driver): ?>
<li>
- <a href="<?=$this->escapeHtml($driver->getUrl())?>" class="title"><?
+ <a href="<?=$this->escapeHtmlAttr($driver->getUrl())?>" class="title"><?
$summHighlightedTitle = $driver->getHighlightedTitle();
$summTitle = $driver->getTitle();
if (!empty($summHighlightedTitle)) {
diff --git a/themes/bootstrap/templates/RecordDriver/LibGuides/result-list.phtml b/themes/bootstrap/templates/RecordDriver/LibGuides/result-list.phtml
index 9be83a032366a5b83502c25e9cdb0f87adae6b18..d53aa37f708db45cf2f04589f7479d26a5518615 100644
--- a/themes/bootstrap/templates/RecordDriver/LibGuides/result-list.phtml
+++ b/themes/bootstrap/templates/RecordDriver/LibGuides/result-list.phtml
@@ -3,7 +3,7 @@
?>
<div class="listentry span11 clearfix">
<div class="resultItemLine1">
- <a href="<?=$this->escapeHtml($url)?>" class="title"><?
+ <a href="<?=$this->escapeHtmlAttr($url)?>" class="title"><?
$summTitle = $this->driver->getTitle();
if (!empty($summTitle)) {
echo $this->escapeHtml($this->truncate($summTitle, 180));
diff --git a/themes/bootstrap/templates/RecordDriver/Pazpar2/result-list.phtml b/themes/bootstrap/templates/RecordDriver/Pazpar2/result-list.phtml
index bd7b9481240e9aacaef0633f31e1a7de74a3a275..de3859b15aa2af2632ee066a7380b32057e0b4da 100644
--- a/themes/bootstrap/templates/RecordDriver/Pazpar2/result-list.phtml
+++ b/themes/bootstrap/templates/RecordDriver/Pazpar2/result-list.phtml
@@ -1,8 +1,8 @@
-<div class="result source<?=$this->escapeHtml($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
+<div class="result source<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
<div class="span2">
<? if ($summThumb = $this->record($this->driver)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -90,7 +90,7 @@
<? if (!is_array($urls)) $urls = array();
if(!$this->driver->isCollection()):
foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><i class="icon-external-link"></i> <?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a><br/>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><i class="icon-external-link"></i> <?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a><br/>
<? endforeach; ?>
<? endif; ?>
<? endif; ?>
@@ -109,4 +109,4 @@
<div class="clear"></div>
</div>
-<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtml($openUrl).'"></span>':''?>
+<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtmlAttr($openUrl).'"></span>':''?>
diff --git a/themes/bootstrap/templates/RecordDriver/SolrDefault/collection-info.phtml b/themes/bootstrap/templates/RecordDriver/SolrDefault/collection-info.phtml
index 862ccfe203b8cd59530b0e7c9f09326ecd476a3d..e51e887031dc5cbf14d75229cf8b7c4f6bc70df0 100644
--- a/themes/bootstrap/templates/RecordDriver/SolrDefault/collection-info.phtml
+++ b/themes/bootstrap/templates/RecordDriver/SolrDefault/collection-info.phtml
@@ -5,8 +5,8 @@
<? /* Display thumbnail if appropriate: */ ?>
<? $mediumThumb = $this->record($this->driver)->getThumbnail('medium'); $largeThumb = $this->record($this->driver)->getThumbnail('large'); ?>
<? if ($mediumThumb): ?>
- <? if ($largeThumb): ?><a href="<?=$this->escapeHtml($largeThumb)?>"><? endif; ?>
- <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtml($mediumThumb);?>"/>
+ <? if ($largeThumb): ?><a href="<?=$this->escapeHtmlAttr($largeThumb)?>"><? endif; ?>
+ <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtmlAttr($mediumThumb);?>"/>
<? if ($largeThumb): ?></a><? endif; ?>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="recordcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
@@ -15,7 +15,7 @@
<? /* Display qrcode if appropriate: */ ?>
<? $QRCode = $this->record($this->driver)->getQRCode("core"); ?>
<? if($QRCode): ?>
- <br/><img alt="<?=$this->transEsc('QR Code')?>" class="qrcode" src="<?=$this->escapeHtml($QRCode);?>"/>
+ <br/><img alt="<?=$this->transEsc('QR Code')?>" class="qrcode" src="<?=$this->escapeHtmlAttr($QRCode);?>"/>
<? endif; ?>
</div>
@@ -140,7 +140,7 @@
<? $i = 0; foreach ($field as $subfield): ?>
<?=($i++ == 0) ? '' : ' > '?>
<? $subject = trim($subject . ' ' . $subfield); ?>
- <a title="<?=$this->escapeHtml($subject)?>" href="<?=$this->record($this->driver)->getLink('subject', $subject)?>" class="subjectHeading"><?=$this->escapeHtml($subfield)?></a>
+ <a title="<?=$this->escapeHtmlAttr($subject)?>" href="<?=$this->record($this->driver)->getLink('subject', $subject)?>" class="subjectHeading"><?=$this->escapeHtml($subfield)?></a>
<? endforeach; ?>
</div>
<? endforeach; ?>
@@ -158,7 +158,7 @@
<th><?=$this->transEsc('Online Access')?>: </th>
<td>
<? foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
<? endforeach; ?>
<? if ($openUrl): ?>
<?=$this->openUrl($openUrl)?><br/>
diff --git a/themes/bootstrap/templates/RecordDriver/SolrDefault/core.phtml b/themes/bootstrap/templates/RecordDriver/SolrDefault/core.phtml
index 39f92e5e1b57151cc41c2462139bc7a26e20b391..5dc0c5a46bab250fbcfe91ab382baf43fbe809a4 100644
--- a/themes/bootstrap/templates/RecordDriver/SolrDefault/core.phtml
+++ b/themes/bootstrap/templates/RecordDriver/SolrDefault/core.phtml
@@ -4,8 +4,8 @@
<? /* Display thumbnail if appropriate: */ ?>
<? $mediumThumb = $this->record($this->driver)->getThumbnail('medium'); $largeThumb = $this->record($this->driver)->getThumbnail('large'); ?>
<? if ($mediumThumb): ?>
- <? if ($largeThumb): ?><a href="<?=$this->escapeHtml($largeThumb)?>"><? endif; ?>
- <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtml($mediumThumb);?>"/>
+ <? if ($largeThumb): ?><a href="<?=$this->escapeHtmlAttr($largeThumb)?>"><? endif; ?>
+ <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtmlAttr($mediumThumb);?>"/>
<? if ($largeThumb): ?></a><? endif; ?>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="recordcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
@@ -15,7 +15,7 @@
<? $QRCode = $this->record($this->driver)->getQRCode("core"); ?>
<? if($QRCode): ?>
<span class="hidden-phone">
- <br/><img alt="<?=$this->transEsc('QR Code')?>" class="qrcode" src="<?=$this->escapeHtml($QRCode);?>"/>
+ <br/><img alt="<?=$this->transEsc('QR Code')?>" class="qrcode" src="<?=$this->escapeHtmlAttr($QRCode);?>"/>
</span>
<? endif; ?>
</div>
@@ -180,7 +180,7 @@
<? $i = 0; foreach ($field as $subfield): ?>
<?=($i++ == 0) ? '' : ' > '?>
<? $subject = trim($subject . ' ' . $subfield); ?>
- <a class="backlink" title="<?=$this->escapeHtml($subject)?>" href="<?=$this->record($this->driver)->getLink('subject', $subject)?>"><?=trim($this->escapeHtml($subfield))?></a>
+ <a class="backlink" title="<?=$this->escapeHtmlAttr($subject)?>" href="<?=$this->record($this->driver)->getLink('subject', $subject)?>"><?=trim($this->escapeHtml($subfield))?></a>
<? endforeach; ?>
</div>
<? endforeach; ?>
@@ -198,7 +198,7 @@
<th><?=$this->transEsc('Online Access')?>: </th>
<td>
<? foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
<? endforeach; ?>
<? if ($openUrl): ?>
<?=$this->openUrl($openUrl)?><br/>
diff --git a/themes/bootstrap/templates/RecordDriver/SolrDefault/list-entry.phtml b/themes/bootstrap/templates/RecordDriver/SolrDefault/list-entry.phtml
index c84f57f6e4175a582bae0049bb749c39392f65bc..32a38969dbe17d5c8cc2dd517aae4474f8e8dd4b 100644
--- a/themes/bootstrap/templates/RecordDriver/SolrDefault/list-entry.phtml
+++ b/themes/bootstrap/templates/RecordDriver/SolrDefault/list-entry.phtml
@@ -16,7 +16,7 @@
<div class="span2 text-center">
<a href="<?=$this->recordLink()->getUrl($this->driver)?>">
<? if ($summThumb = $this->record($this->driver)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -153,7 +153,7 @@
<? if (!is_array($urls)) { $urls = array(); }
if(!$this->driver->isCollection()):
foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><i class="icon-external-link"></i> <?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><i class="icon-external-link"></i> <?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
<? endforeach; ?>
<? endif; ?>
<? endif; ?>
@@ -181,11 +181,11 @@
<?=$this->transEsc('Delete') ?>
</a>
<ul class="dropdown-menu" role="menu" aria-labelledby="dLabel">
- <li><a onClick="$.post('<?=$deleteUrl?>', {'delete':'<?=$this->escapeHtml($id) ?>','source':'<?=$this->escapeHtml($source) ?>','confirm':true},function(){location.reload(true)})" title="<?=$this->transEsc('confirm_delete_brief')?>"><?=$this->transEsc('confirm_dialog_yes')?></a></li>
+ <li><a onClick="$.post('<?=$deleteUrl?>', {'delete':'<?=$this->escapeHtmlAttr($id) ?>','source':'<?=$this->escapeHtmlAttr($source) ?>','confirm':true},function(){location.reload(true)})" title="<?=$this->transEsc('confirm_delete_brief')?>"><?=$this->transEsc('confirm_dialog_yes')?></a></li>
<li><a><?=$this->transEsc('confirm_dialog_no')?></a></li>
</ul>
</div>
</div>
- <?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtml($openUrl).'"></span>':''?>
+ <?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtmlAttr($openUrl).'"></span>':''?>
</div>
diff --git a/themes/bootstrap/templates/RecordDriver/SolrDefault/result-grid.phtml b/themes/bootstrap/templates/RecordDriver/SolrDefault/result-grid.phtml
index bcd491f98679783db4c088187ece801eab470207..39831f2f4e823f83b943445c6ee8c00deaa264cf 100644
--- a/themes/bootstrap/templates/RecordDriver/SolrDefault/result-grid.phtml
+++ b/themes/bootstrap/templates/RecordDriver/SolrDefault/result-grid.phtml
@@ -9,16 +9,16 @@ $urls = $this->record($this->driver)->getLinkDetails();
?>
<div class="result <?=$this->driver->supportsAjaxStatus()?' ajaxItem':''?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
<? if (!isset($this->hideCartControls) && $this->cart()->isActive()): ?>
<?=$this->record($this->driver)->getCheckbox() ?></br>
<? endif; ?>
<div class="text-center" style="margin:auto;max-width:70px">
<a href="<?=$this->recordLink()->getUrl($this->driver)?>">
<? if ($summThumb = $this->record($this->driver)->getThumbnail('large')): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
<? elseif ($summThumb = $this->record($this->driver)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -48,11 +48,11 @@ $urls = $this->record($this->driver)->getLinkDetails();
<? if ($this->driver->replaceURLsWithOpenURL()) $urls = array(); // clear URL list if replace setting is active ?>
<? endif; ?>
<? if (!is_array($urls)) $urls = array(); foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><i class="icon-external-link"></i> <?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><i class="icon-external-link"></i> <?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
<br/>
<? endforeach; ?>
<? endif; ?>
</div>
</div>
-<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtml($openUrl).'"></span>':''?>
+<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtmlAttr($openUrl).'"></span>':''?>
diff --git a/themes/bootstrap/templates/RecordDriver/SolrDefault/result-list.phtml b/themes/bootstrap/templates/RecordDriver/SolrDefault/result-list.phtml
index 426ceeb5f0a71636f2c49b7194d24b9701af89af..2bb8d0abbf534b162afe442aa95170b381bb76dc 100644
--- a/themes/bootstrap/templates/RecordDriver/SolrDefault/result-list.phtml
+++ b/themes/bootstrap/templates/RecordDriver/SolrDefault/result-list.phtml
@@ -1,10 +1,10 @@
<div class="row-fluid <?=$this->driver->supportsAjaxStatus()?' ajaxItem':''?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" class="hiddenSource" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" class="hiddenSource" />
<div class="span2 left">
<a href="<?=$this->recordLink()->getUrl($this->driver)?>" class="title">
<? if ($summThumb = $this->record($this->driver)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -135,7 +135,7 @@
<? if (!is_array($urls)) $urls = array();
if(!$this->driver->isCollection()):
foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><i class="icon-external-link"></i> <?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a><br/>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><i class="icon-external-link"></i> <?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a><br/>
<? endforeach; ?>
<? endif; ?>
<? endif; ?>
@@ -159,9 +159,9 @@
$this->jsTranslations()->addStrings(array('qrcode_hide' => 'qrcode_hide', 'qrcode_show' => 'qrcode_show'));
?>
<span class="hidden-phone">
- <i class="icon-qrcode"></i> <a href="<?=$this->escapeHtml($QRCode);?>" class="qrcodeLink"><?=$this->transEsc('qrcode_show')?></a>
+ <i class="icon-qrcode"></i> <a href="<?=$this->escapeHtmlAttr($QRCode);?>" class="qrcodeLink"><?=$this->transEsc('qrcode_show')?></a>
<div class="qrcode hide">
- <img alt="<?=$this->transEsc('QR Code')?>" class="img-polaroid" src="<?=$this->escapeHtml($QRCode);?>"/>
+ <img alt="<?=$this->transEsc('QR Code')?>" class="img-polaroid" src="<?=$this->escapeHtmlAttr($QRCode);?>"/>
</div><br/>
</span>
<? endif; ?>
@@ -180,7 +180,7 @@
<? $trees = $this->driver->tryMethod('getHierarchyTrees'); if (!empty($trees)): ?>
<? foreach ($trees as $hierarchyID => $hierarchyTitle): ?>
<div class="hierarchyTreeLink">
- <input type="hidden" value="<?=$this->escapeHtml($hierarchyID)?>" class="hiddenHierarchyId" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($hierarchyID)?>" class="hiddenHierarchyId" />
<i class="icon-sitemap"></i>
<a class="hierarchyTreeLinkText modal-link" href="<?=$this->recordLink()->getTabUrl($this->driver, 'HierarchyTree')?>?hierarchy=<?=urlencode($hierarchyID)?>#tabnav" title="<?=$this->transEsc('hierarchy_tree')?>">
<?=$this->transEsc('hierarchy_view_context')?><? if (count($trees) > 1): ?>: <?=$this->escapeHtml($hierarchyTitle)?><? endif; ?>
@@ -191,4 +191,4 @@
</div>
</div>
-<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtml($openUrl).'"></span>':''?>
+<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtmlAttr($openUrl).'"></span>':''?>
diff --git a/themes/bootstrap/templates/RecordDriver/SolrDefault/toolbar.phtml b/themes/bootstrap/templates/RecordDriver/SolrDefault/toolbar.phtml
index 4c185a5de33e3d667a6f3d8dfd651f414d587eb7..a91e13ac37c39a60802b9c08a8d5f30d009923ad 100644
--- a/themes/bootstrap/templates/RecordDriver/SolrDefault/toolbar.phtml
+++ b/themes/bootstrap/templates/RecordDriver/SolrDefault/toolbar.phtml
@@ -24,7 +24,7 @@
<a class="export-toggle dropdown-toggle" data-toggle="dropdown" href="<?=$this->recordLink()->getActionUrl($this->driver, 'Export')?>"><i class="icon-list-alt"></i> <?=$this->transEsc('Export Record') ?></a>
<ul class="dropdown-menu" role="menu">
<? foreach ($exportFormats as $exportFormat): ?>
- <li><a <? if ($this->export()->needsRedirect($exportFormat)): ?>target="<?=$this->escapeHtml($exportFormat)?>Main" <? endif; ?>href="<?=$this->recordLink()->getActionUrl($this->driver, 'Export')?>?style=<?=$this->escapeHtml($exportFormat)?>"><?=$this->transEsc('Export to')?> <?=$this->transEsc($exportFormat)?></a></li>
+ <li><a <? if ($this->export()->needsRedirect($exportFormat)): ?>target="<?=$this->escapeHtmlAttr($exportFormat)?>Main" <? endif; ?>href="<?=$this->recordLink()->getActionUrl($this->driver, 'Export')?>?style=<?=$this->escapeHtmlAttr($exportFormat)?>"><?=$this->transEsc('Export to')?> <?=$this->transEsc($exportFormat)?></a></li>
<? endforeach; ?>
</ul>
</li>
@@ -38,12 +38,12 @@
<? endif; ?>
<? if ($cart->isActive()): ?>
<li id="bookbag-menu">
- <input id="cartId" type="hidden" name="ids[]" value="<?=$this->escapeHtml($cartId)?>" />
+ <input id="cartId" type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($cartId)?>" />
<a id="cart-add" class="<? if(!$cart->contains($cartId)): ?>correct <? endif ?>hidden" href="#"><i class="icon-plus-sign"></i> <?=$this->transEsc('Add to Book Bag') ?></a>
<a id="cart-remove" class="<? if($cart->contains($cartId)): ?>correct <? endif ?>hidden" href="#"><i class="icon-minus-sign"></i> <?=$this->transEsc('Remove from Book Bag') ?></a>
<noscript>
<form method="post" name="addForm" action="<?=$this->url('cart-home')?>">
- <input type="hidden" name="ids[]" value="<?=$this->escapeHtml($cartId)?>" />
+ <input type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($cartId)?>" />
<? if ($cart->contains($cartId)): ?>
<input class="btn" type="submit" name="delete" value="<?=$this->transEsc('Remove from Book Bag')?>"/>
<? else: ?>
diff --git a/themes/bootstrap/templates/RecordDriver/SolrWeb/result-list.phtml b/themes/bootstrap/templates/RecordDriver/SolrWeb/result-list.phtml
index 41fea604a1a3af672dd15b2e4229feeb658fedc4..132e6565d3fde829d9a50b1197fd74a109ffb35c 100644
--- a/themes/bootstrap/templates/RecordDriver/SolrWeb/result-list.phtml
+++ b/themes/bootstrap/templates/RecordDriver/SolrWeb/result-list.phtml
@@ -3,7 +3,7 @@
?>
<div class="listentry span11 clearfix">
<div class="resultItemLine1">
- <a href="<?=$this->escapeHtml($url)?>" class="title"><?
+ <a href="<?=$this->escapeHtmlAttr($url)?>" class="title"><?
