--- a/plugin.info.txt Tue Feb 21 20:47:08 2017 +0100
+++ b/plugin.info.txt Wed Nov 15 18:53:12 2017 +0100
@@ -1,7 +1,7 @@
base davcard
author Andreas Boehler
email dev@aboehler.at
-date 2017-02-21
+date 2017-11-15
name Addressbook PlugIn with CardDAV client support
desc Show contact information from a CardDAV address book (needs webdavclient)
url http://www.dokuwiki.org/plugin:davcard
--- a/syntax/book.php Tue Feb 21 20:47:08 2017 +0100
+++ b/syntax/book.php Wed Nov 15 18:53:12 2017 +0100
@@ -189,7 +189,7 @@
$contactdata = $this->hlp->parseVcard($entry['contactdata'], $entry['uri'], $write);
if(!$this->contactFilterMatch($data['filter'], $contactdata))
continue;
- $R->doc .= '<tr><td><a href="#" class="plugin_davcard_edit_vcard" data-davcardid="'.$id.'" data-davcarduri="'.$entry['uri'].'" data-write="'.($write ? 'true' : 'false').'">'.$entry['formattedname'].'</a></td><td>';
+ $R->doc .= '<tr><td><a href="#" class="plugin_davcard_edit_vcard" data-davcardid="'.$id.'" data-davcarduri="'.hsc($entry['uri']).'" data-write="'.($write ? 'true' : 'false').'">'.hsc($entry['formattedname']).'</a></td><td>';
if(count($contactdata['addr']) > 0)
{
$R->doc .= '<span class="adr">';
@@ -199,23 +199,23 @@
$type = $dat['type'];
else
$type = 'other';
- $R->doc .= '<span class="type">'.$this->getLang('adr'.strtolower($type)).'</span>';
+ $R->doc .= '<span class="type">'.hsc($this->getLang('adr'.strtolower($type))).'</span>';
if($dat['address'][2] != '')
{
- $R->doc .= '<span class="street-address">'.$dat['address'][2].'</span><br>';
+ $R->doc .= '<span class="street-address">'.hsc($dat['address'][2]).'</span><br>';
}
if($dat['address'][5] != '')
{
- $R->doc .= '<span class="postal-code">'.$dat['address'][5].' </span>';
+ $R->doc .= '<span class="postal-code">'.hsc($dat['address'][5]).' </span>';
}
if($dat['address'][3] != '')
{
- $R->doc .= '<span class="locality">'.$dat['address'][3].'</span><br>';
+ $R->doc .= '<span class="locality">'.hsc($dat['address'][3]).'</span><br>';
}
if($dat['address'][6] != '')
{
- $R->doc .= '<span class="country-name">'.$dat['address'][6].'</span>';
+ $R->doc .= '<span class="country-name">'.hsc($dat['address'][6]).'</span>';
}
}
$R->doc .= '</span>';
@@ -230,8 +230,8 @@
$type = $dat['type'];
else
$type = 'other';
- $R->doc .= '<span class="type">'.$this->getLang('tel'.strtolower($type)).' </span>';
- $R->doc .= $dat['number'].'<br>';
+ $R->doc .= '<span class="type">'.hsc($this->getLang('tel'.strtolower($type))).' </span>';
+ $R->doc .= hsc($dat['number']).'<br>';
}
$R->doc .= '</span>';
}
@@ -240,7 +240,7 @@
{
foreach($contactdata['mail'] as $dat)
{
- $R->doc .= '<span class="email">'.$dat['mail'].'</span><br>';
+ $R->doc .= '<span class="email">'.hsc($dat['mail']).'</span><br>';
}
}
$R->doc .= '</td></tr>';
@@ -251,7 +251,7 @@
$R->doc .= '<select id="davcardAddressbookDropdown">';
foreach($addressbooklist as $addrbk)
{
- $R->doc .= '<option value="'.$addrbk['id'].'" data-write="'.$addrbk['write'].'">'.$addrbk['name'].'</option>';
+ $R->doc .= '<option value="'.hsc($addrbk['id']).'" data-write="'.hsc($addrbk['write']).'">'.hsc($addrbk['name']).'</option>';
}
$R->doc .= '</select></div>';
$R->doc .= '</div>';
--- a/syntax/card.php Tue Feb 21 20:47:08 2017 +0100
+++ b/syntax/card.php Wed Nov 15 18:53:12 2017 +0100
@@ -139,7 +139,7 @@
}
$R->doc .= '<a class="url fn plugin_davcard_url" href="#" data-davcarduri="'
- .$contactdata['uri'].'" data-davcardid="'.$data['id'].'" data-write="'.$contactdata['write'].'">'.$contactdata['formattedname'];
+ .hsc($contactdata['uri']).'" data-davcardid="'.$data['id'].'" data-write="'.hsc($contactdata['write']).'">'.hsc($contactdata['formattedname']);
$R->doc .= '<span class="plugin_davcard_popup vcard">';
if(count($contactdata['addr']) > 0)
{
@@ -150,23 +150,23 @@
$type = $dat['type'];
else
$type = 'other';
- $R->doc .= '<span class="type">'.$this->getLang('adr'.strtolower($type)).'</span>';
+ $R->doc .= '<span class="type">'.hsc($this->getLang('adr'.strtolower($type))).'</span>';
if($dat['address'][2] != '')
{
- $R->doc .= '<span class="street-address">'.$dat['address'][2].'</span><br>';
+ $R->doc .= '<span class="street-address">'.hsc($dat['address'][2]).'</span><br>';
}
if($dat['address'][5] != '')
{
- $R->doc .= '<span class="postal-code">'.$dat['address'][5].' </span>';
+ $R->doc .= '<span class="postal-code">'.hsc($dat['address'][5]).' </span>';
}
if($dat['address'][3] != '')
{
- $R->doc .= '<span class="locality">'.$dat['address'][3].'</span><br>';
+ $R->doc .= '<span class="locality">'.hsc($dat['address'][3]).'</span><br>';
}
if($dat['address'][6] != '')
{
- $R->doc .= '<span class="country-name">'.$dat['address'][6].'</span>';
+ $R->doc .= '<span class="country-name">'.hsc($dat['address'][6]).'</span>';
}
}
$R->doc .= '</span>';
@@ -180,8 +180,8 @@
$type = $dat['type'];
else
$type = 'other';
- $R->doc .= '<span class="type">'.$this->getLang('tel'.strtolower($type)).' </span>';
- $R->doc .= $dat['number'].'<br>';
+ $R->doc .= '<span class="type">'.hsc($this->getLang('tel'.strtolower($type))).' </span>';
+ $R->doc .= hsc($dat['number']).'<br>';
}
$R->doc .= '</span>';
}
@@ -190,7 +190,7 @@
$R->doc .= '<span class="email_outer"><span class="email_type">EMail</span>';
foreach($contactdata['mail'] as $dat)
{
- $R->doc .= '<span class="email">'.$dat['mail'].'</span><br>';
+ $R->doc .= '<span class="email">'.hsc($dat['mail']).'</span><br>';
}
$R->doc .= '</span>';
}