gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-14 05:31:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

run various outputs through htmlspecialchars()

Browse Source
This commit is contained in:
Uwe Steinmann 2020-02-28 18:20:44 +01:00
parent 3b79e09033
commit 0e4a819e2b
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
views/bootstrap/class.ViewDocument.php
View File

@ -989,11 +989,11 @@ class SeedDMS_View_ViewDocument extends SeedDMS_Bootstrap_Style {
} }
} }
echo "<h4>".$workflow->getName()."</h4>"; echo "<h4>".htmlspecialchars($workflow->getName())."</h4>";
if($parentworkflow = $latestContent->getParentWorkflow()) { if($parentworkflow = $latestContent->getParentWorkflow()) {
echo "<p>Sub workflow of '".$parentworkflow->getName()."'</p>"; echo "<p>Sub workflow of '".htmlspecialchars($parentworkflow->getName())."'</p>";
} }
echo "<h5>".getMLText('current_state').": ".$workflowstate->getName()."</h5>"; echo "<h5>".getMLText('current_state').": ".htmlspecialchars($workflowstate->getName())."</h5>";
echo "<table class=\"table table-condensed\">\n"; echo "<table class=\"table table-condensed\">\n";
echo "<tr>"; echo "<tr>";
echo "<td>".getMLText('next_state').":</td>"; echo "<td>".getMLText('next_state').":</td>";
@ -1017,7 +1017,7 @@ class SeedDMS_View_ViewDocument extends SeedDMS_Bootstrap_Style {
echo "<td>"; echo "<td>";
foreach($transusers as $transuser) { foreach($transusers as $transuser) {
$u = $transuser->getUser(); $u = $transuser->getUser();
echo $u->getFullName(); echo htmlspecialchars($u->getFullName());
if($document->getAccessMode($u) < M_READ) { if($document->getAccessMode($u) < M_READ) {
echo " (no access)"; echo " (no access)";
} }
@ -1035,7 +1035,7 @@ class SeedDMS_View_ViewDocument extends SeedDMS_Bootstrap_Style {
$g = $transgroup->getGroup(); $g = $transgroup->getGroup();
echo getMLText('at_least_n_users_of_group', echo getMLText('at_least_n_users_of_group',
array("number_of_users" => $transgroup->getNumOfUsers(), array("number_of_users" => $transgroup->getNumOfUsers(),
"group" => $g->getName())); "group" => htmlspecialchars($g->getName())));
if ($document->getGroupAccessMode($g) < M_READ) { if ($document->getGroupAccessMode($g) < M_READ) {
echo " (no access)"; echo " (no access)";
} }
@ -1065,10 +1065,10 @@ class SeedDMS_View_ViewDocument extends SeedDMS_Bootstrap_Style {
$wkflogs = $latestContent->getWorkflowLog($transition); $wkflogs = $latestContent->getWorkflowLog($transition);
foreach($wkflogs as $wkflog) { foreach($wkflogs as $wkflog) {
$loguser = $wkflog->getUser(); $loguser = $wkflog->getUser();
echo $loguser->getFullName()." ("; echo htmlspecialchars($loguser->getFullName())." (";
$names = array(); $names = array();
foreach($loguser->getGroups() as $loggroup) { foreach($loguser->getGroups() as $loggroup) {
$names[] = $loggroup->getName(); $names[] = htmlspecialchars($loggroup->getName());
} }
echo implode(", ", $names); echo implode(", ", $names);
echo ") - "; echo ") - ";