$summHighlightedTitle = $this->driver->getHighlightedTitle();
$summTitle = $this->driver->getTitle();
if (!empty($summHighlightedTitle)) {
diff --git a/themes/bootstrap/templates/RecordTab/hierarchytree.phtml b/themes/bootstrap/templates/RecordTab/hierarchytree.phtml
index 46b826d682162349b4ff1e8dc220f6af1118f7b2..d677bf40ded64cca607f2ebcc8a85170ced729bc 100644
--- a/themes/bootstrap/templates/RecordTab/hierarchytree.phtml
+++ b/themes/bootstrap/templates/RecordTab/hierarchytree.phtml
@@ -47,8 +47,8 @@
<div id="treeSearchLimitReached" class="alert alert-error hide"><?=$this->transEsc('tree_search_limit_reached_html', array('%%url%%' => $this->url('search-results'), '%%limit%%' => $this->tab->getSearchLimit()))?></div>
<? endif; ?>
<div id="hierarchyTree" class="pad">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" class="hiddenRecordId" />
- <input type="hidden" value="<?=$this->escapeHtml($activeTree)?>" class="hiddenHierarchyId" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" class="hiddenRecordId" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($activeTree)?>" class="hiddenHierarchyId" />
<input type="hidden" value="<?=isset($this->treeContext) ? $this->treeContext : 'Record'?>" class="hiddenContext" />
<? if ($this->layout()->getTemplate() != 'layout/lightbox'): ?>
<noscript>
diff --git a/themes/bootstrap/templates/RecordTab/holdingsils.phtml b/themes/bootstrap/templates/RecordTab/holdingsils.phtml
index bf904736200f4e5ae94fbf20b160b210f4c56fd6..d9297d7010dfe4ef6fc784355a9a22de870d578b 100644
--- a/themes/bootstrap/templates/RecordTab/holdingsils.phtml
+++ b/themes/bootstrap/templates/RecordTab/holdingsils.phtml
@@ -16,7 +16,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_holdings_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? endif; ?>
@@ -40,7 +40,7 @@
<h3><?=$this->transEsc("Internet")?></h3>
<? if (!empty($urls)): ?>
<? foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
<? endforeach; ?>
<? endif; ?>
<? if ($openUrl): ?><?=$this->openUrl($openUrl);?><? endif; ?>
@@ -115,13 +115,13 @@
<? endif; ?>
<? /* Embed item structured data: library, barcode, call number */ ?>
<? if ($row['location']): ?>
- <meta property="seller" content="<?=$this->escapeHtml($row['location'])?>" />
+ <meta property="seller" content="<?=$this->escapeHtmlAttr($row['location'])?>" />
<? endif; ?>
<? if ($row['barcode']): ?>
- <meta property="serialNumber" content="<?=$this->escapeHtml($row['barcode'])?>" />
+ <meta property="serialNumber" content="<?=$this->escapeHtmlAttr($row['barcode'])?>" />
<? endif; ?>
<? if ($row['callnumber']): ?>
- <meta property="sku" content="<?=$this->escapeHtml($row['callnumber'])?>" />
+ <meta property="sku" content="<?=$this->escapeHtmlAttr($row['callnumber'])?>" />
<? endif; ?>
<? /* Declare that the item is to be borrowed, not for sale */ ?>
<link property="businessFunction" href="http://purl.org/goodrelations/v1#LeaseOut" />
diff --git a/themes/bootstrap/templates/RecordTab/holdingsworldcat.phtml b/themes/bootstrap/templates/RecordTab/holdingsworldcat.phtml
index 2e8d3104c3539df3aeb7343632184b29737dda58..baf7d8bebc7bc07b0ea38aca06a802bbd8dc5542 100644
--- a/themes/bootstrap/templates/RecordTab/holdingsworldcat.phtml
+++ b/themes/bootstrap/templates/RecordTab/holdingsworldcat.phtml
@@ -5,7 +5,7 @@
<tr>
<th colspan="2">
<? if (isset($holding->electronicAddress->text) && !empty($holding->electronicAddress->text)): ?>
- <a href="<?=$this->escapeHtml($holding->electronicAddress->text)?>"><?=$this->escapeHtml($holding->physicalLocation)?></a>
+ <a href="<?=$this->escapeHtmlAttr($holding->electronicAddress->text)?>"><?=$this->escapeHtml($holding->physicalLocation)?></a>
<? else: ?>
<?=$this->escapeHtml($holding->physicalLocation)?>
<? endif; ?>
diff --git a/themes/bootstrap/templates/RecordTab/reviews.phtml b/themes/bootstrap/templates/RecordTab/reviews.phtml
index 876bcfa52dbb338d47342311dff3fe46080233d6..6ed98cb845e8216eac0c67b55d2dcfc2a26a7878 100644
--- a/themes/bootstrap/templates/RecordTab/reviews.phtml
+++ b/themes/bootstrap/templates/RecordTab/reviews.phtml
@@ -26,7 +26,7 @@
<p class="summary">
<?=isset($review['Content']) ? $review['Content'] : ''?>
<? if ((!isset($review['Content']) || empty($review['Content'])) && isset($review['ReviewURL'])): ?>
- <a target="new" href="<?=$this->escapeHtml($review['ReviewURL'])?>"><?=$this->transEsc('Read the full review online...')?></a>
+ <a target="new" href="<?=$this->escapeHtmlAttr($review['ReviewURL'])?>"><?=$this->transEsc('Read the full review online...')?></a>
<? endif; ?>
</p>
<?=isset($review['Copyright']) ? $review['Copyright'] : ''?>
diff --git a/themes/bootstrap/templates/RecordTab/usercomments.phtml b/themes/bootstrap/templates/RecordTab/usercomments.phtml
index b9e08678cc4632a56a05a03dd43a7a41e1f927f7..e4640114ee5c87d39a5327aa8718fed9785ded1e 100644
--- a/themes/bootstrap/templates/RecordTab/usercomments.phtml
+++ b/themes/bootstrap/templates/RecordTab/usercomments.phtml
@@ -17,6 +17,6 @@
<input class="btn" data-loading-text="Submitting..." type="submit" value="<?=$this->transEsc("Add your comment")?>"/>
</div>
</div>
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>"/>
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>"/>
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>"/>
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>"/>
</form>
diff --git a/themes/bootstrap/templates/admin/tags/checkbox.phtml b/themes/bootstrap/templates/admin/tags/checkbox.phtml
index bde8b4f84c119a44a72fd279095ff373b5aa9b64..4bd0d83f62732294b9b303e0ee7bece409aedc67 100644
--- a/themes/bootstrap/templates/admin/tags/checkbox.phtml
+++ b/themes/bootstrap/templates/admin/tags/checkbox.phtml
@@ -1,4 +1,4 @@
<label for="<?=$this->prefix?>checkbox_<?=$this->tag['id']?>" class="checkbox">
- <input id="<?=$this->prefix?>checkbox_<?=$this->tag['id']?>" type="checkbox" name="ids[]" value="<?=$this->escapeHtml($this->tag['id'])?>" class="checkbox_ui"/>
- <input type="hidden" name="idsAll[]" value="<?=$this->escapeHtml($this->tag['id'])?>" />
+ <input id="<?=$this->prefix?>checkbox_<?=$this->tag['id']?>" type="checkbox" name="ids[]" value="<?=$this->escapeHtmlAttr($this->tag['id'])?>" class="checkbox_ui"/>
+ <input type="hidden" name="idsAll[]" value="<?=$this->escapeHtmlAttr($this->tag['id'])?>" />
</label>
\ No newline at end of file
diff --git a/themes/bootstrap/templates/ajax/export-favorites.phtml b/themes/bootstrap/templates/ajax/export-favorites.phtml
index 0c43e66043607eb49398a5fdfbc6542eba7f25b8..6ebf7207568dd71b2e7bd7ee3ce459d7c39e184f 100644
--- a/themes/bootstrap/templates/ajax/export-favorites.phtml
+++ b/themes/bootstrap/templates/ajax/export-favorites.phtml
@@ -1,7 +1,7 @@
<div class="alert alert-info">
<div class="text-center">
<?=$this->transEsc('export_success'); ?> —
- <a class="btn btn-primary" href="<?=$this->escapeHtml($this->url)?>"<?=$this->export()->needsRedirect($this->format) ? ' target="_blank"' : ''?>><?=
+ <a class="btn btn-primary" href="<?=$this->escapeHtmlAttr($this->url)?>"<?=$this->export()->needsRedirect($this->format) ? ' target="_blank"' : ''?>><?=
$this->export()->needsRedirect($this->format)
? $this->transEsc('export_redirect', array('%%service%%' => $this->translate($this->format)))
: $this->transEsc('export_download')
diff --git a/themes/bootstrap/templates/ajax/resolverLinks.phtml b/themes/bootstrap/templates/ajax/resolverLinks.phtml
index 3f0f3f9622b9c28be84d97ebff45d00f3bf90b59..45e4b8176aea91a331201d513cbebfda8040f92d 100644
--- a/themes/bootstrap/templates/ajax/resolverLinks.phtml
+++ b/themes/bootstrap/templates/ajax/resolverLinks.phtml
@@ -6,7 +6,7 @@
<? foreach ($this->electronic as $link): ?>
<li>
<? if (isset($link['href']) && !empty($link['href'])): ?>
- <a href="<?=$this->escapeHtml($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtml($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
+ <a href="<?=$this->escapeHtmlAttr($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtmlAttr($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
<? else: ?>
<?=isset($link['title'])?$this->escapeHtml($link['title']):''?> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
<? endif; ?>
@@ -22,7 +22,7 @@
<? foreach ($this->print as $link): ?>
<li>
<? if (isset($link['href']) && !empty($link['href'])): ?>
- <a href="<?=$this->escapeHtml($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtml($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
+ <a href="<?=$this->escapeHtmlAttr($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtmlAttr($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
<? else: ?>
<?=isset($link['title'])?$this->escapeHtml($link['title']):''?> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
<? endif; ?>
@@ -32,13 +32,13 @@
</div>
<? endif; ?>
<div class="openurls">
- <strong><a href="<?=$this->escapeHtml($this->openUrlBase)?>?<?=$this->escapeHtml($this->openUrl)?>"><?=$this->transEsc('More options')?></a></strong>
+ <strong><a href="<?=$this->escapeHtmlAttr($this->openUrlBase)?>?<?=$this->escapeHtmlAttr($this->openUrl)?>"><?=$this->transEsc('More options')?></a></strong>
<? if (!empty($this->services)): ?>
<ul>
<? foreach ($this->services as $link): ?>
<? if (isset($link['href']) && !empty($link['href'])): ?>
<li>
- <a href="<?=$this->escapeHtml($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtml($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a>
+ <a href="<?=$this->escapeHtmlAttr($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtmlAttr($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a>
</li>
<? endif; ?>
<? endforeach; ?>
diff --git a/themes/bootstrap/templates/ajax/resultgooglemapinfo.phtml b/themes/bootstrap/templates/ajax/resultgooglemapinfo.phtml
index 5d4a27fbc4c9614ae68ad28c06aaf68937321d7b..d0dd116f96fcea5bd1b070090d4531e4fe335ceb 100644
--- a/themes/bootstrap/templates/ajax/resultgooglemapinfo.phtml
+++ b/themes/bootstrap/templates/ajax/resultgooglemapinfo.phtml
@@ -6,7 +6,7 @@
<? $i++; ?>
<div class="mapInfoResult <? if ($i % 2 == 0): ?>alt <? endif; ?>record<?=$i ?>">
<div class="mapInfoResultThumb">
- <? if ($thumb = $this->record($record)->getThumbnail()): ?><img class="mapInfoResultThumbImg" src="<?=$this->escapeHtml($thumb) ?>"/><? endif; ?>
+ <? if ($thumb = $this->record($record)->getThumbnail()): ?><img class="mapInfoResultThumbImg" src="<?=$this->escapeHtmlAttr($thumb) ?>"/><? endif; ?>
</div>
• <a href="<?=$this->recordLink()->getUrl($record)?>"><?=$record->getTitle() ?></a>
diff --git a/themes/bootstrap/templates/alphabrowse/home.phtml b/themes/bootstrap/templates/alphabrowse/home.phtml
index 3617a8da1dc33880ebae63a789987fe399aa5e71..8d35c87f5ef57174e5b71315c04f8a3e175398e3 100644
--- a/themes/bootstrap/templates/alphabrowse/home.phtml
+++ b/themes/bootstrap/templates/alphabrowse/home.phtml
@@ -8,13 +8,13 @@
<? ob_start(); ?>
<ul class="pager">
<? if (isset($this->prevpage)): ?>
- <li><a href="<?=$this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->prevpage))))?>">« <?=$this->transEsc('Prev')?></a></li>
+ <li><a href="<?=$this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->prevpage))))?>">« <?=$this->transEsc('Prev')?></a></li>
<? else: ?>
<li class="disabled"><a href="#">« <?=$this->transEsc('Prev')?></a></li>
<? endif; ?>
<? if (isset($this->nextpage)): ?>
- <li><a href="<?=$this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->nextpage))))?>"><?=$this->transEsc('Next')?> »</a></li>
+ <li><a href="<?=$this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->nextpage))))?>"><?=$this->transEsc('Next')?> »</a></li>
<? else: ?>
<li class="disabled"><a href="#"><?=$this->transEsc('Next')?> »</a></li>
<? endif; ?>
@@ -28,11 +28,11 @@
<label for="alphaBrowseForm_source"><?=$this->transEsc('Browse Alphabetically') ?></label>
<select id="alphaBrowseForm_source" name="source">
<? foreach ($this->alphaBrowseTypes as $key => $item): ?>
- <option value="<?=$this->escapeHtml($key) ?>"<? if ($this->source == $key): ?> selected="selected"<? endif; ?>><?=$this->transEsc($item) ?></option>
+ <option value="<?=$this->escapeHtmlAttr($key) ?>"<? if ($this->source == $key): ?> selected="selected"<? endif; ?>><?=$this->transEsc($item) ?></option>
<? endforeach; ?>
</select>
<label for="alphaBrowseForm_from"><?=$this->transEsc('starting from') ?></label>
- <input type="text" name="from" id="alphaBrowseForm_from" value="<?=$this->escapeHtml($this->from) ?>"/>
+ <input type="text" name="from" id="alphaBrowseForm_from" value="<?=$this->escapeHtmlAttr($this->from) ?>"/>
<input class="btn" type="submit" value="<?=$this->transEsc('Browse') ?>"/>
</form>
</div>
@@ -53,7 +53,7 @@
<? else: ?>
<? $query = array('type' => ucwords($this->source) . 'Browse', 'lookfor' => '"' . addcslashes($item['heading'], '"') . '"'); ?>
<? endif; ?>
- <a class="span6" href="<?=$this->escapeHtml($this->url('search-results', array(), array('query' => $query)))?>"><?=$this->escapeHtml($item['heading'])?></a>
+ <a class="span6" href="<?=$this->escapeHtmlAttr($this->url('search-results', array(), array('query' => $query)))?>"><?=$this->escapeHtml($item['heading'])?></a>
<? else: ?>
<span class="span6"><?=$this->escapeHtml($item['heading'])?></span>
<? endif; ?>
@@ -78,7 +78,7 @@
<?=$this->transEsc('Use instead') ?>:
<ul>
<? foreach ($item['useInstead'] as $heading): ?>
- <li><a href="<?=$this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => array('from' => $heading) + $baseQuery)))?>"><?=$this->escapeHtml($heading)?></a></li>
+ <li><a href="<?=$this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => array('from' => $heading) + $baseQuery)))?>"><?=$this->escapeHtml($heading)?></a></li>
<? endforeach; ?>
</ul>
</div>
@@ -89,7 +89,7 @@
<?=$this->transEsc('See also') ?>:
<ul>
<? foreach ($item['seeAlso'] as $heading): ?>
- <li><a href="<?=$this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => array('from' => $heading) + $baseQuery)))?>"><?=$this->escapeHtml($heading)?></a></li>
+ <li><a href="<?=$this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => array('from' => $heading) + $baseQuery)))?>"><?=$this->escapeHtml($heading)?></a></li>
<? endforeach; ?>
</ul>
</div>
diff --git a/themes/bootstrap/templates/cart/email.phtml b/themes/bootstrap/templates/cart/email.phtml
index 97ce7bd49378765c24367bbc4258693ba3c4e315..184779bc53f14134e318c6044bef68e61101cff9 100644
--- a/themes/bootstrap/templates/cart/email.phtml
+++ b/themes/bootstrap/templates/cart/email.phtml
@@ -10,7 +10,7 @@
<?=$this->flashmessages()?>
<form class="form-horizontal" action="<?=$this->url('cart-email')?>" method="post" name="bulkEmail">
<? foreach ($this->records as $current): ?>
- <input type="hidden" name="ids[]" value="<?=$this->escapeHtml($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
+ <input type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
<? endforeach; ?>
<div class="control-group">
<label class="control-label"><?=$this->transEsc('Title')?></label>
diff --git a/themes/bootstrap/templates/cart/export-success.phtml b/themes/bootstrap/templates/cart/export-success.phtml
index c9ce38ea271c024b2b77929d3df7cbf39aaef933..913f259893c3540b9e0fb7c7eb65246593c88e47 100644
--- a/themes/bootstrap/templates/cart/export-success.phtml
+++ b/themes/bootstrap/templates/cart/export-success.phtml
@@ -1,4 +1,4 @@
<div class="text-center">
<?=$this->transEsc('export_success')?> —
- <a class="btn btn-primary" href="<?=$this->escapeHtml($this->url)?>"><?=$this->transEsc('export_download')?></a>
+ <a class="btn btn-primary" href="<?=$this->escapeHtmlAttr($this->url)?>"><?=$this->transEsc('export_download')?></a>
</div>
diff --git a/themes/bootstrap/templates/cart/export.phtml b/themes/bootstrap/templates/cart/export.phtml
index 73500ecceae55ecabcd094d6a0752f0a9864ff6b..6171f8fca65361f22d5cd2b6861d33e639b49497 100644
--- a/themes/bootstrap/templates/cart/export.phtml
+++ b/themes/bootstrap/templates/cart/export.phtml
@@ -14,7 +14,7 @@
<? if (!empty($this->exportOptions)): ?>
<form class="form-inline" method="post" action="<?=$this->url('cart-export')?>" name="exportForm" title="<?=$this->transEsc('Export Items')?>">
<? foreach ($this->records as $current): ?>
- <input type="hidden" name="ids[]" value="<?=$this->escapeHtml($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
+ <input type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
<? endforeach; ?>
<div class="control-group">
<label class="control-label"><?=$this->transEsc('Title')?></label>
@@ -40,7 +40,7 @@
<div class="controls">
<select name="format" id="format">
<? foreach ($this->exportOptions as $exportOption): ?>
- <option value="<?=$this->escapeHtml($exportOption)?>"><?=$this->transEsc($exportOption)?></option>
+ <option value="<?=$this->escapeHtmlAttr($exportOption)?>"><?=$this->transEsc($exportOption)?></option>
<? endforeach; ?>
</select>
</div>
diff --git a/themes/bootstrap/templates/cart/save.phtml b/themes/bootstrap/templates/cart/save.phtml
index 99184f2358b8daf5c5df4ca57aed085c597af69a..7a8585e5101836b4ba8732dac5ead61f75c59042 100644
--- a/themes/bootstrap/templates/cart/save.phtml
+++ b/themes/bootstrap/templates/cart/save.phtml
@@ -14,7 +14,7 @@
<? $idParams = array(); ?>
<? foreach ($this->records as $current): ?>
<? $idParams[] = urlencode('ids[]') . '=' . urlencode($current->getResourceSource() . '|' . $current->getUniqueId()) ?>
- <input type="hidden" name="ids[]" value="<?=$this->escapeHtml($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
+ <input type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
<? endforeach; ?>
<div class="control-group">
<label class="control-label"><?=$this->transEsc('Title')?></label>
diff --git a/themes/bootstrap/templates/collection/view.phtml b/themes/bootstrap/templates/collection/view.phtml
index b7b0595e8aa4984fa30fbcc13548239ff4889998..18664074a29f669f6079b6dc56fbbabc9570fd85 100644
--- a/themes/bootstrap/templates/collection/view.phtml
+++ b/themes/bootstrap/templates/collection/view.phtml
@@ -41,8 +41,8 @@
<div class="<?=$this->layoutClass('mainbody') ?>">
<div class="record">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" class="hiddenId" id="record_id" />
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" class="hiddenSource" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" class="hiddenId" id="record_id" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" class="hiddenSource" />
<?=$this->flashmessages()?>
<?=$this->record($this->driver)->getCollectionMetadata()?>
</div>
@@ -71,7 +71,7 @@
<?=isset($activeTabObj) ? $this->record($this->driver)->getTab($activeTabObj) : '' ?>
</div>
- <span class="Z3988" title="<?=$this->escapeHtml($this->driver->getOpenURL())?>"></span>
+ <span class="Z3988" title="<?=$this->escapeHtmlAttr($this->driver->getOpenURL())?>"></span>
</div>
<? if (isset($activeTabObj) && is_callable(array($activeTabObj, 'getSideRecommendations'))): ?>
diff --git a/themes/bootstrap/templates/collections/home.phtml b/themes/bootstrap/templates/collections/home.phtml
index cf6f7226ee556a812cec8b47c57082c42df859e4..e1502d5cb0155b8e1ae948c81ef394f1424a290b 100644
--- a/themes/bootstrap/templates/collections/home.phtml
+++ b/themes/bootstrap/templates/collections/home.phtml
@@ -15,17 +15,17 @@
<form class="form-inline" method="GET" action="<?=$this->url('collections-home')?>">
<ul class="pager">
