use print_hidden() for hidden dojo form fields

328118d1 · Andrew Dolgov · 8cf37284 · 328118d1 · 328118d1 · 328118d1
Commit 328118d1 authored Feb 10, 2017 by Andrew Dolgov
14 changed files
--- a/classes/article.php
+++ b/classes/article.php
@@ -202,9 +202,9 @@ class Article extends Handler_Protected {

 		$tags_str = join(", ", $tags);

-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$param\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"article\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"setArticleTags\">";
+		print_hidden("id", "$param");
+		print_hidden("op", "article");
+		print_hidden("method", "setArticleTags");

 		print "<table width='100%'><tr><td>";


--- a/classes/feeds.php
+++ b/classes/feeds.php
@@ -1027,8 +1027,8 @@ class Feeds extends Handler_Protected {
 	}

 	function quickAddFeed() {
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"rpc\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"addfeed\">";
+		print_hidden("op", "rpc");
+		print_hidden("method", "addfeed");

 		print "<div id='fadd_error_message' style='display : none' class='alert alert-danger'></div>";

@@ -1111,8 +1111,8 @@ class Feeds extends Handler_Protected {

 		$browser_search = $this->dbh->escape_string($_REQUEST["search"]);

-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"rpc\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"updateFeedBrowser\">";
+		print_hidden("op", "rpc");
+		print_hidden("method", "updateFeedBrowser");

 		print "<div dojoType=\"dijit.Toolbar\">
 			<div style='float : right'>

--- a/classes/pref/feeds.php
+++ b/classes/pref/feeds.php
@@ -548,9 +548,9 @@ class Pref_Feeds extends Handler_Protected {
 		$title = htmlspecialchars($this->dbh->fetch_result($result,
 			0, "title"));

-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$feed_id\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-feeds\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"editSave\">";
+		print_hidden("id", "$feed_id");
+		print_hidden("op", "pref-feeds");
+		print_hidden("method", "editSave");

 		print "<div class=\"dlgSec\">".__("Feed")."</div>";
 		print "<div class=\"dlgSecCont\">";
@@ -816,9 +816,9 @@ class Pref_Feeds extends Handler_Protected {

 		print "<p>";

-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"ids\" value=\"$feed_ids\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-feeds\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"batchEditSave\">";
+		print_hidden("ids", "$feed_ids");
+		print_hidden("op", "pref-feeds");
+		print_hidden("method", "batchEditSave");

 		print "<div class=\"dlgSec\">".__("Feed")."</div>";
 		print "<div class=\"dlgSecCont\">";
@@ -1812,8 +1812,8 @@ class Pref_Feeds extends Handler_Protected {
 	}

 	function batchSubscribe() {
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-feeds\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"batchaddfeeds\">";
+		print_hidden("op", "pref-feeds");
+		print_hidden("method", "batchaddfeeds");

 		print "<table width='100%'><tr><td>
 			".__("Add one valid RSS feed per line (no feed detection is done)")."

--- a/classes/pref/filters.php
+++ b/classes/pref/filters.php
@@ -340,10 +340,10 @@ class Pref_Filters extends Handler_Protected {

 		print "<form id=\"filter_edit_form\" onsubmit='return false'>";

-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-filters\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$filter_id\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"editSave\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"csrf_token\" value=\"".$_SESSION['csrf_token']."\">";
+		print_hidden("op", "pref-filters");
+		print_hidden("id", "$filter_id");
+		print_hidden("method", "editSave");
+		print_hidden("csrf_token", $_SESSION['csrf_token']);

 		print "<div class=\"dlgSec\">".__("Caption")."</div>";

@@ -816,9 +816,9 @@ class Pref_Filters extends Handler_Protected {

 		print "<form name='filter_new_form' id='filter_new_form'>";

-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-filters\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"add\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"csrf_token\" value=\"".$_SESSION['csrf_token']."\">";
+		print_hidden("op", "pref-filters");
+		print_hidden("method", "add");
+		print_hidden("csrf_token", $_SESSION['csrf_token']);

 		print "<div class=\"dlgSec\">".__("Caption")."</div>";


--- a/classes/pref/labels.php
+++ b/classes/pref/labels.php
@@ -15,9 +15,9 @@ class Pref_Labels extends Handler_Protected {

 		$line = $this->dbh->fetch_assoc($result);

-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$label_id\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-labels\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"save\">";
+		print_hidden("id", "$label_id");
+		print_hidden("op", "pref-labels");
+		print_hidden("method", "save");

 		print "<div class=\"dlgSec\">".__("Caption")."</div>";


--- a/classes/pref/prefs.php
+++ b/classes/pref/prefs.php
@@ -226,8 +226,8 @@ class Pref_Prefs extends Handler_Protected {

 		print "</table>";

