r71898 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r71897‎ | r71898 | r71899 >
Date:20:23, 29 August 2010
Author:foxtrott
Status:deferred
Tags:
Comment:
Fixed XSS issues, bug fixes

* Fixed XSS issues for input types datepicker and regexp

* Bugfixes for datepicker:
* datePickerDayNames was not set in SFI_Settings
* setting of pre-existing date was faulty

* Bugfixes for simpledatepicker:
* you could only use it once per page
* error messages (e.g. for mandatory) were not displayed
* you could not use it inline

* declared all functions in class SFIInputs static
Modified paths:
  • /trunk/extensions/SemanticFormsInputs/SFI_Inputs.php (modified) (history)
  • /trunk/extensions/SemanticFormsInputs/SFI_Settings.php (modified) (history)
  • /trunk/extensions/SemanticFormsInputs/SemanticFormsInputs.php (modified) (history)

Diff [purge]

Index: trunk/extensions/SemanticFormsInputs/SemanticFormsInputs.php
@@ -4,9 +4,8 @@
55 *
66 * @author Stephan Gambke
77 * @author Sanyam Goyal
8 - * @version 0.2
9 - * @date 16-Aug-2010
10 - */
 8+ * @version 0.3.1
 9+ */
1110
1211 if ( !defined( 'MEDIAWIKI' ) ) {
1312 die( 'This file is a MediaWiki extension, it is not a valid entry point.' );
Index: trunk/extensions/SemanticFormsInputs/SFI_Settings.php
@@ -3,7 +3,7 @@
44 * Settings for the Semantic Forms Inputs extension.
55 *
66 * @author Stephan Gambke
7 - * @version 0.2
 7+ * @version 0.3
88 * @date 06-Nov-2009
99 *
1010 * To change the default settings you can uncomment (or copy) the
@@ -12,7 +12,7 @@
1313 */
1414
1515 ###
16 -# This is the path to your installation of Semantic Forms as
 16+# This is the path to your installation of Semantic Forms Inputs as
1717 # seen from the web. No final slash.
1818 ##
1919 $sfigSettings->scriptPath = $wgScriptPath . '/extensions/SemanticFormsInputs';
@@ -160,4 +160,4 @@
161161 # characters of the wiki short names and 1char are the initials of the
162162 # wiki short names.
163163 ##
164 -$sfigSettings->datePickerMonthNames = "short";
 164+$sfigSettings->datePickerDayNames = "short";
Index: trunk/extensions/SemanticFormsInputs/SFI_Inputs.php
@@ -5,6 +5,7 @@
66 * @author Stephan Gambke
77 * @author Sanyam Goyal
88 * @author Yaron Koren
 9+ * @version 0.3.1
910 *
1011 */
1112
@@ -17,7 +18,7 @@
1819 * Setup for input type regexp.
1920 * Adds the Javascript code used by all regexp filters.
