From f6414f8b1dc2de341cdaf2e54d2a29b53992b005 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 18 Apr 2024 20:17:10 +0200 Subject: [PATCH] FIX logo and escape in RSS --- htdocs/admin/external_rss.php | 12 +++++++++--- htdocs/core/lib/functions.lib.php | 26 +++++++++++++++++++------- htdocs/core/lib/xcal.lib.php | 6 +++--- 3 files changed, 31 insertions(+), 13 deletions(-) diff --git a/htdocs/admin/external_rss.php b/htdocs/admin/external_rss.php index 5781b810489..7ec0f379ee9 100644 --- a/htdocs/admin/external_rss.php +++ b/htdocs/admin/external_rss.php @@ -224,7 +224,9 @@ print ''; print ''; print '

'; -print ''.$langs->trans('RssNote').' - '.$langs->trans('JumpToBoxes').''; +print ''.$langs->trans('RssNote').''; +print ' - '; +print ''.$langs->trans('JumpToBoxes').''; print '

'; $sql = "SELECT rowid, file, note FROM ".MAIN_DB_PREFIX."boxes_def"; @@ -282,7 +284,7 @@ if ($resql) { print "".$langs->trans("Status").""; print ""; if ($result > 0 && empty($rssparser->error)) { - print ''.$langs->trans("Online").''; + print ''.img_picto($langs->trans("Online"), 'tick', 'class="pictofixedwidth"').$langs->trans("Online").''; } else { print ''.$langs->trans("Offline"); $langs->load("errors"); @@ -321,7 +323,11 @@ if ($resql) { $active = _isInBoxList($idrss, $boxlist) ? 'yes' : 'no'; print ''; print ''.$langs->trans('WidgetAvailable').''; - print ''.yn($active).''; + print ''.yn($active); + print '   -   '; + print $langs->trans("JumpToBoxes"); + print ''; + print ''; print ''."\n"; print ''."\n"; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index ec049318e7c..151f0bec6da 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -1743,7 +1743,7 @@ function dol_escape_js($stringtoescape, $mode = 0, $noescapebackslashn = 0) * Returns text escaped for inclusion into javascript code * * @param string $stringtoescape String to escape - * @return string Escaped string for json content. + * @return string Escaped string for JSON content. */ function dol_escape_json($stringtoescape) { @@ -1755,7 +1755,7 @@ function dol_escape_json($stringtoescape) * * @param string $stringtoescape String to escape * @param int<1,2> $stringforquotes 2=String for doublequotes, 1=String for simple quotes - * @return string Escaped string for json content. + * @return string Escaped string for PHP content. */ function dol_escape_php($stringtoescape, $stringforquotes = 2) { @@ -1778,6 +1778,17 @@ function dol_escape_php($stringtoescape, $stringforquotes = 2) return 'Bad parameter for stringforquotes in dol_escape_php'; } +/** + * Returns text escaped for inclusion into a XML string + * + * @param string $stringtoescape String to escape + * @return string Escaped string for XML content. + */ +function dol_escape_xml($stringtoescape) +{ + return $stringtoescape; +} + /** * Return a string label (so on 1 line only and that should not contains any HTML) ready to be output on HTML page * To use text that is not HTML content inside an attribute, use can simply only dol_escape_htmltag(). In doubt, use dolPrintHTMLForAttribute(). @@ -4712,7 +4723,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = 0, $srco 'margin', 'map-marker-alt', 'member', 'meeting', 'minus', 'money-bill-alt', 'movement', 'mrp', 'note', 'next', 'off', 'on', 'order', 'paiment', 'paragraph', 'play', 'pdf', 'phone', 'phoning', 'phoning_mobile', 'phoning_fax', 'playdisabled', 'previous', 'poll', 'pos', 'printer', 'product', 'propal', 'proposal', 'puce', - 'stock', 'resize', 'service', 'stats', 'trip', + 'stock', 'resize', 'service', 'stats', 'security', 'setup', 'share-alt', 'sign-out', 'split', 'stripe', 'stripe-s', 'switch_off', 'switch_on', 'switch_on_warning', 'switch_on_red', 'tools', 'unlink', 'uparrow', 'user', 'user-tie', 'vcard', 'wrench', 'github', 'google', 'jabber', 'microsoft', 'skype', 'twitter', 'facebook', 'linkedin', 