From f0bbe7c8b7bb54d07b933f5bbd87c08cc0549e04 Mon Sep 17 00:00:00 2001
From: Demian Katz <demian.katz@villanova.edu>
Date: Wed, 4 Jun 2014 12:50:10 -0400
Subject: [PATCH] Use escapeHtmlAttr() where appropriate.
---
.../templates/Auth/AbstractBase/login.phtml | 2 +-
.../Auth/AbstractBase/loginfields.phtml | 2 +-
.../templates/Auth/Database/create.phtml | 8 ++---
.../templates/Auth/MultiILS/loginfields.phtml | 4 +--
.../templates/Auth/Shibboleth/login.phtml | 2 +-
.../blueprint/templates/Helpers/openurl.phtml | 12 +++----
.../templates/Recommend/AuthorInfo.phtml | 4 +--
.../Recommend/CollectionSideFacets.phtml | 4 +--
.../Recommend/EuropeanaResults.phtml | 6 ++--
.../Recommend/OpenLibrarySubjects.phtml | 4 +--
.../templates/Recommend/RandomRecommend.phtml | 4 +--
.../templates/Recommend/SideFacets.phtml | 32 +++++++++----------
.../templates/Recommend/SummonBestBets.phtml | 2 +-
.../templates/Recommend/SummonDatabases.phtml | 2 +-
.../templates/Recommend/SummonTopics.phtml | 2 +-
.../templates/Recommend/WebResults.phtml | 2 +-
.../RecordDriver/LibGuides/result-list.phtml | 2 +-
.../RecordDriver/Pazpar2/result-list.phtml | 10 +++---
.../SolrDefault/collection-info.phtml | 8 ++---
.../RecordDriver/SolrDefault/core.phtml | 10 +++---
.../RecordDriver/SolrDefault/list-entry.phtml | 10 +++---
.../SolrDefault/result-grid.phtml | 12 +++----
.../SolrDefault/result-list.phtml | 16 +++++-----
.../RecordDriver/SolrDefault/toolbar.phtml | 4 +--
.../RecordDriver/SolrWeb/result-list.phtml | 2 +-
.../templates/RecordTab/hierarchytree.phtml | 4 +--
.../templates/RecordTab/holdingsils.phtml | 10 +++---
.../RecordTab/holdingsworldcat.phtml | 2 +-
.../templates/RecordTab/reviews.phtml | 2 +-
.../templates/RecordTab/usercomments.phtml | 4 +--
.../templates/admin/tags/checkbox.phtml | 4 +--
.../templates/ajax/export-favorites.phtml | 2 +-
.../templates/ajax/resolverLinks.phtml | 8 ++---
.../templates/ajax/resultgooglemapinfo.phtml | 2 +-
.../templates/alphabrowse/home.phtml | 18 +++++------
themes/blueprint/templates/cart/email.phtml | 2 +-
.../templates/cart/export-success.phtml | 2 +-
themes/blueprint/templates/cart/export.phtml | 4 +--
themes/blueprint/templates/cart/save.phtml | 2 +-
.../blueprint/templates/collection/view.phtml | 6 ++--
.../templates/collections/home.phtml | 12 +++----
.../blueprint/templates/confirm/confirm.phtml | 8 ++---
themes/blueprint/templates/error/index.phtml | 2 +-
themes/blueprint/templates/header.phtml | 2 +-
.../templates/install/fixdatabase.phtml | 8 ++---
.../blueprint/templates/install/fixils.phtml | 2 +-
.../blueprint/templates/install/fixsolr.phtml | 2 +-
.../blueprint/templates/layout/layout.phtml | 2 +-
.../templates/myresearch/cataloglogin.phtml | 2 +-
.../templates/myresearch/checkedout.phtml | 10 +++---
.../templates/myresearch/delete.phtml | 4 +--
.../blueprint/templates/myresearch/edit.phtml | 4 +--
.../templates/myresearch/holds.phtml | 10 +++---
.../templates/myresearch/illrequests.phtml | 10 +++---
.../templates/myresearch/login.phtml | 2 +-
.../templates/myresearch/mylist.phtml | 4 +--
.../templates/myresearch/profile.phtml | 2 +-
.../myresearch/storageretrievalrequests.phtml | 10 +++---
.../blueprint/templates/primo/advanced.phtml | 10 +++---
.../blueprint/templates/record/addtag.phtml | 4 +--
.../blueprint/templates/record/checkbox.phtml | 4 +--
themes/blueprint/templates/record/email.phtml | 4 +--
themes/blueprint/templates/record/hold.phtml | 8 ++---
.../templates/record/illrequest.phtml | 8 ++---
themes/blueprint/templates/record/save.phtml | 4 +--
themes/blueprint/templates/record/sms.phtml | 6 ++--
.../record/storageretrievalrequest.phtml | 12 +++----
themes/blueprint/templates/record/view.phtml | 6 ++--
.../search/advanced/checkbox-filters.phtml | 4 +--
.../templates/search/advanced/layout.phtml | 10 +++---
.../templates/search/advanced/limit.phtml | 2 +-
.../templates/search/advanced/ranges.phtml | 10 +++---
.../templates/search/advanced/solr.phtml | 10 +++---
.../templates/search/advanced/summon.phtml | 6 ++--
.../templates/search/controls/limit.phtml | 2 +-
.../templates/search/controls/sort.phtml | 2 +-
themes/blueprint/templates/search/email.phtml | 2 +-
themes/blueprint/templates/search/home.phtml | 2 +-
.../blueprint/templates/search/newitem.phtml | 6 ++--
.../blueprint/templates/search/reserves.phtml | 6 ++--
.../templates/search/reservessearch.phtml | 4 +--
.../templates/search/searchbox.phtml | 22 ++++++-------
.../templates/upgrade/getdbcredentials.phtml | 2 +-
.../SolrDefault/result-list.phtml | 16 +++++-----
themes/bootprint/templates/header.phtml | 2 +-
.../myresearch/bulk-action-buttons.phtml | 6 ++--
.../templates/myresearch/checkedout.phtml | 10 +++---
.../templates/myresearch/holds.phtml | 10 +++---
.../myresearch/storageretrievalrequests.phtml | 10 +++---
themes/bootprint/templates/search/home.phtml | 2 +-
.../templates/Auth/AbstractBase/login.phtml | 2 +-
.../Auth/AbstractBase/loginfields.phtml | 2 +-
.../templates/Auth/Database/create.phtml | 8 ++---
.../templates/Auth/MultiILS/loginfields.phtml | 4 +--
.../templates/Auth/Shibboleth/login.phtml | 2 +-
.../bootstrap/templates/Helpers/openurl.phtml | 12 +++----
.../templates/Recommend/AuthorInfo.phtml | 4 +--
.../Recommend/CollectionSideFacets.phtml | 4 +--
.../Recommend/EuropeanaResults.phtml | 6 ++--
.../Recommend/OpenLibrarySubjects.phtml | 4 +--
.../templates/Recommend/RandomRecommend.phtml | 4 +--
.../templates/Recommend/SideFacets.phtml | 22 ++++++-------
.../templates/Recommend/SummonBestBets.phtml | 2 +-
.../templates/Recommend/SummonDatabases.phtml | 2 +-
.../templates/Recommend/SummonTopics.phtml | 2 +-
.../templates/Recommend/WebResults.phtml | 2 +-
.../RecordDriver/LibGuides/result-list.phtml | 2 +-
.../RecordDriver/Pazpar2/result-list.phtml | 10 +++---
.../SolrDefault/collection-info.phtml | 10 +++---
.../RecordDriver/SolrDefault/core.phtml | 10 +++---
.../RecordDriver/SolrDefault/list-entry.phtml | 8 ++---
.../SolrDefault/result-grid.phtml | 10 +++---
.../SolrDefault/result-list.phtml | 16 +++++-----
.../RecordDriver/SolrDefault/toolbar.phtml | 6 ++--
.../RecordDriver/SolrWeb/result-list.phtml | 2 +-
.../templates/RecordTab/hierarchytree.phtml | 4 +--
.../templates/RecordTab/holdingsils.phtml | 10 +++---
.../RecordTab/holdingsworldcat.phtml | 2 +-
.../templates/RecordTab/reviews.phtml | 2 +-
.../templates/RecordTab/usercomments.phtml | 4 +--
.../templates/admin/tags/checkbox.phtml | 4 +--
.../templates/ajax/export-favorites.phtml | 2 +-
.../templates/ajax/resolverLinks.phtml | 8 ++---
.../templates/ajax/resultgooglemapinfo.phtml | 2 +-
.../templates/alphabrowse/home.phtml | 14 ++++----
themes/bootstrap/templates/cart/email.phtml | 2 +-
.../templates/cart/export-success.phtml | 2 +-
themes/bootstrap/templates/cart/export.phtml | 4 +--
themes/bootstrap/templates/cart/save.phtml | 2 +-
.../bootstrap/templates/collection/view.phtml | 6 ++--
.../templates/collections/home.phtml | 12 +++----
.../bootstrap/templates/confirm/confirm.phtml | 8 ++---
themes/bootstrap/templates/error/index.phtml | 2 +-
.../templates/error/unavailable.phtml | 2 +-
themes/bootstrap/templates/footer.phtml | 2 +-
themes/bootstrap/templates/header.phtml | 2 +-
.../templates/install/fixdatabase.phtml | 8 ++---
.../bootstrap/templates/install/fixils.phtml | 2 +-
.../bootstrap/templates/install/fixsolr.phtml | 2 +-
.../myresearch/bulk-action-buttons.phtml | 6 ++--
.../templates/myresearch/cataloglogin.phtml | 2 +-
.../templates/myresearch/checkedout.phtml | 10 +++---
.../templates/myresearch/delete.phtml | 4 +--
.../bootstrap/templates/myresearch/edit.phtml | 4 +--
.../templates/myresearch/export.phtml | 10 +++---
.../templates/myresearch/holds.phtml | 10 +++---
.../templates/myresearch/illrequests.phtml | 10 +++---
.../templates/myresearch/login.phtml | 2 +-
.../templates/myresearch/profile.phtml | 2 +-
.../myresearch/storageretrievalrequests.phtml | 10 +++---
.../bootstrap/templates/primo/advanced.phtml | 10 +++---
.../bootstrap/templates/record/addtag.phtml | 4 +--
themes/bootstrap/templates/record/email.phtml | 4 +--
themes/bootstrap/templates/record/hold.phtml | 10 +++---
.../templates/record/illrequest.phtml | 10 +++---
themes/bootstrap/templates/record/save.phtml | 4 +--
themes/bootstrap/templates/record/sms.phtml | 6 ++--
.../record/storageretrievalrequest.phtml | 12 +++----
themes/bootstrap/templates/record/view.phtml | 8 ++---
.../search/advanced/checkbox-filters.phtml | 2 +-
.../templates/search/advanced/limit.phtml | 2 +-
.../templates/search/advanced/ranges.phtml | 8 ++---
.../templates/search/advanced/solr.phtml | 10 +++---
.../templates/search/advanced/summon.phtml | 6 ++--
.../templates/search/controls/limit.phtml | 2 +-
.../templates/search/controls/sort.phtml | 2 +-
themes/bootstrap/templates/search/email.phtml | 2 +-
themes/bootstrap/templates/search/home.phtml | 2 +-
.../bootstrap/templates/search/newitem.phtml | 4 +--
.../bootstrap/templates/search/reserves.phtml | 6 ++--
.../templates/search/reservessearch.phtml | 4 +--
.../templates/search/searchbox.phtml | 22 ++++++-------
.../templates/upgrade/getdbcredentials.phtml | 2 +-
.../templates/Auth/AbstractBase/login.phtml | 2 +-
.../Auth/AbstractBase/loginfields.phtml | 2 +-
.../templates/Auth/Database/create.phtml | 8 ++---
.../templates/Auth/Shibboleth/login.phtml | 2 +-
.../templates/Helpers/openurl.phtml | 8 ++---
.../RecordDriver/LibGuides/result-list.phtml | 2 +-
.../RecordDriver/Pazpar2/result-list.phtml | 4 +--
.../RecordDriver/SolrDefault/core.phtml | 6 ++--
.../RecordDriver/SolrDefault/list-entry.phtml | 4 +--
.../SolrDefault/result-list.phtml | 4 +--
.../RecordDriver/SolrWeb/result-list.phtml | 2 +-
.../templates/RecordTab/holdingsils.phtml | 2 +-
.../RecordTab/holdingsworldcat.phtml | 2 +-
.../templates/RecordTab/reviews.phtml | 2 +-
.../templates/RecordTab/usercomments.phtml | 4 +--
.../templates/alphabrowse/home.phtml | 12 +++----
.../templates/collection/view.phtml | 2 +-
.../templates/confirm/confirm.phtml | 8 ++---
.../templates/error/unavailable.phtml | 2 +-
.../templates/myresearch/cataloglogin.phtml | 2 +-
.../templates/myresearch/checkedout.phtml | 4 +--
.../templates/myresearch/holds.phtml | 4 +--
.../templates/myresearch/login.phtml | 2 +-
.../templates/primo/advanced.phtml | 12 +++----
.../templates/record/addtag.phtml | 4 +--
.../jquerymobile/templates/record/cite.phtml | 2 +-
.../templates/record/comments-list.phtml | 2 +-
.../jquerymobile/templates/record/email.phtml | 4 +--
.../jquerymobile/templates/record/hold.phtml | 8 ++---
.../jquerymobile/templates/record/save.phtml | 4 +--
.../jquerymobile/templates/record/sms.phtml | 6 ++--
.../jquerymobile/templates/record/view.phtml | 2 +-
.../templates/search/advanced.phtml | 6 ++--
.../jquerymobile/templates/search/email.phtml | 2 +-
.../jquerymobile/templates/search/home.phtml | 2 +-
.../templates/search/newitem.phtml | 6 ++--
.../templates/search/reserves.phtml | 6 ++--
.../templates/search/reservessearch.phtml | 4 +--
.../templates/search/searchbox.phtml | 12 +++----
212 files changed, 597 insertions(+), 597 deletions(-)
diff --git a/themes/blueprint/templates/Auth/AbstractBase/login.phtml b/themes/blueprint/templates/Auth/AbstractBase/login.phtml
index ee38214e7d5..13e7018fe5e 100644
--- a/themes/blueprint/templates/Auth/AbstractBase/login.phtml
+++ b/themes/blueprint/templates/Auth/AbstractBase/login.phtml
@@ -19,5 +19,5 @@
<a class="forgot_password" href="<?=$this->url('myresearch-recover')?>"><?=$this->transEsc('Forgot Password')?></a>
<? endif; ?>
<? else: ?>
- <a href="<?=$this->escapeHtml($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
+ <a href="<?=$this->escapeHtmlAttr($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
<? endif; ?>
diff --git a/themes/blueprint/templates/Auth/AbstractBase/loginfields.phtml b/themes/blueprint/templates/Auth/AbstractBase/loginfields.phtml
index 707a379f5e4..3398d2bf4a6 100644
--- a/themes/blueprint/templates/Auth/AbstractBase/loginfields.phtml
+++ b/themes/blueprint/templates/Auth/AbstractBase/loginfields.phtml
@@ -1,5 +1,5 @@
<label class="span-2" for="login_username"><?=$this->transEsc('Username')?>:</label>
-<input id="login_username" type="text" name="username" value="<?=$this->escapeHtml($this->request->get('username'))?>" size="15" class="mainFocus <?=$this->jqueryValidation(array('required'=>'This field is required'))?>"/>
+<input id="login_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>" size="15" class="mainFocus <?=$this->jqueryValidation(array('required'=>'This field is required'))?>"/>
<br class="clear"/>
<label class="span-2" for="login_password"><?=$this->transEsc('Password')?>:</label>
<input id="login_password" type="password" name="password" size="15" class="<?=$this->jqueryValidation(array('required'=>'This field is required'))?>"/>
diff --git a/themes/blueprint/templates/Auth/Database/create.phtml b/themes/blueprint/templates/Auth/Database/create.phtml
index ebdcaaed0d9..340d5ae37d6 100644
--- a/themes/blueprint/templates/Auth/Database/create.phtml
+++ b/themes/blueprint/templates/Auth/Database/create.phtml
@@ -1,14 +1,14 @@
<label class="span-3" for="account_firstname"><?=$this->transEsc('First Name')?>:</label>
-<input id="account_firstname" type="text" name="firstname" value="<?=$this->escapeHtml($this->request->get('firstname'))?>" size="30"
+<input id="account_firstname" type="text" name="firstname" value="<?=$this->escapeHtmlAttr($this->request->get('firstname'))?>" size="30"
class="mainFocus <?=$this->jqueryValidation(array('required'=>'This field is required'))?>"/><br class="clear"/>
<label class="span-3" for="account_lastname"><?=$this->transEsc('Last Name')?>:</label>
-<input id="account_lastname" type="text" name="lastname" value="<?=$this->escapeHtml($this->request->get('lastname'))?>" size="30"
+<input id="account_lastname" type="text" name="lastname" value="<?=$this->escapeHtmlAttr($this->request->get('lastname'))?>" size="30"
class="<?=$this->jqueryValidation(array('required'=>'This field is required'))?>"/><br class="clear"/>
<label class="span-3" for="account_email"><?=$this->transEsc('Email Address')?>:</label>
-<input id="account_email" type="text" name="email" value="<?=$this->escapeHtml($this->request->get('email'))?>" size="30"
+<input id="account_email" type="text" name="email" value="<?=$this->escapeHtmlAttr($this->request->get('email'))?>" size="30"
class="<?=$this->jqueryValidation(array('required'=>'This field is required', 'email'=>'Email address is invalid'))?>"/><br class="clear"/>
<label class="span-3" for="account_username"><?=$this->transEsc('Desired Username')?>:</label>
-<input id="account_username" type="text" name="username" value="<?=$this->escapeHtml($this->request->get('username'))?>" size="30"
+<input id="account_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>" size="30"
class="<?=$this->jqueryValidation(array('required'=>'This field is required'))?>"/><br class="clear"/>
<label class="span-3" for="account_password"><?=$this->transEsc('Password')?>:</label>
<input id="account_password" type="password" name="password" size="15"
diff --git a/themes/blueprint/templates/Auth/MultiILS/loginfields.phtml b/themes/blueprint/templates/Auth/MultiILS/loginfields.phtml
index 0280a810eed..fd5dd3c1a39 100644
--- a/themes/blueprint/templates/Auth/MultiILS/loginfields.phtml
+++ b/themes/blueprint/templates/Auth/MultiILS/loginfields.phtml
@@ -2,12 +2,12 @@
<?$currentTarget = $this->request->get('target'); if (!$currentTarget) $currentTarget = $this->auth()->getManager()->getDefaultLoginTarget();?>
<select id="login_target" name="target">
<?foreach ($this->auth()->getManager()->getLoginTargets() as $target):?>
- <option value="<?=$this->escapeHtml($target)?>"<?=($target == $currentTarget ? ' selected="selected"' : '')?>><?=$this->transEsc("source_$target", null, $target)?></option>
+ <option value="<?=$this->escapeHtmlAttr($target)?>"<?=($target == $currentTarget ? ' selected="selected"' : '')?>><?=$this->transEsc("source_$target", null, $target)?></option>
<? endforeach ?>
</select>
<br class="clear"/>
<label class="span-2" for="login_username"><?=$this->transEsc('Username')?>:</label>
-<input id="login_username" type="text" name="username" value="<?=$this->escapeHtml($this->request->get('username'))?>" size="15" class="mainFocus <?=$this->jqueryValidation(array('required'=>'This field is required'))?>"/>
+<input id="login_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>" size="15" class="mainFocus <?=$this->jqueryValidation(array('required'=>'This field is required'))?>"/>
<br class="clear"/>
<label class="span-2" for="login_password"><?=$this->transEsc('Password')?>:</label>
<input id="login_password" type="password" name="password" size="15" class="<?=$this->jqueryValidation(array('required'=>'This field is required'))?>"/>
diff --git a/themes/blueprint/templates/Auth/Shibboleth/login.phtml b/themes/blueprint/templates/Auth/Shibboleth/login.phtml
index 94f44ef3d93..3feb62a33fd 100644
--- a/themes/blueprint/templates/Auth/Shibboleth/login.phtml
+++ b/themes/blueprint/templates/Auth/Shibboleth/login.phtml
@@ -1,3 +1,3 @@
<? $account = $this->auth()->getManager(); ?>
<? $sessionInitiator = $account->getSessionInitiator($this->serverUrl($this->url('myresearch-home'))); ?>
-<a href="<?=$this->escapeHtml($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
+<a href="<?=$this->escapeHtmlAttr($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
diff --git a/themes/blueprint/templates/Helpers/openurl.phtml b/themes/blueprint/templates/Helpers/openurl.phtml
index ffddfedadd2..fb2dbd91658 100644
--- a/themes/blueprint/templates/Helpers/openurl.phtml
+++ b/themes/blueprint/templates/Helpers/openurl.phtml
@@ -3,25 +3,25 @@
if ($this->openUrlEmbed) {
$class = ' class="fulltext openUrlEmbed openurl_id:' . $this->openUrlId . '"';
} elseif ($this->openUrlWindow) {
- $class = ' class="fulltext openUrlWindow window_settings:' . $this->escapeHtml($this->openUrlWindow) . '"';
+ $class = ' class="fulltext openUrlWindow window_settings:' . $this->escapeHtmlAttr($this->openUrlWindow) . '"';
} else {
$class = '';
}
?>
-<a href="<?=$this->escapeHtml($this->openUrlBase . '?' . $this->openUrl)?>"<?=$class?>>
+<a href="<?=$this->escapeHtmlAttr($this->openUrlBase . '?' . $this->openUrl)?>"<?=$class?>>
<? /* put the openUrl here in a span (COinS almost) so we can retrieve it later */ ?>
- <span title="<?=$this->escapeHtml($this->openUrl)?>" class="openUrl"></span>
+ <span title="<?=$this->escapeHtmlAttr($this->openUrl)?>" class="openUrl"></span>
<? if ($this->openUrlGraphic): ?>
<?
$style = '';
if ($this->openUrlGraphicWidth) {
- $style .= 'width:' . $this->escapeHtml($this->openUrlGraphicWidth) . 'px;';
+ $style .= 'width:' . $this->escapeHtmlAttr($this->openUrlGraphicWidth) . 'px;';
}
if ($this->openUrlGraphicHeight) {
- $style .= 'height:' . $this->escapeHtml($this->openUrlGraphicHeight) . 'px;';
+ $style .= 'height:' . $this->escapeHtmlAttr($this->openUrlGraphicHeight) . 'px;';
}
?>
- <img src="<?=$this->escapeHtml($this->openUrlGraphic)?>" alt="<?=$this->transEsc('Get full text')?>" style="<?=$style?>" />
+ <img src="<?=$this->escapeHtmlAttr($this->openUrlGraphic)?>" alt="<?=$this->transEsc('Get full text')?>" style="<?=$style?>" />
<? else: ?>
<?=$this->transEsc('Get full text')?>
<? endif; ?>
diff --git a/themes/blueprint/templates/Recommend/AuthorInfo.phtml b/themes/blueprint/templates/Recommend/AuthorInfo.phtml
index baeb778dbd8..9609eb13f67 100644
--- a/themes/blueprint/templates/Recommend/AuthorInfo.phtml
+++ b/themes/blueprint/templates/Recommend/AuthorInfo.phtml
@@ -4,12 +4,12 @@
<h2><?=$this->info['name'] ?></h2>
<? if (isset($this->info['image'])): ?>
- <img src="<?=$this->info['image'] ?>" alt="<?=$this->escapeHtml($this->info['altimage']) ?>" width="150px" class="alignleft recordcover"/>
+ <img src="<?=$this->info['image'] ?>" alt="<?=$this->escapeHtmlAttr($this->info['altimage']) ?>" width="150px" class="alignleft recordcover"/>
<? endif; ?>
<?=preg_replace('/___baseurl___/', $this->url('search-results'), $this->info['description']) ?>
- <div class="providerLink"><a class="wikipedia" href="http://<?=$this->info['wiki_lang'] ?>.wikipedia.org/wiki/<?=$this->escapeHtml($this->info['name']/*url*/) ?>" target="new"><?=$this->transEsc('wiki_link') ?></a></div>
+ <div class="providerLink"><a class="wikipedia" href="http://<?=$this->info['wiki_lang'] ?>.wikipedia.org/wiki/<?=$this->escapeHtmlAttr($this->info['name']/*url*/) ?>" target="new"><?=$this->transEsc('wiki_link') ?></a></div>
<div class="clear"></div>
</div>
diff --git a/themes/blueprint/templates/Recommend/CollectionSideFacets.phtml b/themes/blueprint/templates/Recommend/CollectionSideFacets.phtml
index 2bd168e5ab4..6eb163b306a 100644
--- a/themes/blueprint/templates/Recommend/CollectionSideFacets.phtml
+++ b/themes/blueprint/templates/Recommend/CollectionSideFacets.phtml
@@ -22,10 +22,10 @@
<dt><?=$this->transEsc('Keyword Filter')?></dt>
<dd style="padding: 0">
<form method="get" action="" name="keywordFilterForm" id="keywordFilterForm" class="keywordFilterForm">
- <input id="keywordFilter_lookfor" type="text" name="lookfor" size="27" value="<?=$this->escapeHtml($keywordFilter)?>"/>
+ <input id="keywordFilter_lookfor" type="text" name="lookfor" size="27" value="<?=$this->escapeHtmlAttr($keywordFilter)?>"/>
<? foreach ($this->recommend->getResults()->getParams()->getFilterList(true) as $field => $filters): ?>
<? foreach ($filters as $filter): ?>
- <input type="hidden" name="filter[]" value="<?=$this->escapeHtml($filter['field'])?>:"<?=$this->escapeHtml($filter['value'])?>"" />
+ <input type="hidden" name="filter[]" value="<?=$this->escapeHtmlAttr($filter['field'])?>:"<?=$this->escapeHtmlAttr($filter['value'])?>"" />
<? endforeach; ?>
<? endforeach; ?>
<input type="submit" name="submit" value="<?=$this->transEsc('Set')?>"/>
diff --git a/themes/blueprint/templates/Recommend/EuropeanaResults.phtml b/themes/blueprint/templates/Recommend/EuropeanaResults.phtml
index c48c7a8cf10..dee1a15902b 100644
--- a/themes/blueprint/templates/Recommend/EuropeanaResults.phtml
+++ b/themes/blueprint/templates/Recommend/EuropeanaResults.phtml
@@ -12,9 +12,9 @@
<li class="suggestedResult <? (++$i % 2) ? 'alt ' : ''?>record<?=$i?>">
<div class="resultitem">
<? if (isset($work['enclosure'])): ?>
- <span class="europeanaImg"><img src="<?=$this->escapeHtml($work['enclosure'])?>" id="europeanaImage<?=$this->escapeHtml($workKey)?>" style="display: none;" class="europeanaImage" onload="document.getElementById('europeanaImage<?=$this->escapeHtml($workKey)?>').style.display = 'inline';"/></span>
+ <span class="europeanaImg"><img src="<?=$this->escapeHtmlAttr($work['enclosure'])?>" id="europeanaImage<?=$this->escapeHtmlAttr($workKey)?>" style="display: none;" class="europeanaImage" onload="document.getElementById('europeanaImage<?=$this->escapeHtmlAttr($workKey)?>').style.display = 'inline';"/></span>
<? endif; ?>
- <a href="<?=$this->escapeHtml($work['link'])?>" target="_blank">
+ <a href="<?=$this->escapeHtmlAttr($work['link'])?>" target="_blank">
<span><?=$this->escapeHtml($this->truncate($work['title'], 90))?></span>
</a>
<div class="clearer"></div>
@@ -22,7 +22,7 @@
<? endforeach; ?>
</ul>
<p class="olSubjectMore">
- <a href="<?=$this->escapeHtml($data['sourceLink'])?>" title="<?=$this->escapeHtml($data['feedTitle'])?>" target="_blank">
+ <a href="<?=$this->escapeHtmlAttr($data['sourceLink'])?>" title="<?=$this->escapeHtmlAttr($data['feedTitle'])?>" target="_blank">
<?=$this->transEsc('more')?>...
</a>
</p>
diff --git a/themes/blueprint/templates/Recommend/OpenLibrarySubjects.phtml b/themes/blueprint/templates/Recommend/OpenLibrarySubjects.phtml
index d070a96b098..540a990f1fc 100644
--- a/themes/blueprint/templates/Recommend/OpenLibrarySubjects.phtml
+++ b/themes/blueprint/templates/Recommend/OpenLibrarySubjects.phtml
@@ -8,9 +8,9 @@
<a href="http://openlibrary.org<?=$work['key']?>" title="<?=$this->transEsc('Get full text')?>" target="_blank">
<span class="olSubjectCover">
<? if (isset($work['cover_id']) && !empty($work['cover_id'])): ?>
- <img src="http://covers.openlibrary.org/b/<?=$this->escapeHtml($work['cover_id_type'])?>/<?=$this->escapeHtml($work['cover_id'])?>-S.jpg" class="olSubjectImage" alt="<?=$this->escapeHtml($work['title'])?>" />
+ <img src="http://covers.openlibrary.org/b/<?=$this->escapeHtmlAttr($work['cover_id_type'])?>/<?=$this->escapeHtmlAttr($work['cover_id'])?>-S.jpg" class="olSubjectImage" alt="<?=$this->escapeHtmlAttr($work['title'])?>" />
<? else: ?>
- <img src="<?=$this->imageLink('noCover2.gif')?>" class="olSubjectImage" alt="<?=$this->escapeHtml($work['title'])?>" />
+ <img src="<?=$this->imageLink('noCover2.gif')?>" class="olSubjectImage" alt="<?=$this->escapeHtmlAttr($work['title'])?>" />
<? endif; ?>
</span>
<span><?=$this->escapeHtml($this->truncate($work['title'], 50))?></span>
diff --git a/themes/blueprint/templates/Recommend/RandomRecommend.phtml b/themes/blueprint/templates/Recommend/RandomRecommend.phtml
index c66550b9947..2cfc3e9854a 100644
--- a/themes/blueprint/templates/Recommend/RandomRecommend.phtml
+++ b/themes/blueprint/templates/Recommend/RandomRecommend.phtml
@@ -12,11 +12,11 @@
<? $smallThumb = $this->record($driver)->getThumbnail('small'); $mediumThumb = $this->record($driver)->getThumbnail('medium'); ?>
<? if ($smallThumb): ?>
<a href="<?=$this->recordLink()->getUrl($driver)?>">
- <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtml($smallThumb);?>"/>
+ <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtmlAttr($smallThumb);?>"/>
</a>
<?elseif($mediumThumb):?>
<a href="<?=$this->recordLink()->getUrl($driver)?>">
- <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtml($mediumThumb);?>"/>
+ <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtmlAttr($mediumThumb);?>"/>
</a>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="recordcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
diff --git a/themes/blueprint/templates/Recommend/SideFacets.phtml b/themes/blueprint/templates/Recommend/SideFacets.phtml
index b73a7bcd11f..e0eec75f487 100644
--- a/themes/blueprint/templates/Recommend/SideFacets.phtml
+++ b/themes/blueprint/templates/Recommend/SideFacets.phtml
@@ -4,10 +4,10 @@
<? $checkboxFilters = $results->getParams()->getCheckboxFacets(); if (count($checkboxFilters) > 0): ?>
<? foreach ($checkboxFilters as $current): ?>
<div class="checkboxFilter<?=($results->getResultTotal() < 1 && !$current['selected'] && !$current['alwaysVisible']) ? ' hide' : ''?>">
- <input type="checkbox" name="filter[]" value="<?=$this->escapeHtml($current['filter'])?>"
- <?=$current['selected'] ? 'checked="checked"' : ''?> id="<?=$this->escapeHtml(str_replace(' ', '', $current['desc']))?>"
+ <input type="checkbox" name="filter[]" value="<?=$this->escapeHtmlAttr($current['filter'])?>"
+ <?=$current['selected'] ? 'checked="checked"' : ''?> id="<?=$this->escapeHtmlAttr(str_replace(' ', '', $current['desc']))?>"
onclick="document.location.href='<?=$current['selected'] ? $results->getUrlQuery()->removeFilter($current['filter']) : $results->getUrlQuery()->addFilter($current['filter'])?>';" />
- <label for="<?=$this->escapeHtml(str_replace(' ', '', $current['desc']))?>"><?=$this->transEsc($current['desc'])?></label>
+ <label for="<?=$this->escapeHtmlAttr(str_replace(' ', '', $current['desc']))?>"><?=$this->transEsc($current['desc'])?></label>
</div>
<? endforeach; ?>
<? endif; ?>
@@ -47,27 +47,27 @@
<? if ($rangeFacets[$title]['type'] == 'date'): ?>
<? /* Load the publication date slider UI widget */ $this->headScript()->appendFile('pubdate_slider.js'); ?>
<? endif; ?>
- <form action="" name="<?=$this->escapeHtml($title)?>Filter" id="<?=$this->escapeHtml($title)?>Filter">
+ <form action="" name="<?=$this->escapeHtmlAttr($title)?>Filter" id="<?=$this->escapeHtmlAttr($title)?>Filter">
<?=$results->getUrlQuery()->asHiddenFields(array('page' => '/./', 'filter' => "/^{$title}:.*/"))?>
- <input type="hidden" name="<?=$this->escapeHtml($rangeFacets[$title]['type'])?>range[]" value="<?=$this->escapeHtml($title)?>"/>
- <fieldset class="publishDateLimit" id="<?=$this->escapeHtml($title)?>">
+ <input type="hidden" name="<?=$this->escapeHtmlAttr($rangeFacets[$title]['type'])?>range[]" value="<?=$this->escapeHtmlAttr($title)?>"/>
+ <fieldset class="publishDateLimit" id="<?=$this->escapeHtmlAttr($title)?>">
<legend><?=$this->transEsc($cluster['label'])?></legend>
- <label for="<?=$this->escapeHtml($title)?>from"><?=$this->transEsc('date_from')?>:</label>
- <input type="text" size="4" maxlength="4" class="yearbox" name="<?=$this->escapeHtml($title)?>from" id="<?=$this->escapeHtml($title)?>from" value="<?=isset($rangeFacets[$title]['values'][0])?$this->escapeHtml($rangeFacets[$title]['values'][0]):''?>" />
- <label for="<?=$this->escapeHtml($title)?>to"><?=$this->transEsc('date_to')?>:</label>
- <input type="text" size="4" maxlength="4" class="yearbox" name="<?=$this->escapeHtml($title)?>to" id="<?=$this->escapeHtml($title)?>to" value="<?=isset($rangeFacets[$title]['values'][1])?$this->escapeHtml($rangeFacets[$title]['values'][1]):''?>" />
- <div id="<?=$this->escapeHtml($title)?>Slider" class="<?=$this->escapeHtml($rangeFacets[$title]['type'])?>Slider"></div>
- <input type="submit" value="<?=$this->transEsc('Set')?>" id="<?=$this->escapeHtml($title)?>goButton"/>
+ <label for="<?=$this->escapeHtmlAttr($title)?>from"><?=$this->transEsc('date_from')?>:</label>
+ <input type="text" size="4" maxlength="4" class="yearbox" name="<?=$this->escapeHtmlAttr($title)?>from" id="<?=$this->escapeHtmlAttr($title)?>from" value="<?=isset($rangeFacets[$title]['values'][0])?$this->escapeHtmlAttr($rangeFacets[$title]['values'][0]):''?>" />
+ <label for="<?=$this->escapeHtmlAttr($title)?>to"><?=$this->transEsc('date_to')?>:</label>
+ <input type="text" size="4" maxlength="4" class="yearbox" name="<?=$this->escapeHtmlAttr($title)?>to" id="<?=$this->escapeHtmlAttr($title)?>to" value="<?=isset($rangeFacets[$title]['values'][1])?$this->escapeHtmlAttr($rangeFacets[$title]['values'][1]):''?>" />
+ <div id="<?=$this->escapeHtmlAttr($title)?>Slider" class="<?=$this->escapeHtmlAttr($rangeFacets[$title]['type'])?>Slider"></div>
+ <input type="submit" value="<?=$this->transEsc('Set')?>" id="<?=$this->escapeHtmlAttr($title)?>goButton"/>
</fieldset>
</form>
<? else: ?>
<dl class="narrowList navmenu<? if(!in_array($title, $collapsedFacets)): ?> open<? endif ?>">
- <dt class="facet_<?=$this->escapeHtml($title)?>"><?=$this->transEsc($cluster['label'])?></dt>
+ <dt class="facet_<?=$this->escapeHtmlAttr($title)?>"><?=$this->transEsc($cluster['label'])?></dt>
<? $i = 0; foreach ($cluster['list'] as $thisFacet): ?>
<? if (++$i == 6): ?>
- <dd id="more<?=$this->escapeHtml($title)?>"><a href="#" onclick="moreFacets('<?=$this->escapeHtml($title)?>'); return false;"><?=$this->transEsc('more')?> ...</a></dd>
+ <dd id="more<?=$this->escapeHtmlAttr($title)?>"><a href="#" onclick="moreFacets('<?=$this->escapeHtmlAttr($title)?>'); return false;"><?=$this->transEsc('more')?> ...</a></dd>
</dl>
- <dl class="narrowList navmenu offscreen<? if(!in_array($title, $collapsedFacets)): ?> open<? endif ?>" id="narrowGroupHidden_<?=$this->escapeHtml($title)?>">
+ <dl class="narrowList navmenu offscreen<? if(!in_array($title, $collapsedFacets)): ?> open<? endif ?>" id="narrowGroupHidden_<?=$this->escapeHtmlAttr($title)?>">
<? endif; ?>
<? if ($thisFacet['isApplied']): ?>
<dd class="facet<?=$thisFacet['operator'] ?> applied"<? if($thisFacet['operator'] == 'OR'): ?> href="<?=$this->currentPath().$results->getUrlQuery()->removeFacet($title, $thisFacet['value'], true, $thisFacet['operator']) ?>"<? endif ?>><?=$this->escapeHtml($thisFacet['displayText'])?> <img src="<?=$this->imageLink('silk/tick.png')?>" alt="Selected"/></dd>
@@ -80,7 +80,7 @@
</dd>
<? endif; ?>
<? endforeach; ?>
- <? if ($i > 5): ?><dd><a href="#" onclick="lessFacets('<?=$this->escapeHtml($title)?>'); return false;"><?=$this->transEsc('less')?> ...</a></dd><? endif; ?>
+ <? if ($i > 5): ?><dd><a href="#" onclick="lessFacets('<?=$this->escapeHtmlAttr($title)?>'); return false;"><?=$this->transEsc('less')?> ...</a></dd><? endif; ?>
</dl>
<? endif; ?>
<? endforeach; ?>
diff --git a/themes/blueprint/templates/Recommend/SummonBestBets.phtml b/themes/blueprint/templates/Recommend/SummonBestBets.phtml
index 305e3afdba0..3302226bb5a 100644
--- a/themes/blueprint/templates/Recommend/SummonBestBets.phtml
+++ b/themes/blueprint/templates/Recommend/SummonBestBets.phtml
@@ -3,7 +3,7 @@
<? foreach ($summonBestBets as $current): ?>
<p>
<? if (isset($current['link']) && !empty($current['link'])):?>
- <a href="<?=$this->escapeHtml($current['link'])?>"><?=$this->escapeHtml($current['title'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($current['link'])?>"><?=$this->escapeHtml($current['title'])?></a>
<? else: ?>
<b><?=$this->escapeHtml($current['title'])?></b>
<? endif; ?>
diff --git a/themes/blueprint/templates/Recommend/SummonDatabases.phtml b/themes/blueprint/templates/Recommend/SummonDatabases.phtml
index ab16b72a737..507840f253d 100644
--- a/themes/blueprint/templates/Recommend/SummonDatabases.phtml
+++ b/themes/blueprint/templates/Recommend/SummonDatabases.phtml
@@ -2,7 +2,7 @@
<div class="authorbox">
<p><?=$this->transEsc('summon_database_recommendations')?></p>
<? foreach ($summonDatabases as $current): ?>
- <p><a href="<?=$this->escapeHtml($current['link'])?>"><?=$this->escapeHtml($current['title'])?></a><br/><?=$this->escapeHtml($current['description'])?></p>
+ <p><a href="<?=$this->escapeHtmlAttr($current['link'])?>"><?=$this->escapeHtml($current['title'])?></a><br/><?=$this->escapeHtml($current['description'])?></p>
<? endforeach; ?>
</div>
<? endif; ?>
\ No newline at end of file
diff --git a/themes/blueprint/templates/Recommend/SummonTopics.phtml b/themes/blueprint/templates/Recommend/SummonTopics.phtml
index 15f4f809525..076c8895617 100644
--- a/themes/blueprint/templates/Recommend/SummonTopics.phtml
+++ b/themes/blueprint/templates/Recommend/SummonTopics.phtml
@@ -5,7 +5,7 @@
<p>
<a href="<?=$this->url('summon-search')?>?lookfor=%22<?=urlencode($summonTopics['title'])?>%22"><?=$this->escapeHtml($summonTopics['title'])?></a><br />
<? if (isset($summonTopics['snippet'])): ?><?=$this->escapeHtml($summonTopics['snippet'])?><? endif; ?>
- <? if (isset($summonTopics['sourceLink'])): ?><a href="<?=$this->escapeHtml($summonTopics['sourceLink'])?>"><?=$this->transEsc('more')?>...</a><? endif; ?>
+ <? if (isset($summonTopics['sourceLink'])): ?><a href="<?=$this->escapeHtmlAttr($summonTopics['sourceLink'])?>"><?=$this->transEsc('more')?>...</a><? endif; ?>
</p>
<? endif; ?>
<? if (isset($summonTopics['relatedTopics']) && !empty($summonTopics['relatedTopics'])): ?>
diff --git a/themes/blueprint/templates/Recommend/WebResults.phtml b/themes/blueprint/templates/Recommend/WebResults.phtml
index 768d72c22ee..701bd836951 100644
--- a/themes/blueprint/templates/Recommend/WebResults.phtml
+++ b/themes/blueprint/templates/Recommend/WebResults.phtml
@@ -5,7 +5,7 @@
<ul class="similar">
<? foreach ($results as $driver): ?>
<li>
- <a href="<?=$this->escapeHtml($driver->getUrl())?>" class="title"><?
+ <a href="<?=$this->escapeHtmlAttr($driver->getUrl())?>" class="title"><?
$summHighlightedTitle = $driver->getHighlightedTitle();
$summTitle = $driver->getTitle();
if (!empty($summHighlightedTitle)) {
diff --git a/themes/blueprint/templates/RecordDriver/LibGuides/result-list.phtml b/themes/blueprint/templates/RecordDriver/LibGuides/result-list.phtml
index 1bd183a17da..f956d8d46df 100644
--- a/themes/blueprint/templates/RecordDriver/LibGuides/result-list.phtml
+++ b/themes/blueprint/templates/RecordDriver/LibGuides/result-list.phtml
@@ -3,7 +3,7 @@
?>
<div class="listentry span-15">
<div class="resultItemLine1">
- <a href="<?=$this->escapeHtml($url)?>" class="title"><?