-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changeemail\">";
+		print_hidden("op", "pref-prefs");
+		print_hidden("method", "changeemail");

 		print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
 			__("Save data")."</button>";
@@ -305,8 +305,8 @@ class Pref_Prefs extends Handler_Protected {

 			print "</table>";

-			print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
-			print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changepassword\">";
+			print_hidden("op", "pref-prefs");
+			print_hidden("method", "changepassword");

 			print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
 				__("Change password")."</button>";
@@ -351,8 +351,8 @@ class Pref_Prefs extends Handler_Protected {

 				print "</table>";

-				print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
-				print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"otpdisable\">";
+				print_hidden("op", "pref-prefs");
+				print_hidden("method", "otpdisable");

 				print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
 					__("Disable OTP")."</button>";
@@ -371,8 +371,8 @@ class Pref_Prefs extends Handler_Protected {

 					print "<form dojoType=\"dijit.form.Form\" id=\"changeOtpForm\">";

-					print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
-					print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"otpenable\">";
+					print_hidden("op", "pref-prefs");
+					print_hidden("method", "otpenable");

 					print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">
 					evt.preventDefault();
@@ -658,7 +658,7 @@ class Pref_Prefs extends Handler_Protected {

 		$listed_boolean_prefs = htmlspecialchars(join(",", $listed_boolean_prefs));

-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"boolean_prefs\" value=\"$listed_boolean_prefs\">";
+		print_hidden("boolean_prefs", "$listed_boolean_prefs");

 		PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION,
 			"hook_prefs_tab_section", "prefPrefsPrefsInside");
@@ -666,8 +666,8 @@ class Pref_Prefs extends Handler_Protected {
 		print '</div>'; # inside pane
 		print '<div dojoType="dijit.layout.ContentPane" region="bottom">';

-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"saveconfig\">";
+		print_hidden("op", "pref-prefs");
+		print_hidden("method", "saveconfig");

 		print "<div dojoType=\"dijit.form.ComboButton\" type=\"submit\">
 			<span>".__('Save configuration')."</span>
@@ -734,8 +734,8 @@ class Pref_Prefs extends Handler_Protected {
 		}
 		</script>";

-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"setplugins\">";
+		print_hidden("op", "pref-prefs");
+		print_hidden("method", "setplugins");

 		print "<table width='100%' class='prefPluginsList'>";

@@ -975,9 +975,9 @@ class Pref_Prefs extends Handler_Protected {

 		print_notice(T_sprintf("You can override colors, fonts and layout of your currently selected theme with custom CSS declarations here. <a target=\"_blank\" class=\"visibleLink\" href=\"%s\">This file</a> can be used as a baseline.", "css/tt-rss.css"));

-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"rpc\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"setpref\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"key\" value=\"USER_STYLESHEET\">";
+		print_hidden("op", "rpc");
+		print_hidden("method", "setpref");
+		print_hidden("key", "USER_STYLESHEET");

 		print "<table width='100%'><tr><td>";
 		print "<textarea dojoType=\"dijit.form.SimpleTextarea\"

--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -27,9 +27,9 @@ class Pref_Users extends Handler_Protected {

 			$id = (int) $this->dbh->escape_string($_REQUEST["id"]);

-			print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$id\">";
-			print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-users\">";
-			print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"editSave\">";
+			print_hidden("id", "$id");
+			print_hidden("op", "pref-users");
+			print_hidden("method", "editSave");

 			$result = $this->dbh->query("SELECT * FROM ttrss_users WHERE id = '$id'");

@@ -43,7 +43,7 @@ class Pref_Users extends Handler_Protected {
 			print "<div class=\"dlgSecCont\">";

 			if ($sel_disabled) {
-				print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"login\" value=\"$login\">";
+				print_hidden("login", "$login");
 			}

 			print "<input size=\"30\" style=\"font-size : 16px\"
@@ -64,7 +64,7 @@ class Pref_Users extends Handler_Protected {
 			} else {
 				print_select_hash("", $access_level, $access_level_names,
 					"dojoType=\"dijit.form.Select\" $sel_disabled");
-				print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"access_level\" value=\"$access_level\">";
+				print_hidden("access_level", "$access_level");
 			}

 			print "<hr/>";

--- a/plugins/af_psql_trgm/init.php
+++ b/plugins/af_psql_trgm/init.php
@@ -152,9 +152,9 @@ class Af_Psql_Trgm extends Plugin {
 				}
 				</script>";

-			print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pluginhandler\">";
-			print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"save\">";
-			print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"plugin\" value=\"af_psql_trgm\">";
+			print_hidden("op", "pluginhandler");
+			print_hidden("method", "save");
+			print_hidden("plugin", "af_psql_trgm");

 			print "<p>" . __("PostgreSQL trigram extension returns string similarity as a floating point number (0-1). Setting it too low might produce false positives, zero disables checking.") . "</p>";
 			print_notice("Enable the plugin for specific feeds in the feed editor.");