<? if (isset($prevpage)): ?>
- <li><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($from)?>&page=<?=urlencode($prevpage)?><?=$this->escapeHtml($filterString)?>">« <?=$this->transEsc('Prev')?></a></li>
+ <li><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($from)?>&page=<?=urlencode($prevpage)?><?=$this->escapeHtmlAttr($filterString)?>">« <?=$this->transEsc('Prev')?></a></li>
<? else: ?>
<li class="disabled"><a href="#">« <?=$this->transEsc('Prev')?></a></li>
<? endif; ?>
<? if (isset($nextpage)): ?>
- <li><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($from)?>&page=<?=urlencode($nextpage)?><?=$this->escapeHtml($filterString)?>"><?=$this->transEsc('Next')?> »</a></li>
+ <li><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($from)?>&page=<?=urlencode($nextpage)?><?=$this->escapeHtmlAttr($filterString)?>"><?=$this->transEsc('Next')?> »</a></li>
<? else: ?>
<li class="disabled"><a href="#"><?=$this->transEsc('Next')?> »</a></li>
<? endif; ?>
<input type="submit" class="btn" value="<?=$this->transEsc('Jump to')?>" />
- <input type="text" name="from" value="<?=$this->escapeHtml($from)?>" />
+ <input type="text" name="from" value="<?=$this->escapeHtmlAttr($from)?>" />
</ul>
</form>
<? $pageLinks = ob_get_contents(); ?>
@@ -46,8 +46,8 @@
}
}
?>
- <a href="<?=$this->escapeHtml($removalUrl)?>"><img src="<?=$this->imageLink('silk/delete.png')?>" alt="Delete"/></a>
- <a href="<?=$this->escapeHtml($removalUrl)?>"><?=$this->escapeHtml($filter['displayText'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($removalUrl)?>"><img src="<?=$this->imageLink('silk/delete.png')?>" alt="Delete"/></a>
+ <a href="<?=$this->escapeHtmlAttr($removalUrl)?>"><?=$this->escapeHtml($filter['displayText'])?></a>
</li>
<? endforeach; ?>
</ul>
@@ -56,7 +56,7 @@
<div class="pagination pagination-centered pagination-small">
<ul>
<? foreach ($letters as $letter): ?>
- <li<? if($letter === $from): ?> class="active"<?endif?>><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($letter)?><?=$this->escapeHtml($filterString)?>"><?=$this->escapeHtml($letter)?></a></li>
+ <li<? if($letter === $from): ?> class="active"<?endif?>><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($letter)?><?=$this->escapeHtmlAttr($filterString)?>"><?=$this->escapeHtml($letter)?></a></li>
<? endforeach; ?>
</ul>
</div>
diff --git a/themes/bootstrap/templates/confirm/confirm.phtml b/themes/bootstrap/templates/confirm/confirm.phtml
index 7a75187831b97304a637a71c5c6010d871fed244..899031ee3d6fde8047792530dc32b9a56bc87687 100644
--- a/themes/bootstrap/templates/confirm/confirm.phtml
+++ b/themes/bootstrap/templates/confirm/confirm.phtml
@@ -5,21 +5,21 @@
<?=$this->flashmessages();?>
<div id="popupDetails" class="confirmDialog">
- <form class="pull-left pad" action="<?=$this->escapeHtml($this->confirm)?>" method="post">
+ <form class="pull-left pad" action="<?=$this->escapeHtmlAttr($this->confirm)?>" method="post">
<? if (isset($this->extras)): ?>
<? foreach ($this->extras as $extra=>$value): ?>
<? if (is_array($value)): ?>
<? foreach ($value as $current): ?>
- <input type="hidden" name="<?=$this->escapeHtml($extra) ?>[]" value="<?=$this->escapeHtml($current) ?>" />
+ <input type="hidden" name="<?=$this->escapeHtmlAttr($extra) ?>[]" value="<?=$this->escapeHtmlAttr($current) ?>" />
<? endforeach; ?>
<? else: ?>
- <input type="hidden" name="<?=$this->escapeHtml($extra) ?>" value="<?=$this->escapeHtml($value) ?>" />
+ <input type="hidden" name="<?=$this->escapeHtmlAttr($extra) ?>" value="<?=$this->escapeHtmlAttr($value) ?>" />
<? endif; ?>
<? endforeach; ?>
<? endif;?>
<input class="btn btn-primary" type="submit" name="confirm" value="<?=$this->transEsc('confirm_dialog_yes') ?>" />
</form>
- <form class="pad" action="<?=$this->escapeHtml($this->cancel) ?>" method="post">
+ <form class="pad" action="<?=$this->escapeHtmlAttr($this->cancel) ?>" method="post">
<input class="btn" type="submit" name="cancel" value="<?=$this->transEsc('confirm_dialog_no') ?>" />
</form>
<div class="clearer"></div>
diff --git a/themes/bootstrap/templates/error/index.phtml b/themes/bootstrap/templates/error/index.phtml
index 983b9e8b3b4259408882f49a3b273a8720ec651e..b919f4ee1b244cbfbf594fc45b88a73f6d1296b7 100644
--- a/themes/bootstrap/templates/error/index.phtml
+++ b/themes/bootstrap/templates/error/index.phtml
@@ -10,7 +10,7 @@
<p>
<?=$this->transEsc('Please contact the Library Reference Department for assistance')?>
<br/>
- <? $supportEmail = $this->escapeHtml($this->systememail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systememail()); ?>
<a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a>
</p>
</div>
diff --git a/themes/bootstrap/templates/error/unavailable.phtml b/themes/bootstrap/templates/error/unavailable.phtml
index d3b7f8291ea1cbe4dc6a6778c70bc806a0b4d005..c5599fd828f9dbe55270ec5adb36fefb5e60fcc1 100644
--- a/themes/bootstrap/templates/error/unavailable.phtml
+++ b/themes/bootstrap/templates/error/unavailable.phtml
@@ -16,7 +16,7 @@
<p>
<?=$this->transEsc('Please contact the Library Reference Department for assistance')?>
<br/>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a>
</p>
</div>
diff --git a/themes/bootstrap/templates/footer.phtml b/themes/bootstrap/templates/footer.phtml
index 43814aa689a3ea4c3a68c1414edd311141b5d96a..6f4ab4b6ae6ebedbba1608226c8b5bf54cd866e4 100644
--- a/themes/bootstrap/templates/footer.phtml
+++ b/themes/bootstrap/templates/footer.phtml
@@ -1,6 +1,6 @@
<? if ($mobileViewLink = $this->mobileUrl()): // display 'return to mobile' link when applicable ?>
<hr/>
- <div class="mobileViewLink"><a href="<?=$this->escapeHtml($mobileViewLink)?>"><?=$this->transEsc("mobile_link")?></a></div>
+ <div class="mobileViewLink"><a href="<?=$this->escapeHtmlAttr($mobileViewLink)?>"><?=$this->transEsc("mobile_link")?></a></div>
<? endif; ?>
<hr/>
<div class="span8 row-fluid small">
diff --git a/themes/bootstrap/templates/header.phtml b/themes/bootstrap/templates/header.phtml
index 7fbd146b1b81a9094cc29437c47ef60432f7d402..3131990ddd0374585aab1f4ea088da321faa8284 100644
--- a/themes/bootstrap/templates/header.phtml
+++ b/themes/bootstrap/templates/header.phtml
@@ -38,7 +38,7 @@
<div class="controls">
<select onChange="document.themeForm.submit()" id="themeForm_ui" name="ui">
<? foreach ($this->layout()->themeOptions as $current): ?>
- <option value="<?=$this->escapeHtml($current['name'])?>"<?=$current['selected'] ? ' selected="selected"' : ''?>><?=$this->transEsc($current['desc'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($current['name'])?>"<?=$current['selected'] ? ' selected="selected"' : ''?>><?=$this->transEsc($current['desc'])?></option>
<? endforeach; ?>
</select>
<noscript><input type="submit" value="<?=$this->transEsc("Set")?>" /></noscript>
diff --git a/themes/bootstrap/templates/install/fixdatabase.phtml b/themes/bootstrap/templates/install/fixdatabase.phtml
index b0bbeca1e30c60cfc5d4e915bdfd3554d4ccc77c..17a40bde9e0d4cadd1fafcd925a332ed191b6dce 100644
--- a/themes/bootstrap/templates/install/fixdatabase.phtml
+++ b/themes/bootstrap/templates/install/fixdatabase.phtml
@@ -23,13 +23,13 @@
<div class="control-group">
<label class="control-label" for="dbname">New database name:</label>
<div class="controls">
- <input type="text" name="dbname" value="<?=$this->escapeHtml($this->dbname)?>"/>
+ <input type="text" name="dbname" value="<?=$this->escapeHtmlAttr($this->dbname)?>"/>
</div>
</div>
<div class="control-group">
<label class="control-label" for="dbuser">New database user:</label>
<div class="controls">
- <input type="text" name="dbuser" value="<?=$this->escapeHtml($this->dbuser)?>"/>
+ <input type="text" name="dbuser" value="<?=$this->escapeHtmlAttr($this->dbuser)?>"/>
</div>
</div>
<div class="control-group">
@@ -47,13 +47,13 @@
<div class="control-group">
<label class="control-label" for="dbhost">SQL Host:</label>
<div class="controls">
- <input type="text" name="dbhost" value="<?=$this->escapeHtml($this->dbhost)?>"/>
+ <input type="text" name="dbhost" value="<?=$this->escapeHtmlAttr($this->dbhost)?>"/>
</div>
</div>
<div class="control-group">
<label class="control-label" for="dbrootuser">SQL Root User:</label>
<div class="controls">
- <input type="text" name="dbrootuser" value="<?=$this->escapeHtml($this->dbrootuser)?>"/>
+ <input type="text" name="dbrootuser" value="<?=$this->escapeHtmlAttr($this->dbrootuser)?>"/>
</div>
</div>
<div class="control-group">
diff --git a/themes/bootstrap/templates/install/fixils.phtml b/themes/bootstrap/templates/install/fixils.phtml
index c8a5f49875579f5d6279278158b2fd01e024010b..b6e660ecdf239a6485a1e33db86a8d15aaa6b932 100644
--- a/themes/bootstrap/templates/install/fixils.phtml
+++ b/themes/bootstrap/templates/install/fixils.phtml
@@ -17,7 +17,7 @@
<span class="help-inline">Pick a driver: </span>
<select name="driver">
<? foreach ($this->drivers as $driver): ?>
- <option value="<?=$this->escapeHtml($driver)?>"><?=$this->escapeHtml($driver)?></option>
+ <option value="<?=$this->escapeHtmlAttr($driver)?>"><?=$this->escapeHtml($driver)?></option>
<? endforeach; ?>
</select>
<input type="submit" class="btn"/>
diff --git a/themes/bootstrap/templates/install/fixsolr.phtml b/themes/bootstrap/templates/install/fixsolr.phtml
index 77ce73394de91f92c5d2cc17ea2951b185d66a78..dd1a9bf1c473674a0b86a0582b39a049abd4e071 100644
--- a/themes/bootstrap/templates/install/fixsolr.phtml
+++ b/themes/bootstrap/templates/install/fixsolr.phtml
@@ -14,6 +14,6 @@
<ol>
<li>Did you start the Solr server? See <a href="http://vufind.org/wiki/starting_and_stopping_vufind">Starting and Stopping VuFind</a> in the documentation.</li>
- <li>Have you checked the Solr admin panel for errors? You may be able to find it <a href="<?=$this->escapeHtml($this->userUrl)?>">here</a>.</li>
+ <li>Have you checked the Solr admin panel for errors? You may be able to find it <a href="<?=$this->escapeHtmlAttr($this->userUrl)?>">here</a>.</li>
<li>Are you using non-default Solr settings? If your Solr URL is not <strong><?=$this->escapeHtml($this->rawUrl)?></strong> or your core name is not <strong><?=$this->escapeHtml($this->core)?></strong>, you will need to customize the [Index] section of <?=$this->escapeHtml($this->configFile)?>.</li>
</ol>
\ No newline at end of file
diff --git a/themes/bootstrap/templates/myresearch/bulk-action-buttons.phtml b/themes/bootstrap/templates/myresearch/bulk-action-buttons.phtml
index 1f6e0aa8a8a52bc626fe3e5aa438dd1e2abedd5b..7ad47fcc5a27e1ffe90d87f3a80d42c0a48b95b8 100644
--- a/themes/bootstrap/templates/myresearch/bulk-action-buttons.phtml
+++ b/themes/bootstrap/templates/myresearch/bulk-action-buttons.phtml
@@ -1,6 +1,6 @@
<? if (isset($list)): ?>
- <input type="hidden" name="listID" value="<?=$this->escapeHtml($list->id)?>" />
- <input type="hidden" name="listName" value="<?=$this->escapeHtml($list->title)?>" />
+ <input type="hidden" name="listID" value="<?=$this->escapeHtmlAttr($list->id)?>" />
+ <input type="hidden" name="listName" value="<?=$this->escapeHtmlAttr($list->title)?>" />
<? endif; ?>
<? $user = $this->auth()->isLoggedIn(); ?>
<label class="checkbox">
@@ -10,7 +10,7 @@
<span class="help-inline"><?=$this->transEsc('with_selected')?>: </span>
<input class="btn" type="submit" name="email" value="<?=$this->transEsc('Email')?>" title="<?=$this->transEsc('email_selected')?>"/>
<? if ((!is_null($this->list) && $this->list->editAllowed($user)) || is_null($this->list) && $user): ?>
- <input class="btn" id="<?=$this->idPrefix?>delete_list_items_<?=!is_null($this->list) ? $this->escapeHtml($this->list->id) : ''?>" type="submit" name="delete" value="<?=$this->transEsc('Delete')?>" title="<?=$this->transEsc('delete_selected')?>"/>
+ <input class="btn" id="<?=$this->idPrefix?>delete_list_items_<?=!is_null($this->list) ? $this->escapeHtmlAttr($this->list->id) : ''?>" type="submit" name="delete" value="<?=$this->transEsc('Delete')?>" title="<?=$this->transEsc('delete_selected')?>"/>
<? endif; ?>
<? $exportOptions = $this->export()->getBulkOptions(); if (count($exportOptions) > 0): ?>
<input class="btn" type="submit" name="export" value="<?=$this->transEsc('Export')?>" title="<?=$this->transEsc('export_selected')?>"/>
diff --git a/themes/bootstrap/templates/myresearch/cataloglogin.phtml b/themes/bootstrap/templates/myresearch/cataloglogin.phtml
index a769618353769c25e125d0ee62b89aab98afa443..7fd08204c622a8e63471c7fd04a90134b5814daa 100644
--- a/themes/bootstrap/templates/myresearch/cataloglogin.phtml
+++ b/themes/bootstrap/templates/myresearch/cataloglogin.phtml
@@ -14,7 +14,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_login_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? else: ?>
diff --git a/themes/bootstrap/templates/myresearch/checkedout.phtml b/themes/bootstrap/templates/myresearch/checkedout.phtml
index ad869556e5b6a5a9aa2bd2f3a94ddc86a612714c..a2a13c41ee6d11a861c837fc0a0eaa606b30b693 100644
--- a/themes/bootstrap/templates/myresearch/checkedout.phtml
+++ b/themes/bootstrap/templates/myresearch/checkedout.phtml
@@ -23,17 +23,17 @@
<? $i = 0; foreach ($this->transactions as $resource): ?>
<hr/>
<? $ilsDetails = $resource->getExtraDetail('ils_details'); ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId())?>" class="row-fluid">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId())?>" class="row-fluid">
<? if ($this->renewForm): ?>
<? if (isset($ilsDetails['renewable']) && $ilsDetails['renewable'] && isset($ilsDetails['renew_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $ilsDetails['renew_details']); ?>
- <input class="pull-left" type="checkbox" name="renewSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['renew_details'])?>" id="checkbox_<?=$safeId?>" />
- <input class="pull-left" type="hidden" name="renewAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['renew_details'])?>" />
+ <input class="pull-left" type="checkbox" name="renewSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['renew_details'])?>" id="checkbox_<?=$safeId?>" />
+ <input class="pull-left" type="hidden" name="renewAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['renew_details'])?>" />
<? endif; ?>
<? endif; ?>
<div class="span2 text-center">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -112,7 +112,7 @@
<div class="alert alert-info"><?=$this->transEsc($ilsDetails['message'])?></div>
<? endif; ?>
<? if (isset($ilsDetails['renewable']) && $ilsDetails['renewable'] && isset($ilsDetails['renew_link'])): ?>
- <a href="<?=$this->escapeHtml($ilsDetails['renew_link'])?>"><?=$this->transEsc('renew_item')?></a>
+ <a href="<?=$this->escapeHtmlAttr($ilsDetails['renew_link'])?>"><?=$this->transEsc('renew_item')?></a>
<? endif; ?>
</div>
</div>
diff --git a/themes/bootstrap/templates/myresearch/delete.phtml b/themes/bootstrap/templates/myresearch/delete.phtml
index 97aa14b1dc29116c365fefda8da93dafb7b3a001..d941570486dd2aba1756e0bc5f5e78dd67c2db40 100644
--- a/themes/bootstrap/templates/myresearch/delete.phtml
+++ b/themes/bootstrap/templates/myresearch/delete.phtml
@@ -15,8 +15,8 @@
<br />
<input class="submit" type="submit" name="submit" value="<?=$this->transEsc('Delete')?>"/>
<? foreach ($this->deleteIDS as $deleteID): ?>
- <input type="hidden" name="ids[]" value="<?=$this->escapeHtml($deleteID)?>" />
+ <input type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($deleteID)?>" />
<? endforeach; ?>
- <input type="hidden" name="listID" value="<?=$this->list?$this->escapeHtml($this->list->id):''?>" />
+ <input type="hidden" name="listID" value="<?=$this->list?$this->escapeHtmlAttr($this->list->id):''?>" />
</div>
</form>
\ No newline at end of file
diff --git a/themes/bootstrap/templates/myresearch/edit.phtml b/themes/bootstrap/templates/myresearch/edit.phtml
index e59b06f43825083a2419c107a222934b80fa7c07..89e6c439db34e0b0d637348865ae815413088d56 100644
--- a/themes/bootstrap/templates/myresearch/edit.phtml
+++ b/themes/bootstrap/templates/myresearch/edit.phtml
@@ -24,13 +24,13 @@
<? else: ?>
<? foreach ($this->savedData as $i=>$current): ?>
<fieldset>
- <legend><a href="<?=$this->url('userList', array('id' => $current['listId'])) ?>?delete=<?=urlencode($this->driver->getUniqueId())?>&source=<?=urlencode($this->driver->getResourceSource())?>" id="<?=$this->escapeHtml($this->driver->getUniqueId())?>delete<?=$current['listId'] ?>" title="<?=$this->transEsc('confirm_delete')?>" class="text-error small"><i class="icon-remove-sign"></i></a> <?=$this->transEsc('List') ?>: <?=$this->escapeHtml($current['listTitle'])?></legend>
+ <legend><a href="<?=$this->url('userList', array('id' => $current['listId'])) ?>?delete=<?=urlencode($this->driver->getUniqueId())?>&source=<?=urlencode($this->driver->getResourceSource())?>" id="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>delete<?=$current['listId'] ?>" title="<?=$this->transEsc('confirm_delete')?>" class="text-error small"><i class="icon-remove-sign"></i></a> <?=$this->transEsc('List') ?>: <?=$this->escapeHtml($current['listTitle'])?></legend>
<input type="hidden" name="lists[]" value="<?=$current['listId'] ?>"/>
<? if ($this->usertags()->getMode() !== 'disabled'): ?>
<div class="control-group">
<label class="control-label" for="edit_tags<?=$current['listId'] ?>"><?=$this->transEsc('Tags') ?>:</label>
<div class="controls">
- <input class="input-xlarge" id="edit_tags<?=$current['listId'] ?>" type="text" name="tags<?=$current['listId'] ?>" value="<?=$this->escapeHtml($current['tags'])?>"/>
+ <input class="input-xlarge" id="edit_tags<?=$current['listId'] ?>" type="text" name="tags<?=$current['listId'] ?>" value="<?=$this->escapeHtmlAttr($current['tags'])?>"/>
<span class="help-block"><?=$this->transEsc("add_tag_note") ?></span>
</div>
</div>
diff --git a/themes/bootstrap/templates/myresearch/export.phtml b/themes/bootstrap/templates/myresearch/export.phtml
index 9e6cf105199ab1cfafbc6e7d5807faaa234887ab..105dd9fed4e1bc7a79347142e141b76fa06fbf65 100644
--- a/themes/bootstrap/templates/myresearch/export.phtml
+++ b/themes/bootstrap/templates/myresearch/export.phtml
@@ -14,22 +14,22 @@
<label for="format"><?=$this->transEsc('Format') ?>:</label>
<select id="format" name="format">
<? foreach ($exportOptions as $exportOption): ?>
- <option value="<?=$this->escapeHtml($exportOption) ?>"><?=$this->transEsc($exportOption) ?></option>
+ <option value="<?=$this->escapeHtmlAttr($exportOption) ?>"><?=$this->transEsc($exportOption) ?></option>
<? endforeach; ?>
</select>
<br />
<input class="button" type="submit" name="submit" value="<?=$this->transEsc('Export') ?>" />
<? foreach ($exportIDS as $exportID): ?>
- <input type="hidden" name="ids[]" value="<?=$this->escapeHtml($exportID) ?>" />
+ <input type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($exportID) ?>" />
<? endforeach; ?>
<? if ($listID): ?>
- <input type="hidden" name="listID" value="<?=$this->escapeHtml($listID) ?>" />
+ <input type="hidden" name="listID" value="<?=$this->escapeHtmlAttr($listID) ?>" />
<? endif; ?>
<? if ($followupModule): ?>
- <input type="hidden" name="followupModule" value="<?=$this->escapeHtml($followupModule) ?>" />
+ <input type="hidden" name="followupModule" value="<?=$this->escapeHtmlAttr($followupModule) ?>" />
<? endif; ?>
<? if ($followupAction): ?>
- <input type="hidden" name="followupAction" value="<?=$this->escapeHtml($followupAction) ?>" />
