PHRAS-3800_xss (#4219)

* add encode option to record::get_title ; render preview.record_title in twig * html-escape facet values
2025-10-13 21:13:26 +00:00 · 2023-03-15 11:05:34 +01:00
parent 32ff2739ab
commit e7027c7220
31 changed files with 241 additions and 158 deletions
--- a/lib/classes/eventsmanager/notify/bridgeuploadfail.php
+++ b/lib/classes/eventsmanager/notify/bridgeuploadfail.php
@@ -44,7 +44,7 @@ class eventsmanager_notify_bridgeuploadfail extends eventsmanager_notifyAbstract

        $ret = [
            'text'  => $this->app->trans("L'upload concernant le record %title% sur le compte %bridge_name% a echoue pour les raisons suivantes : %reason%", [
-                '%title%' => $record->get_title(),
+                '%title%' => $record->get_title(['encode'=> record_adapter::ENCODE_FOR_HTML]),
                '%bridge_name%' => $account->get_api()->get_connector()->get_name(),
                '%reason%' => $reason
            ])