diff --git a/app/controllers/admin/application_forms_controller.rb b/app/controllers/admin/application_forms_controller.rb
index 15e66dc..dd89207 100644
--- a/app/controllers/admin/application_forms_controller.rb
+++ b/app/controllers/admin/application_forms_controller.rb
@@ -380,14 +380,15 @@ class Admin::ApplicationFormsController < OrbitAdminController
@categories = @module_app.categories.enabled
@filter_fields = filter_fields(@categories)
@table_fields = [:category, 'application_form.title', 'application_form.event_during', 'application_form.signup_count', 'application_form.export']
-
- if !params[:sort].blank?
+ params_sort = params[:sort].to_s
+ if params_sort.present?
+ params_order = params[:order].to_s
if params[:sort] == 'event_during'
- sort = {:application_form_start_date.to_sym=>params[:order]}
+ sort = {:application_form_start_date=>params_order}
elsif params[:sort] == 'signup_during'
- sort = {:application_form_start_date.to_sym=>params[:order]}
+ sort = {:application_form_start_date=>params_order}
else
- sort = {params[:sort].to_sym=>params[:order]}
+ sort = {params_sort=>params_order}
end
else
sort = {:application_form_start_date=>"desc",:created_at=>"desc"}
diff --git a/app/controllers/application_forms_controller.rb b/app/controllers/application_forms_controller.rb
index 8477575..f681cf8 100644
--- a/app/controllers/application_forms_controller.rb
+++ b/app/controllers/application_forms_controller.rb
@@ -4,6 +4,7 @@ class ApplicationFormsController < ApplicationController
include MemberHelper
include ActionView::Context #vary important (only add this can access @@session from view)
include Admin::ApplicationFormsHelper
+ FrontendMethods = ["show_privacy", "show_data", "check_email", "check_availability", "signup_ok", "edit_file", "con_login", "con_upload", "con_logout"]
# include SimpleCaptcha::ControllerHelpers
def index
@@ -72,13 +73,14 @@ class ApplicationFormsController < ApplicationController
end
# def custom_frontend_data
# params = OrbitHelper.params
- # application_form = ApplicationFormMain.find_by(:uid=>params[:uid])
+ # uid = params[:uid].to_s
+ # application_form = ApplicationFormMain.find_by(:uid=>uid)
# @application_form = application_form
# @site_in_use_locales = Site.first.in_use_locales rescue I18n.available_locales
# application_form_template_setting = application_form.application_form_template_setting
# @application_form_template_setting = application_form_template_setting
# home_page = Page.where(:parent_page_id=>application_form.id).first
- # prefix_url = OrbitHelper.request.path.split("-").first + "-#{params[:uid]}"
+ # prefix_url = OrbitHelper.request.path.split("-").first + "-#{uid}"
# @prefix_url = prefix_url
# header_data = "Home | " +
# "Main Site"
@@ -152,7 +154,7 @@ class ApplicationFormsController < ApplicationController
# if params[:method].present?
# main_content = render_other_method
# elsif params[:current_page_module] == "application_forms_home"
- # application_form = ApplicationFormMain.where(uid: params[:uid]).first
+ # application_form = ApplicationFormMain.where(uid: uid).first
# time_now = Time.now
# data = {
# "application_form" => application_form,
@@ -168,7 +170,7 @@ class ApplicationFormsController < ApplicationController
# elsif params[:current_page_module] == "application_forms_page"
# time_now = Time.now
# params = OrbitHelper.params
- # application_form = ApplicationFormMain.find_by(uid: params[:uid])
+ # application_form = ApplicationFormMain.find_by(uid: uid)
# if application_form.application_form_start_date <= time_now && ( application_form.application_form_end_date.nil? || application_form.application_form_end_date+1 >= time_now )