+ <input type="hidden" name="followupAction" value="<?=$this->escapeHtmlAttr($followupAction) ?>" />
<? endif; ?>
<? endif; ?>
</div>
diff --git a/themes/bootstrap/templates/myresearch/holds.phtml b/themes/bootstrap/templates/myresearch/holds.phtml
index aec1acc47e318e3fc9b0b76a002e6ca9295f82eb..c4d23474eb4ab2163b164f96689617276784b11d 100644
--- a/themes/bootstrap/templates/myresearch/holds.phtml
+++ b/themes/bootstrap/templates/myresearch/holds.phtml
@@ -40,17 +40,17 @@
<hr/>
<? $iteration++; ?>
<? $ilsDetails = $resource->getExtraDetail('ils_details'); ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId()) ?>" class="row-fluid">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId()) ?>" class="row-fluid">
<? if ($this->cancelForm && isset($ilsDetails['cancel_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $resource->getUniqueId()); ?>
- <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" />
+ <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" />
<div class="pull-left">
- <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" id="checkbox_<?=$safeId?>" />
+ <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" id="checkbox_<?=$safeId?>" />
</div>
<? endif; ?>
<div class="span2 text-center">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -136,7 +136,7 @@
<p><strong><?=$this->transEsc("hold_queue_position") ?>:</strong> <?=$this->escapeHtml($ilsDetails['position']) ?></p>
<? endif; ?>
<? if (isset($ilsDetails['cancel_link'])): ?>
- <p><a href="<?=$this->escapeHtml($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("hold_cancel") ?></a></p>
+ <p><a href="<?=$this->escapeHtmlAttr($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("hold_cancel") ?></a></p>
<? endif; ?>
</div>
diff --git a/themes/bootstrap/templates/myresearch/illrequests.phtml b/themes/bootstrap/templates/myresearch/illrequests.phtml
index 45942a27b36d40997579c89d7cf843915da41e25..fd5227afae08f8a51c2f54ce380c951c4379e769 100644
--- a/themes/bootstrap/templates/myresearch/illrequests.phtml
+++ b/themes/bootstrap/templates/myresearch/illrequests.phtml
@@ -40,17 +40,17 @@
<hr/>
<? $iteration++; ?>
<? $ilsDetails = $resource->getExtraDetail('ils_details'); ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId()) ?>" class="row-fluid">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId()) ?>" class="row-fluid">
<? if ($this->cancelForm && isset($ilsDetails['cancel_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $resource->getUniqueId()); ?>
- <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" />
+ <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" />
<div class="pull-left">
- <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" id="checkbox_<?=$safeId?>" />
+ <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" id="checkbox_<?=$safeId?>" />
</div>
<? endif; ?>
<div class="span2 text-center">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -140,7 +140,7 @@
<div class="text-success"><?=$this->transEsc("ill_request_canceled") . (is_string($ilsDetails['canceled']) ? ': ' . $ilsDetails['canceled'] : '') ?></div>
<? endif; ?>
<? if (isset($ilsDetails['cancel_link'])): ?>
- <p><a href="<?=$this->escapeHtml($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("ill_request_cancel") ?></a></p>
+ <p><a href="<?=$this->escapeHtmlAttr($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("ill_request_cancel") ?></a></p>
<? endif; ?>
</div>
diff --git a/themes/bootstrap/templates/myresearch/login.phtml b/themes/bootstrap/templates/myresearch/login.phtml
index 1975088ed5ae8216ff3ebc1ad8a435e851464f63..3af103ced5d8089335ba01432ed93e2c684df351 100644
--- a/themes/bootstrap/templates/myresearch/login.phtml
+++ b/themes/bootstrap/templates/myresearch/login.phtml
@@ -17,7 +17,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_login_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? endif; ?>
diff --git a/themes/bootstrap/templates/myresearch/profile.phtml b/themes/bootstrap/templates/myresearch/profile.phtml
index 96dcb5cb94fe2683cbf7edc92ec45ac424e94845..096127f9a8f9e92dc74b18de04d45654ed676f61 100644
--- a/themes/bootstrap/templates/myresearch/profile.phtml
+++ b/themes/bootstrap/templates/myresearch/profile.phtml
@@ -36,7 +36,7 @@
<form id="profile_form" class="form-inline" action="" method="post">
<select id="home_library" name="home_library">
<? foreach ($this->pickup as $lib): ?>
- <option value="<?=$this->escapeHtml($lib['locationID'])?>"<?=($selected == $lib['locationID'])?' selected="selected"':''?>><?=$this->escapeHtml($lib['locationDisplay'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($lib['locationID'])?>"<?=($selected == $lib['locationID'])?' selected="selected"':''?>><?=$this->escapeHtml($lib['locationDisplay'])?></option>
<? endforeach; ?>
</select>
<input class="btn" type="submit" value="<?=$this->transEsc('Save')?>" />
diff --git a/themes/bootstrap/templates/myresearch/storageretrievalrequests.phtml b/themes/bootstrap/templates/myresearch/storageretrievalrequests.phtml
index 48708c7156b184911f6870f8d7c210deedfdd3c7..5d289cf63b67afa5388d68a4fa81e291c239fa59 100644
--- a/themes/bootstrap/templates/myresearch/storageretrievalrequests.phtml
+++ b/themes/bootstrap/templates/myresearch/storageretrievalrequests.phtml
@@ -40,17 +40,17 @@
<hr/>
<? $iteration++; ?>
<? $ilsDetails = $resource->getExtraDetail('ils_details'); ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId()) ?>" class="row-fluid">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId()) ?>" class="row-fluid">
<? if ($this->cancelForm && isset($ilsDetails['cancel_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $resource->getUniqueId()); ?>
- <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" />
+ <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" />
<div class="pull-left">
- <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" id="checkbox_<?=$safeId?>" />
+ <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" id="checkbox_<?=$safeId?>" />
</div>
<? endif; ?>
<div class="span2 text-center">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -137,7 +137,7 @@
<div class="text-success"><?=$this->transEsc("storage_retrieval_request_canceled") . (is_string($ilsDetails['canceled']) ? ': ' . $ilsDetails['canceled'] : '') ?></div>
<? endif; ?>
<? if (isset($ilsDetails['cancel_link'])): ?>
- <p><a href="<?=$this->escapeHtml($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("storage_retrieval_request_cancel") ?></a></p>
+ <p><a href="<?=$this->escapeHtmlAttr($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("storage_retrieval_request_cancel") ?></a></p>
<? endif; ?>
</div>
diff --git a/themes/bootstrap/templates/primo/advanced.phtml b/themes/bootstrap/templates/primo/advanced.phtml
index 2d873f3529b16e5af63632e131fada5467ee881e..75365c8dc23dbbf7c90a0fe9fbdffaf3e0f582d7 100644
--- a/themes/bootstrap/templates/primo/advanced.phtml
+++ b/themes/bootstrap/templates/primo/advanced.phtml
@@ -51,15 +51,15 @@
<div class="row-fluid">
<select id="search_type<?=$i?>_<?=$j?>" name="type<?=$i?>[]" class="span3">
<? foreach ($this->options->getAdvancedHandlers() as $searchVal => $searchDesc): ?>
- <option value="<?=$this->escapeHtml($searchVal)?>"<?=($currRow && $currRow->getHandler() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
+ <option value="<?=$this->escapeHtmlAttr($searchVal)?>"<?=($currRow && $currRow->getHandler() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
<? endforeach; ?>
</select>
<select name="op<?=$i?>[]" id="searchForm_op<?=$i?>_<?=$j?>" class="span3">
<? foreach ($this->options->getAdvancedOperators() as $searchVal => $searchDesc): ?>
- <option value="<?=$this->escapeHtml($searchVal)?>"<?=($currRow && $currRow->getOperator() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
+ <option value="<?=$this->escapeHtmlAttr($searchVal)?>"<?=($currRow && $currRow->getOperator() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
<? endforeach; ?>
</select>
- <input id="search_lookfor<?=$i?>_<?=$j?>" type="text" value="<?=$currRow?$this->escapeHtml($currRow->getString()):''?>" size="30" name="lookfor<?=$i?>[]" class="span6"/>
+ <input id="search_lookfor<?=$i?>_<?=$j?>" type="text" value="<?=$currRow?$this->escapeHtmlAttr($currRow->getString()):''?>" size="30" name="lookfor<?=$i?>[]" class="span6"/>
</div>
<? endfor; ?>
</div>
@@ -68,7 +68,7 @@
</div>
<? $lastSort = $this->options->getLastSort(); ?>
<? if (!empty($lastSort)): ?>
- <input type="hidden" name="sort" value="<?=$this->escapeHtml($lastSort)?>" />
+ <input type="hidden" name="sort" value="<?=$this->escapeHtmlAttr($lastSort)?>" />
<? endif; ?>
<input type="submit" class="btn btn-primary" name="submit" value="<?=$this->transEsc("Find")?>"/>
</div>
@@ -82,7 +82,7 @@
<h4><?=$this->transEsc($field)?></h4>
<ul>
<? foreach ($data as $value): ?>
- <li><input type="checkbox" checked="checked" name="filter[]" value='<?=$this->escapeHtml($value['field'])?>:"<?=$this->escapeHtml($value['value'])?>"' /> <?=$this->escapeHtml($value['displayText'])?></li>
+ <li><input type="checkbox" checked="checked" name="filter[]" value='<?=$this->escapeHtmlAttr($value['field'])?>:"<?=$this->escapeHtmlAttr($value['value'])?>"' /> <?=$this->escapeHtml($value['displayText'])?></li>
<? endforeach; ?>
</ul>
</div>
diff --git a/themes/bootstrap/templates/record/addtag.phtml b/themes/bootstrap/templates/record/addtag.phtml
index ef7ab57be1b63a5e07238f0a154d7f6a0034b1c3..e9dafd49dba31ccef3e89ae4f173fa37374c9950 100644
--- a/themes/bootstrap/templates/record/addtag.phtml
+++ b/themes/bootstrap/templates/record/addtag.phtml
@@ -10,8 +10,8 @@
<div class="record">
<form action="" method="post" name="tagRecord" class="form-horizontal">
<input type="hidden" name="submit" value="1" />
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<div class="control-group">
<label class="control-label" for="addtag_tag"><?=$this->transEsc("Tags")?>:</label>
<div class="controls">
diff --git a/themes/bootstrap/templates/record/email.phtml b/themes/bootstrap/templates/record/email.phtml
index 66bf7547be09fb7b2215ca1f5e99d2845df07e8c..54e798e56c8e9f3205749f85f8372dd8b7bd75c0 100644
--- a/themes/bootstrap/templates/record/email.phtml
+++ b/themes/bootstrap/templates/record/email.phtml
@@ -9,8 +9,8 @@
?>
<?=$this->flashmessages()?>
<form class="form-horizontal" action="" method="post" name="emailRecord">
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<div class="control-group">
<label class="control-label" for="email_to"><?=$this->transEsc('To')?>:</label>
<div class="controls">
diff --git a/themes/bootstrap/templates/record/hold.phtml b/themes/bootstrap/templates/record/hold.phtml
index 71f4fd13c935812bf9b9717904c013c2dbb6acc9..fd9f3a9d8182accba1edfd0142b272a39d14c820 100644
--- a/themes/bootstrap/templates/record/hold.phtml
+++ b/themes/bootstrap/templates/record/hold.phtml
@@ -29,7 +29,7 @@
<div class="control-group">
<label class="control-label"><?=$this->transEsc("hold_required_by")?>:</label>
<div class="controls">
- <input id="requiredByDate" type="text" name="gatheredDetails[requiredBy]" value="<?=(isset($this->gatheredDetails['requiredBy']) && !empty($this->gatheredDetails['requiredBy'])) ? $this->escapeHtml($this->gatheredDetails['requiredBy']) : $this->escapeHtml($this->defaultRequiredDate)?>" size="8" />
+ <input id="requiredByDate" type="text" name="gatheredDetails[requiredBy]" value="<?=(isset($this->gatheredDetails['requiredBy']) && !empty($this->gatheredDetails['requiredBy'])) ? $this->escapeHtmlAttr($this->gatheredDetails['requiredBy']) : $this->escapeHtmlAttr($this->defaultRequiredDate)?>" size="8" />
(<?=$this->dateTime()->getDisplayDateFormat()?>)
</div>
</div>
@@ -57,7 +57,7 @@
</option>
<? endif; ?>
<? foreach ($this->requestGroups as $group): ?>
- <option value="<?=$this->escapeHtml($group['id'])?>"<?=($selected == $group['id']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($group['id'])?>"<?=($selected == $group['id']) ? ' selected="selected"' : ''?>>
<?=$this->escapeHtml($group['name'])?>
</option>
<? endforeach; ?>
@@ -84,7 +84,7 @@
<? endif; ?>
</label>
<div class="controls">
- <select id="pickUpLocation" name="gatheredDetails[pickUpLocation]" data-default="<?=$this->escapeHtml($selected)?>">
+ <select id="pickUpLocation" name="gatheredDetails[pickUpLocation]" data-default="<?=$this->escapeHtmlAttr($selected)?>">
<? if ($selected === false): ?>
<option value="" selected="selected">
<?=$this->transEsc('select_pickup_location')?>
@@ -104,7 +104,7 @@
</option>
<? endif; ?>
<? foreach ($this->pickup as $lib): ?>
- <option value="<?=$this->escapeHtml($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
<?=$this->escapeHtml($lib['locationDisplay'])?>
</option>
<? endforeach; ?>
@@ -112,7 +112,7 @@
</div>
</div>
<? else: ?>
- <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtml($this->defaultPickup)?>" />
+ <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtmlAttr($this->defaultPickup)?>" />
<? endif; ?>
<? endif; ?>
<div class="control-group">
diff --git a/themes/bootstrap/templates/record/illrequest.phtml b/themes/bootstrap/templates/record/illrequest.phtml
index 374d04da4881e9a908831050c79fe67b2824811c..be523efc6e04c033f5a76ce030ff454f618d00dd 100644
--- a/themes/bootstrap/templates/record/illrequest.phtml
+++ b/themes/bootstrap/templates/record/illrequest.phtml
@@ -22,7 +22,7 @@
<div class="controls">
<select id="itemId" name="gatheredDetails[itemId]">
<? foreach ($this->items as $item): ?>
- <option value="<?=$this->escapeHtml($item['id'])?>"<?=($this->gatheredDetails['itemId'] == $item['id']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($item['id'])?>"<?=($this->gatheredDetails['itemId'] == $item['id']) ? ' selected="selected"' : ''?>>
<?=$this->escapeHtml($item['name'])?>
</option>
<? endforeach; ?>
@@ -45,7 +45,7 @@
<div class="controls">
<select id="pickupLibrary" name="gatheredDetails[pickUpLibrary]">
<? foreach ($this->pickupLibraries as $lib): ?>
- <option value="<?=$this->escapeHtml($lib['id'])?>"<?=(($selected === false && isset($lib['isDefault']) && $lib['isDefault']) || $selected === $lib['id']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($lib['id'])?>"<?=(($selected === false && isset($lib['isDefault']) && $lib['isDefault']) || $selected === $lib['id']) ? ' selected="selected"' : ''?>>
<?=$this->transEsc('library_' . $lib['name'], null, $lib['name'])?>
</option>
<? endforeach; ?>
@@ -81,7 +81,7 @@
<div class="controls">
<select name="gatheredDetails[pickUpLocation]">
<? foreach ($this->pickup as $lib): ?>
- <option value="<?=$this->escapeHtml($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
<?=$this->escapeHtml($lib['locationDisplay'])?>
</option>
<? endforeach; ?>
@@ -89,7 +89,7 @@
</div>
</div>
<? else: ?>
- <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtml($this->defaultPickup)?>" />
+ <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtmlAttr($this->defaultPickup)?>" />
<? endif; ?>
<? endif; ?>
@@ -97,7 +97,7 @@
<div class="control-group">
<label class="control-label"><?=$this->transEsc("hold_required_by")?>:</label>
<div class="controls">
- <input id="requiredByDate" type="text" name="gatheredDetails[requiredBy]" value="<?=(isset($this->gatheredDetails['requiredBy']) && !empty($this->gatheredDetails['requiredBy'])) ? $this->escapeHtml($this->gatheredDetails['requiredBy']) : $this->escapeHtml($this->defaultRequiredDate)?>" size="8" />
+ <input id="requiredByDate" type="text" name="gatheredDetails[requiredBy]" value="<?=(isset($this->gatheredDetails['requiredBy']) && !empty($this->gatheredDetails['requiredBy'])) ? $this->escapeHtmlAttr($this->gatheredDetails['requiredBy']) : $this->escapeHtmlAttr($this->defaultRequiredDate)?>" size="8" />
(<?=$this->dateTime()->getDisplayDateFormat()?>)
</div>
</div>
diff --git a/themes/bootstrap/templates/record/save.phtml b/themes/bootstrap/templates/record/save.phtml
index b5fe7072f36e4af222664c1a64c9f1b4078a5aa1..904e9083e057454142fae40a5f99eae43ddc57bb 100644
--- a/themes/bootstrap/templates/record/save.phtml
+++ b/themes/bootstrap/templates/record/save.phtml
@@ -9,8 +9,8 @@
<h2><?=$this->transEsc("add_favorite_prefix") ?> <?=$this->escapeHtml($this->driver->getBreadcrumb())?> <?=$this->transEsc("add_favorite_suffix") ?></h2>
<form id="edit-save-form" class="form-horizontal" method="post" action="<?=$this->recordLink()->getActionUrl($this->driver, 'Save')?>" name="saveRecord">
<input type="hidden" name="submit" value="1" />
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId()) ?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId()) ?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<? if (!empty($this->containingLists)): ?>
<p><?=$this->transEsc('This item is already part of the following list/lists') ?>:
<? foreach ($this->containingLists as $i=>$list): ?>
diff --git a/themes/bootstrap/templates/record/sms.phtml b/themes/bootstrap/templates/record/sms.phtml
index cd809d843f381adff601f8d421e8365ca199b9a0..6a9fef0d25a7226bca452ee244c1c361b8587068 100644
--- a/themes/bootstrap/templates/record/sms.phtml
+++ b/themes/bootstrap/templates/record/sms.phtml
@@ -13,8 +13,8 @@
?>
<?=$this->flashmessages()?>
<form method="post" action="" name="smsRecord" class="form-horizontal">
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<div class="control-group">
<label class="control-label" for="sms_to"><?=$this->transEsc('Number')?>:</label>
<div class="controls">
@@ -28,7 +28,7 @@
<select id="sms_provider" name="provider">
<option selected="selected" value=""><?=$this->transEsc('Select your carrier')?></option>
<? foreach ($this->carriers as $val => $details): ?>
- <option value="<?=$this->escapeHtml($val)?>"><?=$this->escapeHtml($details['name'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($val)?>"><?=$this->escapeHtml($details['name'])?></option>
<? endforeach; ?>
</select>
</div>
diff --git a/themes/bootstrap/templates/record/storageretrievalrequest.phtml b/themes/bootstrap/templates/record/storageretrievalrequest.phtml
index 04d674b045c15290e1561a8e4438d3337b2cea0d..e94cd08262837332bde720f00c291df0fac59fb4 100644
--- a/themes/bootstrap/templates/record/storageretrievalrequest.phtml
+++ b/themes/bootstrap/templates/record/storageretrievalrequest.phtml
@@ -31,15 +31,15 @@
<div id="storageRetrievalRequestReference" class="storageRetrievalRequestReference">
<label class="control-label"><?=$this->transEsc('storage_retrieval_request_volume')?>:</label>
<div class="controls">
- <input type="text" name="gatheredDetails[volume]" value="<?=isset($this->gatheredDetails['volume']) ? $this->escapeHtml($this->gatheredDetails['volume']) : ''?>"></input><br/>
+ <input type="text" name="gatheredDetails[volume]" value="<?=isset($this->gatheredDetails['volume']) ? $this->escapeHtmlAttr($this->gatheredDetails['volume']) : ''?>"></input><br/>
</div>
<label class="control-label"><?=$this->transEsc('storage_retrieval_request_issue')?>:</label>
<div class="controls">
- <input type="text" name="gatheredDetails[issue]" value="<?=isset($this->gatheredDetails['issue']) ? $this->escapeHtml($this->gatheredDetails['issue']) : ''?>"></input><br/>
+ <input type="text" name="gatheredDetails[issue]" value="<?=isset($this->gatheredDetails['issue']) ? $this->escapeHtmlAttr($this->gatheredDetails['issue']) : ''?>"></input><br/>
</div>