+ <a href="<?=$this->escapeHtmlAttr($url)?>" class="title"><?
$summTitle = $this->driver->getTitle();
if (!empty($summTitle)) {
echo $this->escapeHtml($this->truncate($summTitle, 180));
diff --git a/themes/blueprint/templates/RecordDriver/Pazpar2/result-list.phtml b/themes/blueprint/templates/RecordDriver/Pazpar2/result-list.phtml
index e89ae99d31c..20c98d30a59 100644
--- a/themes/blueprint/templates/RecordDriver/Pazpar2/result-list.phtml
+++ b/themes/blueprint/templates/RecordDriver/Pazpar2/result-list.phtml
@@ -1,8 +1,8 @@
-<div class="result source<?=$this->escapeHtml($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
+<div class="result source<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
<div class="span-2">
<? if ($summThumb = $this->record($this->driver)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -78,7 +78,7 @@
<? endif; ?>
<? if (!is_array($urls)) $urls = array(); foreach ($urls as $current): ?>
<br/>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
<? endforeach; ?>
<? endif; ?>
@@ -95,4 +95,4 @@
<div class="clear"></div>
</div>
-<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtml($openUrl).'"></span>':''?>
+<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtmlAttr($openUrl).'"></span>':''?>
diff --git a/themes/blueprint/templates/RecordDriver/SolrDefault/collection-info.phtml b/themes/blueprint/templates/RecordDriver/SolrDefault/collection-info.phtml
index 0d43b2c810f..67d13724aec 100644
--- a/themes/blueprint/templates/RecordDriver/SolrDefault/collection-info.phtml
+++ b/themes/blueprint/templates/RecordDriver/SolrDefault/collection-info.phtml
@@ -3,8 +3,8 @@
<? $mediumThumb = $this->record($this->driver)->getThumbnail('medium'); $largeThumb = $this->record($this->driver)->getThumbnail('large'); ?>
<? if ($mediumThumb): ?>
<div class="floatright">
- <? if ($largeThumb): ?><a href="<?=$this->escapeHtml($largeThumb)?>"><? endif; ?>
- <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtml($mediumThumb);?>"/>
+ <? if ($largeThumb): ?><a href="<?=$this->escapeHtmlAttr($largeThumb)?>"><? endif; ?>
+ <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtmlAttr($mediumThumb);?>"/>
<? if ($largeThumb): ?></a><? endif; ?>
</div>
<? endif; ?>
@@ -123,7 +123,7 @@
<? $i = 0; foreach ($field as $subfield): ?>
<?=($i++ == 0) ? '' : ' > '?>
<? $subject = trim($subject . ' ' . $subfield); ?>
- <a title="<?=$this->escapeHtml($subject)?>" href="<?=$this->record($this->driver)->getLink('subject', $subject)?>" class="subjectHeading"><?=$this->escapeHtml($subfield)?></a>
+ <a title="<?=$this->escapeHtmlAttr($subject)?>" href="<?=$this->record($this->driver)->getLink('subject', $subject)?>" class="subjectHeading"><?=$this->escapeHtml($subfield)?></a>
<? endforeach; ?>
</div>
<? endforeach; ?>
@@ -141,7 +141,7 @@
<th><?=$this->transEsc('Online Access')?>: </th>
<td>
<? foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
<? endforeach; ?>
<? if ($openUrl): ?>
<?=$this->openUrl($openUrl)?><br/>
diff --git a/themes/blueprint/templates/RecordDriver/SolrDefault/core.phtml b/themes/blueprint/templates/RecordDriver/SolrDefault/core.phtml
index 0eddc23ee9c..ef274968ce5 100644
--- a/themes/blueprint/templates/RecordDriver/SolrDefault/core.phtml
+++ b/themes/blueprint/templates/RecordDriver/SolrDefault/core.phtml
@@ -146,7 +146,7 @@
<? $i = 0; foreach ($field as $subfield): ?>
<?=($i++ == 0) ? '' : ' > '?>
<? $subject = trim($subject . ' ' . $subfield); ?>
- <a title="<?=$this->escapeHtml($subject)?>" href="<?=$this->record($this->driver)->getLink('subject', $subject)?>" class="subjectHeading"><?=$this->escapeHtml($subfield)?></a>
+ <a title="<?=$this->escapeHtmlAttr($subject)?>" href="<?=$this->record($this->driver)->getLink('subject', $subject)?>" class="subjectHeading"><?=$this->escapeHtml($subfield)?></a>
<? endforeach; ?>
</div>
<? endforeach; ?>
@@ -164,7 +164,7 @@
<th><?=$this->transEsc('Online Access')?>: </th>
<td>
<? foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
<? endforeach; ?>
<? if ($openUrl): ?>
<?=$this->openUrl($openUrl)?><br/>
@@ -218,8 +218,8 @@
<? /* Display thumbnail if appropriate: */ ?>
<? $mediumThumb = $this->record($this->driver)->getThumbnail('medium'); $largeThumb = $this->record($this->driver)->getThumbnail('large'); ?>
<? if ($mediumThumb): ?>
- <? if ($largeThumb): ?><a href="<?=$this->escapeHtml($largeThumb)?>"><? endif; ?>
- <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtml($mediumThumb);?>"/>
+ <? if ($largeThumb): ?><a href="<?=$this->escapeHtmlAttr($largeThumb)?>"><? endif; ?>
+ <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtmlAttr($mediumThumb);?>"/>
<? if ($largeThumb): ?></a><? endif; ?>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="recordcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
@@ -228,7 +228,7 @@
<? /* Display qrcode if appropriate: */ ?>
<? $QRCode = $this->record($this->driver)->getQRCode("core"); ?>
<? if($QRCode): ?>
- <img alt="<?=$this->transEsc('QR Code')?>" class="qrcode" src="<?=$this->escapeHtml($QRCode);?>"/>
+ <img alt="<?=$this->transEsc('QR Code')?>" class="qrcode" src="<?=$this->escapeHtmlAttr($QRCode);?>"/>
<? endif; ?>
<? if ($this->userlist()->getMode() !== 'disabled'): ?>
diff --git a/themes/blueprint/templates/RecordDriver/SolrDefault/list-entry.phtml b/themes/blueprint/templates/RecordDriver/SolrDefault/list-entry.phtml
index 9713dace5c8..c2acdf7c1a7 100644
--- a/themes/blueprint/templates/RecordDriver/SolrDefault/list-entry.phtml
+++ b/themes/blueprint/templates/RecordDriver/SolrDefault/list-entry.phtml
@@ -10,11 +10,11 @@
$user_id = $this->user ? $this->user->id : null;
}
?>
-<div class="listentry recordId source<?=$this->escapeHtml($source)?><?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>" id="record<?=$this->escapeHtml($id)?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
+<div class="listentry recordId source<?=$this->escapeHtmlAttr($source)?><?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>" id="record<?=$this->escapeHtmlAttr($id)?>">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
<div class="span-2">
<? if ($listThumb = $this->record($this->driver)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($listThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($listThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -91,7 +91,7 @@
<? endif; ?>
<? if (!is_array($urls)) $urls = array(); foreach ($urls as $current): ?>
<br/>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
<? endforeach; ?>
<? endif; ?>
@@ -114,7 +114,7 @@
: $this->url('userList', array('id' => $list_id));
$deleteUrl .= '?delete=' . urlencode($id) . '&source=' . urlencode($source);
?>
- <a href="<?=$deleteUrl?>" title="<?=$this->transEsc('confirm_delete_brief')?>" class="delete tool source<?=$this->escapeHtml($source)?>"><?=$this->transEsc('Delete')?></a>
+ <a href="<?=$deleteUrl?>" title="<?=$this->transEsc('confirm_delete_brief')?>" class="delete tool source<?=$this->escapeHtmlAttr($source)?>"><?=$this->transEsc('Delete')?></a>
</div>
<? endif; ?>
diff --git a/themes/blueprint/templates/RecordDriver/SolrDefault/result-grid.phtml b/themes/blueprint/templates/RecordDriver/SolrDefault/result-grid.phtml
index 8f9552dbfe6..5031504dbf7 100644
--- a/themes/blueprint/templates/RecordDriver/SolrDefault/result-grid.phtml
+++ b/themes/blueprint/templates/RecordDriver/SolrDefault/result-grid.phtml
@@ -1,11 +1,11 @@
-<div class="gridRecordBox source<?=$this->escapeHtml($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
+<div class="gridRecordBox source<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
<span class="gridImageBox">
<a href="<?=$this->recordLink()->getUrl($this->driver)?>">
<? if ($summThumb = $this->record($this->driver)->getThumbnail('large')): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="gridImage" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="gridImage" alt="<?=$this->transEsc('Cover Image')?>"/>
<? elseif ($summThumb = $this->record($this->driver)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="gridImage" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="gridImage" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="gridImage" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -36,7 +36,7 @@
<? if ($this->driver->replaceURLsWithOpenURL()) $urls = array(); // clear URL list if replace setting is active ?>
<? endif; ?>
<? if (!is_array($urls)) $urls = array(); foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
<br/>
<? endforeach; ?>
<? else: ?>
@@ -47,4 +47,4 @@
</div>
</div>
-<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtml($openUrl).'"></span>':''?>
+<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtmlAttr($openUrl).'"></span>':''?>
diff --git a/themes/blueprint/templates/RecordDriver/SolrDefault/result-list.phtml b/themes/blueprint/templates/RecordDriver/SolrDefault/result-list.phtml
index 64fa8682fcd..7a6126e06ad 100644
--- a/themes/blueprint/templates/RecordDriver/SolrDefault/result-list.phtml
+++ b/themes/blueprint/templates/RecordDriver/SolrDefault/result-list.phtml
@@ -1,9 +1,9 @@
-<div class="result source<?=$this->escapeHtml($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
+<div class="result source<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
<div class="span-2">
<a href="<?=$this->recordLink()->getUrl($this->driver)?>">
<? if ($summThumb = $this->record($this->driver)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -126,7 +126,7 @@
<? endif; ?>
<? if (!is_array($urls)) $urls = array(); foreach ($urls as $current): ?>
<br/>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
<? endforeach; ?>
<? endif; ?>
@@ -148,9 +148,9 @@
// Add JS Variables for QrCode
$this->jsTranslations()->addStrings(array('qrcode_hide' => 'qrcode_hide', 'qrcode_show' => 'qrcode_show'));
?>
- <a href="<?=$this->escapeHtml($QRCode);?>" class="qrcodeLink"><?=$this->transEsc('qrcode_show')?></a>
+ <a href="<?=$this->escapeHtmlAttr($QRCode);?>" class="qrcodeLink"><?=$this->transEsc('qrcode_show')?></a>
<div class="qrcodeHolder">
- <img alt="<?=$this->transEsc('QR Code')?>" class="qrcode" src="<?=$this->escapeHtml($QRCode);?>"/>
+ <img alt="<?=$this->transEsc('QR Code')?>" class="qrcode" src="<?=$this->escapeHtmlAttr($QRCode);?>"/>
</div>
<? endif; ?>
@@ -166,7 +166,7 @@
<? $this->headScript()->appendFile('search_hierarchyTree.js'); ?>
<? foreach ($trees as $hierarchyID => $hierarchyTitle): ?>
<div class="hierarchyTreeLink">
- <input type="hidden" value="<?=$this->escapeHtml($hierarchyID)?>" class="hiddenHierarchyId" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($hierarchyID)?>" class="hiddenHierarchyId" />
<a class="hierarchyTreeLinkText" href="<?=$this->recordLink()->getTabUrl($this->driver, 'HierarchyTree')?>?hierarchy=<?=urlencode($hierarchyID)?>#tabnav" title="<?=$this->transEsc('hierarchy_tree')?>">
<?=$this->transEsc('hierarchy_view_context')?><? if (count($trees) > 1): ?>: <?=$this->escapeHtml($hierarchyTitle)?><? endif; ?>
</a>
@@ -178,4 +178,4 @@
<div class="clear"></div>
</div>
-<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtml($openUrl).'"></span>':''?>
+<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtmlAttr($openUrl).'"></span>':''?>
diff --git a/themes/blueprint/templates/RecordDriver/SolrDefault/toolbar.phtml b/themes/blueprint/templates/RecordDriver/SolrDefault/toolbar.phtml
index 21f4916fa76..59dfc5148fb 100644
--- a/themes/blueprint/templates/RecordDriver/SolrDefault/toolbar.phtml
+++ b/themes/blueprint/templates/RecordDriver/SolrDefault/toolbar.phtml
@@ -22,7 +22,7 @@
<a href="<?=$this->recordLink()->getActionUrl($this->driver, 'Export')?>" class="export exportMenu"><?=$this->transEsc('Export Record')?></a>
<ul class="menu offscreen" id="exportMenu">
<? foreach ($exportFormats as $exportFormat): ?>
- <li><a <? if ($this->export()->needsRedirect($exportFormat)): ?>target="<?=$this->escapeHtml($exportFormat)?>Main" <? endif; ?>href="<?=$this->recordLink()->getActionUrl($this->driver, 'Export')?>?style=<?=$this->escapeHtml($exportFormat)?>"><?=$this->transEsc('Export to')?> <?=$this->escapeHtml($exportFormat)?></a></li>
+ <li><a <? if ($this->export()->needsRedirect($exportFormat)): ?>target="<?=$this->escapeHtmlAttr($exportFormat)?>Main" <? endif; ?>href="<?=$this->recordLink()->getActionUrl($this->driver, 'Export')?>?style=<?=$this->escapeHtmlAttr($exportFormat)?>"><?=$this->transEsc('Export to')?> <?=$this->escapeHtml($exportFormat)?></a></li>
<? endforeach; ?>
</ul>
</li>
@@ -40,7 +40,7 @@
<? if ($cart->isActive()): ?>
<div class="cartSummary">
<form method="post" name="addForm" action="<?=$this->url('cart-home')?>">
- <input id="cartId" type="hidden" name="ids[]" value="<?=$this->escapeHtml($cartId)?>" />
+ <input id="cartId" type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($cartId)?>" />
<noscript>
<? if ($cart->contains($cartId)): ?>
<input type="submit" class="button cart bookbagDelete" name="delete" value="<?=$this->transEsc('Remove from Book Bag')?>"/>
diff --git a/themes/blueprint/templates/RecordDriver/SolrWeb/result-list.phtml b/themes/blueprint/templates/RecordDriver/SolrWeb/result-list.phtml
index ddff0daa97f..f9e9fc43193 100644
--- a/themes/blueprint/templates/RecordDriver/SolrWeb/result-list.phtml
+++ b/themes/blueprint/templates/RecordDriver/SolrWeb/result-list.phtml
@@ -3,7 +3,7 @@
?>
<div class="listentry span-15">
<div class="resultItemLine1">
- <a href="<?=$this->escapeHtml($url)?>" class="title"><?
+ <a href="<?=$this->escapeHtmlAttr($url)?>" class="title"><?
$summHighlightedTitle = $this->driver->getHighlightedTitle();
$summTitle = $this->driver->getTitle();
if (!empty($summHighlightedTitle)) {
diff --git a/themes/blueprint/templates/RecordTab/hierarchytree.phtml b/themes/blueprint/templates/RecordTab/hierarchytree.phtml
index a6db5ac829a..97a95e43759 100644
--- a/themes/blueprint/templates/RecordTab/hierarchytree.phtml
+++ b/themes/blueprint/templates/RecordTab/hierarchytree.phtml
@@ -43,8 +43,8 @@
<div id="treeSearchLimitReached"><?=$this->transEsc('tree_search_limit_reached_html', array('%%url%%' => $this->url('search-results'), '%%limit%%' => $this->tab->getSearchLimit()))?></div>
<? endif; ?>
<div id="hierarchyTree">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" class="hiddenRecordId" />
- <input type="hidden" value="<?=$this->escapeHtml($activeTree)?>" class="hiddenHierarchyId" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" class="hiddenRecordId" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($activeTree)?>" class="hiddenHierarchyId" />
<input type="hidden" value="<?=isset($this->treeContext) ? $this->treeContext : 'Record'?>" class="hiddenContext" />
<? if ($this->layout()->getTemplate() != 'layout/lightbox'): ?>
<noscript>
diff --git a/themes/blueprint/templates/RecordTab/holdingsils.phtml b/themes/blueprint/templates/RecordTab/holdingsils.phtml
index a720ed4de82..f8f5a227290 100644
--- a/themes/blueprint/templates/RecordTab/holdingsils.phtml
+++ b/themes/blueprint/templates/RecordTab/holdingsils.phtml
@@ -16,7 +16,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_holdings_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? endif; ?>
@@ -40,7 +40,7 @@
<h3><?=$this->transEsc("Internet")?></h3>
<? if (!empty($urls)): ?>
<? foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
<? endforeach; ?>
<? endif; ?>
<? if ($openUrl): ?><?=$this->openUrl($openUrl);?><? endif; ?>
@@ -120,13 +120,13 @@
<? endif; ?>
<? /* Embed item structured data: library, barcode, call number */ ?>
<? if ($row['location']): ?>
- <meta property="seller" content="<?=$this->escapeHtml($row['location'])?>" />
+ <meta property="seller" content="<?=$this->escapeHtmlAttr($row['location'])?>" />
<? endif; ?>
<? if ($row['barcode']): ?>
- <meta property="serialNumber" content="<?=$this->escapeHtml($row['barcode'])?>" />
+ <meta property="serialNumber" content="<?=$this->escapeHtmlAttr($row['barcode'])?>" />
<? endif; ?>
<? if ($row['callnumber']): ?>
- <meta property="sku" content="<?=$this->escapeHtml($row['callnumber'])?>" />
+ <meta property="sku" content="<?=$this->escapeHtmlAttr($row['callnumber'])?>" />
<? endif; ?>
<? /* Declare that the item is to be borrowed, not for sale */ ?>
<link property="businessFunction" href="http://purl.org/goodrelations/v1#LeaseOut" />
diff --git a/themes/blueprint/templates/RecordTab/holdingsworldcat.phtml b/themes/blueprint/templates/RecordTab/holdingsworldcat.phtml
index f5afadfa6fa..190e7f869c1 100644
--- a/themes/blueprint/templates/RecordTab/holdingsworldcat.phtml
+++ b/themes/blueprint/templates/RecordTab/holdingsworldcat.phtml
@@ -5,7 +5,7 @@
<tr>
<th colspan="2">
<? if (isset($holding->electronicAddress->text) && !empty($holding->electronicAddress->text)): ?>
- <a href="<?=$this->escapeHtml($holding->electronicAddress->text)?>"><?=$this->escapeHtml($holding->physicalLocation)?></a>
+ <a href="<?=$this->escapeHtmlAttr($holding->electronicAddress->text)?>"><?=$this->escapeHtml($holding->physicalLocation)?></a>
<? else: ?>
<?=$this->escapeHtml($holding->physicalLocation)?>
<? endif; ?>
diff --git a/themes/blueprint/templates/RecordTab/reviews.phtml b/themes/blueprint/templates/RecordTab/reviews.phtml
index 876bcfa52db..6ed98cb845e 100644
--- a/themes/blueprint/templates/RecordTab/reviews.phtml
+++ b/themes/blueprint/templates/RecordTab/reviews.phtml
@@ -26,7 +26,7 @@
<p class="summary">
<?=isset($review['Content']) ? $review['Content'] : ''?>
<? if ((!isset($review['Content']) || empty($review['Content'])) && isset($review['ReviewURL'])): ?>
- <a target="new" href="<?=$this->escapeHtml($review['ReviewURL'])?>"><?=$this->transEsc('Read the full review online...')?></a>
+ <a target="new" href="<?=$this->escapeHtmlAttr($review['ReviewURL'])?>"><?=$this->transEsc('Read the full review online...')?></a>
<? endif; ?>
</p>
<?=isset($review['Copyright']) ? $review['Copyright'] : ''?>
diff --git a/themes/blueprint/templates/RecordTab/usercomments.phtml b/themes/blueprint/templates/RecordTab/usercomments.phtml
index 4ca9a99b252..c2e66973e85 100644
--- a/themes/blueprint/templates/RecordTab/usercomments.phtml
+++ b/themes/blueprint/templates/RecordTab/usercomments.phtml
@@ -7,8 +7,8 @@
</ul>
<form name="commentRecord" id="commentRecord" action="<?=$this->recordLink()->getActionUrl($this->driver, 'AddComment')?>" method="post">
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>"/>
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>"/>
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>"/>
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>"/>
<label for="comment" class="offscreen"><?=$this->transEsc("Your Comment")?>:</label>
<textarea id="comment" name="comment" rows="4" cols="50" class="<?=$this->jqueryValidation(array('required'=>'This field is required'))?>"></textarea>
<br/><br/>
diff --git a/themes/blueprint/templates/admin/tags/checkbox.phtml b/themes/blueprint/templates/admin/tags/checkbox.phtml
index 35067fbf432..ee58b72a9e4 100644
--- a/themes/blueprint/templates/admin/tags/checkbox.phtml
+++ b/themes/blueprint/templates/admin/tags/checkbox.phtml
@@ -1,3 +1,3 @@
<label for="<?=$this->prefix?>checkbox_<?=$this->tag['id']?>" class="offscreen"><?=$this->transEsc('Select this tag')?></label>
-<input id="<?=$this->prefix?>checkbox_<?=$this->tag['id']?>" type="checkbox" name="ids[]" value="<?=$this->escapeHtml($this->tag['id'])?>" class="checkbox_ui"/>
-<input type="hidden" name="idsAll[]" value="<?=$this->escapeHtml($this->tag['id'])?>" />
+<input id="<?=$this->prefix?>checkbox_<?=$this->tag['id']?>" type="checkbox" name="ids[]" value="<?=$this->escapeHtmlAttr($this->tag['id'])?>" class="checkbox_ui"/>
+<input type="hidden" name="idsAll[]" value="<?=$this->escapeHtmlAttr($this->tag['id'])?>" />
diff --git a/themes/blueprint/templates/ajax/export-favorites.phtml b/themes/blueprint/templates/ajax/export-favorites.phtml
index f1c079cc620..93fb0270e37 100644
--- a/themes/blueprint/templates/ajax/export-favorites.phtml
+++ b/themes/blueprint/templates/ajax/export-favorites.phtml
@@ -1,5 +1,5 @@
<p>
- <a class="save" onclick="hideLightbox();" href="<?=$this->escapeHtml($this->url)?>"<?=$this->export()->needsRedirect($this->format) ? ' target="_blank"' : ''?>><?=
+ <a class="save" onclick="hideLightbox();" href="<?=$this->escapeHtmlAttr($this->url)?>"<?=$this->export()->needsRedirect($this->format) ? ' target="_blank"' : ''?>><?=
$this->export()->needsRedirect($this->format)
? $this->transEsc('export_redirect', array('%%service%%' => $this->translate($this->format)))
: $this->transEsc('export_download')
diff --git a/themes/blueprint/templates/ajax/resolverLinks.phtml b/themes/blueprint/templates/ajax/resolverLinks.phtml
index 3f0f3f9622b..45e4b8176ae 100644
--- a/themes/blueprint/templates/ajax/resolverLinks.phtml
+++ b/themes/blueprint/templates/ajax/resolverLinks.phtml
@@ -6,7 +6,7 @@
<? foreach ($this->electronic as $link): ?>
<li>
<? if (isset($link['href']) && !empty($link['href'])): ?>
- <a href="<?=$this->escapeHtml($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtml($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
+ <a href="<?=$this->escapeHtmlAttr($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtmlAttr($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
<? else: ?>
<?=isset($link['title'])?$this->escapeHtml($link['title']):''?> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
<? endif; ?>
@@ -22,7 +22,7 @@
<? foreach ($this->print as $link): ?>
<li>
<? if (isset($link['href']) && !empty($link['href'])): ?>
- <a href="<?=$this->escapeHtml($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtml($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
+ <a href="<?=$this->escapeHtmlAttr($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtmlAttr($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
<? else: ?>
<?=isset($link['title'])?$this->escapeHtml($link['title']):''?> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
<? endif; ?>
@@ -32,13 +32,13 @@
</div>
<? endif; ?>
<div class="openurls">
- <strong><a href="<?=$this->escapeHtml($this->openUrlBase)?>?<?=$this->escapeHtml($this->openUrl)?>"><?=$this->transEsc('More options')?></a></strong>
+ <strong><a href="<?=$this->escapeHtmlAttr($this->openUrlBase)?>?<?=$this->escapeHtmlAttr($this->openUrl)?>"><?=$this->transEsc('More options')?></a></strong>
<? if (!empty($this->services)): ?>
<ul>
<? foreach ($this->services as $link): ?>
<? if (isset($link['href']) && !empty($link['href'])): ?>
<li>
- <a href="<?=$this->escapeHtml($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtml($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a>
+ <a href="<?=$this->escapeHtmlAttr($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtmlAttr($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a>
</li>
<? endif; ?>
<? endforeach; ?>
diff --git a/themes/blueprint/templates/ajax/resultgooglemapinfo.phtml b/themes/blueprint/templates/ajax/resultgooglemapinfo.phtml
index 2a52b4d14ee..27fc94d18f7 100644
--- a/themes/blueprint/templates/ajax/resultgooglemapinfo.phtml
+++ b/themes/blueprint/templates/ajax/resultgooglemapinfo.phtml
@@ -6,7 +6,7 @@
<? $i++; ?>
<div class="mapInfoResult <? if ($i % 2 == 0): ?>alt <? endif; ?>record<?=$i ?>">
<div class="mapInfoResultThumb">
- <? if ($thumb = $this->record($record)->getThumbnail()): ?><img class="mapInfoResultThumbImg" src="<?=$this->escapeHtml($thumb) ?>" style="display:block"/><? endif; ?>
+ <? if ($thumb = $this->record($record)->getThumbnail()): ?><img class="mapInfoResultThumbImg" src="<?=$this->escapeHtmlAttr($thumb) ?>" style="display:block"/><? endif; ?>
</div>
<div class="mapInfoResultText">
diff --git a/themes/blueprint/templates/alphabrowse/home.phtml b/themes/blueprint/templates/alphabrowse/home.phtml
index ca05bc03c10..d0a304aa25c 100644
--- a/themes/blueprint/templates/alphabrowse/home.phtml
+++ b/themes/blueprint/templates/alphabrowse/home.phtml
@@ -8,11 +8,11 @@
<? ob_start(); ?>
<div class="alphaBrowsePageLinks">
<? if (isset($this->prevpage)): ?>
- <div class="alphaBrowsePrevLink"><a href="<?=$this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->prevpage))))?>">« <?=$this->transEsc('Prev')?></a></div>
+ <div class="alphaBrowsePrevLink"><a href="<?=$this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->prevpage))))?>">« <?=$this->transEsc('Prev')?></a></div>
<? endif; ?>
<? if (isset($this->nextpage)): ?>
- <div class="alphaBrowseNextLink"><a href="<?=$this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->nextpage))))?>"><?=$this->transEsc('Next')?> »</a></div>
+ <div class="alphaBrowseNextLink"><a href="<?=$this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->nextpage))))?>"><?=$this->transEsc('Next')?> »</a></div>
<? endif; ?>
<div class="clear"></div>
</div>
@@ -25,11 +25,11 @@
<label for="alphaBrowseForm_source"><?=$this->transEsc('Browse Alphabetically') ?></label>
<select id="alphaBrowseForm_source" name="source">
<? foreach ($this->alphaBrowseTypes as $key => $item): ?>
- <option value="<?=$this->escapeHtml($key) ?>"<? if ($this->source == $key): ?> selected="selected"<? endif; ?>><?=$this->transEsc($item) ?></option>
+ <option value="<?=$this->escapeHtmlAttr($key) ?>"<? if ($this->source == $key): ?> selected="selected"<? endif; ?>><?=$this->transEsc($item) ?></option>
<? endforeach; ?>
</select>
<label for="alphaBrowseForm_from"><?=$this->transEsc('starting from') ?></label>
- <input type="text" name="from" id="alphaBrowseForm_from" value="<?=$this->escapeHtml($this->from) ?>"/>
+ <input type="text" name="from" id="alphaBrowseForm_from" value="<?=$this->escapeHtmlAttr($this->from) ?>"/>
<input type="submit" value="<?=$this->transEsc('Browse') ?>"/>
</form>
</div>
@@ -40,8 +40,8 @@
<div class="alphaBrowseHeader"><?=$this->transEsc("alphabrowse_matches") ?></div>
<? foreach ($this->result['Browse']['items'] as $i => $item): ?>
- <div class="alphaBrowseEntry<? if ($i%2==1): echo ' alt'; endif; ?> alphaBrowseSource_<?=$this->escapeHtml($this->source)?>">
- <div class="alphaBrowseHeading alphaBrowseHeading_<?=$this->escapeHtml($this->source)?>">
+ <div class="alphaBrowseEntry<? if ($i%2==1): echo ' alt'; endif; ?> alphaBrowseSource_<?=$this->escapeHtmlAttr($this->source)?>">
+ <div class="alphaBrowseHeading alphaBrowseHeading_<?=$this->escapeHtmlAttr($this->source)?>">
<? if ($item['count'] > 0): ?>
<?/* linking using bib ids is generally more reliable than
doing searches for headings, but headings give shorter
@@ -51,7 +51,7 @@
<? else: ?>
<? $query = array('type' => ucwords($this->source) . 'Browse', 'lookfor' => '"' . addcslashes($item['heading'], '"') . '"'); ?>
<? endif; ?>
- <a href="<?=$this->escapeHtml($this->url('search-results', array(), array('query' => $query)))?>"><?=$this->escapeHtml($item['heading'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($this->url('search-results', array(), array('query' => $query)))?>"><?=$this->escapeHtml($item['heading'])?></a>
<? else: ?>
<?=$this->escapeHtml($item['heading'])?>
<? endif; ?>
@@ -78,7 +78,7 @@
<div class="title"><?=$this->transEsc('Use instead') ?>:</div>
<ul>
<? foreach ($item['useInstead'] as $heading): ?>
- <li><a href="<?=$this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => array('from' => $heading) + $baseQuery)))?>"><?=$this->escapeHtml($heading)?></a></li>
+ <li><a href="<?=$this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => array('from' => $heading) + $baseQuery)))?>"><?=$this->escapeHtml($heading)?></a></li>
<? endforeach; ?>
</ul>
</div>
@@ -89,7 +89,7 @@
<div class="title"><?=$this->transEsc('See also') ?>:</div>
<ul>
<? foreach ($item['seeAlso'] as $heading): ?>
- <li><a href="<?=$this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => array('from' => $heading) + $baseQuery)))?>"><?=$this->escapeHtml($heading)?></a></li>
+ <li><a href="<?=$this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => array('from' => $heading) + $baseQuery)))?>"><?=$this->escapeHtml($heading)?></a></li>
<? endforeach; ?>
</ul>
</div>
diff --git a/themes/blueprint/templates/cart/email.phtml b/themes/blueprint/templates/cart/email.phtml
index 190532c02ad..33f8ca5d0ba 100644
--- a/themes/blueprint/templates/cart/email.phtml
+++ b/themes/blueprint/templates/cart/email.phtml
@@ -10,7 +10,7 @@
<form action="<?=$this->url('cart-email')?>" method="post" name="bulkEmail">
<? foreach ($this->records as $current): ?>
<strong><?=$this->transEsc('Title')?>:</strong> <?=$this->escapeHtml($current->getBreadcrumb())?><br />
- <input type="hidden" name="ids[]" value="<?=$this->escapeHtml($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
+ <input type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
<? endforeach; ?>
<br />
<label class="displayBlock" for="email_to"><?=$this->transEsc('To')?>:</label>
diff --git a/themes/blueprint/templates/cart/export-success.phtml b/themes/blueprint/templates/cart/export-success.phtml
index 64efeba9798..86854934c1d 100644
--- a/themes/blueprint/templates/cart/export-success.phtml
+++ b/themes/blueprint/templates/cart/export-success.phtml
@@ -1,2 +1,2 @@
<?=$this->transEsc('export_success')?>
-<a href="<?=$this->escapeHtml($this->url)?>" class="save"><?=$this->transEsc('export_download')?></a>
+<a href="<?=$this->escapeHtmlAttr($this->url)?>" class="save"><?=$this->transEsc('export_download')?></a>
diff --git a/themes/blueprint/templates/cart/export.phtml b/themes/blueprint/templates/cart/export.phtml
index 7080ec6b5e1..6c5da4a54b3 100644
--- a/themes/blueprint/templates/cart/export.phtml
+++ b/themes/blueprint/templates/cart/export.phtml
@@ -14,13 +14,13 @@
<form method="post" action="<?=$this->url('cart-export')?>" name="exportForm" title="<?=$this->transEsc('Export Items')?>">
<? foreach ($this->records as $current): ?>
<strong><?=$this->transEsc('Title')?>:</strong> <?=$this->escapeHtml($current->getBreadcrumb())?><br />
- <input type="hidden" name="ids[]" value="<?=$this->escapeHtml($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
+ <input type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
<? endforeach; ?>
<br />
<label for="format"><?=$this->transEsc('Format')?>:</label>
<select name="format" id="format">
<? foreach ($this->exportOptions as $exportOption): ?>
- <option value="<?=$this->escapeHtml($exportOption)?>"><?=$this->transEsc($exportOption)?></option>
+ <option value="<?=$this->escapeHtmlAttr($exportOption)?>"><?=$this->transEsc($exportOption)?></option>
<? endforeach; ?>
</select>
<br/>
diff --git a/themes/blueprint/templates/cart/save.phtml b/themes/blueprint/templates/cart/save.phtml
index e138ded47e4..7af76db68d9 100644
--- a/themes/blueprint/templates/cart/save.phtml
+++ b/themes/blueprint/templates/cart/save.phtml
@@ -15,7 +15,7 @@
<? foreach ($this->records as $current): ?>
<? $idParams[] = urlencode('ids[]') . '=' . urlencode($current->getResourceSource() . '|' . $current->getUniqueId()) ?>
<strong><?=$this->transEsc('Title')?>:</strong> <?=$this->escapeHtml($current->getBreadcrumb())?><br />
- <input type="hidden" name="ids[]" value="<?=$this->escapeHtml($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
+ <input type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
<? endforeach; ?>
<label class="displayBlock" for="save_list"><?=$this->transEsc('Choose a List') ?></label>
diff --git a/themes/blueprint/templates/collection/view.phtml b/themes/blueprint/templates/collection/view.phtml
index 9d7b7a09e44..0d1de2dfbf3 100644
--- a/themes/blueprint/templates/collection/view.phtml
+++ b/themes/blueprint/templates/collection/view.phtml
@@ -19,8 +19,8 @@
<div class="<?=$tree ? 'span-23' : $this->layoutClass('mainbody')?>">
<?=$this->record($this->driver)->getToolbar()?>
- <div class="record recordId source<?=$this->escapeHtml($this->driver->getResourceSource())?>" id="record">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" class="hiddenId" id="record_id" />
+ <div class="record recordId source<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" id="record">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" class="hiddenId" id="record_id" />
<?=$this->flashmessages()?>
<? if (isset($this->scrollData) && ($this->scrollData['previousRecord'] || $this->scrollData['nextRecord'])): ?>
<div class="resultscroller">
@@ -58,7 +58,7 @@
<?=isset($activeTabObj) ? $this->record($this->driver)->getTab($activeTabObj) : '' ?>
</div>
- <span class="Z3988" title="<?=$this->escapeHtml($this->driver->getOpenURL())?>"></span>
+ <span class="Z3988" title="<?=$this->escapeHtmlAttr($this->driver->getOpenURL())?>"></span>
</div>
<? if (!$tree): ?>
diff --git a/themes/blueprint/templates/collections/home.phtml b/themes/blueprint/templates/collections/home.phtml
index 9d388c1ed85..f2004f32abd 100644
--- a/themes/blueprint/templates/collections/home.phtml
+++ b/themes/blueprint/templates/collections/home.phtml
@@ -12,10 +12,10 @@
<? ob_start(); ?>
<div class="alphaBrowsePageLinks">
<? if (isset($prevpage)): ?>
- <div class="alphaBrowsePrevLink"><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($from)?>&page=<?=urlencode($prevpage)?><?=$this->escapeHtml($filterString)?>">« <?=$this->transEsc('Prev')?></a></div>
+ <div class="alphaBrowsePrevLink"><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($from)?>&page=<?=urlencode($prevpage)?><?=$this->escapeHtmlAttr($filterString)?>">« <?=$this->transEsc('Prev')?></a></div>
<? endif; ?>
<? if (isset($nextpage)): ?>
- <div class="alphaBrowseNextLink"><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($from)?>&page=<?=urlencode($nextpage)?><?=$this->escapeHtml($filterString)?>"><?=$this->transEsc('Next')?> »</a></div>
+ <div class="alphaBrowseNextLink"><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($from)?>&page=<?=urlencode($nextpage)?><?=$this->escapeHtmlAttr($filterString)?>"><?=$this->transEsc('Next')?> »</a></div>
<? endif; ?>
<div class="clear"></div>
</div>
@@ -34,22 +34,22 @@
}
}
?>
- <a href="<?=$this->escapeHtml($removalUrl)?>"><img src="<?=$this->imageLink('silk/delete.png')?>" alt="Delete"/></a>
- <a href="<?=$this->escapeHtml($removalUrl)?>"><?=$this->escapeHtml($filter['displayText'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($removalUrl)?>"><img src="<?=$this->imageLink('silk/delete.png')?>" alt="Delete"/></a>
+ <a href="<?=$this->escapeHtmlAttr($removalUrl)?>"><?=$this->escapeHtml($filter['displayText'])?></a>
</li>
<? endforeach; ?>
</ul>
<? endif; ?>
<div class="browseAlphabetSelector">
<? foreach ($letters as $letter): ?>
- <div class="browseAlphabetSelectorItem"><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($letter)?><?=$this->escapeHtml($filterString)?>"><?=$this->escapeHtml($letter)?></a></div>
+ <div class="browseAlphabetSelectorItem"><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($letter)?><?=$this->escapeHtmlAttr($filterString)?>"><?=$this->escapeHtml($letter)?></a></div>
<? endforeach; ?>
</div>
<div class="browseJumpTo">
<form method="GET" action="<?=$this->url('collections-home')?>" class="browseForm">
<input type="submit" value="<?=$this->transEsc('Jump to')?>" />
- <input type="text" name="from" value="<?=$this->escapeHtml($from)?>" />
+ <input type="text" name="from" value="<?=$this->escapeHtmlAttr($from)?>" />
</form>
</div>
diff --git a/themes/blueprint/templates/confirm/confirm.phtml b/themes/blueprint/templates/confirm/confirm.phtml
index 7e814bb5e58..6731c009c40 100644
--- a/themes/blueprint/templates/confirm/confirm.phtml
+++ b/themes/blueprint/templates/confirm/confirm.phtml
@@ -4,21 +4,21 @@
<?=$this->flashmessages();?>
<div id="popupDetails" class="confirmDialog">
- <form action="<?=$this->escapeHtml($this->confirm)?>" method="post">
+ <form action="<?=$this->escapeHtmlAttr($this->confirm)?>" method="post">
<? if (isset($this->extras)): ?>
<? foreach ($this->extras as $extra=>$value): ?>
<? if (is_array($value)): ?>
<? foreach ($value as $current): ?>
- <input type="hidden" name="<?=$this->escapeHtml($extra) ?>[]" value="<?=$this->escapeHtml($current) ?>" />
+ <input type="hidden" name="<?=$this->escapeHtmlAttr($extra) ?>[]" value="<?=$this->escapeHtmlAttr($current) ?>" />
<? endforeach; ?>
<? else: ?>
- <input type="hidden" name="<?=$this->escapeHtml($extra) ?>" value="<?=$this->escapeHtml($value) ?>" />
+ <input type="hidden" name="<?=$this->escapeHtmlAttr($extra) ?>" value="<?=$this->escapeHtmlAttr($value) ?>" />
<? endif; ?>
<? endforeach; ?>
<? endif;?>
<input type="submit" name="confirm" value="<?=$this->transEsc('confirm_dialog_yes') ?>" />
</form>
- <form action="<?=$this->escapeHtml($this->cancel) ?>" method="post">
+ <form action="<?=$this->escapeHtmlAttr($this->cancel) ?>" method="post">
<input type="submit" name="cancel" value="<?=$this->transEsc('confirm_dialog_no') ?>" />
</form>
<div class="clearer"></div>
diff --git a/themes/blueprint/templates/error/index.phtml b/themes/blueprint/templates/error/index.phtml
index 346120b6cc4..56cc0eebd6a 100644
--- a/themes/blueprint/templates/error/index.phtml
+++ b/themes/blueprint/templates/error/index.phtml
@@ -8,7 +8,7 @@
<p>
<?=$this->transEsc('Please contact the Library Reference Department for assistance')?>
<br/>
- <? $supportEmail = $this->escapeHtml($this->systememail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systememail()); ?>
<a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a>
</p>
</div>
diff --git a/themes/blueprint/templates/header.phtml b/themes/blueprint/templates/header.phtml
index 556846dbfb0..52bba0e2114 100644
--- a/themes/blueprint/templates/header.phtml
+++ b/themes/blueprint/templates/header.phtml
@@ -26,7 +26,7 @@
<label for="themeForm_ui"><?=$this->transEsc("Theme")?>:</label>
<select id="themeForm_ui" name="ui" class="jumpMenu">
<? foreach ($this->layout()->themeOptions as $current): ?>
- <option value="<?=$this->escapeHtml($current['name'])?>"<?=$current['selected'] ? ' selected="selected"' : ''?>><?=$this->transEsc($current['desc'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($current['name'])?>"<?=$current['selected'] ? ' selected="selected"' : ''?>><?=$this->transEsc($current['desc'])?></option>
<? endforeach; ?>
</select>
<noscript><input type="submit" value="<?=$this->transEsc("Set")?>" /></noscript>
diff --git a/themes/blueprint/templates/install/fixdatabase.phtml b/themes/blueprint/templates/install/fixdatabase.phtml
index c03ba347db4..ed5d0896d44 100644
--- a/themes/blueprint/templates/install/fixdatabase.phtml
+++ b/themes/blueprint/templates/install/fixdatabase.phtml
@@ -15,12 +15,12 @@
<table>
<tbody>
<tr><td>Select database type: </td><td><select name="driver"><option value="mysql">MySQL</option><option <? if ($driver == 'pgsql'): ?>selected="selected" <? endif; ?>value="pgsql">PostgreSQL</option></select></td></tr>
- <tr><td>New database name: </td><td><input type="text" name="dbname" value="<?=$this->escapeHtml($this->dbname)?>"/></td></tr>
- <tr><td>New database user: </td><td><input type="text" name="dbuser" value="<?=$this->escapeHtml($this->dbuser)?>"/></td></tr>
+ <tr><td>New database name: </td><td><input type="text" name="dbname" value="<?=$this->escapeHtmlAttr($this->dbname)?>"/></td></tr>
+ <tr><td>New database user: </td><td><input type="text" name="dbuser" value="<?=$this->escapeHtmlAttr($this->dbuser)?>"/></td></tr>
<tr><td>New user password: </td><td><input type="password" name="dbpass" value=""/></td></tr>
<tr><td>Confirm new user password: </td><td><input type="password" name="dbpassconfirm" value=""/></td></tr>
- <tr><td>SQL Host: </td><td><input type="text" name="dbhost" value="<?=$this->escapeHtml($this->dbhost)?>"/></td></tr>
- <tr><td>SQL Root User: </td><td><input type="text" name="dbrootuser" value="<?=$this->escapeHtml($this->dbrootuser)?>"/></td></tr>
+ <tr><td>SQL Host: </td><td><input type="text" name="dbhost" value="<?=$this->escapeHtmlAttr($this->dbhost)?>"/></td></tr>
+ <tr><td>SQL Root User: </td><td><input type="text" name="dbrootuser" value="<?=$this->escapeHtmlAttr($this->dbrootuser)?>"/></td></tr>
