mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-06-01 14:37:20 +00:00
fix possible xss attack
This commit is contained in:
parent
b7e075cdba
commit
28ba7b59b9
|
@ -323,7 +323,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Theme_Style {
|
|||
$subitems = [];
|
||||
foreach($tasks['receipt'] as $t) {
|
||||
$doc = $dms->getDocument($t['id']);
|
||||
$subitems[] = array('label'=>$doc->getName(), 'link'=>"../out/out.ViewDocument.php?documentid=".$doc->getID()."¤ttab=recipients", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
|
||||
$subitems[] = array('label'=>htmlspecialchars($doc->getName()), 'link'=>"../out/out.ViewDocument.php?documentid=".$doc->getID()."¤ttab=recipients", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
|
||||
}
|
||||
$menuitems['tasks']['children']['receipt'] = array('label'=>getMLText('documents_to_receipt'), 'children'=>$subitems);
|
||||
}
|
||||
|
@ -331,7 +331,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Theme_Style {
|
|||
$subitems = [];
|
||||
foreach($tasks['revision'] as $t) {
|
||||
$doc = $dms->getDocument($t['id']);
|
||||
$subitems[] = array('label'=>$doc->getName(), 'link'=>"../out/out.ViewDocument.php?documentid=".$doc->getID()."¤ttab=revision", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
|
||||
$subitems[] = array('label'=>htmlspecialchars($doc->getName()), 'link'=>"../out/out.ViewDocument.php?documentid=".$doc->getID()."¤ttab=revision", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
|
||||
}
|
||||
$menuitems['tasks']['children']['revision'] = array('label'=>getMLText('documents_to_revise'), 'children'=>$subitems);
|
||||
}
|
||||
|
@ -339,7 +339,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Theme_Style {
|
|||
$subitems = [];
|
||||
foreach($tasks['needscorrection'] as $t) {
|
||||
$doc = $dms->getDocument($t['id']);
|
||||
$subitems[] = array('label'=>$doc->getName(), 'link'=>"../out/out.ViewDocument.php?documentid=".$doc->getID()."¤ttab=docinfo", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
|
||||
$subitems[] = array('label'=>htmlspecialchars($doc->getName()), 'link'=>"../out/out.ViewDocument.php?documentid=".$doc->getID()."¤ttab=docinfo", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
|
||||
}
|
||||
$menuitems['tasks']['children']['needscorrection'] = array('label'=>getMLText('documents_to_correct'), 'children'=>$subitems);
|
||||
}
|
||||
|
@ -355,7 +355,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Theme_Style {
|
|||
$subitems = [];
|
||||
foreach($tasks['checkedout'] as $t) {
|
||||
$doc = $dms->getDocument($t['id']);
|
||||
$subitems[] = array('label'=>$doc->getName(), 'link'=>"../out/out.ViewDocument.php?documentid=".$doc->getID()."¤ttab=docinfo", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
|
||||
$subitems[] = array('label'=>htmlspecialchars($doc->getName()), 'link'=>"../out/out.ViewDocument.php?documentid=".$doc->getID()."¤ttab=docinfo", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
|
||||
}
|
||||
$menuitems['tasks']['children']['checkedout'] = array('label'=>getMLText('documents_checked_out_by_you'), 'children'=>$subitems);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user