Escape js strings in smarty templates

diff --git a/templates/CRM/Batch/Form/Entry.tpl b/templates/CRM/Batch/Form/Entry.tpl
index f2104f0d6c628d8c6d1e1f4a246abd44aa627448..fe7ebcde7e3d03053bec9254f8b1ebc7690b90df 100644 (file)
--- a/templates/CRM/Batch/Form/Entry.tpl
+++ b/templates/CRM/Batch/Form/Entry.tpl
@@ -341,7 +341,7 @@ function updateContactInfo(blockNo, prefix) {
   {/literal}
   {if $contactFields}
   {foreach from=$contactFields item=val key=fldName}
-  var fldName = "{$fldName}";
+  var fldName = {$fldName|@json_encode};
   {literal}
   if (returnProperties) {
     returnProperties = returnProperties + ',';

diff --git a/templates/CRM/Case/Audit/Audit.tpl b/templates/CRM/Case/Audit/Audit.tpl
index 0a39bfb6f2da55608dd78500ff2524157e0f0b24..af6770c2d200bc621854c463a72297f300115199 100644 (file)
--- a/templates/CRM/Case/Audit/Audit.tpl
+++ b/templates/CRM/Case/Audit/Audit.tpl
@@ -154,7 +154,7 @@ There's the potential for collisions (two different labels having the same short
 
        if ( button.name == 'case_report' ) {
             var dataUrl = {/literal}"{crmURL p='civicrm/case/report/print' h=0 q='caseID='}"{literal}+id;
-            dataUrl     = dataUrl + '&cid={/literal}{$clientID}{literal}'+'&asn={/literal}{$activitySetName}{literal}';
+            dataUrl     = dataUrl + '&cid={/literal}{$clientID}{literal}&asn=' + {/literal}{$activitySetName|@json_encode}{literal};
             var redact  = '{/literal}{$_isRedact}{literal}'
 
             var isRedact = 1;

diff --git a/templates/CRM/Contact/Form/Contact.tpl b/templates/CRM/Contact/Form/Contact.tpl
index b56ccc653e0865e2e528f7ef8594161b0c430fdd..7c0302360c87187392e31ffe9acaa0de798419bb 100644 (file)
--- a/templates/CRM/Contact/Form/Contact.tpl
+++ b/templates/CRM/Contact/Form/Contact.tpl
@@ -112,7 +112,7 @@
   <script type="text/javascript" >
   CRM.$(function($) {
     var $form = $("form.{/literal}{$form.formClass}{literal}"),
-      action = "{/literal}{$action}{literal}",
+      action = {/literal}{$action|@json_encode}{literal},
       _ = CRM._;
 
     $('.crm-accordion-body').each( function() {

diff --git a/templates/CRM/Contact/Form/CustomData.tpl b/templates/CRM/Contact/Form/CustomData.tpl
index b6300f6d72c047e4803f203ba9432fa696b3fa34..34b7f841b5d890d73574d3a4dc4fa88f42e728d3 100644 (file)
--- a/templates/CRM/Contact/Form/CustomData.tpl
+++ b/templates/CRM/Contact/Form/CustomData.tpl
@@ -41,10 +41,10 @@
     <script type="text/javascript">
       CRM.$(function() {
         {/literal}
-        var customValueCount = "{$customValueCount}",
-          groupID = "{$groupID}",
-          contact_type = "{$contact_type}",
-          contact_subtype = "{$contact_subtype}",
+        var customValueCount = {$customValueCount|@json_encode},
+          groupID = {$groupID|@json_encode},
+          contact_type = {$contact_type|@json_encode},
+          contact_subtype = {$contact_subtype|@json_encode},
           i = 1;
         {literal}
         // FIXME: This is pretty terrible. Loading each item at a time via ajax.

diff --git a/templates/CRM/Contact/Form/Merge.tpl b/templates/CRM/Contact/Form/Merge.tpl
index 99005c377b8995015a544fb044256dc86c7f4416..7a769a8357152ada936f45cfda3ca06596787c4a 100644 (file)
--- a/templates/CRM/Contact/Form/Merge.tpl
+++ b/templates/CRM/Contact/Form/Merge.tpl
@@ -311,7 +311,7 @@
     }
 