<label class="control-label"><?=$this->transEsc('storage_retrieval_request_year')?>:</label>
<div class="controls">
- <input type="text" name="gatheredDetails[year]" value="<?=isset($this->gatheredDetails['year']) ? $this->escapeHtml($this->gatheredDetails['year']) : ''?>"></input><br/>
+ <input type="text" name="gatheredDetails[year]" value="<?=isset($this->gatheredDetails['year']) ? $this->escapeHtmlAttr($this->gatheredDetails['year']) : ''?>"></input><br/>
</div>
</div>
</div>
@@ -49,7 +49,7 @@
<div class="control-group">
<label class="control-label"><?=$this->transEsc("hold_required_by")?>:</label>
<div class="controls">
- <input id="requiredByDate" type="text" name="gatheredDetails[requiredBy]" value="<?=(isset($this->gatheredDetails['requiredBy']) && !empty($this->gatheredDetails['requiredBy'])) ? $this->escapeHtml($this->gatheredDetails['requiredBy']) : $this->escapeHtml($this->defaultRequiredDate)?>" size="8" />
+ <input id="requiredByDate" type="text" name="gatheredDetails[requiredBy]" value="<?=(isset($this->gatheredDetails['requiredBy']) && !empty($this->gatheredDetails['requiredBy'])) ? $this->escapeHtmlAttr($this->gatheredDetails['requiredBy']) : $this->escapeHtmlAttr($this->defaultRequiredDate)?>" size="8" />
(<?=$this->dateTime()->getDisplayDateFormat()?>)
</div>
</div>
@@ -76,7 +76,7 @@
</option>
<? endif; ?>
<? foreach ($this->pickup as $lib): ?>
- <option value="<?=$this->escapeHtml($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
<?=$this->escapeHtml($lib['locationDisplay'])?>
</option>
<? endforeach; ?>
@@ -84,7 +84,7 @@
</div>
</div>
<? else: ?>
- <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtml($this->defaultPickup)?>" />
+ <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtmlAttr($this->defaultPickup)?>" />
<? endif; ?>
<? endif; ?>
diff --git a/themes/bootstrap/templates/record/view.phtml b/themes/bootstrap/templates/record/view.phtml
index 1b43a07fbdf365f489d4176073c076a86db3fa11..d63bb388a4d9f4d71ec55f499cc01c94d47c41e7 100644
--- a/themes/bootstrap/templates/record/view.phtml
+++ b/themes/bootstrap/templates/record/view.phtml
@@ -37,9 +37,9 @@
<?=$this->record($this->driver)->getToolbar()?>
<div class="<?=$this->layoutClass('mainbody')?>">
- <div class="record recordId source<?=$this->escapeHtml($this->driver->getResourceSource())?>" id="record">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" class="hiddenId" id="record_id" />
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getResourceSource()) ?>" class="hiddenSource" />
+ <div class="record recordId source<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" id="record">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" class="hiddenId" id="record_id" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource()) ?>" class="hiddenSource" />
<?=$this->flashmessages()?>
<?=$this->record($this->driver)->getCoreMetadata()?>
</div>
@@ -67,7 +67,7 @@
<?=isset($activeTabObj) ? $this->record($this->driver)->getTab($activeTabObj) : '' ?>
</div>
- <span class="Z3988" title="<?=$this->escapeHtml($this->driver->getOpenURL())?>"></span>
+ <span class="Z3988" title="<?=$this->escapeHtmlAttr($this->driver->getOpenURL())?>"></span>
</div>
<div class="<?=$this->layoutClass('sidebar')?>">
diff --git a/themes/bootstrap/templates/search/advanced/checkbox-filters.phtml b/themes/bootstrap/templates/search/advanced/checkbox-filters.phtml
index 6199246a8c7fa64f3d36ff5529715b89dde81966..5cd4cbe30e9db3f53cd0369460183576744d2404 100644
--- a/themes/bootstrap/templates/search/advanced/checkbox-filters.phtml
+++ b/themes/bootstrap/templates/search/advanced/checkbox-filters.phtml
@@ -2,7 +2,7 @@
<fieldset class="checkboxFilter">
<? foreach ($this->checkboxFacets as $current): ?>
<label class="checkbox">
- <input type="checkbox" name="filter[]" value="<?=$this->escapeHtml($current['filter'])?>" id="<?=$this->escapeHtml(str_replace(' ', '', $current['desc']))?>"<? if ($current['selected']): ?> checked="checked"<? endif; ?>/>
+ <input type="checkbox" name="filter[]" value="<?=$this->escapeHtmlAttr($current['filter'])?>" id="<?=$this->escapeHtmlAttr(str_replace(' ', '', $current['desc']))?>"<? if ($current['selected']): ?> checked="checked"<? endif; ?>/>
<?=$this->transEsc($current['desc'])?>
</label>
<? endforeach; ?>
diff --git a/themes/bootstrap/templates/search/advanced/limit.phtml b/themes/bootstrap/templates/search/advanced/limit.phtml
index 35dcc457892ed8bd82b84e09c943e93cdc92f32b..aff3d1932c85a7b0e4b4a374c413fa13a63b2b7d 100644
--- a/themes/bootstrap/templates/search/advanced/limit.phtml
+++ b/themes/bootstrap/templates/search/advanced/limit.phtml
@@ -11,7 +11,7 @@
<legend><?=$this->transEsc('Results per page')?></legend>
<select id="limit" name="limit">
<? foreach ($limitList as $limitVal): ?>
- <option value="<?=$this->escapeHtml($limitVal)?>"<?=($limitVal == $defaultLimit) ? 'selected="selected"' : ''?>><?=$this->escapeHtml($limitVal)?></option>
+ <option value="<?=$this->escapeHtmlAttr($limitVal)?>"<?=($limitVal == $defaultLimit) ? 'selected="selected"' : ''?>><?=$this->escapeHtml($limitVal)?></option>
<? endforeach; ?>
</select>
</fieldset>
diff --git a/themes/bootstrap/templates/search/advanced/ranges.phtml b/themes/bootstrap/templates/search/advanced/ranges.phtml
index 6dee945bbf2b98f984840b41ddca3764fbc3a8fc..8401aa07c6eccb46eff02f91a20b4a3607cef91c 100644
--- a/themes/bootstrap/templates/search/advanced/ranges.phtml
+++ b/themes/bootstrap/templates/search/advanced/ranges.phtml
@@ -1,13 +1,13 @@
<? if (isset($this->ranges) && !empty($this->ranges)): ?>
<? $params = $this->searchParams($this->searchClassId); $params->activateAllFacets(); ?>
- <? foreach ($this->ranges as $current): $escField = $this->escapeHtml($current['field']); ?>
+ <? foreach ($this->ranges as $current): $escField = $this->escapeHtmlAttr($current['field']); ?>
<fieldset class="span4 text-center">
<legend class="text-left"><?=$this->transEsc($params->getFacetLabel($current['field']))?></legend>
- <input type="hidden" name="<?=$this->escapeHtml($current['type'])?>range[]" value="<?=$escField?>"/>
+ <input type="hidden" name="<?=$this->escapeHtmlAttr($current['type'])?>range[]" value="<?=$escField?>"/>
<label for="<?=$escField?>from"><?=$this->transEsc('date_from')?>:</label>
- <input type="text" maxlength="4" class="yearbox span4" name="<?=$escField?>from" id="<?=$escField?>from" value="<?=isset($current['values'][0])?$this->escapeHtml($current['values'][0]):''?>" />
+ <input type="text" maxlength="4" class="yearbox span4" name="<?=$escField?>from" id="<?=$escField?>from" value="<?=isset($current['values'][0])?$this->escapeHtmlAttr($current['values'][0]):''?>" />
<label for="<?=$escField?>to"><?=$this->transEsc('date_to')?>:</label>
- <input type="text" maxlength="4" class="yearbox span4" name="<?=$escField?>to" id="<?=$escField?>to" value="<?=isset($current['values'][1])?$this->escapeHtml($current['values'][1]):''?>" />
+ <input type="text" maxlength="4" class="yearbox span4" name="<?=$escField?>to" id="<?=$escField?>to" value="<?=isset($current['values'][1])?$this->escapeHtmlAttr($current['values'][1]):''?>" />
<? if ($current['type'] == 'date'): ?>
<div class="pad"><input type="text" id="<?=$escField?><?=$this->escapeHtml($current['type'])?>Slider"></div>
<? endif; ?>
diff --git a/themes/bootstrap/templates/search/advanced/solr.phtml b/themes/bootstrap/templates/search/advanced/solr.phtml
index e7723c85f5d427d37516258779fac264585fcf1f..495d3bc1d5a9cc9eedd02388bd2c5224da3fd974 100644
--- a/themes/bootstrap/templates/search/advanced/solr.phtml
+++ b/themes/bootstrap/templates/search/advanced/solr.phtml
@@ -10,8 +10,8 @@
<div class="row-fluid">
<? foreach ($this->facetList as $field => $list): ?>
<div class="span<?=floor(12/count($this->facetList)) ?>">
- <label class="displayBlock" for="limit_<?=$this->escapeHtml(str_replace(' ', '', $field))?>"><?=$this->transEsc($list['label'])?>:</label>
- <select class="span12" id="limit_<?=$this->escapeHtml(str_replace(' ', '', $field))?>" name="filter[]" multiple="multiple" size="10">
+ <label class="displayBlock" for="limit_<?=$this->escapeHtmlAttr(str_replace(' ', '', $field))?>"><?=$this->transEsc($list['label'])?>:</label>
+ <select class="span12" id="limit_<?=$this->escapeHtmlAttr(str_replace(' ', '', $field))?>" name="filter[]" multiple="multiple" size="10">
<?
// Sort the current facet list alphabetically; we'll use this data
// along with the foreach below to display facet options in the
@@ -24,7 +24,7 @@
?>
<? foreach ($sorted as $i => $display): ?>
<? $value = $list['list'][$i]; ?>
- <option value="<?=$this->escapeHtml(($value['operator'] == 'OR' ? '~' : '') . $field . ':"' . $value['value'] . '"')?>"<?=(isset($value['selected']) && $value['selected'])?' selected="selected"':''?>><?=$this->escapeHtml($display)?></option>
+ <option value="<?=$this->escapeHtmlAttr(($value['operator'] == 'OR' ? '~' : '') . $field . ':"' . $value['value'] . '"')?>"<?=(isset($value['selected']) && $value['selected'])?' selected="selected"':''?>><?=$this->escapeHtml($display)?></option>
<? endforeach; ?>
</select>
</div>
@@ -36,8 +36,8 @@
<fieldset class="span4">
<legend><?=$this->transEsc("Illustrated")?>:</legend>
<? foreach ($this->illustratedLimit as $current): ?>
- <input id="illustrated_<?=$this->escapeHtml($current['value'])?>" type="radio" name="illustration" value="<?=$this->escapeHtml($current['value'])?>"<?=$current['selected']?' checked="checked"':''?>/>
- <label for="illustrated_<?=$this->escapeHtml($current['value'])?>"><?=$this->transEsc($current['text'])?></label><br/>
+ <input id="illustrated_<?=$this->escapeHtmlAttr($current['value'])?>" type="radio" name="illustration" value="<?=$this->escapeHtmlAttr($current['value'])?>"<?=$current['selected']?' checked="checked"':''?>/>
+ <label for="illustrated_<?=$this->escapeHtmlAttr($current['value'])?>"><?=$this->transEsc($current['text'])?></label><br/>
<? endforeach; ?>
</fieldset>
<? endif; ?>
diff --git a/themes/bootstrap/templates/search/advanced/summon.phtml b/themes/bootstrap/templates/search/advanced/summon.phtml
index 3102e37bec83a8133293ec0b3d26d651104a7e3d..18a0c5ef20ec206119144e0786b53d02aa2b2bbb 100644
--- a/themes/bootstrap/templates/search/advanced/summon.phtml
+++ b/themes/bootstrap/templates/search/advanced/summon.phtml
@@ -10,8 +10,8 @@
<div class="row-fluid">
<? foreach ($this->facetList as $field => $list): ?>
<div class="span<?=floor(12/count($this->facetList)) ?>">
- <label class="displayBlock" for="limit_<?=$this->escapeHtml(str_replace(' ', '', $field))?>"><?=$this->transEsc($list['label'])?>:</label>
- <select class="span12" id="limit_<?=$this->escapeHtml(str_replace(' ', '', $field))?>" name="filter[]" multiple="multiple" size="10">
+ <label class="displayBlock" for="limit_<?=$this->escapeHtmlAttr(str_replace(' ', '', $field))?>"><?=$this->transEsc($list['label'])?>:</label>
+ <select class="span12" id="limit_<?=$this->escapeHtmlAttr(str_replace(' ', '', $field))?>" name="filter[]" multiple="multiple" size="10">
<?
// Sort the current facet list alphabetically; we'll use this data
// along with the foreach below to display facet options in the
@@ -24,7 +24,7 @@
?>
<? foreach ($sorted as $i => $display): ?>
<? $value = $list['list'][$i]; ?>
- <option value="<?=$this->escapeHtml(($value['operator'] == 'OR' ? '~' : '') . $field . ':"' . $value['value'] . '"')?>"<?=(isset($value['selected']) && $value['selected'])?' selected="selected"':''?>><?=$this->escapeHtml($display)?></option>
+ <option value="<?=$this->escapeHtmlAttr(($value['operator'] == 'OR' ? '~' : '') . $field . ':"' . $value['value'] . '"')?>"<?=(isset($value['selected']) && $value['selected'])?' selected="selected"':''?>><?=$this->escapeHtml($display)?></option>
<? endforeach; ?>
</select>
</div>
diff --git a/themes/bootstrap/templates/search/controls/limit.phtml b/themes/bootstrap/templates/search/controls/limit.phtml
index babf26ba943f2ff78ed9fc285af7033310a241bd..8b3269b127814e69939c76e9e6bc760a3235d071 100644
--- a/themes/bootstrap/templates/search/controls/limit.phtml
+++ b/themes/bootstrap/templates/search/controls/limit.phtml
@@ -4,7 +4,7 @@
<label for="limit" class="help-inline"><?=$this->transEsc('Results per page')?></label>
<select id="limit" name="limit" class="jumpMenu">
<? foreach ($limitList as $limitVal => $limitData): ?>
- <option value="<?=$this->escapeHtml($limitVal)?>"<?=$limitData['selected']?' selected="selected"':''?>><?=$this->escapeHtml($limitData['desc'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($limitVal)?>"<?=$limitData['selected']?' selected="selected"':''?>><?=$this->escapeHtml($limitData['desc'])?></option>
<? endforeach; ?>
</select>
<noscript><input type="submit" value="<?=$this->transEsc("Set")?>" /></noscript>
diff --git a/themes/bootstrap/templates/search/controls/sort.phtml b/themes/bootstrap/templates/search/controls/sort.phtml
index fc6d5b490b2444303bf3c7cf3d79e381249772b4..ee62189dfe2dd8d1517e2a434e36d37848d01377 100644
--- a/themes/bootstrap/templates/search/controls/sort.phtml
+++ b/themes/bootstrap/templates/search/controls/sort.phtml
@@ -4,7 +4,7 @@
<label class="help-inline" for="sort_options_1"><?=$this->transEsc('Sort')?></label>
<select id="sort_options_1" name="sort" class="jumpMenu">
<? foreach ($list as $sortType => $sortData): ?>
- <option value="<?=$this->escapeHtml($sortType)?>"<?=$sortData['selected']?' selected="selected"':''?>><?=$this->transEsc($sortData['desc'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($sortType)?>"<?=$sortData['selected']?' selected="selected"':''?>><?=$this->transEsc($sortData['desc'])?></option>
<? endforeach; ?>
</select>
<noscript><input type="submit" class="btn" value="<?=$this->transEsc("Set")?>" /></noscript>
diff --git a/themes/bootstrap/templates/search/email.phtml b/themes/bootstrap/templates/search/email.phtml
index 05d0cb274b2b36cc12fe4d771beca2fe534253df..cfd6c06ad9dae0dd1fd3611a408d0f8bf0d877eb 100644
--- a/themes/bootstrap/templates/search/email.phtml
+++ b/themes/bootstrap/templates/search/email.phtml
@@ -8,7 +8,7 @@
?>
<?=$this->flashmessages()?>
<form class="form-horizontal" action="" method="post" name="emailSearch">
- <input type="hidden" name="url" value="<?=$this->escapeHtml($this->url)?>" />
+ <input type="hidden" name="url" value="<?=$this->escapeHtmlAttr($this->url)?>" />
<div class="control-group">
<label class="control-label" for="email_to"><?=$this->transEsc('To')?>:</label>
<div class="controls">
diff --git a/themes/bootstrap/templates/search/home.phtml b/themes/bootstrap/templates/search/home.phtml
index 885812d878f823b9336f333e4e058a7051446e45..387d3fa1e9d79e622db52e9294be031327a57608 100644
--- a/themes/bootstrap/templates/search/home.phtml
+++ b/themes/bootstrap/templates/search/home.phtml
@@ -23,7 +23,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_home_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? endif; ?>
diff --git a/themes/bootstrap/templates/search/newitem.phtml b/themes/bootstrap/templates/search/newitem.phtml
index cb0220088490b2abe5dcc62e5f63f0973091ecb6..49d4b19cee494c4b40b19740222267f235e8423a 100644
--- a/themes/bootstrap/templates/search/newitem.phtml
+++ b/themes/bootstrap/templates/search/newitem.phtml
@@ -13,7 +13,7 @@
<div class="controls">
<? foreach ($this->ranges as $key => $range): ?>
<label class="radio inline pad">
- <input id="newitem_range_<?=$this->escapeHtml($key)?>" type="radio" name="range" value="<?=$this->escapeHtml($range)?>"<?= ($key == 0) ? ' checked="checked"' : ''?>/>
+ <input id="newitem_range_<?=$this->escapeHtmlAttr($key)?>" type="radio" name="range" value="<?=$this->escapeHtmlAttr($range)?>"<?= ($key == 0) ? ' checked="checked"' : ''?>/>
<?=($range == 1) ? $this->transEsc('Yesterday') : $this->transEsc('Past') . ' ' . $this->escapeHtml($range) . ' ' . $this->transEsc('Days')?>
</label>
<? endforeach; ?>
@@ -25,7 +25,7 @@
<div class="controls">
<select id="newitem_department" name="department" size="10">
<? foreach ($this->fundList as $fundId => $fund): ?>
- <option value="<?=$this->escapeHtml($fundId)?>"><?=$this->transEsc($fund)?></option>
+ <option value="<?=$this->escapeHtmlAttr($fundId)?>"><?=$this->transEsc($fund)?></option>
<? endforeach; ?>
</select>
</div>
diff --git a/themes/bootstrap/templates/search/reserves.phtml b/themes/bootstrap/templates/search/reserves.phtml
index cc487643999823d05a763c7d00f9a9bcb7e5819a..31ac4595a54eec411c3f66681aed43b5299d63d8 100644
--- a/themes/bootstrap/templates/search/reserves.phtml
+++ b/themes/bootstrap/templates/search/reserves.phtml
@@ -14,7 +14,7 @@
<select name="course" id="reserves_by_course" class="span6">
<option></option>
<? foreach ($this->courseList as $courseId => $courseName): ?>
- <option value="<?=$this->escapeHtml($courseId)?>"><?=$this->escapeHtml($courseName)?></option>
+ <option value="<?=$this->escapeHtmlAttr($courseId)?>"><?=$this->escapeHtml($courseName)?></option>
<? endforeach; ?>
</select>
<input class="btn btn-primary" type="submit" name="submit" value="<?=$this->transEsc('Find')?>"/>
@@ -27,7 +27,7 @@
<select name="inst" id="reserves_by_inst" class="span6">
<option></option>
<? foreach ($this->instList as $instId => $instName): ?>
- <option value="<?=$this->escapeHtml($instId)?>"><?=$this->escapeHtml($instName)?></option>
+ <option value="<?=$this->escapeHtmlAttr($instId)?>"><?=$this->escapeHtml($instName)?></option>
<? endforeach; ?>
</select>
<input class="btn btn-primary" type="submit" name="submit" value="<?=$this->transEsc('Find')?>"/>
@@ -40,7 +40,7 @@
<select name="dept" id="reserves_by_dept" class="span6">
<option></option>
<? foreach ($this->deptList as $deptId => $deptName): ?>
- <option value="<?=$this->escapeHtml($deptId)?>"><?=$this->escapeHtml($deptName)?></option>
+ <option value="<?=$this->escapeHtmlAttr($deptId)?>"><?=$this->escapeHtml($deptName)?></option>
<? endforeach; ?>
</select>
<input class="btn btn-primary" type="submit" name="submit" value="<?=$this->transEsc('Find')?>"/>
diff --git a/themes/bootstrap/templates/search/reservessearch.phtml b/themes/bootstrap/templates/search/reservessearch.phtml
index 468efd6021c33790fdc5a6621115bc2e4a8609fa..766cabfcca471affa5d2491682805a83e2977dbc 100644
--- a/themes/bootstrap/templates/search/reservessearch.phtml
+++ b/themes/bootstrap/templates/search/reservessearch.phtml
@@ -13,7 +13,7 @@
<h3><?=$this->transEsc('Search For Items on Reserve')?></h3>
<form class="form-inline" method="get" action="" name="reservesSearchForm">
<label class="help-inline" for="reservesSearchForm_lookfor"><?=$this->transEsc("Your search terms")?></label>
- <input id="reservesSearchForm_lookfor" type="text" name="lookfor" size="40" value="<?=$this->escapeHtml($reservesLookfor)?>" <?=$this->searchOptions('SolrReserves')->autocompleteEnabled() ? ' class="autocomplete searcher:SolrReserves type:Reserves"' : ''?> />
+ <input id="reservesSearchForm_lookfor" type="text" name="lookfor" size="40" value="<?=$this->escapeHtmlAttr($reservesLookfor)?>" <?=$this->searchOptions('SolrReserves')->autocompleteEnabled() ? ' class="autocomplete searcher:SolrReserves type:Reserves"' : ''?> />
<input class="btn" type="submit" name="submit" value="<?=$this->transEsc("Find")?>"/>
</form>
<script type="text/javascript">$("#reservesSearchForm_lookfor").focus()</script>
@@ -50,7 +50,7 @@
</tr>
<? foreach ($this->results->getResults() as $record): ?>
<?