<tr><td>SQL Root Password: </td><td><input type="password" name="dbrootpass" value=""/></td></tr>
<tr><td width="50%"></td><td><input type="submit" name="submit" value="<?=$this->transEsc('Submit') ?>" /></td></tr>
<tr><td>If you don't have the credentials or you wish to print the SQL out :</td><td>Click here to <input type="submit" name="printsql" value="Skip" /> credentials.</td></tr>
diff --git a/themes/blueprint/templates/install/fixils.phtml b/themes/blueprint/templates/install/fixils.phtml
index 89db3d57d62..0897324422e 100644
--- a/themes/blueprint/templates/install/fixils.phtml
+++ b/themes/blueprint/templates/install/fixils.phtml
@@ -16,7 +16,7 @@
Pick a driver:
<select name="driver">
<? foreach ($this->drivers as $driver): ?>
- <option value="<?=$this->escapeHtml($driver)?>"><?=$this->escapeHtml($driver)?></option>
+ <option value="<?=$this->escapeHtmlAttr($driver)?>"><?=$this->escapeHtml($driver)?></option>
<? endforeach; ?>
</select>
<input type="submit"/>
diff --git a/themes/blueprint/templates/install/fixsolr.phtml b/themes/blueprint/templates/install/fixsolr.phtml
index 80f93362736..6e6c7e7be77 100644
--- a/themes/blueprint/templates/install/fixsolr.phtml
+++ b/themes/blueprint/templates/install/fixsolr.phtml
@@ -13,6 +13,6 @@
<ol>
<li>Did you start the Solr server? See <a href="http://vufind.org/wiki/starting_and_stopping_vufind">Starting and Stopping VuFind</a> in the documentation.</li>
- <li>Have you checked the Solr admin panel for errors? You may be able to find it <a href="<?=$this->escapeHtml($this->userUrl)?>">here</a>.</li>
+ <li>Have you checked the Solr admin panel for errors? You may be able to find it <a href="<?=$this->escapeHtmlAttr($this->userUrl)?>">here</a>.</li>
<li>Are you using non-default Solr settings? If your Solr URL is not <strong><?=$this->escapeHtml($this->rawUrl)?></strong> or your core name is not <strong><?=$this->escapeHtml($this->core)?></strong>, you will need to customize the [Index] section of <?=$this->escapeHtml($this->configFile)?>.</li>
</ol>
\ No newline at end of file
diff --git a/themes/blueprint/templates/layout/layout.phtml b/themes/blueprint/templates/layout/layout.phtml
index 5ec2c3c5bb9..98e4bd09e93 100644
--- a/themes/blueprint/templates/layout/layout.phtml
+++ b/themes/blueprint/templates/layout/layout.phtml
@@ -74,7 +74,7 @@
</head>
<body>
<? if ($mobileViewLink = $this->mobileUrl()): // display 'return to mobile' link when applicable ?>
- <div class="mobileViewLink"><a href="<?=$this->escapeHtml($mobileViewLink)?>"><?=$this->transEsc("mobile_link")?></a></div>
+ <div class="mobileViewLink"><a href="<?=$this->escapeHtmlAttr($mobileViewLink)?>"><?=$this->transEsc("mobile_link")?></a></div>
<? endif; ?>
<div class="container">
<div class="header">
diff --git a/themes/blueprint/templates/myresearch/cataloglogin.phtml b/themes/blueprint/templates/myresearch/cataloglogin.phtml
index da71a03c082..ddd308f2320 100644
--- a/themes/blueprint/templates/myresearch/cataloglogin.phtml
+++ b/themes/blueprint/templates/myresearch/cataloglogin.phtml
@@ -15,7 +15,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_login_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? else: ?>
diff --git a/themes/blueprint/templates/myresearch/checkedout.phtml b/themes/blueprint/templates/myresearch/checkedout.phtml
index f4ca98331fc..87aedb53de7 100644
--- a/themes/blueprint/templates/myresearch/checkedout.phtml
+++ b/themes/blueprint/templates/myresearch/checkedout.phtml
@@ -31,14 +31,14 @@
<? if (isset($ilsDetails['renewable']) && $ilsDetails['renewable'] && isset($ilsDetails['renew_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $ilsDetails['renew_details']); ?>
<label for="checkbox_<?=$safeId?>" class="offscreen"><?=$this->transEsc("Select this record")?></label>
- <input type="checkbox" name="renewSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['renew_details'])?>" class="checkbox" style="margin-left: 0" id="checkbox_<?=$safeId?>" />
- <input type="hidden" name="renewAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['renew_details'])?>" />
+ <input type="checkbox" name="renewSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['renew_details'])?>" class="checkbox" style="margin-left: 0" id="checkbox_<?=$safeId?>" />
+ <input type="hidden" name="renewAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['renew_details'])?>" />
<? endif; ?>
<? endif; ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId())?>">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId())?>">
<div class="span-2">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -117,7 +117,7 @@
<div class="info"><?=$this->transEsc($ilsDetails['message'])?></div>
<? endif; ?>
<? if (isset($ilsDetails['renewable']) && $ilsDetails['renewable'] && isset($ilsDetails['renew_link'])): ?>
- <a href="<?=$this->escapeHtml($ilsDetails['renew_link'])?>"><?=$this->transEsc('renew_item')?></a>
+ <a href="<?=$this->escapeHtmlAttr($ilsDetails['renew_link'])?>"><?=$this->transEsc('renew_item')?></a>
<? endif; ?>
</div>
<div class="clear"></div>
diff --git a/themes/blueprint/templates/myresearch/delete.phtml b/themes/blueprint/templates/myresearch/delete.phtml
index f58a5c9ce4a..4530871d073 100644
--- a/themes/blueprint/templates/myresearch/delete.phtml
+++ b/themes/blueprint/templates/myresearch/delete.phtml
@@ -14,8 +14,8 @@
<br />
<input class="submit" type="submit" name="submit" value="<?=$this->transEsc('Delete')?>"/>
<? foreach ($this->deleteIDS as $deleteID): ?>
- <input type="hidden" name="ids[]" value="<?=$this->escapeHtml($deleteID)?>" />
+ <input type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($deleteID)?>" />
<? endforeach; ?>
- <input type="hidden" name="listID" value="<?=$this->list?$this->escapeHtml($this->list->id):''?>" />
+ <input type="hidden" name="listID" value="<?=$this->list?$this->escapeHtmlAttr($this->list->id):''?>" />
</div>
</form>
\ No newline at end of file
diff --git a/themes/blueprint/templates/myresearch/edit.phtml b/themes/blueprint/templates/myresearch/edit.phtml
index 1c505bcbd2b..8b53262c5f5 100644
--- a/themes/blueprint/templates/myresearch/edit.phtml
+++ b/themes/blueprint/templates/myresearch/edit.phtml
@@ -25,11 +25,11 @@
<? else: ?>
<? foreach ($this->savedData as $i=>$current): ?>
<strong><?=$this->transEsc('List') ?>: <?=$this->escapeHtml($current['listTitle'])?></strong>
- <a href="<?=$this->url('userList', array('id' => $current['listId'])) ?>?delete=<?=urlencode($this->driver->getUniqueId())?>&source=<?=urlencode($this->driver->getResourceSource())?>" id="<?=$this->escapeHtml($this->driver->getUniqueId())?>delete<?=$current['listId'] ?>" title="<?=$this->transEsc('confirm_delete')?>" class="holdCancel delete tool"></a>
+ <a href="<?=$this->url('userList', array('id' => $current['listId'])) ?>?delete=<?=urlencode($this->driver->getUniqueId())?>&source=<?=urlencode($this->driver->getResourceSource())?>" id="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>delete<?=$current['listId'] ?>" title="<?=$this->transEsc('confirm_delete')?>" class="holdCancel delete tool"></a>
<input type="hidden" name="lists[]" value="<?=$current['listId'] ?>"/>
<? if ($this->usertags()->getMode() !== 'disabled'): ?>
<label class="displayBlock" for="edit_tags<?=$current['listId'] ?>"><?=$this->transEsc('Tags') ?>:</label>
- <input id="edit_tags<?=$current['listId'] ?>" type="text" name="tags<?=$current['listId'] ?>" value="<?=$this->escapeHtml($current['tags'])?>" size="50"/>
+ <input id="edit_tags<?=$current['listId'] ?>" type="text" name="tags<?=$current['listId'] ?>" value="<?=$this->escapeHtmlAttr($current['tags'])?>" size="50"/>
<? endif; ?>
<label class="displayBlock" for="edit_notes<?=$current['listId'] ?>"><?=$this->transEsc('Notes') ?>:</label>
<textarea id="edit_notes<?=$current['listId'] ?>" class="displayBlock" name="notes<?=$current['listId'] ?>" rows="3" cols="50"><?=$this->escapeHtml($current['notes'])?></textarea>
diff --git a/themes/blueprint/templates/myresearch/holds.phtml b/themes/blueprint/templates/myresearch/holds.phtml
index 9e2f4930aa4..34d6c2be38b 100644
--- a/themes/blueprint/templates/myresearch/holds.phtml
+++ b/themes/blueprint/templates/myresearch/holds.phtml
@@ -34,13 +34,13 @@
<? if ($this->cancelForm && isset($ilsDetails['cancel_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $resource->getUniqueId()); ?>
<label for="checkbox_<?=$safeId?>" class="offscreen"><?=$this->transEsc("Select this record")?></label>
- <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" />
- <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" class="checkbox" style="margin-left:0;" id="checkbox_<?=$safeId?>" />
+ <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" />
+ <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" class="checkbox" style="margin-left:0;" id="checkbox_<?=$safeId?>" />
<? endif; ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId()) ?>">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId()) ?>">
<div class="span-2">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -126,7 +126,7 @@
<p><strong><?=$this->transEsc("hold_queue_position") ?>:</strong> <?=$this->escapeHtml($ilsDetails['position']) ?></p>
<? endif; ?>
<? if (isset($ilsDetails['cancel_link'])): ?>
- <p><a href="<?=$this->escapeHtml($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("hold_cancel") ?></a></p>
+ <p><a href="<?=$this->escapeHtmlAttr($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("hold_cancel") ?></a></p>
<? endif; ?>
</div>
diff --git a/themes/blueprint/templates/myresearch/illrequests.phtml b/themes/blueprint/templates/myresearch/illrequests.phtml
index 0abf9832132..6180be3e6b5 100644
--- a/themes/blueprint/templates/myresearch/illrequests.phtml
+++ b/themes/blueprint/templates/myresearch/illrequests.phtml
@@ -34,13 +34,13 @@
<? if ($this->cancelForm && isset($ilsDetails['cancel_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $resource->getUniqueId()); ?>
<label for="checkbox_<?=$safeId?>" class="offscreen"><?=$this->transEsc("Select this record")?></label>
- <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" />
- <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" class="checkbox" style="margin-left:0;" id="checkbox_<?=$safeId?>" />
+ <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" />
+ <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" class="checkbox" style="margin-left:0;" id="checkbox_<?=$safeId?>" />
<? endif; ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId()) ?>">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId()) ?>">
<div class="span-2">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -135,7 +135,7 @@
<div class="info"><?=$this->transEsc("ill_request_canceled") . (is_string($ilsDetails['canceled']) ? ': ' . $ilsDetails['canceled'] : '') ?></div>
<? endif; ?>
<? if (isset($ilsDetails['cancel_link'])): ?>
- <p><a href="<?=$this->escapeHtml($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("ill_request_cancel") ?></a></p>
+ <p><a href="<?=$this->escapeHtmlAttr($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("ill_request_cancel") ?></a></p>
<? endif; ?>
</div>
diff --git a/themes/blueprint/templates/myresearch/login.phtml b/themes/blueprint/templates/myresearch/login.phtml
index c3a72bc034f..9f893a08690 100644
--- a/themes/blueprint/templates/myresearch/login.phtml
+++ b/themes/blueprint/templates/myresearch/login.phtml
@@ -23,7 +23,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_login_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? endif; ?>
diff --git a/themes/blueprint/templates/myresearch/mylist.phtml b/themes/blueprint/templates/myresearch/mylist.phtml
index 6a7eb6cba1f..31cf0cf50b2 100644
--- a/themes/blueprint/templates/myresearch/mylist.phtml
+++ b/themes/blueprint/templates/myresearch/mylist.phtml
@@ -49,8 +49,8 @@
</div>
<form method="post" name="bulkActionForm" action="<?=$this->url('cart-myresearchbulk')?>">
<? if (isset($list)): ?>
- <input type="hidden" name="listID" value="<?=$this->escapeHtml($list->id)?>" />
- <input type="hidden" name="listName" value="<?=$this->escapeHtml($list->title)?>" />
+ <input type="hidden" name="listID" value="<?=$this->escapeHtmlAttr($list->id)?>" />
+ <input type="hidden" name="listName" value="<?=$this->escapeHtmlAttr($list->title)?>" />
<? endif; ?>
<?=$this->context($this)->renderInContext('myresearch/bulk-action-buttons.phtml', array('idPrefix' => '', 'list' => isset($list) ? $list : null))?>
<ul class="recordSet">
diff --git a/themes/blueprint/templates/myresearch/profile.phtml b/themes/blueprint/templates/myresearch/profile.phtml
index 4b4aa1cafc5..63a413dcc33 100644
--- a/themes/blueprint/templates/myresearch/profile.phtml
+++ b/themes/blueprint/templates/myresearch/profile.phtml
@@ -34,7 +34,7 @@
?>
<select id="home_library" name="home_library">
<? foreach ($this->pickup as $lib): ?>
- <option value="<?=$this->escapeHtml($lib['locationID'])?>"<?=($selected == $lib['locationID'])?' selected="selected"':''?>><?=$this->escapeHtml($lib['locationDisplay'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($lib['locationID'])?>"<?=($selected == $lib['locationID'])?' selected="selected"':''?>><?=$this->escapeHtml($lib['locationDisplay'])?></option>
<? endforeach; ?>
</select>
<br class="clear"/>
diff --git a/themes/blueprint/templates/myresearch/storageretrievalrequests.phtml b/themes/blueprint/templates/myresearch/storageretrievalrequests.phtml
index 8ebc07d2b42..9f99c4dbfec 100644
--- a/themes/blueprint/templates/myresearch/storageretrievalrequests.phtml
+++ b/themes/blueprint/templates/myresearch/storageretrievalrequests.phtml
@@ -34,13 +34,13 @@
<? if ($this->cancelForm && isset($ilsDetails['cancel_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $resource->getUniqueId()); ?>
<label for="checkbox_<?=$safeId?>" class="offscreen"><?=$this->transEsc("Select this record")?></label>
- <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" />
- <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" class="checkbox" style="margin-left:0;" id="checkbox_<?=$safeId?>" />
+ <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" />
+ <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" class="checkbox" style="margin-left:0;" id="checkbox_<?=$safeId?>" />
<? endif; ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId()) ?>">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId()) ?>">
<div class="span-2">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -132,7 +132,7 @@
<div class="info"><?=$this->transEsc("storage_retrieval_request_canceled") . (is_string($ilsDetails['canceled']) ? ': ' . $ilsDetails['canceled'] : '') ?></div>
<? endif; ?>
<? if (isset($ilsDetails['cancel_link'])): ?>
- <p><a href="<?=$this->escapeHtml($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("storage_retrieval_request_cancel") ?></a></p>
+ <p><a href="<?=$this->escapeHtmlAttr($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("storage_retrieval_request_cancel") ?></a></p>
<? endif; ?>
</div>
diff --git a/themes/blueprint/templates/primo/advanced.phtml b/themes/blueprint/templates/primo/advanced.phtml
index 76cc2a399d9..a9b3ebeac6d 100644
--- a/themes/blueprint/templates/primo/advanced.phtml
+++ b/themes/blueprint/templates/primo/advanced.phtml
@@ -55,19 +55,19 @@
<div class="field">
<select id="search_type<?=$i?>_<?=$j?>" name="type<?=$i?>[]">
<? foreach ($this->options->getAdvancedHandlers() as $searchVal => $searchDesc): ?>
- <option value="<?=$this->escapeHtml($searchVal)?>"<?=($currRow && $currRow->getHandler() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
+ <option value="<?=$this->escapeHtmlAttr($searchVal)?>"<?=($currRow && $currRow->getHandler() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
<? endforeach; ?>
</select>
</div>
<div class="operators">
<select id="searchForm_op<?=$i?>_<?=$j?>" name="op<?=$i?>[]">
<? foreach ($this->options->getAdvancedOperators() as $searchVal => $searchDesc): ?>
- <option value="<?=$this->escapeHtml($searchVal)?>"<?=($currRow && $currRow->getOperator() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
+ <option value="<?=$this->escapeHtmlAttr($searchVal)?>"<?=($currRow && $currRow->getOperator() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
<? endforeach; ?>
</select>
</div>
<div class="terms">
- <input id="search_lookfor<?=$i?>_<?=$j?>" type="text" value="<?=$currRow?$this->escapeHtml($currRow->getString()):''?>" size=30" name="lookfor<?=$i?>[]"/>
+ <input id="search_lookfor<?=$i?>_<?=$j?>" type="text" value="<?=$currRow?$this->escapeHtmlAttr($currRow->getString()):''?>" size=30" name="lookfor<?=$i?>[]"/>
</div>
<span class="clearer"></span>
</div>
@@ -78,7 +78,7 @@
</div>
<? $lastSort = $this->options->getLastSort(); if (!empty($lastSort)): ?>
- <input type="hidden" name="sort" value="<?=$this->escapeHtml($lastSort)?>" />
+ <input type="hidden" name="sort" value="<?=$this->escapeHtmlAttr($lastSort)?>" />
<? endif; ?>
<input type="submit" name="submit" value="<?=$this->transEsc("Find")?>"/>
</div>
@@ -93,7 +93,7 @@
<h4><?=$this->transEsc($field)?></h4>
<ul>
<? foreach ($data as $value): ?>
- <li><input type="checkbox" checked="checked" name="filter[]" value='<?=$this->escapeHtml($value['field'])?>:"<?=$this->escapeHtml($value['value'])?>"' /> <?=$this->escapeHtml($value['displayText'])?></li>
+ <li><input type="checkbox" checked="checked" name="filter[]" value='<?=$this->escapeHtmlAttr($value['field'])?>:"<?=$this->escapeHtmlAttr($value['value'])?>"' /> <?=$this->escapeHtml($value['displayText'])?></li>
<? endforeach; ?>
</ul>
</div>
diff --git a/themes/blueprint/templates/record/addtag.phtml b/themes/blueprint/templates/record/addtag.phtml
index 2ef0671e80d..221450ac054 100644
--- a/themes/blueprint/templates/record/addtag.phtml
+++ b/themes/blueprint/templates/record/addtag.phtml
@@ -10,8 +10,8 @@
<h1 class="hideinlightbox"><?=$this->transEsc('Add Tag')?></h1>
<form action="" method="post" name="tagRecord">
<input type="hidden" name="submit" value="1" />
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<label for="addtag_tag"><?=$this->transEsc("Tags")?>:</label>
<input id="addtag_tag" type="text" name="tag" value="" size="40" class="mainFocus <?=$this->jqueryValidation(array('required'=>'This field is required'))?>"/>
<p><?=$this->transEsc("add_tag_note")?></p>
diff --git a/themes/blueprint/templates/record/checkbox.phtml b/themes/blueprint/templates/record/checkbox.phtml
index 53a20ca3acb..edf332c2ba4 100644
--- a/themes/blueprint/templates/record/checkbox.phtml
+++ b/themes/blueprint/templates/record/checkbox.phtml
@@ -1,3 +1,3 @@
<label for="<?=$this->prefix?>checkbox_<?=$this->count?>" class="offscreen"><?=$this->transEsc('Select this record')?></label>
-<input id="<?=$this->prefix?>checkbox_<?=$this->count?>" type="checkbox" name="ids[]" value="<?=$this->escapeHtml($this->id)?>" class="checkbox_ui"/>
-<input type="hidden" name="idsAll[]" value="<?=$this->escapeHtml($this->id)?>" />
\ No newline at end of file
+<input id="<?=$this->prefix?>checkbox_<?=$this->count?>" type="checkbox" name="ids[]" value="<?=$this->escapeHtmlAttr($this->id)?>" class="checkbox_ui"/>
+<input type="hidden" name="idsAll[]" value="<?=$this->escapeHtmlAttr($this->id)?>" />
\ No newline at end of file
diff --git a/themes/blueprint/templates/record/email.phtml b/themes/blueprint/templates/record/email.phtml
index 6da616e604e..45486d7f079 100644
--- a/themes/blueprint/templates/record/email.phtml
+++ b/themes/blueprint/templates/record/email.phtml
@@ -8,8 +8,8 @@
?>
<?=$this->flashmessages()?>
<form action="" method="post" name="emailRecord">
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<label class="displayBlock" for="email_to"><?=$this->transEsc('To')?>:</label>
<input id="email_to" type="text" name="to" value="<?=isset($this->to) ? $this->to : ''?>" size="40" class="mainFocus <?=$this->jqueryValidation(array('required'=>'This field is required', 'email'=>'Email address is invalid'))?>"/>
<? if (!$this->disableFrom): ?>
diff --git a/themes/blueprint/templates/record/hold.phtml b/themes/blueprint/templates/record/hold.phtml
index 1ef581c016d..f954a4b3077 100644
--- a/themes/blueprint/templates/record/hold.phtml
+++ b/themes/blueprint/templates/record/hold.phtml
@@ -50,7 +50,7 @@
</option>
<? endif; ?>
<? foreach ($this->requestGroups as $group): ?>
- <option value="<?=$this->escapeHtml($group['id'])?>"<?=($selected == $group['id']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($group['id'])?>"<?=($selected == $group['id']) ? ' selected="selected"' : ''?>>
<?=$this->escapeHtml($group['name'])?>
</option>
<? endforeach; ?>
@@ -73,7 +73,7 @@
<span id="pickUpLocationLabel"><strong><?=$this->transEsc("pick_up_location")?>:
<noscript> (<?=$this->transEsc("Please enable JavaScript.")?>)</noscript>
</strong></span>
- <select id="pickUpLocation" name="gatheredDetails[pickUpLocation]" data-default="<?=$this->escapeHtml($selected)?>">
+ <select id="pickUpLocation" name="gatheredDetails[pickUpLocation]" data-default="<?=$this->escapeHtmlAttr($selected)?>">
<? if ($selected === false): ?>
<option value="" selected="selected">
<?=$this->transEsc('select_pickup_location')?>
@@ -89,13 +89,13 @@
</option>
<? endif; ?>
<? foreach ($this->pickup as $lib): ?>
- <option value="<?=$this->escapeHtml($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
<?=$this->escapeHtml($lib['locationDisplay'])?>
</option>
<? endforeach; ?>
</select>
<? else: ?>
- <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtml($this->defaultPickup)?>" />
+ <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtmlAttr($this->defaultPickup)?>" />
<? endif; ?>
</div>
<? endif; ?>
diff --git a/themes/blueprint/templates/record/illrequest.phtml b/themes/blueprint/templates/record/illrequest.phtml
index a1ce38fe4ad..fe0b89bd33a 100644
--- a/themes/blueprint/templates/record/illrequest.phtml
+++ b/themes/blueprint/templates/record/illrequest.phtml
@@ -24,7 +24,7 @@
<strong><?=$this->transEsc('ill_request_item')?>:</strong><br/>
<select name="gatheredDetails[itemId]">
<? foreach ($this->items as $item): ?>
- <option value="<?=$this->escapeHtml($item['id'])?>"<?=($this->gatheredDetails['itemId'] == $item['id']) ? ' selected="selected"' : ''?>><?=$this->escapeHtml($item['name'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($item['id'])?>"<?=($this->gatheredDetails['itemId'] == $item['id']) ? ' selected="selected"' : ''?>><?=$this->escapeHtml($item['name'])?></option>
<? endforeach; ?>
</select>
</div>
@@ -43,7 +43,7 @@
<strong><?=$this->transEsc("ill_request_pick_up_library")?>:</strong><br/>
<select id="pickupLibrary" name="gatheredDetails[pickUpLibrary]">
<? foreach ($this->pickupLibraries as $lib): ?>
- <option value="<?=$this->escapeHtml($lib['id'])?>"<?=(($selected === false && isset($lib['isDefault']) && $lib['isDefault']) || $selected === $lib['id']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($lib['id'])?>"<?=(($selected === false && isset($lib['isDefault']) && $lib['isDefault']) || $selected === $lib['id']) ? ' selected="selected"' : ''?>>
<?=$this->transEsc('library_' . $lib['name'], null, $lib['name'])?>
</option>
<? endforeach; ?>
@@ -80,7 +80,7 @@
<strong><?=$this->transEsc("pick_up_location")?>:</strong><br/>
<select id="pickupLocation" name="gatheredDetails[pickUpLocation]">
<? foreach ($this->pickupLocations as $loc): ?>
- <option value="<?=$this->escapeHtml($loc['id'])?>"<?=(($selected === false && isset($loc['isDefault']) && $loc['isDefault']) || $selected === $loc['id']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($loc['id'])?>"<?=(($selected === false && isset($loc['isDefault']) && $loc['isDefault']) || $selected === $loc['id']) ? ' selected="selected"' : ''?>>
<?=$this->escapeHtml($loc['name'])?>
</option>
<? endforeach; ?>
@@ -92,7 +92,7 @@
<? if (in_array("requiredByDate", $this->extraFields)): ?>
<div>
<strong><?=$this->transEsc("hold_required_by")?>: </strong>
- <div id="requiredByHolder"><input id="requiredByDate" type="text" name="gatheredDetails[requiredBy]" value="<?=(isset($this->gatheredDetails['requiredBy']) && !empty($this->gatheredDetails['requiredBy'])) ? $this->escapeHtml($this->gatheredDetails['requiredBy']) : $this->escapeHtml($this->defaultRequiredDate)?>" size="8" /> <strong>(<?=$this->dateTime()->getDisplayDateFormat()?>)</strong></div>
+ <div id="requiredByHolder"><input id="requiredByDate" type="text" name="gatheredDetails[requiredBy]" value="<?=(isset($this->gatheredDetails['requiredBy']) && !empty($this->gatheredDetails['requiredBy'])) ? $this->escapeHtmlAttr($this->gatheredDetails['requiredBy']) : $this->escapeHtmlAttr($this->defaultRequiredDate)?>" size="8" /> <strong>(<?=$this->dateTime()->getDisplayDateFormat()?>)</strong></div>
</div>
<? endif; ?>
diff --git a/themes/blueprint/templates/record/save.phtml b/themes/blueprint/templates/record/save.phtml
index b458a19620a..cb5b1be5e5d 100644
--- a/themes/blueprint/templates/record/save.phtml
+++ b/themes/blueprint/templates/record/save.phtml
@@ -9,8 +9,8 @@
<h2><?=$this->transEsc("add_favorite_prefix") ?> <?=$this->escapeHtml($this->driver->getBreadcrumb())?> <?=$this->transEsc("add_favorite_suffix") ?></h2>
<form method="post" action="" name="saveRecord">
<input type="hidden" name="submit" value="1" />
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId()) ?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId()) ?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<? if (!empty($this->containingLists)): ?>
<p><?=$this->transEsc('This item is already part of the following list/lists') ?>:</p>
<ul>
diff --git a/themes/blueprint/templates/record/sms.phtml b/themes/blueprint/templates/record/sms.phtml
index 4c575547128..e40b9b95951 100644
--- a/themes/blueprint/templates/record/sms.phtml
+++ b/themes/blueprint/templates/record/sms.phtml
@@ -8,8 +8,8 @@
?>
<?=$this->flashmessages()?>
<form method="post" action="" name="smsRecord">
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<label class="span-2" for="sms_to"><?=$this->transEsc('Number')?>:</label>
<input id="sms_to" type="text" name="to" value="<?=isset($this->to) ? $this->to : $this->transEsc('sms_phone_number')?>"
onfocus="if (this.value=='<?=$this->transEsc('sms_phone_number')?>') this.value=''"
@@ -27,7 +27,7 @@
<select id="sms_provider" name="provider" class="<?=$this->jqueryValidation(array('required'=>'This field is required'))?>">
<option selected="selected" value=""><?=$this->transEsc('Select your carrier')?></option>
<? foreach ($this->carriers as $val => $details): ?>
- <option<?=(isset($this->provider) && $val == $this->provider) ? ' selected="selected"' : ''?> value="<?=$this->escapeHtml($val)?>"><?=$this->escapeHtml($details['name'])?></option>
+ <option<?=(isset($this->provider) && $val == $this->provider) ? ' selected="selected"' : ''?> value="<?=$this->escapeHtmlAttr($val)?>"><?=$this->escapeHtml($details['name'])?></option>
<? endforeach; ?>
</select>
<br/>
diff --git a/themes/blueprint/templates/record/storageretrievalrequest.phtml b/themes/blueprint/templates/record/storageretrievalrequest.phtml
index 89748cfa63d..f52793cbe8c 100644
--- a/themes/blueprint/templates/record/storageretrievalrequest.phtml
+++ b/themes/blueprint/templates/record/storageretrievalrequest.phtml
@@ -23,9 +23,9 @@
<input type="radio" id="storageRetrievalRequestTitle" name="gatheredDetails[level]" value="title"<?=isset($this->gatheredDetails['level']) && $this->gatheredDetails['level'] == 'title' ? ' checked="checked"' : ''?>>
<strong><label for="storageRetrievalRequestTitle"><?=$this->transEsc('storage_retrieval_request_reference')?></label></strong><br/>
<div id="storageRetrievalRequestReference" class="storageRetrievalRequestReference">
- <span class="label"><?=$this->transEsc('storage_retrieval_request_volume')?>:</span> <input type="text" name="gatheredDetails[volume]" value="<?=isset($this->gatheredDetails['volume']) ? $this->escapeHtml($this->gatheredDetails['volume']) : ''?>"></input><br/>
- <span class="label"><?=$this->transEsc('storage_retrieval_request_issue')?>:</span> <input type="text" name="gatheredDetails[issue]" value="<?=isset($this->gatheredDetails['issue']) ? $this->escapeHtml($this->gatheredDetails['issue']) : ''?>"></input><br/>
- <span class="label"><?=$this->transEsc('storage_retrieval_request_year')?>:</span> <input type="text" name="gatheredDetails[year]" value="<?=isset($this->gatheredDetails['year']) ? $this->escapeHtml($this->gatheredDetails['year']) : ''?>"></input><br/>
+ <span class="label"><?=$this->transEsc('storage_retrieval_request_volume')?>:</span> <input type="text" name="gatheredDetails[volume]" value="<?=isset($this->gatheredDetails['volume']) ? $this->escapeHtmlAttr($this->gatheredDetails['volume']) : ''?>"></input><br/>
+ <span class="label"><?=$this->transEsc('storage_retrieval_request_issue')?>:</span> <input type="text" name="gatheredDetails[issue]" value="<?=isset($this->gatheredDetails['issue']) ? $this->escapeHtmlAttr($this->gatheredDetails['issue']) : ''?>"></input><br/>
+ <span class="label"><?=$this->transEsc('storage_retrieval_request_year')?>:</span> <input type="text" name="gatheredDetails[year]" value="<?=isset($this->gatheredDetails['year']) ? $this->escapeHtmlAttr($this->gatheredDetails['year']) : ''?>"></input><br/>
</div>
</div>
<? endif; ?>
@@ -33,7 +33,7 @@
<? if (in_array("requiredByDate", $this->extraFields)): ?>
<div>
<strong><?=$this->transEsc("hold_required_by")?>: </strong>
- <div id="requiredByHolder"><input id="requiredByDate" type="text" name="gatheredDetails[requiredBy]" value="<?=(isset($this->gatheredDetails['requiredBy']) && !empty($this->gatheredDetails['requiredBy'])) ? $this->escapeHtml($this->gatheredDetails['requiredBy']) : $this->escapeHtml($this->defaultRequiredDate)?>" size="8" /> <strong>(<?=$this->dateTime()->getDisplayDateFormat()?>)</strong></div>
+ <div id="requiredByHolder"><input id="requiredByDate" type="text" name="gatheredDetails[requiredBy]" value="<?=(isset($this->gatheredDetails['requiredBy']) && !empty($this->gatheredDetails['requiredBy'])) ? $this->escapeHtmlAttr($this->gatheredDetails['requiredBy']) : $this->escapeHtmlAttr($this->defaultRequiredDate)?>" size="8" /> <strong>(<?=$this->dateTime()->getDisplayDateFormat()?>)</strong></div>
</div>
<? endif; ?>
@@ -57,13 +57,13 @@
</option>
<? endif; ?>
<? foreach ($this->pickup as $lib): ?>
- <option value="<?=$this->escapeHtml($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
<?=$this->escapeHtml($lib['locationDisplay'])?>
</option>
<? endforeach; ?>
</select>
<? else: ?>
- <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtml($this->defaultPickup)?>" />
+ <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtmlAttr($this->defaultPickup)?>" />
<? endif; ?>
</div>
<? endif; ?>
diff --git a/themes/blueprint/templates/record/view.phtml b/themes/blueprint/templates/record/view.phtml
index 1a17922774f..2635c53f858 100644
--- a/themes/blueprint/templates/record/view.phtml
+++ b/themes/blueprint/templates/record/view.phtml
@@ -15,8 +15,8 @@
<div class="<?=$this->layoutClass('mainbody')?>">
<?=$this->record($this->driver)->getToolbar()?>
- <div class="record recordId source<?=$this->escapeHtml($this->driver->getResourceSource())?>" id="record">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" class="hiddenId" id="record_id" />
+ <div class="record recordId source<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" id="record">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" class="hiddenId" id="record_id" />
<?=$this->flashmessages()?>
<? if (isset($this->scrollData) && ($this->scrollData['previousRecord'] || $this->scrollData['nextRecord'])): ?>
<div class="resultscroller">
@@ -54,7 +54,7 @@
<?=isset($activeTabObj) ? $this->record($this->driver)->getTab($activeTabObj) : '' ?>
</div>
- <span class="Z3988" title="<?=$this->escapeHtml($this->driver->getOpenURL())?>"></span>
+ <span class="Z3988" title="<?=$this->escapeHtmlAttr($this->driver->getOpenURL())?>"></span>
</div>
<div class="<?=$this->layoutClass('sidebar')?>">
diff --git a/themes/blueprint/templates/search/advanced/checkbox-filters.phtml b/themes/blueprint/templates/search/advanced/checkbox-filters.phtml
index 1eba661ad22..972b1f017ba 100644
--- a/themes/blueprint/templates/search/advanced/checkbox-filters.phtml
+++ b/themes/blueprint/templates/search/advanced/checkbox-filters.phtml
@@ -3,8 +3,8 @@
<fieldset>
<? foreach ($this->checkboxFacets as $current): ?>
<div class="checkboxFilter">
- <input type="checkbox" name="filter[]" value="<?=$this->escapeHtml($current['filter'])?>" id="<?=$this->escapeHtml(str_replace(' ', '', $current['desc']))?>" <? if ($current['selected']): ?>checked="checked" <? endif; ?> />
- <label for="<?=$this->escapeHtml(str_replace(' ', '', $current['desc']))?>"><?=$this->transEsc($current['desc'])?></label>
+ <input type="checkbox" name="filter[]" value="<?=$this->escapeHtmlAttr($current['filter'])?>" id="<?=$this->escapeHtmlAttr(str_replace(' ', '', $current['desc']))?>" <? if ($current['selected']): ?>checked="checked" <? endif; ?> />
+ <label for="<?=$this->escapeHtmlAttr(str_replace(' ', '', $current['desc']))?>"><?=$this->transEsc($current['desc'])?></label>
</div>
<? endforeach; ?>
</fieldset>
diff --git a/themes/blueprint/templates/search/advanced/layout.phtml b/themes/blueprint/templates/search/advanced/layout.phtml
index d7ad979a757..abcd8b1cded 100644
--- a/themes/blueprint/templates/search/advanced/layout.phtml
+++ b/themes/blueprint/templates/search/advanced/layout.phtml
@@ -74,7 +74,7 @@
<?
$options = array('AND', 'OR', 'NOT');
foreach ($options as $option) {
- echo '<option value="' . $this->escapeHtml($option) . '"';
+ echo '<option value="' . $this->escapeHtmlAttr($option) . '"';
if ($groups && isset($groups[$i])) {
$operator = $groups[$i]->isNegated() ? 'NOT' : $groups[$i]->getOperator();
if ($operator == $option) {
@@ -106,13 +106,13 @@
<label <?=($j > 0)?'class="offscreen" ':''?>for="search_lookfor<?=$i?>_<?=$j?>"><?=$this->transEsc("adv_search_label")?>:</label>
</div>
<div class="terms">
- <input id="search_lookfor<?=$i?>_<?=$j?>" type="text" value="<?=$currRow?$this->escapeHtml($currRow->getString()):''?>" size="50" name="lookfor<?=$i?>[]"/>
+ <input id="search_lookfor<?=$i?>_<?=$j?>" type="text" value="<?=$currRow?$this->escapeHtmlAttr($currRow->getString()):''?>" size="50" name="lookfor<?=$i?>[]"/>
</div>
<div class="field">
<label for="search_type<?=$i?>_<?=$j?>"><?=$this->transEsc("in")?></label>
<select id="search_type<?=$i?>_<?=$j?>" name="type<?=$i?>[]">
<? foreach ($this->options->getAdvancedHandlers() as $searchVal => $searchDesc): ?>
- <option value="<?=$this->escapeHtml($searchVal)?>"<?=($currRow && $currRow->getHandler() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
+ <option value="<?=$this->escapeHtmlAttr($searchVal)?>"<?=($currRow && $currRow->getHandler() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
<? endforeach; ?>
</select>
</div>
@@ -130,7 +130,7 @@
<br/><br/>
<? $lastSort = $this->options->getLastSort(); if (!empty($lastSort)): ?>
- <input type="hidden" name="sort" value="<?=$this->escapeHtml($lastSort)?>" />
+ <input type="hidden" name="sort" value="<?=$this->escapeHtmlAttr($lastSort)?>" />
<? endif; ?>
<input type="submit" name="submit" value="<?=$this->transEsc("Find")?>"/>
<? if (isset($this->extraAdvancedControls)): ?>
@@ -152,7 +152,7 @@
<h4><?=$this->transEsc($field)?></h4>
<ul>
<? foreach ($data as $value): ?>
- <li><input type="checkbox" checked="checked" name="filter[]" value='<?=$this->escapeHtml($value['field'])?>:"<?=$this->escapeHtml($value['value'])?>"' /> <?=$this->escapeHtml($value['displayText'])?></li>
+ <li><input type="checkbox" checked="checked" name="filter[]" value='<?=$this->escapeHtmlAttr($value['field'])?>:"<?=$this->escapeHtmlAttr($value['value'])?>"' /> <?=$this->escapeHtml($value['displayText'])?></li>
<? endforeach; ?>
</ul>
</div>
diff --git a/themes/blueprint/templates/search/advanced/limit.phtml b/themes/blueprint/templates/search/advanced/limit.phtml
index 03e74bf0c92..f9c9ccbebc8 100644
--- a/themes/blueprint/templates/search/advanced/limit.phtml
+++ b/themes/blueprint/templates/search/advanced/limit.phtml
@@ -11,7 +11,7 @@
<legend><?=$this->transEsc('Results per page')?></legend>
<select id="limit" name="limit">
<? foreach ($limitList as $limitVal): ?>
- <option value="<?=$this->escapeHtml($limitVal)?>"<?=($limitVal == $defaultLimit) ? 'selected="selected"' : ''?>><?=$this->escapeHtml($limitVal)?></option>
+ <option value="<?=$this->escapeHtmlAttr($limitVal)?>"<?=($limitVal == $defaultLimit) ? 'selected="selected"' : ''?>><?=$this->escapeHtml($limitVal)?></option>
<? endforeach; ?>
</select>
</fieldset>
diff --git a/themes/blueprint/templates/search/advanced/ranges.phtml b/themes/blueprint/templates/search/advanced/ranges.phtml
index 74d7240a09d..242dbe92308 100644
--- a/themes/blueprint/templates/search/advanced/ranges.phtml
+++ b/themes/blueprint/templates/search/advanced/ranges.phtml
@@ -1,17 +1,17 @@
<? if (isset($this->ranges) && !empty($this->ranges)): ?>
<? $params = $this->searchParams($this->searchClassId); $params->activateAllFacets(); ?>
- <? foreach ($this->ranges as $current): $escField = $this->escapeHtml($current['field']); ?>
+ <? foreach ($this->ranges as $current): $escField = $this->escapeHtmlAttr($current['field']); ?>
<? if ($current['type'] == 'date'): ?>
<? /* Load the publication date slider UI widget */ $this->headScript()->appendFile('pubdate_slider.js'); ?>
<? endif; ?>
- <input type="hidden" name="<?=$this->escapeHtml($current['type'])?>range[]" value="<?=$escField?>"/>
+ <input type="hidden" name="<?=$this->escapeHtmlAttr($current['type'])?>range[]" value="<?=$escField?>"/>
<fieldset class="publishDateLimit span-5" id="<?=$escField?>">
<legend><?=$this->transEsc($params->getFacetLabel($current['field']))?></legend>
<label for="<?=$escField?>from"><?=$this->transEsc('date_from')?>:</label>
- <input type="text" size="4" maxlength="4" class="yearbox" name="<?=$escField?>from" id="<?=$escField?>from" value="<?=$this->escapeHtml($current['values'][0])?>" />
+ <input type="text" size="4" maxlength="4" class="yearbox" name="<?=$escField?>from" id="<?=$escField?>from" value="<?=$this->escapeHtmlAttr($current['values'][0])?>" />
<label for="<?=$escField?>to"><?=$this->transEsc('date_to')?>:</label>
- <input type="text" size="4" maxlength="4" class="yearbox" name="<?=$escField?>to" id="<?=$escField?>to" value="<?=$this->escapeHtml($current['values'][1])?>" />
- <div id="<?=$escField?>Slider" class="<?=$this->escapeHtml($current['type'])?>Slider"></div>
+ <input type="text" size="4" maxlength="4" class="yearbox" name="<?=$escField?>to" id="<?=$escField?>to" value="<?=$this->escapeHtmlAttr($current['values'][1])?>" />
+ <div id="<?=$escField?>Slider" class="<?=$this->escapeHtmlAttr($current['type'])?>Slider"></div>
</fieldset>
<? endforeach; ?>
<? endif; ?>
diff --git a/themes/blueprint/templates/search/advanced/solr.phtml b/themes/blueprint/templates/search/advanced/solr.phtml
index 632c525c0a2..ec1923f6444 100644
--- a/themes/blueprint/templates/search/advanced/solr.phtml
+++ b/themes/blueprint/templates/search/advanced/solr.phtml
@@ -9,8 +9,8 @@
<? if (!empty($this->facetList)): ?>
<? foreach ($this->facetList as $field => $list): ?>
<div class="<?=($field=='callnumber-first')?'span-7':'span-4'?>">
- <label class="displayBlock" for="limit_<?=$this->escapeHtml(str_replace(' ', '', $field))?>"><?=$this->transEsc($list['label'])?>:</label>
- <select id="limit_<?=$this->escapeHtml(str_replace(' ', '', $field))?>" name="filter[]" multiple="multiple" size="10">
+ <label class="displayBlock" for="limit_<?=$this->escapeHtmlAttr(str_replace(' ', '', $field))?>"><?=$this->transEsc($list['label'])?>:</label>
+ <select id="limit_<?=$this->escapeHtmlAttr(str_replace(' ', '', $field))?>" name="filter[]" multiple="multiple" size="10">
<?