     // Update operation description
-    var operation_description = "{/literal}{ts}add{/ts}{literal}";
+    var operation_description = "{/literal}{ts escape='js'}add{/ts}{literal}";
     var add_new_check_length = this_controls.find(".location_operation_checkbox input:checked").length;
     if (mainBlock != false) {
       if (add_new_check_length > 0) {

diff --git a/templates/CRM/Contact/Import/Form/MapTable.tpl b/templates/CRM/Contact/Import/Form/MapTable.tpl
index 9f11ba212f6f1eb6d7afdbc9950db801f157bbfa..19b6b94fb377c095e0159e2776a0b908af5a719c 100644 (file)
--- a/templates/CRM/Contact/Import/Form/MapTable.tpl
+++ b/templates/CRM/Contact/Import/Form/MapTable.tpl
@@ -175,7 +175,7 @@
             var select = $(this).next();
             $('option', select).each(function() {
               if ($(this).attr('value') == defaultLocationType
-              && $(this).text() == "{/literal}{$defaultLocationTypeLabel}{literal}") {
+                && $(this).text() == {/literal}{$defaultLocationTypeLabel|@json_encode}{literal}) {
                 select.val(defaultLocationType);
               }
             });

diff --git a/templates/CRM/Contribute/Form/AdditionalPayment.tpl b/templates/CRM/Contribute/Form/AdditionalPayment.tpl
index 4bc6dc0be0c16166341b79ea75338729d7cc32ed..cc735385803b8edac183b9fe5b943f2e81802275 100644 (file)
--- a/templates/CRM/Contribute/Form/AdditionalPayment.tpl
+++ b/templates/CRM/Contribute/Form/AdditionalPayment.tpl
@@ -121,7 +121,7 @@
     {literal}
     <script type="text/javascript">
 
-    var url = "{/literal}{$dataUrl}{literal}";
+    var url = {/literal}{$dataUrl|@json_encode}{literal};
 
       CRM.$(function($) {
         showHideByValue( 'is_email_receipt', '', 'notice', 'table-row', 'radio', false );

diff --git a/templates/CRM/Contribute/Form/Contribution.tpl b/templates/CRM/Contribute/Form/Contribution.tpl
index 2f7d27fc15fea5b28560065d63fa55bc07264fda..44f813d4be0b56bc635fa5f40674d63be6b9c551 100644 (file)
--- a/templates/CRM/Contribute/Form/Contribution.tpl
+++ b/templates/CRM/Contribute/Form/Contribution.tpl
@@ -385,7 +385,7 @@
       }
     }
 
-  var url = "{/literal}{$dataUrl}{literal}";
+  var url = {/literal}{$dataUrl|@json_encode}{literal};
 
   {/literal}
     {if $context eq 'standalone' and $outBound_option != 2 }
@@ -520,7 +520,7 @@ function buildAmount( priceSetId, financialtypeIds ) {
     // show/hide price set amount and total amount.
     cj("#totalAmountORPriceSet").show( );
     cj("#totalAmount").show( );
-    var choose = "{/literal}{ts}Choose price set{/ts}{literal}";
+    var choose = "{/literal}{ts escape='js'}Choose price set{/ts}{literal}";
     cj("#price_set_id option[value='']").html( choose );
 
     cj('label[for="total_amount"]').text('{/literal}{ts}Total Amount{/ts}{literal}');
@@ -554,7 +554,7 @@ function buildAmount( priceSetId, financialtypeIds ) {
 
   cj( "#totalAmountORPriceSet" ).hide( );
   cj( "#totalAmount").hide( );
-  var manual = "{/literal}{ts}Manual contribution amount{/ts}{literal}";
+  var manual = "{/literal}{ts escape='js'}Manual contribution amount{/ts}{literal}";
   cj("#price_set_id option[value='']").html( manual );
 