# sign_up = ('' + t('application_form.signup') + '').html_safe
# elsif application_form.registration_status.blank?
@@ -284,7 +286,7 @@ class ApplicationFormsController < ApplicationController
params = OrbitHelper.params
- application_form = ApplicationFormMain.where(uid: params[:uid]).first
+ application_form = ApplicationFormMain.where(uid: params[:uid].to_s).first
application_form_agreement = ApplicationFormAgreement.first
@@ -301,7 +303,7 @@ class ApplicationFormsController < ApplicationController
params = OrbitHelper.params
- application_form = ApplicationFormMain.find_by(uid: params[:uid])
+ application_form = ApplicationFormMain.find_by(uid: params[:uid].to_s)
if application_form.application_form_start_date <= time_now && ( application_form.application_form_end_date.nil? || application_form.application_form_end_date+1 >= time_now )
sign_up = ('' + t('application_form.signup') + '').html_safe
@@ -347,7 +349,7 @@ class ApplicationFormsController < ApplicationController
categories = module_app.categories
- application_form = ApplicationFormMain.where(uid: params[:uid]).first
+ application_form = ApplicationFormMain.where(uid: params[:uid].to_s).first
application_form_signup = ApplicationFormSignup.new
@@ -450,7 +452,7 @@ class ApplicationFormsController < ApplicationController
def create
form_params = params[:application_form_signup]
form_params_email = form_params[:email]
- form_params_main_id = form_params[:application_form_main_id]
+ form_params_main_id = form_params[:application_form_main_id].to_s
@signup = nil #ApplicationFormSignup.where(email: form_params_email, application_form_main_id: form_params_main_id ).first
@application_form = ApplicationFormMain.where(id: form_params_main_id).first
@@ -741,7 +743,7 @@ class ApplicationFormsController < ApplicationController
params = OrbitHelper.params
- application_form = ApplicationFormMain.find_by(uid: params[:uid])
+ application_form = ApplicationFormMain.find_by(uid: params[:uid].to_s)
{
'application_form' => application_form,
@@ -752,9 +754,10 @@ class ApplicationFormsController < ApplicationController
def con_login_proc
- application_form = ApplicationFormMain.find_by(id: params[:application_form_signup][:application_form_main_id])
+ application_form_main_id = params[:application_form_signup][:application_form_main_id].to_s
+ application_form = ApplicationFormMain.find_by(id: application_form_main_id)
- @application_form_signup = ApplicationFormSignup.where(:status=>'C', :email=> params[:user_name], :password => params[:password], :application_form_main_id => params[:application_form_signup][:application_form_main_id]).first
+ @application_form_signup = ApplicationFormSignup.where(:status=>'C', :email=> params[:user_name], :password => params[:password], :application_form_main_id => application_form_main_id).first
if !@application_form_signup.blank?
diff --git a/app/helpers/admin/application_forms_field_helper.rb b/app/helpers/admin/application_forms_field_helper.rb
index 7bf74d0..e48ad0a 100644
--- a/app/helpers/admin/application_forms_field_helper.rb
+++ b/app/helpers/admin/application_forms_field_helper.rb
@@ -445,10 +445,14 @@ protected
def form_label
if self.markup == "text_area"
- plc = typeD["placeholder"][I18n.locale].to_s.blank? ? '' : "(#{typeD["placeholder"][I18n.locale]})"
- ""+
- label_tag(key,(!@require.blank? ? '*'+title : title),:class=>"col-sm-2 control-label muted",:style =>'display: contents;')+
- tag(:br)+"#{plc}"
+ plc = typeD["placeholder"][I18n.locale].to_s.blank? ? nil : "(#{typeD["placeholder"][I18n.locale]})"
+ label_tag(key, '' , :class=>"col-sm-2 control-label muted") do
+ concat (!@require.blank? ? '*'+title : title)
+ if plc
+ concat tag(:br)
+ concat plc
+ end
+ end
else
label_tag(key,(!@require.blank? ? '*'+title : title),:class=>"col-sm-2 control-label muted")
end
diff --git a/app/views/admin/application_form_review_results/edit.html.erb b/app/views/admin/application_form_review_results/edit.html.erb
index 61aaa63..82bbc96 100644
--- a/app/views/admin/application_form_review_results/edit.html.erb
+++ b/app/views/admin/application_form_review_results/edit.html.erb
@@ -42,7 +42,7 @@
<% val = t("application_form.registration_status_#{application_form_signup.status}") if !application_form_signup.status.blank? %>
<% end %>
<% elsif names[0] == "application_form_signup_field_custom" || names[0] == "application_form_signup_fields" %>
- <% val = application_form_signup.application_form_signup_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale) rescue "" %>
