From 29055d34d6f0ceee253a4122bb6c9dae6cb53b2b Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Fri, 27 Apr 2007 07:42:54 +0000
Subject: - Patch #137236 by merlinofchaos: provide a way to secure the theme
 variables system.

---
 modules/comment/comment.module  | 27 ++++++++++++-------
 modules/comment/comment.tpl.php | 25 +++++++++++++++++
 modules/node/node.tpl.php       | 29 ++++++++++++++++++++
 modules/system/block.tpl.php    |  8 ++++++
 modules/system/box.tpl.php      |  8 ++++++
 modules/system/page.tpl.php     | 60 +++++++++++++++++++++++++++++++++++++++++
 6 files changed, 148 insertions(+), 9 deletions(-)
 create mode 100644 modules/comment/comment.tpl.php
 create mode 100644 modules/node/node.tpl.php
 create mode 100644 modules/system/block.tpl.php
 create mode 100644 modules/system/box.tpl.php
 create mode 100644 modules/system/page.tpl.php

(limited to 'modules')

diff --git a/modules/comment/comment.module b/modules/comment/comment.module
index 8cf30b3dc..1357a3462 100644
--- a/modules/comment/comment.module
+++ b/modules/comment/comment.module
@@ -162,6 +162,7 @@ function comment_theme() {
     ),
     'comment' => array(
       'arguments' => array('comment' => NULL, 'links' => array()),
+      'file' => 'comment.tpl.php',
     ),
     'comment_folded' => array(
       'arguments' => array('comment' => NULL),
@@ -1811,15 +1812,23 @@ function comment_controls_submit($form_id, $form_values) {
   }
 }
 
-function theme_comment($comment, $links = array()) {
-  $output  = '<div class="comment'. ($comment->status == COMMENT_NOT_PUBLISHED ? ' comment-unpublished' : '') .'">';
-  $output .= '<div class="subject">'. l($comment->subject, $_GET['q'], array('fragment' => "comment-$comment->cid")) .' '. theme('mark', $comment->new) ."</div>\n";
-  $output .= '<div class="credit">'. t('by %a on %b', array('%a' => theme('username', $comment), '%b' => format_date($comment->timestamp))) ."</div>\n";
-  $output .= '<div class="body">'. $comment->comment .'</div>';
-  $output .= theme('user_signature', $comment->signature);
-  $output .= '<div class="links">'. theme('links', $links) .'</div>';
-  $output .= '</div>';
-  return $output;
+/**
+ * Prepare values for comment.tpl.php
+ */
+function template_preprocess_comment(&$variables) {
+  $comment = $variables['comment'];
+  $variables['author']    = theme('username', $comment);
+  $variables['comment']   = $comment;
+  $variables['content']   = $comment->comment;
+  $variables['date']      = format_date($comment->timestamp);
+  $variables['links']     = isset($variables['links']) ? theme('links', $variables['links']) : '';
+  $variables['new']       = $comment->new ? t('new') : '';
+  $variables['picture']   = theme_get_setting('toggle_comment_user_picture') ? theme('user_picture', $comment) : '';
+  $variables['signature'] = $comment->signature;
+  $variables['submitted'] = t('Submitted by !a on @b.',
+                      array('!a' => theme('username', $comment),
+                            '@b' => format_date($comment->timestamp)));
+  $variables['title']     = l($comment->subject, $_GET['q'], array('fragment' => "comment-$comment->cid"));
 }
 
