mirror of
https://github.com/alchemy-fr/Phraseanet.git
synced 2025-10-24 10:23:17 +00:00
escape in controller
This commit is contained in:
aina-esokia
@@ -90,6 +90,15 @@ class RecordController extends Controller
|
|||||||
}
|
}
|
||||||
$recordCaptions["technicalInfo"] = $record->getPositionFromTechnicalInfos();
|
$recordCaptions["technicalInfo"] = $record->getPositionFromTechnicalInfos();
|
||||||
|
|
||||||
|
// escape record title before rendering
|
||||||
|
$recordTitle = explode("</span>", $record->get_title());
|
||||||
|
if (count($recordTitle) >1) {
|
||||||
|
$recordTitle[1] = htmlspecialchars($recordTitle[1]);
|
||||||
|
$recordTitle = implode("</span>", $recordTitle);
|
||||||
|
} else {
|
||||||
|
$recordTitle = htmlspecialchars($record->get_title());
|
||||||
|
}
|
||||||
|
|
||||||
return $this->app->json([
|
return $this->app->json([
|
||||||
"desc" => $this->render('prod/preview/caption.html.twig', [
|
"desc" => $this->render('prod/preview/caption.html.twig', [
|
||||||
'record' => $record,
|
'record' => $record,
|
||||||
@@ -97,7 +106,7 @@ class RecordController extends Controller
|
|||||||
'searchEngine' => $searchEngine,
|
'searchEngine' => $searchEngine,
|
||||||
'searchOptions' => $options,
|
'searchOptions' => $options,
|
||||||
]),
|
]),
|
||||||
"recordCaptions"=> $recordCaptions,
|
"recordCaptions" => $recordCaptions,
|
||||||
"html_preview" => $this->render('common/preview.html.twig', [
|
"html_preview" => $this->render('common/preview.html.twig', [
|
||||||
'record' => $record
|
'record' => $record
|
||||||
]),
|
]),
|
||||||
@@ -117,7 +126,7 @@ class RecordController extends Controller
|
|||||||
'record' => $record,
|
'record' => $record,
|
||||||
]),
|
]),
|
||||||
"pos" => $record->getNumber(),
|
"pos" => $record->getNumber(),
|
||||||
"title" => $record->get_title(),
|
"title" => $recordTitle,
|
||||||
"databox_name" => $record->getDatabox()->get_dbname(),
|
"databox_name" => $record->getDatabox()->get_dbname(),
|
||||||
"collection_name" => $record->getCollection()->get_name(),
|
"collection_name" => $record->getCollection()->get_name(),
|
||||||
"collection_logo" => $record->getCollection()->getLogo($record->getBaseId(), $this->app),
|
"collection_logo" => $record->getCollection()->getLogo($record->getBaseId(), $this->app),
|
||||||
|
|||||||
@@ -941,7 +941,7 @@ class record_adapter implements RecordInterface, cache_cacheableInterface
|
|||||||
$this->set_data_to_cache(self::CACHE_TITLE, $title);
|
$this->set_data_to_cache(self::CACHE_TITLE, $title);
|
||||||
}
|
}
|
||||||
|
|
||||||
return htmlspecialchars($title);
|
return $title;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -149,7 +149,7 @@ class record_preview extends record_adapter
|
|||||||
$this->original_item = $element;
|
$this->original_item = $element;
|
||||||
$sbas_id = $element->getSbasId();
|
$sbas_id = $element->getSbasId();
|
||||||
$record_id = $element->getRecordId();
|
$record_id = $element->getRecordId();
|
||||||
$this->name = htmlspecialchars($Basket->getName());
|
$this->name = $Basket->getName();
|
||||||
$number = $element->getOrd();
|
$number = $element->getOrd();
|
||||||
$first = false;
|
$first = false;
|
||||||
}
|
}
|
||||||
@@ -169,7 +169,7 @@ class record_preview extends record_adapter
|
|||||||
if ($element->getOrd() == $pos || $first) {
|
if ($element->getOrd() == $pos || $first) {
|
||||||
$sbas_id = $element->getSbasId();
|
$sbas_id = $element->getSbasId();
|
||||||
$record_id = $element->getRecordId();
|
$record_id = $element->getRecordId();
|
||||||
$this->name = htmlspecialchars($entry->getTitle());
|
$this->name = $entry->getTitle();
|
||||||
$this->original_item = $element;
|
$this->original_item = $element;
|
||||||
$number = $element->getOrd();
|
$number = $element->getOrd();
|
||||||
$first = false;
|
$first = false;
|
||||||
|
|||||||
Reference in New Issue
Block a user