annotate app/main/member/history.lua @ 46:aaba4d28dd53
Added missing HTML encoding for page titles (security fix!)
| author |
bsw |
| date |
Mon Mar 15 03:04:19 2010 +0100 (2010-03-15) |
| parents |
0ee1e0c42d4c |
| children |
07177cd8c256 |
| rev |
line source |
|
bsw@9
|
1 local member = Member:by_id(param.get_id())
|
|
bsw@9
|
2
|
|
bsw@46
|
3 slot.put_into("title", encode.html(_("Member name history for '#{name}'", { name = member.name })))
|
|
bsw@9
|
4
|
|
bsw@9
|
5 slot.select("actions", function()
|
|
bsw@9
|
6 ui.link{
|
|
bsw@9
|
7 content = function()
|
|
bsw@9
|
8 ui.image{ static = "icons/16/cancel.png" }
|
|
bsw@9
|
9 slot.put(_"Back")
|
|
bsw@9
|
10 end,
|
|
bsw@9
|
11 module = "member",
|
|
bsw@9
|
12 view = "show",
|
|
bsw@9
|
13 id = member.id
|
|
bsw@9
|
14 }
|
|
bsw@9
|
15 end)
|
|
bsw@9
|
16
|
|
bsw@9
|
17 local entries = member:get_reference_selector("history_entries"):add_order_by("id DESC"):exec()
|
|
bsw@9
|
18
|
|
bsw@9
|
19 ui.tag{
|
|
bsw@9
|
20 tag = "table",
|
|
bsw@9
|
21 content = function()
|
|
bsw@9
|
22 ui.tag{
|
|
bsw@9
|
23 tag = "tr",
|
|
bsw@9
|
24 content = function()
|
|
bsw@9
|
25 ui.tag{
|
|
bsw@9
|
26 tag = "th",
|
|
bsw@9
|
27 content = _("Name")
|
|
bsw@9
|
28 }
|
|
bsw@9
|
29 ui.tag{
|
|
bsw@9
|
30 tag = "th",
|
|
bsw@9
|
31 content = _("Used until")
|
|
bsw@9
|
32 }
|
|
bsw@9
|
33 end
|
|
bsw@9
|
34 }
|
|
bsw@9
|
35 ui.tag{
|
|
bsw@9
|
36 tag = "tr",
|
|
bsw@9
|
37 content = function()
|
|
bsw@9
|
38 ui.tag{
|
|
bsw@9
|
39 tag = "td",
|
|
bsw@9
|
40 content = member.name
|
|
bsw@9
|
41 }
|
|
bsw@9
|
42 ui.tag{
|
|
bsw@9
|
43 tag = "td",
|
|
bsw@9
|
44 content = _"continuing"
|
|
bsw@9
|
45 }
|
|
bsw@9
|
46 end
|
|
bsw@9
|
47 }
|
|
bsw@9
|
48 for i, entry in ipairs(entries) do
|
|
bsw@9
|
49 local display = false
|
|
bsw@9
|
50 if (i == 1) then
|
|
bsw@9
|
51 if entry.name ~= member.name then
|
|
bsw@9
|
52 display = true
|
|
bsw@9
|
53 end
|
|
bsw@9
|
54 elseif entry.name ~= entries[i-1].name then
|
|
bsw@9
|
55 display = true
|
|
bsw@9
|
56 end
|
|
bsw@9
|
57 if display then
|
|
bsw@9
|
58 ui.tag{
|
|
bsw@9
|
59 tag = "tr",
|
|
bsw@9
|
60 content = function()
|
|
bsw@9
|
61 ui.tag{
|
|
bsw@9
|
62 tag = "td",
|
|
bsw@9
|
63 content = entry.name
|
|
bsw@9
|
64 }
|
|
bsw@9
|
65 ui.tag{
|
|
bsw@9
|
66 tag = "td",
|
|
bsw@9
|
67 content = format.timestamp(entry["until"])
|
|
bsw@9
|
68 }
|
|
bsw@9
|
69 end
|
|
bsw@9
|
70 }
|
|
bsw@9
|
71 end
|
|
bsw@9
|
72 end
|
|
bsw@9
|
73 end
|
|
bsw@9
|
74 }
|
|
bsw@9
|
75 slot.put("<br />")
|
|
bsw@9
|
76 ui.container{
|
|
bsw@9
|
77 content = _("This member account has been created at #{created}", { created = format.timestamp(member.created)})
|
|
bsw@9
|
78 }
|