   cj('label[for="total_amount"]').text('{/literal}{ts}Price Sets{/ts}{literal}');

diff --git a/templates/CRM/Contribute/Page/PaymentInfo.tpl b/templates/CRM/Contribute/Page/PaymentInfo.tpl
index 0a4ffacecb2bc2810271766cfcd9974f545c4eab..4c9d8cc1f4fcc0d74ba303fae9c6c9ecdfe577dd 100644 (file)
--- a/templates/CRM/Contribute/Page/PaymentInfo.tpl
+++ b/templates/CRM/Contribute/Page/PaymentInfo.tpl
@@ -36,7 +36,7 @@ CRM.$(function($) {
         $("#payment-info").html(html).trigger('crmLoad');
       }
     });
-
+    // Fixme: Possible bug - the following line won't be processed by smarty because it's in a literal block
     var taxAmount = "{$totalTaxAmount}";
     if (taxAmount) {
       $('.total_amount-section').show();

diff --git a/templates/CRM/Custom/Form/ChangeFieldType.tpl b/templates/CRM/Custom/Form/ChangeFieldType.tpl
index 3977814ef20b41c3b0c7edb8685757baf75dad31..c86e943d1c536408c9781a562e88d2d670c38745 100644 (file)
--- a/templates/CRM/Custom/Form/ChangeFieldType.tpl
+++ b/templates/CRM/Custom/Form/ChangeFieldType.tpl
@@ -43,7 +43,7 @@
 {literal}
 <script type="text/Javascript">
   function checkCustomDataField( ) {
-    var srcHtmlType = '{/literal}{$srcHtmlType}{literal}';
+    var srcHtmlType = {/literal}{$srcHtmlType|@json_encode}{literal};
     var singleValOps = ['Text', 'Select', 'Radio', 'Autocomplete-Select'];
     var multiValOps  = ['CheckBox', 'Multi-Select'];
     var dstHtmlType = cj('#dst_html_type').val( );

diff --git a/templates/CRM/Custom/Form/Group.tpl b/templates/CRM/Custom/Form/Group.tpl
index d59a8b1e695688f73363a84ce975f597b059c47d..709b36cf06281c55ca4f26c0f56bef290a961072 100644 (file)
--- a/templates/CRM/Custom/Form/Group.tpl
+++ b/templates/CRM/Custom/Form/Group.tpl
@@ -93,7 +93,7 @@ CRM.$(function($) {
 
   $('#extends_0').each(showHideStyle).change(showHideStyle);
 
-  var isGroupEmpty = "{/literal}{$isGroupEmpty}{literal}";
+  var isGroupEmpty = {/literal}{$isGroupEmpty|@json_encode}{literal};
   if (isGroupEmpty) {
     showRange(true);
   }

diff --git a/templates/CRM/Event/Form/Participant.tpl b/templates/CRM/Event/Form/Participant.tpl
index 07de7971f3300e276cf604d24d0d50cb9d555aad..3fb2212b7b326949546088a627f4d6c411571c79 100644 (file)
--- a/templates/CRM/Event/Form/Participant.tpl
+++ b/templates/CRM/Event/Form/Participant.tpl
@@ -404,7 +404,7 @@
             return;
           }
 
-          var participantId  = "{/literal}{$participantId}{literal}";
+          var participantId  = {/literal}{$participantId|@json_encode}{literal};
 
           if (participantId) {
             dataUrl += '&participantId=' + participantId;

