From 4e8a42b55b7dfce191bd84a1ed31b3831db9f7fb Mon Sep 17 00:00:00 2001
From: Michael Andreen <harv@ruin.nu>
Date: Wed, 9 Jan 2008 15:34:01 +0100
Subject: [PATCH] default_escape on the templates

---
 NDWeb/Include.pm          | 2 +-
 NDWeb/Pages/AddIntel.pm   | 2 +-
 NDWeb/Pages/Calls.pm      | 4 ++--
 NDWeb/Pages/Intel.pm      | 2 +-
 NDWeb/Pages/Main.pm       | 2 +-
 NDWeb/XMLPage.pm          | 3 ++-
 templates/calls.tmpl      | 2 +-
 templates/editRaid.tmpl   | 4 ++--
 templates/forum.tmpl      | 2 +-
 templates/intel.tmpl      | 2 +-
 templates/main.tmpl       | 4 ++--
 templates/raids.tmpl      | 4 ++--
 templates/viewthread.tmpl | 2 +-
 13 files changed, 18 insertions(+), 17 deletions(-)

diff --git a/NDWeb/Include.pm b/NDWeb/Include.pm
index 2f062bc..5794b46 100644
--- a/NDWeb/Include.pm
+++ b/NDWeb/Include.pm
@@ -65,7 +65,7 @@ sub alliances {
 	my ($alliance) = @_;
 	my @alliances;
 	$alliance = -1 unless defined $alliance;
-	push @alliances,{Id => -1, Name => '&nbsp;', Selected => not $alliance};
+	push @alliances,{Id => -1, Name => '', Selected => not $alliance};
 	my $query = $ND::DBH->prepare(q{SELECT id,name FROM alliances ORDER BY LOWER(name)});
 	$query->execute;	
 	while (my $ally = $query->fetchrow_hashref){
diff --git a/NDWeb/Pages/AddIntel.pm b/NDWeb/Pages/AddIntel.pm
index 529d4c2..834fb0d 100644
--- a/NDWeb/Pages/AddIntel.pm
+++ b/NDWeb/Pages/AddIntel.pm
@@ -95,7 +95,7 @@ sub render_body {
 				}
 			}
 			if (my $thread = addForumThread $DBH,$board,$ND::UID,$subject){
-				$error .= p 'Intel message added' if addForumPost $DBH,$thread,$ND::UID,param('intel')
+				$error .= 'Intel message added' if addForumPost $DBH,$thread,$ND::UID,param('intel')
 			}
 		}
 	}
diff --git a/NDWeb/Pages/Calls.pm b/NDWeb/Pages/Calls.pm
index 9ab76dd..27e88de 100644
--- a/NDWeb/Pages/Calls.pm
+++ b/NDWeb/Pages/Calls.pm
@@ -123,7 +123,7 @@ sub render_body {
 		$BODY->param(DefensePoints => $call->{defense_points});
 		$BODY->param(LandingTick => $call->{landing_tick});
 		$BODY->param(ETA => $call->{landing_tick}-$self->{TICK});
-		$BODY->param(Info => escapeHTML $call->{info});
+		$BODY->param(Info => $call->{info});
 		$BODY->param(DC => $call->{dc});
 		$BODY->param(Member => $call->{member});
 		$BODY->param(SMS => $call->{sms});
@@ -294,7 +294,7 @@ sub render_body {
 			$call->{dcstyle} = 'Hostile' unless defined $call->{dc};
 			$i++;
 			$call->{ODD} = $i % 2;
-			$call->{shiptype} = escapeHTML($call->{shiptype});
+			$call->{shiptype} = $call->{shiptype};
 			push @calls, $call;
 		}
 		$BODY->param(Calls => \@calls);
diff --git a/NDWeb/Pages/Intel.pm b/NDWeb/Pages/Intel.pm
index b129265..3dc69b2 100644
--- a/NDWeb/Pages/Intel.pm
+++ b/NDWeb/Pages/Intel.pm
@@ -158,7 +158,7 @@ sub render_body {
 		$BODY->param(Nick => escapeHTML($planet->{nick}));
 		$BODY->param(Channel => $planet->{channel});
 		my @status;
-		for my $status ("&nbsp;","Friendly", "NAP", "Hostile"){
+		for my $status ("","Friendly", "NAP", "Hostile"){
 			push @status,{Status => $status, Selected => defined $planet->{planet_status} && $status eq $planet->{planet_status}}
 		}
 		$BODY->param(PlanetStatus => \@status);
diff --git a/NDWeb/Pages/Main.pm b/NDWeb/Pages/Main.pm
index 8bcbdc4..62d91f3 100644
--- a/NDWeb/Pages/Main.pm
+++ b/NDWeb/Pages/Main.pm
@@ -177,7 +177,7 @@ sub render_body {
 		}
 		$i++;
 		$call->{ODD} = $i % 2;
-		$call->{shiptype} = escapeHTML($call->{shiptype});
+		$call->{shiptype} = $call->{shiptype};
 		push @calls, $call;
 	}
 	$BODY->param(Calls => \@calls);
diff --git a/NDWeb/XMLPage.pm b/NDWeb/XMLPage.pm
index eb25c68..76c6374 100644
--- a/NDWeb/XMLPage.pm
+++ b/NDWeb/XMLPage.pm
@@ -90,7 +90,8 @@ sub render : method {
 		$template = HTML::Template->new(filename => "templates/xml.tmpl", cache => 1);
 		$body = HTML::Template->new(filename => "templates/$self->{PAGE}.xml.tmpl", cache => 1);
 	}else{
-		$body = HTML::Template->new(filename => "templates/$self->{PAGE}.tmpl", global_vars => 1, cache => 1);
+		$body = HTML::Template->new(filename => "templates/$self->{PAGE}.tmpl", global_vars => 1
+			, cache => 1, default_escape => 'HTML');
 		$body->param(PAGE => $self->{PAGE});
 	}
 
