diff options
19 files changed, 23 insertions, 30 deletions
diff --git a/plugins/Annotations/templates/getEvolutionIcons.twig b/plugins/Annotations/templates/getEvolutionIcons.twig index 1c0e441137..e024f3bef5 100644 --- a/plugins/Annotations/templates/getEvolutionIcons.twig +++ b/plugins/Annotations/templates/getEvolutionIcons.twig @@ -5,7 +5,7 @@ <span data-date="{{ date }}" data-count="{{ counts.count }}" data-starred="{{ counts.starred }}" {% if counts.count == 0 %}title="{{ 'Annotations_AddAnnotationsFor'|translate(date) }}" {% elseif counts.count == 1 %}title="{{ 'Annotations_AnnotationOnDate'|translate(date, - counts.note)|raw }} + (counts.note|e('html_attr')))|raw }} {{ 'Annotations_ClickToEditOrAdd'|translate }}" {% else %}}title="{{ 'Annotations_ViewAndAddAnnotations'|translate(date) }}"{% endif %}> <img src="plugins/Morpheus/images/{% if counts.starred > 0 %}annotations_starred.png{% else %}annotations.png{% endif %}" width="16" height="16"/> diff --git a/plugins/CoreAdminHome/angularjs/trackingcode/jstrackingcode.controller.js b/plugins/CoreAdminHome/angularjs/trackingcode/jstrackingcode.controller.js index 0eca1b96ad..5733e145ed 100644 --- a/plugins/CoreAdminHome/angularjs/trackingcode/jstrackingcode.controller.js +++ b/plugins/CoreAdminHome/angularjs/trackingcode/jstrackingcode.controller.js @@ -141,7 +141,7 @@ this.changeSite = function (trackingCodeChangedManually) { - $('.current-site-name').html(self.site.name); + $('.current-site-name').text(self.site.name); getSiteData(this.site.id, '#js-code-options', function () { diff --git a/plugins/CoreHome/angularjs/quick-access/quick-access.directive.html b/plugins/CoreHome/angularjs/quick-access/quick-access.directive.html index db1ce349cb..374e3b1d8a 100644 --- a/plugins/CoreHome/angularjs/quick-access/quick-access.directive.html +++ b/plugins/CoreHome/angularjs/quick-access/quick-access.directive.html @@ -34,7 +34,7 @@ ng-mouseenter="search.index=(quickAccess.numMenuItems + $index)" ng-class="{selected: (quickAccess.numMenuItems + $index) == search.index}" ng-click="quickAccess.selectSite(site.idsite)" - ng-repeat="site in quickAccess.sitesModel.sites"><a ng-bind-html="site.name"></a></li> + ng-repeat="site in quickAccess.sitesModel.sites"><a ng-bind="site.name"></a></li> </ul> </div> </div> diff --git a/plugins/CoreHome/angularjs/siteselector/siteselector-model.service.js b/plugins/CoreHome/angularjs/siteselector/siteselector-model.service.js index 48f7bf2419..8814e669ec 100644 --- a/plugins/CoreHome/angularjs/siteselector/siteselector-model.service.js +++ b/plugins/CoreHome/angularjs/siteselector/siteselector-model.service.js @@ -37,13 +37,6 @@ angular.forEach(sites, function (site) { if (site.group) site.name = '[' + site.group + '] ' + site.name; - if (!site.name) { - return; - } - // Escape site names, see https://github.com/piwik/piwik/issues/7531 - site.name = site.name.replace(/[\u0000-\u2666]/g, function(c) { - return '&#'+c.charCodeAt(0)+';'; - }); }); model.sites = sortSites(sites); diff --git a/plugins/CoreHome/angularjs/siteselector/siteselector.directive.html b/plugins/CoreHome/angularjs/siteselector/siteselector.directive.html index acac9daffc..c794b133e9 100644 --- a/plugins/CoreHome/angularjs/siteselector/siteselector.directive.html +++ b/plugins/CoreHome/angularjs/siteselector/siteselector.directive.html @@ -16,13 +16,13 @@ <a ng-click="view.showSitesList=!view.showSitesList; view.showSitesList && !model.isLoading && model.loadInitialSites();" piwik-onenter="view.showSitesList=!view.showSitesList; view.showSitesList && !model.isLoading && model.loadInitialSites();" href="javascript:void(0)" - title="{{ 'CoreHome_ChangeCurrentWebsite'|translate:((selectedSite.name || model.firstSiteName)|htmldecode) }}" + title="{{ 'CoreHome_ChangeCurrentWebsite'|translate:((selectedSite.name || model.firstSiteName)|escape) }}" ng-class="{'loading': model.isLoading}" class="title" tabindex="4"> <span class="icon icon-arrow-bottom" ng-class="{'iconHidden': model.isLoading, 'collapsed': !view.showSitesList}"></span> <span> - <span ng-bind-html="selectedSite.name || model.firstSiteName" ng-if="selectedSite.name || !placeholder">?