diff --git a/templates/CRM/Member/Form/Membership.tpl b/templates/CRM/Member/Form/Membership.tpl
index 5d3bb8eef60114ce5732c0a5abd8cf63c8aa3622..cdda8dd679693da987994c812ea695fdf7c8b1af 100644 (file)
--- a/templates/CRM/Member/Form/Membership.tpl
+++ b/templates/CRM/Member/Form/Membership.tpl
@@ -299,11 +299,10 @@
         // skip this for test and live modes because financial type is set automatically
         cj("#financial_type_id").val(allMemberships[memType]['financial_type_id']);
         var term = cj('#num_terms').val();
-        var taxRates = '{/literal}{$taxRates}{literal}';
-        var taxTerm = '{/literal}{$taxTerm}{literal}';
-        var taxRates = JSON.parse(taxRates);
+        var taxRates = {/literal}{$taxRates}{literal};
+        var taxTerm = {/literal}{$taxTerm|@json_encode}{literal};
         var taxRate = taxRates[allMemberships[memType]['financial_type_id']];
-        var currency = '{/literal}{$currency}{literal}';
+        var currency = {/literal}{$currency|@json_encode}{literal};
         var taxAmount = (taxRate/100)*allMemberships[memType]['total_amount_numeric'];
         taxAmount = isNaN (taxAmount) ? 0:taxAmount;
         if (term) {
@@ -541,10 +540,10 @@
       var action = {/literal}'{$action}'{literal};
 
       //for update lets hide it when not already recurring.
-      if ( action == 2 ) {
+      if (action == 2) {
         //user can't cancel auto renew by unchecking.
-        if ( cj("#auto_renew").prop('checked' ) ) {
-          cj("#auto_renew").attr( 'readonly', true );
+        if (cj("#auto_renew").prop('checked')) {
+          cj("#auto_renew").attr('readonly', true);
         }
         else {
           cj("#autoRenew").hide( );
@@ -552,16 +551,22 @@
       }
 
       //we should do all auto renew for cc memberships.
-      if ( !mode ) return;
+      if (!mode) {
+        return;
+      }
 
       //get the required values in case missing.
-      if ( !processorId )  processorId = cj( '#payment_processor_id' ).val( );
-      if ( !membershipType ) membershipType = parseInt( cj('#membership_type_id_1').val( ) );
+      if (!processorId) {
+        processorId = cj( '#payment_processor_id' ).val( );
+      }
+      if (!membershipType) {
+        membershipType = parseInt( cj('#membership_type_id_1').val( ) );
+      }
 
       //we don't have both required values.
-      if ( !processorId || !membershipType ) {
-        cj("#auto_renew").prop('checked', false );
-        cj("#autoRenew").hide( );
+      if (!processorId || !membershipType) {
+        cj("#auto_renew").prop('checked', false);
+        cj("#autoRenew").hide();
         showEmailOptions();
         return;
       }
@@ -570,26 +575,24 @@
       var autoRenewOptions = {/literal}{$autoRenewOptions}{literal};
       var currentOption    = autoRenewOptions[membershipType];
 
-      if ( !currentOption || !recurProcessors[processorId] ) {
+      if (!currentOption || !recurProcessors[processorId]) {
         cj("#auto_renew").prop('checked', false );
         cj("#autoRenew").hide();
         return;
       }
 
-      if ( currentOption == 1 ) {
-        cj("#autoRenew").show( );
-        if ( cj("#auto_renew").attr( 'readonly' ) ) {
-          cj("#auto_renew").prop('checked', false );
-          cj("#auto_renew").removeAttr( 'readonly' );
+      if (currentOption == 1) {
+        cj("#autoRenew").show();
+        if (cj("#auto_renew").attr('readonly')) {
+          cj("#auto_renew").prop('checked', false).removeAttr('readonly');
         }
       }
       else if ( currentOption == 2 ) {
-        cj("#autoRenew").show( );
-        cj("#auto_renew").prop('checked', true );
-        cj("#auto_renew").attr( 'readonly', true );
+        cj("#autoRenew").show();
+        cj("#auto_renew").prop('checked', true).attr('readonly', true);
       }
       else {
-        cj("#auto_renew").prop('checked', false );
+        cj("#auto_renew").prop('checked', false);
         cj("#autoRenew").hide( );
       }
       showEmailOptions();
@@ -599,21 +602,18 @@
 
     {literal}
 
-    var customDataType = '{/literal}{$customDataType}{literal}';
+    var customDataType = {/literal}{$customDataType|@json_encode}{literal};
 
