include(TR_INCLUDE_PATH.'vitals.inc.php');\r
\r
if (isset($_GET['p'])) {\r
- $this_page = htmlentities($_GET['p']);\r
+ $this_page = htmlentities_utf8($_GET['p']);\r
} else {\r
$this_page = 'index.php';\r
} \r
include(TR_INCLUDE_PATH.'vitals.inc.php');\r
\r
if (isset($_GET['p'])) {\r
- $this_page = htmlentities($_GET['p']);\r
+ $this_page = htmlentities_utf8($_GET['p']);\r
} else {\r
exit;\r
} \r
$wl = $this->wl;
//assign all the neccessarily values to the template.
- $savant->assign('title', htmlentities($wl->getTitle(), ENT_QUOTES, 'UTF-8'));
+ $savant->assign('title', htmlentities_utf8($wl->getTitle(), ENT_QUOTES, 'UTF-8'));
$url = $wl->getUrl();
$savant->assign('url_href', urlencode($url['href']));
$savant->assign('url_target', $url['target']);
if (isset($_pages[$current_page]['guide']))
{
$script_name = substr($_SERVER['PHP_SELF'], strlen($_base_path));
- $savant->assign('guide', TR_GUIDES_PATH .'index.php?p='. htmlentities($script_name));
+ $savant->assign('guide', TR_GUIDES_PATH .'index.php?p='. htmlentities_utf8($script_name));
}
$savant->assign('custom_css', $custom_css);
return $rows[0]['dir_name'];
}
+/**
+ * Convert all input to htmlentities output, in UTF-8.
+ * @param string input to be convert
+ * @param boolean true if we wish to change all newlines(\r\n) to a <br/> tag, false otherwise.
+ * ref: http://php.net/manual/en/function.nl2br.php
+ * @author Harris Wong
+ * @date March 12, 2010
+ */
+function htmlentities_utf8($str, $use_nl2br=true){
+ $return = htmlentities($str, ENT_QUOTES, 'UTF-8');
+ if ($use_nl2br){
+ return nl2br($return);
+ }
+ return $return;
+}
+
/**
* Convert all '&' to '&' from the input
* @param string any string input, mainly URLs.
echo '<td>';\r
echo '<input type="checkbox" value="'.$row['question_id'].'|'.$row['type'].'" name="questions['.$cat['category_id'].'][]" id="q'.$row['question_id'].'" onmouseup="this.checked=!this.checked" /></td>';\r
echo '<td>';\r
- echo '<a title="'.htmlentities($row[question], ENT_QUOTES, 'UTF-8').'">';\r
- echo AT_print(htmlentities(Utility::validateLength($row['question'], 100, 1), ENT_QUOTES, 'UTF-8'), 'tests_questions.question');\r
+ echo '<a title="'.htmlentities_utf8($row[question], ENT_QUOTES, 'UTF-8').'">';\r
+ echo AT_print(htmlentities_utf8(Utility::validateLength($row['question'], 100, 1), ENT_QUOTES, 'UTF-8'), 'tests_questions.question');\r
echo '</a>';\r
echo '</td>';\r
echo '<td>';\r
<?php if ($this->has_text_alternative || $this->has_audio_alternative || $this->has_visual_alternative || $this->has_sign_lang_alternative): ?>\r
<div id="alternatives_shortcuts">\r
<?php if ($this->has_text_alternative) :?>\r
- <a href="<?php echo $_SERVER['PHP_SELF'].'?_cid='.$this->cid.(($_GET['alternative'] == 3) ? '' : SEP.'alternative=3'); ?>">\r
+ <a href="<?php echo $_SERVER['PHP_SELF'].'?_cid='.$this->cid.(($_GET['alternative'] == 3) ? '' : htmlentities_utf8(SEP).'alternative=3'); ?>">\r
<img src="<?php echo TR_BASE_HREF; ?>images/<?php echo (($_GET['alternative'] == 3) ? 'pause.png' : 'text_alternative.png'); ?>" \r
alt="<?php echo (($_GET['alternative'] == 3) ? _AT('stop_apply_text_alternatives') : _AT('apply_text_alternatives')); ?>" \r
title="<?php echo (($_GET['alternative'] == 3) ? _AT('stop_apply_text_alternatives') : _AT('apply_text_alternatives')); ?>" \r
</a>\r
<?php endif; // END OF has text alternative?>\r
<?php if ($this->has_audio_alternative) :?>\r
- <a href="<?php echo $_SERVER['PHP_SELF'].'?_cid='.$this->cid.(($_GET['alternative'] == 1) ? '' : SEP.'alternative=1'); ?>">\r
