Make $error safe for HTML output purposes
This commit is contained in:
Olav Vitters
parent
7bbef59c9e
commit
bc342f9fbf
5 changed files with 22 additions and 22 deletions
|
|
@ -50,7 +50,7 @@ if ($display && $election_id >= 0) {
|
|||
$error .= "The specified election/referendum does not exist.\n";
|
||||
$display = FALSE;
|
||||
} else if (!elec_election_has_ended ($election)) {
|
||||
$error .= "The voting period for the specified ".elec_election_get_type ($election)." starts on ".$election["voting_start"]." (UTC) and ends on ".$election["voting_end"]." (UTC). It is not possible to see the results now.\n";
|
||||
$error .= "The voting period for the specified ".htmlspecialchars(elec_election_get_type ($election))." starts on ".htmlspecialchars($election["voting_start"])." (UTC) and ends on ".htmlspecialchars($election["voting_end"])." (UTC). It is not possible to see the results now.\n";
|
||||
$display = FALSE;
|
||||
}
|
||||
}
|
||||
|
|
@ -59,7 +59,7 @@ if ($display && $election_id >= 0) {
|
|||
if ($display) {
|
||||
$choices = elec_choices_get ($handle, $election_id);
|
||||
if ($choices === FALSE) {
|
||||
$error .= "The ".elec_election_get_type ($election)." is not properly set up.\n";
|
||||
$error .= "The ".htmlspecialchars(elec_election_get_type ($election))." is not properly set up.\n";
|
||||
$display = FALSE;
|
||||
}
|
||||
}
|
||||
|
|
@ -73,7 +73,7 @@ if (isset ($election) && $election !== FALSE) {
|
|||
if ($display) {
|
||||
$anon_tokens = elec_get_anon_tokens_for_election ($handle, $election_id);
|
||||
if ($anon_tokens === FALSE) {
|
||||
$error .= "Can not get the anonymous tokens for this ".elec_election_get_type ($election).".\n";
|
||||
$error .= "Can not get the anonymous tokens for this ".htmlspecialchars(elec_election_get_type ($election)).".\n";
|
||||
$display = FALSE;
|
||||
}
|
||||
}
|
||||
|
|
@ -93,7 +93,7 @@ if ($display) {
|
|||
$votes = elec_get_votes_for_anon_token ($handle, $anon_token["id"]);
|
||||
if ($votes === FALSE) {
|
||||
echo "1 999 0\n";
|
||||
$error .= "Can not get votes for anonymous token ".$anon_token["anon_token"]."\n";
|
||||
$error .= "Can not get votes for anonymous token ".htmlspecialchars($anon_token["anon_token"])."\n";
|
||||
} else if (count ($votes) == 0) {
|
||||
echo "1 0\n";
|
||||
} else {
|
||||
|
|
@ -103,7 +103,7 @@ if ($display) {
|
|||
echo $choices_pos[$vote["choice_id"]]." ";
|
||||
else {
|
||||
echo "999 ";
|
||||
$error .= "There was an unkown vote for anonymous token ".$anon_token["anon_token"].": ".$vote["choice_id"]."\n";
|
||||
$error .= "There was an unkown vote for anonymous token ".htmlspecialchars($anon_token["anon_token"]).": ".htmlspecialchars($vote["choice_id"])."\n";
|
||||
}
|
||||
}
|
||||
echo "0\n";
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ function step4_do () {
|
|||
} while ($anon_token_id === FALSE && $i < 10);
|
||||
|
||||
if ($anon_token_id === FALSE) {
|
||||
$error .= "Can not create an anonymous token: ".mysql_error ($handle)."<br />\n";
|
||||
$error .= "Can not create an anonymous token: ".htmlspecialchars(mysql_error ($handle))."<br />\n";
|
||||
elec_sql_rollback ($handle);
|
||||
return $result;
|
||||
}
|
||||
|
|
@ -71,7 +71,7 @@ function step4_do () {
|
|||
$res = elec_insert_new_vote ($handle, $anon_token_id, $vote, $index);
|
||||
|
||||
if (!$res) {
|
||||
$error .= "Can not insert a vote: ".mysql_error ($handle)."<br />\n";
|
||||
$error .= "Can not insert a vote: ".htmlspecialchars(mysql_error ($handle))."<br />\n";
|
||||
elec_sql_rollback ($handle);
|
||||
return $result;
|
||||
}
|
||||
|
|
@ -81,14 +81,14 @@ function step4_do () {
|
|||
$res = elec_sql_remove_tmp_token ($handle, $election_id, $email, $tmp_token);
|
||||
|
||||
if (!$res) {
|
||||
$error .= "Can not remove temporary token: ".mysql_error ($handle)."<br />\n";
|
||||
$error .= "Can not remove temporary token: ".htmlspecialchars(mysql_error ($handle))."<br />\n";
