* Switch usercss & userjs bits due to above; SkinPHPTal now sets them _with_ the CDATA markers, as PHPTAL seems unwilling to recognize XML tags with tal: bits on them inside a CDATA section in the template (though oddly enough it interpreted the ${bits} just fine!)
if ($value == "nothing") { return 'null'; }
if ($value == "default") { return '$__default__'; }
if (preg_match('/^@[_a-z][0-9a-z_]*$/i', $value)) { return substr($value, 1); }
- return '$__ctx__->getToString("'. $value .'")';
+# HACKHACKHACKHACKHACK! <- for fixing ${foo} not being escaped.
+# In PHPTAL 1.0.0 it _is_ escaped, and apparently it's supposed to be.
+# We need to be consistent to work on both.
+# return '$__ctx__->getToString("'. $value .'")';
+ return 'htmlspecialchars($__ctx__->get("'. $value .'"))';
}
$this->userjs = $this->makeUrl($this->userpage.'/'.$this->skinname.'.js', 'action=raw&ctype=text/javascript&dontcountme=s');
}
}
+ $this->usercss = '/*<![CDATA[*/ ' . $this->usercss . ' /*]]>*/';
+ if( $this->userjsprev ) {
+ $this->userjsprev = '/*<![CDATA[*/ ' . $this->userjsprev . ' /*]]>*/';
+ }
}
/**
<meta http-equiv="imagetoolbar" content="no" /><![endif]-->
<script type="text/javascript" tal:attributes="src jsvarurl"></script>
<script type="text/javascript" src="${stylepath}/common/wikibits.js"></script>
- <style tal:condition="usercss" type="text/css">/*<![CDATA[*/ ${usercss} /*]]>*/</style>
+ <style tal:condition="usercss" tal:content="structure usercss" type="text/css"></style>
<script tal:condition="userjs" type="text/javascript" tal:attributes="src userjs"></script><script
- tal:condition="userjsprev" type="text/javascript">/*<![CDATA[*/${userjsprev}/*]]>*/</script>
+ tal:condition="userjsprev" tal:content="structure userjsprev" type="text/javascript"></script>
</head>
<body tal:attributes="ondblclick body_ondblclick|default; class nsclass|default">
<div id="globalWrapper">