diff --git a/lib/classes/eventsmanager/notify/autoregister.php b/lib/classes/eventsmanager/notify/autoregister.php
index d9749f8835..94cda97934 100644
--- a/lib/classes/eventsmanager/notify/autoregister.php
+++ b/lib/classes/eventsmanager/notify/autoregister.php
@@ -37,7 +37,7 @@ class eventsmanager_notify_autoregister extends eventsmanager_notifyAbstract
}
$ret = [
- 'text' => $this->app->trans('%user% s\'est enregistre sur une ou plusieurs %before_link% scollections %after_link%', ['%user%' => $user->getDisplayName(), '%before_link%' => '', '%after_link%' => ''])
+ 'text' => $this->app->trans('%user% s\'est enregistre sur une ou plusieurs %before_link% scollections %after_link%', ['%user%' => htmlentities($user->getDisplayName()), '%before_link%' => '', '%after_link%' => ''])
, 'class' => ''
];
diff --git a/lib/classes/eventsmanager/notify/feed.php b/lib/classes/eventsmanager/notify/feed.php
index 678f8e1e84..da1132c0e9 100644
--- a/lib/classes/eventsmanager/notify/feed.php
+++ b/lib/classes/eventsmanager/notify/feed.php
@@ -37,7 +37,7 @@ class eventsmanager_notify_feed extends eventsmanager_notifyAbstract
}
$ret = [
- 'text' => $this->app->trans('%user% has published %title%', ['%user%' => $entry->getAuthorName(), '%title%' => '' . $entry->getTitle() . ''])
+ 'text' => $this->app->trans('%user% has published %title%', ['%user%' => htmlentities($entry->getAuthorName()), '%title%' => '' . htmlentities($entry->getTitle()) . ''])
, 'class' => ($unread == 1 ? 'reload_baskets' : '')
];
diff --git a/lib/classes/eventsmanager/notify/order.php b/lib/classes/eventsmanager/notify/order.php
index bba2c686f0..af40b49d74 100644
--- a/lib/classes/eventsmanager/notify/order.php
+++ b/lib/classes/eventsmanager/notify/order.php
@@ -41,7 +41,7 @@ class eventsmanager_notify_order extends eventsmanager_notifyAbstract
$ret = [
'text' => $this->app->trans('%user% a passe une %opening_link% commande %end_link%', [
- '%user%' => $sender,
+ '%user%' => htmlentities($sender),
'%opening_link%' => '',
'%end_link%' => '',])
, 'class' => ''
diff --git a/lib/classes/eventsmanager/notify/orderdeliver.php b/lib/classes/eventsmanager/notify/orderdeliver.php
index 8f4dcd8813..c32efa5a35 100644
--- a/lib/classes/eventsmanager/notify/orderdeliver.php
+++ b/lib/classes/eventsmanager/notify/orderdeliver.php
@@ -63,9 +63,9 @@ class eventsmanager_notify_orderdeliver extends eventsmanager_notifyAbstract
}
$ret = [
- 'text' => $this->app->trans('%user% vous a delivre %quantity% document(s) pour votre commande %title%', ['%user%' => $sender, '%quantity%' => $n, '%title%' => ''
- . $basket->getName() . '']),
+ . htmlentities($basket->getName()) . '']),
'class' => ''
];
diff --git a/lib/classes/eventsmanager/notify/ordernotdelivered.php b/lib/classes/eventsmanager/notify/ordernotdelivered.php
index 3f72abb0a3..f6bd7c174b 100644
--- a/lib/classes/eventsmanager/notify/ordernotdelivered.php
+++ b/lib/classes/eventsmanager/notify/ordernotdelivered.php
@@ -39,7 +39,7 @@ class eventsmanager_notify_ordernotdelivered extends eventsmanager_notifyAbstrac
$sender = $user->getDisplayName();
$ret = [
- 'text' => $this->app->trans('%user% a refuse la livraison de %quantity% document(s) pour votre commande', ['%user%' => $sender, '%quantity%' => $n])
+ 'text' => $this->app->trans('%user% a refuse la livraison de %quantity% document(s) pour votre commande', ['%user%' => htmlentities($sender), '%quantity%' => $n])
, 'class' => ''
];
diff --git a/lib/classes/eventsmanager/notify/push.php b/lib/classes/eventsmanager/notify/push.php
index 367ab499cb..3f975e2089 100644
--- a/lib/classes/eventsmanager/notify/push.php
+++ b/lib/classes/eventsmanager/notify/push.php
@@ -39,7 +39,7 @@ class eventsmanager_notify_push extends eventsmanager_notifyAbstract
$sender = $user->getDisplayName();
$ret = [
