' . ( ! empty( $img ) ? button( $img, '', '', '" title="' . $img_title ) . ' ' : '' );
+ $parents .= '
';
}
diff --git a/functions/Inputs.php b/functions/Inputs.php
index 2c98d73f9..04df25f1c 100644
--- a/functions/Inputs.php
+++ b/functions/Inputs.php
@@ -497,12 +497,6 @@ function TinyMCEInput( $value, $name, $title = '', $extra = '' )
$wrapper = '
';
}
-
- $extra = str_replace(
- [ 'class="', "class='" ],
- [ 'class="tinymce ', "class='tinymce " ],
- $extra
- );
}
if ( mb_strpos( (string) $extra, 'required' ) !== false )
@@ -1595,8 +1589,8 @@ function NoInput( $value, $title = '' )
$value .
'' . $ftitle;
}
- else
- return $value . $ftitle;
+
+ return $value . $ftitle;
}
@@ -1613,15 +1607,15 @@ function NoInput( $value, $title = '' )
*/
function CheckBoxOnclick( $name, $title = '' )
{
- $onclick_URL = "'" . PreparePHP_SELF(
+ $onclick_URL = PreparePHP_SELF(
$_REQUEST,
[],
isset( $_REQUEST[ $name ] ) && $_REQUEST[ $name ] == 'Y' ? [ $name => '' ] : [ $name => 'Y' ]
- ) . "'";
+ );
$input = '
';
+ ' onclick="' . AttrEscape( 'ajaxLink(' . json_encode( $onclick_URL ) . ');' ) . '" />';
if ( $title != '' )
{
diff --git a/functions/Prompts.php b/functions/Prompts.php
index 1448ef030..b7d95420e 100644
--- a/functions/Prompts.php
+++ b/functions/Prompts.php
@@ -41,11 +41,11 @@ function DeletePrompt( $title, $action = 'Delete', $remove_modfunc_on_cancel = t
PopTable( 'header', _( 'Confirm' ) . ( mb_strpos( $action, ' ' ) === false ? ' '. $action : '' ) );
echo '
' . button( 'warning', '', '', 'bigger' ) .
- '
' . sprintf( _( 'Are you sure you want to %s that %s?' ), $action, $title ) . '
+ '' . sprintf( _( 'Are you sure you want to %s that %s?' ), $action, $title ) . '
';
diff --git a/modules/Accounting/DailyTransactions.php b/modules/Accounting/DailyTransactions.php
index ac4607410..0cdca4201 100644
--- a/modules/Accounting/DailyTransactions.php
+++ b/modules/Accounting/DailyTransactions.php
@@ -50,7 +50,7 @@ function _programMenu( $program )
'totals' => _( 'Daily Totals' ),
],
false,
- 'onchange="ajaxLink(\'' . $link . '\' + this.value);" autocomplete="off"',
+ 'onchange="' . AttrEscape( 'ajaxLink(' . json_encode( $link ) . ' + this.value);' ) . '" autocomplete="off"',
false
);
diff --git a/modules/Attendance/Administration.php b/modules/Attendance/Administration.php
index 8a3fc87a5..26f636c48 100644
--- a/modules/Attendance/Administration.php
+++ b/modules/Attendance/Administration.php
@@ -522,8 +522,8 @@
button(
'add',
'',
- '"#" onclick=\'javascript:addHTML("' . str_replace( '"', '\"', _makeCodeSearch() ) .
- '","code_pulldowns"); return false;\''
+ '"#" onclick="' . AttrEscape( 'addHTML(' . json_encode( _makeCodeSearch() ) .
+ ',\'code_pulldowns\'); return false;' ) . '"'
) . '
' . $code_pulldowns . ' | ' .
'
' . $current_student_link . ' | ';
diff --git a/modules/Attendance/Administration_fast.old.php b/modules/Attendance/Administration_fast.old.php
index f8ec380b2..eaa0bc3ff 100644
--- a/modules/Attendance/Administration_fast.old.php
+++ b/modules/Attendance/Administration_fast.old.php
@@ -212,7 +212,14 @@
'">' . _( 'Current Student' ) . '
';
}
- DrawHeader( PrepareDate( $date, '_date' ), '' . $current_student_link . button( 'add', '', "# onclick='javascript:addHTML(\"" . str_replace( '"', '\"', _makeCodeSearch() ) . "\",\"code_pulldowns\"); return false;'" ) . ' | ' . $code_pulldowns . ' | ' );
+ DrawHeader(
+ PrepareDate( $date, '_date' ),
+ '' . $current_student_link .
