hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-18 15:33:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

DS-2736: Ensure all string parameters are escaped in results

Browse Source
This commit is contained in:
Tim Donohue
2015-11-02 22:26:23 +00:00
committed by Pascal-Nicolas Becker
parent 88398d9cae
commit f5c4a511eb
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
dspace-jspui/src/main/webapp/search/discovery.jsp
View File

@@ -198,8 +198,8 @@
<p class="lead"><fmt:message key="jsp.search.didyoumean"><fmt:param><a id="spellCheckQuery" data-spell="<%= Utils.addEntities(spellCheckQuery) %>" href="#"><%= spellCheckQuery %></a></fmt:param></fmt:message></p> <p class="lead"><fmt:message key="jsp.search.didyoumean"><fmt:param><a id="spellCheckQuery" data-spell="<%= Utils.addEntities(spellCheckQuery) %>" href="#"><%= spellCheckQuery %></a></fmt:param></fmt:message></p>
<% } %> <% } %>
<input type="hidden" value="<%= rpp %>" name="rpp" /> <input type="hidden" value="<%= rpp %>" name="rpp" />
<input type="hidden" value="<%= sortedBy %>" name="sort_by" /> <input type="hidden" value="<%= Utils.addEntities(sortedBy) %>" name="sort_by" />
<input type="hidden" value="<%= order %>" name="order" /> <input type="hidden" value="<%= Utils.addEntities(order) %>" name="order" />
<% if (appliedFilters.size() > 0 ) { %> <% if (appliedFilters.size() > 0 ) { %>
<div class="discovery-search-appliedFilters"> <div class="discovery-search-appliedFilters">
<span><fmt:message key="jsp.search.filter.applied" /></span> <span><fmt:message key="jsp.search.filter.applied" /></span>
@@ -275,7 +275,7 @@
for (DiscoverySearchFilter searchFilter : availableFilters) for (DiscoverySearchFilter searchFilter : availableFilters)
{ {
String fkey = "jsp.search.filter."+searchFilter.getIndexFieldName(); String fkey = "jsp.search.filter."+searchFilter.getIndexFieldName();
%><option value="<%= searchFilter.getIndexFieldName() %>"><fmt:message key="<%= fkey %>"/></option><% %><option value="<%= Utils.addEntities(searchFilter.getIndexFieldName()) %>"><fmt:message key="<%= fkey %>"/></option><%
} }
%> %>
</select> </select>
@@ -284,14 +284,14 @@
for (String opt : options) for (String opt : options)
{ {
String fkey = "jsp.search.filter.op."+opt; String fkey = "jsp.search.filter.op."+opt;
%><option value="<%= opt %>"><fmt:message key="<%= fkey %>"/></option><% %><option value="<%= Utils.addEntities(opt) %>"><fmt:message key="<%= fkey %>"/></option><%
} }
%> %>
</select> </select>
<input type="text" id="filterquery" name="filterquery" size="45" required="required" /> <input type="text" id="filterquery" name="filterquery" size="45" required="required" />
<input type="hidden" value="<%= rpp %>" name="rpp" /> <input type="hidden" value="<%= rpp %>" name="rpp" />
<input type="hidden" value="<%= sortedBy %>" name="sort_by" /> <input type="hidden" value="<%= Utils.addEntities(sortedBy) %>" name="sort_by" />
<input type="hidden" value="<%= order %>" name="order" /> <input type="hidden" value="<%= Utils.addEntities(order) %>" name="order" />
<input class="btn btn-default" type="submit" value="<fmt:message key="jsp.search.filter.add"/>" onclick="return validateFilters()" /> <input class="btn btn-default" type="submit" value="<fmt:message key="jsp.search.filter.add"/>" onclick="return validateFilters()" />
</form> </form>
</div> </div>
@@ -339,7 +339,7 @@
{ {
String selected = (sortBy.equals(sortedBy) ? "selected=\"selected\"" : ""); String selected = (sortBy.equals(sortedBy) ? "selected=\"selected\"" : "");
String mKey = "search.sort-by." + sortBy; String mKey = "search.sort-by." + sortBy;
%> <option value="<%= sortBy %>" <%= selected %>><fmt:message key="<%= mKey %>"/></option><% %> <option value="<%= Utils.addEntities(sortBy) %>" <%= selected %>><fmt:message key="<%= mKey %>"/></option><%
} }
%> %>
</select> </select>