hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-23 18:03:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix escaping in thesaurus

Browse Source
This commit is contained in:
aina-esokia
2018-11-22 15:10:38 +04:00
parent c58ed45333
commit 6fe39113c0
2 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/Alchemy/Phrasea/Controller/Thesaurus/ThesaurusController.php
View File

@@ -2128,7 +2128,7 @@ class ThesaurusController extends Controller
$sy = $sy_list->appendChild($ret->createElement("sy")); $sy = $sy_list->appendChild($ret->createElement("sy"));
$sy->setAttribute("id", $n->getAttribute("id")); $sy->setAttribute("id", $n->getAttribute("id"));
$sy->setAttribute("v", $t = $n->getAttribute("v")); $sy->setAttribute("v", htmlspecialchars($t = $n->getAttribute("v")));
$sy->setAttribute("w", $n->getAttribute("w")); $sy->setAttribute("w", $n->getAttribute("w"));
$sy->setAttribute("hits", ''); $sy->setAttribute("hits", '');
$sy->setAttribute("lng", $lng = $n->getAttribute("lng")); $sy->setAttribute("lng", $lng = $n->getAttribute("lng"));
@@ -2177,7 +2177,7 @@ class ThesaurusController extends Controller
$firstsy = $goodsy = null; $firstsy = $goodsy = null;
for ($n2 = $n->firstChild; $n2; $n2 = $n2->nextSibling) { for ($n2 = $n->firstChild; $n2; $n2 = $n2->nextSibling) {
if ($n2->nodeName == "sy") { if ($n2->nodeName == "sy") {
$t = $n2->getAttribute("v"); $t = htmlspecialchars($n2->getAttribute("v"));
if (! $firstsy) { if (! $firstsy) {
$firstsy = $t; $firstsy = $t;
} }

24
lib/Alchemy/Phrasea/Controller/Thesaurus/ThesaurusXmlHttpController.php
View File