- $url = $this->currentPath() . $this->escapeHtml(
+ $url = $this->currentPath() . $this->escapeHtmlAttr(
'?inst=' . urlencode($record->getInstructorId())
. '&course=' . urlencode($record->getCourseId())
. '&dept=' . urlencode($record->getDepartmentId())
diff --git a/themes/bootstrap/templates/search/searchbox.phtml b/themes/bootstrap/templates/search/searchbox.phtml
index 917727d6396cc6997039e9519f139b85d103d0d9..0a4d522010dcb26fd362969714b779842b7762b0 100644
--- a/themes/bootstrap/templates/search/searchbox.phtml
+++ b/themes/bootstrap/templates/search/searchbox.phtml
@@ -22,14 +22,14 @@
<ul class="nav nav-tabs">
<? foreach ($searchTabs as $tab): ?>
<li<?=$tab['selected'] ? ' class="active"' : ''?>>
- <a href="<?=$tab['selected'] ? '' : $this->escapeHtml($tab['url'])?>"><?=$this->transEsc($tab['label']); ?></a>
+ <a href="<?=$tab['selected'] ? '' : $this->escapeHtmlAttr($tab['url'])?>"><?=$this->transEsc($tab['label']); ?></a>
</li>
<? endforeach; ?>
</ul>
<? endif; ?>
<div class="navbar">
<? if ($this->searchType == 'advanced'): ?>
- <a class="btn btn-link small" href="<?=$this->url($advSearch)?>?edit=<?=$this->escapeHtml($this->searchId)?>"><?=$this->transEsc("Edit this Advanced Search")?></a>
+ <a class="btn btn-link small" href="<?=$this->url($advSearch)?>?edit=<?=$this->escapeHtmlAttr($this->searchId)?>"><?=$this->transEsc("Edit this Advanced Search")?></a>
<span class="help-inline">|</span>
<a class="btn btn-link small" href="<?=$this->url($advSearch)?>"><?=$this->transEsc("Start a new Advanced Search")?></a>
<span class="help-inline">|</span>
@@ -37,15 +37,15 @@
<div class="help-block"><?=$this->transEsc("Your search terms")?> : "<strong><?=$this->escapeHtml($this->lookfor)?></strong>"</div>
<? else: ?>
<form class="form-inline navbar-form block" method="get" action="<?=$this->url($basicSearch)?>" name="searchForm" id="searchForm" autocomplete="off">
- <input class="span5 search-query<? if($this->searchbox()->autocompleteEnabled($this->searchClassId)):?> autocomplete searcher:<?=$this->escapeHtml($this->searchClassId) ?><? endif ?>" id="searchForm_lookfor" type="text" name="lookfor" value="<?=$this->escapeHtml($this->lookfor)?>"/>
+ <input class="span5 search-query<? if($this->searchbox()->autocompleteEnabled($this->searchClassId)):?> autocomplete searcher:<?=$this->escapeHtmlAttr($this->searchClassId) ?><? endif ?>" id="searchForm_lookfor" type="text" name="lookfor" value="<?=$this->escapeHtmlAttr($this->lookfor)?>"/>
<? if ($handlerCount > 1): ?>
<select id="searchForm_type" name="type" data-native-menu="false">
<? foreach ($handlers as $handler): ?>
- <option value="<?=$this->escapeHtml($handler['value'])?>"<?=$handler['selected'] ? ' selected="selected"' : ''?>><?=$handler['indent'] ? '-- ' : ''?><?=$this->transEsc($handler['label'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($handler['value'])?>"<?=$handler['selected'] ? ' selected="selected"' : ''?>><?=$handler['indent'] ? '-- ' : ''?><?=$this->transEsc($handler['label'])?></option>
<? endforeach; ?>
</select>
<? elseif ($handlerCount == 1): ?>
- <input type="hidden" name="type" value="<?=$this->escapeHtml($handlers[0]['value'])?>" />
+ <input type="hidden" name="type" value="<?=$this->escapeHtmlAttr($handlers[0]['value'])?>" />
<? endif; ?>
<button type="submit" class="btn"><i class="icon-search"></i> <?=$this->transEsc("Find")?></button>
<? if ($advSearch): ?>
@@ -60,7 +60,7 @@
<br />
<? foreach ($shards as $shard => $val): ?>
<? $isSelected = empty($selectedShards) || in_array($shard, $selectedShards); ?>
- <input type="checkbox" <?=$isSelected ? 'checked="checked" ' : ''?>name="shard[]" value='<?=$this->escapeHtml($shard)?>' /> <?=$this->transEsc($shard)?>
+ <input type="checkbox" <?=$isSelected ? 'checked="checked" ' : ''?>name="shard[]" value='<?=$this->escapeHtmlAttr($shard)?>' /> <?=$this->transEsc($shard)?>
<? endforeach; ?>
<? endif; ?>
<?
@@ -77,8 +77,8 @@
</label>
<div class="hidden">
<? foreach ($filterDetails as $current): ?>
- <input class="applied-filter" id="<?=$this->escapeHtml($current['id'])?>" type="checkbox"<?=$defaultFilterState?> name="filter[]" value="<?=$this->escapeHtml($current['value'])?>" />
- <label for="<?=$this->escapeHtml($current['id'])?>"><?=$this->escapeHtml($current['value'])?></label>
+ <input class="applied-filter" id="<?=$this->escapeHtmlAttr($current['id'])?>" type="checkbox"<?=$defaultFilterState?> name="filter[]" value="<?=$this->escapeHtmlAttr($current['value'])?>" />
+ <label for="<?=$this->escapeHtmlAttr($current['id'])?>"><?=$this->escapeHtml($current['value'])?></label>
<? endforeach; ?>
<? if (isset($hasDefaultsApplied) && $hasDefaultsApplied): ?>
<!-- this is a hidden element that flags whether or not default filters have been applied;
@@ -90,14 +90,14 @@
<?
/* Show hidden field for active search class when in combined handler mode. */
if ($this->searchbox()->combinedHandlersActive()) {
- echo '<input type="hidden" name="activeSearchClassId" value="' . $this->escapeHtml($this->searchClassId) . '" />';
+ echo '<input type="hidden" name="activeSearchClassId" value="' . $this->escapeHtmlAttr($this->searchClassId) . '" />';
}
/* Load hidden limit preference from Session */
if (!empty($lastLimit)) {
- echo '<input type="hidden" name="limit" value="' . $this->escapeHtml($lastLimit) . '" />';
+ echo '<input type="hidden" name="limit" value="' . $this->escapeHtmlAttr($lastLimit) . '" />';
}
if (!empty($lastSort)) {
- echo '<input type="hidden" name="sort" value="' . $this->escapeHtml($lastSort) . '" />';
+ echo '<input type="hidden" name="sort" value="' . $this->escapeHtmlAttr($lastSort) . '" />';
}
?>
</form>
diff --git a/themes/bootstrap/templates/upgrade/getdbcredentials.phtml b/themes/bootstrap/templates/upgrade/getdbcredentials.phtml
index 74055faa7b77691377c509d9a15a651373ded0e7..ca330b042a405b2c1957c9d55d9aef6d59cc0751 100644
--- a/themes/bootstrap/templates/upgrade/getdbcredentials.phtml
+++ b/themes/bootstrap/templates/upgrade/getdbcredentials.phtml
@@ -14,7 +14,7 @@ with permission to alter and create tables.</p>
<form method="post" action="<?=$this->url('upgrade-getdbcredentials')?>">
<table>
<tbody>
- <tr><td>MySQL Root User: </td><td><input type="text" name="dbrootuser" value="<?=$this->escapeHtml($this->dbrootuser)?>"/></td></tr>
+ <tr><td>MySQL Root User: </td><td><input type="text" name="dbrootuser" value="<?=$this->escapeHtmlAttr($this->dbrootuser)?>"/></td></tr>
<tr><td>MySQL Root Password: </td><td><input type="password" name="dbrootpass" value=""/></td></tr>
<tr><td></td><td><input type="submit" name="submit" value="<?=$this->transEsc('Submit') ?>" /></td></tr>
</tbody>
diff --git a/themes/jquerymobile/templates/Auth/AbstractBase/login.phtml b/themes/jquerymobile/templates/Auth/AbstractBase/login.phtml
index e7f616f8c31b1298e7c5565400bea73c2151ade2..821c54aab431ca24217f3db0206d0f9bbd6f1c06 100644
--- a/themes/jquerymobile/templates/Auth/AbstractBase/login.phtml
+++ b/themes/jquerymobile/templates/Auth/AbstractBase/login.phtml
@@ -19,5 +19,5 @@
<a rel="external" data-role="button" class="recover_password" href="<?=$this->url('myresearch-recover')?>"><?=$this->transEsc('Forgot Password')?></a>
<? endif; ?>
<? else: ?>
- <a rel="external" data-role="button" href="<?=$this->escapeHtml($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
+ <a rel="external" data-role="button" href="<?=$this->escapeHtmlAttr($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
<? endif; ?>
diff --git a/themes/jquerymobile/templates/Auth/AbstractBase/loginfields.phtml b/themes/jquerymobile/templates/Auth/AbstractBase/loginfields.phtml
index a979db8146b66db063d74e07c020105b3e4ec5e3..1b6516b967b30fc9cd3ba10f47fe13a874691019 100644
--- a/themes/jquerymobile/templates/Auth/AbstractBase/loginfields.phtml
+++ b/themes/jquerymobile/templates/Auth/AbstractBase/loginfields.phtml
@@ -1,4 +1,4 @@
<label for="login_username"><?=$this->transEsc('Username')?>:</label>
-<input id="login_username" type="text" name="username" value="<?=$this->escapeHtml($this->request->get('username'))?>"/>
+<input id="login_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>"/>
<label for="login_password"><?=$this->transEsc('Password')?>:</label>
<input id="login_password" type="password" name="password"/>
diff --git a/themes/jquerymobile/templates/Auth/Database/create.phtml b/themes/jquerymobile/templates/Auth/Database/create.phtml
index d472bd6228ddafb8fe7f74ab7e6dc083d9225424..1444efdd6c2bdc0250ab89e5ab40322b4c240a91 100644
--- a/themes/jquerymobile/templates/Auth/Database/create.phtml
+++ b/themes/jquerymobile/templates/Auth/Database/create.phtml
@@ -1,11 +1,11 @@
<label for="account_firstname"><?=$this->transEsc('First Name')?>:</label>
-<input id="account_firstname" type="text" name="firstname" value="<?=$this->escapeHtml($this->request->get('firstname'))?>" />
+<input id="account_firstname" type="text" name="firstname" value="<?=$this->escapeHtmlAttr($this->request->get('firstname'))?>" />
<label for="account_lastname"><?=$this->transEsc('Last Name')?>:</label>
-<input id="account_lastname" type="text" name="lastname" value="<?=$this->escapeHtml($this->request->get('lastname'))?>" />
+<input id="account_lastname" type="text" name="lastname" value="<?=$this->escapeHtmlAttr($this->request->get('lastname'))?>" />
<label for="account_email"><?=$this->transEsc('Email Address')?>:</label>
-<input id="account_email" type="text" name="email" value="<?=$this->escapeHtml($this->request->get('email'))?>" />
+<input id="account_email" type="text" name="email" value="<?=$this->escapeHtmlAttr($this->request->get('email'))?>" />
<label for="account_username"><?=$this->transEsc('Desired Username')?>:</label>
-<input id="account_username" type="text" name="username" value="<?=$this->escapeHtml($this->request->get('username'))?>" />
+<input id="account_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>" />
<label for="account_password"><?=$this->transEsc('Password')?>:</label>
<input id="account_password" type="password" name="password" />
<label for="account_password2"><?=$this->transEsc('Password Again')?>:</label>
diff --git a/themes/jquerymobile/templates/Auth/Shibboleth/login.phtml b/themes/jquerymobile/templates/Auth/Shibboleth/login.phtml
index d4463c48646cadaddee5563605a680afa1c8fb55..d4cbbac6e6bb09b67c3cf68eb47f6dc7c8951b69 100644
--- a/themes/jquerymobile/templates/Auth/Shibboleth/login.phtml
+++ b/themes/jquerymobile/templates/Auth/Shibboleth/login.phtml
@@ -1,3 +1,3 @@
<? $account = $this->auth()->getManager(); ?>
<? $sessionInitiator = $account->getSessionInitiator($this->serverUrl($this->url('myresearch-home'))); ?>
-<a rel="external" href="<?=$this->escapeHtml($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
+<a rel="external" href="<?=$this->escapeHtmlAttr($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
diff --git a/themes/jquerymobile/templates/Helpers/openurl.phtml b/themes/jquerymobile/templates/Helpers/openurl.phtml
index 671dcd2a3115dc0c4b501beca41b8497c294e903..3a53a9a3332457b527ee017f5f123cdcd0f426fe 100644
--- a/themes/jquerymobile/templates/Helpers/openurl.phtml
+++ b/themes/jquerymobile/templates/Helpers/openurl.phtml
@@ -1,15 +1,15 @@
-<a rel="external" href="<?=$this->escapeHtml($this->openUrlBase . '?' . $this->openUrl)?>">
+<a rel="external" href="<?=$this->escapeHtmlAttr($this->openUrlBase . '?' . $this->openUrl)?>">
<? if ($this->openUrlGraphic): ?>
<?
$style = '';
if ($this->openUrlGraphicWidth) {
- $style .= 'width:' . $this->escapeHtml($this->openUrlGraphicWidth) . 'px;';
+ $style .= 'width:' . $this->escapeHtmlAttr($this->openUrlGraphicWidth) . 'px;';
}
if ($this->openUrlGraphicHeight) {
- $style .= 'height:' . $this->escapeHtml($this->openUrlGraphicHeight) . 'px;';
+ $style .= 'height:' . $this->escapeHtmlAttr($this->openUrlGraphicHeight) . 'px;';
}
?>
- <img src="<?=$this->escapeHtml($this->openUrlGraphic)?>" alt="<?=$this->transEsc('Get full text')?>" style="<?=$style?>" />
+ <img src="<?=$this->escapeHtmlAttr($this->openUrlGraphic)?>" alt="<?=$this->transEsc('Get full text')?>" style="<?=$style?>" />
<? else: ?>
<?=$this->transEsc('Get full text')?>
<? endif; ?>
diff --git a/themes/jquerymobile/templates/RecordDriver/LibGuides/result-list.phtml b/themes/jquerymobile/templates/RecordDriver/LibGuides/result-list.phtml
index 3448080e56407a4e8d2e3d606c01e8a54cb17ba1..66ce9ddb2756dfa9b3fc96bd39152d603912e4be 100644
--- a/themes/jquerymobile/templates/RecordDriver/LibGuides/result-list.phtml
+++ b/themes/jquerymobile/templates/RecordDriver/LibGuides/result-list.phtml
@@ -1,7 +1,7 @@
<?
$url = $this->driver->getUniqueId();
?>
-<a rel="external" href="<?=$this->escapeHtml($url)?>">
+<a rel="external" href="<?=$this->escapeHtmlAttr($url)?>">
<div class="result">
<h3><?
$summTitle = $this->driver->getTitle();
diff --git a/themes/jquerymobile/templates/RecordDriver/Pazpar2/result-list.phtml b/themes/jquerymobile/templates/RecordDriver/Pazpar2/result-list.phtml
index a4bd4560797dc7aebc3127906a503b348c7e3f83..10a10b6b5689935bea78eae773b6ac9123454885 100644
--- a/themes/jquerymobile/templates/RecordDriver/Pazpar2/result-list.phtml
+++ b/themes/jquerymobile/templates/RecordDriver/Pazpar2/result-list.phtml
@@ -1,6 +1,6 @@
<b>
- <div class="result source<?=$this->escapeHtml($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
+ <div class="result source<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
<h3><?
$summHighlightedTitle = $this->driver->getHighlightedTitle();
$summTitle = $this->driver->getTitle();
diff --git a/themes/jquerymobile/templates/RecordDriver/SolrDefault/core.phtml b/themes/jquerymobile/templates/RecordDriver/SolrDefault/core.phtml
index bebd579a95a9df468989f073157e8cd98157cb06..e4871113c6e196ba08758e9d36382fba58f125ba 100644
--- a/themes/jquerymobile/templates/RecordDriver/SolrDefault/core.phtml
+++ b/themes/jquerymobile/templates/RecordDriver/SolrDefault/core.phtml
@@ -1,9 +1,9 @@
<? /* Display thumbnail if appropriate: */ ?>
<? $mediumThumb = $this->record($this->driver)->getThumbnail('medium'); $largeThumb = $this->record($this->driver)->getThumbnail('large'); ?>
<? if ($mediumThumb): ?>
- <? if ($largeThumb): ?><a rel="external" href="<?=$this->escapeHtml($largeThumb)?>"><? endif; ?>
+ <? if ($largeThumb): ?><a rel="external" href="<?=$this->escapeHtmlAttr($largeThumb)?>"><? endif; ?>
<div class="recordcover">
- <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtml($mediumThumb);?>"/>
+ <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtmlAttr($mediumThumb);?>"/>
</div>
<? if ($largeThumb): ?></a><? endif; ?>
<? endif; ?>
@@ -134,7 +134,7 @@
<dt><?=$this->transEsc('Online Access')?>: </dt>
<dd>
<? foreach ($urls as $current): ?>
- <p><a rel="external" href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a></p>
+ <p><a rel="external" href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a></p>
<? endforeach; ?>
<? if ($openUrl): ?>
<?=$this->openUrl($openUrl)?><br/>
diff --git a/themes/jquerymobile/templates/RecordDriver/SolrDefault/list-entry.phtml b/themes/jquerymobile/templates/RecordDriver/SolrDefault/list-entry.phtml
index c468c8b28cdc62cb23fa1a7b6ea927ba2175f65b..056f5a0e3d0f39f60a3bed56e9f5daa5d24ca75c 100644
--- a/themes/jquerymobile/templates/RecordDriver/SolrDefault/list-entry.phtml
+++ b/themes/jquerymobile/templates/RecordDriver/SolrDefault/list-entry.phtml
@@ -11,8 +11,8 @@
}
?>
<a rel="external" href="<?=$this->recordLink()->getUrl($this->driver)?>">
- <div class="result source<?=$this->escapeHtml($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
+ <div class="result source<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
<h3>
<?