// Sort the current facet list alphabetically; we'll use this data
// along with the foreach below to display facet options in the
@@ -23,7 +23,7 @@
?>
<? foreach ($sorted as $i => $display): ?>
<? $value = $list['list'][$i]; ?>
- <option value="<?=$this->escapeHtml(($value['operator'] == 'OR' ? '~' : '') . $field . ':"' . $value['value'] . '"')?>"<?=(isset($value['selected']) && $value['selected'])?' selected="selected"':''?>><?=$this->escapeHtml($display)?></option>
+ <option value="<?=$this->escapeHtmlAttr(($value['operator'] == 'OR' ? '~' : '') . $field . ':"' . $value['value'] . '"')?>"<?=(isset($value['selected']) && $value['selected'])?' selected="selected"':''?>><?=$this->escapeHtml($display)?></option>
<? endforeach; ?>
</select>
</div>
@@ -34,8 +34,8 @@
<fieldset class="span-4">
<legend><?=$this->transEsc("Illustrated")?>:</legend>
<? foreach ($this->illustratedLimit as $current): ?>
- <input id="illustrated_<?=$this->escapeHtml($current['value'])?>" type="radio" name="illustration" value="<?=$this->escapeHtml($current['value'])?>"<?=$current['selected']?' checked="checked"':''?>/>
- <label for="illustrated_<?=$this->escapeHtml($current['value'])?>"><?=$this->transEsc($current['text'])?></label><br/>
+ <input id="illustrated_<?=$this->escapeHtmlAttr($current['value'])?>" type="radio" name="illustration" value="<?=$this->escapeHtmlAttr($current['value'])?>"<?=$current['selected']?' checked="checked"':''?>/>
+ <label for="illustrated_<?=$this->escapeHtmlAttr($current['value'])?>"><?=$this->transEsc($current['text'])?></label><br/>
<? endforeach; ?>
</fieldset>
<? endif; ?>
diff --git a/themes/blueprint/templates/search/advanced/summon.phtml b/themes/blueprint/templates/search/advanced/summon.phtml
index 9f15eda7923..2aa1c67cec4 100644
--- a/themes/blueprint/templates/search/advanced/summon.phtml
+++ b/themes/blueprint/templates/search/advanced/summon.phtml
@@ -9,8 +9,8 @@
<? if (!empty($this->facetList)): ?>
<? foreach ($this->facetList as $field => $list): ?>
<div class="span-5">
- <label class="displayBlock" for="limit_<?=$this->escapeHtml(str_replace(' ', '', $field))?>"><?=$this->transEsc($list['label'])?>:</label>
- <select id="limit_<?=$this->escapeHtml(str_replace(' ', '', $field))?>" name="filter[]" multiple="multiple" size="10">
+ <label class="displayBlock" for="limit_<?=$this->escapeHtmlAttr(str_replace(' ', '', $field))?>"><?=$this->transEsc($list['label'])?>:</label>
+ <select id="limit_<?=$this->escapeHtmlAttr(str_replace(' ', '', $field))?>" name="filter[]" multiple="multiple" size="10">
<?
// Sort the current facet list alphabetically; we'll use this data
// along with the foreach below to display facet options in the
@@ -23,7 +23,7 @@
?>
<? foreach ($sorted as $i => $display): ?>
<? $value = $list['list'][$i]; ?>
- <option value="<?=$this->escapeHtml(($value['operator'] == 'OR' ? '~' : '') . $field . ':"' . $value['value'] . '"')?>"<?=(isset($value['selected']) && $value['selected'])?' selected="selected"':''?>><?=$this->escapeHtml($display)?></option>
+ <option value="<?=$this->escapeHtmlAttr(($value['operator'] == 'OR' ? '~' : '') . $field . ':"' . $value['value'] . '"')?>"<?=(isset($value['selected']) && $value['selected'])?' selected="selected"':''?>><?=$this->escapeHtml($display)?></option>
<? endforeach; ?>
</select>
</div>
diff --git a/themes/blueprint/templates/search/controls/limit.phtml b/themes/blueprint/templates/search/controls/limit.phtml
index c1297968ff7..28269b34598 100644
--- a/themes/blueprint/templates/search/controls/limit.phtml
+++ b/themes/blueprint/templates/search/controls/limit.phtml
@@ -4,7 +4,7 @@
<label for="limit"><?=$this->transEsc('Results per page')?></label>
<select id="limit" name="limit" class="jumpMenu">
<? foreach ($limitList as $limitVal => $limitData): ?>
- <option value="<?=$this->escapeHtml($limitVal)?>"<?=$limitData['selected']?' selected="selected"':''?>><?=$this->escapeHtml($limitData['desc'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($limitVal)?>"<?=$limitData['selected']?' selected="selected"':''?>><?=$this->escapeHtml($limitData['desc'])?></option>
<? endforeach; ?>
</select>
<noscript><input type="submit" value="<?=$this->transEsc("Set")?>" /></noscript>
diff --git a/themes/blueprint/templates/search/controls/sort.phtml b/themes/blueprint/templates/search/controls/sort.phtml
index 5b786358990..d6b55615ee1 100644
--- a/themes/blueprint/templates/search/controls/sort.phtml
+++ b/themes/blueprint/templates/search/controls/sort.phtml
@@ -4,7 +4,7 @@
<label for="sort_options_1"><?=$this->transEsc('Sort')?></label>
<select id="sort_options_1" name="sort" class="jumpMenu">
<? foreach ($list as $sortType => $sortData): ?>
- <option value="<?=$this->escapeHtml($sortType)?>"<?=$sortData['selected']?' selected="selected"':''?>><?=$this->transEsc($sortData['desc'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($sortType)?>"<?=$sortData['selected']?' selected="selected"':''?>><?=$this->transEsc($sortData['desc'])?></option>
<? endforeach; ?>
</select>
<noscript><input type="submit" value="<?=$this->transEsc("Set")?>" /></noscript>
diff --git a/themes/blueprint/templates/search/email.phtml b/themes/blueprint/templates/search/email.phtml
index 18bb6b667f3..a87c97f8d60 100644
--- a/themes/blueprint/templates/search/email.phtml
+++ b/themes/blueprint/templates/search/email.phtml
@@ -8,7 +8,7 @@
?>
<?=$this->flashmessages()?>
<form action="" method="post" name="emailSearch">
- <input type="hidden" name="url" value="<?=$this->escapeHtml($this->url)?>" />
+ <input type="hidden" name="url" value="<?=$this->escapeHtmlAttr($this->url)?>" />
<label class="displayBlock" for="email_to"><?=$this->transEsc('To')?>:</label>
<input id="email_to" type="text" name="to" value="<?=isset($this->to) ? $this->to : ''?>" size="40" class="mainFocus <?=$this->jqueryValidation(array('required'=>'This field is required', 'email'=>'Email address is invalid'))?>"/>
<? if (!$this->disableFrom): ?>
diff --git a/themes/blueprint/templates/search/home.phtml b/themes/blueprint/templates/search/home.phtml
index eccf9134a26..d66ca574513 100644
--- a/themes/blueprint/templates/search/home.phtml
+++ b/themes/blueprint/templates/search/home.phtml
@@ -21,7 +21,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_home_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? endif; ?>
diff --git a/themes/blueprint/templates/search/newitem.phtml b/themes/blueprint/templates/search/newitem.phtml
index 1817184e36c..68896bdde51 100644
--- a/themes/blueprint/templates/search/newitem.phtml
+++ b/themes/blueprint/templates/search/newitem.phtml
@@ -12,8 +12,8 @@
<fieldset>
<legend><?=$this->transEsc('Range')?>:</legend>
<? foreach ($this->ranges as $key => $range): ?>
- <input id="newitem_range_<?=$this->escapeHtml($key)?>" type="radio" name="range" value="<?=$this->escapeHtml($range)?>"<?= ($key == 0) ? ' checked="checked"' : ''?>/>
- <label for="newitem_range_<?=$this->escapeHtml($key)?>">
+ <input id="newitem_range_<?=$this->escapeHtmlAttr($key)?>" type="radio" name="range" value="<?=$this->escapeHtmlAttr($range)?>"<?= ($key == 0) ? ' checked="checked"' : ''?>/>
+ <label for="newitem_range_<?=$this->escapeHtmlAttr($key)?>">
<?=($range == 1) ? $this->transEsc('Yesterday') : $this->transEsc('Past') . ' ' . $this->escapeHtml($range) . ' ' . $this->transEsc('Days')?>
</label>
<br/>
@@ -25,7 +25,7 @@
<label class="displayBlock" for="newitem_department"><?=$this->transEsc('Department')?>:</label>
<select id="newitem_department" name="department" size="10">
<? foreach ($this->fundList as $fundId => $fund): ?>
- <option value="<?=$this->escapeHtml($fundId)?>"><?=$this->transEsc($fund)?></option>
+ <option value="<?=$this->escapeHtmlAttr($fundId)?>"><?=$this->transEsc($fund)?></option>
<? endforeach; ?>
</select>
</div>
diff --git a/themes/blueprint/templates/search/reserves.phtml b/themes/blueprint/templates/search/reserves.phtml
index dd95e2cbfd3..02d39641af3 100644
--- a/themes/blueprint/templates/search/reserves.phtml
+++ b/themes/blueprint/templates/search/reserves.phtml
@@ -13,7 +13,7 @@
<select name="course" id="reserves_by_course">
<option></option>
<? foreach ($this->courseList as $courseId => $courseName): ?>
- <option value="<?=$this->escapeHtml($courseId)?>"><?=$this->escapeHtml($courseName)?></option>
+ <option value="<?=$this->escapeHtmlAttr($courseId)?>"><?=$this->escapeHtml($courseName)?></option>
<? endforeach; ?>
</select>
<input type="submit" name="submit" value="<?=$this->transEsc('Find')?>"/>
@@ -27,7 +27,7 @@
<select name="inst" id="reserves_by_inst">
<option></option>
<? foreach ($this->instList as $instId => $instName): ?>
- <option value="<?=$this->escapeHtml($instId)?>"><?=$this->escapeHtml($instName)?></option>
+ <option value="<?=$this->escapeHtmlAttr($instId)?>"><?=$this->escapeHtml($instName)?></option>
<? endforeach; ?>
</select>
<input type="submit" name="submit" value="<?=$this->transEsc('Find')?>"/>
@@ -41,7 +41,7 @@
<select name="dept" id="reserves_by_dept">
<option></option>
<? foreach ($this->deptList as $deptId => $deptName): ?>
- <option value="<?=$this->escapeHtml($deptId)?>"><?=$this->escapeHtml($deptName)?></option>
+ <option value="<?=$this->escapeHtmlAttr($deptId)?>"><?=$this->escapeHtml($deptName)?></option>
<? endforeach; ?>
</select>
<input type="submit" name="submit" value="<?=$this->transEsc('Find')?>"/>
diff --git a/themes/blueprint/templates/search/reservessearch.phtml b/themes/blueprint/templates/search/reservessearch.phtml
index 36888cf0d6d..9f93b9d06ff 100644
--- a/themes/blueprint/templates/search/reservessearch.phtml
+++ b/themes/blueprint/templates/search/reservessearch.phtml
@@ -13,7 +13,7 @@
<h3><?=$this->transEsc('Search For Items on Reserve')?></h3>
<form method="get" action="" name="reservesSearchForm" class="search">
<label for="reservesSearchForm_lookfor" class="offscreen"><?=$this->transEsc("Your search terms")?></label>
- <input id="reservesSearchForm_lookfor" type="text" name="lookfor" size="40" value="<?=$this->escapeHtml($reservesLookfor)?>" <?=$this->searchOptions('SolrReserves')->autocompleteEnabled() ? ' class="autocomplete searcher:SolrReserves type:Reserves"' : ''?> />
+ <input id="reservesSearchForm_lookfor" type="text" name="lookfor" size="40" value="<?=$this->escapeHtmlAttr($reservesLookfor)?>" <?=$this->searchOptions('SolrReserves')->autocompleteEnabled() ? ' class="autocomplete searcher:SolrReserves type:Reserves"' : ''?> />
<input type="submit" name="submit" value="<?=$this->transEsc("Find")?>"/>
</form>
<script type="text/javascript">$("#reservesSearchForm_lookfor").focus()</script>
@@ -52,7 +52,7 @@
</tr>
<? foreach ($this->results->getResults() as $record): ?>
<?
- $url = $this->currentPath() . $this->escapeHtml(
+ $url = $this->currentPath() . $this->escapeHtmlAttr(
'?inst=' . urlencode($record->getInstructorId())
. '&course=' . urlencode($record->getCourseId())
. '&dept=' . urlencode($record->getDepartmentId())
diff --git a/themes/blueprint/templates/search/searchbox.phtml b/themes/blueprint/templates/search/searchbox.phtml
index 212ef848fdb..ad9dbb976f3 100644
--- a/themes/blueprint/templates/search/searchbox.phtml
+++ b/themes/blueprint/templates/search/searchbox.phtml
@@ -25,7 +25,7 @@
<li<?=$tab['selected'] ? ' class="active"' : ''?>>
<?
if (!$tab['selected']) {
- echo '<a href="' . $this->escapeHtml($tab['url']) . '">';
+ echo '<a href="' . $this->escapeHtmlAttr($tab['url']) . '">';
}
echo $this->transEsc($tab['label']);
if (!$tab['selected']) {
@@ -37,23 +37,23 @@
</ul>
<? endif; ?>
<? if ($this->searchType == 'advanced'): ?>
- <a href="<?=$this->url($advSearch)?>?edit=<?=$this->escapeHtml($this->searchId)?>" class="small"><?=$this->transEsc("Edit this Advanced Search")?></a> |
+ <a href="<?=$this->url($advSearch)?>?edit=<?=$this->escapeHtmlAttr($this->searchId)?>" class="small"><?=$this->transEsc("Edit this Advanced Search")?></a> |
<a href="<?=$this->url($advSearch)?>" class="small"><?=$this->transEsc("Start a new Advanced Search")?></a> |
<a href="<?=$this->url($searchHome)?>" class="small"><?=$this->transEsc("Start a new Basic Search")?></a>
<br/><?=$this->transEsc("Your search terms")?> : "<strong><?=$this->escapeHtml($this->lookfor)?></strong>"
<? else: ?>
<form method="get" action="<?=$this->url($basicSearch)?>" name="searchForm" id="searchForm" class="search">
<label for="searchForm_lookfor" class="offscreen"><?=$this->transEsc("Your search terms")?></label>
- <input id="searchForm_lookfor" type="text" name="lookfor" size="40" value="<?=$this->escapeHtml($this->lookfor)?>"<?=$this->searchbox()->autocompleteEnabled($this->searchClassId) ? ' class="autocomplete searcher:' . $this->escapeHtml($this->searchClassId) . ' typeSelector:searchForm_type"' : ''?>/>
+ <input id="searchForm_lookfor" type="text" name="lookfor" size="40" value="<?=$this->escapeHtmlAttr($this->lookfor)?>"<?=$this->searchbox()->autocompleteEnabled($this->searchClassId) ? ' class="autocomplete searcher:' . $this->escapeHtmlAttr($this->searchClassId) . ' typeSelector:searchForm_type"' : ''?>/>
<label for="searchForm_type" class="offscreen"><?=$this->transEsc("Search Type")?></label>
<? if ($handlerCount > 1): ?>
<select id="searchForm_type" name="type" data-native-menu="false">
<? foreach ($handlers as $handler): ?>
- <option value="<?=$this->escapeHtml($handler['value'])?>"<?=$handler['selected'] ? ' selected="selected"' : ''?>><?=$handler['indent'] ? '-- ' : ''?><?=$this->transEsc($handler['label'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($handler['value'])?>"<?=$handler['selected'] ? ' selected="selected"' : ''?>><?=$handler['indent'] ? '-- ' : ''?><?=$this->transEsc($handler['label'])?></option>
<? endforeach; ?>
</select>
<? elseif ($handlerCount == 1): ?>
- <input type="hidden" name="type" value="<?=$this->escapeHtml($handlers[0]['value'])?>" />
+ <input type="hidden" name="type" value="<?=$this->escapeHtmlAttr($handlers[0]['value'])?>" />
<? endif; ?>
<input type="submit" name="submit" value="<?=$this->transEsc("Find")?>"/>
<? if ($advSearch): ?>
@@ -68,7 +68,7 @@
<br />
<? foreach ($shards as $shard => $val): ?>
<? $isSelected = in_array($shard, $selectedShards); ?>
- <input type="checkbox" <?=$isSelected ? 'checked="checked" ' : ''?>name="shard[]" value='<?=$this->escapeHtml($shard)?>' /> <?=$this->transEsc($shard)?>
+ <input type="checkbox" <?=$isSelected ? 'checked="checked" ' : ''?>name="shard[]" value='<?=$this->escapeHtmlAttr($shard)?>' /> <?=$this->transEsc($shard)?>
<? endforeach; ?>
<? endif; ?>
<?
@@ -83,8 +83,8 @@
<input type="checkbox"<?=$defaultFilterState?> id="searchFormKeepFilters"/> <label for="searchFormKeepFilters"><?=$this->transEsc("basic_search_keep_filters")?></label>
<div class="offscreen">
<? foreach ($filterDetails as $current): ?>
- <input id="<?=$this->escapeHtml($current['id'])?>" type="checkbox"<?=$defaultFilterState?> name="filter[]" value="<?=$this->escapeHtml($current['value'])?>" />
- <label for="<?=$this->escapeHtml($current['id'])?>"><?=$this->escapeHtml($current['value'])?></label>
+ <input id="<?=$this->escapeHtmlAttr($current['id'])?>" type="checkbox"<?=$defaultFilterState?> name="filter[]" value="<?=$this->escapeHtmlAttr($current['value'])?>" />
+ <label for="<?=$this->escapeHtmlAttr($current['id'])?>"><?=$this->escapeHtml($current['value'])?></label>
<? endforeach; ?>
<? if (isset($hasDefaultsApplied) && $hasDefaultsApplied): ?>
<!-- this is a hidden element that flags whether or not default filters have been applied;
@@ -97,14 +97,14 @@
<?
/* Show hidden field for active search class when in combined handler mode. */
if ($this->searchbox()->combinedHandlersActive()) {
- echo '<input type="hidden" name="activeSearchClassId" value="' . $this->escapeHtml($this->searchClassId) . '" />';
+ echo '<input type="hidden" name="activeSearchClassId" value="' . $this->escapeHtmlAttr($this->searchClassId) . '" />';
}
/* Load hidden limit preference from Session */
if (!empty($lastLimit)) {
- echo '<input type="hidden" name="limit" value="' . $this->escapeHtml($lastLimit) . '" />';
+ echo '<input type="hidden" name="limit" value="' . $this->escapeHtmlAttr($lastLimit) . '" />';
}
if (!empty($lastSort)) {
- echo '<input type="hidden" name="sort" value="' . $this->escapeHtml($lastSort) . '" />';
+ echo '<input type="hidden" name="sort" value="' . $this->escapeHtmlAttr($lastSort) . '" />';
}
?>
</form>
diff --git a/themes/blueprint/templates/upgrade/getdbcredentials.phtml b/themes/blueprint/templates/upgrade/getdbcredentials.phtml
index 549e92ae558..471babd487e 100644
--- a/themes/blueprint/templates/upgrade/getdbcredentials.phtml
+++ b/themes/blueprint/templates/upgrade/getdbcredentials.phtml
@@ -14,7 +14,7 @@ with permission to alter and create tables.</p>
<form method="post" action="<?=$this->url('upgrade-getdbcredentials')?>">
<table>
<tbody>
- <tr><td>MySQL Root User: </td><td><input type="text" name="dbrootuser" value="<?=$this->escapeHtml($this->dbrootuser)?>"/></td></tr>
+ <tr><td>MySQL Root User: </td><td><input type="text" name="dbrootuser" value="<?=$this->escapeHtmlAttr($this->dbrootuser)?>"/></td></tr>
<tr><td>MySQL Root Password: </td><td><input type="password" name="dbrootpass" value=""/></td></tr>
<tr><td></td><td><input type="submit" name="submit" value="<?=$this->transEsc('Submit') ?>" /></td></tr>
</tbody>
diff --git a/themes/bootprint/templates/RecordDriver/SolrDefault/result-list.phtml b/themes/bootprint/templates/RecordDriver/SolrDefault/result-list.phtml
index 01c99291289..005d6524689 100644
--- a/themes/bootprint/templates/RecordDriver/SolrDefault/result-list.phtml
+++ b/themes/bootprint/templates/RecordDriver/SolrDefault/result-list.phtml
@@ -1,10 +1,10 @@
<div class="row-fluid <?=$this->driver->supportsAjaxStatus()?' ajaxItem':''?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" class="hiddenSource" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" class="hiddenSource" />
<div class="span2 switch-margins left">
<a href="<?=$this->recordLink()->getUrl($this->driver)?>" class="title">
<? if ($summThumb = $this->record($this->driver)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -135,7 +135,7 @@
<? if (!is_array($urls)) $urls = array();
if(!$this->driver->isCollection()):
foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><i class="icon-external-link"></i> <?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a><br/>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><i class="icon-external-link"></i> <?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a><br/>
<? endforeach; ?>
<? endif; ?>
<? endif; ?>
@@ -159,9 +159,9 @@
$this->jsTranslations()->addStrings(array('qrcode_hide' => 'qrcode_hide', 'qrcode_show' => 'qrcode_show'));
?>
<span class="hidden-phone">
- <i class="icon-qrcode"></i> <a href="<?=$this->escapeHtml($QRCode);?>" class="qrcodeLink"><?=$this->transEsc('qrcode_show')?></a>
+ <i class="icon-qrcode"></i> <a href="<?=$this->escapeHtmlAttr($QRCode);?>" class="qrcodeLink"><?=$this->transEsc('qrcode_show')?></a>
<div class="qrcode hide">
- <img alt="<?=$this->transEsc('QR Code')?>" class="img-polaroid" src="<?=$this->escapeHtml($QRCode);?>"/>
+ <img alt="<?=$this->transEsc('QR Code')?>" class="img-polaroid" src="<?=$this->escapeHtmlAttr($QRCode);?>"/>
</div><br/>
</span>
<? endif; ?>
@@ -180,7 +180,7 @@
<? $trees = $this->driver->tryMethod('getHierarchyTrees'); if (!empty($trees)): ?>
<? foreach ($trees as $hierarchyID => $hierarchyTitle): ?>
<div class="hierarchyTreeLink">
- <input type="hidden" value="<?=$this->escapeHtml($hierarchyID)?>" class="hiddenHierarchyId" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($hierarchyID)?>" class="hiddenHierarchyId" />
<i class="icon-sitemap"></i>
<a class="hierarchyTreeLinkText modal-link" href="<?=$this->recordLink()->getTabUrl($this->driver, 'HierarchyTree')?>?hierarchy=<?=urlencode($hierarchyID)?>#tabnav" title="<?=$this->transEsc('hierarchy_tree')?>">
<?=$this->transEsc('hierarchy_view_context')?><? if (count($trees) > 1): ?>: <?=$this->escapeHtml($hierarchyTitle)?><? endif; ?>
@@ -191,4 +191,4 @@
</div>
</div>
-<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtml($openUrl).'"></span>':''?>
+<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtmlAttr($openUrl).'"></span>':''?>
diff --git a/themes/bootprint/templates/header.phtml b/themes/bootprint/templates/header.phtml
index d8d3e0bce95..bff7bcf7acb 100644
--- a/themes/bootprint/templates/header.phtml
+++ b/themes/bootprint/templates/header.phtml
@@ -38,7 +38,7 @@
<div class="controls">
<select onChange="document.themeForm.submit()" id="themeForm_ui" name="ui">
<? foreach ($this->layout()->themeOptions as $current): ?>
- <option value="<?=$this->escapeHtml($current['name'])?>"<?=$current['selected'] ? ' selected="selected"' : ''?>><?=$this->transEsc($current['desc'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($current['name'])?>"<?=$current['selected'] ? ' selected="selected"' : ''?>><?=$this->transEsc($current['desc'])?></option>
<? endforeach; ?>
</select>
<noscript><input type="submit" value="<?=$this->transEsc("Set")?>" /></noscript>
diff --git a/themes/bootprint/templates/myresearch/bulk-action-buttons.phtml b/themes/bootprint/templates/myresearch/bulk-action-buttons.phtml
index f7af2780569..d3236184fbe 100644
--- a/themes/bootprint/templates/myresearch/bulk-action-buttons.phtml
+++ b/themes/bootprint/templates/myresearch/bulk-action-buttons.phtml
@@ -1,6 +1,6 @@
<? if (isset($list)): ?>
- <input type="hidden" name="listID" value="<?=$this->escapeHtml($list->id)?>" />
- <input type="hidden" name="listName" value="<?=$this->escapeHtml($list->title)?>" />
+ <input type="hidden" name="listID" value="<?=$this->escapeHtmlAttr($list->id)?>" />
+ <input type="hidden" name="listName" value="<?=$this->escapeHtmlAttr($list->title)?>" />
<? endif; ?>
<? $user = $this->auth()->isLoggedIn(); ?>
<label class="checkbox">
@@ -10,7 +10,7 @@
<span class="help-inline"><?=$this->transEsc('with_selected')?>: </span>
<button class="btn btn-link" type="submit" name="email" value="1" title="<?=$this->transEsc('email_selected')?>"><i class="icon-email"></i> <?=$this->transEsc('Email')?></button>
<? if ((!is_null($this->list) && $this->list->editAllowed($user)) || is_null($this->list) && $user): ?>
- <button class="btn btn-link" id="<?=$this->idPrefix?>delete_list_items_<?=!is_null($this->list) ? $this->escapeHtml($this->list->id) : ''?>" type="submit" name="delete" value="1" title="<?=$this->transEsc('delete_selected')?>"><i class="icon-trash"></i> <?=$this->transEsc('Delete')?></button>
+ <button class="btn btn-link" id="<?=$this->idPrefix?>delete_list_items_<?=!is_null($this->list) ? $this->escapeHtmlAttr($this->list->id) : ''?>" type="submit" name="delete" value="1" title="<?=$this->transEsc('delete_selected')?>"><i class="icon-trash"></i> <?=$this->transEsc('Delete')?></button>
<? endif; ?>
<? $exportOptions = $this->export()->getBulkOptions(); if (count($exportOptions) > 0): ?>
<button class="btn btn-link" type="submit" name="export" value="1" title="<?=$this->transEsc('export_selected')?>"><i class="icon-export"></i> <?=$this->transEsc('Export')?></button>
diff --git a/themes/bootprint/templates/myresearch/checkedout.phtml b/themes/bootprint/templates/myresearch/checkedout.phtml
index b04b4c5b66e..fc5ed68df33 100644
--- a/themes/bootprint/templates/myresearch/checkedout.phtml
+++ b/themes/bootprint/templates/myresearch/checkedout.phtml
@@ -23,17 +23,17 @@
<? $i = 0; foreach ($this->transactions as $resource): ?>
<hr/>
<? $ilsDetails = $resource->getExtraDetail('ils_details'); ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId())?>" class="row-fluid">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId())?>" class="row-fluid">
<? if ($this->renewForm): ?>
<? if (isset($ilsDetails['renewable']) && $ilsDetails['renewable'] && isset($ilsDetails['renew_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $ilsDetails['renew_details']); ?>
- <input class="pull-left" type="checkbox" name="renewSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['renew_details'])?>" id="checkbox_<?=$safeId?>" />
- <input class="pull-left" type="hidden" name="renewAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['renew_details'])?>" />
+ <input class="pull-left" type="checkbox" name="renewSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['renew_details'])?>" id="checkbox_<?=$safeId?>" />
+ <input class="pull-left" type="hidden" name="renewAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['renew_details'])?>" />
<? endif; ?>
<? endif; ?>
<div class="span2 text-center">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -112,7 +112,7 @@
<div class="alert alert-info"><?=$this->transEsc($ilsDetails['message'])?></div>
<? endif; ?>
<? if (isset($ilsDetails['renewable']) && $ilsDetails['renewable'] && isset($ilsDetails['renew_link'])): ?>
- <a href="<?=$this->escapeHtml($ilsDetails['renew_link'])?>"><?=$this->transEsc('renew_item')?></a>
+ <a href="<?=$this->escapeHtmlAttr($ilsDetails['renew_link'])?>"><?=$this->transEsc('renew_item')?></a>
<? endif; ?>
</div>
</div>
diff --git a/themes/bootprint/templates/myresearch/holds.phtml b/themes/bootprint/templates/myresearch/holds.phtml
index b689c077509..22fe25966b9 100644
--- a/themes/bootprint/templates/myresearch/holds.phtml
+++ b/themes/bootprint/templates/myresearch/holds.phtml
@@ -40,17 +40,17 @@
<hr/>
<? $iteration++; ?>
<? $ilsDetails = $resource->getExtraDetail('ils_details'); ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId()) ?>" class="row-fluid">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId()) ?>" class="row-fluid">
<? if ($this->cancelForm && isset($ilsDetails['cancel_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $resource->getUniqueId()); ?>
- <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" />
+ <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" />
<div class="pull-left">
- <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" id="checkbox_<?=$safeId?>" />
+ <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" id="checkbox_<?=$safeId?>" />
</div>
<? endif; ?>
<div class="span2 text-center">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -136,7 +136,7 @@
<p><strong><?=$this->transEsc("hold_queue_position") ?>:</strong> <?=$this->escapeHtml($ilsDetails['position']) ?></p>
<? endif; ?>
<? if (isset($ilsDetails['cancel_link'])): ?>
- <p><a href="<?=$this->escapeHtml($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("hold_cancel") ?></a></p>
+ <p><a href="<?=$this->escapeHtmlAttr($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("hold_cancel") ?></a></p>
<? endif; ?>
</div>
diff --git a/themes/bootprint/templates/myresearch/storageretrievalrequests.phtml b/themes/bootprint/templates/myresearch/storageretrievalrequests.phtml
index 8f3031a2998..a3cfe870441 100644
--- a/themes/bootprint/templates/myresearch/storageretrievalrequests.phtml
+++ b/themes/bootprint/templates/myresearch/storageretrievalrequests.phtml
@@ -40,17 +40,17 @@
<hr/>
<? $iteration++; ?>
<? $ilsDetails = $resource->getExtraDetail('ils_details'); ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId()) ?>" class="row-fluid">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId()) ?>" class="row-fluid">
<? if ($this->cancelForm && isset($ilsDetails['cancel_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $resource->getUniqueId()); ?>
- <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" />
+ <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" />
<div class="pull-left">
- <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" id="checkbox_<?=$safeId?>" />
+ <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" id="checkbox_<?=$safeId?>" />
</div>
<? endif; ?>
<div class="span2 text-center">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -137,7 +137,7 @@
<div class="text-success"><?=$this->transEsc("storage_retrieval_request_canceled") . (is_string($ilsDetails['canceled']) ? ': ' . $ilsDetails['canceled'] : '') ?></div>
<? endif; ?>
<? if (isset($ilsDetails['cancel_link'])): ?>
- <p><a href="<?=$this->escapeHtml($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("storage_retrieval_request_cancel") ?></a></p>
+ <p><a href="<?=$this->escapeHtmlAttr($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("storage_retrieval_request_cancel") ?></a></p>
<? endif; ?>
</div>
diff --git a/themes/bootprint/templates/search/home.phtml b/themes/bootprint/templates/search/home.phtml
index 04b3d55136a..09fd26e5ba8 100644
--- a/themes/bootprint/templates/search/home.phtml
+++ b/themes/bootprint/templates/search/home.phtml
@@ -23,7 +23,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_home_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? endif; ?>
diff --git a/themes/bootstrap/templates/Auth/AbstractBase/login.phtml b/themes/bootstrap/templates/Auth/AbstractBase/login.phtml
index 539c1e484b9..8411874fb7f 100644
--- a/themes/bootstrap/templates/Auth/AbstractBase/login.phtml
+++ b/themes/bootstrap/templates/Auth/AbstractBase/login.phtml
@@ -18,5 +18,5 @@
</div>
</form>
<? else: ?>
- <a href="<?=$this->escapeHtml($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
+ <a href="<?=$this->escapeHtmlAttr($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
<? endif; ?>
diff --git a/themes/bootstrap/templates/Auth/AbstractBase/loginfields.phtml b/themes/bootstrap/templates/Auth/AbstractBase/loginfields.phtml
index ef6f561fcf7..c29d356fe48 100644
--- a/themes/bootstrap/templates/Auth/AbstractBase/loginfields.phtml
+++ b/themes/bootstrap/templates/Auth/AbstractBase/loginfields.phtml
@@ -1,7 +1,7 @@
<div class="control-group">
<label class="control-label" for="login_username"><?=$this->transEsc('Username')?>:</label>
<div class="controls">
- <input id="login_username" type="text" name="username" value="<?=$this->escapeHtml($this->request->get('username'))?>"/>
+ <input id="login_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>"/>
</div>
</div>
<div class="control-group">
diff --git a/themes/bootstrap/templates/Auth/Database/create.phtml b/themes/bootstrap/templates/Auth/Database/create.phtml
index 1cce7762aaf..bf43e8bdbd3 100644
--- a/themes/bootstrap/templates/Auth/Database/create.phtml
+++ b/themes/bootstrap/templates/Auth/Database/create.phtml
@@ -1,25 +1,25 @@
<div class="control-group">
<label class="control-label" for="account_firstname"><?=$this->transEsc('First Name')?>:</label>
<div class="controls">
- <input id="account_firstname" type="text" name="firstname" value="<?=$this->escapeHtml($this->request->get('firstname'))?>"/>
+ <input id="account_firstname" type="text" name="firstname" value="<?=$this->escapeHtmlAttr($this->request->get('firstname'))?>"/>
</div>
</div>
<div class="control-group">
<label class="control-label" for="account_lastname"><?=$this->transEsc('Last Name')?>:</label>
<div class="controls">
- <input id="account_lastname" type="text" name="lastname" value="<?=$this->escapeHtml($this->request->get('lastname'))?>"/>
+ <input id="account_lastname" type="text" name="lastname" value="<?=$this->escapeHtmlAttr($this->request->get('lastname'))?>"/>
</div>
</div>
<div class="control-group">
<label class="control-label" for="account_email"><?=$this->transEsc('Email Address')?>:</label>
<div class="controls">
- <input id="account_email" type="email" name="email" value="<?=$this->escapeHtml($this->request->get('email'))?>"/>
+ <input id="account_email" type="email" name="email" value="<?=$this->escapeHtmlAttr($this->request->get('email'))?>"/>
</div>
</div>
<div class="control-group">
<label class="control-label" for="account_username"><?=$this->transEsc('Desired Username')?>:</label>
<div class="controls">
- <input id="account_username" type="text" name="username" value="<?=$this->escapeHtml($this->request->get('username'))?>"/>
+ <input id="account_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>"/>
</div>
</div>
<div class="control-group">
diff --git a/themes/bootstrap/templates/Auth/MultiILS/loginfields.phtml b/themes/bootstrap/templates/Auth/MultiILS/loginfields.phtml
index 7f5dbee57dd..9cdedf2c298 100644
--- a/themes/bootstrap/templates/Auth/MultiILS/loginfields.phtml
+++ b/themes/bootstrap/templates/Auth/MultiILS/loginfields.phtml
@@ -4,7 +4,7 @@
<?$currentTarget = $this->request->get('target'); if (!$currentTarget) $currentTarget = $this->auth()->getManager()->getDefaultLoginTarget();?>
<select id="login_target" name="target">
<?foreach ($this->auth()->getManager()->getLoginTargets() as $target):?>
- <option value="<?=$this->escapeHtml($target)?>"<?=($target == $currentTarget ? ' selected="selected"' : '')?>><?=$this->transEsc("source_$target", null, $target)?></option>
+ <option value="<?=$this->escapeHtmlAttr($target)?>"<?=($target == $currentTarget ? ' selected="selected"' : '')?>><?=$this->transEsc("source_$target", null, $target)?></option>
<? endforeach ?>
</select>
</div>
@@ -12,7 +12,7 @@
<div class="control-group">
<label class="control-label" for="login_username"><?=$this->transEsc('Username')?>:</label>
<div class="controls">
- <input id="login_username" type="text" name="username" value="<?=$this->escapeHtml($this->request->get('username'))?>"/>
+ <input id="login_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>"/>
</div>
</div>
<div class="control-group">
diff --git a/themes/bootstrap/templates/Auth/Shibboleth/login.phtml b/themes/bootstrap/templates/Auth/Shibboleth/login.phtml
index 94f44ef3d93..3feb62a33fd 100644
--- a/themes/bootstrap/templates/Auth/Shibboleth/login.phtml
+++ b/themes/bootstrap/templates/Auth/Shibboleth/login.phtml
@@ -1,3 +1,3 @@
<? $account = $this->auth()->getManager(); ?>
<? $sessionInitiator = $account->getSessionInitiator($this->serverUrl($this->url('myresearch-home'))); ?>
-<a href="<?=$this->escapeHtml($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
+<a href="<?=$this->escapeHtmlAttr($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
diff --git a/themes/bootstrap/templates/Helpers/openurl.phtml b/themes/bootstrap/templates/Helpers/openurl.phtml
index 469722bf8cb..4e3d1f612f2 100644
--- a/themes/bootstrap/templates/Helpers/openurl.phtml
+++ b/themes/bootstrap/templates/Helpers/openurl.phtml
@@ -3,25 +3,25 @@
if ($this->openUrlEmbed) {
$class = ' class="fulltext openUrlEmbed openurl_id:' . $this->openUrlId . '"';
} elseif ($this->openUrlWindow) {
- $class = ' class="fulltext openUrlWindow window_settings:' . $this->escapeHtml($this->openUrlWindow) . '"';
+ $class = ' class="fulltext openUrlWindow window_settings:' . $this->escapeHtmlAttr($this->openUrlWindow) . '"';
} else {
$class = '';
}
?>
-<a href="<?=$this->escapeHtml($this->openUrlBase . '?' . $this->openUrl)?>"<?=$class?>>
+<a href="<?=$this->escapeHtmlAttr($this->openUrlBase . '?' . $this->openUrl)?>"<?=$class?>>
<? /* put the openUrl here in a span (COinS almost) so we can retrieve it later */ ?>
- <span title="<?=$this->escapeHtml($this->openUrl)?>" class="openUrl"></span>
+ <span title="<?=$this->escapeHtmlAttr($this->openUrl)?>" class="openUrl"></span>
<? if ($this->openUrlGraphic): ?>
<?
