hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-14 21:43:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

PHRAS-3800_xss (#4219)

Browse Source 
* add encode option to record::get_title ; render preview.record_title in twig

* html-escape facet values
This commit is contained in:
jygaulier
2023-03-15 11:05:34 +01:00
committed by GitHub
parent 32ff2739ab
commit e7027c7220
31 changed files with 241 additions and 158 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/Alchemy/Phrasea/Controller/LightboxController.php
View File

@@ -22,6 +22,7 @@ use Alchemy\Phrasea\Model\Manipulator\TokenManipulator;
use Alchemy\Phrasea\Model\Repositories\BasketElementRepository;
use Alchemy\Phrasea\Model\Repositories\BasketRepository;
use Alchemy\Phrasea\Model\Repositories\TokenRepository;
use record_adapter;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
@@ -107,7 +108,7 @@ class LightboxController extends Controller
if ($this->app['browser']->isMobile()) {
return $this->renderResponse('lightbox/basket_element.html.twig', [
'basket_element' => $basketElement,
'module_name' => $basketElement->getRecord($this->app)->get_title(),
'module_name' => $basketElement->getRecord($this->app)->get_title(['encode'=> record_adapter::ENCODE_NONE]),
'nextId' => $nextId,
'prevId' => $prevId
]);
@@ -116,7 +117,7 @@ class LightboxController extends Controller
$ret = [];
$ret['number'] = $basketElement->getRecord($this->app)->getNumber();
$ret['title'] = $basketElement->getRecord($this->app)->get_title();
$ret['title'] = $basketElement->getRecord($this->app)->get_title(['encode'=> record_adapter::ENCODE_NONE]);
$ret['preview'] = $this->render(
'common/preview.html.twig',
@@ -157,13 +158,13 @@ class LightboxController extends Controller
if ($browser->isMobile()) {
return $this->renderResponse('lightbox/feed_element.html.twig', [
'feed_element' => $item,
'module_name' => $record->get_title()
'module_name' => $record->get_title(['encode'=> record_adapter::ENCODE_NONE])
]);
}
$ret = [];
$ret['number'] = $record->getNumber();
$ret['title'] = $record->get_title();
$ret['title'] = $record->get_title(['encode'=> record_adapter::ENCODE_NONE]);
$ret['preview'] = $this->render('common/preview.html.twig', [
'record' => $record,
'not_wrapped' => true,