From 9db70e3c1997d0757e5449c3e0c10f9cd4c03f75 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 28 Jul 2016 17:32:40 +0200
Subject: [baseconfig] Rework makeInput to prevent generating invalid tag
 attribs

---
 modules-available/baseconfig/page.inc.php | 42 ++++++++++++++++++++-----------
 1 file changed, 28 insertions(+), 14 deletions(-)

(limited to 'modules-available/baseconfig')

diff --git a/modules-available/baseconfig/page.inc.php b/modules-available/baseconfig/page.inc.php
index 41a7523f..5d125cc2 100644
--- a/modules-available/baseconfig/page.inc.php
+++ b/modules-available/baseconfig/page.inc.php
@@ -169,6 +169,9 @@ class Page_BaseConfig extends Page
 			if (!isset($settings[$var['catid']]['settings'][$key]['displayvalue'])) {
 				$settings[$var['catid']]['settings'][$key]['displayvalue'] = $var['defaultvalue'];
 			}
+			if (!isset($settings[$var['catid']]['settings'][$key]['shadows'])) {
+				$settings[$var['catid']]['settings'][$key]['shadows'] = null;
+			}
 			$settings[$var['catid']]['settings'][$key] += array(
 				'item' => $this->makeInput($var['validator'], $key, $settings[$var['catid']]['settings'][$key]['displayvalue'], $settings[$var['catid']]['settings'][$key]['shadows']
 			),
@@ -250,22 +253,20 @@ class Page_BaseConfig extends Page
 
 		/* for the html snippet we need: */
 		$tag = 'input';
-		$type = 'text';
-		$shadowjs = empty($shadows) ? "" :  " data-shadows=\"$shadows\"";
-		$classes = "form-control";
-		$extras= "";
+		$args = array('type' => 'text', 'class' => 'form-control', 'name' => "setting[$setting]", 'id' => $setting);
+		if (!empty($shadows)) {
+			$args['data-shadows'] = $shadows;
+		}
 		$inner = "";
 		/* -- */
 
 		$parts = explode(':', $validator, 2);
 		if ($parts[0] === 'list' || $parts[0] == 'multilist') {
 			$items = explode('|', $parts[1]);
-			$multiple = $parts[0] == 'multilist';
-			if ($multiple) {
-				$extras = 'multiple ';
-				$classes .= " multilist";
+			if ($parts[0] === 'multilist') {
+				$args['multiple'] = 'multiple';
+				$args['class'] .= " multilist";
 			}
-			$tag = 'select';
 
 			foreach ($items as $item) {
 				if ($item === $current) {
@@ -274,19 +275,32 @@ class Page_BaseConfig extends Page
 					$inner .= '<option>' . $item . '</option>';
 				}
 			}
+
+			$tag = 'select';
+			unset($args['type']);
+			$current = '';
 		}
 		/* multiinput: enter multiple free-form strings*/
-		if (strtolower($validator) == 'multiinput') {
-			$classes .= " multiinput";
+		if ($validator === 'multiinput') {
+			$args['class'] .= " multiinput";
 		}
 
 		/* Password field guessing */
 		if (stripos($validator, 'password') !== false) {
-			$type = Property::getPasswordFieldType();
+			$args['type'] = Property::getPasswordFieldType();
+		}
+
+		$output = "<$tag ";
+		foreach ($args as $key => $val) {
+			$output .= "$key=\"" . htmlspecialchars($val) . '" ';
+		}
+		if (empty($inner)) {
+			$output .= '/>';
+		} else {
+			$output .= '>' . $inner . "</$tag>";
 		}
 
-		return "<$tag type=\"$type\" id=\"$setting\" name=\"setting['$setting']\" $shadowjs $extras class=\"$classes\" value=\"$current\""
-			. ($inner == "" ? "/>" : ">$inner </$tag>");
+		return $output;
 	}
 
 }
-- 
cgit v1.2.3-55-g7522