diff --git a/lib/Alchemy/Phrasea/Controller/Prod/RecordController.php b/lib/Alchemy/Phrasea/Controller/Prod/RecordController.php index ef67a81ae0..0a948d6d1d 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/RecordController.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/RecordController.php @@ -90,35 +90,44 @@ class RecordController extends Controller } $recordCaptions["technicalInfo"] = $record->getPositionFromTechnicalInfos(); + // escape record title before rendering + $recordTitle = explode("", $record->get_title()); + if (count($recordTitle) >1) { + $recordTitle[1] = htmlspecialchars($recordTitle[1]); + $recordTitle = implode("", $recordTitle); + } else { + $recordTitle = htmlspecialchars($record->get_title()); + } + return $this->app->json([ - "desc" => $this->render('prod/preview/caption.html.twig', [ + "desc" => $this->render('prod/preview/caption.html.twig', [ 'record' => $record, 'highlight' => $query, 'searchEngine' => $searchEngine, 'searchOptions' => $options, ]), - "recordCaptions"=> $recordCaptions, - "html_preview" => $this->render('common/preview.html.twig', [ + "recordCaptions" => $recordCaptions, + "html_preview" => $this->render('common/preview.html.twig', [ 'record' => $record ]), - "others" => $this->render('prod/preview/appears_in.html.twig', [ + "others" => $this->render('prod/preview/appears_in.html.twig', [ 'parents' => $record->get_grouping_parents(), 'baskets' => $record->get_container_baskets($this->getEntityManager(), $this->getAuthenticatedUser()), ]), - "current" => $train, - "record" => $currentRecord, - "history" => $this->render('prod/preview/short_history.html.twig', [ + "current" => $train, + "record" => $currentRecord, + "history" => $this->render('prod/preview/short_history.html.twig', [ 'record' => $record, ]), - "popularity" => $this->render('prod/preview/popularity.html.twig', [ + "popularity" => $this->render('prod/preview/popularity.html.twig', [ 'record' => $record, ]), - "tools" => $this->render('prod/preview/tools.html.twig', [ + "tools" => $this->render('prod/preview/tools.html.twig', [ 'record' => $record, ]), - "pos" => $record->getNumber(), - "title" => $record->get_title(), - "databox_name" => $record->getDatabox()->get_dbname(), + "pos" => $record->getNumber(), + "title" => $recordTitle, + "databox_name" => $record->getDatabox()->get_dbname(), "collection_name" => $record->getCollection()->get_name(), "collection_logo" => $record->getCollection()->getLogo($record->getBaseId(), $this->app), ]); diff --git a/lib/classes/record/adapter.php b/lib/classes/record/adapter.php index 2a4a3a1c7d..c4045d9fc5 100644 --- a/lib/classes/record/adapter.php +++ b/lib/classes/record/adapter.php @@ -941,7 +941,7 @@ class record_adapter implements RecordInterface, cache_cacheableInterface $this->set_data_to_cache(self::CACHE_TITLE, $title); } - return htmlspecialchars($title); + return $title; } /** diff --git a/lib/classes/record/preview.php b/lib/classes/record/preview.php index 1c88f6e94e..dd0ae0fe43 100644 --- a/lib/classes/record/preview.php +++ b/lib/classes/record/preview.php @@ -149,7 +149,7 @@ class record_preview extends record_adapter $this->original_item = $element; $sbas_id = $element->getSbasId(); $record_id = $element->getRecordId(); - $this->name = htmlspecialchars($Basket->getName()); + $this->name = $Basket->getName(); $number = $element->getOrd(); $first = false; } @@ -169,7 +169,7 @@ class record_preview extends record_adapter if ($element->getOrd() == $pos || $first) { $sbas_id = $element->getSbasId(); $record_id = $element->getRecordId(); - $this->name = htmlspecialchars($entry->getTitle()); + $this->name = $entry->getTitle(); $this->original_item = $element; $number = $element->getOrd(); $first = false;