From 4a1ea1ad8571082f7dc0dfd32af79a237185fc1b Mon Sep 17 00:00:00 2001
From: Cindy Li <cli@ocad.ca>
Date: Fri, 15 Oct 2010 19:00:30 +0000
Subject: [PATCH] replace htmlentities() with htmlentities_utf8()

---
 docs/documentation/frame_content.php             |  2 +-
 docs/documentation/frame_header.php              |  2 +-
 .../classes/Weblinks/WeblinksExport.class.php    |  2 +-
 docs/include/header.inc.php                      |  2 +-
 docs/include/vitals.inc.php                      | 16 ++++++++++++++++
 docs/tests/html/tests_questions.inc.php          |  4 ++--
 docs/themes/default/home/course/content.tmpl.php |  8 ++++----
 docs/themes/default/home/create_course.tmpl.php  |  2 +-
 docs/themes/default/include/footer.tmpl.php      |  2 +-
 docs/themes/default/include/header.tmpl.php      |  2 +-
 10 files changed, 29 insertions(+), 13 deletions(-)

diff --git a/docs/documentation/frame_content.php b/docs/documentation/frame_content.php
index e19799d..5ad675d 100644
--- a/docs/documentation/frame_content.php
+++ b/docs/documentation/frame_content.php
@@ -14,7 +14,7 @@ define('TR_INCLUDE_PATH', '../include/');
 include(TR_INCLUDE_PATH.'vitals.inc.php');
 
 if (isset($_GET['p'])) {
-	$this_page = htmlentities($_GET['p']);
+	$this_page = htmlentities_utf8($_GET['p']);
 } else {
 	$this_page = 'index.php';
 } 
diff --git a/docs/documentation/frame_header.php b/docs/documentation/frame_header.php
index 3b54446..30d59bb 100644
--- a/docs/documentation/frame_header.php
+++ b/docs/documentation/frame_header.php
@@ -14,7 +14,7 @@ define('TR_INCLUDE_PATH', '../include/');
 include(TR_INCLUDE_PATH.'vitals.inc.php');
 
 if (isset($_GET['p'])) {
-	$this_page = htmlentities($_GET['p']);
+	$this_page = htmlentities_utf8($_GET['p']);
 } else {
 	exit;
 } 
diff --git a/docs/include/classes/Weblinks/WeblinksExport.class.php b/docs/include/classes/Weblinks/WeblinksExport.class.php
index 628adff..9899768 100644
--- a/docs/include/classes/Weblinks/WeblinksExport.class.php
+++ b/docs/include/classes/Weblinks/WeblinksExport.class.php
@@ -40,7 +40,7 @@ class WeblinksExport {
 		$wl = $this->wl;
 
 		//assign all the neccessarily values to the template.
-		$savant->assign('title', htmlentities($wl->getTitle(), ENT_QUOTES, 'UTF-8'));
+		$savant->assign('title', htmlentities_utf8($wl->getTitle(), ENT_QUOTES, 'UTF-8'));
 		$url = $wl->getUrl();
 		$savant->assign('url_href', urlencode($url['href']));
 		$savant->assign('url_target', $url['target']);
diff --git a/docs/include/header.inc.php b/docs/include/header.inc.php
index 9d33dcb..165bcbe 100644
--- a/docs/include/header.inc.php
+++ b/docs/include/header.inc.php
@@ -129,7 +129,7 @@ if (isset($_custom_head)) {
 if (isset($_pages[$current_page]['guide'])) 
 {
 	$script_name = substr($_SERVER['PHP_SELF'], strlen($_base_path));
-	$savant->assign('guide', TR_GUIDES_PATH .'index.php?p='. htmlentities($script_name));
+	$savant->assign('guide', TR_GUIDES_PATH .'index.php?p='. htmlentities_utf8($script_name));
 }
 
 $savant->assign('custom_css', $custom_css);
diff --git a/docs/include/vitals.inc.php b/docs/include/vitals.inc.php
index 2b422d2..85c9f39 100644
--- a/docs/include/vitals.inc.php
+++ b/docs/include/vitals.inc.php
@@ -400,6 +400,22 @@ function get_default_theme() {
 		return $rows[0]['dir_name'];
 }
 