</span> + <span ng-bind="selectedSite.name || model.firstSiteName" ng-if="selectedSite.name || !placeholder">?</span> <span ng-if="!selectedSite.name && placeholder" class="placeholder">{{ placeholder }}</span> </span> </a> @@ -55,8 +55,8 @@ ng-hide="!showSelectedSite && activeSiteId==site.idsite"> <a piwik-ignore-click href="{{ getUrlForSiteId(site.idsite) }}" piwik-autocomplete-matched="view.searchTerm" - title="{{ site.name|htmldecode }}" - ng-bind-html="site.name" tabindex="4"></a> + title="{{ site.name }}" + ng-bind="site.name" tabindex="4"></a> </li> </ul> <ul ng-show="!model.sites.length && view.searchTerm" class="ui-autocomplete ui-front ui-menu ui-widget ui-widget-content ui-corner-all siteSelect"> diff --git a/plugins/CoreHome/angularjs/siteselector/siteselector.directive.js b/plugins/CoreHome/angularjs/siteselector/siteselector.directive.js index 9c4d887c6b..08ed160a4c 100644 --- a/plugins/CoreHome/angularjs/siteselector/siteselector.directive.js +++ b/plugins/CoreHome/angularjs/siteselector/siteselector.directive.js @@ -32,7 +32,7 @@ var defaults = { name: '', siteid: piwik.idSite, - sitename: piwik.siteName, + sitename: piwik.helper.htmlDecode(piwik.siteName), allSitesLocation: 'bottom', allSitesText: $filter('translate')('General_MultiSitesSummary'), showSelectedSite: 'false', diff --git a/plugins/CoreHome/templates/_dataTable.twig b/plugins/CoreHome/templates/_dataTable.twig index 90864d105c..428f746004 100644 --- a/plugins/CoreHome/templates/_dataTable.twig +++ b/plugins/CoreHome/templates/_dataTable.twig @@ -41,7 +41,7 @@ {% endif %} <div class="reportDocumentation"> - {% if properties.documentation|default is not empty %}<p>{{ properties.documentation|raw }}</p>{% endif %} + {% if properties.documentation|default is not empty %}<p>{{ properties.documentation|rawSafeDecoded }}</p>{% endif %} {% if reportLastUpdatedMessage is defined and reportLastUpdatedMessage %}<span class='helpDate'>{{ reportLastUpdatedMessage|raw }}</span>{% endif %} </div> diff --git a/plugins/CustomVariables/templates/_actionTooltip.twig b/plugins/CustomVariables/templates/_actionTooltip.twig index 52084a4be5..3fbe510783 100644 --- a/plugins/CustomVariables/templates/_actionTooltip.twig +++ b/plugins/CustomVariables/templates/_actionTooltip.twig @@ -5,6 +5,6 @@ {% set value = 'customVariablePageValue' ~ id %} {# line break above is important #} - - {{ customVariable[name]|raw }} {% if customVariable[value]|length > 0 %} = {{ customVariable[value]|raw }}{% endif %} + - {{ customVariable[name]|rawSafeDecoded }} {% if customVariable[value]|length > 0 %} = {{ customVariable[value]|rawSafeDecoded }}{% endif %} {% endfor %} {% endif -%}
\ No newline at end of file diff --git a/plugins/ExampleVisualization/templates/simpleTable.twig b/plugins/ExampleVisualization/templates/simpleTable.twig index 6b0748711d..618736cc24 100644 --- a/plugins/ExampleVisualization/templates/simpleTable.twig +++ b/plugins/ExampleVisualization/templates/simpleTable.twig @@ -17,7 +17,7 @@ {% for tableRow in dataTable.getRows %} <tr> {% for column in properties.columns_to_display %} - <td>{{ tableRow.getColumn(column)|default('-')|truncate(50)|raw }}</td> + <td>{{ tableRow.getColumn(column)|default('-')|truncate(50)|rawSafeDecoded }}</td> {% endfor %} </tr> {% endfor %} diff --git a/plugins/Live/templates/_dataTableViz_visitorLog.twig b/plugins/Live/templates/_dataTableViz_visitorLog.twig index eb09ee8730..02221fa485 100644 --- a/plugins/Live/templates/_dataTableViz_visitorLog.twig +++ b/plugins/Live/templates/_dataTableViz_visitorLog.twig @@ -8,7 +8,7 @@ {% if visitor.getColumn('visitorId') is not empty and not clientSideParameters.hideProfileLink %} <a