$style = '';
if ($this->openUrlGraphicWidth) {
- $style .= 'width:' . $this->escapeHtml($this->openUrlGraphicWidth) . 'px;';
+ $style .= 'width:' . $this->escapeHtmlAttr($this->openUrlGraphicWidth) . 'px;';
}
if ($this->openUrlGraphicHeight) {
- $style .= 'height:' . $this->escapeHtml($this->openUrlGraphicHeight) . 'px;';
+ $style .= 'height:' . $this->escapeHtmlAttr($this->openUrlGraphicHeight) . 'px;';
}
?>
- <img src="<?=$this->escapeHtml($this->openUrlGraphic)?>" alt="<?=$this->transEsc('Get full text')?>" style="<?=$style?>" />
+ <img src="<?=$this->escapeHtmlAttr($this->openUrlGraphic)?>" alt="<?=$this->transEsc('Get full text')?>" style="<?=$style?>" />
<? else: ?>
<?=$this->transEsc('Get full text')?>
<? endif; ?>
diff --git a/themes/bootstrap/templates/Recommend/AuthorInfo.phtml b/themes/bootstrap/templates/Recommend/AuthorInfo.phtml
index 9ade3816dd3..c8f821d0304 100644
--- a/themes/bootstrap/templates/Recommend/AuthorInfo.phtml
+++ b/themes/bootstrap/templates/Recommend/AuthorInfo.phtml
@@ -4,11 +4,11 @@
<p class="lead"><?=$this->info['name'] ?></p>
<? if (isset($this->info['image'])): ?>
- <img class="pull-left pad" src="<?=$this->info['image'] ?>" alt="<?=$this->escapeHtml($this->info['altimage']) ?>" width="150px"/>
+ <img class="pull-left pad" src="<?=$this->info['image'] ?>" alt="<?=$this->escapeHtmlAttr($this->info['altimage']) ?>" width="150px"/>
<? endif; ?>
<?=preg_replace('/___baseurl___/', $this->url('search-results'), $this->info['description']) ?>
- <a class="wikipedia" href="http://<?=$this->info['wiki_lang'] ?>.wikipedia.org/wiki/<?=$this->escapeHtml($this->info['name']/*url*/) ?>" target="new"><?=$this->transEsc('wiki_link') ?></a>
+ <a class="wikipedia" href="http://<?=$this->info['wiki_lang'] ?>.wikipedia.org/wiki/<?=$this->escapeHtmlAttr($this->info['name']/*url*/) ?>" target="new"><?=$this->transEsc('wiki_link') ?></a>
</div>
<? endif; ?>
\ No newline at end of file
diff --git a/themes/bootstrap/templates/Recommend/CollectionSideFacets.phtml b/themes/bootstrap/templates/Recommend/CollectionSideFacets.phtml
index 93ac3d8487a..56e46a1690d 100644
--- a/themes/bootstrap/templates/Recommend/CollectionSideFacets.phtml
+++ b/themes/bootstrap/templates/Recommend/CollectionSideFacets.phtml
@@ -22,10 +22,10 @@
<li class="nav-header"><?=$this->transEsc('Keyword Filter')?></li>
<li>
<form method="get" action="" name="keywordFilterForm" id="keywordFilterForm" class="keywordFilterForm">
- <input id="keywordFilter_lookfor" type="text" name="lookfor" value="<?=$this->escapeHtml($keywordFilter)?>"/>
+ <input id="keywordFilter_lookfor" type="text" name="lookfor" value="<?=$this->escapeHtmlAttr($keywordFilter)?>"/>
<? foreach ($this->recommend->getResults()->getParams()->getFilterList(true) as $field => $filters): ?>
<? foreach ($filters as $filter): ?>
- <input type="hidden" name="filter[]" value="<?=$this->escapeHtml($filter['field'])?>:"<?=$this->escapeHtml($filter['value'])?>"" />
+ <input type="hidden" name="filter[]" value="<?=$this->escapeHtmlAttr($filter['field'])?>:"<?=$this->escapeHtmlAttr($filter['value'])?>"" />
<? endforeach; ?>
<? endforeach; ?>
<input class="btn" type="submit" name="submit" value="<?=$this->transEsc('Set')?>"/>
diff --git a/themes/bootstrap/templates/Recommend/EuropeanaResults.phtml b/themes/bootstrap/templates/Recommend/EuropeanaResults.phtml
index 4b2e26942af..aa7b5d54d6c 100644
--- a/themes/bootstrap/templates/Recommend/EuropeanaResults.phtml
+++ b/themes/bootstrap/templates/Recommend/EuropeanaResults.phtml
@@ -12,9 +12,9 @@
<li class="suggestedResult <? (++$i % 2) ? 'alt ' : ''?>record<?=$i?>">
<div class="resultitem">
<? if (isset($work['enclosure'])): ?>
- <span class="europeanaImg"><img src="<?=$this->escapeHtml($work['enclosure'])?>" id="europeanaImage<?=$this->escapeHtml($workKey)?>"/></span>
+ <span class="europeanaImg"><img src="<?=$this->escapeHtmlAttr($work['enclosure'])?>" id="europeanaImage<?=$this->escapeHtmlAttr($workKey)?>"/></span>
<? endif; ?>
- <a href="<?=$this->escapeHtml($work['link'])?>" target="_blank">
+ <a href="<?=$this->escapeHtmlAttr($work['link'])?>" target="_blank">
<span><?=$this->escapeHtml($this->truncate($work['title'], 90))?></span>
</a>
<div class="clearfix"></div>
@@ -22,7 +22,7 @@
<? endforeach; ?>
</ul>
<p class="olSubjectMore">
- <a href="<?=$this->escapeHtml($data['sourceLink'])?>" title="<?=$this->escapeHtml($data['feedTitle'])?>" target="_blank">
+ <a href="<?=$this->escapeHtmlAttr($data['sourceLink'])?>" title="<?=$this->escapeHtmlAttr($data['feedTitle'])?>" target="_blank">
<?=$this->transEsc('more')?>...
</a>
</p>
diff --git a/themes/bootstrap/templates/Recommend/OpenLibrarySubjects.phtml b/themes/bootstrap/templates/Recommend/OpenLibrarySubjects.phtml
index 0ff984e793e..605100b82ae 100644
--- a/themes/bootstrap/templates/Recommend/OpenLibrarySubjects.phtml
+++ b/themes/bootstrap/templates/Recommend/OpenLibrarySubjects.phtml
@@ -8,9 +8,9 @@
<a href="http://openlibrary.org<?=$work['key']?>" title="<?=$this->transEsc('Get full text')?>" target="_blank">
<span class="olSubjectCover">
<? if (isset($work['cover_id']) && !empty($work['cover_id'])): ?>
- <img src="http://covers.openlibrary.org/b/<?=$this->escapeHtml($work['cover_id_type'])?>/<?=$this->escapeHtml($work['cover_id'])?>-S.jpg" class="olSubjectImage" alt="<?=$this->escapeHtml($work['title'])?>" />
+ <img src="http://covers.openlibrary.org/b/<?=$this->escapeHtmlAttr($work['cover_id_type'])?>/<?=$this->escapeHtmlAttr($work['cover_id'])?>-S.jpg" class="olSubjectImage" alt="<?=$this->escapeHtmlAttr($work['title'])?>" />
<? else: ?>
- <img src="<?=$this->imageLink('noCover2.gif')?>" class="olSubjectImage" alt="<?=$this->escapeHtml($work['title'])?>" />
+ <img src="<?=$this->imageLink('noCover2.gif')?>" class="olSubjectImage" alt="<?=$this->escapeHtmlAttr($work['title'])?>" />
<? endif; ?>
</span>
<span><?=$this->escapeHtml($this->truncate($work['title'], 50))?></span>
diff --git a/themes/bootstrap/templates/Recommend/RandomRecommend.phtml b/themes/bootstrap/templates/Recommend/RandomRecommend.phtml
index 7f489269297..e92d917f1e8 100644
--- a/themes/bootstrap/templates/Recommend/RandomRecommend.phtml
+++ b/themes/bootstrap/templates/Recommend/RandomRecommend.phtml
@@ -10,11 +10,11 @@
$mediumThumb = $this->record($driver)->getThumbnail('medium'); ?>
<? if ($smallThumb): ?>
<a href="<?=$this->recordLink()->getUrl($driver)?>">
- <img alt="<?=$this->transEsc('Cover Image')?>" src="<?=$this->escapeHtml($smallThumb);?>"/><br />
+ <img alt="<?=$this->transEsc('Cover Image')?>" src="<?=$this->escapeHtmlAttr($smallThumb);?>"/><br />
</a>
<?elseif($mediumThumb):?>
<a href="<?=$this->recordLink()->getUrl($driver)?>">
- <img alt="<?=$this->transEsc('Cover Image')?>" src="<?=$this->escapeHtml($mediumThumb);?>"/><br />
+ <img alt="<?=$this->transEsc('Cover Image')?>" src="<?=$this->escapeHtmlAttr($mediumThumb);?>"/><br />
</a>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" alt="<?=$this->transEsc('No Cover Image')?>"/><br />
diff --git a/themes/bootstrap/templates/Recommend/SideFacets.phtml b/themes/bootstrap/templates/Recommend/SideFacets.phtml
index 09915b710c1..544372d8b9e 100644
--- a/themes/bootstrap/templates/Recommend/SideFacets.phtml
+++ b/themes/bootstrap/templates/Recommend/SideFacets.phtml
@@ -6,8 +6,8 @@
<? foreach ($checkboxFilters as $current): ?>
<div class="checkboxFilter<?=($results->getResultTotal() < 1 && !$current['selected'] && !$current['alwaysVisible']) ? ' hide' : ''?>">
<label class="checkbox">
- <input type="checkbox" name="filter[]" value="<?=$this->escapeHtml($current['filter'])?>"
- <?=$current['selected'] ? 'checked="checked"' : ''?> id="<?=$this->escapeHtml(str_replace(' ', '', $current['desc']))?>"
+ <input type="checkbox" name="filter[]" value="<?=$this->escapeHtmlAttr($current['filter'])?>"
+ <?=$current['selected'] ? 'checked="checked"' : ''?> id="<?=$this->escapeHtmlAttr(str_replace(' ', '', $current['desc']))?>"
onclick="document.location.href='<?=$current['selected'] ? $results->getUrlQuery()->removeFilter($current['filter']) : $results->getUrlQuery()->addFilter($current['filter'])?>';" />
<?=$this->transEsc($current['desc'])?>
</label>
@@ -51,21 +51,21 @@
<? if (isset($rangeFacets[$title])): ?>
<li class="nav-header"><?=$this->transEsc($cluster['label'])?></li>
<li>
- <form class="form-inline text-center" action="" name="<?=$this->escapeHtml($title)?>Filter" id="<?=$this->escapeHtml($title)?>Filter">
+ <form class="form-inline text-center" action="" name="<?=$this->escapeHtmlAttr($title)?>Filter" id="<?=$this->escapeHtmlAttr($title)?>Filter">
<?=$results->getUrlQuery()->asHiddenFields(array('page' => "/./", 'filter' => "/^{$title}:.*/"))?>
- <input type="hidden" name="<?=$this->escapeHtml($rangeFacets[$title]['type'])?>range[]" value="<?=$this->escapeHtml($title)?>"/>
+ <input type="hidden" name="<?=$this->escapeHtmlAttr($rangeFacets[$title]['type'])?>range[]" value="<?=$this->escapeHtmlAttr($title)?>"/>
<div class="row-fluid">
- <label class="span6" for="<?=$this->escapeHtml($title)?>from">
+ <label class="span6" for="<?=$this->escapeHtmlAttr($title)?>from">
<?=$this->transEsc('date_from')?>:<br/>
- <input type="text" maxlength="4" class="span12" name="<?=$this->escapeHtml($title)?>from" id="<?=$this->escapeHtml($title)?>from" value="<?=isset($rangeFacets[$title]['values'][0])?$this->escapeHtml($rangeFacets[$title]['values'][0]):''?>" />
+ <input type="text" maxlength="4" class="span12" name="<?=$this->escapeHtmlAttr($title)?>from" id="<?=$this->escapeHtmlAttr($title)?>from" value="<?=isset($rangeFacets[$title]['values'][0])?$this->escapeHtmlAttr($rangeFacets[$title]['values'][0]):''?>" />
</label>
- <label class="span6" for="<?=$this->escapeHtml($title)?>to">
+ <label class="span6" for="<?=$this->escapeHtmlAttr($title)?>to">
<?=$this->transEsc('date_to')?>:<br/>
- <input type="text" maxlength="4" class="span12" name="<?=$this->escapeHtml($title)?>to" id="<?=$this->escapeHtml($title)?>to" value="<?=isset($rangeFacets[$title]['values'][1])?$this->escapeHtml($rangeFacets[$title]['values'][1]):''?>" />
+ <input type="text" maxlength="4" class="span12" name="<?=$this->escapeHtmlAttr($title)?>to" id="<?=$this->escapeHtmlAttr($title)?>to" value="<?=isset($rangeFacets[$title]['values'][1])?$this->escapeHtmlAttr($rangeFacets[$title]['values'][1]):''?>" />
</label>
</div>
<? if ($rangeFacets[$title]['type'] == 'date'): ?>
- <div class="row-fluid"><input type="text" class="span10 hidden" id="<?=$this->escapeHtml($title)?><?=$this->escapeHtml($rangeFacets[$title]['type'])?>Slider"/></div>
+ <div class="row-fluid"><input type="text" class="span10 hidden" id="<?=$this->escapeHtmlAttr($title)?><?=$this->escapeHtmlAttr($rangeFacets[$title]['type'])?>Slider"/></div>
<? endif; ?>
<input class="btn" type="submit" value="<?=$this->transEsc('Set')?>"/>
</form>
@@ -108,9 +108,9 @@ JS;
$thisFacet['displayText'] = "-";
}
?>
- <? $moreClass = 'narrowGroupHidden-'.$this->escapeHtml($title).' hidden'; ?>
+ <? $moreClass = 'narrowGroupHidden-'.$this->escapeHtmlAttr($title).' hidden'; ?>
<? if ($i == 6): ?>
- <li id="more-narrowGroupHidden-<?=$this->escapeHtml($title)?>"><a href="javascript:moreFacets('narrowGroupHidden-<?=$title ?>')"><?=$this->transEsc('more')?> ...</a></li>
+ <li id="more-narrowGroupHidden-<?=$this->escapeHtmlAttr($title)?>"><a href="javascript:moreFacets('narrowGroupHidden-<?=$title ?>')"><?=$this->transEsc('more')?> ...</a></li>
<? endif; ?>
<? if ($thisFacet['isApplied']): ?>
<li class="<? if ($i>5): ?><?=$moreClass ?><?endif ?><? if ($thisFacet['operator'] == 'OR'): ?> facetOR applied" href="<?=$this->currentPath().$results->getUrlQuery()->removeFacet($title, $thisFacet['value'], true, $thisFacet['operator']) ?><? endif ?>">
diff --git a/themes/bootstrap/templates/Recommend/SummonBestBets.phtml b/themes/bootstrap/templates/Recommend/SummonBestBets.phtml
index 305e3afdba0..3302226bb5a 100644
--- a/themes/bootstrap/templates/Recommend/SummonBestBets.phtml
+++ b/themes/bootstrap/templates/Recommend/SummonBestBets.phtml
@@ -3,7 +3,7 @@
<? foreach ($summonBestBets as $current): ?>
<p>
<? if (isset($current['link']) && !empty($current['link'])):?>
- <a href="<?=$this->escapeHtml($current['link'])?>"><?=$this->escapeHtml($current['title'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($current['link'])?>"><?=$this->escapeHtml($current['title'])?></a>
<? else: ?>
<b><?=$this->escapeHtml($current['title'])?></b>
<? endif; ?>
diff --git a/themes/bootstrap/templates/Recommend/SummonDatabases.phtml b/themes/bootstrap/templates/Recommend/SummonDatabases.phtml
index ab16b72a737..507840f253d 100644
--- a/themes/bootstrap/templates/Recommend/SummonDatabases.phtml
+++ b/themes/bootstrap/templates/Recommend/SummonDatabases.phtml
@@ -2,7 +2,7 @@
<div class="authorbox">
<p><?=$this->transEsc('summon_database_recommendations')?></p>
<? foreach ($summonDatabases as $current): ?>
- <p><a href="<?=$this->escapeHtml($current['link'])?>"><?=$this->escapeHtml($current['title'])?></a><br/><?=$this->escapeHtml($current['description'])?></p>
+ <p><a href="<?=$this->escapeHtmlAttr($current['link'])?>"><?=$this->escapeHtml($current['title'])?></a><br/><?=$this->escapeHtml($current['description'])?></p>
<? endforeach; ?>
</div>
<? endif; ?>
\ No newline at end of file
diff --git a/themes/bootstrap/templates/Recommend/SummonTopics.phtml b/themes/bootstrap/templates/Recommend/SummonTopics.phtml
index 15f4f809525..076c8895617 100644
--- a/themes/bootstrap/templates/Recommend/SummonTopics.phtml
+++ b/themes/bootstrap/templates/Recommend/SummonTopics.phtml
@@ -5,7 +5,7 @@
<p>
<a href="<?=$this->url('summon-search')?>?lookfor=%22<?=urlencode($summonTopics['title'])?>%22"><?=$this->escapeHtml($summonTopics['title'])?></a><br />
<? if (isset($summonTopics['snippet'])): ?><?=$this->escapeHtml($summonTopics['snippet'])?><? endif; ?>
- <? if (isset($summonTopics['sourceLink'])): ?><a href="<?=$this->escapeHtml($summonTopics['sourceLink'])?>"><?=$this->transEsc('more')?>...</a><? endif; ?>
+ <? if (isset($summonTopics['sourceLink'])): ?><a href="<?=$this->escapeHtmlAttr($summonTopics['sourceLink'])?>"><?=$this->transEsc('more')?>...</a><? endif; ?>
</p>
<? endif; ?>
<? if (isset($summonTopics['relatedTopics']) && !empty($summonTopics['relatedTopics'])): ?>
diff --git a/themes/bootstrap/templates/Recommend/WebResults.phtml b/themes/bootstrap/templates/Recommend/WebResults.phtml
index 768d72c22ee..701bd836951 100644
--- a/themes/bootstrap/templates/Recommend/WebResults.phtml
+++ b/themes/bootstrap/templates/Recommend/WebResults.phtml
@@ -5,7 +5,7 @@
<ul class="similar">
<? foreach ($results as $driver): ?>
<li>
- <a href="<?=$this->escapeHtml($driver->getUrl())?>" class="title"><?
+ <a href="<?=$this->escapeHtmlAttr($driver->getUrl())?>" class="title"><?
$summHighlightedTitle = $driver->getHighlightedTitle();
$summTitle = $driver->getTitle();
if (!empty($summHighlightedTitle)) {
diff --git a/themes/bootstrap/templates/RecordDriver/LibGuides/result-list.phtml b/themes/bootstrap/templates/RecordDriver/LibGuides/result-list.phtml
index 9be83a03236..d53aa37f708 100644
--- a/themes/bootstrap/templates/RecordDriver/LibGuides/result-list.phtml
+++ b/themes/bootstrap/templates/RecordDriver/LibGuides/result-list.phtml
@@ -3,7 +3,7 @@
?>
<div class="listentry span11 clearfix">
<div class="resultItemLine1">
- <a href="<?=$this->escapeHtml($url)?>" class="title"><?
+ <a href="<?=$this->escapeHtmlAttr($url)?>" class="title"><?
$summTitle = $this->driver->getTitle();
if (!empty($summTitle)) {
echo $this->escapeHtml($this->truncate($summTitle, 180));
diff --git a/themes/bootstrap/templates/RecordDriver/Pazpar2/result-list.phtml b/themes/bootstrap/templates/RecordDriver/Pazpar2/result-list.phtml
index bd7b9481240..de3859b15aa 100644
--- a/themes/bootstrap/templates/RecordDriver/Pazpar2/result-list.phtml
+++ b/themes/bootstrap/templates/RecordDriver/Pazpar2/result-list.phtml
@@ -1,8 +1,8 @@
-<div class="result source<?=$this->escapeHtml($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
+<div class="result source<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
<div class="span2">
<? if ($summThumb = $this->record($this->driver)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -90,7 +90,7 @@
<? if (!is_array($urls)) $urls = array();
if(!$this->driver->isCollection()):
foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><i class="icon-external-link"></i> <?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a><br/>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><i class="icon-external-link"></i> <?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a><br/>
<? endforeach; ?>
<? endif; ?>
<? endif; ?>
@@ -109,4 +109,4 @@
<div class="clear"></div>
</div>
-<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtml($openUrl).'"></span>':''?>
+<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtmlAttr($openUrl).'"></span>':''?>
diff --git a/themes/bootstrap/templates/RecordDriver/SolrDefault/collection-info.phtml b/themes/bootstrap/templates/RecordDriver/SolrDefault/collection-info.phtml
index 862ccfe203b..e51e887031d 100644
--- a/themes/bootstrap/templates/RecordDriver/SolrDefault/collection-info.phtml
+++ b/themes/bootstrap/templates/RecordDriver/SolrDefault/collection-info.phtml
@@ -5,8 +5,8 @@
<? /* Display thumbnail if appropriate: */ ?>
<? $mediumThumb = $this->record($this->driver)->getThumbnail('medium'); $largeThumb = $this->record($this->driver)->getThumbnail('large'); ?>
<? if ($mediumThumb): ?>
- <? if ($largeThumb): ?><a href="<?=$this->escapeHtml($largeThumb)?>"><? endif; ?>
- <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtml($mediumThumb);?>"/>
+ <? if ($largeThumb): ?><a href="<?=$this->escapeHtmlAttr($largeThumb)?>"><? endif; ?>
+ <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtmlAttr($mediumThumb);?>"/>
<? if ($largeThumb): ?></a><? endif; ?>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="recordcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
@@ -15,7 +15,7 @@
<? /* Display qrcode if appropriate: */ ?>
<? $QRCode = $this->record($this->driver)->getQRCode("core"); ?>
<? if($QRCode): ?>
- <br/><img alt="<?=$this->transEsc('QR Code')?>" class="qrcode" src="<?=$this->escapeHtml($QRCode);?>"/>
+ <br/><img alt="<?=$this->transEsc('QR Code')?>" class="qrcode" src="<?=$this->escapeHtmlAttr($QRCode);?>"/>
<? endif; ?>
</div>
@@ -140,7 +140,7 @@
<? $i = 0; foreach ($field as $subfield): ?>
<?=($i++ == 0) ? '' : ' > '?>
<? $subject = trim($subject . ' ' . $subfield); ?>
- <a title="<?=$this->escapeHtml($subject)?>" href="<?=$this->record($this->driver)->getLink('subject', $subject)?>" class="subjectHeading"><?=$this->escapeHtml($subfield)?></a>
+ <a title="<?=$this->escapeHtmlAttr($subject)?>" href="<?=$this->record($this->driver)->getLink('subject', $subject)?>" class="subjectHeading"><?=$this->escapeHtml($subfield)?></a>
<? endforeach; ?>
</div>
<? endforeach; ?>
@@ -158,7 +158,7 @@
<th><?=$this->transEsc('Online Access')?>: </th>
<td>
<? foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
<? endforeach; ?>
<? if ($openUrl): ?>
<?=$this->openUrl($openUrl)?><br/>
diff --git a/themes/bootstrap/templates/RecordDriver/SolrDefault/core.phtml b/themes/bootstrap/templates/RecordDriver/SolrDefault/core.phtml
index 39f92e5e1b5..5dc0c5a46ba 100644
--- a/themes/bootstrap/templates/RecordDriver/SolrDefault/core.phtml
+++ b/themes/bootstrap/templates/RecordDriver/SolrDefault/core.phtml
@@ -4,8 +4,8 @@
<? /* Display thumbnail if appropriate: */ ?>
<? $mediumThumb = $this->record($this->driver)->getThumbnail('medium'); $largeThumb = $this->record($this->driver)->getThumbnail('large'); ?>
<? if ($mediumThumb): ?>
- <? if ($largeThumb): ?><a href="<?=$this->escapeHtml($largeThumb)?>"><? endif; ?>
- <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtml($mediumThumb);?>"/>
+ <? if ($largeThumb): ?><a href="<?=$this->escapeHtmlAttr($largeThumb)?>"><? endif; ?>
+ <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtmlAttr($mediumThumb);?>"/>
<? if ($largeThumb): ?></a><? endif; ?>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="recordcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
@@ -15,7 +15,7 @@
<? $QRCode = $this->record($this->driver)->getQRCode("core"); ?>
<? if($QRCode): ?>
<span class="hidden-phone">
- <br/><img alt="<?=$this->transEsc('QR Code')?>" class="qrcode" src="<?=$this->escapeHtml($QRCode);?>"/>
+ <br/><img alt="<?=$this->transEsc('QR Code')?>" class="qrcode" src="<?=$this->escapeHtmlAttr($QRCode);?>"/>
</span>
<? endif; ?>
</div>
@@ -180,7 +180,7 @@
<? $i = 0; foreach ($field as $subfield): ?>
<?=($i++ == 0) ? '' : ' > '?>
<? $subject = trim($subject . ' ' . $subfield); ?>
- <a class="backlink" title="<?=$this->escapeHtml($subject)?>" href="<?=$this->record($this->driver)->getLink('subject', $subject)?>"><?=trim($this->escapeHtml($subfield))?></a>
+ <a class="backlink" title="<?=$this->escapeHtmlAttr($subject)?>" href="<?=$this->record($this->driver)->getLink('subject', $subject)?>"><?=trim($this->escapeHtml($subfield))?></a>
<? endforeach; ?>
</div>
<? endforeach; ?>
@@ -198,7 +198,7 @@
<th><?=$this->transEsc('Online Access')?>: </th>
<td>
<? foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
<? endforeach; ?>
<? if ($openUrl): ?>
<?=$this->openUrl($openUrl)?><br/>
diff --git a/themes/bootstrap/templates/RecordDriver/SolrDefault/list-entry.phtml b/themes/bootstrap/templates/RecordDriver/SolrDefault/list-entry.phtml
index c84f57f6e41..32a38969dbe 100644
--- a/themes/bootstrap/templates/RecordDriver/SolrDefault/list-entry.phtml
+++ b/themes/bootstrap/templates/RecordDriver/SolrDefault/list-entry.phtml
@@ -16,7 +16,7 @@
<div class="span2 text-center">
<a href="<?=$this->recordLink()->getUrl($this->driver)?>">
<? if ($summThumb = $this->record($this->driver)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -153,7 +153,7 @@
<? if (!is_array($urls)) { $urls = array(); }
if(!$this->driver->isCollection()):
foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><i class="icon-external-link"></i> <?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><i class="icon-external-link"></i> <?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
<? endforeach; ?>
<? endif; ?>
<? endif; ?>
@@ -181,11 +181,11 @@
<?=$this->transEsc('Delete') ?>
</a>
<ul class="dropdown-menu" role="menu" aria-labelledby="dLabel">
- <li><a onClick="$.post('<?=$deleteUrl?>', {'delete':'<?=$this->escapeHtml($id) ?>','source':'<?=$this->escapeHtml($source) ?>','confirm':true},function(){location.reload(true)})" title="<?=$this->transEsc('confirm_delete_brief')?>"><?=$this->transEsc('confirm_dialog_yes')?></a></li>
+ <li><a onClick="$.post('<?=$deleteUrl?>', {'delete':'<?=$this->escapeHtmlAttr($id) ?>','source':'<?=$this->escapeHtmlAttr($source) ?>','confirm':true},function(){location.reload(true)})" title="<?=$this->transEsc('confirm_delete_brief')?>"><?=$this->transEsc('confirm_dialog_yes')?></a></li>
<li><a><?=$this->transEsc('confirm_dialog_no')?></a></li>
</ul>
</div>
</div>
- <?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtml($openUrl).'"></span>':''?>
+ <?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtmlAttr($openUrl).'"></span>':''?>
</div>
diff --git a/themes/bootstrap/templates/RecordDriver/SolrDefault/result-grid.phtml b/themes/bootstrap/templates/RecordDriver/SolrDefault/result-grid.phtml
index bcd491f9867..39831f2f4e8 100644
--- a/themes/bootstrap/templates/RecordDriver/SolrDefault/result-grid.phtml
+++ b/themes/bootstrap/templates/RecordDriver/SolrDefault/result-grid.phtml
@@ -9,16 +9,16 @@ $urls = $this->record($this->driver)->getLinkDetails();
?>
<div class="result <?=$this->driver->supportsAjaxStatus()?' ajaxItem':''?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
<? if (!isset($this->hideCartControls) && $this->cart()->isActive()): ?>
<?=$this->record($this->driver)->getCheckbox() ?></br>
<? endif; ?>
<div class="text-center" style="margin:auto;max-width:70px">
<a href="<?=$this->recordLink()->getUrl($this->driver)?>">
<? if ($summThumb = $this->record($this->driver)->getThumbnail('large')): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
<? elseif ($summThumb = $this->record($this->driver)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -48,11 +48,11 @@ $urls = $this->record($this->driver)->getLinkDetails();
<? if ($this->driver->replaceURLsWithOpenURL()) $urls = array(); // clear URL list if replace setting is active ?>
<? endif; ?>
<? if (!is_array($urls)) $urls = array(); foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><i class="icon-external-link"></i> <?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><i class="icon-external-link"></i> <?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a>
<br/>
<? endforeach; ?>
<? endif; ?>
</div>
</div>
-<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtml($openUrl).'"></span>':''?>
+<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtmlAttr($openUrl).'"></span>':''?>
diff --git a/themes/bootstrap/templates/RecordDriver/SolrDefault/result-list.phtml b/themes/bootstrap/templates/RecordDriver/SolrDefault/result-list.phtml
index 426ceeb5f0a..2bb8d0abbf5 100644
--- a/themes/bootstrap/templates/RecordDriver/SolrDefault/result-list.phtml
+++ b/themes/bootstrap/templates/RecordDriver/SolrDefault/result-list.phtml
@@ -1,10 +1,10 @@
<div class="row-fluid <?=$this->driver->supportsAjaxStatus()?' ajaxItem':''?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" class="hiddenSource" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" class="hiddenSource" />
<div class="span2 left">
<a href="<?=$this->recordLink()->getUrl($this->driver)?>" class="title">
<? if ($summThumb = $this->record($this->driver)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -135,7 +135,7 @@
<? if (!is_array($urls)) $urls = array();
if(!$this->driver->isCollection()):
foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><i class="icon-external-link"></i> <?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a><br/>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>" class="fulltext" target="new"><i class="icon-external-link"></i> <?=($current['url'] == $current['desc']) ? $this->transEsc('Get full text') : $this->escapeHtml($current['desc'])?></a><br/>
<? endforeach; ?>
<? endif; ?>
<? endif; ?>
@@ -159,9 +159,9 @@
$this->jsTranslations()->addStrings(array('qrcode_hide' => 'qrcode_hide', 'qrcode_show' => 'qrcode_show'));
?>
<span class="hidden-phone">
- <i class="icon-qrcode"></i> <a href="<?=$this->escapeHtml($QRCode);?>" class="qrcodeLink"><?=$this->transEsc('qrcode_show')?></a>
+ <i class="icon-qrcode"></i> <a href="<?=$this->escapeHtmlAttr($QRCode);?>" class="qrcodeLink"><?=$this->transEsc('qrcode_show')?></a>
<div class="qrcode hide">
- <img alt="<?=$this->transEsc('QR Code')?>" class="img-polaroid" src="<?=$this->escapeHtml($QRCode);?>"/>
+ <img alt="<?=$this->transEsc('QR Code')?>" class="img-polaroid" src="<?=$this->escapeHtmlAttr($QRCode);?>"/>
</div><br/>
</span>
<? endif; ?>
@@ -180,7 +180,7 @@
<? $trees = $this->driver->tryMethod('getHierarchyTrees'); if (!empty($trees)): ?>
<? foreach ($trees as $hierarchyID => $hierarchyTitle): ?>
<div class="hierarchyTreeLink">
- <input type="hidden" value="<?=$this->escapeHtml($hierarchyID)?>" class="hiddenHierarchyId" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($hierarchyID)?>" class="hiddenHierarchyId" />
<i class="icon-sitemap"></i>
<a class="hierarchyTreeLinkText modal-link" href="<?=$this->recordLink()->getTabUrl($this->driver, 'HierarchyTree')?>?hierarchy=<?=urlencode($hierarchyID)?>#tabnav" title="<?=$this->transEsc('hierarchy_tree')?>">
<?=$this->transEsc('hierarchy_view_context')?><? if (count($trees) > 1): ?>: <?=$this->escapeHtml($hierarchyTitle)?><? endif; ?>
@@ -191,4 +191,4 @@
</div>
</div>
-<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtml($openUrl).'"></span>':''?>
+<?=$openUrl?'<span class="Z3988" title="'.$this->escapeHtmlAttr($openUrl).'"></span>':''?>
diff --git a/themes/bootstrap/templates/RecordDriver/SolrDefault/toolbar.phtml b/themes/bootstrap/templates/RecordDriver/SolrDefault/toolbar.phtml
index 4c185a5de33..a91e13ac37c 100644
--- a/themes/bootstrap/templates/RecordDriver/SolrDefault/toolbar.phtml
+++ b/themes/bootstrap/templates/RecordDriver/SolrDefault/toolbar.phtml
@@ -24,7 +24,7 @@
<a class="export-toggle dropdown-toggle" data-toggle="dropdown" href="<?=$this->recordLink()->getActionUrl($this->driver, 'Export')?>"><i class="icon-list-alt"></i> <?=$this->transEsc('Export Record') ?></a>
<ul class="dropdown-menu" role="menu">
<? foreach ($exportFormats as $exportFormat): ?>
- <li><a <? if ($this->export()->needsRedirect($exportFormat)): ?>target="<?=$this->escapeHtml($exportFormat)?>Main" <? endif; ?>href="<?=$this->recordLink()->getActionUrl($this->driver, 'Export')?>?style=<?=$this->escapeHtml($exportFormat)?>"><?=$this->transEsc('Export to')?> <?=$this->transEsc($exportFormat)?></a></li>
+ <li><a <? if ($this->export()->needsRedirect($exportFormat)): ?>target="<?=$this->escapeHtmlAttr($exportFormat)?>Main" <? endif; ?>href="<?=$this->recordLink()->getActionUrl($this->driver, 'Export')?>?style=<?=$this->escapeHtmlAttr($exportFormat)?>"><?=$this->transEsc('Export to')?> <?=$this->transEsc($exportFormat)?></a></li>
<? endforeach; ?>
</ul>
</li>
@@ -38,12 +38,12 @@
<? endif; ?>
<? if ($cart->isActive()): ?>
<li id="bookbag-menu">
- <input id="cartId" type="hidden" name="ids[]" value="<?=$this->escapeHtml($cartId)?>" />
+ <input id="cartId" type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($cartId)?>" />
<a id="cart-add" class="<? if(!$cart->contains($cartId)): ?>correct <? endif ?>hidden" href="#"><i class="icon-plus-sign"></i> <?=$this->transEsc('Add to Book Bag') ?></a>
<a id="cart-remove" class="<? if($cart->contains($cartId)): ?>correct <? endif ?>hidden" href="#"><i class="icon-minus-sign"></i> <?=$this->transEsc('Remove from Book Bag') ?></a>
<noscript>
<form method="post" name="addForm" action="<?=$this->url('cart-home')?>">
- <input type="hidden" name="ids[]" value="<?=$this->escapeHtml($cartId)?>" />
+ <input type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($cartId)?>" />
<? if ($cart->contains($cartId)): ?>
<input class="btn" type="submit" name="delete" value="<?=$this->transEsc('Remove from Book Bag')?>"/>
<? else: ?>
diff --git a/themes/bootstrap/templates/RecordDriver/SolrWeb/result-list.phtml b/themes/bootstrap/templates/RecordDriver/SolrWeb/result-list.phtml
index 41fea604a1a..132e6565d3f 100644
--- a/themes/bootstrap/templates/RecordDriver/SolrWeb/result-list.phtml
+++ b/themes/bootstrap/templates/RecordDriver/SolrWeb/result-list.phtml
@@ -3,7 +3,7 @@
?>
<div class="listentry span11 clearfix">
<div class="resultItemLine1">
- <a href="<?=$this->escapeHtml($url)?>" class="title"><?
+ <a href="<?=$this->escapeHtmlAttr($url)?>" class="title"><?
