fix possible xss attack

This commit is contained in:
Uwe Steinmann 2025-03-26 09:36:38 +01:00
parent b7e075cdba
commit 28ba7b59b9

View File

@ -323,7 +323,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Theme_Style {
$subitems = [];
foreach($tasks['receipt'] as $t) {
$doc = $dms->getDocument($t['id']);
$subitems[] = array('label'=>$doc->getName(), 'link'=>"../out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=recipients", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
$subitems[] = array('label'=>htmlspecialchars($doc->getName()), 'link'=>"../out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=recipients", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
}
$menuitems['tasks']['children']['receipt'] = array('label'=>getMLText('documents_to_receipt'), 'children'=>$subitems);
}
@ -331,7 +331,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Theme_Style {
$subitems = [];
foreach($tasks['revision'] as $t) {
$doc = $dms->getDocument($t['id']);
$subitems[] = array('label'=>$doc->getName(), 'link'=>"../out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=revision", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
$subitems[] = array('label'=>htmlspecialchars($doc->getName()), 'link'=>"../out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=revision", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
}
$menuitems['tasks']['children']['revision'] = array('label'=>getMLText('documents_to_revise'), 'children'=>$subitems);
}
@ -339,7 +339,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Theme_Style {
$subitems = [];
foreach($tasks['needscorrection'] as $t) {
$doc = $dms->getDocument($t['id']);
$subitems[] = array('label'=>$doc->getName(), 'link'=>"../out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=docinfo", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
$subitems[] = array('label'=>htmlspecialchars($doc->getName()), 'link'=>"../out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=docinfo", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
}
$menuitems['tasks']['children']['needscorrection'] = array('label'=>getMLText('documents_to_correct'), 'children'=>$subitems);
}
@ -355,7 +355,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Theme_Style {
$subitems = [];
foreach($tasks['checkedout'] as $t) {
$doc = $dms->getDocument($t['id']);
$subitems[] = array('label'=>$doc->getName(), 'link'=>"../out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=docinfo", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
$subitems[] = array('label'=>htmlspecialchars($doc->getName()), 'link'=>"../out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=docinfo", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
}
$menuitems['tasks']['children']['checkedout'] = array('label'=>getMLText('documents_checked_out_by_you'), 'children'=>$subitems);
}