+ <% val = html_escape(application_form_signup.application_form_signup_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale)).gsub(/(\r\n|\n)/,"
") rescue "" %>
<% elsif names[0] == "application_form_signup_contributes" %>
<% if names[1] == "file" %>
<% application_form_signup_contribute = @application_form_signup_contribute %>
@@ -68,7 +68,7 @@
<% else %>
<% file_content = File.read(file_path) rescue "" %>
<% if file_content.is_utf8? %>
- <% file_content = file_content.gsub(/(\r\n|\n)/,"
")%>
+ <% file_content = html_escape(file_content).gsub(/(\r\n|\n)/,"
") %>
<% val = "#{t(:download)}#{file_title}
#{file_content}
"%>
<% else %>
<% val = link_to( file_title, file_url , {:target => '_blank', :title => Nokogiri::HTML(description.gsub("
"," , ")).text} ) if application_form_signup_contribute.file.file %>
@@ -90,12 +90,13 @@
<% end %>
<% end %>
<% elsif names[0] == "application_form_submission_fields" %>
- <% val = @application_form_signup_contribute.application_form_submission_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale) rescue "" %>
<% application_form_submission_field = application_form_signup.application_form_main.application_form_submission_fields.where(:key=>names[1]).first %>
- <% if application_form_submission_field && application_form_submission_field.markup == "application_form_preferred_session"
- application_form_submission_value = @application_form_signup_contribute.application_form_submission_values.where(:key=>names[1]).first
- val = "#{(application_form_submission_value.get_value_by_locale(I18n.locale) rescue "")}"
- end %>
+ <% if application_form_submission_field && application_form_submission_field.markup == "application_form_preferred_session"
+ application_form_submission_value = @application_form_signup_contribute.application_form_submission_values.where(:key=>names[1]).first
+ val = "#{(html_escape(application_form_submission_value.get_value_by_locale(I18n.locale)).gsub(/(\r\n|\n)/,"
") rescue "")}"
+ else
+ val = html_escape(@application_form_signup_contribute.application_form_submission_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale).gsub('
', "\n")).gsub("\n","
") rescue ""
+ end %>
<% elsif names[0] == "application_form_signup" %>
<% val = (application_form_signup.send("display_"+names[1]) rescue application_form_signup.send(names[1])) rescue nil %>
<% elsif names[0] == "application_form_review_result" %>
diff --git a/app/views/admin/application_form_signups/edit.html.erb b/app/views/admin/application_form_signups/edit.html.erb
index 3a63e43..825e143 100644
--- a/app/views/admin/application_form_signups/edit.html.erb
+++ b/app/views/admin/application_form_signups/edit.html.erb
@@ -163,14 +163,6 @@
<%= f.email_field :email, :class=>"input-block-level", :placeholder=> t(:email), :required => true %> check mail
-
-
<% end %>
<% @form_index = 0 %>
diff --git a/app/views/admin/application_forms/_application_form_signup_render_table.html.erb b/app/views/admin/application_forms/_application_form_signup_render_table.html.erb
index 01bec58..83fc1fc 100644
--- a/app/views/admin/application_forms/_application_form_signup_render_table.html.erb
+++ b/app/views/admin/application_forms/_application_form_signup_render_table.html.erb
@@ -81,7 +81,7 @@
<% val = t("application_form.registration_status_#{application_form_signup.status}") if !application_form_signup.status.blank? %>
<% end %>
<% elsif names[0] == "application_form_signup_field_custom" || names[0] == "application_form_signup_fields" %>
- <% val = application_form_signup.application_form_signup_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale) rescue "" %>
+ <% val = html_escape(application_form_signup.application_form_signup_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale)).gsub(/(\r\n|\n)/,"
") rescue "" %>
<% elsif names[0] == "application_form_signup_contributes" %>
<% if names[1] == "file" %>
<% val = application_form_signup_contributes %>
@@ -103,16 +103,17 @@
<% end %>
<% end %>
<% elsif names[0] == "application_form_submission_fields" %>
- <% val = application_form_signup_contributes.collect{|s| (s.application_form_submission_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale) rescue "")} %>
<% application_form_submission_field = application_form_signup.application_form_main.application_form_submission_fields.where(:key=>names[1]).first %>
- <% if application_form_submission_field && application_form_submission_field.markup == "application_form_preferred_session"