     // load form during form rule.
     {/literal}{if $buildPriceSet}{literal}
-    cj( "#totalAmountORPriceSet" ).hide( );
-    cj( "#mem_type_id" ).hide( );
-    cj('#total_amount').attr("readonly", true);
-    cj( "#num_terms_row" ).hide( );
-    cj(".crm-membership-form-block-financial_type_id-mode").hide();
+      cj("#totalAmountORPriceSet, #mem_type_id, #num_terms_row, .crm-membership-form-block-financial_type_id-mode").hide();
+      cj('#total_amount').attr("readonly", true);
     {/literal}{/if}{literal}
 
     function buildAmount( priceSetId ) {
-  if ( !priceSetId ) {
-    priceSetId = cj("#price_set_id").val( );
-  }
+      if (!priceSetId) {
+        priceSetId = cj("#price_set_id").val();
+      }
         var fname = '#priceset';
         if ( !priceSetId ) {
         cj('#membership_type_id_1').val(0);
@@ -624,7 +624,7 @@
 
         // show/hide price set amount and total amount.
         cj( "#mem_type_id").show( );
-        var choose = "{/literal}{ts}Choose price set{/ts}{literal}";
+        var choose = "{/literal}{ts escape='js'}Choose price set{/ts}{literal}";
         cj("#price_set_id option[value='']").html( choose );
         cj( "#totalAmountORPriceSet" ).show( );
         cj('#total_amount').removeAttr("readonly");
@@ -632,16 +632,13 @@
         cj(".crm-membership-form-block-financial_type_id-mode").show();
 
         {/literal}{if $allowAutoRenew}{literal}
-        cj('#autoRenew').hide();
-        var autoRenew = cj("#auto_renew");
-        autoRenew.removeAttr( 'readOnly' );
-        autoRenew.prop('checked', false );
+          cj('#autoRenew').hide();
+          cj("#auto_renew").removeAttr('readOnly').prop('checked', false );
         {/literal}{/if}{literal}
         return;
       }
 
-      cj( "#total_amount" ).val( '' );
-      cj('#total_amount').attr("readonly", true);
+      cj( "#total_amount" ).val('').attr("readonly", true);
 
       var dataUrl = {/literal}"{crmURL h=0 q='snippet=4'}"{literal} + '&priceSetId=' + priceSetId;
 
@@ -655,7 +652,7 @@
 
       cj( "#totalAmountORPriceSet" ).hide( );
       cj( "#mem_type_id" ).hide( );
-      var manual = "{/literal}{ts}Manual membership and price{/ts}{literal}";
+      var manual = "{/literal}{ts escape='js'}Manual membership and price{/ts}{literal}";
       cj("#price_set_id option[value='']").html( manual );
       cj( "#num_terms_row" ).hide( );
       cj(".crm-membership-form-block-financial_type_id-mode").hide();
@@ -711,14 +708,12 @@
         {/literal}{if $allowAutoRenew}{literal}
         cj('#autoRenew').hide();
         var autoRenew = cj("#auto_renew");
-        autoRenew.removeAttr( 'readOnly' );
-        autoRenew.prop('checked', false );
-        if ( autoRenewOption == 1 ) {
+        autoRenew.removeAttr('readOnly').prop('checked', false );
+        if (autoRenewOption == 1) {
           cj('#autoRenew').show();
         }
-        else if ( autoRenewOption == 2 ) {
-          autoRenew.attr( 'readOnly', true );
-          autoRenew.prop('checked',  true );
+        else if (autoRenewOption == 2) {
+          autoRenew.attr('readOnly', true).prop('checked',  true );
           cj('#autoRenew').show();
         }
         {/literal}{/if}{literal}

diff --git a/templates/CRM/Profile/Form/GreetingType.tpl b/templates/CRM/Profile/Form/GreetingType.tpl
index d23a64f47604609c510a87104d4bbbb6b3bce63f..14e5c808f0c1b7a5d3a9dd841839817f2de95a2e 100644 (file)
--- a/templates/CRM/Profile/Form/GreetingType.tpl
+++ b/templates/CRM/Profile/Form/GreetingType.tpl
@@ -27,7 +27,7 @@
 <span>{$form.$n.html|crmAddClass:big}</span>&nbsp;<span id="{$customGreeting}_html" class="hiddenElement">{$form.$customGreeting.html|crmAddClass:big}</span>
 
