diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php
index b97cc8f60..5917f5b81 100644
--- a/views/bootstrap/class.Bootstrap.php
+++ b/views/bootstrap/class.Bootstrap.php
@@ -2408,7 +2408,7 @@ $('body').on('click', '[id^=\"table-row-folder\"] td:nth-child(2)', function(ev)
$content .= count($links)."/".count($revlinks)." ".getMLText("linked_documents")."
";
if($status["status"] == S_IN_WORKFLOW && $workflowmode == 'advanced') {
$workflowstate = $latestContent->getWorkflowState();
- $content .= 'getName().'">'.$workflowstate->getName().'';
+ $content .= 'getName()).'">'.htmlspecialchars($workflowstate->getName()).'';
} else {
$content .= getOverallStatusText($status["status"]);
}
diff --git a/views/bootstrap/class.WorkflowActionsMgr.php b/views/bootstrap/class.WorkflowActionsMgr.php
index 5963025e1..55bf3aeab 100644
--- a/views/bootstrap/class.WorkflowActionsMgr.php
+++ b/views/bootstrap/class.WorkflowActionsMgr.php
@@ -86,11 +86,11 @@ $(document).ready( function() {
$workflow = $transition->getWorkflow();
echo "";
echo "| ";
- echo $workflow->getName();
+ echo htmlspecialchars($workflow->getName());
echo " | ";
- echo ' '.$state->getName();
+ echo ' '.htmlspecialchars($state->getName());
echo " | ";
- echo ' '.$nextstate->getName();
+ echo ' '.htmlspecialchars($nextstate->getName());
echo " |
";
}
echo "";
diff --git a/views/bootstrap/class.WorkflowMgr.php b/views/bootstrap/class.WorkflowMgr.php
index b0de06218..d918b728d 100644
--- a/views/bootstrap/class.WorkflowMgr.php
+++ b/views/bootstrap/class.WorkflowMgr.php
@@ -117,7 +117,7 @@ $(document).ready(function() {
if($path) {
$names = array();
foreach($path as $state) {
- $names[] = $state->getName();
+ $names[] = htmlspecialchars($state->getName());
}
$this->errorMsg(getMLText('workflow_has_cycle').": ".implode(' ', $names));
}
@@ -219,14 +219,14 @@ $(document).ready(function() {
if(!$transusers && !$transgroups) {
echo " class=\"error\"";
}
- echo ">".' '.$state->getName()."
";
+ echo "> | ".' '.htmlspecialchars($state->getName())."
";
$docstatus = $nextstate->getDocumentStatus();
- echo ' '.$nextstate->getName();
+ echo ' '.htmlspecialchars($nextstate->getName());
if($docstatus == S_RELEASED || $docstatus == S_REJECTED) {
echo "
".getOverallStatusText($docstatus);
}
echo " | ";
- echo " ".$action->getName()." | ";
+ echo " ".htmlspecialchars($action->getName())." | ";
echo "";
foreach($transusers as $transuser) {
$u = $transuser->getUser();
@@ -237,7 +237,7 @@ $(document).ready(function() {
$g = $transgroup->getGroup();
echo ' '.getMLText('at_least_n_users_of_group',
array("number_of_users" => $transgroup->getNumOfUsers(),
- "group" => $g->getName()));
+ "group" => htmlspecialchars($g->getName())));
echo "
";
}
echo " | ";
@@ -264,20 +264,20 @@ $(document).ready(function() {
echo "
";
echo "";
echo "";
echo "";
echo "";
echo " | ";
diff --git a/views/bootstrap/class.WorkflowStatesMgr.php b/views/bootstrap/class.WorkflowStatesMgr.php
index ea30447b5..a4da2478d 100644
--- a/views/bootstrap/class.WorkflowStatesMgr.php
+++ b/views/bootstrap/class.WorkflowStatesMgr.php
@@ -87,11 +87,11 @@ $(document).ready(function() {
$workflow = $transition->getWorkflow();
echo "";
echo "| ";
- echo $workflow->getName();
+ echo htmlspecialchars($workflow->getName());
echo " | ";
- echo ' '.$state->getName();
+ echo ' '.htmlspecialchars($state->getName());
echo " | ";
- echo ' '.$nextstate->getName();
+ echo ' '.htmlspecialchars($nextstate->getName());
echo " |
";
}
echo "";