From 590d06bfb44cdf0555fc4ec6b0c4fb693727632d Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Tue, 3 Mar 2015 15:50:54 -0600
Subject: [PATCH] forms: Allow HTML in the help text (hint)

---
 css/redactor.css                                         | 6 ++++--
 include/class.dynamic_forms.php                          | 2 +-
 include/client/templates/dynamic-form.tmpl.php           | 2 +-
 include/staff/dynamic-form.inc.php                       | 2 +-
 include/staff/templates/dynamic-field-config.tmpl.php    | 3 ++-
 include/staff/templates/dynamic-form-simple.tmpl.php     | 2 +-
 include/staff/templates/dynamic-form.tmpl.php            | 2 +-
 include/staff/templates/inline-form.tmpl.php             | 2 +-
 include/staff/templates/simple-form.tmpl.php             | 2 +-
 include/upgrader/streams/core/5cd0a25a-2d590ffa.task.php | 1 +
 10 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/css/redactor.css b/css/redactor.css
index dd2b3d91e..cdd49f61c 100644
--- a/css/redactor.css
+++ b/css/redactor.css
@@ -59,10 +59,12 @@
 .redactor-box-fullscreen {
   z-index: 99 !important;
 }
-.redactor-toolbar,
-.redactor-dropdown {
+.redactor-toolbar {
   z-index: 1 !important;
 }
+.redactor-dropdown {
+  z-index: 15;
+}
 #redactor-modal-overlay,
 #redactor-modal-box,
 #redactor-modal {
diff --git a/include/class.dynamic_forms.php b/include/class.dynamic_forms.php
index d51ddc7af..bcd1d7ee3 100644
--- a/include/class.dynamic_forms.php
+++ b/include/class.dynamic_forms.php
@@ -583,7 +583,7 @@ class DynamicFormField extends VerySimpleModel {
         }
         if (count($errors) === 0)
             $this->set('configuration', JsonDataEncoder::encode($config));
-        $this->set('hint', $_POST['hint']);
+        $this->set('hint', Format::sanitize($_POST['hint']));
         return count($errors) === 0;
     }
 
diff --git a/include/client/templates/dynamic-form.tmpl.php b/include/client/templates/dynamic-form.tmpl.php
index 6cf54466b..92514f476 100644
--- a/include/client/templates/dynamic-form.tmpl.php
+++ b/include/client/templates/dynamic-form.tmpl.php
@@ -31,7 +31,7 @@
             ?></span><?php
                 if ($field->get('hint')) { ?>
                     <br /><em style="color:gray;display:inline-block"><?php
-                        echo Format::htmlchars($field->getLocal('hint')); ?></em>
+                        echo Format::viewableImages($field->getLocal('hint')); ?></em>
                 <?php
                 } ?>
             <br/>
diff --git a/include/staff/dynamic-form.inc.php b/include/staff/dynamic-form.inc.php
index 1939cda0e..a25f8ef27 100644
--- a/include/staff/dynamic-form.inc.php
+++ b/include/staff/dynamic-form.inc.php
@@ -82,7 +82,7 @@ if ($form && count($langs) > 1) { ?>
             <div style="margin-top: 8px"><?php echo __('Instructions'); ?>:
                 <i class="help-tip icon-question-sign" href="#form_instructions"></i>
                 </div>
-            <textarea name="instructions" rows="3" cols="40" class="richtext"><?php
+            <textarea name="instructions" rows="3" cols="40" class="richtext small"><?php
                 echo $info['instructions']; ?></textarea>
         </div>
 