|
||||
elec_sql_rollback ($handle);
|
||||
return $result;
|
||||
}
|
||||
|
||||
$res = elec_sql_commit ($handle);
|
||||
if (!$res) {
|
||||
$error .= "Can not commit the vote: ".mysql_error ($handle)."<br />\n";
|
||||
$error .= "Can not commit the vote: ".htmlspecialchars(mysql_error ($handle))."<br />\n";
|
||||
return $result;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ if ($display && $election_id >= 0) {
|
|||
$error .= "The specified election/referendum does not exist.<br />\n";
|
||||
$display = FALSE;
|
||||
} else if (!elec_election_has_ended ($election)) {
|
||||
$error .= "The voting period for the specified ".elec_election_get_type ($election)." starts on ".$election["voting_start"]." (UTC) and ends on ".$election["voting_end"]." (UTC). It is not possible to see the results now.<br />\n";
|
||||
$error .= "The voting period for the specified ".htmlspecialchars(elec_election_get_type ($election))." starts on ".htmlspecialchars($election["voting_start"])." (UTC) and ends on ".htmlspecialchars($election["voting_end"])." (UTC). It is not possible to see the results now.<br />\n";
|
||||
$display = FALSE;
|
||||
}
|
||||
else
|
||||
|
|
@ -49,7 +49,7 @@ if (isset ($election) && $election !== FALSE) {
|
|||
{
|
||||
echo "<h1>Results for the ".htmlspecialchars($election["name"])."</h1>\n";
|
||||
} else {
|
||||
$error .= "The voting period for the specified ".elec_election_get_type ($election)." has closed, but the results of the election have not yet been calculated. It is not possible to see the results now.<br />\n";
|
||||
$error .= "The voting period for the specified ".htmlspecialchars(elec_election_get_type ($election))." has closed, but the results of the election have not yet been calculated. It is not possible to see the results now.<br />\n";
|
||||
echo "<p>In the meantime, you can look at the <a href=\"votes.php?election_id=".rawurlencode($election_id)."\">list of all votes</a> and verify that your vote is correct.</p>\n";
|
||||
$display = FALSE;
|
||||
}
|
||||
|
|
@ -64,7 +64,7 @@ if ($display) {
|
|||
}
|
||||
|
||||
if (isset ($error) && $error != "") {
|
||||
echo "<div class=\"error\">".htmlspecialchars($error)."</div>\n";;
|
||||
echo "<div class=\"error\">".$error."</div>\n";;
|
||||
echo "<p>If you don't understand the error, you should probably contact the Membership and Elections Committee, which can be reached at <a href=\"mailto:elections@gnome.org\">elections@gnome.org</a>.</p>\n";
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ if ($election_id == -1) {
|
|||
$error .= "The specified election/referendum does not exist.<br />\n";
|
||||
$step = 0;
|
||||
} else if (!elec_election_is_current ($election)) {
|
||||
$error .= "The voting period for the specified ".elec_election_get_type ($election)." starts on ".$election["voting_start"]." (UTC) and ends on ".$election["voting_end"]." (UTC). It is not possible to vote now.<br />\n";
|
||||
$error .= "The voting period for the specified ".htmlspecialchars(elec_election_get_type ($election))." starts on ".htmlspecialchars($election["voting_start"])." (UTC) and ends on ".htmlspecialchars($election["voting_end"])." (UTC). It is not possible to vote now.<br />\n";
|
||||
$step = 0;
|
||||
}
|
||||
}
|
||||
|
|
@ -65,7 +65,7 @@ if ($step > 1) {
|
|||
$choices = elec_choices_get ($handle, $election_id);
|
||||
|
||||
if (!elec_verify_elections ($choices)) {
|
||||
$error .= "The ".elec_election_get_type ($election)." is not properly set up.\n";
|
||||
$error .= "The ".htmlspecialchars(elec_election_get_type ($election))." is not properly set up.\n";
|
||||
$step = 0;
|
||||
}
|
||||
|
||||
|
|
@ -220,7 +220,7 @@ if ($step >= 2) {
|
|||
$res = elec_verify_vote_is_valid ($choices, $vote, $votes_array);
|
||||
|
||||
if ($res != "") {
|
||||
$error .= "The vote you made is not valid: ".$res."<br />\n";
|
||||