+ button(
+ 'add',
+ '',
+ '"#" onclick="' . AttrEscape( 'addHTML(' . json_encode( _makeCodeSearch() ) . ',\'code_pulldowns\'); return false;' ) . '"'
+ ) . ' | ' . $code_pulldowns . ' | ' );
$_REQUEST['search_modfunc'] = 'list';
Search( 'student_id', $extra );
diff --git a/modules/Attendance/DailySummary.php b/modules/Attendance/DailySummary.php
index 1cb00669b..369d790d3 100644
--- a/modules/Attendance/DailySummary.php
+++ b/modules/Attendance/DailySummary.php
@@ -36,7 +36,7 @@
'absence' => _( 'Absence Summary' ),
],
false,
- 'onchange="ajaxLink(\'' . $report_link . '\' + this.value);" autocomplete="off"',
+ 'onchange="' . AttrEscape( 'ajaxLink(' . json_encode( $report_link ) . ' + this.value);' ) . '" autocomplete="off"',
false
);
diff --git a/modules/Attendance/Percent.php b/modules/Attendance/Percent.php
index a8db21ea9..e65e5a788 100644
--- a/modules/Attendance/Percent.php
+++ b/modules/Attendance/Percent.php
@@ -20,7 +20,7 @@
'true' => _( 'Average Attendance by Day' ),
],
false,
- 'onchange="ajaxLink(\'' . $report_link . '\' + this.value);" autocomplete="off"',
+ 'onchange="' . AttrEscape( 'ajaxLink(' . json_encode( $report_link ) . ' + this.value);' ) . '" autocomplete="off"',
false
);
diff --git a/modules/Attendance/TakeAttendance.php b/modules/Attendance/TakeAttendance.php
index 7da2ae22f..34478c067 100644
--- a/modules/Attendance/TakeAttendance.php
+++ b/modules/Attendance/TakeAttendance.php
@@ -66,7 +66,7 @@
issetVal( $_REQUEST['school_period'] ),
'school_period',
'',
- 'autocomplete="off" onchange=\'ajaxLink(' . json_encode( PreparePHP_SELF( [], [ 'school_period' ] ) ) . ' + "&school_period=" + this.value);\''
+ 'autocomplete="off" onchange="' . AttrEscape( 'ajaxLink(' . json_encode( PreparePHP_SELF( [], [ 'school_period' ] ) ) . ' + "&school_period=" + this.value);' ) . '"'
);
if ( SchoolInfo( 'NUMBER_DAYS_ROTATION' ) !== null )
diff --git a/modules/Grades/Assignments.php b/modules/Grades/Assignments.php
index 7f264dc01..afd7b1b9c 100644
--- a/modules/Grades/Assignments.php
+++ b/modules/Grades/Assignments.php
@@ -522,11 +522,12 @@
if ( $is_assignment
|| ! $assignment_type_has_assignments )
{
- $delete_url = "'" . URLEscape( "Modules.php?modname=" . $_REQUEST['modname'] .
+ $delete_url = URLEscape( "Modules.php?modname=" . $_REQUEST['modname'] .
'&modfunc=delete&assignment_type_id=' . $_REQUEST['assignment_type_id'] .
- '&assignment_id=' . $_REQUEST['assignment_id'] ) . "'";
+ '&assignment_id=' . $_REQUEST['assignment_id'] );
- $delete_button = '';
+ $delete_button = '';
}
}
diff --git a/modules/Grades/Grades.php b/modules/Grades/Grades.php
index 9bdb6bfdd..b22e08737 100644
--- a/modules/Grades/Grades.php
+++ b/modules/Grades/Grades.php
@@ -507,15 +507,15 @@
$stu_RET = GetStuList( $extra );
//echo ''; var_dump($stu_RET); echo ' ';
-$type_onchange_URL = "'" . URLEscape( "Modules.php?modname=" . $_REQUEST['modname'] .
+$type_onchange_URL = URLEscape( "Modules.php?modname=" . $_REQUEST['modname'] .
'&include_inactive=' . $_REQUEST['include_inactive'] .
'&include_all=' . $_REQUEST['include_all'] .
( $_REQUEST['assignment_id'] === 'all' ? '&assignment_id=all' : '' ) .
( UserStudentID() ? '&student_id=' . UserStudentID() : '' ) .
- "&type_id=" ) . "'";
+ "&type_id=" );
-$type_select = ' |