hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-13 21:13:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix prod escaping

Browse Source
This commit is contained in:
aina-esokia
2018-11-22 14:32:42 +04:00
parent 06e30750e4
commit c58ed45333
4 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/Alchemy/Phrasea/Controller/Prod/PushController.php
View File

@@ -597,7 +597,7 @@ class PushController extends Controller
private function formatUser(User $user) private function formatUser(User $user)
{ {
$subtitle = array_filter([$user->getJob(), $user->getCompany()]); $subtitle = array_filter([htmlspecialchars($user->getJob()), htmlspecialchars($user->getCompany())]);
return [ return [
'type' => 'USER', 'type' => 'USER',

2
lib/classes/record/adapter.php
View File

@@ -939,7 +939,7 @@ class record_adapter implements RecordInterface, cache_cacheableInterface
$this->set_data_to_cache(self::CACHE_TITLE, $title); $this->set_data_to_cache(self::CACHE_TITLE, $title);
} }
return $title; return htmlspecialchars($title);
} }
/** /**

4
lib/classes/record/preview.php
View File

@@ -149,7 +149,7 @@ class record_preview extends record_adapter
$this->original_item = $element; $this->original_item = $element;
$sbas_id = $element->getSbasId(); $sbas_id = $element->getSbasId();
$record_id = $element->getRecordId(); $record_id = $element->getRecordId();
$this->name = $Basket->getName(); $this->name = htmlspecialchars($Basket->getName());
$number = $element->getOrd(); $number = $element->getOrd();
$first = false; $first = false;
} }
@@ -169,7 +169,7 @@ class record_preview extends record_adapter
if ($element->getOrd() == $pos || $first) { if ($element->getOrd() == $pos || $first) {
$sbas_id = $element->getSbasId(); $sbas_id = $element->getSbasId();
$record_id = $element->getRecordId(); $record_id = $element->getRecordId();
$this->name = $entry->getTitle(); $this->name = htmlspecialchars($entry->getTitle());
$this->original_item = $element; $this->original_item = $element;
$number = $element->getOrd(); $number = $element->getOrd();
$first = false; $first = false;

4
templates/web/prod/WorkZone/Macros.html.twig
View File

@@ -19,7 +19,7 @@
<img src='/assets/common/images/icons/basket_push_unread.png' title=''/> <img src='/assets/common/images/icons/basket_push_unread.png' title=''/>
{% endif %} {% endif %}
<img src='/assets/common/images/icons/basket.png' title=''/> <img src='/assets/common/images/icons/basket.png' title=''/>
{{basket.getName()}} {{basket.getName()|e}}
</span> </span>
</a> </a>
<div class="menu"> <div class="menu">
@@ -99,7 +99,7 @@
{% else %} {% else %}
<img src='/assets/common/images/icons/basket.png' title=''/> <img src='/assets/common/images/icons/basket.png' title=''/>
{% endif %} {% endif %}
{{basket.getName()}} {{basket.getName()|e}}
</span> </span>
</a> </a>
<div class="menu"> <div class="menu">