- val = application_form_signup_contributes.collect{|s|
- application_form_submission_value = s.application_form_submission_values.where(:key=>names[1]).first
- "#{(application_form_submission_value.get_value_by_locale(I18n.locale) rescue "")}"}
- edit_urls[i] = []
- application_form_submission_values = application_form_signup_contributes.collect{|s| s.application_form_submission_values.where(:key=>names[1]).first }
- edit_urls[i] = application_form_submission_values.map{|application_form_submission_value| edit_admin_application_form_submission_value_path(application_form_submission_value.id) rescue "#"}
- end %>
+ <% if application_form_submission_field && application_form_submission_field.markup == "application_form_preferred_session"
+ val = application_form_signup_contributes.collect{|s|
+ application_form_submission_value = s.application_form_submission_values.where(:key=>names[1]).first
+ "#{(html_escape(application_form_submission_value.get_value_by_locale(I18n.locale)).gsub(/(\r\n|\n)/,"
") rescue "")}"}
+ edit_urls[i] = []
+ application_form_submission_values = application_form_signup_contributes.collect{|s| s.application_form_submission_values.where(:key=>names[1]).first }
+ edit_urls[i] = application_form_submission_values.map{|application_form_submission_value| edit_admin_application_form_submission_value_path(application_form_submission_value.id) rescue nil}
+ else
+ val = application_form_signup_contributes.collect{|s| (html_escape(s.application_form_submission_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale)).gsub(/(\r\n|\n)/,"
") rescue "")}
+ end %>
<% elsif names[0] == "application_form_signup" %>
<% val = (application_form_signup.send("display_"+names[1]) rescue application_form_signup.send(names[1])) rescue nil %>
<% val = val.strftime('%Y/%m/%d %H:%M') if names[1] == 'created_at' %>
diff --git a/app/views/admin/application_forms/_application_form_signup_session_dashboard.html.erb b/app/views/admin/application_forms/_application_form_signup_session_dashboard.html.erb
index 4bb9fc4..99419da 100644
--- a/app/views/admin/application_forms/_application_form_signup_session_dashboard.html.erb
+++ b/app/views/admin/application_forms/_application_form_signup_session_dashboard.html.erb
@@ -27,7 +27,7 @@
content_tag :div, paginate(@application_form_signups), class: "pagination pagination-centered"
end
%>
- <%= pagination_html.gsub(/page_no#{count}=\d*/,"").gsub('&&','&').gsub(/page=(\d*)/m){|ff| ff.gsub("page=#{$1}","page=#{params[:page]}&page_no#{count}=#{$1}")}.html_safe %>
+ <%= pagination_html.gsub(/page_no#{count}=\d*/,"").gsub('&&','&').gsub(/page=(\d*)/m){|ff| ff.gsub("page=#{$1}","page=#{(params[:page] ? params[:page].to_s.to_i : nil)}&page_no#{count}=#{$1}")}.html_safe %>
<% end %>
<% if count != 2 && @application_form.summary_chioices.count >= 2 %>
diff --git a/app/views/admin/application_forms/_get_display_fields.html.erb b/app/views/admin/application_forms/_get_display_fields.html.erb
index 6ed46fe..6a3df57 100644
--- a/app/views/admin/application_forms/_get_display_fields.html.erb
+++ b/app/views/admin/application_forms/_get_display_fields.html.erb
@@ -69,9 +69,12 @@
<% application_form_signup_field_sets = ApplicationFormSignupFieldSet.all.uniq{|s| s.field_name} %>
<% if application_form_signup_field_sets.count != 0 %>
<% application_form_signup_field_sets.each do |field_set| %>
- <% next if ApplicationFormMain::ExceptFieldSetDisplays.include?(field_set) %>
- <% default_show << "application_form_signup_field_set.#{field_set.field_name}" if !(field_set.hidden) %>
- <% @field_names << "application_form_signup_field_set.#{field_set.field_name}" %>
+ <%
+ field_name = field_set.field_name
+ next if ApplicationFormMain::ExceptFieldSetDisplays.include?(field_name)
+ %>
+ <% default_show << "application_form_signup_field_set.#{field_name}" if !(field_set.hidden) %>
+ <% @field_names << "application_form_signup_field_set.#{field_name}" %>
<% @field_name_translations << field_set.name[I18n.locale] %>
<% end %>
<% else %>
diff --git a/app/views/application_forms/con_login.html.erb b/app/views/application_forms/con_login.html.erb
index afa929c..84750ab 100644
--- a/app/views/application_forms/con_login.html.erb
+++ b/app/views/application_forms/con_login.html.erb
@@ -4,7 +4,11 @@
@application_form = data["application_form"]
@time_now = data["time_now"]
%>
-
+
<% if (@application_form.contribute_start_date <= @time_now && (@application_form.contribute_end_date.nil? or @application_form.contribute_end_date+1 >= @time_now ) rescue false) %>