gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2024-10-04 15:12:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

run various outputs through htmlspecialchars()

Browse Source
This commit is contained in:
Uwe Steinmann 2020-02-28 18:20:44 +01:00
parent 3b79e09033
commit 0e4a819e2b
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
views/bootstrap/class.ViewDocument.php
View File

@ -989,11 +989,11 @@ class SeedDMS_View_ViewDocument extends SeedDMS_Bootstrap_Style {
}
}
echo "<h4>".$workflow->getName()."</h4>";
echo "<h4>".htmlspecialchars($workflow->getName())."</h4>";
if($parentworkflow = $latestContent->getParentWorkflow()) {
echo "<p>Sub workflow of '".$parentworkflow->getName()."'</p>";
echo "<p>Sub workflow of '".htmlspecialchars($parentworkflow->getName())."'</p>";
}
echo "<h5>".getMLText('current_state').": ".$workflowstate->getName()."</h5>";
echo "<h5>".getMLText('current_state').": ".htmlspecialchars($workflowstate->getName())."</h5>";
echo "<table class=\"table table-condensed\">\n";
echo "<tr>";
echo "<td>".getMLText('next_state').":</td>";
@ -1017,7 +1017,7 @@ class SeedDMS_View_ViewDocument extends SeedDMS_Bootstrap_Style {
echo "<td>";
foreach($transusers as $transuser) {
$u = $transuser->getUser();
echo $u->getFullName();
echo htmlspecialchars($u->getFullName());
if($document->getAccessMode($u) < M_READ) {
echo " (no access)";
}
@ -1035,7 +1035,7 @@ class SeedDMS_View_ViewDocument extends SeedDMS_Bootstrap_Style {
$g = $transgroup->getGroup();
echo getMLText('at_least_n_users_of_group',
array("number_of_users" => $transgroup->getNumOfUsers(),
"group" => $g->getName()));
"group" => htmlspecialchars($g->getName())));
if ($document->getGroupAccessMode($g) < M_READ) {
echo " (no access)";
}
@ -1065,10 +1065,10 @@ class SeedDMS_View_ViewDocument extends SeedDMS_Bootstrap_Style {
$wkflogs = $latestContent->getWorkflowLog($transition);
foreach($wkflogs as $wkflog) {
$loguser = $wkflog->getUser();
echo $loguser->getFullName()." (";
echo htmlspecialchars($loguser->getFullName())." (";
$names = array();
foreach($loguser->getGroups() as $loggroup) {
$names[] = $loggroup->getName();
$names[] = htmlspecialchars($loggroup->getName());
}
echo implode(", ", $names);
echo ") - ";