@@ -252,7 +252,7 @@ class ThesaurusXmlHttpController extends Controller
/** @var DOMElement $n2 */ /** @var DOMElement $n2 */
for ($n2 = $n->firstChild; $n2; $n2 = $n2->nextSibling) { for ($n2 = $n->firstChild; $n2; $n2 = $n2->nextSibling) {
if ($n2->nodeName == "sy") { if ($n2->nodeName == "sy") {
$sy = $n2->getAttribute("v"); $sy = htmlspecialchars($n2->getAttribute("v"));
if (!$firstsy) { if (!$firstsy) {
$firstsy = $sy; $firstsy = $sy;
if ($request->get("debug")) { if ($request->get("debug")) {
@@ -441,7 +441,7 @@ class ThesaurusXmlHttpController extends Controller
for ($n2 = $n->firstChild; $n2; $n2 = $n2->nextSibling) { for ($n2 = $n->firstChild; $n2; $n2 = $n2->nextSibling) {
if ($n2->nodeName == "sy") { if ($n2->nodeName == "sy") {
$lng = $n2->getAttribute("lng"); $lng = $n2->getAttribute("lng");
$t = $n2->getAttribute("v"); $t = htmlspecialchars($n2->getAttribute("v"));
$ksy = $n2->getAttribute("w"); $ksy = $n2->getAttribute("w");
if ($k = $n2->getAttribute("k")) { if ($k = $n2->getAttribute("k")) {
$ksy .= " ($k)"; $ksy .= " ($k)";
@@ -586,7 +586,7 @@ class ThesaurusXmlHttpController extends Controller
for ($n2 = $n->firstChild; $n2; $n2 = $n2->nextSibling) { for ($n2 = $n->firstChild; $n2; $n2 = $n2->nextSibling) {
if ($n2->nodeName == "sy") { if ($n2->nodeName == "sy") {
$lng = $n2->getAttribute("lng"); $lng = $n2->getAttribute("lng");
$t = $n2->getAttribute("v"); $t = htmlspecialchars($n2->getAttribute("v"));
$ksy = $n2->getAttribute("w"); $ksy = $n2->getAttribute("w");
if ($k = $n2->getAttribute("k")) { if ($k = $n2->getAttribute("k")) {
$ksy .= " ($k)"; $ksy .= " ($k)";
@@ -843,7 +843,7 @@ class ThesaurusXmlHttpController extends Controller
for ($n2 = $n->firstChild; $n2; $n2 = $n2->nextSibling) { for ($n2 = $n->firstChild; $n2; $n2 = $n2->nextSibling) {
if ($n2->nodeName == 'sy') { if ($n2->nodeName == 'sy') {
$lng = $n2->getAttribute('lng'); $lng = $n2->getAttribute('lng');
$t = $n2->getAttribute('v'); $t = htmlspecialchars($n2->getAttribute('v'));
$key = $n2->getAttribute('w'); // key of the current sy $key = $n2->getAttribute('w'); // key of the current sy
if ($k = $n2->getAttribute('k')) { if ($k = $n2->getAttribute('k')) {
$key .= ' (' . $k . ')'; $key .= ' (' . $k . ')';
@@ -920,7 +920,7 @@ class ThesaurusXmlHttpController extends Controller
$bid = $request->get('bid'); $bid = $request->get('bid');
for ($i = 0; $i < $nodes->length; $i++) { for ($i = 0; $i < $nodes->length; $i++) {
$n = $nodes->item($i); $n = $nodes->item($i);
$t = $n->getAttribute('v'); $t = htmlspecialchars($n->getAttribute('v'));
$tid = $n->getAttribute('id'); $tid = $n->getAttribute('id');
$html .= '<p id=\'TH_T.' . $bid . '.' . $tid . '\'>'; $html .= '<p id=\'TH_T.' . $bid . '.' . $tid . '\'>';
@@ -967,7 +967,7 @@ class ThesaurusXmlHttpController extends Controller
$allsy = ''; $allsy = '';
for ($n = $srcnode->firstChild; $n; $n = $n->nextSibling) { for ($n = $srcnode->firstChild; $n; $n = $n->nextSibling) {
if ($n->nodeName == 'sy') { if ($n->nodeName == 'sy') {
$t = $n->getAttribute('v'); $t = htmlspecialchars($n->getAttribute('v'));
if ($n->getAttribute('bold')) { if ($n->getAttribute('bold')) {
$allsy .= ( $allsy ? ' ; ' : '') . '<b id=\'TH_W.' . $bid . '.' . $n->getAttribute('id') . '\'>' . $t . '</b>'; $allsy .= ( $allsy ? ' ; ' : '') . '<b id=\'TH_W.' . $bid . '.' . $n->getAttribute('id') . '\'>' . $t . '</b>';
} else { } else {
@@ -1078,12 +1078,12 @@ class ThesaurusXmlHttpController extends Controller
$ret['result'] = array(); $ret['result'] = array();
for ($i = 0; $i < $nodes->length; $i++) { for ($i = 0; $i < $nodes->length; $i++) {
$n = $nodes->item($i); $n = $nodes->item($i);
$t = $n->getAttribute('v'); $t = htmlspecialchars($n->getAttribute('v'));
$tid = $n->getAttribute('id'); $tid = $n->getAttribute('id');
$ret['result'][] = array( $ret['result'][] = array(
'id' => $n->getAttribute('id'), 'id' => $n->getAttribute('id'),
't' => $n->getAttribute('v'), 't' => htmlspecialchars($n->getAttribute('v')),
); );
} }
} }
@@ -1103,7 +1103,7 @@ class ThesaurusXmlHttpController extends Controller
$allsy = array(); $allsy = array();
for ($n = $srcnode->firstChild; $n; $n = $n->nextSibling) { for ($n = $srcnode->firstChild; $n; $n = $n->nextSibling) {
if ($n->nodeName == 'sy') { if ($n->nodeName == 'sy') {
$t = $n->getAttribute('v'); $t = htmlspecialchars($n->getAttribute('v'));
$allsy[] = array( $allsy[] = array(
'id' => $n->getAttribute('id'), 'id' => $n->getAttribute('id'),
't' => $t, 't' => $t,
@@ -1190,7 +1190,7 @@ class ThesaurusXmlHttpController extends Controller
} else { } else {
for ($i = 0; $i < $nodes->length; $i++) { for ($i = 0; $i < $nodes->length; $i++) {
$n = $nodes->item($i); $n = $nodes->item($i);
$t = $n->getAttribute('v'); $t = htmlspecialchars($n->getAttribute('v'));
$tid = $n->getAttribute('id'); $tid = $n->getAttribute('id');
$zhtml .= '<p id=\'TH_T.' . $bid . '.' . $tid . '\'>'; $zhtml .= '<p id=\'TH_T.' . $bid . '.' . $tid . '\'>';
@@ -1213,7 +1213,7 @@ class ThesaurusXmlHttpController extends Controller
$allsy = ''; $allsy = '';
for ($n = $srcnode->firstChild; $n; $n = $n->nextSibling) { for ($n = $srcnode->firstChild; $n; $n = $n->nextSibling) {
if ($n->nodeName == 'sy') { if ($n->nodeName == 'sy') {
$t = $n->getAttribute('v'); $t = htmlspecialchars($n->getAttribute('v'));
if ($n->getAttribute('bold')) { if ($n->getAttribute('bold')) {
$allsy .= ( $allsy ? ' ; ' : '') . '<b id=\'GL_W.' . $bid . '.' . $n->getAttribute('id') . '\'>' . $t . '</b>'; $allsy .= ( $allsy ? ' ; ' : '') . '<b id=\'GL_W.' . $bid . '.' . $n->getAttribute('id') . '\'>' . $t . '</b>';
} else { } else {
@@ -1613,7 +1613,7 @@ class ThesaurusXmlHttpController extends Controller
if ($n2->nodeName == 'sy') { if ($n2->nodeName == 'sy') {
$lng = $n2->getAttribute('lng'); $lng = $n2->getAttribute('lng');
$t = $n2->getAttribute('v'); $t = htmlspecialchars($n2->getAttribute('v'));
$key = $n2->getAttribute('w'); // key of the current sy $key = $n2->getAttribute('w'); // key of the current sy
if ($k = $n2->getAttribute('k')) { if ($k = $n2->getAttribute('k')) {