--- a/plugins/af_readability/init.php
+++ b/plugins/af_readability/init.php
@@ -56,9 +56,9 @@ class Af_Readability extends Plugin {
 			}
 			</script>";

-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pluginhandler\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"save\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"plugin\" value=\"af_readability\">";
+		print_hidden("op", "pluginhandler");
+		print_hidden("method", "save");
+		print_hidden("plugin", "af_readability");

 		$enable_share_anything = $this->host->get($this, "enable_share_anything");
 		$enable_share_anything_checked = $enable_share_anything ? "checked" : "";

--- a/plugins/af_redditimgur/init.php
+++ b/plugins/af_redditimgur/init.php
@@ -46,9 +46,9 @@ class Af_RedditImgur extends Plugin {
 			}
 			</script>";

-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pluginhandler\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"save\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"plugin\" value=\"af_redditimgur\">";
+		print_hidden("op", "pluginhandler");
+		print_hidden("method", "save");
+		print_hidden("plugin", "af_redditimgur");

 		print "<p>" . __("Uses Readability (full-text-rss) implementation by <a target='_blank' href='https://bitbucket.org/fivefilters/'>FiveFilters.org</a>");
 		print "<p/>";

--- a/plugins/instances/init.php
+++ b/plugins/instances/init.php
@@ -197,9 +197,9 @@ class Instances extends Plugin implements IHandler {
 		$result = db_query("SELECT * FROM ttrss_linked_instances WHERE
 			id = '$id'");

-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\"  name=\"id\" value=\"$id\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\"  name=\"op\" value=\"pref-instances\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\"  name=\"method\" value=\"editSave\">";
+		print_hidden("id", "$id");
+		print_hidden("op", "pref-instances");
+		print_hidden("method", "editSave");

 		print "<div class=\"dlgSec\">".__("Instance")."</div>";

@@ -389,8 +389,8 @@ class Instances extends Plugin implements IHandler {
 	}

 	function addInstance() {
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\"  name=\"op\" value=\"pref-instances\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\"  name=\"method\" value=\"add\">";
+		print_hidden("op", "pref-instances");
+		print_hidden("method", "add");

 		print "<div class=\"dlgSec\">".__("Instance")."</div>";


--- a/plugins/mail/init.php
+++ b/plugins/mail/init.php
@@ -51,9 +51,9 @@ class Mail extends Plugin {
 			}
 			</script>";

-			print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pluginhandler\">";
-			print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"save\">";
-			print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"plugin\" value=\"mail\">";
+			print_hidden("op", "pluginhandler");
+			print_hidden("method", "save");
+			print_hidden("plugin", "mail");

 			$addresslist = $this->host->get($this, "addresslist");

@@ -79,9 +79,9 @@ class Mail extends Plugin {

 		$param = db_escape_string($_REQUEST['param']);

-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pluginhandler\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"plugin\" value=\"mail\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"sendEmail\">";
+		print_hidden("op", "pluginhandler");
+		print_hidden("plugin", "mail");
+		print_hidden("method", "sendEmail");

 		$result = db_query("SELECT email, full_name FROM ttrss_users WHERE
 			id = " . $_SESSION["uid"]);
@@ -91,8 +91,8 @@ class Mail extends Plugin {

 		if (!$user_name) $user_name = $_SESSION['name'];

-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"from_email\" value=\"$user_email\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"from_name\" value=\"$user_name\">";
+		print_hidden("from_email", "$user_email");
+		print_hidden("from_name", "$user_name");

 		require_once "lib/MiniTemplator.class.php";


--- a/plugins/note/init.php
+++ b/plugins/note/init.php
@@ -34,10 +34,10 @@ class Note extends Plugin {

 		$note = db_fetch_result($result, 0, "note");

-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$param\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pluginhandler\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"setNote\">";
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"plugin\" value=\"note\">";
+		print_hidden("id", "$param");
+		print_hidden("op", "pluginhandler");
+		print_hidden("method", "setNote");
+		print_hidden("plugin", "note");

 		print "<table width='100%'><tr><td>";
 		print "<textarea dojoType=\"dijit.form.SimpleTextarea\"

--- a/plugins/nsfw/init.php
+++ b/plugins/nsfw/init.php
@@ -70,9 +70,9 @@ class NSFW extends Plugin {
 			}
 			</script>";

-			print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pluginhandler\">";
-			print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"save\">";
-			print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"plugin\" value=\"nsfw\">";
+			print_hidden("op", "pluginhandler");
+			print_hidden("method", "save");
+			print_hidden("plugin", "nsfw");

 			print "<table width=\"100%\" class=\"prefPrefsList\">";