class="visitor-log-visitor-profile-link visitorLogTooltip" title="{{ 'Live_ViewVisitorProfile'|translate }}" data-visitor-id="{{ visitor.getColumn("visitorId") }}"> <img src="plugins/Live/images/visitorProfileLaunch.png"/> <span>{{ 'Live_ViewVisitorProfile'|translate }} - {%- if visitor.getColumn('userId') is not empty %}: {{ visitor.getColumn('userId')|raw }}{% endif %}</span> + {%- if visitor.getColumn('userId') is not empty %}: {{ visitor.getColumn('userId')|rawSafeDecoded }}{% endif %}</span> </a> {% endif %} diff --git a/plugins/Live/templates/_visitorDetails.twig b/plugins/Live/templates/_visitorDetails.twig index 6bcb5255d0..f0e22943ce 100644 --- a/plugins/Live/templates/_visitorDetails.twig +++ b/plugins/Live/templates/_visitorDetails.twig @@ -2,7 +2,7 @@ {{ visitInfo.getColumn('serverDatePrettyFirstAction') }} {% if isWidget %}<br/>{% else %}-{% endif %} {{ visitInfo.getColumn('serverTimePrettyFirstAction') }}</strong> {% if visitInfo.getColumn('visitIp') is not empty %} -<span class="visitor-log-ip-location visitorLogTooltip" title="{% if visitInfo.getColumn('userId') is not empty %}{{ 'General_UserId'|translate }}: {{ visitInfo.getColumn('userId')|raw }} +<span class="visitor-log-ip-location visitorLogTooltip" title="{% if visitInfo.getColumn('userId') is not empty %}{{ 'General_UserId'|translate }}: {{ visitInfo.getColumn('userId')|rawSafeDecoded }} {% endif %}{% if visitInfo.getColumn('visitorId') is not empty %}{{ 'General_VisitorID'|translate }}: {{ visitInfo.getColumn('visitorId') }} {% endif %}{% if visitInfo.getColumn('idVisit') is not empty %} {{ 'General_Visit'|translate }} ID: {{ visitInfo.getColumn('idVisit') }} @@ -15,7 +15,7 @@ GPS (lat/long): {{ visitInfo.getColumn('latitude') }},{{ visitInfo.getColumn('lo {% if visitInfo.getColumn('location') != 'General_Unknown'|translate %}<span><img width="16" class="flag" src="{{ visitInfo.getColumn('countryFlag') }}"/> {% if visitInfo.getColumn('city') is not empty %}{{ visitInfo.getColumn('city') }}{% else %}{{ visitInfo.getColumn('country') }}{% endif %}</span>{% endif %} - {% if visitInfo.getColumn('userId') is not empty %}<br/><br/>{{ visitInfo.getColumn('userId')|raw }}{% endif %} + {% if visitInfo.getColumn('userId') is not empty %}<br/><br/>{{ visitInfo.getColumn('userId')|rawSafeDecoded }}{% endif %} </span>{% endif %} {% if isWidget %} <br /> diff --git a/plugins/Live/templates/getVisitorProfilePopup.twig b/plugins/Live/templates/getVisitorProfilePopup.twig index 96c95fc2f8..7949f12301 100644 --- a/plugins/Live/templates/getVisitorProfilePopup.twig +++ b/plugins/Live/templates/getVisitorProfilePopup.twig @@ -32,7 +32,7 @@ {%- if visitorData.userId is empty %} {{ 'Live_VisitorProfile'|translate }} {%- else %} - <span title="{{ 'General_UserId'|translate }}: {{ visitorData.userId|raw }}">{{ visitorData.userId|raw }}</span> + <span title="{{ 'General_UserId'|translate }}: {{ visitorData.userId|rawSafeDecoded }}">{{ visitorData.userId|rawSafeDecoded }}</span> {% endif -%} </h1> {% if visitorData.nextVisitorId is not empty %}<a class="visitor-profile-next-visitor" diff --git a/plugins/PrivacyManager/templates/privacySettings.twig b/plugins/PrivacyManager/templates/privacySettings.twig index 819abea55e..7690ff6011 100644 --- a/plugins/PrivacyManager/templates/privacySettings.twig +++ b/plugins/PrivacyManager/templates/privacySettings.twig @@ -238,7 +238,7 @@ <br/> {% endif %} <strong>{{ 'PrivacyManager_NextDelete'|translate }}:</strong> - {{ deleteData.nextRunPretty|raw }} + {{ deleteData.nextRunPretty|rawSafeDecoded }} <br/> <br/> <a id="purgeDataNowLink" href="#" diff --git a/plugins/ScheduledReports/SubscriptionModel.php b/plugins/ScheduledReports/SubscriptionModel.php index e15f3b6d26..f5937138d5 100644 --- a/plugins/ScheduledReports/SubscriptionModel.php +++ b/plugins/ScheduledReports/SubscriptionModel.php @@ -157,7 +157,7 @@ class SubscriptionModel private function