hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-07 01:54:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

DS-2737: Escape message keys which are passed in as url params

Browse Source
This commit is contained in:
Tim Donohue
2015-11-03 15:45:26 +00:00
committed by Pascal-Nicolas Becker
parent 2518e0a762
commit c98019d0f1
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
dspace-jspui/src/main/webapp/search/discovery.jsp
View File

@@ -34,6 +34,7 @@
--%>
<%@page import="org.dspace.core.Utils"%>
<%@page import="com.coverity.security.Escape"%>
<%@page import="org.dspace.discovery.configuration.DiscoverySearchFilterFacet"%>
<%@page import="org.dspace.app.webui.util.UIUtil"%>
<%@page import="java.util.HashMap"%>
@@ -215,7 +216,7 @@
<%
for (DiscoverySearchFilter searchFilter : availableFilters)
{
String fkey = "jsp.search.filter."+searchFilter.getIndexFieldName();
String fkey = "jsp.search.filter." + Escape.uriParam(searchFilter.getIndexFieldName());
%><option value="<%= Utils.addEntities(searchFilter.getIndexFieldName()) %>"<%
if (filter[0].equals(searchFilter.getIndexFieldName()))
{
@@ -226,7 +227,7 @@
}
if (!found)
{
String fkey = "jsp.search.filter."+filter[0];
String fkey = "jsp.search.filter." + Escape.uriParam(filter[0]);
%><option value="<%= Utils.addEntities(filter[0]) %>" selected="selected"><fmt:message key="<%= fkey %>"/></option><%
}
%>
@@ -235,7 +236,7 @@
<%
for (String opt : options)
{
String fkey = "jsp.search.filter.op."+opt;
String fkey = "jsp.search.filter.op." + Escape.uriParam(opt);
%><option value="<%= Utils.addEntities(opt) %>"<%= opt.equals(filter[1])?" selected=\"selected\"":"" %>><fmt:message key="<%= fkey %>"/></option><%
}
%>
@@ -276,7 +277,7 @@
<%
for (DiscoverySearchFilter searchFilter : availableFilters)
{
String fkey = "jsp.search.filter."+searchFilter.getIndexFieldName();
String fkey = "jsp.search.filter." + Escape.uriParam(searchFilter.getIndexFieldName());
%><option value="<%= Utils.addEntities(searchFilter.getIndexFieldName()) %>"><fmt:message key="<%= fkey %>"/></option><%
}
%>
@@ -285,7 +286,7 @@
<%
for (String opt : options)
{
String fkey = "jsp.search.filter.op."+opt;
String fkey = "jsp.search.filter.op." + Escape.uriParam(opt);
%><option value="<%= Utils.addEntities(opt) %>"><fmt:message key="<%= fkey %>"/></option><%
}
%>
@@ -340,7 +341,7 @@
for (String sortBy : sortOptions)
{
String selected = (sortBy.equals(sortedBy) ? "selected=\"selected\"" : "");
String mKey = "search.sort-by." + sortBy;
String mKey = "search.sort-by." + Utils.addEntities(sortBy);
%> <option value="<%= Utils.addEntities(sortBy) %>" <%= selected %>><fmt:message key="<%= mKey %>"/></option><%
}
%>