2021 */
21 -function regexpSetup() {
 22+static function regexpSetup() {
2223
2324 global $wgOut;
2425
@@ -29,8 +30,11 @@
3031 wfLoadExtensionMessages( 'SemanticFormsInputs' );
3132
3233 $jstext = <<<JAVASCRIPT
33 - function validate_input_with_regexp(input_number, re, inverse, message, multiple){
 34+ function validate_input_with_regexp(input_number, retext, inverse, message, multiple){
3435
 36+ var decoded = jQuery("<div/>").html(retext).text();
 37+ var re = new RegExp(decoded);
 38+
3539 if (multiple) {
3640 res = true;
3741 for (i = 1; i <= num_elements; i++) {
@@ -69,7 +73,7 @@
7074 /*
7175 * Definition of input type "regexp"
7276 */
73 -function regexpHTML ( $cur_value, $input_name, $is_mandatory, $is_disabled, $other_args ) {
 77+static function regexpHTML ( $cur_value, $input_name, $is_mandatory, $is_disabled, $other_args ) {
7478
7579 global $wgRequest, $wgUser, $wgParser;
7680 global $sfgTabIndex; // used to represent the current tab index in the form
@@ -112,21 +116,28 @@
113117
114118 // set regexp string
115119 if ( array_key_exists( 'regexp', $other_args ) ) {
 120+
116121 $regexp = str_replace( $orChar, '|', trim( $other_args['regexp'] ) );
117122 unset( $other_args['regexp'] );
 123+
 124+ // check for leading/trailing delimiter and remove it (else dump regexp)
 125+ if ( preg_match ( "/^\/.*\/\$/", $regexp ) ) {
 126+
 127+ $regexp = substr( $regexp, 1, strlen( $regexp ) - 2 );
 128+
 129+ }
 130+ else $regexp = '.*';
 131+
118132 }
119 - else $regexp = '/.*/';
 133+ else $regexp = '.*';
120134
121 - // set regexp string
 135+ // set failure message string
122136 if ( array_key_exists( 'message', $other_args ) ) {
123137 $message = trim( $other_args['message'] );
124138 unset( $other_args['message'] );
125139 }
126140 else $message = wfMsg( 'semanticformsinputs-wrongformat' );
127141
128 - $message = str_replace( '\\', '\\\\', $message );
129 - $message = str_replace( '\'', '\\\'', $message );
130 -
131142 $new_other_args = array();
132143
133144 foreach ( $other_args as $key => $value )
@@ -144,10 +155,15 @@
145156
146157 $hook_values = $sfgFormPrinter->mInputTypeHooks[$baseType];
147158
 159+ // sanitize error message and regexp for JS
 160+ $message = Xml::encodeJsVar( $message );
 161+ $regexp = Xml::encodeJsVar( $regexp );
 162+
 163+ // $sfgJSValidationCalls are sanitized for HTML by SF before output, no htmlspecialchars() here
148164 if ( array_key_exists( 'part_of_multiple', $other_args ) && $other_args['part_of_multiple'] == 1 ) {
149 - $sfgJSValidationCalls[] = "validate_input_with_regexp($sfgFieldNum, {$regexp}, {$inverseString}, '$message', true)";
 165+ $sfgJSValidationCalls[] = "validate_input_with_regexp($sfgFieldNum, {$regexp}, {$inverseString}, {$message}, true)";
150166 } else {
151 - $sfgJSValidationCalls[] = "validate_input_with_regexp($sfgFieldNum, {$regexp}, {$inverseString}, '$message', false)";
 167+ $sfgJSValidationCalls[] = "validate_input_with_regexp($sfgFieldNum, {$regexp}, {$inverseString}, {$message}, false)";
152168 }
153169
154170 list( $htmltext, $jstext ) = call_user_func_array( $hook_values[0], $funcArgs );
@@ -160,7 +176,7 @@
161177 * Setup for input type datepicker.
162178 * Adds the Javascript code used by all date pickers.
163179 */
164 -function datePickerSetup () {
 180+static function datePickerSetup () {
165181 global $wgOut;
166182 global $sfigSettings;
167183
@@ -320,6 +336,7 @@
321337 if (sfiElements[id]) sfiElements[id].clear();
322338 document.getElementById(id).value="";
323339 }
 340+
324341 JAVASCRIPT;
325342
326343 $jstext .= $locString;
@@ -331,9 +348,10 @@
332349 /*
333350 * Definition of input type "simpledatepicker".
