5c5d7eb04f
* Escape HTML in the location field of a calendar event post - This allowed script tags to be interpreted in the post display of an event. * Add form security token check to /admin/phpinfo module - This prevents basic XSS attacks against /admin/phpinfo * Add form security token check to /babel module - This prevents basic XSS attacks against /babel * Prevent pass-through for attachments - This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload * Prevent overwriting cid on event edit - This allowed to share an event as any other user after zeroing the cid field of an existing event
48 lines
2.1 KiB
Smarty
48 lines
2.1 KiB
Smarty
|
|
<div class="vevent event-card">
|
|
<div class="vevent-header">
|
|
<div class="event-card-details">
|
|
{{* The part with the event data (start, end, location, title *}}
|
|
<div class="event-card-header">
|
|
{{* On the left we will present the date in short form (e.g. Oct 15) *}}
|
|
<div class="event-card-left-date">
|
|
<span class="event-date-wrapper medium">
|
|
<span class="event-card-short-month">{{$month_short}}</span>
|
|
<span class="event-card-short-date">{{$date_short}}</span>
|
|
</span>
|
|
</div>
|
|
<div class="event-card-content media-body">
|
|
<div class="event-title event-card-title summary event-summary">{{$title nofilter}}</div>
|
|
|
|
{{* If there is a map, we insert a button for showing/hiding the map *}}
|
|
{{if $location.map}}<button id="event-map-btn-{{$id}}" class="event-map-btn btn-link fakelink nav nav-pills preferences" data-map-id="event-location-map-{{$id}}" data-show-label="{{$show_map_label}}" data-hide-label="{{$hide_map_label}}">{{$map_btn_label}}</button>{{/if}}
|
|
<div class="event-property">
|
|
<span class="event-date">
|
|
<span class="event-start dtstart" title="{{$dtstart_title}}">{{$start_short}}</span>
|
|
{{if $finish}} - <span class="event-end dtend" title="{{$dtend_title}}">{{if $same_date}}{{$end_time}}{{else}}{{$end_short}}{{/if}}</span>{{/if}}
|
|
</span>
|
|
{{if $location.name}}
|
|
<span role="presentation" aria-hidden="true"> · </span>
|
|
<span class="event-location event-card-location">{{$location.name}}</span>
|
|
{{/if}}
|
|
</div>
|
|
<div class="event-card-profile-name profile-entry-name">
|
|
<a href="{{$author_link}}" class="userinfo hover-card">{{$author_name}}</a>
|
|
</div>
|
|
{{if $location.map}}
|
|
<div id="event-location-map-{{$id}}" class="event-location-map">{{$location.map nofilter}}</div>
|
|
{{/if}}
|
|
</div>
|
|
<div class="clearfix"></div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="clearfix"></div>
|
|
|
|
{{* The content of the event description *}}
|
|
{{if $description}}
|
|
<div class="description event-description">
|
|
{{$description nofilter}}
|
|
</div>
|
|
{{/if}}
|
|
</div>
|