 <script type="text/javascript">
-var fieldName = '{$n}';
+var fieldName = {$n|@json_encode};
 {literal}
 cj( "#" + fieldName ).change( function( ) {
     var fldName = cj(this).attr( 'id' );

diff --git a/templates/CRM/common/deferredFinancialType.tpl b/templates/CRM/common/deferredFinancialType.tpl
index 36f841ed177e29661169e774187592ec7127e114..f94e29f03ed66e5302b8ac576fa59b52ba4f6d68 100644 (file)
--- a/templates/CRM/common/deferredFinancialType.tpl
+++ b/templates/CRM/common/deferredFinancialType.tpl
@@ -30,9 +30,9 @@
 CRM.$(function($) {
   var more = $('.crm-button input.validate').click(function(e) {
     var message = "{/literal} {if $context eq 'Event'}
-        {ts}Note: Revenue for this event registration will not be deferred as the financial type does not have a deferred revenue account setup for it. If you want the revenue to be deferred, please select a different Financial Type with a Deferred Revenue account setup for it, or setup a Deferred Revenue account for this Financial Type.{/ts}
+        {ts escape='js'}Note: Revenue for this event registration will not be deferred as the financial type does not have a deferred revenue account setup for it. If you want the revenue to be deferred, please select a different Financial Type with a Deferred Revenue account setup for it, or setup a Deferred Revenue account for this Financial Type.{/ts}
       {else if $context eq 'MembershipType'}
-        {ts}Note: Revenue for these types of memberships will not be deferred as the financial type does not have a deferred revenue account setup for it. If you want the revenue to be deferred, please select a different Financial Type with a Deferred Revenue account setup for it, or setup a Deferred Revenue account for this Financial Type.{/ts}
+        {ts escape='js'}Note: Revenue for these types of memberships will not be deferred as the financial type does not have a deferred revenue account setup for it. If you want the revenue to be deferred, please select a different Financial Type with a Deferred Revenue account setup for it, or setup a Deferred Revenue account for this Financial Type.{/ts}
       {/if}
     {literal}";
     var deferredFinancialType = {/literal}{$deferredFinancialType|@json_encode}{literal};

diff --git a/templates/CRM/common/importProgress.tpl b/templates/CRM/common/importProgress.tpl
index b0666c3d886cb36212d6c94d2932a93d2673182c..e5f538d9bc124946fcf7f001ae0262ff63c09aed 100644 (file)
--- a/templates/CRM/common/importProgress.tpl
+++ b/templates/CRM/common/importProgress.tpl
@@ -36,7 +36,7 @@ CRM.$(function($) {
     }
   });
   function setIntermediate() {
-    var dataUrl = "{/literal}{$statusUrl}{literal}";
+    var dataUrl = {/literal}{$statusUrl|@json_encode}{literal};
     $.getJSON(dataUrl, function(response) {
       var dataStr = response.toString();
       var result  = dataStr.split(",");

diff --git a/templates/CRM/common/paymentBlock.tpl b/templates/CRM/common/paymentBlock.tpl
index 57cc8c3ae6b4416bc412e0af06add98686ee4416..d176e102266c2aef0475a333f012a416f9341318 100644 (file)
--- a/templates/CRM/common/paymentBlock.tpl
+++ b/templates/CRM/common/paymentBlock.tpl
@@ -64,7 +64,7 @@
    */
   function skipPaymentMethod() {
     var isHide = false;
-    var isMultiple = '{/literal}{$event.is_multiple_registrations}{literal}';
+    var isMultiple = {/literal}{$event.is_multiple_registrations|@json_encode}{literal};
     var alwaysShowFlag = (isMultiple && cj("#additional_participants").val());
     var alwaysHideFlag = (cj("#bypass_payment").val() == 1);
     var total_amount_tmp =  cj('#pricevalue').data('raw-total');