$summHighlightedTitle = $this->driver->getHighlightedTitle();
$summTitle = $this->driver->getTitle();
if (!empty($summHighlightedTitle)) {
diff --git a/themes/bootstrap/templates/RecordTab/hierarchytree.phtml b/themes/bootstrap/templates/RecordTab/hierarchytree.phtml
index 46b826d6821..d677bf40ded 100644
--- a/themes/bootstrap/templates/RecordTab/hierarchytree.phtml
+++ b/themes/bootstrap/templates/RecordTab/hierarchytree.phtml
@@ -47,8 +47,8 @@
<div id="treeSearchLimitReached" class="alert alert-error hide"><?=$this->transEsc('tree_search_limit_reached_html', array('%%url%%' => $this->url('search-results'), '%%limit%%' => $this->tab->getSearchLimit()))?></div>
<? endif; ?>
<div id="hierarchyTree" class="pad">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" class="hiddenRecordId" />
- <input type="hidden" value="<?=$this->escapeHtml($activeTree)?>" class="hiddenHierarchyId" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" class="hiddenRecordId" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($activeTree)?>" class="hiddenHierarchyId" />
<input type="hidden" value="<?=isset($this->treeContext) ? $this->treeContext : 'Record'?>" class="hiddenContext" />
<? if ($this->layout()->getTemplate() != 'layout/lightbox'): ?>
<noscript>
diff --git a/themes/bootstrap/templates/RecordTab/holdingsils.phtml b/themes/bootstrap/templates/RecordTab/holdingsils.phtml
index bf904736200..d9297d7010d 100644
--- a/themes/bootstrap/templates/RecordTab/holdingsils.phtml
+++ b/themes/bootstrap/templates/RecordTab/holdingsils.phtml
@@ -16,7 +16,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_holdings_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? endif; ?>
@@ -40,7 +40,7 @@
<h3><?=$this->transEsc("Internet")?></h3>
<? if (!empty($urls)): ?>
<? foreach ($urls as $current): ?>
- <a href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
+ <a href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a><br/>
<? endforeach; ?>
<? endif; ?>
<? if ($openUrl): ?><?=$this->openUrl($openUrl);?><? endif; ?>
@@ -115,13 +115,13 @@
<? endif; ?>
<? /* Embed item structured data: library, barcode, call number */ ?>
<? if ($row['location']): ?>
- <meta property="seller" content="<?=$this->escapeHtml($row['location'])?>" />
+ <meta property="seller" content="<?=$this->escapeHtmlAttr($row['location'])?>" />
<? endif; ?>
<? if ($row['barcode']): ?>
- <meta property="serialNumber" content="<?=$this->escapeHtml($row['barcode'])?>" />
+ <meta property="serialNumber" content="<?=$this->escapeHtmlAttr($row['barcode'])?>" />
<? endif; ?>
<? if ($row['callnumber']): ?>
- <meta property="sku" content="<?=$this->escapeHtml($row['callnumber'])?>" />
+ <meta property="sku" content="<?=$this->escapeHtmlAttr($row['callnumber'])?>" />
<? endif; ?>
<? /* Declare that the item is to be borrowed, not for sale */ ?>
<link property="businessFunction" href="http://purl.org/goodrelations/v1#LeaseOut" />
diff --git a/themes/bootstrap/templates/RecordTab/holdingsworldcat.phtml b/themes/bootstrap/templates/RecordTab/holdingsworldcat.phtml
index 2e8d3104c35..baf7d8bebc7 100644
--- a/themes/bootstrap/templates/RecordTab/holdingsworldcat.phtml
+++ b/themes/bootstrap/templates/RecordTab/holdingsworldcat.phtml
@@ -5,7 +5,7 @@
<tr>
<th colspan="2">
<? if (isset($holding->electronicAddress->text) && !empty($holding->electronicAddress->text)): ?>
- <a href="<?=$this->escapeHtml($holding->electronicAddress->text)?>"><?=$this->escapeHtml($holding->physicalLocation)?></a>
+ <a href="<?=$this->escapeHtmlAttr($holding->electronicAddress->text)?>"><?=$this->escapeHtml($holding->physicalLocation)?></a>
<? else: ?>
<?=$this->escapeHtml($holding->physicalLocation)?>
<? endif; ?>
diff --git a/themes/bootstrap/templates/RecordTab/reviews.phtml b/themes/bootstrap/templates/RecordTab/reviews.phtml
index 876bcfa52db..6ed98cb845e 100644
--- a/themes/bootstrap/templates/RecordTab/reviews.phtml
+++ b/themes/bootstrap/templates/RecordTab/reviews.phtml
@@ -26,7 +26,7 @@
<p class="summary">
<?=isset($review['Content']) ? $review['Content'] : ''?>
<? if ((!isset($review['Content']) || empty($review['Content'])) && isset($review['ReviewURL'])): ?>
- <a target="new" href="<?=$this->escapeHtml($review['ReviewURL'])?>"><?=$this->transEsc('Read the full review online...')?></a>
+ <a target="new" href="<?=$this->escapeHtmlAttr($review['ReviewURL'])?>"><?=$this->transEsc('Read the full review online...')?></a>
<? endif; ?>
</p>
<?=isset($review['Copyright']) ? $review['Copyright'] : ''?>
diff --git a/themes/bootstrap/templates/RecordTab/usercomments.phtml b/themes/bootstrap/templates/RecordTab/usercomments.phtml
index b9e08678cc4..e4640114ee5 100644
--- a/themes/bootstrap/templates/RecordTab/usercomments.phtml
+++ b/themes/bootstrap/templates/RecordTab/usercomments.phtml
@@ -17,6 +17,6 @@
<input class="btn" data-loading-text="Submitting..." type="submit" value="<?=$this->transEsc("Add your comment")?>"/>
</div>
</div>
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>"/>
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>"/>
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>"/>
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>"/>
</form>
diff --git a/themes/bootstrap/templates/admin/tags/checkbox.phtml b/themes/bootstrap/templates/admin/tags/checkbox.phtml
index bde8b4f84c1..4bd0d83f627 100644
--- a/themes/bootstrap/templates/admin/tags/checkbox.phtml
+++ b/themes/bootstrap/templates/admin/tags/checkbox.phtml
@@ -1,4 +1,4 @@
<label for="<?=$this->prefix?>checkbox_<?=$this->tag['id']?>" class="checkbox">
- <input id="<?=$this->prefix?>checkbox_<?=$this->tag['id']?>" type="checkbox" name="ids[]" value="<?=$this->escapeHtml($this->tag['id'])?>" class="checkbox_ui"/>
- <input type="hidden" name="idsAll[]" value="<?=$this->escapeHtml($this->tag['id'])?>" />
+ <input id="<?=$this->prefix?>checkbox_<?=$this->tag['id']?>" type="checkbox" name="ids[]" value="<?=$this->escapeHtmlAttr($this->tag['id'])?>" class="checkbox_ui"/>
+ <input type="hidden" name="idsAll[]" value="<?=$this->escapeHtmlAttr($this->tag['id'])?>" />
</label>
\ No newline at end of file
diff --git a/themes/bootstrap/templates/ajax/export-favorites.phtml b/themes/bootstrap/templates/ajax/export-favorites.phtml
index 0c43e660436..6ebf7207568 100644
--- a/themes/bootstrap/templates/ajax/export-favorites.phtml
+++ b/themes/bootstrap/templates/ajax/export-favorites.phtml
@@ -1,7 +1,7 @@
<div class="alert alert-info">
<div class="text-center">
<?=$this->transEsc('export_success'); ?> —
- <a class="btn btn-primary" href="<?=$this->escapeHtml($this->url)?>"<?=$this->export()->needsRedirect($this->format) ? ' target="_blank"' : ''?>><?=
+ <a class="btn btn-primary" href="<?=$this->escapeHtmlAttr($this->url)?>"<?=$this->export()->needsRedirect($this->format) ? ' target="_blank"' : ''?>><?=
$this->export()->needsRedirect($this->format)
? $this->transEsc('export_redirect', array('%%service%%' => $this->translate($this->format)))
: $this->transEsc('export_download')
diff --git a/themes/bootstrap/templates/ajax/resolverLinks.phtml b/themes/bootstrap/templates/ajax/resolverLinks.phtml
index 3f0f3f9622b..45e4b8176ae 100644
--- a/themes/bootstrap/templates/ajax/resolverLinks.phtml
+++ b/themes/bootstrap/templates/ajax/resolverLinks.phtml
@@ -6,7 +6,7 @@
<? foreach ($this->electronic as $link): ?>
<li>
<? if (isset($link['href']) && !empty($link['href'])): ?>
- <a href="<?=$this->escapeHtml($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtml($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
+ <a href="<?=$this->escapeHtmlAttr($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtmlAttr($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
<? else: ?>
<?=isset($link['title'])?$this->escapeHtml($link['title']):''?> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
<? endif; ?>
@@ -22,7 +22,7 @@
<? foreach ($this->print as $link): ?>
<li>
<? if (isset($link['href']) && !empty($link['href'])): ?>
- <a href="<?=$this->escapeHtml($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtml($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
+ <a href="<?=$this->escapeHtmlAttr($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtmlAttr($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
<? else: ?>
<?=isset($link['title'])?$this->escapeHtml($link['title']):''?> <?=isset($link['coverage'])?$this->escapeHtml($link['coverage']):''?>
<? endif; ?>
@@ -32,13 +32,13 @@
</div>
<? endif; ?>
<div class="openurls">
- <strong><a href="<?=$this->escapeHtml($this->openUrlBase)?>?<?=$this->escapeHtml($this->openUrl)?>"><?=$this->transEsc('More options')?></a></strong>
+ <strong><a href="<?=$this->escapeHtmlAttr($this->openUrlBase)?>?<?=$this->escapeHtmlAttr($this->openUrl)?>"><?=$this->transEsc('More options')?></a></strong>
<? if (!empty($this->services)): ?>
<ul>
<? foreach ($this->services as $link): ?>
<? if (isset($link['href']) && !empty($link['href'])): ?>
<li>
- <a href="<?=$this->escapeHtml($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtml($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a>
+ <a href="<?=$this->escapeHtmlAttr($link['href'])?>" title="<?=isset($link['service_type'])?$this->escapeHtmlAttr($link['service_type']):''?>"><?=isset($link['title'])?$this->escapeHtml($link['title']):''?></a>
</li>
<? endif; ?>
<? endforeach; ?>
diff --git a/themes/bootstrap/templates/ajax/resultgooglemapinfo.phtml b/themes/bootstrap/templates/ajax/resultgooglemapinfo.phtml
index 5d4a27fbc4c..d0dd116f96f 100644
--- a/themes/bootstrap/templates/ajax/resultgooglemapinfo.phtml
+++ b/themes/bootstrap/templates/ajax/resultgooglemapinfo.phtml
@@ -6,7 +6,7 @@
<? $i++; ?>
<div class="mapInfoResult <? if ($i % 2 == 0): ?>alt <? endif; ?>record<?=$i ?>">
<div class="mapInfoResultThumb">
- <? if ($thumb = $this->record($record)->getThumbnail()): ?><img class="mapInfoResultThumbImg" src="<?=$this->escapeHtml($thumb) ?>"/><? endif; ?>
+ <? if ($thumb = $this->record($record)->getThumbnail()): ?><img class="mapInfoResultThumbImg" src="<?=$this->escapeHtmlAttr($thumb) ?>"/><? endif; ?>
</div>
• <a href="<?=$this->recordLink()->getUrl($record)?>"><?=$record->getTitle() ?></a>
diff --git a/themes/bootstrap/templates/alphabrowse/home.phtml b/themes/bootstrap/templates/alphabrowse/home.phtml
index 3617a8da1dc..8d35c87f5ef 100644
--- a/themes/bootstrap/templates/alphabrowse/home.phtml
+++ b/themes/bootstrap/templates/alphabrowse/home.phtml
@@ -8,13 +8,13 @@
<? ob_start(); ?>
<ul class="pager">
<? if (isset($this->prevpage)): ?>
- <li><a href="<?=$this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->prevpage))))?>">« <?=$this->transEsc('Prev')?></a></li>
+ <li><a href="<?=$this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->prevpage))))?>">« <?=$this->transEsc('Prev')?></a></li>
<? else: ?>
<li class="disabled"><a href="#">« <?=$this->transEsc('Prev')?></a></li>
<? endif; ?>
<? if (isset($this->nextpage)): ?>
- <li><a href="<?=$this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->nextpage))))?>"><?=$this->transEsc('Next')?> »</a></li>
+ <li><a href="<?=$this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->nextpage))))?>"><?=$this->transEsc('Next')?> »</a></li>
<? else: ?>
<li class="disabled"><a href="#"><?=$this->transEsc('Next')?> »</a></li>
<? endif; ?>
@@ -28,11 +28,11 @@
<label for="alphaBrowseForm_source"><?=$this->transEsc('Browse Alphabetically') ?></label>
<select id="alphaBrowseForm_source" name="source">
<? foreach ($this->alphaBrowseTypes as $key => $item): ?>
- <option value="<?=$this->escapeHtml($key) ?>"<? if ($this->source == $key): ?> selected="selected"<? endif; ?>><?=$this->transEsc($item) ?></option>
+ <option value="<?=$this->escapeHtmlAttr($key) ?>"<? if ($this->source == $key): ?> selected="selected"<? endif; ?>><?=$this->transEsc($item) ?></option>
<? endforeach; ?>
</select>
<label for="alphaBrowseForm_from"><?=$this->transEsc('starting from') ?></label>
- <input type="text" name="from" id="alphaBrowseForm_from" value="<?=$this->escapeHtml($this->from) ?>"/>
+ <input type="text" name="from" id="alphaBrowseForm_from" value="<?=$this->escapeHtmlAttr($this->from) ?>"/>
<input class="btn" type="submit" value="<?=$this->transEsc('Browse') ?>"/>
</form>
</div>
@@ -53,7 +53,7 @@
<? else: ?>
<? $query = array('type' => ucwords($this->source) . 'Browse', 'lookfor' => '"' . addcslashes($item['heading'], '"') . '"'); ?>
<? endif; ?>
- <a class="span6" href="<?=$this->escapeHtml($this->url('search-results', array(), array('query' => $query)))?>"><?=$this->escapeHtml($item['heading'])?></a>
+ <a class="span6" href="<?=$this->escapeHtmlAttr($this->url('search-results', array(), array('query' => $query)))?>"><?=$this->escapeHtml($item['heading'])?></a>
<? else: ?>
<span class="span6"><?=$this->escapeHtml($item['heading'])?></span>
<? endif; ?>
@@ -78,7 +78,7 @@
<?=$this->transEsc('Use instead') ?>:
<ul>
<? foreach ($item['useInstead'] as $heading): ?>
- <li><a href="<?=$this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => array('from' => $heading) + $baseQuery)))?>"><?=$this->escapeHtml($heading)?></a></li>
+ <li><a href="<?=$this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => array('from' => $heading) + $baseQuery)))?>"><?=$this->escapeHtml($heading)?></a></li>
<? endforeach; ?>
</ul>
</div>
@@ -89,7 +89,7 @@
<?=$this->transEsc('See also') ?>:
<ul>
<? foreach ($item['seeAlso'] as $heading): ?>
- <li><a href="<?=$this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => array('from' => $heading) + $baseQuery)))?>"><?=$this->escapeHtml($heading)?></a></li>
+ <li><a href="<?=$this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => array('from' => $heading) + $baseQuery)))?>"><?=$this->escapeHtml($heading)?></a></li>
<? endforeach; ?>
</ul>
</div>
diff --git a/themes/bootstrap/templates/cart/email.phtml b/themes/bootstrap/templates/cart/email.phtml
index 97ce7bd4937..184779bc53f 100644
--- a/themes/bootstrap/templates/cart/email.phtml
+++ b/themes/bootstrap/templates/cart/email.phtml
@@ -10,7 +10,7 @@
<?=$this->flashmessages()?>
<form class="form-horizontal" action="<?=$this->url('cart-email')?>" method="post" name="bulkEmail">
<? foreach ($this->records as $current): ?>
- <input type="hidden" name="ids[]" value="<?=$this->escapeHtml($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
+ <input type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
<? endforeach; ?>
<div class="control-group">
<label class="control-label"><?=$this->transEsc('Title')?></label>
diff --git a/themes/bootstrap/templates/cart/export-success.phtml b/themes/bootstrap/templates/cart/export-success.phtml
index c9ce38ea271..913f259893c 100644
--- a/themes/bootstrap/templates/cart/export-success.phtml
+++ b/themes/bootstrap/templates/cart/export-success.phtml
@@ -1,4 +1,4 @@
<div class="text-center">
<?=$this->transEsc('export_success')?> —
- <a class="btn btn-primary" href="<?=$this->escapeHtml($this->url)?>"><?=$this->transEsc('export_download')?></a>
+ <a class="btn btn-primary" href="<?=$this->escapeHtmlAttr($this->url)?>"><?=$this->transEsc('export_download')?></a>
</div>
diff --git a/themes/bootstrap/templates/cart/export.phtml b/themes/bootstrap/templates/cart/export.phtml
index 73500ecceae..6171f8fca65 100644
--- a/themes/bootstrap/templates/cart/export.phtml
+++ b/themes/bootstrap/templates/cart/export.phtml
@@ -14,7 +14,7 @@
<? if (!empty($this->exportOptions)): ?>
<form class="form-inline" method="post" action="<?=$this->url('cart-export')?>" name="exportForm" title="<?=$this->transEsc('Export Items')?>">
<? foreach ($this->records as $current): ?>
- <input type="hidden" name="ids[]" value="<?=$this->escapeHtml($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
+ <input type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
<? endforeach; ?>
<div class="control-group">
<label class="control-label"><?=$this->transEsc('Title')?></label>
@@ -40,7 +40,7 @@
<div class="controls">
<select name="format" id="format">
<? foreach ($this->exportOptions as $exportOption): ?>
- <option value="<?=$this->escapeHtml($exportOption)?>"><?=$this->transEsc($exportOption)?></option>
+ <option value="<?=$this->escapeHtmlAttr($exportOption)?>"><?=$this->transEsc($exportOption)?></option>
<? endforeach; ?>
</select>
</div>
diff --git a/themes/bootstrap/templates/cart/save.phtml b/themes/bootstrap/templates/cart/save.phtml
index 99184f2358b..7a8585e5101 100644
--- a/themes/bootstrap/templates/cart/save.phtml
+++ b/themes/bootstrap/templates/cart/save.phtml
@@ -14,7 +14,7 @@
<? $idParams = array(); ?>
<? foreach ($this->records as $current): ?>
<? $idParams[] = urlencode('ids[]') . '=' . urlencode($current->getResourceSource() . '|' . $current->getUniqueId()) ?>
- <input type="hidden" name="ids[]" value="<?=$this->escapeHtml($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
+ <input type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($current->getResourceSource() . '|' . $current->getUniqueId())?>" />
<? endforeach; ?>
<div class="control-group">
<label class="control-label"><?=$this->transEsc('Title')?></label>
diff --git a/themes/bootstrap/templates/collection/view.phtml b/themes/bootstrap/templates/collection/view.phtml
index b7b0595e8aa..18664074a29 100644
--- a/themes/bootstrap/templates/collection/view.phtml
+++ b/themes/bootstrap/templates/collection/view.phtml
@@ -41,8 +41,8 @@
<div class="<?=$this->layoutClass('mainbody') ?>">
<div class="record">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" class="hiddenId" id="record_id" />
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" class="hiddenSource" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" class="hiddenId" id="record_id" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" class="hiddenSource" />
<?=$this->flashmessages()?>
<?=$this->record($this->driver)->getCollectionMetadata()?>
</div>
@@ -71,7 +71,7 @@
<?=isset($activeTabObj) ? $this->record($this->driver)->getTab($activeTabObj) : '' ?>
</div>
- <span class="Z3988" title="<?=$this->escapeHtml($this->driver->getOpenURL())?>"></span>
+ <span class="Z3988" title="<?=$this->escapeHtmlAttr($this->driver->getOpenURL())?>"></span>
</div>
<? if (isset($activeTabObj) && is_callable(array($activeTabObj, 'getSideRecommendations'))): ?>
diff --git a/themes/bootstrap/templates/collections/home.phtml b/themes/bootstrap/templates/collections/home.phtml
index cf6f7226ee5..e1502d5cb01 100644
--- a/themes/bootstrap/templates/collections/home.phtml
+++ b/themes/bootstrap/templates/collections/home.phtml
@@ -15,17 +15,17 @@
<form class="form-inline" method="GET" action="<?=$this->url('collections-home')?>">
<ul class="pager">
<? if (isset($prevpage)): ?>
- <li><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($from)?>&page=<?=urlencode($prevpage)?><?=$this->escapeHtml($filterString)?>">« <?=$this->transEsc('Prev')?></a></li>
+ <li><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($from)?>&page=<?=urlencode($prevpage)?><?=$this->escapeHtmlAttr($filterString)?>">« <?=$this->transEsc('Prev')?></a></li>
<? else: ?>
<li class="disabled"><a href="#">« <?=$this->transEsc('Prev')?></a></li>
<? endif; ?>
<? if (isset($nextpage)): ?>
- <li><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($from)?>&page=<?=urlencode($nextpage)?><?=$this->escapeHtml($filterString)?>"><?=$this->transEsc('Next')?> »</a></li>
+ <li><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($from)?>&page=<?=urlencode($nextpage)?><?=$this->escapeHtmlAttr($filterString)?>"><?=$this->transEsc('Next')?> »</a></li>
<? else: ?>
<li class="disabled"><a href="#"><?=$this->transEsc('Next')?> »</a></li>
<? endif; ?>
<input type="submit" class="btn" value="<?=$this->transEsc('Jump to')?>" />
- <input type="text" name="from" value="<?=$this->escapeHtml($from)?>" />
+ <input type="text" name="from" value="<?=$this->escapeHtmlAttr($from)?>" />
</ul>
</form>
<? $pageLinks = ob_get_contents(); ?>
@@ -46,8 +46,8 @@
}
}
?>
- <a href="<?=$this->escapeHtml($removalUrl)?>"><img src="<?=$this->imageLink('silk/delete.png')?>" alt="Delete"/></a>
- <a href="<?=$this->escapeHtml($removalUrl)?>"><?=$this->escapeHtml($filter['displayText'])?></a>
+ <a href="<?=$this->escapeHtmlAttr($removalUrl)?>"><img src="<?=$this->imageLink('silk/delete.png')?>" alt="Delete"/></a>
+ <a href="<?=$this->escapeHtmlAttr($removalUrl)?>"><?=$this->escapeHtml($filter['displayText'])?></a>
</li>
<? endforeach; ?>
</ul>
@@ -56,7 +56,7 @@
<div class="pagination pagination-centered pagination-small">
<ul>
<? foreach ($letters as $letter): ?>
- <li<? if($letter === $from): ?> class="active"<?endif?>><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($letter)?><?=$this->escapeHtml($filterString)?>"><?=$this->escapeHtml($letter)?></a></li>
+ <li<? if($letter === $from): ?> class="active"<?endif?>><a href="<?=$this->url('collections-home')?>?from=<?=urlencode($letter)?><?=$this->escapeHtmlAttr($filterString)?>"><?=$this->escapeHtml($letter)?></a></li>
<? endforeach; ?>
</ul>
</div>
diff --git a/themes/bootstrap/templates/confirm/confirm.phtml b/themes/bootstrap/templates/confirm/confirm.phtml
index 7a75187831b..899031ee3d6 100644
--- a/themes/bootstrap/templates/confirm/confirm.phtml
+++ b/themes/bootstrap/templates/confirm/confirm.phtml
@@ -5,21 +5,21 @@
<?=$this->flashmessages();?>
<div id="popupDetails" class="confirmDialog">
- <form class="pull-left pad" action="<?=$this->escapeHtml($this->confirm)?>" method="post">
+ <form class="pull-left pad" action="<?=$this->escapeHtmlAttr($this->confirm)?>" method="post">
<? if (isset($this->extras)): ?>
<? foreach ($this->extras as $extra=>$value): ?>
<? if (is_array($value)): ?>
<? foreach ($value as $current): ?>
- <input type="hidden" name="<?=$this->escapeHtml($extra) ?>[]" value="<?=$this->escapeHtml($current) ?>" />
+ <input type="hidden" name="<?=$this->escapeHtmlAttr($extra) ?>[]" value="<?=$this->escapeHtmlAttr($current) ?>" />
<? endforeach; ?>
<? else: ?>
- <input type="hidden" name="<?=$this->escapeHtml($extra) ?>" value="<?=$this->escapeHtml($value) ?>" />
+ <input type="hidden" name="<?=$this->escapeHtmlAttr($extra) ?>" value="<?=$this->escapeHtmlAttr($value) ?>" />
<? endif; ?>
<? endforeach; ?>
<? endif;?>
<input class="btn btn-primary" type="submit" name="confirm" value="<?=$this->transEsc('confirm_dialog_yes') ?>" />
</form>
- <form class="pad" action="<?=$this->escapeHtml($this->cancel) ?>" method="post">
+ <form class="pad" action="<?=$this->escapeHtmlAttr($this->cancel) ?>" method="post">
<input class="btn" type="submit" name="cancel" value="<?=$this->transEsc('confirm_dialog_no') ?>" />
</form>
<div class="clearer"></div>
diff --git a/themes/bootstrap/templates/error/index.phtml b/themes/bootstrap/templates/error/index.phtml
index 983b9e8b3b4..b919f4ee1b2 100644
--- a/themes/bootstrap/templates/error/index.phtml
+++ b/themes/bootstrap/templates/error/index.phtml
@@ -10,7 +10,7 @@
<p>
<?=$this->transEsc('Please contact the Library Reference Department for assistance')?>
<br/>
- <? $supportEmail = $this->escapeHtml($this->systememail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systememail()); ?>
<a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a>
</p>
</div>
diff --git a/themes/bootstrap/templates/error/unavailable.phtml b/themes/bootstrap/templates/error/unavailable.phtml
index d3b7f8291ea..c5599fd828f 100644
--- a/themes/bootstrap/templates/error/unavailable.phtml
+++ b/themes/bootstrap/templates/error/unavailable.phtml
@@ -16,7 +16,7 @@
<p>
<?=$this->transEsc('Please contact the Library Reference Department for assistance')?>
<br/>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a>
</p>
</div>
diff --git a/themes/bootstrap/templates/footer.phtml b/themes/bootstrap/templates/footer.phtml
index 43814aa689a..6f4ab4b6ae6 100644
--- a/themes/bootstrap/templates/footer.phtml
+++ b/themes/bootstrap/templates/footer.phtml
@@ -1,6 +1,6 @@
<? if ($mobileViewLink = $this->mobileUrl()): // display 'return to mobile' link when applicable ?>
<hr/>
- <div class="mobileViewLink"><a href="<?=$this->escapeHtml($mobileViewLink)?>"><?=$this->transEsc("mobile_link")?></a></div>
+ <div class="mobileViewLink"><a href="<?=$this->escapeHtmlAttr($mobileViewLink)?>"><?=$this->transEsc("mobile_link")?></a></div>
<? endif; ?>
<hr/>
<div class="span8 row-fluid small">
diff --git a/themes/bootstrap/templates/header.phtml b/themes/bootstrap/templates/header.phtml
index 7fbd146b1b8..3131990ddd0 100644
--- a/themes/bootstrap/templates/header.phtml
+++ b/themes/bootstrap/templates/header.phtml
@@ -38,7 +38,7 @@
<div class="controls">
<select onChange="document.themeForm.submit()" id="themeForm_ui" name="ui">
<? foreach ($this->layout()->themeOptions as $current): ?>
- <option value="<?=$this->escapeHtml($current['name'])?>"<?=$current['selected'] ? ' selected="selected"' : ''?>><?=$this->transEsc($current['desc'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($current['name'])?>"<?=$current['selected'] ? ' selected="selected"' : ''?>><?=$this->transEsc($current['desc'])?></option>
<? endforeach; ?>
</select>
<noscript><input type="submit" value="<?=$this->transEsc("Set")?>" /></noscript>
diff --git a/themes/bootstrap/templates/install/fixdatabase.phtml b/themes/bootstrap/templates/install/fixdatabase.phtml
index b0bbeca1e30..17a40bde9e0 100644
--- a/themes/bootstrap/templates/install/fixdatabase.phtml
+++ b/themes/bootstrap/templates/install/fixdatabase.phtml
@@ -23,13 +23,13 @@
<div class="control-group">
<label class="control-label" for="dbname">New database name:</label>
<div class="controls">
- <input type="text" name="dbname" value="<?=$this->escapeHtml($this->dbname)?>"/>
+ <input type="text" name="dbname" value="<?=$this->escapeHtmlAttr($this->dbname)?>"/>
</div>
</div>
<div class="control-group">
<label class="control-label" for="dbuser">New database user:</label>
<div class="controls">
- <input type="text" name="dbuser" value="<?=$this->escapeHtml($this->dbuser)?>"/>
+ <input type="text" name="dbuser" value="<?=$this->escapeHtmlAttr($this->dbuser)?>"/>
</div>
</div>
<div class="control-group">
@@ -47,13 +47,13 @@
<div class="control-group">
<label class="control-label" for="dbhost">SQL Host:</label>
<div class="controls">
- <input type="text" name="dbhost" value="<?=$this->escapeHtml($this->dbhost)?>"/>
+ <input type="text" name="dbhost" value="<?=$this->escapeHtmlAttr($this->dbhost)?>"/>
</div>
</div>
<div class="control-group">
<label class="control-label" for="dbrootuser">SQL Root User:</label>
<div class="controls">
- <input type="text" name="dbrootuser" value="<?=$this->escapeHtml($this->dbrootuser)?>"/>
+ <input type="text" name="dbrootuser" value="<?=$this->escapeHtmlAttr($this->dbrootuser)?>"/>
</div>
</div>
<div class="control-group">
diff --git a/themes/bootstrap/templates/install/fixils.phtml b/themes/bootstrap/templates/install/fixils.phtml
index c8a5f498755..b6e660ecdf2 100644
--- a/themes/bootstrap/templates/install/fixils.phtml
+++ b/themes/bootstrap/templates/install/fixils.phtml
@@ -17,7 +17,7 @@
<span class="help-inline">Pick a driver: </span>
<select name="driver">
<? foreach ($this->drivers as $driver): ?>
- <option value="<?=$this->escapeHtml($driver)?>"><?=$this->escapeHtml($driver)?></option>
+ <option value="<?=$this->escapeHtmlAttr($driver)?>"><?=$this->escapeHtml($driver)?></option>
<? endforeach; ?>
</select>
<input type="submit" class="btn"/>
diff --git a/themes/bootstrap/templates/install/fixsolr.phtml b/themes/bootstrap/templates/install/fixsolr.phtml
index 77ce73394de..dd1a9bf1c47 100644
--- a/themes/bootstrap/templates/install/fixsolr.phtml
+++ b/themes/bootstrap/templates/install/fixsolr.phtml
@@ -14,6 +14,6 @@
<ol>
<li>Did you start the Solr server? See <a href="http://vufind.org/wiki/starting_and_stopping_vufind">Starting and Stopping VuFind</a> in the documentation.</li>
- <li>Have you checked the Solr admin panel for errors? You may be able to find it <a href="<?=$this->escapeHtml($this->userUrl)?>">here</a>.</li>
+ <li>Have you checked the Solr admin panel for errors? You may be able to find it <a href="<?=$this->escapeHtmlAttr($this->userUrl)?>">here</a>.</li>
<li>Are you using non-default Solr settings? If your Solr URL is not <strong><?=$this->escapeHtml($this->rawUrl)?></strong> or your core name is not <strong><?=$this->escapeHtml($this->core)?></strong>, you will need to customize the [Index] section of <?=$this->escapeHtml($this->configFile)?>.</li>
</ol>
\ No newline at end of file
diff --git a/themes/bootstrap/templates/myresearch/bulk-action-buttons.phtml b/themes/bootstrap/templates/myresearch/bulk-action-buttons.phtml
index 1f6e0aa8a8a..7ad47fcc5a2 100644
--- a/themes/bootstrap/templates/myresearch/bulk-action-buttons.phtml
+++ b/themes/bootstrap/templates/myresearch/bulk-action-buttons.phtml
@@ -1,6 +1,6 @@
<? if (isset($list)): ?>
- <input type="hidden" name="listID" value="<?=$this->escapeHtml($list->id)?>" />
- <input type="hidden" name="listName" value="<?=$this->escapeHtml($list->title)?>" />
+ <input type="hidden" name="listID" value="<?=$this->escapeHtmlAttr($list->id)?>" />
+ <input type="hidden" name="listName" value="<?=$this->escapeHtmlAttr($list->title)?>" />
<? endif; ?>
<? $user = $this->auth()->isLoggedIn(); ?>
<label class="checkbox">
@@ -10,7 +10,7 @@
<span class="help-inline"><?=$this->transEsc('with_selected')?>: </span>
<input class="btn" type="submit" name="email" value="<?=$this->transEsc('Email')?>" title="<?=$this->transEsc('email_selected')?>"/>
<? if ((!is_null($this->list) && $this->list->editAllowed($user)) || is_null($this->list) && $user): ?>
- <input class="btn" id="<?=$this->idPrefix?>delete_list_items_<?=!is_null($this->list) ? $this->escapeHtml($this->list->id) : ''?>" type="submit" name="delete" value="<?=$this->transEsc('Delete')?>" title="<?=$this->transEsc('delete_selected')?>"/>
+ <input class="btn" id="<?=$this->idPrefix?>delete_list_items_<?=!is_null($this->list) ? $this->escapeHtmlAttr($this->list->id) : ''?>" type="submit" name="delete" value="<?=$this->transEsc('Delete')?>" title="<?=$this->transEsc('delete_selected')?>"/>
<? endif; ?>
<? $exportOptions = $this->export()->getBulkOptions(); if (count($exportOptions) > 0): ?>
<input class="btn" type="submit" name="export" value="<?=$this->transEsc('Export')?>" title="<?=$this->transEsc('export_selected')?>"/>
diff --git a/themes/bootstrap/templates/myresearch/cataloglogin.phtml b/themes/bootstrap/templates/myresearch/cataloglogin.phtml
index a7696183537..7fd08204c62 100644
--- a/themes/bootstrap/templates/myresearch/cataloglogin.phtml
+++ b/themes/bootstrap/templates/myresearch/cataloglogin.phtml
@@ -14,7 +14,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_login_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? else: ?>
diff --git a/themes/bootstrap/templates/myresearch/checkedout.phtml b/themes/bootstrap/templates/myresearch/checkedout.phtml
index ad869556e5b..a2a13c41ee6 100644
--- a/themes/bootstrap/templates/myresearch/checkedout.phtml
+++ b/themes/bootstrap/templates/myresearch/checkedout.phtml
@@ -23,17 +23,17 @@
<? $i = 0; foreach ($this->transactions as $resource): ?>
<hr/>
<? $ilsDetails = $resource->getExtraDetail('ils_details'); ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId())?>" class="row-fluid">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId())?>" class="row-fluid">
<? if ($this->renewForm): ?>
<? if (isset($ilsDetails['renewable']) && $ilsDetails['renewable'] && isset($ilsDetails['renew_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $ilsDetails['renew_details']); ?>
- <input class="pull-left" type="checkbox" name="renewSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['renew_details'])?>" id="checkbox_<?=$safeId?>" />
- <input class="pull-left" type="hidden" name="renewAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['renew_details'])?>" />
+ <input class="pull-left" type="checkbox" name="renewSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['renew_details'])?>" id="checkbox_<?=$safeId?>" />
+ <input class="pull-left" type="hidden" name="renewAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['renew_details'])?>" />
<? endif; ?>
<? endif; ?>
<div class="span2 text-center">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -112,7 +112,7 @@
<div class="alert alert-info"><?=$this->transEsc($ilsDetails['message'])?></div>
<? endif; ?>
<? if (isset($ilsDetails['renewable']) && $ilsDetails['renewable'] && isset($ilsDetails['renew_link'])): ?>
- <a href="<?=$this->escapeHtml($ilsDetails['renew_link'])?>"><?=$this->transEsc('renew_item')?></a>
+ <a href="<?=$this->escapeHtmlAttr($ilsDetails['renew_link'])?>"><?=$this->transEsc('renew_item')?></a>
<? endif; ?>
</div>
</div>
diff --git a/themes/bootstrap/templates/myresearch/delete.phtml b/themes/bootstrap/templates/myresearch/delete.phtml
index 97aa14b1dc2..d941570486d 100644
--- a/themes/bootstrap/templates/myresearch/delete.phtml
+++ b/themes/bootstrap/templates/myresearch/delete.phtml
@@ -15,8 +15,8 @@
<br />
<input class="submit" type="submit" name="submit" value="<?=$this->transEsc('Delete')?>"/>
<? foreach ($this->deleteIDS as $deleteID): ?>
- <input type="hidden" name="ids[]" value="<?=$this->escapeHtml($deleteID)?>" />
+ <input type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($deleteID)?>" />
<? endforeach; ?>
- <input type="hidden" name="listID" value="<?=$this->list?$this->escapeHtml($this->list->id):''?>" />
+ <input type="hidden" name="listID" value="<?=$this->list?$this->escapeHtmlAttr($this->list->id):''?>" />
</div>
</form>
\ No newline at end of file
diff --git a/themes/bootstrap/templates/myresearch/edit.phtml b/themes/bootstrap/templates/myresearch/edit.phtml
index e59b06f4382..89e6c439db3 100644
--- a/themes/bootstrap/templates/myresearch/edit.phtml
+++ b/themes/bootstrap/templates/myresearch/edit.phtml
@@ -24,13 +24,13 @@
<? else: ?>
<? foreach ($this->savedData as $i=>$current): ?>
<fieldset>
- <legend><a href="<?=$this->url('userList', array('id' => $current['listId'])) ?>?delete=<?=urlencode($this->driver->getUniqueId())?>&source=<?=urlencode($this->driver->getResourceSource())?>" id="<?=$this->escapeHtml($this->driver->getUniqueId())?>delete<?=$current['listId'] ?>" title="<?=$this->transEsc('confirm_delete')?>" class="text-error small"><i class="icon-remove-sign"></i></a> <?=$this->transEsc('List') ?>: <?=$this->escapeHtml($current['listTitle'])?></legend>
+ <legend><a href="<?=$this->url('userList', array('id' => $current['listId'])) ?>?delete=<?=urlencode($this->driver->getUniqueId())?>&source=<?=urlencode($this->driver->getResourceSource())?>" id="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>delete<?=$current['listId'] ?>" title="<?=$this->transEsc('confirm_delete')?>" class="text-error small"><i class="icon-remove-sign"></i></a> <?=$this->transEsc('List') ?>: <?=$this->escapeHtml($current['listTitle'])?></legend>
<input type="hidden" name="lists[]" value="<?=$current['listId'] ?>"/>
<? if ($this->usertags()->getMode() !== 'disabled'): ?>
<div class="control-group">
<label class="control-label" for="edit_tags<?=$current['listId'] ?>"><?=$this->transEsc('Tags') ?>:</label>
<div class="controls">
- <input class="input-xlarge" id="edit_tags<?=$current['listId'] ?>" type="text" name="tags<?=$current['listId'] ?>" value="<?=$this->escapeHtml($current['tags'])?>"/>
+ <input class="input-xlarge" id="edit_tags<?=$current['listId'] ?>" type="text" name="tags<?=$current['listId'] ?>" value="<?=$this->escapeHtmlAttr($current['tags'])?>"/>
<span class="help-block"><?=$this->transEsc("add_tag_note") ?></span>
</div>
</div>
diff --git a/themes/bootstrap/templates/myresearch/export.phtml b/themes/bootstrap/templates/myresearch/export.phtml
index 9e6cf105199..105dd9fed4e 100644
--- a/themes/bootstrap/templates/myresearch/export.phtml
+++ b/themes/bootstrap/templates/myresearch/export.phtml
@@ -14,22 +14,22 @@
<label for="format"><?=$this->transEsc('Format') ?>:</label>
<select id="format" name="format">
<? foreach ($exportOptions as $exportOption): ?>
- <option value="<?=$this->escapeHtml($exportOption) ?>"><?=$this->transEsc($exportOption) ?></option>
+ <option value="<?=$this->escapeHtmlAttr($exportOption) ?>"><?=$this->transEsc($exportOption) ?></option>
<? endforeach; ?>
</select>
<br />
<input class="button" type="submit" name="submit" value="<?=$this->transEsc('Export') ?>" />
<? foreach ($exportIDS as $exportID): ?>
- <input type="hidden" name="ids[]" value="<?=$this->escapeHtml($exportID) ?>" />
+ <input type="hidden" name="ids[]" value="<?=$this->escapeHtmlAttr($exportID) ?>" />
<? endforeach; ?>
<? if ($listID): ?>
- <input type="hidden" name="listID" value="<?=$this->escapeHtml($listID) ?>" />
+ <input type="hidden" name="listID" value="<?=$this->escapeHtmlAttr($listID) ?>" />
<? endif; ?>
<? if ($followupModule): ?>
- <input type="hidden" name="followupModule" value="<?=$this->escapeHtml($followupModule) ?>" />
+ <input type="hidden" name="followupModule" value="<?=$this->escapeHtmlAttr($followupModule) ?>" />
<? endif; ?>
<? if ($followupAction): ?>
- <input type="hidden" name="followupAction" value="<?=$this->escapeHtml($followupAction) ?>" />
+ <input type="hidden" name="followupAction" value="<?=$this->escapeHtmlAttr($followupAction) ?>" />
<? endif; ?>
<? endif; ?>
</div>
diff --git a/themes/bootstrap/templates/myresearch/holds.phtml b/themes/bootstrap/templates/myresearch/holds.phtml
index aec1acc47e3..c4d23474eb4 100644
--- a/themes/bootstrap/templates/myresearch/holds.phtml
+++ b/themes/bootstrap/templates/myresearch/holds.phtml
@@ -40,17 +40,17 @@
<hr/>
<? $iteration++; ?>
<? $ilsDetails = $resource->getExtraDetail('ils_details'); ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId()) ?>" class="row-fluid">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId()) ?>" class="row-fluid">
<? if ($this->cancelForm && isset($ilsDetails['cancel_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $resource->getUniqueId()); ?>
- <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" />
+ <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" />
<div class="pull-left">
- <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" id="checkbox_<?=$safeId?>" />
+ <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" id="checkbox_<?=$safeId?>" />
</div>
<? endif; ?>
<div class="span2 text-center">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -136,7 +136,7 @@
<p><strong><?=$this->transEsc("hold_queue_position") ?>:</strong> <?=$this->escapeHtml($ilsDetails['position']) ?></p>
<? endif; ?>
<? if (isset($ilsDetails['cancel_link'])): ?>
- <p><a href="<?=$this->escapeHtml($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("hold_cancel") ?></a></p>
+ <p><a href="<?=$this->escapeHtmlAttr($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("hold_cancel") ?></a></p>
<? endif; ?>
</div>
diff --git a/themes/bootstrap/templates/myresearch/illrequests.phtml b/themes/bootstrap/templates/myresearch/illrequests.phtml
index 45942a27b36..fd5227afae0 100644
--- a/themes/bootstrap/templates/myresearch/illrequests.phtml
+++ b/themes/bootstrap/templates/myresearch/illrequests.phtml
@@ -40,17 +40,17 @@
<hr/>
<? $iteration++; ?>
<? $ilsDetails = $resource->getExtraDetail('ils_details'); ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId()) ?>" class="row-fluid">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId()) ?>" class="row-fluid">
<? if ($this->cancelForm && isset($ilsDetails['cancel_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $resource->getUniqueId()); ?>
- <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" />
+ <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" />
<div class="pull-left">
- <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" id="checkbox_<?=$safeId?>" />
+ <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" id="checkbox_<?=$safeId?>" />
</div>
<? endif; ?>
<div class="span2 text-center">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -140,7 +140,7 @@
<div class="text-success"><?=$this->transEsc("ill_request_canceled") . (is_string($ilsDetails['canceled']) ? ': ' . $ilsDetails['canceled'] : '') ?></div>
<? endif; ?>
<? if (isset($ilsDetails['cancel_link'])): ?>
- <p><a href="<?=$this->escapeHtml($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("ill_request_cancel") ?></a></p>
+ <p><a href="<?=$this->escapeHtmlAttr($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("ill_request_cancel") ?></a></p>
<? endif; ?>
</div>
diff --git a/themes/bootstrap/templates/myresearch/login.phtml b/themes/bootstrap/templates/myresearch/login.phtml
index 1975088ed5a..3af103ced5d 100644
--- a/themes/bootstrap/templates/myresearch/login.phtml
+++ b/themes/bootstrap/templates/myresearch/login.phtml
@@ -17,7 +17,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_login_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? endif; ?>
diff --git a/themes/bootstrap/templates/myresearch/profile.phtml b/themes/bootstrap/templates/myresearch/profile.phtml
index 96dcb5cb94f..096127f9a8f 100644
--- a/themes/bootstrap/templates/myresearch/profile.phtml
+++ b/themes/bootstrap/templates/myresearch/profile.phtml
@@ -36,7 +36,7 @@
<form id="profile_form" class="form-inline" action="" method="post">
<select id="home_library" name="home_library">
<? foreach ($this->pickup as $lib): ?>
- <option value="<?=$this->escapeHtml($lib['locationID'])?>"<?=($selected == $lib['locationID'])?' selected="selected"':''?>><?=$this->escapeHtml($lib['locationDisplay'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($lib['locationID'])?>"<?=($selected == $lib['locationID'])?' selected="selected"':''?>><?=$this->escapeHtml($lib['locationDisplay'])?></option>
<? endforeach; ?>
</select>
<input class="btn" type="submit" value="<?=$this->transEsc('Save')?>" />
diff --git a/themes/bootstrap/templates/myresearch/storageretrievalrequests.phtml b/themes/bootstrap/templates/myresearch/storageretrievalrequests.phtml
index 48708c7156b..5d289cf63b6 100644
--- a/themes/bootstrap/templates/myresearch/storageretrievalrequests.phtml
+++ b/themes/bootstrap/templates/myresearch/storageretrievalrequests.phtml
@@ -40,17 +40,17 @@
<hr/>
<? $iteration++; ?>
<? $ilsDetails = $resource->getExtraDetail('ils_details'); ?>
- <div id="record<?=$this->escapeHtml($resource->getUniqueId()) ?>" class="row-fluid">
+ <div id="record<?=$this->escapeHtmlAttr($resource->getUniqueId()) ?>" class="row-fluid">
<? if ($this->cancelForm && isset($ilsDetails['cancel_details'])): ?>
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $resource->getUniqueId()); ?>
- <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" />
+ <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" />
<div class="pull-left">
- <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" id="checkbox_<?=$safeId?>" />
+ <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" id="checkbox_<?=$safeId?>" />