 function theme_comment_folded($comment) {
diff --git a/modules/comment/comment.tpl.php b/modules/comment/comment.tpl.php
new file mode 100644
index 000000000..ac4eeb88a
--- /dev/null
+++ b/modules/comment/comment.tpl.php
@@ -0,0 +1,25 @@
+<div class="comment<?php print ($comment->new) ? ' comment-new' : ''; print ($comment->status == COMMENT_NOT_PUBLISHED) ? ' comment-unpublished' : ''; ?> clear-block">
+  <?php print $picture ?>
+
+<?php if ($comment->new) : ?>
+  <a id="new"></a>
+  <span class="new"><?php print $new ?></span>
+<?php endif; ?>
+
+  <h3><?php print $title ?></h3>
+
+  <div class="submitted">
+    <?php print $submitted ?>
+  </div>
+
+  <div class="content">
+    <?php print $content ?>
+    <?php if ($signature): ?>
+    <div class="user-signature clear-block">
+      <?php print $signature ?>
+    </div>
+    <?php endif; ?>
+  </div>
+
+  <?php print $links ?>
+</div>
diff --git a/modules/node/node.tpl.php b/modules/node/node.tpl.php
new file mode 100644
index 000000000..872ea0c29
--- /dev/null
+++ b/modules/node/node.tpl.php
@@ -0,0 +1,29 @@
+<div id="node-<?php print $node->nid; ?>" class="node<?php if ($sticky) { print ' sticky'; } ?><?php if (!$status) { print ' node-unpublished'; } ?> clear-block">
+
+<?php print $picture ?>
+
+<?php if ($page == 0): ?>
+  <h2><a href="<?php print $node_url ?>" title="<?php print $title ?>"><?php print $title ?></a></h2>
+<?php endif; ?>
+
+  <div class="meta">
+  <?php if ($submitted): ?>
+    <span class="submitted"><?php print $submitted ?></span>
+  <?php endif; ?>
+
+  <?php if ($terms): ?>
+    <span class="terms"><?php print $terms ?></span>
+  <?php endif;?>
+  </div>
+
+  <div class="content">
+    <?php print $content ?>
+  </div>
+
+<?php
+  if ($links) {
+    print $links;
+  }
+?>
+
+</div>
\ No newline at end of file
diff --git a/modules/system/block.tpl.php b/modules/system/block.tpl.php
new file mode 100644
index 000000000..8ba204d40
--- /dev/null
+++ b/modules/system/block.tpl.php
@@ -0,0 +1,8 @@
+<div id="block-<?php print $block->module .'-'. $block->delta; ?>" class="block block-<?php print $block->module ?>">
+
+<?php if ($block->subject): ?>
+  <h2><?php print $block->subject ?></h2>
+<?php endif;?>
+
+  <div class="content"><?php print $block->content ?></div>
+</div>
diff --git a/modules/system/box.tpl.php b/modules/system/box.tpl.php
new file mode 100644
index 000000000..84d810cf0
--- /dev/null
+++ b/modules/system/box.tpl.php
@@ -0,0 +1,8 @@
+<div class="box">
+
+<?php if ($title): ?>
+  <h2><?php print $title ?></h2>
+<?php endif; ?>
+
+  <div class="content"><?php print $content ?></div>
+</div>
diff --git a/modules/system/page.tpl.php b/modules/system/page.tpl.php
new file mode 100644
index 000000000..fce977e5f
--- /dev/null
+++ b/modules/system/page.tpl.php
@@ -0,0 +1,60 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="<?php print $language->language ?>" xml:lang="<?php print $language->language ?>">
+
+<head>
+  <title><?php print $head_title ?></title>
+  <?php print $head ?>
+  <?php print $styles ?>
+  <?php print $scripts ?>
+  <script type="text/javascript"><?php /* Needed to avoid Flash of Unstyle Content in IE */ ?> </script>
+</head>
+
+<body>
+
+<table border="0" cellpadding="0" cellspacing="0" id="header">
+  <tr>
+    <td id="logo">
+      <?php if ($logo) { ?><a href="<?php print $base_path ?>" title="<?php print t('Home') ?>"><img src="<?php print $logo ?>" alt="<?php print t('Home') ?>" /></a><?php } ?>
+      <?php if ($site_name) { ?><h1 class='site-name'><a href="<?php print $base_path ?>" title="<?php print t('Home') ?>"><?php print $site_name ?></a></h1><?php } ?>
+      <?php if ($site_slogan) { ?><div class='site-slogan'><?php print $site_slogan ?></div><?php } ?>
+    </td>
+    <td id="menu">
+      <?php if (isset($secondary_links)) { ?><?php print theme('links', $secondary_links, array('class' =>'links', 'id' => 'subnavlist')) ?><?php } ?>
+      <?php if (isset($primary_links)) { ?><?php print theme('links', $primary_links, array('class' =>'links', 'id' => 'navlist')) ?><?php } ?>
+      <?php print $search_box ?>
+    </td>
+  </tr>
+  <tr>
+    <td colspan="2"><div><?php print $header ?></div></td>
+  </tr>
+</table>
+
+<table border="0" cellpadding="0" cellspacing="0" id="content">
+  <tr>
+    <?php if ($sidebar_left) { ?><td id="sidebar-left">
+      <?php print $sidebar_left ?>
+    </td><?php } ?>
+    <td valign="top">
+      <?php if ($mission) { ?><div id="mission"><?php print $mission ?></div><?php } ?>
+      <div id="main">
+        <?php print $breadcrumb ?>
+        <h1 class="title"><?php print $title ?></h1>
+        <div class="tabs"><?php print $tabs ?></div>
+        <?php print $help ?>
+        <?php print $messages ?>
+        <?php print $content; ?>
+        <?php print $feed_icons; ?>
+      </div>
+    </td>
+    <?php if ($sidebar_right) { ?><td id="sidebar-right">
+      <?php print $sidebar_right ?>
+    </td><?php } ?>
+  </tr>
+</table>
+
+<div id="footer">
+  <?php print $footer_message ?>
+</div>
+<?php print $closure ?>
+</body>
+</html>
-- 
cgit v1.2.3