diff --git a/templates/calls.tmpl b/templates/calls.tmpl
index 467fcd4..63dde79 100644
--- a/templates/calls.tmpl
+++ b/templates/calls.tmpl
@@ -157,7 +157,7 @@
 		<td><TMPL_VAR NAME=Shiptype></td>
 		<td><TMPL_VAR NAME=Curreta> (<TMPL_VAR NAME=Eta>)</td>
 		<td><TMPL_VAR NAME=Alliance></td>
-		<td><TMPL_VAR NAME=Attackers></td>
+		<td><TMPL_VAR ESCAPE=NONE NAME=Attackers></td>
 	</tr>
 </TMPL_LOOP>
 </table>
diff --git a/templates/editRaid.tmpl b/templates/editRaid.tmpl
index 0b176c3..13ae19d 100644
--- a/templates/editRaid.tmpl
+++ b/templates/editRaid.tmpl
@@ -36,7 +36,7 @@
 		</div>
 		<div class="leftinfo">
 			<p>Raid message here</p>
-			<textarea rows="15" cols="40" name="message"><TMPL_VAR NAME=Message></textarea>
+			<textarea rows="15" cols="40" name="message"><TMPL_VAR ESCAPE=NONE NAME=Message></textarea>
 		</div>
 		<div class="leftinfo">
 			<p>List all target coords here</p>
@@ -94,7 +94,7 @@
 	</div>
 	<div class="leftinfo">
 	<p>	Comment:<br/>
-		<textarea rows="5" cols="20" name="comment:<TMPL_VAR NAME=Id>"><TMPL_VAR NAME=Comment></textarea>
+		<textarea rows="5" cols="20" name="comment:<TMPL_VAR NAME=Id>"><TMPL_VAR ESCAPE=NONE NAME=Comment></textarea>
 	</p>
 	<TMPL_VAR NAME=PlanetScan>
 	</div>
diff --git a/templates/forum.tmpl b/templates/forum.tmpl
index f1b3b26..b74de1f 100644
--- a/templates/forum.tmpl
+++ b/templates/forum.tmpl
@@ -10,7 +10,7 @@
 <TMPL_IF Thread>
 
