gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2024-10-16 13:02:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

prevent xss attach

Browse Source
This commit is contained in:
Uwe Steinmann 2023-10-27 12:51:21 +02:00
parent f562a1bbed
commit 0aedf55ec6
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
views/bootstrap/class.Search.php
View File

@ -878,7 +878,7 @@ $(document).ready(function() {
foreach($values as $v=>$c) {
$uu = $dms->getUserByLogin($v);
if($uu) {
$option = array($uu->getId(), $v);
$option = array($uu->getId(), htmlspecialchars($v));
if(isset(${$facetname}) && in_array($uu->getId(), ${$facetname}))
$option[] = true;
else
@ -891,7 +891,7 @@ $(document).ready(function() {
foreach($values as $v=>$c) {
$cat = $dms->getDocumentCategoryByName($v);
if($cat) {
$option = array($cat->getId(), $v);
$option = array($cat->getId(), htmlspecialchars($v));
if(isset(${$facetname}) && in_array($cat->getId(), ${$facetname}))
$option[] = true;
else
@ -914,7 +914,7 @@ $(document).ready(function() {
/* Do not even create a list of options, because it isn't used */
} else {
foreach($values as $v=>$c) {
$option = array($v, $v);
$option = array($v, htmlspecialchars($v));
if(isset(${$facetname}) && in_array($v, ${$facetname}))
$option[] = true;
else
@ -1122,7 +1122,7 @@ $(document).ready(function() {
else
$fu = $dms->getUserByLogin($v);
if($fu)
$oldtransval[] = $fu->getLogin();
$oldtransval[] = htmlspecialchars($fu->getLogin());
}
break;
case 'status':
@ -1290,7 +1290,7 @@ $(document).ready(function() {
case 'owner':
foreach($values as $v=>$c) {
if($fu = $dms->getUserByLogin($v))
$menuitems[] = array('label'=>$fu->getLogin(), 'link'=>$newrequest->getRequestUri().'&'.$facetname.'[]='.$fu->getId(), 'badge'=>$c);
$menuitems[] = array('label'=>htmlspecialchars($fu->getLogin()), 'link'=>$newrequest->getRequestUri().'&'.$facetname.'[]='.$fu->getId(), 'badge'=>$c);
}
break;
default: