Escape template var output.

diff --git a/src/org/cacert/gigi/Language.java b/src/org/cacert/gigi/Language.java
index 6c03b19ca59694020952ff79e3c6159eb96137e4..64831ebd13b8816d8321f463398f3fffbe2602cb 100644 (file)
--- a/src/org/cacert/gigi/Language.java
+++ b/src/org/cacert/gigi/Language.java
@@ -10,7 +10,6 @@ import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 

-import org.cacert.gigi.util.HTMLEncoder;

 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;


@@ -43,7 +42,7 @@ public class Language {
             Element e = (Element) nl.item(i);
             Element id = (Element) e.getElementsByTagName("id").item(0);
             Element msg = (Element) e.getElementsByTagName("msg").item(0);
             Element e = (Element) nl.item(i);
             Element id = (Element) e.getElementsByTagName("id").item(0);
             Element msg = (Element) e.getElementsByTagName("msg").item(0);

-            translations.put(id.getTextContent(), HTMLEncoder.encodeHTML(msg.getTextContent()));
+            translations.put(id.getTextContent(), msg.getTextContent());

         }
         System.out.println(translations.size() + " strings loaded.");
     }
         }
         System.out.println(translations.size() + " strings loaded.");
     }

diff --git a/src/org/cacert/gigi/output/template/OutputVariableCommand.java b/src/org/cacert/gigi/output/template/OutputVariableCommand.java
index f3c424abaff826b3d6200be131accb6991a9ecea..1247891a91b5a305cde48a66343e16bc46b024c2 100644 (file)
--- a/src/org/cacert/gigi/output/template/OutputVariableCommand.java
+++ b/src/org/cacert/gigi/output/template/OutputVariableCommand.java
@@ -10,12 +10,20 @@ public final class OutputVariableCommand implements Outputable {
 
     private final String raw;
 
 
     private final String raw;
 

+    private final boolean escaped;
+

     public OutputVariableCommand(String raw) {
     public OutputVariableCommand(String raw) {

-        this.raw = raw;
+        if (raw.charAt(0) == '!') {
+            escaped = true;
+            this.raw = raw.substring(1);
+        } else {
+            escaped = true;
+            this.raw = raw;
+        }

     }
 
     @Override
     public void output(PrintWriter out, Language l, Map<String, Object> vars) {
     }
 
     @Override
     public void output(PrintWriter out, Language l, Map<String, Object> vars) {

-        Template.outputVar(out, l, vars, raw);
+        Template.outputVar(out, l, vars, raw, escaped);

     }
 }
     }
 }

diff --git a/src/org/cacert/gigi/output/template/SprintfCommand.java b/src/org/cacert/gigi/output/template/SprintfCommand.java
index 1a3c29084e5d95bf2384f9301575a3a07b5ae85a..f0a3f35917368cc05e1c929cda9c549050a11eea 100644 (file)
--- a/src/org/cacert/gigi/output/template/SprintfCommand.java
+++ b/src/org/cacert/gigi/output/template/SprintfCommand.java
@@ -6,6 +6,7 @@ import java.util.Map;
 
 import org.cacert.gigi.Language;
 import org.cacert.gigi.output.Outputable;
 
 import org.cacert.gigi.Language;
 import org.cacert.gigi.output.Outputable;

+import org.cacert.gigi.util.HTMLEncoder;

 
 public final class SprintfCommand implements Outputable {
 
 
 public final class SprintfCommand implements Outputable {
 


@@ -22,10 +23,15 @@ public final class SprintfCommand implements Outputable {
     public void output(PrintWriter out, Language l, Map<String, Object> vars) {
         String[] parts = l.getTranslation(text).split("%s");
         String[] myvars = store.toArray(new String[store.size()]);
     public void output(PrintWriter out, Language l, Map<String, Object> vars) {
         String[] parts = l.getTranslation(text).split("%s");
         String[] myvars = store.toArray(new String[store.size()]);

-        out.print(parts[0]);
+        out.print(HTMLEncoder.encodeHTML(parts[0]));

         for (int j = 1; j < parts.length; j++) {
         for (int j = 1; j < parts.length; j++) {

-            Template.outputVar(out, l, vars, myvars[j - 1].substring(1));
-            out.print(parts[j]);
+            String var = myvars[j - 1];
+            if (var.startsWith("$!")) {
+                Template.outputVar(out, l, vars, myvars[j - 1].substring(2), true);
+            } else {
+                Template.outputVar(out, l, vars, myvars[j - 1].substring(1), false);
+            }
+            out.print(HTMLEncoder.encodeHTML(parts[j]));

         }
     }
 }
         }
     }
 }

diff --git a/src/org/cacert/gigi/output/template/Template.java b/src/org/cacert/gigi/output/template/Template.java
index 2702f6c108fcb36b939ec9c77f3bcc4ec9bf61a4..1949d5c665a133ed652756af1ef70205ac194603 100644 (file)
--- a/src/org/cacert/gigi/output/template/Template.java
+++ b/src/org/cacert/gigi/output/template/Template.java
@@ -17,6 +17,7 @@ import java.util.regex.Pattern;
 import org.cacert.gigi.DevelLauncher;
 import org.cacert.gigi.Language;
 import org.cacert.gigi.output.Outputable;
 import org.cacert.gigi.DevelLauncher;
 import org.cacert.gigi.Language;
 import org.cacert.gigi.output.Outputable;

+import org.cacert.gigi.util.HTMLEncoder;

 
 public class Template implements Outputable {
 
 
 public class Template implements Outputable {
 


@@ -150,7 +151,7 @@ public class Template implements Outputable {
         data.output(out, l, vars);
     }
 
         data.output(out, l, vars);
     }
 

-    protected static void outputVar(PrintWriter out, Language l, Map<String, Object> vars, String varname) {
+    protected static void outputVar(PrintWriter out, Language l, Map<String, Object> vars, String varname, boolean unescaped) {

         Object s = vars.get(varname);
 
         if (s == null) {
         Object s = vars.get(varname);
 
         if (s == null) {


@@ -159,7 +160,7 @@ public class Template implements Outputable {
         if (s instanceof Outputable) {
             ((Outputable) s).output(out, l, vars);
         } else {
         if (s instanceof Outputable) {
             ((Outputable) s).output(out, l, vars);
         } else {

-            out.print(s);
+            out.print(s == null ? "null" : (unescaped ? s.toString() : HTMLEncoder.encodeHTML(s.toString())));

         }
     }
 }
         }
     }
 }

diff --git a/src/org/cacert/gigi/output/template/TranslateCommand.java b/src/org/cacert/gigi/output/template/TranslateCommand.java
index 18bf44764a421b88d017151b4aa8afeb1449a249..0dad247335b1b874689c25c94511253f270bf25d 100644 (file)
--- a/src/org/cacert/gigi/output/template/TranslateCommand.java
+++ b/src/org/cacert/gigi/output/template/TranslateCommand.java
@@ -5,6 +5,7 @@ import java.util.Map;
 
 import org.cacert.gigi.Language;
 import org.cacert.gigi.output.Outputable;
 
 import org.cacert.gigi.Language;
 import org.cacert.gigi.output.Outputable;

+import org.cacert.gigi.util.HTMLEncoder;

 
 public final class TranslateCommand implements Outputable {
 
 
 public final class TranslateCommand implements Outputable {
 


@@ -16,6 +17,6 @@ public final class TranslateCommand implements Outputable {
 
     @Override
     public void output(PrintWriter out, Language l, Map<String, Object> vars) {
 
     @Override
     public void output(PrintWriter out, Language l, Map<String, Object> vars) {

-        out.print(l.getTranslation(raw));
+        out.print(HTMLEncoder.encodeHTML(l.getTranslation(raw)));

     }
 }
     }
 }

diff --git a/src/org/cacert/gigi/pages/account/IssueCertificateForm.templ b/src/org/cacert/gigi/pages/account/IssueCertificateForm.templ
index 16f038d486cf43f551cdd6a41da90f7802ad25d8..9d94937c6e321ce3b06940cb9c847d1b5a8765cf 100644 (file)
--- a/src/org/cacert/gigi/pages/account/IssueCertificateForm.templ
+++ b/src/org/cacert/gigi/pages/account/IssueCertificateForm.templ
@@ -98,7 +98,7 @@
       <input type="checkbox" id="CCA" name="CCA" />
     </td>
     <td align="left">
       <input type="checkbox" id="CCA" name="CCA" />
     </td>
     <td align="left">

-      <label for="CCA"><strong><?=s,$CCA,I accept the CAcert Community Agreement (%s).?> </strong><br />
+      <label for="CCA"><strong><?=s,$!CCA,I accept the CAcert Community Agreement (%s).?> </strong><br />

       <?=_Please note: You need to accept the CCA to proceed.?></label>
     </td>
   </tr>
       <?=_Please note: You need to accept the CCA to proceed.?></label>
     </td>
   </tr>

diff --git a/src/org/cacert/gigi/pages/main/Signup.templ b/src/org/cacert/gigi/pages/main/Signup.templ
index 749ab26f9fff1cb98c83a0bb5d9630699812e191..6dfbfc221a76681ec09605498a07580477d7450e 100644 (file)
--- a/src/org/cacert/gigi/pages/main/Signup.templ
+++ b/src/org/cacert/gigi/pages/main/Signup.templ
@@ -62,10 +62,10 @@
   <tr>
     <td valign="top"><?=_Alert me if?>: </td>
     <td align="left">
   <tr>
     <td valign="top"><?=_Alert me if?>: </td>
     <td align="left">

-        <input type="checkbox" name="general" value="1"<?=$general?>><?=_General Announcements?><br>
-       <input type="checkbox" name="country" value="1"<?=$country?>><?=_Country Announcements?><br>
-       <input type="checkbox" name="regional" value="1"<?=$regional?>><?=_Regional Announcements?><br>
-       <input type="checkbox" name="radius" value="1"<?=$radius?>><?=_Within 200km Announcements?></td>
+        <input type="checkbox" name="general" value="1"<?=$!general?>><?=_General Announcements?><br>
+       <input type="checkbox" name="country" value="1"<?=$!country?>><?=_Country Announcements?><br>
+       <input type="checkbox" name="regional" value="1"<?=$!regional?>><?=_Regional Announcements?><br>
+       <input type="checkbox" name="radius" value="1"<?=$!radius?>><?=_Within 200km Announcements?></td>

     <td>&nbsp;</td>
   </tr>
 
     <td>&nbsp;</td>
   </tr>