</div>
<? endif; ?>
<div class="span2 text-center">
<? if ($summThumb = $this->record($resource)->getThumbnail()): ?>
- <img src="<?=$this->escapeHtml($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
+ <img src="<?=$this->escapeHtmlAttr($summThumb)?>" class="summcover" alt="<?=$this->transEsc('Cover Image')?>"/>
<? else: ?>
<img src="<?=$this->url('cover-unavailable')?>" class="summcover" alt="<?=$this->transEsc('No Cover Image')?>"/>
<? endif; ?>
@@ -137,7 +137,7 @@
<div class="text-success"><?=$this->transEsc("storage_retrieval_request_canceled") . (is_string($ilsDetails['canceled']) ? ': ' . $ilsDetails['canceled'] : '') ?></div>
<? endif; ?>
<? if (isset($ilsDetails['cancel_link'])): ?>
- <p><a href="<?=$this->escapeHtml($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("storage_retrieval_request_cancel") ?></a></p>
+ <p><a href="<?=$this->escapeHtmlAttr($ilsDetails['cancel_link']) ?>"><?=$this->transEsc("storage_retrieval_request_cancel") ?></a></p>
<? endif; ?>
</div>
diff --git a/themes/bootstrap/templates/primo/advanced.phtml b/themes/bootstrap/templates/primo/advanced.phtml
index 2d873f3529b..75365c8dc23 100644
--- a/themes/bootstrap/templates/primo/advanced.phtml
+++ b/themes/bootstrap/templates/primo/advanced.phtml
@@ -51,15 +51,15 @@
<div class="row-fluid">
<select id="search_type<?=$i?>_<?=$j?>" name="type<?=$i?>[]" class="span3">
<? foreach ($this->options->getAdvancedHandlers() as $searchVal => $searchDesc): ?>
- <option value="<?=$this->escapeHtml($searchVal)?>"<?=($currRow && $currRow->getHandler() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
+ <option value="<?=$this->escapeHtmlAttr($searchVal)?>"<?=($currRow && $currRow->getHandler() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
<? endforeach; ?>
</select>
<select name="op<?=$i?>[]" id="searchForm_op<?=$i?>_<?=$j?>" class="span3">
<? foreach ($this->options->getAdvancedOperators() as $searchVal => $searchDesc): ?>
- <option value="<?=$this->escapeHtml($searchVal)?>"<?=($currRow && $currRow->getOperator() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
+ <option value="<?=$this->escapeHtmlAttr($searchVal)?>"<?=($currRow && $currRow->getOperator() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
<? endforeach; ?>
</select>
- <input id="search_lookfor<?=$i?>_<?=$j?>" type="text" value="<?=$currRow?$this->escapeHtml($currRow->getString()):''?>" size="30" name="lookfor<?=$i?>[]" class="span6"/>
+ <input id="search_lookfor<?=$i?>_<?=$j?>" type="text" value="<?=$currRow?$this->escapeHtmlAttr($currRow->getString()):''?>" size="30" name="lookfor<?=$i?>[]" class="span6"/>
</div>
<? endfor; ?>
</div>
@@ -68,7 +68,7 @@
</div>
<? $lastSort = $this->options->getLastSort(); ?>
<? if (!empty($lastSort)): ?>
- <input type="hidden" name="sort" value="<?=$this->escapeHtml($lastSort)?>" />
+ <input type="hidden" name="sort" value="<?=$this->escapeHtmlAttr($lastSort)?>" />
<? endif; ?>
<input type="submit" class="btn btn-primary" name="submit" value="<?=$this->transEsc("Find")?>"/>
</div>
@@ -82,7 +82,7 @@
<h4><?=$this->transEsc($field)?></h4>
<ul>
<? foreach ($data as $value): ?>
- <li><input type="checkbox" checked="checked" name="filter[]" value='<?=$this->escapeHtml($value['field'])?>:"<?=$this->escapeHtml($value['value'])?>"' /> <?=$this->escapeHtml($value['displayText'])?></li>
+ <li><input type="checkbox" checked="checked" name="filter[]" value='<?=$this->escapeHtmlAttr($value['field'])?>:"<?=$this->escapeHtmlAttr($value['value'])?>"' /> <?=$this->escapeHtml($value['displayText'])?></li>
<? endforeach; ?>
</ul>
</div>
diff --git a/themes/bootstrap/templates/record/addtag.phtml b/themes/bootstrap/templates/record/addtag.phtml
index ef7ab57be1b..e9dafd49dba 100644
--- a/themes/bootstrap/templates/record/addtag.phtml
+++ b/themes/bootstrap/templates/record/addtag.phtml
@@ -10,8 +10,8 @@
<div class="record">
<form action="" method="post" name="tagRecord" class="form-horizontal">
<input type="hidden" name="submit" value="1" />
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<div class="control-group">
<label class="control-label" for="addtag_tag"><?=$this->transEsc("Tags")?>:</label>
<div class="controls">
diff --git a/themes/bootstrap/templates/record/email.phtml b/themes/bootstrap/templates/record/email.phtml
index 66bf7547be0..54e798e56c8 100644
--- a/themes/bootstrap/templates/record/email.phtml
+++ b/themes/bootstrap/templates/record/email.phtml
@@ -9,8 +9,8 @@
?>
<?=$this->flashmessages()?>
<form class="form-horizontal" action="" method="post" name="emailRecord">
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<div class="control-group">
<label class="control-label" for="email_to"><?=$this->transEsc('To')?>:</label>
<div class="controls">
diff --git a/themes/bootstrap/templates/record/hold.phtml b/themes/bootstrap/templates/record/hold.phtml
index 71f4fd13c93..fd9f3a9d818 100644
--- a/themes/bootstrap/templates/record/hold.phtml
+++ b/themes/bootstrap/templates/record/hold.phtml
@@ -29,7 +29,7 @@
<div class="control-group">
<label class="control-label"><?=$this->transEsc("hold_required_by")?>:</label>
<div class="controls">
- <input id="requiredByDate" type="text" name="gatheredDetails[requiredBy]" value="<?=(isset($this->gatheredDetails['requiredBy']) && !empty($this->gatheredDetails['requiredBy'])) ? $this->escapeHtml($this->gatheredDetails['requiredBy']) : $this->escapeHtml($this->defaultRequiredDate)?>" size="8" />
+ <input id="requiredByDate" type="text" name="gatheredDetails[requiredBy]" value="<?=(isset($this->gatheredDetails['requiredBy']) && !empty($this->gatheredDetails['requiredBy'])) ? $this->escapeHtmlAttr($this->gatheredDetails['requiredBy']) : $this->escapeHtmlAttr($this->defaultRequiredDate)?>" size="8" />
(<?=$this->dateTime()->getDisplayDateFormat()?>)
</div>
</div>
@@ -57,7 +57,7 @@
</option>
<? endif; ?>
<? foreach ($this->requestGroups as $group): ?>
- <option value="<?=$this->escapeHtml($group['id'])?>"<?=($selected == $group['id']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($group['id'])?>"<?=($selected == $group['id']) ? ' selected="selected"' : ''?>>
<?=$this->escapeHtml($group['name'])?>
</option>
<? endforeach; ?>
@@ -84,7 +84,7 @@
<? endif; ?>
</label>
<div class="controls">
- <select id="pickUpLocation" name="gatheredDetails[pickUpLocation]" data-default="<?=$this->escapeHtml($selected)?>">
+ <select id="pickUpLocation" name="gatheredDetails[pickUpLocation]" data-default="<?=$this->escapeHtmlAttr($selected)?>">
<? if ($selected === false): ?>
<option value="" selected="selected">
<?=$this->transEsc('select_pickup_location')?>
@@ -104,7 +104,7 @@
</option>
<? endif; ?>
<? foreach ($this->pickup as $lib): ?>
- <option value="<?=$this->escapeHtml($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
<?=$this->escapeHtml($lib['locationDisplay'])?>
</option>
<? endforeach; ?>
@@ -112,7 +112,7 @@
</div>
</div>
<? else: ?>
- <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtml($this->defaultPickup)?>" />
+ <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtmlAttr($this->defaultPickup)?>" />
<? endif; ?>
<? endif; ?>
<div class="control-group">
diff --git a/themes/bootstrap/templates/record/illrequest.phtml b/themes/bootstrap/templates/record/illrequest.phtml
index 374d04da488..be523efc6e0 100644
--- a/themes/bootstrap/templates/record/illrequest.phtml
+++ b/themes/bootstrap/templates/record/illrequest.phtml
@@ -22,7 +22,7 @@
<div class="controls">
<select id="itemId" name="gatheredDetails[itemId]">
<? foreach ($this->items as $item): ?>
- <option value="<?=$this->escapeHtml($item['id'])?>"<?=($this->gatheredDetails['itemId'] == $item['id']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($item['id'])?>"<?=($this->gatheredDetails['itemId'] == $item['id']) ? ' selected="selected"' : ''?>>
<?=$this->escapeHtml($item['name'])?>
</option>
<? endforeach; ?>
@@ -45,7 +45,7 @@
<div class="controls">
<select id="pickupLibrary" name="gatheredDetails[pickUpLibrary]">
<? foreach ($this->pickupLibraries as $lib): ?>
- <option value="<?=$this->escapeHtml($lib['id'])?>"<?=(($selected === false && isset($lib['isDefault']) && $lib['isDefault']) || $selected === $lib['id']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($lib['id'])?>"<?=(($selected === false && isset($lib['isDefault']) && $lib['isDefault']) || $selected === $lib['id']) ? ' selected="selected"' : ''?>>
<?=$this->transEsc('library_' . $lib['name'], null, $lib['name'])?>
</option>
<? endforeach; ?>
@@ -81,7 +81,7 @@
<div class="controls">
<select name="gatheredDetails[pickUpLocation]">
<? foreach ($this->pickup as $lib): ?>
- <option value="<?=$this->escapeHtml($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
<?=$this->escapeHtml($lib['locationDisplay'])?>
</option>
<? endforeach; ?>
@@ -89,7 +89,7 @@
</div>
</div>
<? else: ?>
- <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtml($this->defaultPickup)?>" />
+ <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtmlAttr($this->defaultPickup)?>" />
<? endif; ?>
<? endif; ?>
@@ -97,7 +97,7 @@
<div class="control-group">
<label class="control-label"><?=$this->transEsc("hold_required_by")?>:</label>
<div class="controls">
- <input id="requiredByDate" type="text" name="gatheredDetails[requiredBy]" value="<?=(isset($this->gatheredDetails['requiredBy']) && !empty($this->gatheredDetails['requiredBy'])) ? $this->escapeHtml($this->gatheredDetails['requiredBy']) : $this->escapeHtml($this->defaultRequiredDate)?>" size="8" />
+ <input id="requiredByDate" type="text" name="gatheredDetails[requiredBy]" value="<?=(isset($this->gatheredDetails['requiredBy']) && !empty($this->gatheredDetails['requiredBy'])) ? $this->escapeHtmlAttr($this->gatheredDetails['requiredBy']) : $this->escapeHtmlAttr($this->defaultRequiredDate)?>" size="8" />
(<?=$this->dateTime()->getDisplayDateFormat()?>)
</div>
</div>
diff --git a/themes/bootstrap/templates/record/save.phtml b/themes/bootstrap/templates/record/save.phtml
index b5fe7072f36..904e9083e05 100644
--- a/themes/bootstrap/templates/record/save.phtml
+++ b/themes/bootstrap/templates/record/save.phtml
@@ -9,8 +9,8 @@
<h2><?=$this->transEsc("add_favorite_prefix") ?> <?=$this->escapeHtml($this->driver->getBreadcrumb())?> <?=$this->transEsc("add_favorite_suffix") ?></h2>
<form id="edit-save-form" class="form-horizontal" method="post" action="<?=$this->recordLink()->getActionUrl($this->driver, 'Save')?>" name="saveRecord">
<input type="hidden" name="submit" value="1" />
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId()) ?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId()) ?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<? if (!empty($this->containingLists)): ?>
<p><?=$this->transEsc('This item is already part of the following list/lists') ?>:
<? foreach ($this->containingLists as $i=>$list): ?>
diff --git a/themes/bootstrap/templates/record/sms.phtml b/themes/bootstrap/templates/record/sms.phtml
index cd809d843f3..6a9fef0d25a 100644
--- a/themes/bootstrap/templates/record/sms.phtml
+++ b/themes/bootstrap/templates/record/sms.phtml
@@ -13,8 +13,8 @@
?>
<?=$this->flashmessages()?>
<form method="post" action="" name="smsRecord" class="form-horizontal">
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<div class="control-group">
<label class="control-label" for="sms_to"><?=$this->transEsc('Number')?>:</label>
<div class="controls">
@@ -28,7 +28,7 @@
<select id="sms_provider" name="provider">
<option selected="selected" value=""><?=$this->transEsc('Select your carrier')?></option>
<? foreach ($this->carriers as $val => $details): ?>
- <option value="<?=$this->escapeHtml($val)?>"><?=$this->escapeHtml($details['name'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($val)?>"><?=$this->escapeHtml($details['name'])?></option>
<? endforeach; ?>
</select>
</div>
diff --git a/themes/bootstrap/templates/record/storageretrievalrequest.phtml b/themes/bootstrap/templates/record/storageretrievalrequest.phtml
index 04d674b045c..e94cd082628 100644
--- a/themes/bootstrap/templates/record/storageretrievalrequest.phtml
+++ b/themes/bootstrap/templates/record/storageretrievalrequest.phtml
@@ -31,15 +31,15 @@
<div id="storageRetrievalRequestReference" class="storageRetrievalRequestReference">
<label class="control-label"><?=$this->transEsc('storage_retrieval_request_volume')?>:</label>
<div class="controls">
- <input type="text" name="gatheredDetails[volume]" value="<?=isset($this->gatheredDetails['volume']) ? $this->escapeHtml($this->gatheredDetails['volume']) : ''?>"></input><br/>
+ <input type="text" name="gatheredDetails[volume]" value="<?=isset($this->gatheredDetails['volume']) ? $this->escapeHtmlAttr($this->gatheredDetails['volume']) : ''?>"></input><br/>
</div>
<label class="control-label"><?=$this->transEsc('storage_retrieval_request_issue')?>:</label>
<div class="controls">
- <input type="text" name="gatheredDetails[issue]" value="<?=isset($this->gatheredDetails['issue']) ? $this->escapeHtml($this->gatheredDetails['issue']) : ''?>"></input><br/>
+ <input type="text" name="gatheredDetails[issue]" value="<?=isset($this->gatheredDetails['issue']) ? $this->escapeHtmlAttr($this->gatheredDetails['issue']) : ''?>"></input><br/>
</div>
<label class="control-label"><?=$this->transEsc('storage_retrieval_request_year')?>:</label>
<div class="controls">
- <input type="text" name="gatheredDetails[year]" value="<?=isset($this->gatheredDetails['year']) ? $this->escapeHtml($this->gatheredDetails['year']) : ''?>"></input><br/>
+ <input type="text" name="gatheredDetails[year]" value="<?=isset($this->gatheredDetails['year']) ? $this->escapeHtmlAttr($this->gatheredDetails['year']) : ''?>"></input><br/>
</div>
</div>
</div>
@@ -49,7 +49,7 @@
<div class="control-group">
<label class="control-label"><?=$this->transEsc("hold_required_by")?>:</label>
<div class="controls">
- <input id="requiredByDate" type="text" name="gatheredDetails[requiredBy]" value="<?=(isset($this->gatheredDetails['requiredBy']) && !empty($this->gatheredDetails['requiredBy'])) ? $this->escapeHtml($this->gatheredDetails['requiredBy']) : $this->escapeHtml($this->defaultRequiredDate)?>" size="8" />
+ <input id="requiredByDate" type="text" name="gatheredDetails[requiredBy]" value="<?=(isset($this->gatheredDetails['requiredBy']) && !empty($this->gatheredDetails['requiredBy'])) ? $this->escapeHtmlAttr($this->gatheredDetails['requiredBy']) : $this->escapeHtmlAttr($this->defaultRequiredDate)?>" size="8" />
(<?=$this->dateTime()->getDisplayDateFormat()?>)
</div>
</div>
@@ -76,7 +76,7 @@
</option>
<? endif; ?>
<? foreach ($this->pickup as $lib): ?>
- <option value="<?=$this->escapeHtml($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
<?=$this->escapeHtml($lib['locationDisplay'])?>
</option>
<? endforeach; ?>
@@ -84,7 +84,7 @@
</div>
</div>
<? else: ?>
- <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtml($this->defaultPickup)?>" />
+ <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtmlAttr($this->defaultPickup)?>" />
<? endif; ?>
<? endif; ?>
diff --git a/themes/bootstrap/templates/record/view.phtml b/themes/bootstrap/templates/record/view.phtml
index 1b43a07fbdf..d63bb388a4d 100644
--- a/themes/bootstrap/templates/record/view.phtml
+++ b/themes/bootstrap/templates/record/view.phtml
@@ -37,9 +37,9 @@
<?=$this->record($this->driver)->getToolbar()?>
<div class="<?=$this->layoutClass('mainbody')?>">
- <div class="record recordId source<?=$this->escapeHtml($this->driver->getResourceSource())?>" id="record">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" class="hiddenId" id="record_id" />
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getResourceSource()) ?>" class="hiddenSource" />
+ <div class="record recordId source<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" id="record">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" class="hiddenId" id="record_id" />
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource()) ?>" class="hiddenSource" />
<?=$this->flashmessages()?>
<?=$this->record($this->driver)->getCoreMetadata()?>
</div>
@@ -67,7 +67,7 @@
<?=isset($activeTabObj) ? $this->record($this->driver)->getTab($activeTabObj) : '' ?>
</div>
- <span class="Z3988" title="<?=$this->escapeHtml($this->driver->getOpenURL())?>"></span>
+ <span class="Z3988" title="<?=$this->escapeHtmlAttr($this->driver->getOpenURL())?>"></span>
</div>
<div class="<?=$this->layoutClass('sidebar')?>">
diff --git a/themes/bootstrap/templates/search/advanced/checkbox-filters.phtml b/themes/bootstrap/templates/search/advanced/checkbox-filters.phtml
index 6199246a8c7..5cd4cbe30e9 100644
--- a/themes/bootstrap/templates/search/advanced/checkbox-filters.phtml
+++ b/themes/bootstrap/templates/search/advanced/checkbox-filters.phtml
@@ -2,7 +2,7 @@
<fieldset class="checkboxFilter">
<? foreach ($this->checkboxFacets as $current): ?>
<label class="checkbox">
- <input type="checkbox" name="filter[]" value="<?=$this->escapeHtml($current['filter'])?>" id="<?=$this->escapeHtml(str_replace(' ', '', $current['desc']))?>"<? if ($current['selected']): ?> checked="checked"<? endif; ?>/>
+ <input type="checkbox" name="filter[]" value="<?=$this->escapeHtmlAttr($current['filter'])?>" id="<?=$this->escapeHtmlAttr(str_replace(' ', '', $current['desc']))?>"<? if ($current['selected']): ?> checked="checked"<? endif; ?>/>
<?=$this->transEsc($current['desc'])?>
</label>
<? endforeach; ?>
diff --git a/themes/bootstrap/templates/search/advanced/limit.phtml b/themes/bootstrap/templates/search/advanced/limit.phtml
index 35dcc457892..aff3d1932c8 100644
--- a/themes/bootstrap/templates/search/advanced/limit.phtml
+++ b/themes/bootstrap/templates/search/advanced/limit.phtml
@@ -11,7 +11,7 @@
<legend><?=$this->transEsc('Results per page')?></legend>
<select id="limit" name="limit">
<? foreach ($limitList as $limitVal): ?>
- <option value="<?=$this->escapeHtml($limitVal)?>"<?=($limitVal == $defaultLimit) ? 'selected="selected"' : ''?>><?=$this->escapeHtml($limitVal)?></option>
+ <option value="<?=$this->escapeHtmlAttr($limitVal)?>"<?=($limitVal == $defaultLimit) ? 'selected="selected"' : ''?>><?=$this->escapeHtml($limitVal)?></option>
<? endforeach; ?>
</select>
</fieldset>
diff --git a/themes/bootstrap/templates/search/advanced/ranges.phtml b/themes/bootstrap/templates/search/advanced/ranges.phtml
index 6dee945bbf2..8401aa07c6e 100644
--- a/themes/bootstrap/templates/search/advanced/ranges.phtml
+++ b/themes/bootstrap/templates/search/advanced/ranges.phtml
@@ -1,13 +1,13 @@
<? if (isset($this->ranges) && !empty($this->ranges)): ?>
<? $params = $this->searchParams($this->searchClassId); $params->activateAllFacets(); ?>
- <? foreach ($this->ranges as $current): $escField = $this->escapeHtml($current['field']); ?>
+ <? foreach ($this->ranges as $current): $escField = $this->escapeHtmlAttr($current['field']); ?>
<fieldset class="span4 text-center">
<legend class="text-left"><?=$this->transEsc($params->getFacetLabel($current['field']))?></legend>
- <input type="hidden" name="<?=$this->escapeHtml($current['type'])?>range[]" value="<?=$escField?>"/>
+ <input type="hidden" name="<?=$this->escapeHtmlAttr($current['type'])?>range[]" value="<?=$escField?>"/>
<label for="<?=$escField?>from"><?=$this->transEsc('date_from')?>:</label>
- <input type="text" maxlength="4" class="yearbox span4" name="<?=$escField?>from" id="<?=$escField?>from" value="<?=isset($current['values'][0])?$this->escapeHtml($current['values'][0]):''?>" />
+ <input type="text" maxlength="4" class="yearbox span4" name="<?=$escField?>from" id="<?=$escField?>from" value="<?=isset($current['values'][0])?$this->escapeHtmlAttr($current['values'][0]):''?>" />
<label for="<?=$escField?>to"><?=$this->transEsc('date_to')?>:</label>
- <input type="text" maxlength="4" class="yearbox span4" name="<?=$escField?>to" id="<?=$escField?>to" value="<?=isset($current['values'][1])?$this->escapeHtml($current['values'][1]):''?>" />
+ <input type="text" maxlength="4" class="yearbox span4" name="<?=$escField?>to" id="<?=$escField?>to" value="<?=isset($current['values'][1])?$this->escapeHtmlAttr($current['values'][1]):''?>" />
<? if ($current['type'] == 'date'): ?>
<div class="pad"><input type="text" id="<?=$escField?><?=$this->escapeHtml($current['type'])?>Slider"></div>
<? endif; ?>
diff --git a/themes/bootstrap/templates/search/advanced/solr.phtml b/themes/bootstrap/templates/search/advanced/solr.phtml
index e7723c85f5d..495d3bc1d5a 100644
--- a/themes/bootstrap/templates/search/advanced/solr.phtml
+++ b/themes/bootstrap/templates/search/advanced/solr.phtml
@@ -10,8 +10,8 @@
<div class="row-fluid">
<? foreach ($this->facetList as $field => $list): ?>
<div class="span<?=floor(12/count($this->facetList)) ?>">
- <label class="displayBlock" for="limit_<?=$this->escapeHtml(str_replace(' ', '', $field))?>"><?=$this->transEsc($list['label'])?>:</label>
- <select class="span12" id="limit_<?=$this->escapeHtml(str_replace(' ', '', $field))?>" name="filter[]" multiple="multiple" size="10">
+ <label class="displayBlock" for="limit_<?=$this->escapeHtmlAttr(str_replace(' ', '', $field))?>"><?=$this->transEsc($list['label'])?>:</label>
+ <select class="span12" id="limit_<?=$this->escapeHtmlAttr(str_replace(' ', '', $field))?>" name="filter[]" multiple="multiple" size="10">
<?
// Sort the current facet list alphabetically; we'll use this data
// along with the foreach below to display facet options in the
@@ -24,7 +24,7 @@
?>
<? foreach ($sorted as $i => $display): ?>
<? $value = $list['list'][$i]; ?>
- <option value="<?=$this->escapeHtml(($value['operator'] == 'OR' ? '~' : '') . $field . ':"' . $value['value'] . '"')?>"<?=(isset($value['selected']) && $value['selected'])?' selected="selected"':''?>><?=$this->escapeHtml($display)?></option>
+ <option value="<?=$this->escapeHtmlAttr(($value['operator'] == 'OR' ? '~' : '') . $field . ':"' . $value['value'] . '"')?>"<?=(isset($value['selected']) && $value['selected'])?' selected="selected"':''?>><?=$this->escapeHtml($display)?></option>
<? endforeach; ?>
</select>
</div>
@@ -36,8 +36,8 @@
<fieldset class="span4">
<legend><?=$this->transEsc("Illustrated")?>:</legend>
<? foreach ($this->illustratedLimit as $current): ?>
- <input id="illustrated_<?=$this->escapeHtml($current['value'])?>" type="radio" name="illustration" value="<?=$this->escapeHtml($current['value'])?>"<?=$current['selected']?' checked="checked"':''?>/>
- <label for="illustrated_<?=$this->escapeHtml($current['value'])?>"><?=$this->transEsc($current['text'])?></label><br/>
+ <input id="illustrated_<?=$this->escapeHtmlAttr($current['value'])?>" type="radio" name="illustration" value="<?=$this->escapeHtmlAttr($current['value'])?>"<?=$current['selected']?' checked="checked"':''?>/>
+ <label for="illustrated_<?=$this->escapeHtmlAttr($current['value'])?>"><?=$this->transEsc($current['text'])?></label><br/>
<? endforeach; ?>
</fieldset>
<? endif; ?>
diff --git a/themes/bootstrap/templates/search/advanced/summon.phtml b/themes/bootstrap/templates/search/advanced/summon.phtml
index 3102e37bec8..18a0c5ef20e 100644
--- a/themes/bootstrap/templates/search/advanced/summon.phtml
+++ b/themes/bootstrap/templates/search/advanced/summon.phtml
@@ -10,8 +10,8 @@
<div class="row-fluid">
<? foreach ($this->facetList as $field => $list): ?>
<div class="span<?=floor(12/count($this->facetList)) ?>">
- <label class="displayBlock" for="limit_<?=$this->escapeHtml(str_replace(' ', '', $field))?>"><?=$this->transEsc($list['label'])?>:</label>
- <select class="span12" id="limit_<?=$this->escapeHtml(str_replace(' ', '', $field))?>" name="filter[]" multiple="multiple" size="10">
+ <label class="displayBlock" for="limit_<?=$this->escapeHtmlAttr(str_replace(' ', '', $field))?>"><?=$this->transEsc($list['label'])?>:</label>
+ <select class="span12" id="limit_<?=$this->escapeHtmlAttr(str_replace(' ', '', $field))?>" name="filter[]" multiple="multiple" size="10">
<?
// Sort the current facet list alphabetically; we'll use this data
// along with the foreach below to display facet options in the
@@ -24,7 +24,7 @@
?>
<? foreach ($sorted as $i => $display): ?>
<? $value = $list['list'][$i]; ?>
- <option value="<?=$this->escapeHtml(($value['operator'] == 'OR' ? '~' : '') . $field . ':"' . $value['value'] . '"')?>"<?=(isset($value['selected']) && $value['selected'])?' selected="selected"':''?>><?=$this->escapeHtml($display)?></option>
+ <option value="<?=$this->escapeHtmlAttr(($value['operator'] == 'OR' ? '~' : '') . $field . ':"' . $value['value'] . '"')?>"<?=(isset($value['selected']) && $value['selected'])?' selected="selected"':''?>><?=$this->escapeHtml($display)?></option>
<? endforeach; ?>
</select>
</div>
diff --git a/themes/bootstrap/templates/search/controls/limit.phtml b/themes/bootstrap/templates/search/controls/limit.phtml
index babf26ba943..8b3269b1278 100644
--- a/themes/bootstrap/templates/search/controls/limit.phtml
+++ b/themes/bootstrap/templates/search/controls/limit.phtml
@@ -4,7 +4,7 @@
<label for="limit" class="help-inline"><?=$this->transEsc('Results per page')?></label>
<select id="limit" name="limit" class="jumpMenu">
<? foreach ($limitList as $limitVal => $limitData): ?>
- <option value="<?=$this->escapeHtml($limitVal)?>"<?=$limitData['selected']?' selected="selected"':''?>><?=$this->escapeHtml($limitData['desc'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($limitVal)?>"<?=$limitData['selected']?' selected="selected"':''?>><?=$this->escapeHtml($limitData['desc'])?></option>
<? endforeach; ?>
</select>
<noscript><input type="submit" value="<?=$this->transEsc("Set")?>" /></noscript>
diff --git a/themes/bootstrap/templates/search/controls/sort.phtml b/themes/bootstrap/templates/search/controls/sort.phtml
index fc6d5b490b2..ee62189dfe2 100644
--- a/themes/bootstrap/templates/search/controls/sort.phtml
+++ b/themes/bootstrap/templates/search/controls/sort.phtml
@@ -4,7 +4,7 @@
<label class="help-inline" for="sort_options_1"><?=$this->transEsc('Sort')?></label>
<select id="sort_options_1" name="sort" class="jumpMenu">
<? foreach ($list as $sortType => $sortData): ?>
- <option value="<?=$this->escapeHtml($sortType)?>"<?=$sortData['selected']?' selected="selected"':''?>><?=$this->transEsc($sortData['desc'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($sortType)?>"<?=$sortData['selected']?' selected="selected"':''?>><?=$this->transEsc($sortData['desc'])?></option>
<? endforeach; ?>
</select>
<noscript><input type="submit" class="btn" value="<?=$this->transEsc("Set")?>" /></noscript>
diff --git a/themes/bootstrap/templates/search/email.phtml b/themes/bootstrap/templates/search/email.phtml
index 05d0cb274b2..cfd6c06ad9d 100644
--- a/themes/bootstrap/templates/search/email.phtml
+++ b/themes/bootstrap/templates/search/email.phtml
@@ -8,7 +8,7 @@
?>
<?=$this->flashmessages()?>
<form class="form-horizontal" action="" method="post" name="emailSearch">
- <input type="hidden" name="url" value="<?=$this->escapeHtml($this->url)?>" />
+ <input type="hidden" name="url" value="<?=$this->escapeHtmlAttr($this->url)?>" />
<div class="control-group">
<label class="control-label" for="email_to"><?=$this->transEsc('To')?>:</label>
<div class="controls">
diff --git a/themes/bootstrap/templates/search/home.phtml b/themes/bootstrap/templates/search/home.phtml
index 885812d878f..387d3fa1e9d 100644
--- a/themes/bootstrap/templates/search/home.phtml
+++ b/themes/bootstrap/templates/search/home.phtml
@@ -23,7 +23,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_home_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? endif; ?>
diff --git a/themes/bootstrap/templates/search/newitem.phtml b/themes/bootstrap/templates/search/newitem.phtml
index cb022008849..49d4b19cee4 100644
--- a/themes/bootstrap/templates/search/newitem.phtml
+++ b/themes/bootstrap/templates/search/newitem.phtml
@@ -13,7 +13,7 @@
<div class="controls">
<? foreach ($this->ranges as $key => $range): ?>
<label class="radio inline pad">
- <input id="newitem_range_<?=$this->escapeHtml($key)?>" type="radio" name="range" value="<?=$this->escapeHtml($range)?>"<?= ($key == 0) ? ' checked="checked"' : ''?>/>
+ <input id="newitem_range_<?=$this->escapeHtmlAttr($key)?>" type="radio" name="range" value="<?=$this->escapeHtmlAttr($range)?>"<?= ($key == 0) ? ' checked="checked"' : ''?>/>
<?=($range == 1) ? $this->transEsc('Yesterday') : $this->transEsc('Past') . ' ' . $this->escapeHtml($range) . ' ' . $this->transEsc('Days')?>
</label>
<? endforeach; ?>
@@ -25,7 +25,7 @@
<div class="controls">
<select id="newitem_department" name="department" size="10">
<? foreach ($this->fundList as $fundId => $fund): ?>
- <option value="<?=$this->escapeHtml($fundId)?>"><?=$this->transEsc($fund)?></option>
+ <option value="<?=$this->escapeHtmlAttr($fundId)?>"><?=$this->transEsc($fund)?></option>
<? endforeach; ?>
</select>
</div>
diff --git a/themes/bootstrap/templates/search/reserves.phtml b/themes/bootstrap/templates/search/reserves.phtml
index cc487643999..31ac4595a54 100644
--- a/themes/bootstrap/templates/search/reserves.phtml
+++ b/themes/bootstrap/templates/search/reserves.phtml
@@ -14,7 +14,7 @@
<select name="course" id="reserves_by_course" class="span6">
<option></option>
<? foreach ($this->courseList as $courseId => $courseName): ?>
- <option value="<?=$this->escapeHtml($courseId)?>"><?=$this->escapeHtml($courseName)?></option>
+ <option value="<?=$this->escapeHtmlAttr($courseId)?>"><?=$this->escapeHtml($courseName)?></option>
<? endforeach; ?>
</select>
<input class="btn btn-primary" type="submit" name="submit" value="<?=$this->transEsc('Find')?>"/>
@@ -27,7 +27,7 @@
<select name="inst" id="reserves_by_inst" class="span6">
<option></option>
<? foreach ($this->instList as $instId => $instName): ?>
- <option value="<?=$this->escapeHtml($instId)?>"><?=$this->escapeHtml($instName)?></option>
+ <option value="<?=$this->escapeHtmlAttr($instId)?>"><?=$this->escapeHtml($instName)?></option>
<? endforeach; ?>
</select>
<input class="btn btn-primary" type="submit" name="submit" value="<?=$this->transEsc('Find')?>"/>
@@ -40,7 +40,7 @@
<select name="dept" id="reserves_by_dept" class="span6">
<option></option>
<? foreach ($this->deptList as $deptId => $deptName): ?>
- <option value="<?=$this->escapeHtml($deptId)?>"><?=$this->escapeHtml($deptName)?></option>
+ <option value="<?=$this->escapeHtmlAttr($deptId)?>"><?=$this->escapeHtml($deptName)?></option>
<? endforeach; ?>
</select>
<input class="btn btn-primary" type="submit" name="submit" value="<?=$this->transEsc('Find')?>"/>
diff --git a/themes/bootstrap/templates/search/reservessearch.phtml b/themes/bootstrap/templates/search/reservessearch.phtml
index 468efd6021c..766cabfcca4 100644
--- a/themes/bootstrap/templates/search/reservessearch.phtml
+++ b/themes/bootstrap/templates/search/reservessearch.phtml
@@ -13,7 +13,7 @@
<h3><?=$this->transEsc('Search For Items on Reserve')?></h3>
<form class="form-inline" method="get" action="" name="reservesSearchForm">
<label class="help-inline" for="reservesSearchForm_lookfor"><?=$this->transEsc("Your search terms")?></label>
- <input id="reservesSearchForm_lookfor" type="text" name="lookfor" size="40" value="<?=$this->escapeHtml($reservesLookfor)?>" <?=$this->searchOptions('SolrReserves')->autocompleteEnabled() ? ' class="autocomplete searcher:SolrReserves type:Reserves"' : ''?> />
+ <input id="reservesSearchForm_lookfor" type="text" name="lookfor" size="40" value="<?=$this->escapeHtmlAttr($reservesLookfor)?>" <?=$this->searchOptions('SolrReserves')->autocompleteEnabled() ? ' class="autocomplete searcher:SolrReserves type:Reserves"' : ''?> />
<input class="btn" type="submit" name="submit" value="<?=$this->transEsc("Find")?>"/>
</form>
<script type="text/javascript">$("#reservesSearchForm_lookfor").focus()</script>
@@ -50,7 +50,7 @@
</tr>
<? foreach ($this->results->getResults() as $record): ?>
<?
- $url = $this->currentPath() . $this->escapeHtml(
+ $url = $this->currentPath() . $this->escapeHtmlAttr(
'?inst=' . urlencode($record->getInstructorId())
. '&course=' . urlencode($record->getCourseId())
. '&dept=' . urlencode($record->getDepartmentId())
diff --git a/themes/bootstrap/templates/search/searchbox.phtml b/themes/bootstrap/templates/search/searchbox.phtml
index 917727d6396..0a4d522010d 100644
--- a/themes/bootstrap/templates/search/searchbox.phtml
+++ b/themes/bootstrap/templates/search/searchbox.phtml
@@ -22,14 +22,14 @@
<ul class="nav nav-tabs">
<? foreach ($searchTabs as $tab): ?>
<li<?=$tab['selected'] ? ' class="active"' : ''?>>
- <a href="<?=$tab['selected'] ? '' : $this->escapeHtml($tab['url'])?>"><?=$this->transEsc($tab['label']); ?></a>
+ <a href="<?=$tab['selected'] ? '' : $this->escapeHtmlAttr($tab['url'])?>"><?=$this->transEsc($tab['label']); ?></a>
</li>
<? endforeach; ?>
</ul>
<? endif; ?>
<div class="navbar">
<? if ($this->searchType == 'advanced'): ?>
- <a class="btn btn-link small" href="<?=$this->url($advSearch)?>?edit=<?=$this->escapeHtml($this->searchId)?>"><?=$this->transEsc("Edit this Advanced Search")?></a>
+ <a class="btn btn-link small" href="<?=$this->url($advSearch)?>?edit=<?=$this->escapeHtmlAttr($this->searchId)?>"><?=$this->transEsc("Edit this Advanced Search")?></a>
<span class="help-inline">|</span>
<a class="btn btn-link small" href="<?=$this->url($advSearch)?>"><?=$this->transEsc("Start a new Advanced Search")?></a>
<span class="help-inline">|</span>
@@ -37,15 +37,15 @@
<div class="help-block"><?=$this->transEsc("Your search terms")?> : "<strong><?=$this->escapeHtml($this->lookfor)?></strong>"</div>
<? else: ?>
<form class="form-inline navbar-form block" method="get" action="<?=$this->url($basicSearch)?>" name="searchForm" id="searchForm" autocomplete="off">
- <input class="span5 search-query<? if($this->searchbox()->autocompleteEnabled($this->searchClassId)):?> autocomplete searcher:<?=$this->escapeHtml($this->searchClassId) ?><? endif ?>" id="searchForm_lookfor" type="text" name="lookfor" value="<?=$this->escapeHtml($this->lookfor)?>"/>
+ <input class="span5 search-query<? if($this->searchbox()->autocompleteEnabled($this->searchClassId)):?> autocomplete searcher:<?=$this->escapeHtmlAttr($this->searchClassId) ?><? endif ?>" id="searchForm_lookfor" type="text" name="lookfor" value="<?=$this->escapeHtmlAttr($this->lookfor)?>"/>
<? if ($handlerCount > 1): ?>
<select id="searchForm_type" name="type" data-native-menu="false">
<? foreach ($handlers as $handler): ?>
- <option value="<?=$this->escapeHtml($handler['value'])?>"<?=$handler['selected'] ? ' selected="selected"' : ''?>><?=$handler['indent'] ? '-- ' : ''?><?=$this->transEsc($handler['label'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($handler['value'])?>"<?=$handler['selected'] ? ' selected="selected"' : ''?>><?=$handler['indent'] ? '-- ' : ''?><?=$this->transEsc($handler['label'])?></option>
<? endforeach; ?>
</select>
<? elseif ($handlerCount == 1): ?>
- <input type="hidden" name="type" value="<?=$this->escapeHtml($handlers[0]['value'])?>" />
+ <input type="hidden" name="type" value="<?=$this->escapeHtmlAttr($handlers[0]['value'])?>" />
<? endif; ?>
<button type="submit" class="btn"><i class="icon-search"></i> <?=$this->transEsc("Find")?></button>
<? if ($advSearch): ?>
@@ -60,7 +60,7 @@
<br />
<? foreach ($shards as $shard => $val): ?>
<? $isSelected = empty($selectedShards) || in_array($shard, $selectedShards); ?>
- <input type="checkbox" <?=$isSelected ? 'checked="checked" ' : ''?>name="shard[]" value='<?=$this->escapeHtml($shard)?>' /> <?=$this->transEsc($shard)?>
+ <input type="checkbox" <?=$isSelected ? 'checked="checked" ' : ''?>name="shard[]" value='<?=$this->escapeHtmlAttr($shard)?>' /> <?=$this->transEsc($shard)?>
<? endforeach; ?>
<? endif; ?>
<?
@@ -77,8 +77,8 @@
</label>
<div class="hidden">
<? foreach ($filterDetails as $current): ?>
- <input class="applied-filter" id="<?=$this->escapeHtml($current['id'])?>" type="checkbox"<?=$defaultFilterState?> name="filter[]" value="<?=$this->escapeHtml($current['value'])?>" />
- <label for="<?=$this->escapeHtml($current['id'])?>"><?=$this->escapeHtml($current['value'])?></label>
+ <input class="applied-filter" id="<?=$this->escapeHtmlAttr($current['id'])?>" type="checkbox"<?=$defaultFilterState?> name="filter[]" value="<?=$this->escapeHtmlAttr($current['value'])?>" />
+ <label for="<?=$this->escapeHtmlAttr($current['id'])?>"><?=$this->escapeHtml($current['value'])?></label>
<? endforeach; ?>
<? if (isset($hasDefaultsApplied) && $hasDefaultsApplied): ?>
<!-- this is a hidden element that flags whether or not default filters have been applied;
@@ -90,14 +90,14 @@
<?
/* Show hidden field for active search class when in combined handler mode. */
if ($this->searchbox()->combinedHandlersActive()) {
- echo '<input type="hidden" name="activeSearchClassId" value="' . $this->escapeHtml($this->searchClassId) . '" />';
+ echo '<input type="hidden" name="activeSearchClassId" value="' . $this->escapeHtmlAttr($this->searchClassId) . '" />';
}
/* Load hidden limit preference from Session */
if (!empty($lastLimit)) {
- echo '<input type="hidden" name="limit" value="' . $this->escapeHtml($lastLimit) . '" />';
+ echo '<input type="hidden" name="limit" value="' . $this->escapeHtmlAttr($lastLimit) . '" />';
}
if (!empty($lastSort)) {
- echo '<input type="hidden" name="sort" value="' . $this->escapeHtml($lastSort) . '" />';
+ echo '<input type="hidden" name="sort" value="' . $this->escapeHtmlAttr($lastSort) . '" />';
}
?>
</form>
diff --git a/themes/bootstrap/templates/upgrade/getdbcredentials.phtml b/themes/bootstrap/templates/upgrade/getdbcredentials.phtml
index 74055faa7b7..ca330b042a4 100644
--- a/themes/bootstrap/templates/upgrade/getdbcredentials.phtml
+++ b/themes/bootstrap/templates/upgrade/getdbcredentials.phtml
@@ -14,7 +14,7 @@ with permission to alter and create tables.</p>
<form method="post" action="<?=$this->url('upgrade-getdbcredentials')?>">
<table>
<tbody>
- <tr><td>MySQL Root User: </td><td><input type="text" name="dbrootuser" value="<?=$this->escapeHtml($this->dbrootuser)?>"/></td></tr>
+ <tr><td>MySQL Root User: </td><td><input type="text" name="dbrootuser" value="<?=$this->escapeHtmlAttr($this->dbrootuser)?>"/></td></tr>
<tr><td>MySQL Root Password: </td><td><input type="password" name="dbrootpass" value=""/></td></tr>
<tr><td></td><td><input type="submit" name="submit" value="<?=$this->transEsc('Submit') ?>" /></td></tr>
</tbody>
diff --git a/themes/jquerymobile/templates/Auth/AbstractBase/login.phtml b/themes/jquerymobile/templates/Auth/AbstractBase/login.phtml
index e7f616f8c31..821c54aab43 100644
--- a/themes/jquerymobile/templates/Auth/AbstractBase/login.phtml
+++ b/themes/jquerymobile/templates/Auth/AbstractBase/login.phtml
@@ -19,5 +19,5 @@
<a rel="external" data-role="button" class="recover_password" href="<?=$this->url('myresearch-recover')?>"><?=$this->transEsc('Forgot Password')?></a>
<? endif; ?>
<? else: ?>
- <a rel="external" data-role="button" href="<?=$this->escapeHtml($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
+ <a rel="external" data-role="button" href="<?=$this->escapeHtmlAttr($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
<? endif; ?>
diff --git a/themes/jquerymobile/templates/Auth/AbstractBase/loginfields.phtml b/themes/jquerymobile/templates/Auth/AbstractBase/loginfields.phtml
index a979db8146b..1b6516b967b 100644
--- a/themes/jquerymobile/templates/Auth/AbstractBase/loginfields.phtml
+++ b/themes/jquerymobile/templates/Auth/AbstractBase/loginfields.phtml
@@ -1,4 +1,4 @@
<label for="login_username"><?=$this->transEsc('Username')?>:</label>
-<input id="login_username" type="text" name="username" value="<?=$this->escapeHtml($this->request->get('username'))?>"/>
+<input id="login_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>"/>
<label for="login_password"><?=$this->transEsc('Password')?>:</label>
<input id="login_password" type="password" name="password"/>
diff --git a/themes/jquerymobile/templates/Auth/Database/create.phtml b/themes/jquerymobile/templates/Auth/Database/create.phtml
index d472bd6228d..1444efdd6c2 100644
--- a/themes/jquerymobile/templates/Auth/Database/create.phtml
+++ b/themes/jquerymobile/templates/Auth/Database/create.phtml
@@ -1,11 +1,11 @@
<label for="account_firstname"><?=$this->transEsc('First Name')?>:</label>
-<input id="account_firstname" type="text" name="firstname" value="<?=$this->escapeHtml($this->request->get('firstname'))?>" />
+<input id="account_firstname" type="text" name="firstname" value="<?=$this->escapeHtmlAttr($this->request->get('firstname'))?>" />
<label for="account_lastname"><?=$this->transEsc('Last Name')?>:</label>
-<input id="account_lastname" type="text" name="lastname" value="<?=$this->escapeHtml($this->request->get('lastname'))?>" />
+<input id="account_lastname" type="text" name="lastname" value="<?=$this->escapeHtmlAttr($this->request->get('lastname'))?>" />
<label for="account_email"><?=$this->transEsc('Email Address')?>:</label>
-<input id="account_email" type="text" name="email" value="<?=$this->escapeHtml($this->request->get('email'))?>" />
+<input id="account_email" type="text" name="email" value="<?=$this->escapeHtmlAttr($this->request->get('email'))?>" />
<label for="account_username"><?=$this->transEsc('Desired Username')?>:</label>
-<input id="account_username" type="text" name="username" value="<?=$this->escapeHtml($this->request->get('username'))?>" />
+<input id="account_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>" />
<label for="account_password"><?=$this->transEsc('Password')?>:</label>
<input id="account_password" type="password" name="password" />
<label for="account_password2"><?=$this->transEsc('Password Again')?>:</label>
diff --git a/themes/jquerymobile/templates/Auth/Shibboleth/login.phtml b/themes/jquerymobile/templates/Auth/Shibboleth/login.phtml
index d4463c48646..d4cbbac6e6b 100644
--- a/themes/jquerymobile/templates/Auth/Shibboleth/login.phtml
+++ b/themes/jquerymobile/templates/Auth/Shibboleth/login.phtml
@@ -1,3 +1,3 @@
<? $account = $this->auth()->getManager(); ?>
<? $sessionInitiator = $account->getSessionInitiator($this->serverUrl($this->url('myresearch-home'))); ?>
-<a rel="external" href="<?=$this->escapeHtml($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
+<a rel="external" href="<?=$this->escapeHtmlAttr($sessionInitiator)?>"><?=$this->transEsc("Institutional Login")?></a>
diff --git a/themes/jquerymobile/templates/Helpers/openurl.phtml b/themes/jquerymobile/templates/Helpers/openurl.phtml
index 671dcd2a311..3a53a9a3332 100644
--- a/themes/jquerymobile/templates/Helpers/openurl.phtml
+++ b/themes/jquerymobile/templates/Helpers/openurl.phtml
@@ -1,15 +1,15 @@
-<a rel="external" href="<?=$this->escapeHtml($this->openUrlBase . '?' . $this->openUrl)?>">
+<a rel="external" href="<?=$this->escapeHtmlAttr($this->openUrlBase . '?' . $this->openUrl)?>">
<? if ($this->openUrlGraphic): ?>
<?