334351 */
335 -function jqDatePickerHTML( $cur_value, $input_name, $is_mandatory, $is_disabled, $other_args ) {
 352+static function jqDatePickerHTML( $cur_value, $input_name, $is_mandatory, $is_disabled, $other_args ) {
336353
337 - global $wgRequest, $wgUser, $wgParser, $wgOut, $wgScriptPath, $wgLanguageCode, $sfgFieldNum, $sfgScriptPath;
 354+ global $wgRequest, $wgUser, $wgParser, $wgOut, $wgScriptPath, $wgLanguageCode;
 355+ global $sfgFieldNum, $sfgScriptPath, $sfigSettings;
338356
339357 static $hasRun = false;
340358
@@ -341,30 +359,38 @@
342360 $hasRun = true;
343361
344362 $wgOut->addScript( '<script type="text/javascript" src="' . $sfgScriptPath . '/libs/jquery-ui/jquery.ui.datepicker.min.js"></script> ' );
 363+
345364 if ( strcmp( $wgLanguageCode, "en" ) != 0 ) {
346365 $wgOut->addScript( '<script type="text/javascript" src="' . $sfgScriptPath . '/libs/jquery-ui/jquery-ui-i18n.js"></script> ' );
347366 }
348367
349 - $jstext = "<script> jQuery.noConflict(); jQuery(function(){";
350 - $image_path = $wgScriptPath . '/extensions/SemanticFormsInputs/calendar.gif';
351 - if ( strcmp( $wgLanguageCode, "en" ) != 0 ) {
352 - $jstext .= "jQuery(\"#input_" . $sfgFieldNum . "\").datepicker({showOn: 'both', buttonImage: '$image_path', buttonImageOnly: true , dateFormat: 'yy-mm-dd' }, jQuery.datepicker.regional['$wgLanguageCode']); } ); </script> ";
353 - } else {
354 - $jstext .= "jQuery(\"#input_" . $sfgFieldNum . "\").datepicker({showOn: 'both', buttonImage: '$image_path', buttonImageOnly: true , dateFormat: 'yy-mm-dd' }); } ); </script> ";
355 - }
 368+ }
356369
357 - $wgOut->addScript( $jstext );
 370+ if ( strcmp( $wgLanguageCode, "en" ) != 0 ) {
 371+ $langCodeString = ", jQuery.datepicker.regional['$wgLanguageCode']";
 372+ } else {
 373+ $langCodeString = "";
 374+ }
358375
 376+ $jstext = <<<JAVASCRIPT
 377+jQuery (
 378+ function() {
 379+ jQuery("#input_$sfgFieldNum").datepicker({showOn: 'both', buttonImage: '$sfigSettings->scriptPath/DatePickerButton.gif', buttonImageOnly: false , dateFormat: 'yy-mm-dd' }$langCodeString);
359380 }
360 - $html = '<p><input type="text" id="input_' . $sfgFieldNum . '" name="' . $input_name . '" value ="' . $cur_value . '" size="30"/></p>';
 381+);
361382
362 - return array( $html, "" );
 383+JAVASCRIPT;
 384+
 385+ $html = '<input type="text" id="input_' . $sfgFieldNum . '" name="' . htmlspecialchars( $input_name ) . '" value ="' . htmlspecialchars( $cur_value ) . '" size="30"/>' .
 386+ '<span id="info_' . $sfgFieldNum . '" class="errorMessage"></span>';
 387+
 388+ return array( $html, $jstext );
363389 }
364390
365391 /*
366392 * Definition of input type "datepicker".
367393 */
368 -function datePickerHTML ( $cur_value, $input_name, $is_mandatory, $is_disabled, $other_args ) {
 394+static function datePickerHTML ( $cur_value, $input_name, $is_mandatory, $is_disabled, $other_args ) {
369395
370396 global $wgRequest, $wgUser, $wgParser, $wgOut, $wgScriptPath;
371397
@@ -377,11 +403,11 @@
378404 if ( !( array_key_exists( 'hidden', $other_args ) || $is_disabled ) ) self::datePickerSetup();
379405
380406 // set size string
381 - if ( array_key_exists( 'size', $other_args ) ) $sizeString = 'size="' . $other_args['size'] . '" ';
 407+ if ( array_key_exists( 'size', $other_args ) ) $sizeString = 'size="' . htmlspecialchars( $other_args['size'] ) . '" ';
382408 else $sizeString = '';
383409
384410 // set maxlength string
385 - if ( array_key_exists( 'maxlength', $other_args ) ) $maxlengthString = 'maxlength="' . $other_args['maxlength'] . '" ';
 411+ if ( array_key_exists( 'maxlength', $other_args ) ) $maxlengthString = 'maxlength="' . htmlspecialchars( $other_args['maxlength'] ) . '" ';
386412 else $maxlengthString = '';
387413
388414 // set mandatory string
@@ -482,19 +508,19 @@
483509 foreach ( explode( ',', $disabledDates ) as $range ) {
484510 if ( strpos( $range, '-' ) === false ) {
485511 $dateArray = explode( '/', $range );
486 - $disabledDatesString .= '"' .
487 - $dateArray[1] . '/' .
 512+ $disabledDatesString .=
 513+ Xml::encodeJsVar( $dateArray[1] . '/' .
488514 $dateArray[0] . '/' .
489 - $dateArray[2] . '", ';
 515+ $dateArray[2] ) . ', ';
490516 } else {
491517 $dateArray = explode( '/', str_replace( '-', '/', $range ) );
492 - $disabledDatesString .= '"' .
493 - $dateArray[1] . '/' .
 518+ $disabledDatesString .=
 519+ Xml::encodeJsVar( $dateArray[1] . '/' .
494520 $dateArray[0] . '/' .
495521 $dateArray[2] . '-' .
496522 $dateArray[4] . '/' .
497523 $dateArray[3] . '/' .
498 - $dateArray[5] . '", ';
 524+ $dateArray[5] ) . ', ';
499525 }
500526 }
501527
@@ -502,7 +528,7 @@
503529
504530 if ( array_key_exists( 'possible_values', $other_args ) && $other_args['possible_values'] ) {
505531
506 - $enabledDates = array();
 532+ $enabledDates = array(); // stores enabled date ranges, i.e. arrays containing first and last enabled day
507533
508534 foreach ( $other_args['possible_values'] as $range ) {
509535
@@ -525,6 +551,7 @@
526552
527553 $prevStartOfDisabled = $firstDate;
528554
 555+ // from the list of enabled dates create a list of disabled dates
529556 while ( list( $currKey, $currRange ) = each( $enabledDates ) ) {
530557
531558 $currEndOfDisabled = clone $enabledDates[$currKey][0];
@@ -565,13 +592,19 @@
566593
567594 // set first date string and last date string
568595 if ( $firstDate ) {
569 - $firstDateString = '"' . $firstDate->format( 'n' ) . '/' . $firstDate->format( 'j' ) . '/' . $firstDate->format( 'Y' ) . '"';
 596+ $firstDateString =
 597+ $firstDate->format( 'n' ) . '/' .
 598+ $firstDate->format( 'j' ) . '/' .
 599+ $firstDate->format( 'Y' );
570600 } else {
571601 $firstDateString = 'null';
572602 }
573603
574604 if ( $lastDate ) {
575 - $lastDateString = '"' . $lastDate->format( 'n' ) . '/' . $lastDate->format( 'j' ) . '/' . $lastDate->format( 'Y' ) . '"';
 605+ $lastDateString =
 606+ $lastDate->format( 'n' ) . '/' .
 607+ $lastDate->format( 'j' ) . '/' .
 608+ $lastDate->format( 'Y' );
576609 } else {
577610 $lastDateString = 'null';
578611 }
@@ -590,19 +623,19 @@
591624 foreach ( explode( ',', $highlightedDates ) as $range ) {
592625 if ( strpos( $range, '-' ) === false ) {
593626 $dateArray = explode( '/', $range );
594 - $highlightedDatesString .= '"' .
595 - $dateArray[1] . '/' .
 627+ $highlightedDatesString .=
 628+ Xml::encodeJsVar( $dateArray[1] . '/' .
596629 $dateArray[0] . '/' .
597 - $dateArray[2] . '", ';
 630+ $dateArray[2] ) . ', ';
598631 } else {
599632 $dateArray = explode( '/', str_replace( '-', '/', $range ) );
600 - $highlightedDatesString .= '"' .
601 - $dateArray[1] . '/' .
 633+ $highlightedDatesString .=
 634+ Xml::encodeJsVar( $dateArray[1] . '/' .
602635 $dateArray[0] . '/' .
603636 $dateArray[2] . '-' .
604637 $dateArray[4] . '/' .
605638 $dateArray[3] . '/' .
606 - $dateArray[5] . '", ';
 639+ $dateArray[5] ) . ', ';
607640 }
608641 }
609642
@@ -618,25 +651,7 @@
619652
620653 // set default date string
621654 $defaultDateString = 'null';
622 - $setDefaultDateString = '';
623655
624 - if ( $cur_value ) {
625 - $parts = explode( '/', $cur_value );
626 - if ( count( $parts ) == 3 ) {
627 - $defaultDateString = '"' . $parts[1] . '/' . $parts[0] . '/' . $parts[2] . '"';
628 -
629 - $setDefaultDateString = <<<JAVASCRIPT
630 - document.getElementById("input_{$sfgFieldNum}").value=
631 - YAHOO.util.Date.format(
632 - new Date(Date.parse($defaultDateString)),
633 - {format:"$dateFormatString"},
634 - 'wiki'
635 - );
636 -JAVASCRIPT;
637 -
638 - }
639 - }
640 -
641656 // set month strings
642657 if ( array_key_exists( 'month names', $other_args ) ) {
643658 $monthNames = $other_args['month names'];
@@ -646,7 +661,7 @@
647662
648663 // set day strings
649664 if ( array_key_exists( 'day names', $other_args ) ) {
650 - $dayNames = $other_args['day names'];
 665+ $dayNames = Xml::encodeJsVar( $other_args['day names'] );
651666 } else {
652667 $dayNames = $sfigSettings->datePickerDayNames;
653668 }
@@ -660,6 +675,14 @@
661676 $showResetButton = $sfigSettings->datePickerShowResetButton;
662677 }
663678
 679+ $classString = htmlspecialchars( $classString );
 680+ $cur_value = htmlspecialchars( $cur_value );
 681+ // $mandatoryString: contains a fixed string ("mandatory ", "")
 682+ $input_name = htmlspecialchars( $input_name );
 683+ // $sizeString: already sanitized
 684+ // $maxlengthString: already sanitized
 685+ // $disableInputString: contains a fixed string ("readonly ", "")
 686+
664687 if ( $showResetButton && $is_disabled ) {
665688
666689 $resetButtonString =
@@ -679,42 +702,77 @@
680703
681704 // compose html text
682705 if ( array_key_exists( 'hidden', $other_args ) ) {
683 - $htmltext = '<input type="hidden" id="input_' . $sfgFieldNum . '" value="' . $cur_value .
684 - '" class="createboxInput ' . $mandatoryString . $classString . '" name="' . $input_name . '" /><span id="info_' . $sfgFieldNum . '" class="errorMessage"></span>';
 706+
 707+ $htmltext = '<input type="hidden" id="input_' . $sfgFieldNum
 708+ . '" value="' . $cur_value
 709+ . '" class="createboxInput ' . $mandatoryString . $classString
 710+ . '" name="' . $input_name . '" /><span id="info_' . $sfgFieldNum
 711+ . '" class="errorMessage"></span>';
 712+
685713 } elseif ( $is_disabled ) {
686714 $htmltext =
687 - '<span class="yui-skin-sam">' .
688 - '<input type="text" ' . $sizeString . $maxlengthString . ' id="input_' . $sfgFieldNum . '" ' .