$error .= "The vote you made is not valid: ".htmlspecialchars($res)."<br />\n";
|
||||
$step = 2;
|
||||
}
|
||||
}
|
||||
|
|
@ -254,7 +254,7 @@ if (isset ($handle))
|
|||
elec_sql_close ($handle);
|
||||
|
||||
if (isset ($error) && $error != "") {
|
||||
echo "<div class=\"error\">".htmlspecialchars($error)."</div>\n";;
|
||||
echo "<div class=\"error\">".$error."</div>\n";;
|
||||
echo "<p>If you don't understand the error, you should probably contact the Membership and Elections Committee, which can be reached at <a href=\"mailto:elections@gnome.org\">elections@gnome.org</a>.</p>\n";
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ if ($display && $election_id >= 0) {
|
|||
$error .= "The specified election/referendum does not exist.<br />\n";
|
||||
$display = FALSE;
|
||||
} else if (!elec_election_has_ended ($election)) {
|
||||
$error .= "The voting period for the specified ".elec_election_get_type ($election)." starts on ".$election["voting_start"]." (UTC) and ends on ".$election["voting_end"]." (UTC). It is not possible to see the results now.<br />\n";
|
||||
$error .= "The voting period for the specified ".htmlspecialchars(elec_election_get_type ($election))." starts on ".htmlspecialchars($election["voting_start"])." (UTC) and ends on ".htmlspecialchars($election["voting_end"])." (UTC). It is not possible to see the results now.<br />\n";
|
||||
$display = FALSE;
|
||||
}
|
||||
}
|
||||
|
|
@ -47,7 +47,7 @@ if (isset ($election) && $election !== FALSE) {
|
|||
if ($display) {
|
||||
$anon_tokens = elec_get_anon_tokens_for_election ($handle, $election_id);
|
||||
if ($anon_tokens === FALSE) {
|
||||
$error .= "Can not get the anonymous tokens for this ".elec_election_get_type ($election).".\n";
|
||||
$error .= "Can not get the anonymous tokens for this ".htmlspecialchars(elec_election_get_type ($election)).".\n";
|
||||
$display = FALSE;
|
||||
}
|
||||
}
|
||||
|
|
@ -55,7 +55,7 @@ if ($display) {
|
|||
if ($display) {
|
||||
$choices = elec_choices_get ($handle, $election_id);
|
||||
if ($choices === FALSE) {
|
||||
$error .= "The ".elec_election_get_type ($election)." is not properly set up.\n";
|
||||
$error .= "The ".htmlspecialchars(elec_election_get_type ($election))." is not properly set up.\n";
|
||||
$display = FALSE;
|
||||
}
|
||||
}
|
||||
|
|
@ -89,7 +89,7 @@ if ($display) {
|
|||
|
||||
if ($votes === FALSE) {
|
||||
echo "Can not access votes<br />for this anonymous token.";
|
||||
$error .= "Can not get votes for anonymous token ".$anon_token["anon_token"]."<br />\n";
|
||||
$error .= "Can not get votes for anonymous token ".htmlspecialchars($anon_token["anon_token"])."<br />\n";
|
||||
} else if (count ($votes) == 0) {
|
||||
echo "This member chose to vote for<br />none of the possible choices.";
|
||||
} else {
|
||||
|
|
@ -99,7 +99,7 @@ if ($display) {
|
|||
echo "<li><em>".htmlspecialchars($votes["preference"])." ".htmlspecialchars($choices_name[$vote["choice_id"]])."</em></li>\n";
|
||||
else {
|
||||
echo "<li><em>Unknown value (".htmlspecialchars($vote["choice_id"]).")</em></li>\n";
|
||||
$error .= "There was an unkown vote for anonymous token ".$anon_token["anon_token"].": ".$vote["choice_id"]."<br />\n";
|
||||
$error .= "There was an unkown vote for anonymous token ".htmlspecialchars($anon_token["anon_token"]).": ".htmlspecialchars($vote["choice_id"])."<br />\n";
|
||||
}
|
||||
}
|
||||
echo "</ol>";
|
||||
|
|
@ -114,7 +114,7 @@ if ($display) {
|
|||
}
|
||||
|
||||
if (isset ($error) && $error != "") {
|
||||
echo "<div class=\"error\">".htmlspecialchars($error)."</div>\n";;
|
||||
echo "<div class=\"error\">".$error."</div>\n";;
|
||||
echo "<p>If you don't understand the error, you should probably contact the Membership and Elections Committee, which can be reached at <a href=\"mailto:elections@gnome.org\">elections@gnome.org</a>.</p>\n";
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue