gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-11 20:21:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

run names through htmlspecialchars()

Browse Source
This commit is contained in:
Uwe Steinmann 2020-03-26 07:54:27 +01:00
parent 3efdac7197
commit 2c0fb6f476
4 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
views/bootstrap/class.Bootstrap.php
View File

@ -2408,7 +2408,7 @@ $('body').on('click', '[id^=\"table-row-folder\"] td:nth-child(2)', function(ev)
$content .= count($links)."/".count($revlinks)." ".getMLText("linked_documents")."<br />";
if($status["status"] == S_IN_WORKFLOW && $workflowmode == 'advanced') {
$workflowstate = $latestContent->getWorkflowState();
$content .= '<span title="'.getOverallStatusText($status["status"]).': '.$workflow->getName().'">'.$workflowstate->getName().'</span>';
$content .= '<span title="'.getOverallStatusText($status["status"]).': '.htmlspecialchars($workflow->getName()).'">'.htmlspecialchars($workflowstate->getName()).'</span>';
} else {
$content .= getOverallStatusText($status["status"]);
}

6
views/bootstrap/class.WorkflowActionsMgr.php
View File

@ -86,11 +86,11 @@ $(document).ready( function() {
$workflow = $transition->getWorkflow();
echo "<tr>";
echo "<td>";
echo $workflow->getName();
echo htmlspecialchars($workflow->getName());
echo "</td><td>";
echo '<i class="icon-circle'.($workflow->getInitState()->getId() == $state->getId() ? ' initstate' : ' in-workflow').'"></i> '.$state->getName();
echo '<i class="icon-circle'.($workflow->getInitState()->getId() == $state->getId() ? ' initstate' : ' in-workflow').'"></i> '.htmlspecialchars($state->getName());
echo "</td><td>";
echo '<i class="icon-circle'.($docstatus == S_RELEASED ? ' released' : ($docstatus == S_REJECTED ? ' rejected' : ' in-workflow')).'"></i> '.$nextstate->getName();
echo '<i class="icon-circle'.($docstatus == S_RELEASED ? ' released' : ($docstatus == S_REJECTED ? ' rejected' : ' in-workflow')).'"></i> '.htmlspecialchars($nextstate->getName());
echo "</td></tr>";
}
echo "</tbody>";

16
views/bootstrap/class.WorkflowMgr.php
View File

@ -117,7 +117,7 @@ $(document).ready(function() {
if($path) {
$names = array();
foreach($path as $state) {
$names[] = $state->getName();
$names[] = htmlspecialchars($state->getName());
}
$this->errorMsg(getMLText('workflow_has_cycle').": ".implode(' <i class="icon-arrow-right"></i> ', $names));
}
@ -219,14 +219,14 @@ $(document).ready(function() {
if(!$transusers && !$transgroups) {
echo " class=\"error\"";
}
echo "><td>".'<i class="icon-circle'.($workflow->getInitState()->getId() == $state->getId() ? ' initstate' : ' in-workflow').'"></i> '.$state->getName()."<br />";
echo "><td>".'<i class="icon-circle'.($workflow->getInitState()->getId() == $state->getId() ? ' initstate' : ' in-workflow').'"></i> '.htmlspecialchars($state->getName())."<br />";
$docstatus = $nextstate->getDocumentStatus();
echo '<i class="icon-circle'.($docstatus == S_RELEASED ? ' released' : ($docstatus == S_REJECTED ? ' rejected' : ' in-workflow')).'"></i> '.$nextstate->getName();
echo '<i class="icon-circle'.($docstatus == S_RELEASED ? ' released' : ($docstatus == S_REJECTED ? ' rejected' : ' in-workflow')).'"></i> '.htmlspecialchars($nextstate->getName());
if($docstatus == S_RELEASED || $docstatus == S_REJECTED) {
echo "<br /><i class=\"icon-arrow-right\"></i> ".getOverallStatusText($docstatus);
}
echo "</td>";
echo "<td><i class=\"icon-sign-blank workflow-action\"></i> ".$action->getName()."</td>";
echo "<td><i class=\"icon-sign-blank workflow-action\"></i> ".htmlspecialchars($action->getName())."</td>";
echo "<td>";
foreach($transusers as $transuser) {
$u = $transuser->getUser();
@ -237,7 +237,7 @@ $(document).ready(function() {
$g = $transgroup->getGroup();
echo '<i class="icon-group"></i> '.getMLText('at_least_n_users_of_group',
array("number_of_users" => $transgroup->getNumOfUsers(),
"group" => $g->getName()));
"group" => htmlspecialchars($g->getName())));
echo "<br />";
}
echo "</td>";
@ -264,20 +264,20 @@ $(document).ready(function() {
echo "<select name=\"state\">";
$states = $dms->getAllWorkflowStates();
foreach($states as $state) {
echo "<option value=\"".$state->getID()."\">".$state->getName()."</option>";
echo "<option value=\"".$state->getID()."\">".htmlspecialchars($state->getName())."</option>";
}
echo "</select><br />";
echo "<select name=\"nextstate\">";
$states = $dms->getAllWorkflowStates();
foreach($states as $state) {
echo "<option value=\"".$state->getID()."\">".$state->getName()."</option>";
echo "<option value=\"".$state->getID()."\">".htmlspecialchars($state->getName())."</option>";
}
echo "</select>";
echo "</td>";
echo "<td>";
echo "<select name=\"action\">";
foreach($actions as $action) {
echo "<option value=\"".$action->getID()."\">".$action->getName()."</option>";
echo "<option value=\"".$action->getID()."\">".htmlspecialchars($action->getName())."</option>";
}
echo "</select>";
echo "</td>";

6
views/bootstrap/class.WorkflowStatesMgr.php
View File

@ -87,11 +87,11 @@ $(document).ready(function() {
$workflow = $transition->getWorkflow();
echo "<tr>";
echo "<td>";
echo $workflow->getName();
echo htmlspecialchars($workflow->getName());
echo "</td><td>";
echo '<i class="icon-circle'.($workflow->getInitState()->getId() == $state->getId() ? ' initstate' : ' in-workflow').'"></i> '.$state->getName();
echo '<i class="icon-circle'.($workflow->getInitState()->getId() == $state->getId() ? ' initstate' : ' in-workflow').'"></i> '.htmlspecialchars($state->getName());
echo "</td><td>";
echo '<i class="icon-circle'.($docstatus == S_RELEASED ? ' released' : ($docstatus == S_REJECTED ? ' rejected' : ' in-workflow')).'"></i> '.$nextstate->getName();
echo '<i class="icon-circle'.($docstatus == S_RELEASED ? ' released' : ($docstatus == S_REJECTED ? ' rejected' : ' in-workflow')).'"></i> '.htmlspecialchars($nextstate->getName());
echo "</td></tr>";
}
echo "</tbody>";