- 'text' => $this->app->trans('%user% vous a envoye un %before_link% panier %after_link%', ['%user%' => $sender, '%before_link%' => ' $this->app->trans('%user% vous a envoye un %before_link% panier %after_link%', ['%user%' => htmlentities($sender), '%before_link%' => 'getDisplayName();
$ret = [
- 'text' => $this->app->trans('%user% demande votre approbation sur une ou plusieurs %before_link% collections %after_link%', ['%user%' => $sender, '%before_link%' => '', '%after_link%' => ''])
+ 'text' => $this->app->trans('%user% demande votre approbation sur une ou plusieurs %before_link% collections %after_link%', ['%user%' => htmlentities($sender), '%before_link%' => '', '%after_link%' => ''])
, 'class' => ''
];
diff --git a/lib/classes/eventsmanager/notify/uploadquarantine.php b/lib/classes/eventsmanager/notify/uploadquarantine.php
index e44f2d66e3..24eb01073c 100644
--- a/lib/classes/eventsmanager/notify/uploadquarantine.php
+++ b/lib/classes/eventsmanager/notify/uploadquarantine.php
@@ -41,7 +41,7 @@ class eventsmanager_notify_uploadquarantine extends eventsmanager_notifyAbstract
$filename = $data['filename'];
- $text = $this->app->trans('The document %name% has been quarantined', ['%name%' => $filename]);
+ $text = $this->app->trans('The document %name% has been quarantined', ['%name%' => htmlentities($filename)]);
if ($reasons) {
$text .= ' ' . $this->app->trans('for the following reasons : %reasons%', ['%reasons%' => implode(', ', $reasons)]);
diff --git a/lib/classes/eventsmanager/notify/validate.php b/lib/classes/eventsmanager/notify/validate.php
index c99fee25fb..3b3b46130d 100644
--- a/lib/classes/eventsmanager/notify/validate.php
+++ b/lib/classes/eventsmanager/notify/validate.php
@@ -56,11 +56,11 @@ class eventsmanager_notify_validate extends eventsmanager_notifyAbstract
$bask_link = ''
- . $basket_name . '';
+ . htmlentities($basket_name) . '';
$ret = [
'text' => $this->app->trans('%user% vous demande de valider %title%', [
- '%user%' => $sender,
+ '%user%' => htmlentities($sender),
'%title%' => $bask_link,
])
, 'class' => ($unread == 1 ? 'reload_baskets' : '')
diff --git a/lib/classes/eventsmanager/notify/validationdone.php b/lib/classes/eventsmanager/notify/validationdone.php
index c5b0c48a5c..a96a091145 100644
--- a/lib/classes/eventsmanager/notify/validationdone.php
+++ b/lib/classes/eventsmanager/notify/validationdone.php
@@ -62,9 +62,9 @@ class eventsmanager_notify_validationdone extends eventsmanager_notifyAbstract
}
$ret = [
- 'text' => $this->app->trans('%user% a envoye son rapport de validation de %title%', ['%user%' => $sender, '%title%' => ''
- . $basket->getName() . '']),
+ . htmlentities($basket->getName()) . '']),
'class' => ''
];
diff --git a/lib/classes/eventsmanager/notify/validationreminder.php b/lib/classes/eventsmanager/notify/validationreminder.php
index b5f10841d4..a292970e9d 100644
--- a/lib/classes/eventsmanager/notify/validationreminder.php
+++ b/lib/classes/eventsmanager/notify/validationreminder.php
@@ -63,7 +63,7 @@ class eventsmanager_notify_validationreminder extends eventsmanager_notifyAbstra
. $basket_name . '';
$ret = [
- 'text' => $this->app->trans('Rappel : Il vous reste %timeLeft% pour valider %title% de %user%', ['%timeLeft%' => $timeLeft, '%title%' => $bask_link, '%user%' => $sender])
+ 'text' => $this->app->trans('Rappel : Il vous reste %timeLeft% pour valider %title% de %user%', ['%timeLeft%' => $timeLeft, '%title%' => $bask_link, '%user%' => htmlentities($sender)])
, 'class' => ($unread == 1 ? 'reload_baskets' : '')
];
diff --git a/templates/web/prod/notification.html.twig b/templates/web/prod/notification.html.twig
index b93bdd8237..84e0afd1ba 100644
--- a/templates/web/prod/notification.html.twig
+++ b/templates/web/prod/notification.html.twig
@@ -6,7 +6,7 @@
- {{notification['text'] | e | raw}}
+ {{notification['text'] | raw}}
{{notification['created_on']}}
|
|