$listTitle = $this->driver->getTitle();
diff --git a/themes/jquerymobile/templates/RecordDriver/SolrDefault/result-list.phtml b/themes/jquerymobile/templates/RecordDriver/SolrDefault/result-list.phtml
index 1fdd7684373b00e4654912ac0e8ee9e8117a30ec..ce04278048f67bbdc05f1265ccfd9401b1ae0701 100644
--- a/themes/jquerymobile/templates/RecordDriver/SolrDefault/result-list.phtml
+++ b/themes/jquerymobile/templates/RecordDriver/SolrDefault/result-list.phtml
@@ -1,6 +1,6 @@
<a rel="external" href="<?=$this->recordLink()->getUrl($this->driver)?>">
- <div class="result source<?=$this->escapeHtml($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
+ <div class="result source<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
<h3><?
$summHighlightedTitle = $this->driver->getHighlightedTitle();
$summTitle = $this->driver->getTitle();
diff --git a/themes/jquerymobile/templates/RecordDriver/SolrWeb/result-list.phtml b/themes/jquerymobile/templates/RecordDriver/SolrWeb/result-list.phtml
index 41e08d2e44e51995b397f0ecf9356806343ac9ca..c1bcfddbdd90633c104f06aac05890ce8eeff36d 100644
--- a/themes/jquerymobile/templates/RecordDriver/SolrWeb/result-list.phtml
+++ b/themes/jquerymobile/templates/RecordDriver/SolrWeb/result-list.phtml
@@ -1,7 +1,7 @@
<?
$url = $this->driver->getUrl();
?>
-<a rel="external" href="<?=$this->escapeHtml($url)?>">
+<a rel="external" href="<?=$this->escapeHtmlAttr($url)?>">
<div class="result">
<h3><?
$summHighlightedTitle = $this->driver->getHighlightedTitle();
diff --git a/themes/jquerymobile/templates/RecordTab/holdingsils.phtml b/themes/jquerymobile/templates/RecordTab/holdingsils.phtml
index 3e6a2da372bc797cd1852dad6fec3a7ddb430cda..d2f1bb380f3604a123f0f369faadf5f074a67540 100644
--- a/themes/jquerymobile/templates/RecordTab/holdingsils.phtml
+++ b/themes/jquerymobile/templates/RecordTab/holdingsils.phtml
@@ -13,7 +13,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_holdings_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? endif; ?>
diff --git a/themes/jquerymobile/templates/RecordTab/holdingsworldcat.phtml b/themes/jquerymobile/templates/RecordTab/holdingsworldcat.phtml
index f5afadfa6fa7474b7bd7f5a2da09326f968e44ee..190e7f869c17312f53081dc2c26a27b440aefa2e 100644
--- a/themes/jquerymobile/templates/RecordTab/holdingsworldcat.phtml
+++ b/themes/jquerymobile/templates/RecordTab/holdingsworldcat.phtml
@@ -5,7 +5,7 @@
<tr>
<th colspan="2">
<? if (isset($holding->electronicAddress->text) && !empty($holding->electronicAddress->text)): ?>
- <a href="<?=$this->escapeHtml($holding->electronicAddress->text)?>"><?=$this->escapeHtml($holding->physicalLocation)?></a>
+ <a href="<?=$this->escapeHtmlAttr($holding->electronicAddress->text)?>"><?=$this->escapeHtml($holding->physicalLocation)?></a>
<? else: ?>
<?=$this->escapeHtml($holding->physicalLocation)?>
<? endif; ?>
diff --git a/themes/jquerymobile/templates/RecordTab/reviews.phtml b/themes/jquerymobile/templates/RecordTab/reviews.phtml
index 5841e5abd1f1877d57235730a07a27655c7390cb..20ce2dd5cbbccbb0844f164ae148df623c9c8d77 100644
--- a/themes/jquerymobile/templates/RecordTab/reviews.phtml
+++ b/themes/jquerymobile/templates/RecordTab/reviews.phtml
@@ -26,7 +26,7 @@
<p class="summary">
<?=isset($review['Content']) ? $review['Content'] : ''?>
<? if ((!isset($review['Content']) || empty($review['Content'])) && isset($review['ReviewURL'])): ?>
- <a rel="external" href="<?=$this->escapeHtml($review['ReviewURL'])?>"><?=$this->transEsc('Read the full review online...')?></a>
+ <a rel="external" href="<?=$this->escapeHtmlAttr($review['ReviewURL'])?>"><?=$this->transEsc('Read the full review online...')?></a>
<? endif; ?>
</p>
<?=isset($review['Copyright']) ? $review['Copyright'] : ''?>
diff --git a/themes/jquerymobile/templates/RecordTab/usercomments.phtml b/themes/jquerymobile/templates/RecordTab/usercomments.phtml
index 24a5549e104a4b12688e67a5e5b04ccfeab5db28..fe56781c83d58d0b573d51d3ce74199ceca82ff6 100644
--- a/themes/jquerymobile/templates/RecordTab/usercomments.phtml
+++ b/themes/jquerymobile/templates/RecordTab/usercomments.phtml
@@ -7,8 +7,8 @@
</ul>
<form name="commentRecord" id="commentRecord" action="<?=$this->recordLink()->getActionUrl($this->driver, 'AddComment')?>" method="post" data-ajax="false">
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>"/>
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>"/>
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>"/>
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>"/>
<div data-role="fieldcontain">
<label for="comments_form_comment"><?=$this->transEsc("Your Comment")?>:</label>
<textarea id="comments_form_comment" name="comment"></textarea>
diff --git a/themes/jquerymobile/templates/alphabrowse/home.phtml b/themes/jquerymobile/templates/alphabrowse/home.phtml
index 4ce4a70c0aed94bb8568eb4458e4ac32520db139..8664288394c59a2fb2b55003038cfdf5da0a34d9 100644
--- a/themes/jquerymobile/templates/alphabrowse/home.phtml
+++ b/themes/jquerymobile/templates/alphabrowse/home.phtml
@@ -12,11 +12,11 @@
<label for="alphaBrowseForm_source"><?=$this->transEsc('Browse Alphabetically') ?></label>
<select id="alphaBrowseForm_source" name="source">
<? foreach ($this->alphaBrowseTypes as $key => $item): ?>
- <option value="<?=$this->escapeHtml($key) ?>"<? if ($this->source == $key): ?> selected="selected"<? endif; ?>><?=$this->transEsc($item) ?></option>
+ <option value="<?=$this->escapeHtmlAttr($key) ?>"<? if ($this->source == $key): ?> selected="selected"<? endif; ?>><?=$this->transEsc($item) ?></option>
<? endforeach; ?>
</select>
<label for="alphaBrowseForm_from"><?=$this->transEsc('starting from') ?></label>
- <input type="search" name="from" id="alphaBrowseForm_from" value="<?=$this->escapeHtml($this->from) ?>"/>
+ <input type="search" name="from" id="alphaBrowseForm_from" value="<?=$this->escapeHtmlAttr($this->from) ?>"/>
<input type="submit" data-theme="b" value="<?=$this->transEsc('Browse') ?>"/>
</div>
</form>
@@ -33,12 +33,12 @@
<div class="ui-grid-a">
<div class="ui-block-a">
<? if (isset($this->prevpage)): ?>
- <a data-role="button" data-mini="true" data-icon="arrow-l" href="<?=$this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->prevpage))))?>"><?=$this->transEsc('Prev')?></a>
+ <a data-role="button" data-mini="true" data-icon="arrow-l" href="<?=$this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->prevpage))))?>"><?=$this->transEsc('Prev')?></a>
<? endif; ?>
</div>
<div class="ui-block-b">
<? if (isset($this->nextpage)): ?>
- <a data-role="button" data-mini="true" data-icon="arrow-r" data-iconpos="right" href="<?=$this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->nextpage))))?>"><?=$this->transEsc('Next')?></a>
+ <a data-role="button" data-mini="true" data-icon="arrow-r" data-iconpos="right" href="<?=$this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->nextpage))))?>"><?=$this->transEsc('Next')?></a>
<? endif; ?>
</div>
</div>
@@ -52,14 +52,14 @@
<? if ($item['count'] > 0 || count($item['useInstead']) > 0): ?>
<? if (count($item['useInstead']) > 0): ?>
<? $query = array('from' => implode($item['useInstead'])) + $baseQuery; ?>
- <? $searchLink = $this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => $query))); ?>
+ <? $searchLink = $this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => $query))); ?>
<? else: ?>
<? if ($item['count'] < 5): ?>
<? $query = array('type' => 'ids', 'lookfor' => implode(' ', $item['ids'])); ?>
<? else: ?>
<? $query = array('type' => ucwords($this->source) . 'Browse', 'lookfor' => '"' . addcslashes($item['heading'], '"') . '"'); ?>
<? endif; ?>
- <? $searchLink = $this->escapeHtml($this->url('search-results', array(), array('query' => $query))); ?>
+ <? $searchLink = $this->escapeHtmlAttr($this->url('search-results', array(), array('query' => $query))); ?>
<? endif; ?>
<? endif; ?>
<a class="ui-link-inherit" data-ajax="false" href="<?=$searchLink ?>">
diff --git a/themes/jquerymobile/templates/collection/view.phtml b/themes/jquerymobile/templates/collection/view.phtml
index fd920a320721bafa619e84cc105368847b9536ea..742104655cacb911beb9ccd76fb25db45ac59bec 100644
--- a/themes/jquerymobile/templates/collection/view.phtml
+++ b/themes/jquerymobile/templates/collection/view.phtml
@@ -11,7 +11,7 @@
?>
<div data-role="page" id="Record-view">
<?=$this->mobileMenu()->header()?>
- <div class="record" data-role="content" data-record-id="<?=$this->escapeHtml($this->driver->getUniqueId())?>">
+ <div class="record" data-role="content" data-record-id="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>">
<?=$this->flashmessages()?>
<? if ($this->activeTab == $this->defaultTab): ?>
<?=$this->record($this->driver)->getCollectionMetadata()?>
diff --git a/themes/jquerymobile/templates/confirm/confirm.phtml b/themes/jquerymobile/templates/confirm/confirm.phtml
index 18028743ddf023a150690c0694429efed3c9aa09..989cd48eccc7030ba71859b9e53b2abed4f10270 100644
--- a/themes/jquerymobile/templates/confirm/confirm.phtml
+++ b/themes/jquerymobile/templates/confirm/confirm.phtml
@@ -5,21 +5,21 @@
<?=$this->flashmessages();?>
- <form action="<?=$this->escapeHtml($this->confirm)?>" method="post" data-ajax="false">
+ <form action="<?=$this->escapeHtmlAttr($this->confirm)?>" method="post" data-ajax="false">
<? if (isset($this->extras)): ?>
<? foreach ($this->extras as $extra=>$value): ?>
<? if (is_array($value)): ?>
<? foreach ($value as $current): ?>
- <input type="hidden" name="<?=$this->escapeHtml($extra) ?>[]" value="<?=$this->escapeHtml($current) ?>" />
+ <input type="hidden" name="<?=$this->escapeHtmlAttr($extra) ?>[]" value="<?=$this->escapeHtmlAttr($current) ?>" />
<? endforeach; ?>
<? else: ?>
- <input type="hidden" name="<?=$this->escapeHtml($extra) ?>" value="<?=$this->escapeHtml($value) ?>" />
+ <input type="hidden" name="<?=$this->escapeHtmlAttr($extra) ?>" value="<?=$this->escapeHtmlAttr($value) ?>" />
<? endif; ?>
<? endforeach; ?>
<? endif;?>
<input type="submit" name="confirm" value="<?=$this->transEsc('confirm_dialog_yes') ?>" />
</form>
- <form action="<?=$this->escapeHtml($this->cancel) ?>" method="post" data-ajax="false">
+ <form action="<?=$this->escapeHtmlAttr($this->cancel) ?>" method="post" data-ajax="false">
<input type="submit" name="cancel" value="<?=$this->transEsc('confirm_dialog_no') ?>" />
</form>
</div>
diff --git a/themes/jquerymobile/templates/error/unavailable.phtml b/themes/jquerymobile/templates/error/unavailable.phtml
index 11d55fa2f68f9044a38438c19067093308c8d632..fa3d30171719d7ce9e5c7c1c918602742330c347 100644
--- a/themes/jquerymobile/templates/error/unavailable.phtml
+++ b/themes/jquerymobile/templates/error/unavailable.phtml
@@ -13,7 +13,7 @@
<p>
<?=$this->transEsc('Please contact the Library Reference Department for assistance')?>
<br/>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a>
</p>
</div>
diff --git a/themes/jquerymobile/templates/myresearch/cataloglogin.phtml b/themes/jquerymobile/templates/myresearch/cataloglogin.phtml
index 2cfcff0f55acbc0418949dd6a200343f822af926..11cb63cdca81129b5607f0d6d28789dfe335dd98 100644
--- a/themes/jquerymobile/templates/myresearch/cataloglogin.phtml
+++ b/themes/jquerymobile/templates/myresearch/cataloglogin.phtml
@@ -13,7 +13,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_login_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? else: ?>
diff --git a/themes/jquerymobile/templates/myresearch/checkedout.phtml b/themes/jquerymobile/templates/myresearch/checkedout.phtml
index 4e4c6eef4154a3b7c7ac57ca112541bd67942553..7eec680b6e6cff9b086cbb4403b99da3c5f40d41 100644
--- a/themes/jquerymobile/templates/myresearch/checkedout.phtml
+++ b/themes/jquerymobile/templates/myresearch/checkedout.phtml
@@ -91,8 +91,8 @@
<fieldset data-type="horizontal" data-role="controlgroup">
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $ilsDetails['renew_details']); ?>
<label for="checkbox_<?=$safeId?>"><?=$this->transEsc("Select this record")?></label>
- <input type="checkbox" name="renewSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['renew_details'])?>" class="checkbox" style="margin-left: 0" id="checkbox_<?=$safeId?>" />
- <input type="hidden" name="renewAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['renew_details'])?>" />
+ <input type="checkbox" name="renewSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['renew_details'])?>" class="checkbox" style="margin-left: 0" id="checkbox_<?=$safeId?>" />
+ <input type="hidden" name="renewAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['renew_details'])?>" />
</fieldset>
</div>
<? endif; ?>
diff --git a/themes/jquerymobile/templates/myresearch/holds.phtml b/themes/jquerymobile/templates/myresearch/holds.phtml
index fd905ea60d33940fdd93290a5ef1f2856e574c63..e17e5e0a0bcbbf3ae12b3ae5d6bcb51ba1d253f7 100644
--- a/themes/jquerymobile/templates/myresearch/holds.phtml
+++ b/themes/jquerymobile/templates/myresearch/holds.phtml
@@ -112,8 +112,8 @@
<fieldset data-type="horizontal" data-role="controlgroup">
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $resource->getUniqueId()); ?>
<label for="checkbox_<?=$safeId?>"><?=$this->transEsc("Select this record")?></label>
- <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" />
- <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" class="checkbox" style="margin-left:0;" id="checkbox_<?=$safeId?>" />
+ <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" />
+ <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" class="checkbox" style="margin-left:0;" id="checkbox_<?=$safeId?>" />
</fieldset>
</div>
<? endif; ?>
diff --git a/themes/jquerymobile/templates/myresearch/login.phtml b/themes/jquerymobile/templates/myresearch/login.phtml
index 405a0f78c72329ce2c40b69bfc5ee76e6796e62d..e78e7ac13a7a94ce95ffb3c708b70f167a3d1764 100644
--- a/themes/jquerymobile/templates/myresearch/login.phtml
+++ b/themes/jquerymobile/templates/myresearch/login.phtml
@@ -15,7 +15,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_login_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? elseif ($hideLogin): ?>
diff --git a/themes/jquerymobile/templates/primo/advanced.phtml b/themes/jquerymobile/templates/primo/advanced.phtml
index 42ceb71d8e62c59bd7d805da3c600fe2d1189763..299ada3e4e145044735d125804b8c6b0ced273fd 100644
--- a/themes/jquerymobile/templates/primo/advanced.phtml
+++ b/themes/jquerymobile/templates/primo/advanced.phtml
@@ -46,26 +46,26 @@
<div class="ui-block-a">
<select id="search_type<?=$i?>_<?=$j?>" name="type<?=$i?>[]">
<? foreach ($this->options->getAdvancedHandlers() as $searchVal => $searchDesc): ?>
- <option value="<?=$this->escapeHtml($searchVal)?>"<?=($currRow && $currRow->getHandler() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
+ <option value="<?=$this->escapeHtmlAttr($searchVal)?>"<?=($currRow && $currRow->getHandler() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
<? endforeach; ?>
</select>
</div>
<div class="ui-block-b">
<select id="searchForm_op<?=$i?>_<?=$j?>" name="op<?=$i?>[]">
<? foreach ($this->options->getAdvancedOperators() as $searchVal => $searchDesc): ?>
- <option value="<?=$this->escapeHtml($searchVal)?>"<?=($currRow && $currRow->getOperator() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
+ <option value="<?=$this->escapeHtmlAttr($searchVal)?>"<?=($currRow && $currRow->getOperator() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
<? endforeach; ?>
</select>
</div>
<div class="ui-block-c">
- <input id="search_lookfor<?=$i?>_<?=$j?>" type="text" value="<?=$currRow?$this->escapeHtml($currRow->getString()):''?>" name="lookfor<?=$i?>[]" style="margin-top:.5em;height:28px"/>
+ <input id="search_lookfor<?=$i?>_<?=$j?>" type="text" value="<?=$currRow?$this->escapeHtmlAttr($currRow->getString()):''?>" name="lookfor<?=$i?>[]" style="margin-top:.5em;height:28px"/>
</div>
<? endfor; ?>
</fieldset>
<? endfor; ?>
<? $lastSort = $this->options->getLastSort(); ?>
<? if (!empty($lastSort)): ?>
- <input type="hidden" name="sort" value="<?=$this->escapeHtml($lastSort)?>" />
+ <input type="hidden" name="sort" value="<?=$this->escapeHtmlAttr($lastSort)?>" />
<? endif; ?>
<hr/>
<fieldset class="ui-grid-solo">
@@ -76,10 +76,10 @@
<?