'instagram', 'snapchat', 'youtube', 'google-plus-g', 'whatsapp', 'generic', 'home', 'hrm', 'members', 'products', 'invoicing', @@ -4722,7 +4733,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = 0, $srco 'error', 'warning', 'recent', 'reception', 'recruitmentcandidature', 'recruitmentjobposition', 'replacement', 'resource', 'recurring','rss', 'shapes', 'skill', 'square', 'sort-numeric-down', 'stop-circle', 'supplier', 'supplier_proposal', 'supplier_order', 'supplier_invoice', - 'terminal', 'timespent', 'title_setup', 'title_accountancy', 'title_bank', 'title_hrm', 'title_agenda', + 'terminal', 'tick', 'timespent', 'title_setup', 'title_accountancy', 'title_bank', 'title_hrm', 'title_agenda', 'trip', 'uncheck', 'url', 'user-cog', 'user-injured', 'user-md', 'vat', 'website', 'workstation', 'webhook', 'world', 'private', 'conferenceorbooth', 'eventorganization', 'stamp', 'signature', @@ -4774,8 +4785,8 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = 0, $srco 'refresh' => 'redo', 'region' => 'map-marked', 'replacement' => 'exchange-alt', 'resource' => 'laptop-house', 'recurring' => 'history', 'service' => 'concierge-bell', 'skill' => 'shapes', 'state' => 'map-marked-alt', 'security' => 'key', 'salary' => 'wallet', 'shipment' => 'dolly', 'stock' => 'box-open', 'stats' => 'chart-bar', 'split' => 'code-branch', 'stripe' => 'stripe-s', - 'supplier' => 'building', 'technic' => 'cogs', - 'timespent' => 'clock', 'title_setup' => 'tools', 'title_accountancy' => 'money-check-alt', 'title_bank' => 'university', 'title_hrm' => 'umbrella-beach', + 'supplier' => 'building', + 'technic' => 'cogs', 'tick' => 'check', 'timespent' => 'clock', 'title_setup' => 'tools', 'title_accountancy' => 'money-check-alt', 'title_bank' => 'university', 'title_hrm' => 'umbrella-beach', 'title_agenda' => 'calendar-alt', 'uncheck' => 'times', 'uparrow' => 'share', 'url' => 'external-link-alt', 'vat' => 'money-check-alt', 'vcard' => 'arrow-alt-circle-down', 'jabber' => 'comment-o', @@ -4884,7 +4895,8 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = 0, $srco 'other' => '#ddd', 'world' => '#986c6a', 'partnership' => '#6c6aa8', 'playdisabled' => '#ccc', 'printer' => '#444', 'projectpub' => '#986c6a', 'reception' => '#a69944', 'resize' => '#444', 'rss' => '#cba', //'shipment'=>'#a69944', - 'security' => '#999', 'square' => '#888', 'stop-circle' => '#888', 'stats' => '#444', 'switch_off' => '#999', 'technic' => '#999', 'timespent' => '#555', + 'security' => '#999', 'square' => '#888', 'stop-circle' => '#888', 'stats' => '#444', 'switch_off' => '#999', + 'technic' => '#999', 'tick' => '#282', 'timespent' => '#555', 'uncheck' => '#800', 'uparrow' => '#555', 'user-cog' => '#999', 'country' => '#aaa', 'globe-americas' => '#aaa', 'region' => '#aaa', 'state' => '#aaa', 'website' => '#304', 'workstation' => '#a69944' ); diff --git a/htdocs/core/lib/xcal.lib.php b/htdocs/core/lib/xcal.lib.php index 545c73602c8..b1af4480792 100644 --- a/htdocs/core/lib/xcal.lib.php +++ b/htdocs/core/lib/xcal.lib.php @@ -347,9 +347,9 @@ function build_rssfile($format, $title, $desc, $events_array, $outputfile, $filt fwrite($fichier, "\n"); fwrite($fichier, "\n"); - fwrite($fichier, "".$title."\n"); + fwrite($fichier, "".dol_escape_xml($title)."\n"); if ($langcode) { - fwrite($fichier, "".$langcode."\n"); + fwrite($fichier, "".dol_escape_xml($langcode)."\n"); } // Define $urlwithroot @@ -365,7 +365,7 @@ function build_rssfile($format, $title, $desc, $events_array, $outputfile, $filt // Image if (!empty($mysoc->logo_squarred_small)) { - $urlimage = $urlwithroot.'/viewimage.php?cache=1&modulepart=mycompany&file='.urlencode($mysoc->logo_squarred_small); + $urlimage = $urlwithroot.'/viewimage.php?cache=1&modulepart=mycompany&file='.urlencode('logos/thumbs/'.$mysoc->logo_squarred_small); if ($urlimage) { fwrite($fichier, "'.$title.\n"); }