PHRAS-3522 fix uninterpreted html in notification

2025-10-17 06:53:15 +00:00 · 2021-09-09 14:23:56 +03:00
parent 1fa06df13c
commit 90ef036c05
12 changed files with 15 additions and 15 deletions
--- a/lib/classes/eventsmanager/notify/validationdone.php
+++ b/lib/classes/eventsmanager/notify/validationdone.php
@@ -62,9 +62,9 @@ class eventsmanager_notify_validationdone extends eventsmanager_notifyAbstract
        }

        $ret = [
-            'text'  => $this->app->trans('%user% a envoye son rapport de validation de %title%', ['%user%' => $sender, '%title%' => '<a href="/lightbox/validate/'
+            'text'  => $this->app->trans('%user% a envoye son rapport de validation de %title%', ['%user%' => htmlentities($sender), '%title%' => '<a href="/lightbox/validate/'
                . $ssel_id . '/" target="_blank">'
-                . $basket->getName() . '</a>']),
+                . htmlentities($basket->getName()) . '</a>']),
            'class' => ''
        ];