+/**
+ * Convert all input to htmlentities output, in UTF-8.
+ * @param	string	input to be convert
+ * @param	boolean	true if we wish to change all newlines(\r\n) to a <br/> tag, false otherwise.  
+ *			ref: http://php.net/manual/en/function.nl2br.php
+ * @author	Harris Wong
+ * @date	March 12, 2010
+ */
+function htmlentities_utf8($str, $use_nl2br=true){
+	$return = htmlentities($str, ENT_QUOTES, 'UTF-8');
+	if ($use_nl2br){
+		return nl2br($return);
+	} 
+	return $return;
+}
+
 /**
  * Convert all '&' to '&amp;' from the input
  * @param   string  any string input, mainly URLs.
diff --git a/docs/tests/html/tests_questions.inc.php b/docs/tests/html/tests_questions.inc.php
index 3f2d275..b0badc5 100644
--- a/docs/tests/html/tests_questions.inc.php
+++ b/docs/tests/html/tests_questions.inc.php
@@ -112,8 +112,8 @@ foreach ($cats as $cat) {
 			echo '<td>';
 			echo '<input type="checkbox" value="'.$row['question_id'].'|'.$row['type'].'" name="questions['.$cat['category_id'].'][]" id="q'.$row['question_id'].'" onmouseup="this.checked=!this.checked" /></td>';
 			echo '<td>';
-			echo '<a title="'.htmlentities($row[question], ENT_QUOTES, 'UTF-8').'">';
-			echo AT_print(htmlentities(Utility::validateLength($row['question'], 100, 1), ENT_QUOTES, 'UTF-8'), 'tests_questions.question');
+			echo '<a title="'.htmlentities_utf8($row[question], ENT_QUOTES, 'UTF-8').'">';
+			echo AT_print(htmlentities_utf8(Utility::validateLength($row['question'], 100, 1), ENT_QUOTES, 'UTF-8'), 'tests_questions.question');
 			echo '</a>';
 			echo '</td>';
 			echo '<td>';
diff --git a/docs/themes/default/home/course/content.tmpl.php b/docs/themes/default/home/course/content.tmpl.php
index 47c864f..643f898 100644
--- a/docs/themes/default/home/course/content.tmpl.php
+++ b/docs/themes/default/home/course/content.tmpl.php
@@ -15,7 +15,7 @@ if (!defined('TR_INCLUDE_PATH')) { exit; } ?>
 <?php if ($this->has_text_alternative || $this->has_audio_alternative || $this->has_visual_alternative || $this->has_sign_lang_alternative): ?>
 <div id="alternatives_shortcuts">
 <?php if ($this->has_text_alternative) :?>
-  <a href="<?php echo $_SERVER['PHP_SELF'].'?_cid='.$this->cid.(($_GET['alternative'] == 3) ? '' : SEP.'alternative=3'); ?>">
+  <a href="<?php echo $_SERVER['PHP_SELF'].'?_cid='.$this->cid.(($_GET['alternative'] == 3) ? '' : htmlentities_utf8(SEP).'alternative=3'); ?>">
     <img src="<?php echo TR_BASE_HREF; ?>images/<?php echo (($_GET['alternative'] == 3) ? 'pause.png' : 'text_alternative.png'); ?>" 
       alt="<?php echo (($_GET['alternative'] == 3) ? _AT('stop_apply_text_alternatives') : _AT('apply_text_alternatives')); ?>" 
       title="<?php echo (($_GET['alternative'] == 3) ? _AT('stop_apply_text_alternatives') : _AT('apply_text_alternatives')); ?>" 
@@ -23,7 +23,7 @@ if (!defined('TR_INCLUDE_PATH')) { exit; } ?>
   </a>
 <?php endif; // END OF has text alternative?>
 <?php if ($this->has_audio_alternative) :?>
-  <a href="<?php echo $_SERVER['PHP_SELF'].'?_cid='.$this->cid.(($_GET['alternative'] == 1) ? '' : SEP.'alternative=1'); ?>">
+  <a href="<?php echo $_SERVER['PHP_SELF'].'?_cid='.$this->cid.(($_GET['alternative'] == 1) ? '' : htmlentities_utf8(SEP).'alternative=1'); ?>">
     <img src="<?php echo TR_BASE_HREF; ?>images/<?php echo (($_GET['alternative'] == 1) ? 'pause.png' : 'audio_alternative.png'); ?>" 
       alt="<?php echo (($_GET['alternative'] == 1) ? _AT('stop_apply_audio_alternatives') : _AT('apply_audio_alternatives')); ?>" 
       title="<?php echo (($_GET['alternative'] == 1) ? _AT('stop_apply_audio_alternatives') : _AT('apply_audio_alternatives')); ?>" 
@@ -31,7 +31,7 @@ if (!defined('TR_INCLUDE_PATH')) { exit; } ?>
   </a>
 <?php endif; // END OF has audio alternative?>
 <?php if ($this->has_visual_alternative) :?>
-  <a href="<?php echo $_SERVER['PHP_SELF'].'?_cid='.$this->cid.(($_GET['alternative'] == 4) ? '' : SEP.'alternative=4'); ?>">
+  <a href="<?php echo $_SERVER['PHP_SELF'].'?_cid='.$this->cid.(($_GET['alternative'] == 4) ? '' : htmlentities_utf8(SEP).'alternative=4'); ?>">
     <img src="<?php echo TR_BASE_HREF; ?>images/<?php echo (($_GET['alternative'] == 4) ? 'pause.png' : 'visual_alternative.png'); ?>" 
       alt="<?php echo (($_GET['alternative'] == 4) ? _AT('stop_apply_visual_alternatives') : _AT('apply_visual_alternatives')); ?>" 
       title="<?php echo (($_GET['alternative'] == 4) ? _AT('stop_apply_visual_alternatives') : _AT('apply_visual_alternatives')); ?>" 
@@ -39,7 +39,7 @@ if (!defined('TR_INCLUDE_PATH')) { exit; } ?>
   </a>
 <?php endif; // END OF has visual alternative?>
 <?php if ($this->has_sign_lang_alternative) :?>
-  <a href="<?php echo $_SERVER['PHP_SELF'].'?_cid='.$this->cid.(($_GET['alternative'] == 2) ? '' : SEP.'alternative=2'); ?>">
+  <a href="<?php echo $_SERVER['PHP_SELF'].'?_cid='.$this->cid.(($_GET['alternative'] == 2) ? '' : htmlentities_utf8(SEP).'alternative=2'); ?>">
     <img src="<?php echo TR_BASE_HREF; ?>images/<?php echo (($_GET['alternative'] == 2) ? 'pause.png' : 'sign_lang_alternative.png'); ?>" 
       alt="<?php echo (($_GET['alternative'] == 2) ? _AT('stop_apply_sign_lang_alternatives') : _AT('apply_sign_lang_alternatives')); ?>" 
       title="<?php echo (($_GET['alternative'] == 2) ? _AT('stop_apply_sign_lang_alternatives') : _AT('apply_sign_lang_alternatives')); ?>" 
diff --git a/docs/themes/default/home/create_course.tmpl.php b/docs/themes/default/home/create_course.tmpl.php
index b34c938..ce2d7c8 100644
--- a/docs/themes/default/home/create_course.tmpl.php
+++ b/docs/themes/default/home/create_course.tmpl.php
@@ -23,7 +23,7 @@ if (isset($_current_user) && $_current_user->isAuthor())
 		<table class="form_data">
 		<tr><td>
 		<?php echo _AT('create_course_1'); ?>
-		<a href="home/course/course_property.php"><?php echo htmlentities(_AT('course_wizard')); ?></a><br /><br />
+		<a href="home/course/course_property.php"><?php echo htmlentities_utf8(_AT('course_wizard')); ?></a><br /><br />
 		</td></tr>
 