diff --git a/include/staff/templates/dynamic-field-config.tmpl.php b/include/staff/templates/dynamic-field-config.tmpl.php
index 470684604..f2e666431 100644
--- a/include/staff/templates/dynamic-field-config.tmpl.php
+++ b/include/staff/templates/dynamic-field-config.tmpl.php
@@ -134,7 +134,7 @@
             <?php
             if ($f->get('hint')) { ?>
                 <br/><em style="color:gray;display:inline-block"><?php
-                    echo Format::htmlchars($f->get('hint')); ?></em>
+                    echo Format::viewableImages($f->get('hint')); ?></em>
             <?php
             } ?>
             </div><div>
@@ -160,6 +160,7 @@
         </div>
         <div style="width:100%">
         <textarea style="width:90%; width:calc(100% - 20px)" name="hint" rows="2" cols="40"
+            class="richtext small no-bar"
             data-translate-tag="<?php echo $field->getTranslateTag('hint'); ?>"><?php
             echo Format::htmlchars($field->get('hint')); ?></textarea>
         </div>
diff --git a/include/staff/templates/dynamic-form-simple.tmpl.php b/include/staff/templates/dynamic-form-simple.tmpl.php
index 30b43c6b9..cd53f0cd8 100644
--- a/include/staff/templates/dynamic-form-simple.tmpl.php
+++ b/include/staff/templates/dynamic-form-simple.tmpl.php
@@ -15,7 +15,7 @@
             <?php
             if ($f->get('hint')) { ?>
                 <br/><em style="color:gray;display:inline-block"><?php
-                    echo Format::htmlchars($f->get('hint')); ?></em>
+                    echo Format::viewableImages($f->get('hint')); ?></em>
             <?php
             } ?>
             </div><div>
diff --git a/include/staff/templates/dynamic-form.tmpl.php b/include/staff/templates/dynamic-form.tmpl.php
index 5002700fc..b6abadd3a 100644
--- a/include/staff/templates/dynamic-form.tmpl.php
+++ b/include/staff/templates/dynamic-form.tmpl.php
@@ -89,7 +89,7 @@ if (isset($options['entry']) && $options['mode'] == 'edit') { ?>
             }
             if ($field->get('hint') && !$field->isBlockLevel()) { ?>
                 <br /><em style="color:gray;display:inline-block"><?php
-                    echo Format::htmlchars($field->getLocal('hint')); ?></em>
+                    echo Format::viewableImages($field->getLocal('hint')); ?></em>
             <?php
             }
             foreach ($field->errors() as $e) { ?>
diff --git a/include/staff/templates/inline-form.tmpl.php b/include/staff/templates/inline-form.tmpl.php
index 5de3a283a..02b3aa6bf 100644
--- a/include/staff/templates/inline-form.tmpl.php
+++ b/include/staff/templates/inline-form.tmpl.php
@@ -13,7 +13,7 @@ foreach ($form->getFields() as $field) { ?>
         }
         if ($field->get('hint') && !$field->isBlockLevel()) { ?>
             <br/><em style="color:gray;display:inline-block"><?php
-                echo Format::htmlchars($field->get('hint')); ?></em>
+                echo Format::viewableImages($field->get('hint')); ?></em>
         <?php
         }
         foreach ($field->errors() as $e) { ?>
diff --git a/include/staff/templates/simple-form.tmpl.php b/include/staff/templates/simple-form.tmpl.php
index 705592fcf..6661f5c97 100644
--- a/include/staff/templates/simple-form.tmpl.php
+++ b/include/staff/templates/simple-form.tmpl.php
@@ -16,7 +16,7 @@
             }
             if ($field->get('hint')) { ?>
                 <div class="faded hint"><?php
-                echo Format::htmlchars($field->getLocal('hint'));
+                echo Format::viewableImages($field->getLocal('hint'));
                 ?></div>
 <?php       } ?>
             </div>
diff --git a/include/upgrader/streams/core/5cd0a25a-2d590ffa.task.php b/include/upgrader/streams/core/5cd0a25a-2d590ffa.task.php
index f18c0cab9..7f529e727 100644
--- a/include/upgrader/streams/core/5cd0a25a-2d590ffa.task.php
+++ b/include/upgrader/streams/core/5cd0a25a-2d590ffa.task.php
@@ -6,6 +6,7 @@ class InstructionsPorter extends MigrationTask {
     function run($max_time) {
         foreach (DynamicForm::objects() as $F) {
             $F->instructions = Format::htmlchars($F->get('instructions'));
+            $F->hint = Format::htmlchars($F->get('hint'));
             $F->save();
         }
     }
-- 
GitLab