689 - 'value="' . $cur_value . '" class="createboxInput ' . $mandatoryString . $classString . '" ' .
690 - 'style="vertical-align:middle;" name="' . $input_name . '" readonly />' .
691 - '<button tabindex="-1" type=button id="input_' . $sfgFieldNum . '_button" class="' . $classString . '" onclick="return false;" ' .
692 - 'style="height:1.5em;width:1.5em;vertical-align:middle;background-image: url(' . $sfigSettings->scriptPath . '/DatePickerButtonDisabled.gif);' .
693 - 'background-position: center center; background-repeat: no-repeat;" disabled ></button>' .
694 - $resetButtonString . "\n" .
695 - '<span id="info_' . $sfgFieldNum . '" class="errorMessage"></span>' .
696 - '</span>';
 715+ '<span class="yui-skin-sam">'
 716+ . '<input type="text" ' . $sizeString . $maxlengthString
 717+ . ' id="input_' . $sfgFieldNum . '" ' . 'value="' . $cur_value
 718+ . '" class="createboxInput ' . $mandatoryString . $classString . '" '
 719+ . 'style="vertical-align:middle;" name="' . $input_name . '" readonly />'
 720+ . '<button tabindex="-1" type=button id="input_' . $sfgFieldNum
 721+ . '_button" class="' . $classString . '" onclick="return false;" '
 722+ . 'style="height:1.5em;width:1.5em;vertical-align:middle;background-image: url('
 723+ . $sfigSettings->scriptPath . '/DatePickerButtonDisabled.gif);'
 724+ . 'background-position: center center; background-repeat: no-repeat;" disabled ></button>' .
 725+ $resetButtonString . "\n"
 726+ . '<span id="info_' . $sfgFieldNum . '" class="errorMessage"></span>'
 727+ . '</span>';
697728
698 - } else {
 729+ } else { // not hidden, not disabled
699730 $htmltext =
700 - '<span class="yui-skin-sam">' .
701 - '<span id="input_' . $sfgFieldNum . '_container" style="position:absolute;display:inline;margin-top:2em;"><span id="input_' . $sfgFieldNum . '_calendar"></span></span>' .
702 - '<input type="text" ' . $sizeString . $maxlengthString . $disableInputString . ' id="input_' . $sfgFieldNum . '" ' .
703 - 'value="' . $cur_value . '" class="createboxInput ' . $mandatoryString . $classString . '" ' .
704 - 'style="vertical-align:middle;" name="' . $input_name . '" />' .
705 - '<button tabindex="-1" type=button id="input_' . $sfgFieldNum . '_button" class="' . $classString . '" onclick="toggle_datepicker(this);" ' .
706 - 'style="height: 1.5em; width: 1.5em;vertical-align:middle;background-image: url(' . $sfigSettings->scriptPath . '/DatePickerButton.gif);' .
707 - 'background-position: center center; background-repeat: no-repeat;" ></button>' .
708 - $resetButtonString . "\n" .
709 - '<span id="info_' . $sfgFieldNum . '" class="errorMessage"></span>' .