/* Load hidden limit preference from Session */
if (!empty($lastLimit)) {
- echo '<input type="hidden" name="limit" value="' . $this->escapeHtml($lastLimit) . '" />';
+ echo '<input type="hidden" name="limit" value="' . $this->escapeHtmlAttr($lastLimit) . '" />';
}
if (!empty($lastSort)) {
- echo '<input type="hidden" name="sort" value="' . $this->escapeHtml($lastSort) . '" />';
+ echo '<input type="hidden" name="sort" value="' . $this->escapeHtmlAttr($lastSort) . '" />';
}
?>
</form>
diff --git a/themes/jquerymobile/templates/record/addtag.phtml b/themes/jquerymobile/templates/record/addtag.phtml
index 08d8e2e64f6d87d1adcbf0ecbd1ebeb6afa5ac2c..82d2a6a0ba29578dc62f07ef83d612564b55c099 100644
--- a/themes/jquerymobile/templates/record/addtag.phtml
+++ b/themes/jquerymobile/templates/record/addtag.phtml
@@ -7,8 +7,8 @@
<div data-role="content">
<form method="post" name="tagRecord" data-ajax="false">
<input type="hidden" name="submit" value="1" />
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<div data-role="fieldcontain">
<label for="addtag_tag"><?=$this->transEsc("Tags")?>:</label>
<input id="addtag_tag" type="text" name="tag" value=""/>
diff --git a/themes/jquerymobile/templates/record/cite.phtml b/themes/jquerymobile/templates/record/cite.phtml
index ef17dca544fc91d9a03d80cf825c37fdb4b720a0..adceff58dab0ecf09a343032e1062c16ecd2fa52 100644
--- a/themes/jquerymobile/templates/record/cite.phtml
+++ b/themes/jquerymobile/templates/record/cite.phtml
@@ -11,7 +11,7 @@
?>
<div data-role="page" id="Record-view">
<?=$this->mobileMenu()->header()?>
- <div class="record" data-role="content" data-record-id="<?=$this->escapeHtml($this->driver->getUniqueId())?>">
+ <div class="record" data-role="content" data-record-id="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>">
<? if (count($citations) == 0): ?>
<?=$this->transEsc('No citations are available for this record')?>
<? else: ?>
diff --git a/themes/jquerymobile/templates/record/comments-list.phtml b/themes/jquerymobile/templates/record/comments-list.phtml
index dd26920de57c595a9b70b6990f6c48b6f05cd4f0..dd57c17b7e3ed9adefce9b924cfcd25e76de46fe 100644
--- a/themes/jquerymobile/templates/record/comments-list.phtml
+++ b/themes/jquerymobile/templates/record/comments-list.phtml
@@ -9,7 +9,7 @@
<span class="ui-li-aside"><?=$this->escapeHtml(array_shift(explode(' ', $comment->created)))?></span>
</a>
<? if (($user = $this->auth()->isLoggedIn()) && $comment->user_id == $user->id): ?>
- <a rel="external" href="<?=$this->recordLink()->getActionUrl($this->driver, 'DeleteComment')?>?delete=<?=urlencode($comment->id)?>" data-comment-id="<?=$this->escapeHtml($comment->id)?>" class="deleteRecordComment">
+ <a rel="external" href="<?=$this->recordLink()->getActionUrl($this->driver, 'DeleteComment')?>?delete=<?=urlencode($comment->id)?>" data-comment-id="<?=$this->escapeHtmlAttr($comment->id)?>" class="deleteRecordComment">
<?=$this->transEsc('Delete')?>
</a>
<? endif; ?>
diff --git a/themes/jquerymobile/templates/record/email.phtml b/themes/jquerymobile/templates/record/email.phtml
index 004a30484956eb1be88fa5fbef3cabee69813d0d..1fd6c545b1faee74f7759ffeba093af793da292c 100644
--- a/themes/jquerymobile/templates/record/email.phtml
+++ b/themes/jquerymobile/templates/record/email.phtml
@@ -7,8 +7,8 @@
<div data-role="content">
<?=$this->flashmessages()?>
<form method="post" name="emailRecord" data-ajax="false">
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<div data-role="fieldcontain">
<label for="email_to"><?=$this->transEsc('To')?>:</label>
<input id="email_to" type="text" name="to" value="<?=isset($this->to) ? $this->to : ''?>" size="40" class="mainFocus <?=$this->jqueryValidation(array('required'=>'This field is required', 'email'=>'Email address is invalid'))?>"/>
diff --git a/themes/jquerymobile/templates/record/hold.phtml b/themes/jquerymobile/templates/record/hold.phtml
index d16dd524bf9da5904c2c313e312e6e1ea3217c2f..1e8dacf746d60aaf0aa02c305fb4d14c052cd2d0 100644
--- a/themes/jquerymobile/templates/record/hold.phtml
+++ b/themes/jquerymobile/templates/record/hold.phtml
@@ -48,7 +48,7 @@
</option>
<? endif; ?>
<? foreach ($this->requestGroups as $group): ?>
- <option value="<?=$this->escapeHtml($group['id'])?>"<?=($selected == $group['id']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($group['id'])?>"<?=($selected == $group['id']) ? ' selected="selected"' : ''?>>
<?=$this->transEsc('location_' . $group['name'], array(), $group['name'])?>
</option>
<? endforeach; ?>
@@ -71,7 +71,7 @@
<span id="pickUpLocationLabel"><strong><?=$this->transEsc("pick_up_location")?>:
<noscript> (<?=$this->transEsc("Please enable JavaScript.")?>)</noscript>
</strong></span>
- <select id="pickUpLocation" name="gatheredDetails[pickUpLocation]" data-default="<?=$this->escapeHtml($selected)?>">
+ <select id="pickUpLocation" name="gatheredDetails[pickUpLocation]" data-default="<?=$this->escapeHtmlAttr($selected)?>">
<? if ($selected === false): ?>
<option value="" selected="selected">
<?=$this->transEsc('select_pickup_location')?>
@@ -87,13 +87,13 @@
</option>
<? endif; ?>
<? foreach ($this->pickup as $lib): ?>
- <option value="<?=$this->escapeHtml($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
<?=$this->escapeHtml($lib['locationDisplay'])?>
</option>
<? endforeach; ?>
</select>
<? else: ?>
- <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtml($this->defaultPickup)?>" />
+ <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtmlAttr($this->defaultPickup)?>" />
<? endif; ?>
</div>
<? endif; ?>
diff --git a/themes/jquerymobile/templates/record/save.phtml b/themes/jquerymobile/templates/record/save.phtml
index fb22ba7a2240924cdc39bc175befec0afcc227d8..9ec7b0b6a12f334eb46925f2ebdfc0439967ab30 100644
--- a/themes/jquerymobile/templates/record/save.phtml
+++ b/themes/jquerymobile/templates/record/save.phtml
@@ -8,8 +8,8 @@
<h3><?=$this->transEsc("add_favorite_prefix") ?> <?=$this->escapeHtml($this->driver->getBreadcrumb())?> <?=$this->transEsc("add_favorite_suffix") ?></h3>
<form method="post" name="saveRecord" data-ajax="false">
<input type="hidden" name="submit" value="1" />
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId()) ?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId()) ?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<? if (!empty($this->containingLists)): ?>
<ul data-role="listview" data-dividertheme="e" data-inset="true">
<li data-role="list-divider"><?=$this->transEsc('This item is already part of the following list/lists') ?>:</li>
diff --git a/themes/jquerymobile/templates/record/sms.phtml b/themes/jquerymobile/templates/record/sms.phtml
index a7ee8000b7eea048a07732ba7435312c3f235c23..22c01fc7f54f833909d24c0c99a9b58d9e7ce27c 100644
--- a/themes/jquerymobile/templates/record/sms.phtml
+++ b/themes/jquerymobile/templates/record/sms.phtml
@@ -7,8 +7,8 @@
<div data-role="content">
<?=$this->flashmessages()?>
<form method="post" action="" name="smsRecord" data-ajax="false">
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<div data-role="fieldcontain">
<label for="sms_to"><?=$this->transEsc('Number')?>:</label>
<input id="sms_to" type="text" name="to" value="<?=isset($this->to) ? $this->to : ''?>" />
@@ -17,7 +17,7 @@
<select id="sms_provider" name="provider" class="<?=$this->jqueryValidation(array('required'=>'This field is required'))?>">
<option selected="selected" value=""><?=$this->transEsc('Select your carrier')?></option>
<? foreach ($this->carriers as $val => $details): ?>
- <option<?=(isset($this->provider) && $val == $this->provider) ? ' selected="selected"' : ''?> value="<?=$this->escapeHtml($val)?>"><?=$this->escapeHtml($details['name'])?></option>
+ <option<?=(isset($this->provider) && $val == $this->provider) ? ' selected="selected"' : ''?> value="<?=$this->escapeHtmlAttr($val)?>"><?=$this->escapeHtml($details['name'])?></option>
<? endforeach; ?>
</select>
<? else: ?>
diff --git a/themes/jquerymobile/templates/record/view.phtml b/themes/jquerymobile/templates/record/view.phtml
index 7a9daa50018c7464dada6cb70bbf499276137e04..91373a0842339f84d8d109c690a471a946b7c055 100644
--- a/themes/jquerymobile/templates/record/view.phtml
+++ b/themes/jquerymobile/templates/record/view.phtml
@@ -11,7 +11,7 @@
?>
<div data-role="page" id="Record-view">
<?=$this->mobileMenu()->header(array('searchLink' => $this->searchOptions($this->searchClassId)->getSearchHomeAction()))?>
- <div class="record" data-role="content" data-record-id="<?=$this->escapeHtml($this->driver->getUniqueId())?>">
+ <div class="record" data-role="content" data-record-id="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>">
<?=$this->flashmessages()?>
<? if ($this->activeTab == $this->defaultTab): ?>
<?=$this->record($this->driver)->getCoreMetadata()?>
diff --git a/themes/jquerymobile/templates/search/advanced.phtml b/themes/jquerymobile/templates/search/advanced.phtml
index fddff1387259b8756efda71c37ab372945f4230c..36e135d00940d31695fb1b0ac78db118337b1607 100644
--- a/themes/jquerymobile/templates/search/advanced.phtml
+++ b/themes/jquerymobile/templates/search/advanced.phtml
@@ -30,7 +30,7 @@
<div class="ui-block-b">
<select id="searchForm_type" name="type0[]" data-mini="true">
<? foreach ($options->getBasicHandlers() as $searchVal => $searchDesc): ?>
- <option value="<?=$this->escapeHtml($searchVal)?>"<?=$this->searchIndex == $searchVal ? ' selected="selected"' : ''?>><?=$this->transEsc($searchDesc)?></option>
+ <option value="<?=$this->escapeHtmlAttr($searchVal)?>"<?=$this->searchIndex == $searchVal ? ' selected="selected"' : ''?>><?=$this->transEsc($searchDesc)?></option>
<? endforeach; ?>
</select>
</div>
@@ -50,10 +50,10 @@
<?
/* Load hidden limit preference from Session */
if (!empty($lastLimit)) {
- echo '<input type="hidden" name="limit" value="' . $this->escapeHtml($lastLimit) . '" />';
+ echo '<input type="hidden" name="limit" value="' . $this->escapeHtmlAttr($lastLimit) . '" />';
}
if (!empty($lastSort)) {
- echo '<input type="hidden" name="sort" value="' . $this->escapeHtml($lastSort) . '" />';
+ echo '<input type="hidden" name="sort" value="' . $this->escapeHtmlAttr($lastSort) . '" />';
}
?>
</form>
diff --git a/themes/jquerymobile/templates/search/email.phtml b/themes/jquerymobile/templates/search/email.phtml
index b16cac584596fe716a1a5cbc23776c61ebd2f040..e3e629aae144bb3f49ccc0e6def9747052ac07ab 100644
--- a/themes/jquerymobile/templates/search/email.phtml
+++ b/themes/jquerymobile/templates/search/email.phtml
@@ -7,7 +7,7 @@
<div data-role="content">
<?=$this->flashmessages()?>
<form method="post" name="emailSearch" data-ajax="false">
- <input type="hidden" name="url" value="<?=$this->escapeHtml($this->url)?>" />
+ <input type="hidden" name="url" value="<?=$this->escapeHtmlAttr($this->url)?>" />
<div data-role="fieldcontain">
<label for="email_to"><?=$this->transEsc('To')?>:</label>
<input id="email_to" type="text" name="to" value="<?=isset($this->to) ? $this->to : ''?>" size="40" />
diff --git a/themes/jquerymobile/templates/search/home.phtml b/themes/jquerymobile/templates/search/home.phtml
index 57e2620860c45a703ba91ae9277073ebfd00db54..8ceb6c2a766cd38b5005258880848daa125db3c5 100644
--- a/themes/jquerymobile/templates/search/home.phtml
+++ b/themes/jquerymobile/templates/search/home.phtml
@@ -10,7 +10,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_home_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? endif; ?>
diff --git a/themes/jquerymobile/templates/search/newitem.phtml b/themes/jquerymobile/templates/search/newitem.phtml
index 589dea6e6680989487c647576b1954af137e9241..8a05ea56f2627d599af3c1211d8a555e2656e39e 100644
--- a/themes/jquerymobile/templates/search/newitem.phtml
+++ b/themes/jquerymobile/templates/search/newitem.phtml
@@ -14,8 +14,8 @@
<fieldset data-role="controlgroup">
<legend><?=$this->transEsc('Range')?>:</legend>
<? foreach ($this->ranges as $key => $range): ?>
- <input id="newitem_range_<?=$this->escapeHtml($key)?>" type="radio" name="range" value="<?=$this->escapeHtml($range)?>"<?= ($key == 0) ? ' checked="checked"' : ''?>/>
- <label for="newitem_range_<?=$this->escapeHtml($key)?>">
+ <input id="newitem_range_<?=$this->escapeHtmlAttr($key)?>" type="radio" name="range" value="<?=$this->escapeHtmlAttr($range)?>"<?= ($key == 0) ? ' checked="checked"' : ''?>/>
+ <label for="newitem_range_<?=$this->escapeHtmlAttr($key)?>">
<?=($range == 1) ? $this->transEsc('Yesterday') : $this->transEsc('Past') . ' ' . $this->escapeHtml($range) . ' ' . $this->transEsc('Days')?>
</label>
<? endforeach; ?>
@@ -26,7 +26,7 @@
<label for="newitem_department"><?=$this->transEsc('Department')?>:</label>
<select id="newitem_department" name="department">
<? foreach ($this->fundList as $fundId => $fund): ?>
- <option value="<?=$this->escapeHtml($fundId)?>"><?=$this->escapeHtml($fund)?></option>
+ <option value="<?=$this->escapeHtmlAttr($fundId)?>"><?=$this->escapeHtml($fund)?></option>
<? endforeach; ?>
</select>
</div>
diff --git a/themes/jquerymobile/templates/search/reserves.phtml b/themes/jquerymobile/templates/search/reserves.phtml
index 264148322d1a00b479565837989c29d0e7f22a7d..e8ab8320c25339cf67d09f91e27d1858bf65ba1c 100644
--- a/themes/jquerymobile/templates/search/reserves.phtml
+++ b/themes/jquerymobile/templates/search/reserves.phtml
@@ -13,7 +13,7 @@
<select name="course" id="reserves_by_course">
<option></option>
<? foreach ($this->courseList as $courseId => $courseName): ?>
- <option value="<?=$this->escapeHtml($courseId)?>"><?=$this->escapeHtml($courseName)?></option>
+ <option value="<?=$this->escapeHtmlAttr($courseId)?>"><?=$this->escapeHtml($courseName)?></option>
<? endforeach; ?>
</select>
</div>
@@ -30,7 +30,7 @@
<select name="inst" id="reserves_by_inst">
<option></option>
<? foreach ($this->instList as $instId => $instName): ?>
- <option value="<?=$this->escapeHtml($instId)?>"><?=$this->escapeHtml($instName)?></option>
+ <option value="<?=$this->escapeHtmlAttr($instId)?>"><?=$this->escapeHtml($instName)?></option>
<? endforeach; ?>
</select>
</div>
@@ -47,7 +47,7 @@
<select name="dept" id="reserves_by_dept">
<option></option>
<? foreach ($this->deptList as $deptId => $deptName): ?>
- <option value="<?=$this->escapeHtml($deptId)?>"><?=$this->escapeHtml($deptName)?></option>
+ <option value="<?=$this->escapeHtmlAttr($deptId)?>"><?=$this->escapeHtml($deptName)?></option>
<? endforeach; ?>
</select>
</div>
diff --git a/themes/jquerymobile/templates/search/reservessearch.phtml b/themes/jquerymobile/templates/search/reservessearch.phtml
index c55c0a74d843ab239df7e3d01cad09f18ad726e6..adfba79ba1d5a04688f902c1dd304435734c36d9 100644
--- a/themes/jquerymobile/templates/search/reservessearch.phtml
+++ b/themes/jquerymobile/templates/search/reservessearch.phtml
@@ -13,7 +13,7 @@
<form method="get" name="reservesSearchForm" class="search" data-ajax="false">
<div data-role="fieldcontain">
<label for="reservesSearchForm_lookfor" class="offscreen"><?=$this->transEsc("Your search terms")?></label>
- <input id="reservesSearchForm_lookfor" type="text" name="lookfor" size="40" value="<?=$this->escapeHtml($reservesLookfor)?>" <?=$this->searchOptions('SolrReserves')->autocompleteEnabled() ? ' class="autocomplete searcher:SolrReserves type:Reserves"' : ''?> />
+ <input id="reservesSearchForm_lookfor" type="text" name="lookfor" size="40" value="<?=$this->escapeHtmlAttr($reservesLookfor)?>" <?=$this->searchOptions('SolrReserves')->autocompleteEnabled() ? ' class="autocomplete searcher:SolrReserves type:Reserves"' : ''?> />
</div>
<div data-role="fieldcontain">
<input type="submit" name="submit" value="<?=$this->transEsc("Find")?>"/>
@@ -33,7 +33,7 @@
<ul class="results" data-role="listview" data-split-icon="plus" data-split-theme="c">
<? foreach ($this->results->getResults() as $record): ?>
<?
- $url = $this->currentPath() . $this->escapeHtml(
+ $url = $this->currentPath() . $this->escapeHtmlAttr(
'?inst=' . urlencode($record->getInstructorId())
. '&course=' . urlencode($record->getCourseId())
. '&dept=' . urlencode($record->getDepartmentId())
diff --git a/themes/jquerymobile/templates/search/searchbox.phtml b/themes/jquerymobile/templates/search/searchbox.phtml
index 875741a7b40274941eeac3c6381f86822e689a63..000af3d404cbee374dff7d2c479f543aa7fc02df 100644
--- a/themes/jquerymobile/templates/search/searchbox.phtml
+++ b/themes/jquerymobile/templates/search/searchbox.phtml
@@ -19,17 +19,17 @@
<label class="offscreen" for="searchForm_lookfor">
<?=$this->transEsc("Search")?>
</label>
- <input type="search" placeholder="<?=$this->transEsc("Search")?>" name="lookfor" id="searchForm_lookfor" value="<?=$this->escapeHtml($this->lookfor)?>"/>
+ <input type="search" placeholder="<?=$this->transEsc("Search")?>" name="lookfor" id="searchForm_lookfor" value="<?=$this->escapeHtmlAttr($this->lookfor)?>"/>
<label class="offscreen" for="searchForm_type"><?=$this->transEsc("Search Type")?></label>
<? if ($handlerCount > 1): ?>
<select id="searchForm_type" name="type" data-native-menu="false">
<? foreach ($handlers as $handler): ?>
- <option value="<?=$this->escapeHtml($handler['value'])?>"<?=$handler['selected'] ? ' selected="selected"' : ''?>><?=$handler['indent'] ? '-- ' : ''?><?=$this->transEsc($handler['label'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($handler['value'])?>"<?=$handler['selected'] ? ' selected="selected"' : ''?>><?=$handler['indent'] ? '-- ' : ''?><?=$this->transEsc($handler['label'])?></option>
<? endforeach; ?>
</select>
<? elseif ($handlerCount == 1): ?>
- <input type="hidden" name="type" value="<?=$this->escapeHtml($handlers[0]['value'])?>" />
+ <input type="hidden" name="type" value="<?=$this->escapeHtmlAttr($handlers[0]['value'])?>" />
<? endif; ?>
<div data-role="fieldcontain">
<input type="submit" data-theme="b" name="submit" value="<?=$this->transEsc("Find")?>"/>
@@ -37,14 +37,14 @@
<?
/* Show hidden field for active search class when in combined handler mode. */
if ($this->searchbox()->combinedHandlersActive()) {
- echo '<input type="hidden" name="activeSearchClassId" value="' . $this->escapeHtml($this->searchClassId) . '" />';
+ echo '<input type="hidden" name="activeSearchClassId" value="' . $this->escapeHtmlAttr($this->searchClassId) . '" />';
}
/* Load hidden limit preference from Session */
if (!empty($lastLimit)) {
- echo '<input type="hidden" name="limit" value="' . $this->escapeHtml($lastLimit) . '" />';
+ echo '<input type="hidden" name="limit" value="' . $this->escapeHtmlAttr($lastLimit) . '" />';
}
if (!empty($lastSort)) {
- echo '<input type="hidden" name="sort" value="' . $this->escapeHtml($lastSort) . '" />';
+ echo '<input type="hidden" name="sort" value="' . $this->escapeHtmlAttr($lastSort) . '" />';
}
?>
</form>