+ <a href="<?php echo $_SERVER['PHP_SELF'].'?_cid='.$this->cid.(($_GET['alternative'] == 1) ? '' : htmlentities_utf8(SEP).'alternative=1'); ?>">\r
<img src="<?php echo TR_BASE_HREF; ?>images/<?php echo (($_GET['alternative'] == 1) ? 'pause.png' : 'audio_alternative.png'); ?>" \r
alt="<?php echo (($_GET['alternative'] == 1) ? _AT('stop_apply_audio_alternatives') : _AT('apply_audio_alternatives')); ?>" \r
title="<?php echo (($_GET['alternative'] == 1) ? _AT('stop_apply_audio_alternatives') : _AT('apply_audio_alternatives')); ?>" \r
</a>\r
<?php endif; // END OF has audio alternative?>\r
<?php if ($this->has_visual_alternative) :?>\r
- <a href="<?php echo $_SERVER['PHP_SELF'].'?_cid='.$this->cid.(($_GET['alternative'] == 4) ? '' : SEP.'alternative=4'); ?>">\r
+ <a href="<?php echo $_SERVER['PHP_SELF'].'?_cid='.$this->cid.(($_GET['alternative'] == 4) ? '' : htmlentities_utf8(SEP).'alternative=4'); ?>">\r
<img src="<?php echo TR_BASE_HREF; ?>images/<?php echo (($_GET['alternative'] == 4) ? 'pause.png' : 'visual_alternative.png'); ?>" \r
alt="<?php echo (($_GET['alternative'] == 4) ? _AT('stop_apply_visual_alternatives') : _AT('apply_visual_alternatives')); ?>" \r
title="<?php echo (($_GET['alternative'] == 4) ? _AT('stop_apply_visual_alternatives') : _AT('apply_visual_alternatives')); ?>" \r
</a>\r
<?php endif; // END OF has visual alternative?>\r
<?php if ($this->has_sign_lang_alternative) :?>\r
- <a href="<?php echo $_SERVER['PHP_SELF'].'?_cid='.$this->cid.(($_GET['alternative'] == 2) ? '' : SEP.'alternative=2'); ?>">\r
+ <a href="<?php echo $_SERVER['PHP_SELF'].'?_cid='.$this->cid.(($_GET['alternative'] == 2) ? '' : htmlentities_utf8(SEP).'alternative=2'); ?>">\r
<img src="<?php echo TR_BASE_HREF; ?>images/<?php echo (($_GET['alternative'] == 2) ? 'pause.png' : 'sign_lang_alternative.png'); ?>" \r
alt="<?php echo (($_GET['alternative'] == 2) ? _AT('stop_apply_sign_lang_alternatives') : _AT('apply_sign_lang_alternatives')); ?>" \r
title="<?php echo (($_GET['alternative'] == 2) ? _AT('stop_apply_sign_lang_alternatives') : _AT('apply_sign_lang_alternatives')); ?>" \r
<table class="form_data">
<tr><td>
<?php echo _AT('create_course_1'); ?>
- <a href="home/course/course_property.php"><?php echo htmlentities(_AT('course_wizard')); ?></a><br /><br />
+ <a href="home/course/course_property.php"><?php echo htmlentities_utf8(_AT('course_wizard')); ?></a><br /><br />
</td></tr>
<tr><td>
</div>
<br style="clear:both;" />
<div style="margin-left:auto; margin-right:auto; width:20em;">
- <small><?php if (isset($this->course_copyright)) echo htmlentities($this->course_copyright, ENT_QUOTES, 'UTF-8').'<br />'; echo _AT("copyright"); ?></small><br />
+ <small><?php if (isset($this->course_copyright)) echo htmlentities_utf8($this->course_copyright, ENT_QUOTES, 'UTF-8').'<br />'; echo _AT("copyright"); ?></small><br />
<!-- guide -->
<div>
<div class="search_top">
<form target="_top" action="<?php echo TR_BASE_HREF; ?>home/search.php" method="get">
- <input type="text" name="search_text" id="search_text_at_header" value="<?php if (isset($_GET['search_text'])) echo htmlentities($_GET['search_text'], ENT_QUOTES, 'UTF-8'); ?>" size="25" />
+ <input type="text" name="search_text" id="search_text_at_header" value="<?php if (isset($_GET['search_text'])) echo htmlentities_utf8($_GET['search_text'], ENT_QUOTES, 'UTF-8'); ?>" size="25" />
<?php if (is_array($this->categories)) { // print category dropdown list box?>
<select name="catid">