710 - '</span>';
 731+ '<span class="yui-skin-sam">'
 732+ . '<span id="input_' . $sfgFieldNum
 733+ . '_container" style="position:absolute;display:inline;margin-top:2em;">'
 734+ . '<span id="input_' . $sfgFieldNum . '_calendar"></span></span>'
 735+ . '<input type="text" ' . $sizeString . $maxlengthString . $disableInputString
 736+ . ' id="input_' . $sfgFieldNum . '" ' . 'value="' . $cur_value
 737+ . '" class="createboxInput ' . $mandatoryString . $classString . '" '
 738+ . 'style="vertical-align:middle;" name="' . $input_name . '" />'
 739+ . '<button tabindex="-1" type=button id="input_' . $sfgFieldNum
 740+ . '_button" class="' . $classString . '" onclick="toggle_datepicker(this);" '
 741+ . 'style="height: 1.5em; width: 1.5em;vertical-align:middle;background-image: url('
 742+ . $sfigSettings->scriptPath . '/DatePickerButton.gif);'
 743+ . 'background-position: center center; background-repeat: no-repeat;" ></button>'
 744+ . $resetButtonString . "\n"
 745+ . '<span id="info_' . $sfgFieldNum . '" class="errorMessage"></span>'
 746+ . '</span>';
711747 }
712748
713749 // compose Javascript
714 - if ( array_key_exists( 'hidden', $other_args ) ) {
 750+ if ( array_key_exists( 'hidden', $other_args ) || $is_disabled ) {
715751 $jstext = '';
716 - } elseif ( $is_disabled ) {
717 - $jstext = '';
718752 } else {
 753+
 754+ $weekStartString = htmlspecialchars( Xml::encodeJsVar( $weekStartString ), ENT_NOQUOTES );
 755+ // $weekNumberString: contains a fixed string ("true", "false")
 756+ // $disabledDaysOfWeek: input filtered, only numbers and commas allowed
 757+ // $highlightedDaysOfWeek: input filtered, only numbers and commas allowed
 758+ $disabledDatesString = htmlspecialchars( $disabledDatesString, ENT_NOQUOTES ); // Js sanitized on input
 759+ $highlightedDatesString = htmlspecialchars( $highlightedDatesString, ENT_NOQUOTES ); // Js sanitized on input
 760+
 761+ if ( strcmp( $firstDateString, "null" ) ) {
 762+ $firstDateString = htmlspecialchars( Xml::encodeJsVar( $firstDateString ), ENT_NOQUOTES );
 763+ }
 764+
 765+ if ( strcmp( $lastDateString, "null" ) ) {
 766+ $lastDateString = htmlspecialchars( Xml::encodeJsVar( $lastDateString ), ENT_NOQUOTES );
 767+ }
 768+
 769+ if ( strcmp( $defaultDateString, "null" ) ) {
 770+ $defaultDateString = htmlspecialchars( Xml::encodeJsVar( $defaultDateString ), ENT_NOQUOTES );
 771+ }
 772+
 773+ $monthNames = htmlspecialchars( Xml::encodeJsVar( $monthNames ), ENT_NOQUOTES );
 774+ $dayNames = htmlspecialchars( Xml::encodeJsVar( $dayNames ), ENT_NOQUOTES );
 775+ $dateFormatString = htmlspecialchars( Xml::encodeJsVar( $dateFormatString ), ENT_NOQUOTES );
 776+
719777 $jstext = <<<JAVASCRIPT
720778 function setup_input_{$sfgFieldNum}() {
721779
@@ -728,17 +786,17 @@
729787 sfiElements['settings_$sfgFieldNum'].first_day = $firstDateString;
730788 sfiElements['settings_$sfgFieldNum'].last_day = $lastDateString;
731789 sfiElements['settings_$sfgFieldNum'].default_day = $defaultDateString;
732 - sfiElements['settings_$sfgFieldNum'].locale_months = "$monthNames";
733 - sfiElements['settings_$sfgFieldNum'].locale_weekdays = "$dayNames";
734 - sfiElements['settings_$sfgFieldNum'].date_format = "$dateFormatString";
 790+ sfiElements['settings_$sfgFieldNum'].locale_months = $monthNames;
 791+ sfiElements['settings_$sfgFieldNum'].locale_weekdays = $dayNames;
 792+ sfiElements['settings_$sfgFieldNum'].date_format = $dateFormatString;
735793
736 - $setDefaultDateString;
737794 }
738795
739796 addOnloadHook(setup_input_{$sfgFieldNum});
 797+
740798 JAVASCRIPT;
741799 }
742800
743801 return array( $htmltext, $jstext );
744 - }
745802 }
 803+}

Status & tagging log