 <TMPL_IF Moderate><a href="/<TMPL_VAR NAME=PAGE>?t=<TMPL_VAR NAME=FTID>;cmd=<TMPL_VAR NAME=Sticky>">Make this thread <TMPL_VAR NAME=Sticky></a></TMPL_IF>
-<TMPL_VAR Thread>
+<TMPL_VAR ESCAPE=NONE Thread>
 </TMPL_IF>
 <TMPL_IF ViewBoard>
 <p><a href="/<TMPL_VAR NAME=PAGE>?b=<TMPL_VAR NAME=Id>;markAsRead=<TMPL_VAR ESCAPE=URL NAME=DATE>">Mark threads as read</a></p>
diff --git a/templates/intel.tmpl b/templates/intel.tmpl
index 4158ad6..20a4607 100644
--- a/templates/intel.tmpl
+++ b/templates/intel.tmpl
@@ -79,7 +79,7 @@
 
 <TMPL_IF Thread>
 <div>
-<TMPL_VAR NAME=Thread>
+<TMPL_VAR ESCAPE=NONE NAME=Thread>
 <form action="<TMPL_VAR NAME=PAGE>#NewPosts" method="post"><fieldset class="forum-post"> <legend>New Reply</legend>
 	<textarea rows="10" cols="60" name="message"></textarea>
 	<input type="hidden" name="cmd" value="forumpost"/>
diff --git a/templates/main.tmpl b/templates/main.tmpl
index 5356cdd..7dd2a46 100644
--- a/templates/main.tmpl
+++ b/templates/main.tmpl
@@ -1,7 +1,7 @@
 <TMPL_VAR NAME=Error>
 <div class="leftinfo">
 <fieldset class="forum-post"> <legend>Message from HC<TMPL_IF isHC> <a href="motd?">EDIT</a></TMPL_IF></legend>
-	<TMPL_VAR NAME=MOTD>
+	<TMPL_VAR ESCAPE=NONE NAME=MOTD>
 </fieldset>
 </div>
 <TMPL_IF PLANET>
@@ -50,7 +50,7 @@
 		<td><TMPL_VAR NAME=Shiptype></td>
 		<td><TMPL_VAR NAME=Curreta></td>
 		<td><TMPL_VAR NAME=Eta></td>
-		<td><TMPL_VAR NAME=Attackers></td>
+		<td><TMPL_VAR ESCAPE=NONE NAME=Attackers></td>
 	</tr>
 </TMPL_LOOP>
 </table>
diff --git a/templates/raids.tmpl b/templates/raids.tmpl
index af9bc30..203d31c 100644
--- a/templates/raids.tmpl
+++ b/templates/raids.tmpl
@@ -52,7 +52,7 @@
 	<p><b style="color: red;">DO NOT JOIN A WAVE UNLESS YOU HAVE PERMISSION FROM THE PERSON WHO CLAIMED IT</b></p>
 	<p><b style="color: purple;">COORDS ARE NOT SHOWN UNTIL AT LEAST 10 MIN AFTER YOUR CLAIM</b></p>
 	<p>Landing tick first wave: <TMPL_VAR NAME=LandingTick></p>
-	<TMPL_VAR NAME=Message>
+	<TMPL_VAR ESCAPE=NONE NAME=Message>
 </fieldset>
 
 <TMPL_IF Ajax>
@@ -81,7 +81,7 @@
 	</ul>
 	<TMPL_IF Comment>
 		<fieldset> <legend>Comment</legend>
-			<TMPL_VAR NAME=Comment>
+			<TMPL_VAR ESCAPE=NONE NAME=Comment>
 		</fieldset>
 	</TMPL_IF>
 	<table>
diff --git a/templates/viewthread.tmpl b/templates/viewthread.tmpl
index 8086162..0bf6719 100644
--- a/templates/viewthread.tmpl
+++ b/templates/viewthread.tmpl
@@ -5,7 +5,7 @@
 </TMPL_IF>
 <fieldset class="forum-post">
 <legend class="unread:<TMPL_VAR NAME=Unread>"><b><TMPL_VAR NAME=Username></b> : <TMPL_VAR NAME=Time></legend>
-	<TMPL_VAR NAME=Message>
+	<TMPL_VAR ESCAPE=NONE NAME=Message>
 </fieldset>
 </TMPL_LOOP>
 <TMPL_IF Post>
-- 
2.39.2