removeSubscription($token) { - $this->getDb()->query('UPDATE ' . $this->table . ' SET token = "", ts_unsubscribed = NOW() WHERE token = ?', [$token]); + $this->getDb()->query('UPDATE ' . $this->table . ' SET token = NULL, ts_unsubscribed = NOW() WHERE token = ?', [$token]); } private function generateToken($email) diff --git a/plugins/ScheduledReports/templates/_addReport.twig b/plugins/ScheduledReports/templates/_addReport.twig index 076f18b10e..64cb2456b4 100644 --- a/plugins/ScheduledReports/templates/_addReport.twig +++ b/plugins/ScheduledReports/templates/_addReport.twig @@ -126,7 +126,7 @@ <input type='{{ reportInputType }}' id="{{ reportType }}{{ report.uniqueId }}" report-unique-id='{{ report.uniqueId }}' name='{{ reportType }}Reports'/> <label for="{{ reportType }}{{ report.uniqueId }}"> - {{ report.name|raw }} + {{ report.name|rawSafeDecoded }} {% if report.uniqueId=='MultiSites_getAll' %} <div class="entityInlineHelp">{{ 'ScheduledReports_ReportIncludeNWebsites'|translate(countWebsites) }}</div> diff --git a/plugins/ScheduledReports/templates/_listReports.twig b/plugins/ScheduledReports/templates/_listReports.twig index bf43a1d91a..9a04277869 100644 --- a/plugins/ScheduledReports/templates/_listReports.twig +++ b/plugins/ScheduledReports/templates/_listReports.twig @@ -40,7 +40,7 @@ {% for report in reports %} <tr> <td class="first"> - {{ report.description | raw }} + {{ report.description|rawSafeDecoded }} {% if segmentEditorActivated and report.idsegment %} <div class="entityInlineHelp" style="font-size: 9pt;"> {{ savedSegmentsById[report.idsegment] }} diff --git a/plugins/ScheduledReports/templates/unsubscribe.twig b/plugins/ScheduledReports/templates/unsubscribe.twig index d97bb7898b..14684cd010 100644 --- a/plugins/ScheduledReports/templates/unsubscribe.twig +++ b/plugins/ScheduledReports/templates/unsubscribe.twig @@ -36,13 +36,13 @@ <strong>{{ 'General_Error'|translate }}</strong>: {{ error|raw }}<br/> </div> {% elseif success is defined %} - <p class="message">{{ 'ScheduledReports_SuccessfullyUnsubscribed'|translate('<strong>'~reportName~'</strong>')|raw }}</p> + <p class="message">{{ 'ScheduledReports_SuccessfullyUnsubscribed'|translate('<strong>'~reportName|rawSafeDecoded~'</strong>')|raw }}</p> {% else %} <form method="POST" ng-non-bindable> <div class="row"> <div class="col s12"> <br/> - <p>{{ 'ScheduledReports_UnsubscribeReportConfirmation'|translate('<strong>'~reportName~'</strong>')|raw }}</p> + <p>{{ 'ScheduledReports_UnsubscribeReportConfirmation'|translate('<strong>'~reportName|rawSafeDecoded~'</strong>')|raw }}</p> <br /><br /><br /> <input type="hidden" name="nonce" id="unsubscribe_form_nonce" value="{{ nonce }}"/> <input class="submit btn" type="submit" name="confirm" value="{{ 'ScheduledReports_Unsubscribe'|translate }}"/> diff --git a/plugins/UsersManager/templates/index.twig b/plugins/UsersManager/templates/index.twig index ca58a66426..82237074a1 100644 --- a/plugins/UsersManager/templates/index.twig +++ b/plugins/UsersManager/templates/index.twig @@ -6,7 +6,7 @@ <piwik-users-manager initial-site-id="{{ idSiteSelected }}" - initial-site-name="{{ defaultReportSiteName }}" + initial-site-name="{{ defaultReportSiteName|rawSafeDecoded }}" current-user-role="'{{ currentUserRole }}'" access-levels="{{ accessLevels|json_encode|e('html_attr') }}" filter-access-levels="{{ filterAccessLevels|json_encode|e('html_attr') }}" diff --git a/plugins/UsersManager/templates/userSettings.twig b/plugins/UsersManager/templates/userSettings.twig index 5ad0ffeee3..203039f8ad 100644 --- a/plugins/UsersManager/templates/userSettings.twig +++ b/plugins/UsersManager/templates/userSettings.twig @@ -58,7 +58,7 @@ show-selected-site="true" class="sites_autocomplete" siteid="{{ defaultReportIdSite }}" - sitename="{{ defaultReportSiteName }}" + sitename="{{ defaultReportSiteName|rawSafeDecoded }}" switch-site-on-select="false" show-all-sites-item="false" showselectedsite="true" |