$style = '';
if ($this->openUrlGraphicWidth) {
- $style .= 'width:' . $this->escapeHtml($this->openUrlGraphicWidth) . 'px;';
+ $style .= 'width:' . $this->escapeHtmlAttr($this->openUrlGraphicWidth) . 'px;';
}
if ($this->openUrlGraphicHeight) {
- $style .= 'height:' . $this->escapeHtml($this->openUrlGraphicHeight) . 'px;';
+ $style .= 'height:' . $this->escapeHtmlAttr($this->openUrlGraphicHeight) . 'px;';
}
?>
- <img src="<?=$this->escapeHtml($this->openUrlGraphic)?>" alt="<?=$this->transEsc('Get full text')?>" style="<?=$style?>" />
+ <img src="<?=$this->escapeHtmlAttr($this->openUrlGraphic)?>" alt="<?=$this->transEsc('Get full text')?>" style="<?=$style?>" />
<? else: ?>
<?=$this->transEsc('Get full text')?>
<? endif; ?>
diff --git a/themes/jquerymobile/templates/RecordDriver/LibGuides/result-list.phtml b/themes/jquerymobile/templates/RecordDriver/LibGuides/result-list.phtml
index 3448080e564..66ce9ddb275 100644
--- a/themes/jquerymobile/templates/RecordDriver/LibGuides/result-list.phtml
+++ b/themes/jquerymobile/templates/RecordDriver/LibGuides/result-list.phtml
@@ -1,7 +1,7 @@
<?
$url = $this->driver->getUniqueId();
?>
-<a rel="external" href="<?=$this->escapeHtml($url)?>">
+<a rel="external" href="<?=$this->escapeHtmlAttr($url)?>">
<div class="result">
<h3><?
$summTitle = $this->driver->getTitle();
diff --git a/themes/jquerymobile/templates/RecordDriver/Pazpar2/result-list.phtml b/themes/jquerymobile/templates/RecordDriver/Pazpar2/result-list.phtml
index a4bd4560797..10a10b6b568 100644
--- a/themes/jquerymobile/templates/RecordDriver/Pazpar2/result-list.phtml
+++ b/themes/jquerymobile/templates/RecordDriver/Pazpar2/result-list.phtml
@@ -1,6 +1,6 @@
<b>
- <div class="result source<?=$this->escapeHtml($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
+ <div class="result source<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
<h3><?
$summHighlightedTitle = $this->driver->getHighlightedTitle();
$summTitle = $this->driver->getTitle();
diff --git a/themes/jquerymobile/templates/RecordDriver/SolrDefault/core.phtml b/themes/jquerymobile/templates/RecordDriver/SolrDefault/core.phtml
index bebd579a95a..e4871113c6e 100644
--- a/themes/jquerymobile/templates/RecordDriver/SolrDefault/core.phtml
+++ b/themes/jquerymobile/templates/RecordDriver/SolrDefault/core.phtml
@@ -1,9 +1,9 @@
<? /* Display thumbnail if appropriate: */ ?>
<? $mediumThumb = $this->record($this->driver)->getThumbnail('medium'); $largeThumb = $this->record($this->driver)->getThumbnail('large'); ?>
<? if ($mediumThumb): ?>
- <? if ($largeThumb): ?><a rel="external" href="<?=$this->escapeHtml($largeThumb)?>"><? endif; ?>
+ <? if ($largeThumb): ?><a rel="external" href="<?=$this->escapeHtmlAttr($largeThumb)?>"><? endif; ?>
<div class="recordcover">
- <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtml($mediumThumb);?>"/>
+ <img alt="<?=$this->transEsc('Cover Image')?>" class="recordcover" src="<?=$this->escapeHtmlAttr($mediumThumb);?>"/>
</div>
<? if ($largeThumb): ?></a><? endif; ?>
<? endif; ?>
@@ -134,7 +134,7 @@
<dt><?=$this->transEsc('Online Access')?>: </dt>
<dd>
<? foreach ($urls as $current): ?>
- <p><a rel="external" href="<?=$this->escapeHtml($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a></p>
+ <p><a rel="external" href="<?=$this->escapeHtmlAttr($this->proxyUrl($current['url']))?>"><?=$this->escapeHtml($current['desc'])?></a></p>
<? endforeach; ?>
<? if ($openUrl): ?>
<?=$this->openUrl($openUrl)?><br/>
diff --git a/themes/jquerymobile/templates/RecordDriver/SolrDefault/list-entry.phtml b/themes/jquerymobile/templates/RecordDriver/SolrDefault/list-entry.phtml
index c468c8b28cd..056f5a0e3d0 100644
--- a/themes/jquerymobile/templates/RecordDriver/SolrDefault/list-entry.phtml
+++ b/themes/jquerymobile/templates/RecordDriver/SolrDefault/list-entry.phtml
@@ -11,8 +11,8 @@
}
?>
<a rel="external" href="<?=$this->recordLink()->getUrl($this->driver)?>">
- <div class="result source<?=$this->escapeHtml($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
+ <div class="result source<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
<h3>
<?
$listTitle = $this->driver->getTitle();
diff --git a/themes/jquerymobile/templates/RecordDriver/SolrDefault/result-list.phtml b/themes/jquerymobile/templates/RecordDriver/SolrDefault/result-list.phtml
index 1fdd7684373..ce04278048f 100644
--- a/themes/jquerymobile/templates/RecordDriver/SolrDefault/result-list.phtml
+++ b/themes/jquerymobile/templates/RecordDriver/SolrDefault/result-list.phtml
@@ -1,6 +1,6 @@
<a rel="external" href="<?=$this->recordLink()->getUrl($this->driver)?>">
- <div class="result source<?=$this->escapeHtml($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
- <input type="hidden" value="<?=$this->escapeHtml($this->driver->getUniqueID())?>" class="hiddenId" />
+ <div class="result source<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?> recordId<?=$this->driver->supportsAjaxStatus()?' ajaxItemId':''?>">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueID())?>" class="hiddenId" />
<h3><?
$summHighlightedTitle = $this->driver->getHighlightedTitle();
$summTitle = $this->driver->getTitle();
diff --git a/themes/jquerymobile/templates/RecordDriver/SolrWeb/result-list.phtml b/themes/jquerymobile/templates/RecordDriver/SolrWeb/result-list.phtml
index 41e08d2e44e..c1bcfddbdd9 100644
--- a/themes/jquerymobile/templates/RecordDriver/SolrWeb/result-list.phtml
+++ b/themes/jquerymobile/templates/RecordDriver/SolrWeb/result-list.phtml
@@ -1,7 +1,7 @@
<?
$url = $this->driver->getUrl();
?>
-<a rel="external" href="<?=$this->escapeHtml($url)?>">
+<a rel="external" href="<?=$this->escapeHtmlAttr($url)?>">
<div class="result">
<h3><?
$summHighlightedTitle = $this->driver->getHighlightedTitle();
diff --git a/themes/jquerymobile/templates/RecordTab/holdingsils.phtml b/themes/jquerymobile/templates/RecordTab/holdingsils.phtml
index 3e6a2da372b..d2f1bb380f3 100644
--- a/themes/jquerymobile/templates/RecordTab/holdingsils.phtml
+++ b/themes/jquerymobile/templates/RecordTab/holdingsils.phtml
@@ -13,7 +13,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_holdings_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? endif; ?>
diff --git a/themes/jquerymobile/templates/RecordTab/holdingsworldcat.phtml b/themes/jquerymobile/templates/RecordTab/holdingsworldcat.phtml
index f5afadfa6fa..190e7f869c1 100644
--- a/themes/jquerymobile/templates/RecordTab/holdingsworldcat.phtml
+++ b/themes/jquerymobile/templates/RecordTab/holdingsworldcat.phtml
@@ -5,7 +5,7 @@
<tr>
<th colspan="2">
<? if (isset($holding->electronicAddress->text) && !empty($holding->electronicAddress->text)): ?>
- <a href="<?=$this->escapeHtml($holding->electronicAddress->text)?>"><?=$this->escapeHtml($holding->physicalLocation)?></a>
+ <a href="<?=$this->escapeHtmlAttr($holding->electronicAddress->text)?>"><?=$this->escapeHtml($holding->physicalLocation)?></a>
<? else: ?>
<?=$this->escapeHtml($holding->physicalLocation)?>
<? endif; ?>
diff --git a/themes/jquerymobile/templates/RecordTab/reviews.phtml b/themes/jquerymobile/templates/RecordTab/reviews.phtml
index 5841e5abd1f..20ce2dd5cbb 100644
--- a/themes/jquerymobile/templates/RecordTab/reviews.phtml
+++ b/themes/jquerymobile/templates/RecordTab/reviews.phtml
@@ -26,7 +26,7 @@
<p class="summary">
<?=isset($review['Content']) ? $review['Content'] : ''?>
<? if ((!isset($review['Content']) || empty($review['Content'])) && isset($review['ReviewURL'])): ?>
- <a rel="external" href="<?=$this->escapeHtml($review['ReviewURL'])?>"><?=$this->transEsc('Read the full review online...')?></a>
+ <a rel="external" href="<?=$this->escapeHtmlAttr($review['ReviewURL'])?>"><?=$this->transEsc('Read the full review online...')?></a>
<? endif; ?>
</p>
<?=isset($review['Copyright']) ? $review['Copyright'] : ''?>
diff --git a/themes/jquerymobile/templates/RecordTab/usercomments.phtml b/themes/jquerymobile/templates/RecordTab/usercomments.phtml
index 24a5549e104..fe56781c83d 100644
--- a/themes/jquerymobile/templates/RecordTab/usercomments.phtml
+++ b/themes/jquerymobile/templates/RecordTab/usercomments.phtml
@@ -7,8 +7,8 @@
</ul>
<form name="commentRecord" id="commentRecord" action="<?=$this->recordLink()->getActionUrl($this->driver, 'AddComment')?>" method="post" data-ajax="false">
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>"/>
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>"/>
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>"/>
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>"/>
<div data-role="fieldcontain">
<label for="comments_form_comment"><?=$this->transEsc("Your Comment")?>:</label>
<textarea id="comments_form_comment" name="comment"></textarea>
diff --git a/themes/jquerymobile/templates/alphabrowse/home.phtml b/themes/jquerymobile/templates/alphabrowse/home.phtml
index 4ce4a70c0ae..8664288394c 100644
--- a/themes/jquerymobile/templates/alphabrowse/home.phtml
+++ b/themes/jquerymobile/templates/alphabrowse/home.phtml
@@ -12,11 +12,11 @@
<label for="alphaBrowseForm_source"><?=$this->transEsc('Browse Alphabetically') ?></label>
<select id="alphaBrowseForm_source" name="source">
<? foreach ($this->alphaBrowseTypes as $key => $item): ?>
- <option value="<?=$this->escapeHtml($key) ?>"<? if ($this->source == $key): ?> selected="selected"<? endif; ?>><?=$this->transEsc($item) ?></option>
+ <option value="<?=$this->escapeHtmlAttr($key) ?>"<? if ($this->source == $key): ?> selected="selected"<? endif; ?>><?=$this->transEsc($item) ?></option>
<? endforeach; ?>
</select>
<label for="alphaBrowseForm_from"><?=$this->transEsc('starting from') ?></label>
- <input type="search" name="from" id="alphaBrowseForm_from" value="<?=$this->escapeHtml($this->from) ?>"/>
+ <input type="search" name="from" id="alphaBrowseForm_from" value="<?=$this->escapeHtmlAttr($this->from) ?>"/>
<input type="submit" data-theme="b" value="<?=$this->transEsc('Browse') ?>"/>
</div>
</form>
@@ -33,12 +33,12 @@
<div class="ui-grid-a">
<div class="ui-block-a">
<? if (isset($this->prevpage)): ?>
- <a data-role="button" data-mini="true" data-icon="arrow-l" href="<?=$this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->prevpage))))?>"><?=$this->transEsc('Prev')?></a>
+ <a data-role="button" data-mini="true" data-icon="arrow-l" href="<?=$this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->prevpage))))?>"><?=$this->transEsc('Prev')?></a>
<? endif; ?>
</div>
<div class="ui-block-b">
<? if (isset($this->nextpage)): ?>
- <a data-role="button" data-mini="true" data-icon="arrow-r" data-iconpos="right" href="<?=$this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->nextpage))))?>"><?=$this->transEsc('Next')?></a>
+ <a data-role="button" data-mini="true" data-icon="arrow-r" data-iconpos="right" href="<?=$this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => $baseQuery + array('page' => $this->nextpage))))?>"><?=$this->transEsc('Next')?></a>
<? endif; ?>
</div>
</div>
@@ -52,14 +52,14 @@
<? if ($item['count'] > 0 || count($item['useInstead']) > 0): ?>
<? if (count($item['useInstead']) > 0): ?>
<? $query = array('from' => implode($item['useInstead'])) + $baseQuery; ?>
- <? $searchLink = $this->escapeHtml($this->url('alphabrowse-home', array(), array('query' => $query))); ?>
+ <? $searchLink = $this->escapeHtmlAttr($this->url('alphabrowse-home', array(), array('query' => $query))); ?>
<? else: ?>
<? if ($item['count'] < 5): ?>
<? $query = array('type' => 'ids', 'lookfor' => implode(' ', $item['ids'])); ?>
<? else: ?>
<? $query = array('type' => ucwords($this->source) . 'Browse', 'lookfor' => '"' . addcslashes($item['heading'], '"') . '"'); ?>
<? endif; ?>
- <? $searchLink = $this->escapeHtml($this->url('search-results', array(), array('query' => $query))); ?>
+ <? $searchLink = $this->escapeHtmlAttr($this->url('search-results', array(), array('query' => $query))); ?>
<? endif; ?>
<? endif; ?>
<a class="ui-link-inherit" data-ajax="false" href="<?=$searchLink ?>">
diff --git a/themes/jquerymobile/templates/collection/view.phtml b/themes/jquerymobile/templates/collection/view.phtml
index fd920a32072..742104655ca 100644
--- a/themes/jquerymobile/templates/collection/view.phtml
+++ b/themes/jquerymobile/templates/collection/view.phtml
@@ -11,7 +11,7 @@
?>
<div data-role="page" id="Record-view">
<?=$this->mobileMenu()->header()?>
- <div class="record" data-role="content" data-record-id="<?=$this->escapeHtml($this->driver->getUniqueId())?>">
+ <div class="record" data-role="content" data-record-id="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>">
<?=$this->flashmessages()?>
<? if ($this->activeTab == $this->defaultTab): ?>
<?=$this->record($this->driver)->getCollectionMetadata()?>
diff --git a/themes/jquerymobile/templates/confirm/confirm.phtml b/themes/jquerymobile/templates/confirm/confirm.phtml
index 18028743ddf..989cd48eccc 100644
--- a/themes/jquerymobile/templates/confirm/confirm.phtml
+++ b/themes/jquerymobile/templates/confirm/confirm.phtml
@@ -5,21 +5,21 @@
<?=$this->flashmessages();?>
- <form action="<?=$this->escapeHtml($this->confirm)?>" method="post" data-ajax="false">
+ <form action="<?=$this->escapeHtmlAttr($this->confirm)?>" method="post" data-ajax="false">
<? if (isset($this->extras)): ?>
<? foreach ($this->extras as $extra=>$value): ?>
<? if (is_array($value)): ?>
<? foreach ($value as $current): ?>
- <input type="hidden" name="<?=$this->escapeHtml($extra) ?>[]" value="<?=$this->escapeHtml($current) ?>" />
+ <input type="hidden" name="<?=$this->escapeHtmlAttr($extra) ?>[]" value="<?=$this->escapeHtmlAttr($current) ?>" />
<? endforeach; ?>
<? else: ?>
- <input type="hidden" name="<?=$this->escapeHtml($extra) ?>" value="<?=$this->escapeHtml($value) ?>" />
+ <input type="hidden" name="<?=$this->escapeHtmlAttr($extra) ?>" value="<?=$this->escapeHtmlAttr($value) ?>" />
<? endif; ?>
<? endforeach; ?>
<? endif;?>
<input type="submit" name="confirm" value="<?=$this->transEsc('confirm_dialog_yes') ?>" />
</form>
- <form action="<?=$this->escapeHtml($this->cancel) ?>" method="post" data-ajax="false">
+ <form action="<?=$this->escapeHtmlAttr($this->cancel) ?>" method="post" data-ajax="false">
<input type="submit" name="cancel" value="<?=$this->transEsc('confirm_dialog_no') ?>" />
</form>
</div>
diff --git a/themes/jquerymobile/templates/error/unavailable.phtml b/themes/jquerymobile/templates/error/unavailable.phtml
index 11d55fa2f68..fa3d3017171 100644
--- a/themes/jquerymobile/templates/error/unavailable.phtml
+++ b/themes/jquerymobile/templates/error/unavailable.phtml
@@ -13,7 +13,7 @@
<p>
<?=$this->transEsc('Please contact the Library Reference Department for assistance')?>
<br/>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a>
</p>
</div>
diff --git a/themes/jquerymobile/templates/myresearch/cataloglogin.phtml b/themes/jquerymobile/templates/myresearch/cataloglogin.phtml
index 2cfcff0f55a..11cb63cdca8 100644
--- a/themes/jquerymobile/templates/myresearch/cataloglogin.phtml
+++ b/themes/jquerymobile/templates/myresearch/cataloglogin.phtml
@@ -13,7 +13,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_login_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? else: ?>
diff --git a/themes/jquerymobile/templates/myresearch/checkedout.phtml b/themes/jquerymobile/templates/myresearch/checkedout.phtml
index 4e4c6eef415..7eec680b6e6 100644
--- a/themes/jquerymobile/templates/myresearch/checkedout.phtml
+++ b/themes/jquerymobile/templates/myresearch/checkedout.phtml
@@ -91,8 +91,8 @@
<fieldset data-type="horizontal" data-role="controlgroup">
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $ilsDetails['renew_details']); ?>
<label for="checkbox_<?=$safeId?>"><?=$this->transEsc("Select this record")?></label>
- <input type="checkbox" name="renewSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['renew_details'])?>" class="checkbox" style="margin-left: 0" id="checkbox_<?=$safeId?>" />
- <input type="hidden" name="renewAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['renew_details'])?>" />
+ <input type="checkbox" name="renewSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['renew_details'])?>" class="checkbox" style="margin-left: 0" id="checkbox_<?=$safeId?>" />
+ <input type="hidden" name="renewAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['renew_details'])?>" />
</fieldset>
</div>
<? endif; ?>
diff --git a/themes/jquerymobile/templates/myresearch/holds.phtml b/themes/jquerymobile/templates/myresearch/holds.phtml
index fd905ea60d3..e17e5e0a0bc 100644
--- a/themes/jquerymobile/templates/myresearch/holds.phtml
+++ b/themes/jquerymobile/templates/myresearch/holds.phtml
@@ -112,8 +112,8 @@
<fieldset data-type="horizontal" data-role="controlgroup">
<? $safeId = preg_replace('/[^a-zA-Z0-9]/', '', $resource->getUniqueId()); ?>
<label for="checkbox_<?=$safeId?>"><?=$this->transEsc("Select this record")?></label>
- <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" />
- <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtml($ilsDetails['cancel_details']) ?>" class="checkbox" style="margin-left:0;" id="checkbox_<?=$safeId?>" />
+ <input type="hidden" name="cancelAllIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" />
+ <input type="checkbox" name="cancelSelectedIDS[]" value="<?=$this->escapeHtmlAttr($ilsDetails['cancel_details']) ?>" class="checkbox" style="margin-left:0;" id="checkbox_<?=$safeId?>" />
</fieldset>
</div>
<? endif; ?>
diff --git a/themes/jquerymobile/templates/myresearch/login.phtml b/themes/jquerymobile/templates/myresearch/login.phtml
index 405a0f78c72..e78e7ac13a7 100644
--- a/themes/jquerymobile/templates/myresearch/login.phtml
+++ b/themes/jquerymobile/templates/myresearch/login.phtml
@@ -15,7 +15,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_login_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? elseif ($hideLogin): ?>
diff --git a/themes/jquerymobile/templates/primo/advanced.phtml b/themes/jquerymobile/templates/primo/advanced.phtml
index 42ceb71d8e6..299ada3e4e1 100644
--- a/themes/jquerymobile/templates/primo/advanced.phtml
+++ b/themes/jquerymobile/templates/primo/advanced.phtml
@@ -46,26 +46,26 @@
<div class="ui-block-a">
<select id="search_type<?=$i?>_<?=$j?>" name="type<?=$i?>[]">
<? foreach ($this->options->getAdvancedHandlers() as $searchVal => $searchDesc): ?>
- <option value="<?=$this->escapeHtml($searchVal)?>"<?=($currRow && $currRow->getHandler() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
+ <option value="<?=$this->escapeHtmlAttr($searchVal)?>"<?=($currRow && $currRow->getHandler() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
<? endforeach; ?>
</select>
</div>
<div class="ui-block-b">
<select id="searchForm_op<?=$i?>_<?=$j?>" name="op<?=$i?>[]">
<? foreach ($this->options->getAdvancedOperators() as $searchVal => $searchDesc): ?>
- <option value="<?=$this->escapeHtml($searchVal)?>"<?=($currRow && $currRow->getOperator() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
+ <option value="<?=$this->escapeHtmlAttr($searchVal)?>"<?=($currRow && $currRow->getOperator() == $searchVal)?' selected="selected"':''?>><?=$this->transEsc($searchDesc)?></option>
<? endforeach; ?>
</select>
</div>
<div class="ui-block-c">
- <input id="search_lookfor<?=$i?>_<?=$j?>" type="text" value="<?=$currRow?$this->escapeHtml($currRow->getString()):''?>" name="lookfor<?=$i?>[]" style="margin-top:.5em;height:28px"/>
+ <input id="search_lookfor<?=$i?>_<?=$j?>" type="text" value="<?=$currRow?$this->escapeHtmlAttr($currRow->getString()):''?>" name="lookfor<?=$i?>[]" style="margin-top:.5em;height:28px"/>
</div>
<? endfor; ?>
</fieldset>
<? endfor; ?>
<? $lastSort = $this->options->getLastSort(); ?>
<? if (!empty($lastSort)): ?>
- <input type="hidden" name="sort" value="<?=$this->escapeHtml($lastSort)?>" />
+ <input type="hidden" name="sort" value="<?=$this->escapeHtmlAttr($lastSort)?>" />
<? endif; ?>
<hr/>
<fieldset class="ui-grid-solo">
@@ -76,10 +76,10 @@
<?
/* Load hidden limit preference from Session */
if (!empty($lastLimit)) {
- echo '<input type="hidden" name="limit" value="' . $this->escapeHtml($lastLimit) . '" />';
+ echo '<input type="hidden" name="limit" value="' . $this->escapeHtmlAttr($lastLimit) . '" />';
}
if (!empty($lastSort)) {
- echo '<input type="hidden" name="sort" value="' . $this->escapeHtml($lastSort) . '" />';
+ echo '<input type="hidden" name="sort" value="' . $this->escapeHtmlAttr($lastSort) . '" />';
}
?>
</form>
diff --git a/themes/jquerymobile/templates/record/addtag.phtml b/themes/jquerymobile/templates/record/addtag.phtml
index 08d8e2e64f6..82d2a6a0ba2 100644
--- a/themes/jquerymobile/templates/record/addtag.phtml
+++ b/themes/jquerymobile/templates/record/addtag.phtml
@@ -7,8 +7,8 @@
<div data-role="content">
<form method="post" name="tagRecord" data-ajax="false">
<input type="hidden" name="submit" value="1" />
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<div data-role="fieldcontain">
<label for="addtag_tag"><?=$this->transEsc("Tags")?>:</label>
<input id="addtag_tag" type="text" name="tag" value=""/>
diff --git a/themes/jquerymobile/templates/record/cite.phtml b/themes/jquerymobile/templates/record/cite.phtml
index ef17dca544f..adceff58dab 100644
--- a/themes/jquerymobile/templates/record/cite.phtml
+++ b/themes/jquerymobile/templates/record/cite.phtml
@@ -11,7 +11,7 @@
?>
<div data-role="page" id="Record-view">
<?=$this->mobileMenu()->header()?>
- <div class="record" data-role="content" data-record-id="<?=$this->escapeHtml($this->driver->getUniqueId())?>">
+ <div class="record" data-role="content" data-record-id="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>">
<? if (count($citations) == 0): ?>
<?=$this->transEsc('No citations are available for this record')?>
<? else: ?>
diff --git a/themes/jquerymobile/templates/record/comments-list.phtml b/themes/jquerymobile/templates/record/comments-list.phtml
index dd26920de57..dd57c17b7e3 100644
--- a/themes/jquerymobile/templates/record/comments-list.phtml
+++ b/themes/jquerymobile/templates/record/comments-list.phtml
@@ -9,7 +9,7 @@
<span class="ui-li-aside"><?=$this->escapeHtml(array_shift(explode(' ', $comment->created)))?></span>
</a>
<? if (($user = $this->auth()->isLoggedIn()) && $comment->user_id == $user->id): ?>
- <a rel="external" href="<?=$this->recordLink()->getActionUrl($this->driver, 'DeleteComment')?>?delete=<?=urlencode($comment->id)?>" data-comment-id="<?=$this->escapeHtml($comment->id)?>" class="deleteRecordComment">
+ <a rel="external" href="<?=$this->recordLink()->getActionUrl($this->driver, 'DeleteComment')?>?delete=<?=urlencode($comment->id)?>" data-comment-id="<?=$this->escapeHtmlAttr($comment->id)?>" class="deleteRecordComment">
<?=$this->transEsc('Delete')?>
</a>
<? endif; ?>
diff --git a/themes/jquerymobile/templates/record/email.phtml b/themes/jquerymobile/templates/record/email.phtml
index 004a3048495..1fd6c545b1f 100644
--- a/themes/jquerymobile/templates/record/email.phtml
+++ b/themes/jquerymobile/templates/record/email.phtml
@@ -7,8 +7,8 @@
<div data-role="content">
<?=$this->flashmessages()?>
<form method="post" name="emailRecord" data-ajax="false">
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<div data-role="fieldcontain">
<label for="email_to"><?=$this->transEsc('To')?>:</label>
<input id="email_to" type="text" name="to" value="<?=isset($this->to) ? $this->to : ''?>" size="40" class="mainFocus <?=$this->jqueryValidation(array('required'=>'This field is required', 'email'=>'Email address is invalid'))?>"/>
diff --git a/themes/jquerymobile/templates/record/hold.phtml b/themes/jquerymobile/templates/record/hold.phtml
index d16dd524bf9..1e8dacf746d 100644
--- a/themes/jquerymobile/templates/record/hold.phtml
+++ b/themes/jquerymobile/templates/record/hold.phtml
@@ -48,7 +48,7 @@
</option>
<? endif; ?>
<? foreach ($this->requestGroups as $group): ?>
- <option value="<?=$this->escapeHtml($group['id'])?>"<?=($selected == $group['id']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($group['id'])?>"<?=($selected == $group['id']) ? ' selected="selected"' : ''?>>
<?=$this->transEsc('location_' . $group['name'], array(), $group['name'])?>
</option>
<? endforeach; ?>
@@ -71,7 +71,7 @@
<span id="pickUpLocationLabel"><strong><?=$this->transEsc("pick_up_location")?>:
<noscript> (<?=$this->transEsc("Please enable JavaScript.")?>)</noscript>
</strong></span>
- <select id="pickUpLocation" name="gatheredDetails[pickUpLocation]" data-default="<?=$this->escapeHtml($selected)?>">
+ <select id="pickUpLocation" name="gatheredDetails[pickUpLocation]" data-default="<?=$this->escapeHtmlAttr($selected)?>">
<? if ($selected === false): ?>
<option value="" selected="selected">
<?=$this->transEsc('select_pickup_location')?>
@@ -87,13 +87,13 @@
</option>
<? endif; ?>
<? foreach ($this->pickup as $lib): ?>
- <option value="<?=$this->escapeHtml($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
+ <option value="<?=$this->escapeHtmlAttr($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
<?=$this->escapeHtml($lib['locationDisplay'])?>
</option>
<? endforeach; ?>
</select>
<? else: ?>
- <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtml($this->defaultPickup)?>" />
+ <input type="hidden" name="gatheredDetails[pickUpLocation]" value="<?=$this->escapeHtmlAttr($this->defaultPickup)?>" />
<? endif; ?>
</div>
<? endif; ?>
diff --git a/themes/jquerymobile/templates/record/save.phtml b/themes/jquerymobile/templates/record/save.phtml
index fb22ba7a224..9ec7b0b6a12 100644
--- a/themes/jquerymobile/templates/record/save.phtml
+++ b/themes/jquerymobile/templates/record/save.phtml
@@ -8,8 +8,8 @@
<h3><?=$this->transEsc("add_favorite_prefix") ?> <?=$this->escapeHtml($this->driver->getBreadcrumb())?> <?=$this->transEsc("add_favorite_suffix") ?></h3>
<form method="post" name="saveRecord" data-ajax="false">
<input type="hidden" name="submit" value="1" />
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId()) ?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId()) ?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<? if (!empty($this->containingLists)): ?>
<ul data-role="listview" data-dividertheme="e" data-inset="true">
<li data-role="list-divider"><?=$this->transEsc('This item is already part of the following list/lists') ?>:</li>
diff --git a/themes/jquerymobile/templates/record/sms.phtml b/themes/jquerymobile/templates/record/sms.phtml
index a7ee8000b7e..22c01fc7f54 100644
--- a/themes/jquerymobile/templates/record/sms.phtml
+++ b/themes/jquerymobile/templates/record/sms.phtml
@@ -7,8 +7,8 @@
<div data-role="content">
<?=$this->flashmessages()?>
<form method="post" action="" name="smsRecord" data-ajax="false">
- <input type="hidden" name="id" value="<?=$this->escapeHtml($this->driver->getUniqueId())?>" />
- <input type="hidden" name="source" value="<?=$this->escapeHtml($this->driver->getResourceSource())?>" />
+ <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" />
+ <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getResourceSource())?>" />
<div data-role="fieldcontain">
<label for="sms_to"><?=$this->transEsc('Number')?>:</label>
<input id="sms_to" type="text" name="to" value="<?=isset($this->to) ? $this->to : ''?>" />
@@ -17,7 +17,7 @@
<select id="sms_provider" name="provider" class="<?=$this->jqueryValidation(array('required'=>'This field is required'))?>">
<option selected="selected" value=""><?=$this->transEsc('Select your carrier')?></option>
<? foreach ($this->carriers as $val => $details): ?>
- <option<?=(isset($this->provider) && $val == $this->provider) ? ' selected="selected"' : ''?> value="<?=$this->escapeHtml($val)?>"><?=$this->escapeHtml($details['name'])?></option>
+ <option<?=(isset($this->provider) && $val == $this->provider) ? ' selected="selected"' : ''?> value="<?=$this->escapeHtmlAttr($val)?>"><?=$this->escapeHtml($details['name'])?></option>
<? endforeach; ?>
</select>
<? else: ?>
diff --git a/themes/jquerymobile/templates/record/view.phtml b/themes/jquerymobile/templates/record/view.phtml
index 7a9daa50018..91373a08423 100644
--- a/themes/jquerymobile/templates/record/view.phtml
+++ b/themes/jquerymobile/templates/record/view.phtml
@@ -11,7 +11,7 @@
?>
<div data-role="page" id="Record-view">
<?=$this->mobileMenu()->header(array('searchLink' => $this->searchOptions($this->searchClassId)->getSearchHomeAction()))?>
- <div class="record" data-role="content" data-record-id="<?=$this->escapeHtml($this->driver->getUniqueId())?>">
+ <div class="record" data-role="content" data-record-id="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>">
<?=$this->flashmessages()?>
<? if ($this->activeTab == $this->defaultTab): ?>
<?=$this->record($this->driver)->getCoreMetadata()?>
diff --git a/themes/jquerymobile/templates/search/advanced.phtml b/themes/jquerymobile/templates/search/advanced.phtml
index fddff138725..36e135d0094 100644
--- a/themes/jquerymobile/templates/search/advanced.phtml
+++ b/themes/jquerymobile/templates/search/advanced.phtml
@@ -30,7 +30,7 @@
<div class="ui-block-b">
<select id="searchForm_type" name="type0[]" data-mini="true">
<? foreach ($options->getBasicHandlers() as $searchVal => $searchDesc): ?>
- <option value="<?=$this->escapeHtml($searchVal)?>"<?=$this->searchIndex == $searchVal ? ' selected="selected"' : ''?>><?=$this->transEsc($searchDesc)?></option>
+ <option value="<?=$this->escapeHtmlAttr($searchVal)?>"<?=$this->searchIndex == $searchVal ? ' selected="selected"' : ''?>><?=$this->transEsc($searchDesc)?></option>
<? endforeach; ?>
</select>
</div>
@@ -50,10 +50,10 @@
<?
/* Load hidden limit preference from Session */
if (!empty($lastLimit)) {
- echo '<input type="hidden" name="limit" value="' . $this->escapeHtml($lastLimit) . '" />';
+ echo '<input type="hidden" name="limit" value="' . $this->escapeHtmlAttr($lastLimit) . '" />';
}
if (!empty($lastSort)) {
- echo '<input type="hidden" name="sort" value="' . $this->escapeHtml($lastSort) . '" />';
+ echo '<input type="hidden" name="sort" value="' . $this->escapeHtmlAttr($lastSort) . '" />';
}
?>
</form>
diff --git a/themes/jquerymobile/templates/search/email.phtml b/themes/jquerymobile/templates/search/email.phtml
index b16cac58459..e3e629aae14 100644
--- a/themes/jquerymobile/templates/search/email.phtml
+++ b/themes/jquerymobile/templates/search/email.phtml
@@ -7,7 +7,7 @@
<div data-role="content">
<?=$this->flashmessages()?>
<form method="post" name="emailSearch" data-ajax="false">
- <input type="hidden" name="url" value="<?=$this->escapeHtml($this->url)?>" />
+ <input type="hidden" name="url" value="<?=$this->escapeHtmlAttr($this->url)?>" />
<div data-role="fieldcontain">
<label for="email_to"><?=$this->transEsc('To')?>:</label>
<input id="email_to" type="text" name="to" value="<?=isset($this->to) ? $this->to : ''?>" size="40" />
diff --git a/themes/jquerymobile/templates/search/home.phtml b/themes/jquerymobile/templates/search/home.phtml
index 57e2620860c..8ceb6c2a766 100644
--- a/themes/jquerymobile/templates/search/home.phtml
+++ b/themes/jquerymobile/templates/search/home.phtml
@@ -10,7 +10,7 @@
<h2><?=$this->transEsc('ils_offline_title')?></h2>
<p><strong><?=$this->transEsc('ils_offline_status')?></strong></p>
<p><?=$this->transEsc('ils_offline_home_message')?></p>
- <? $supportEmail = $this->escapeHtml($this->systemEmail()); ?>
+ <? $supportEmail = $this->escapeHtmlAttr($this->systemEmail()); ?>
<p><a href="mailto:<?=$supportEmail?>"><?=$supportEmail?></a></p>
</div>
<? endif; ?>
diff --git a/themes/jquerymobile/templates/search/newitem.phtml b/themes/jquerymobile/templates/search/newitem.phtml
index 589dea6e668..8a05ea56f26 100644
--- a/themes/jquerymobile/templates/search/newitem.phtml
+++ b/themes/jquerymobile/templates/search/newitem.phtml
@@ -14,8 +14,8 @@
<fieldset data-role="controlgroup">
<legend><?=$this->transEsc('Range')?>:</legend>
<? foreach ($this->ranges as $key => $range): ?>
- <input id="newitem_range_<?=$this->escapeHtml($key)?>" type="radio" name="range" value="<?=$this->escapeHtml($range)?>"<?= ($key == 0) ? ' checked="checked"' : ''?>/>
- <label for="newitem_range_<?=$this->escapeHtml($key)?>">
+ <input id="newitem_range_<?=$this->escapeHtmlAttr($key)?>" type="radio" name="range" value="<?=$this->escapeHtmlAttr($range)?>"<?= ($key == 0) ? ' checked="checked"' : ''?>/>
+ <label for="newitem_range_<?=$this->escapeHtmlAttr($key)?>">
<?=($range == 1) ? $this->transEsc('Yesterday') : $this->transEsc('Past') . ' ' . $this->escapeHtml($range) . ' ' . $this->transEsc('Days')?>
</label>
<? endforeach; ?>
@@ -26,7 +26,7 @@
<label for="newitem_department"><?=$this->transEsc('Department')?>:</label>
<select id="newitem_department" name="department">
<? foreach ($this->fundList as $fundId => $fund): ?>
- <option value="<?=$this->escapeHtml($fundId)?>"><?=$this->escapeHtml($fund)?></option>
+ <option value="<?=$this->escapeHtmlAttr($fundId)?>"><?=$this->escapeHtml($fund)?></option>
<? endforeach; ?>
</select>
</div>
diff --git a/themes/jquerymobile/templates/search/reserves.phtml b/themes/jquerymobile/templates/search/reserves.phtml
index 264148322d1..e8ab8320c25 100644
--- a/themes/jquerymobile/templates/search/reserves.phtml
+++ b/themes/jquerymobile/templates/search/reserves.phtml
@@ -13,7 +13,7 @@
<select name="course" id="reserves_by_course">
<option></option>
<? foreach ($this->courseList as $courseId => $courseName): ?>
- <option value="<?=$this->escapeHtml($courseId)?>"><?=$this->escapeHtml($courseName)?></option>
+ <option value="<?=$this->escapeHtmlAttr($courseId)?>"><?=$this->escapeHtml($courseName)?></option>
<? endforeach; ?>
</select>
</div>
@@ -30,7 +30,7 @@
<select name="inst" id="reserves_by_inst">
<option></option>
<? foreach ($this->instList as $instId => $instName): ?>
- <option value="<?=$this->escapeHtml($instId)?>"><?=$this->escapeHtml($instName)?></option>
+ <option value="<?=$this->escapeHtmlAttr($instId)?>"><?=$this->escapeHtml($instName)?></option>
<? endforeach; ?>
</select>
</div>
@@ -47,7 +47,7 @@
<select name="dept" id="reserves_by_dept">
<option></option>
<? foreach ($this->deptList as $deptId => $deptName): ?>
- <option value="<?=$this->escapeHtml($deptId)?>"><?=$this->escapeHtml($deptName)?></option>
+ <option value="<?=$this->escapeHtmlAttr($deptId)?>"><?=$this->escapeHtml($deptName)?></option>
<? endforeach; ?>
</select>
</div>
diff --git a/themes/jquerymobile/templates/search/reservessearch.phtml b/themes/jquerymobile/templates/search/reservessearch.phtml
index c55c0a74d84..adfba79ba1d 100644
--- a/themes/jquerymobile/templates/search/reservessearch.phtml
+++ b/themes/jquerymobile/templates/search/reservessearch.phtml
@@ -13,7 +13,7 @@
<form method="get" name="reservesSearchForm" class="search" data-ajax="false">
<div data-role="fieldcontain">
<label for="reservesSearchForm_lookfor" class="offscreen"><?=$this->transEsc("Your search terms")?></label>
- <input id="reservesSearchForm_lookfor" type="text" name="lookfor" size="40" value="<?=$this->escapeHtml($reservesLookfor)?>" <?=$this->searchOptions('SolrReserves')->autocompleteEnabled() ? ' class="autocomplete searcher:SolrReserves type:Reserves"' : ''?> />
+ <input id="reservesSearchForm_lookfor" type="text" name="lookfor" size="40" value="<?=$this->escapeHtmlAttr($reservesLookfor)?>" <?=$this->searchOptions('SolrReserves')->autocompleteEnabled() ? ' class="autocomplete searcher:SolrReserves type:Reserves"' : ''?> />
</div>
<div data-role="fieldcontain">
<input type="submit" name="submit" value="<?=$this->transEsc("Find")?>"/>
@@ -33,7 +33,7 @@
<ul class="results" data-role="listview" data-split-icon="plus" data-split-theme="c">
<? foreach ($this->results->getResults() as $record): ?>
<?
- $url = $this->currentPath() . $this->escapeHtml(
+ $url = $this->currentPath() . $this->escapeHtmlAttr(
'?inst=' . urlencode($record->getInstructorId())
. '&course=' . urlencode($record->getCourseId())
. '&dept=' . urlencode($record->getDepartmentId())
diff --git a/themes/jquerymobile/templates/search/searchbox.phtml b/themes/jquerymobile/templates/search/searchbox.phtml
index 875741a7b40..000af3d404c 100644
--- a/themes/jquerymobile/templates/search/searchbox.phtml
+++ b/themes/jquerymobile/templates/search/searchbox.phtml
@@ -19,17 +19,17 @@
<label class="offscreen" for="searchForm_lookfor">
<?=$this->transEsc("Search")?>
</label>
- <input type="search" placeholder="<?=$this->transEsc("Search")?>" name="lookfor" id="searchForm_lookfor" value="<?=$this->escapeHtml($this->lookfor)?>"/>
+ <input type="search" placeholder="<?=$this->transEsc("Search")?>" name="lookfor" id="searchForm_lookfor" value="<?=$this->escapeHtmlAttr($this->lookfor)?>"/>
<label class="offscreen" for="searchForm_type"><?=$this->transEsc("Search Type")?></label>
<? if ($handlerCount > 1): ?>
<select id="searchForm_type" name="type" data-native-menu="false">
<? foreach ($handlers as $handler): ?>
- <option value="<?=$this->escapeHtml($handler['value'])?>"<?=$handler['selected'] ? ' selected="selected"' : ''?>><?=$handler['indent'] ? '-- ' : ''?><?=$this->transEsc($handler['label'])?></option>
+ <option value="<?=$this->escapeHtmlAttr($handler['value'])?>"<?=$handler['selected'] ? ' selected="selected"' : ''?>><?=$handler['indent'] ? '-- ' : ''?><?=$this->transEsc($handler['label'])?></option>
<? endforeach; ?>
</select>
<? elseif ($handlerCount == 1): ?>
- <input type="hidden" name="type" value="<?=$this->escapeHtml($handlers[0]['value'])?>" />
+ <input type="hidden" name="type" value="<?=$this->escapeHtmlAttr($handlers[0]['value'])?>" />
<? endif; ?>
<div data-role="fieldcontain">
<input type="submit" data-theme="b" name="submit" value="<?=$this->transEsc("Find")?>"/>
@@ -37,14 +37,14 @@
<?
/* Show hidden field for active search class when in combined handler mode. */
if ($this->searchbox()->combinedHandlersActive()) {
- echo '<input type="hidden" name="activeSearchClassId" value="' . $this->escapeHtml($this->searchClassId) . '" />';
+ echo '<input type="hidden" name="activeSearchClassId" value="' . $this->escapeHtmlAttr($this->searchClassId) . '" />';
}
/* Load hidden limit preference from Session */
if (!empty($lastLimit)) {
- echo '<input type="hidden" name="limit" value="' . $this->escapeHtml($lastLimit) . '" />';
+ echo '<input type="hidden" name="limit" value="' . $this->escapeHtmlAttr($lastLimit) . '" />';
}
if (!empty($lastSort)) {
- echo '<input type="hidden" name="sort" value="' . $this->escapeHtml($lastSort) . '" />';
+ echo '<input type="hidden" name="sort" value="' . $this->escapeHtmlAttr($lastSort) . '" />';
}
?>
</form>
--
GitLab