 		<tr><td>
diff --git a/docs/themes/default/include/footer.tmpl.php b/docs/themes/default/include/footer.tmpl.php
index 48c71fa..e31f17a 100644
--- a/docs/themes/default/include/footer.tmpl.php
+++ b/docs/themes/default/include/footer.tmpl.php
@@ -59,7 +59,7 @@ if($languageManager->getNumEnabledLanguages() > 1) {
       </div>
 		<br style="clear:both;" />
       <div style="margin-left:auto; margin-right:auto; width:20em;">
-        <small><?php if (isset($this->course_copyright)) echo htmlentities($this->course_copyright, ENT_QUOTES, 'UTF-8').'<br />'; echo _AT("copyright"); ?></small><br />
+        <small><?php if (isset($this->course_copyright)) echo htmlentities_utf8($this->course_copyright, ENT_QUOTES, 'UTF-8').'<br />'; echo _AT("copyright"); ?></small><br />
   <!-- guide -->
 
     <div>
diff --git a/docs/themes/default/include/header.tmpl.php b/docs/themes/default/include/header.tmpl.php
index 931727a..7a201bc 100644
--- a/docs/themes/default/include/header.tmpl.php
+++ b/docs/themes/default/include/header.tmpl.php
@@ -162,7 +162,7 @@ foreach ($this->top_level_pages as $page) {
    
       <div class="search_top">
       <form target="_top" action="<?php echo TR_BASE_HREF; ?>home/search.php" method="get">
-        <input type="text" name="search_text" id="search_text_at_header" value="<?php if (isset($_GET['search_text'])) echo htmlentities($_GET['search_text'], ENT_QUOTES, 'UTF-8'); ?>" size="25" />
+        <input type="text" name="search_text" id="search_text_at_header" value="<?php if (isset($_GET['search_text'])) echo htmlentities_utf8($_GET['search_text'], ENT_QUOTES, 'UTF-8'); ?>" size="25" />
       
 <?php if (is_array($this->categories)) { // print category dropdown list box?>
         <select name="catid">
-- 
2.17.1