hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-23 09:53:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

escape in controller

Browse Source
This commit is contained in:
aina-esokia
2019-04-05 15:57:49 +04:00
parent 7426eb453d
commit c89757c4d7
3 changed files with 24 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
lib/Alchemy/Phrasea/Controller/Prod/RecordController.php
View File

@@ -90,35 +90,44 @@ class RecordController extends Controller
}
$recordCaptions["technicalInfo"] = $record->getPositionFromTechnicalInfos();
// escape record title before rendering
$recordTitle = explode("</span>", $record->get_title());
if (count($recordTitle) >1) {
$recordTitle[1] = htmlspecialchars($recordTitle[1]);
$recordTitle = implode("</span>", $recordTitle);
} else {
$recordTitle = htmlspecialchars($record->get_title());
}
return $this->app->json([
"desc" => $this->render('prod/preview/caption.html.twig', [
"desc" => $this->render('prod/preview/caption.html.twig', [
'record' => $record,
'highlight' => $query,
'searchEngine' => $searchEngine,
'searchOptions' => $options,
]),
"recordCaptions"=> $recordCaptions,
"html_preview" => $this->render('common/preview.html.twig', [
"recordCaptions" => $recordCaptions,
"html_preview" => $this->render('common/preview.html.twig', [
'record' => $record
]),
"others" => $this->render('prod/preview/appears_in.html.twig', [
"others" => $this->render('prod/preview/appears_in.html.twig', [
'parents' => $record->get_grouping_parents(),
'baskets' => $record->get_container_baskets($this->getEntityManager(), $this->getAuthenticatedUser()),
]),
"current" => $train,
"record" => $currentRecord,
"history" => $this->render('prod/preview/short_history.html.twig', [
"current" => $train,
"record" => $currentRecord,
"history" => $this->render('prod/preview/short_history.html.twig', [
'record' => $record,
]),
"popularity" => $this->render('prod/preview/popularity.html.twig', [
"popularity" => $this->render('prod/preview/popularity.html.twig', [
'record' => $record,
]),
"tools" => $this->render('prod/preview/tools.html.twig', [
"tools" => $this->render('prod/preview/tools.html.twig', [
'record' => $record,
]),
"pos" => $record->getNumber(),
"title" => $record->get_title(),
"databox_name" => $record->getDatabox()->get_dbname(),
"pos" => $record->getNumber(),
"title" => $recordTitle,
"databox_name" => $record->getDatabox()->get_dbname(),
"collection_name" => $record->getCollection()->get_name(),
"collection_logo" => $record->getCollection()->getLogo($record->getBaseId(), $this->app),
]);

2
lib/classes/record/adapter.php
View File

@@ -941,7 +941,7 @@ class record_adapter implements RecordInterface, cache_cacheableInterface
$this->set_data_to_cache(self::CACHE_TITLE, $title);
}
return htmlspecialchars($title);
return $title;
}
/**

4
lib/classes/record/preview.php
View File

@@ -149,7 +149,7 @@ class record_preview extends record_adapter
$this->original_item = $element;
$sbas_id = $element->getSbasId();
$record_id = $element->getRecordId();
$this->name = htmlspecialchars($Basket->getName());
$this->name = $Basket->getName();
$number = $element->getOrd();
$first = false;
}
@@ -169,7 +169,7 @@ class record_preview extends record_adapter
if ($element->getOrd() == $pos || $first) {
$sbas_id = $element->getSbasId();
$record_id = $element->getRecordId();
$this->name = htmlspecialchars($entry->getTitle());
$this->name = $entry->getTitle();
$this->original_item = $element;
$number = $element->getOrd();
$first = false;