gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-15 06:01:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

run names through htmlspecialchars()

Browse Source
This commit is contained in:
Uwe Steinmann 2020-03-26 07:54:27 +01:00
parent 3efdac7197
commit 2c0fb6f476
4 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
views/bootstrap/class.Bootstrap.php
View File

@ -2408,7 +2408,7 @@ $('body').on('click', '[id^=\"table-row-folder\"] td:nth-child(2)', function(ev)
$content .= count($links)."/".count($revlinks)." ".getMLText("linked_documents")."<br />"; $content .= count($links)."/".count($revlinks)." ".getMLText("linked_documents")."<br />";
if($status["status"] == S_IN_WORKFLOW && $workflowmode == 'advanced') { if($status["status"] == S_IN_WORKFLOW && $workflowmode == 'advanced') {
$workflowstate = $latestContent->getWorkflowState(); $workflowstate = $latestContent->getWorkflowState();
$content .= '<span title="'.getOverallStatusText($status["status"]).': '.$workflow->getName().'">'.$workflowstate->getName().'</span>'; $content .= '<span title="'.getOverallStatusText($status["status"]).': '.htmlspecialchars($workflow->getName()).'">'.htmlspecialchars($workflowstate->getName()).'</span>';
} else { } else {
$content .= getOverallStatusText($status["status"]); $content .= getOverallStatusText($status["status"]);
} }

6
views/bootstrap/class.WorkflowActionsMgr.php
View File

@ -86,11 +86,11 @@ $(document).ready( function() {
$workflow = $transition->getWorkflow(); $workflow = $transition->getWorkflow();
echo "<tr>"; echo "<tr>";
echo "<td>"; echo "<td>";
echo $workflow->getName(); echo htmlspecialchars($workflow->getName());
echo "</td><td>"; echo "</td><td>";
echo '<i class="icon-circle'.($workflow->getInitState()->getId() == $state->getId() ? ' initstate' : ' in-workflow').'"></i> '.$state->getName(); echo '<i class="icon-circle'.($workflow->getInitState()->getId() == $state->getId() ? ' initstate' : ' in-workflow').'"></i> '.htmlspecialchars($state->getName());
echo "</td><td>"; echo "</td><td>";
echo '<i class="icon-circle'.($docstatus == S_RELEASED ? ' released' : ($docstatus == S_REJECTED ? ' rejected' : ' in-workflow')).'"></i> '.$nextstate->getName(); echo '<i class="icon-circle'.($docstatus == S_RELEASED ? ' released' : ($docstatus == S_REJECTED ? ' rejected' : ' in-workflow')).'"></i> '.htmlspecialchars($nextstate->getName());
echo "</td></tr>"; echo "</td></tr>";
} }
echo "</tbody>"; echo "</tbody>";

16
views/bootstrap/class.WorkflowMgr.php
View File

@ -117,7 +117,7 @@ $(document).ready(function() {
if($path) { if($path) {
$names = array(); $names = array();
foreach($path as $state) { foreach($path as $state) {
$names[] = $state->getName(); $names[] = htmlspecialchars($state->getName());
} }
$this->errorMsg(getMLText('workflow_has_cycle').": ".implode(' <i class="icon-arrow-right"></i> ', $names)); $this->errorMsg(getMLText('workflow_has_cycle').": ".implode(' <i class="icon-arrow-right"></i> ', $names));
} }
@ -219,14 +219,14 @@ $(document).ready(function() {
if(!$transusers && !$transgroups) { if(!$transusers && !$transgroups) {
echo " class=\"error\""; echo " class=\"error\"";
} }
echo "><td>".'<i class="icon-circle'.($workflow->getInitState()->getId() == $state->getId() ? ' initstate' : ' in-workflow').'"></i> '.$state->getName()."<br />"; echo "><td>".'<i class="icon-circle'.($workflow->getInitState()->getId() == $state->getId() ? ' initstate' : ' in-workflow').'"></i> '.htmlspecialchars($state->getName())."<br />";
$docstatus = $nextstate->getDocumentStatus(); $docstatus = $nextstate->getDocumentStatus();
echo '<i class="icon-circle'.($docstatus == S_RELEASED ? ' released' : ($docstatus == S_REJECTED ? ' rejected' : ' in-workflow')).'"></i> '.$nextstate->getName(); echo '<i class="icon-circle'.($docstatus == S_RELEASED ? ' released' : ($docstatus == S_REJECTED ? ' rejected' : ' in-workflow')).'"></i> '.htmlspecialchars($nextstate->getName());
if($docstatus == S_RELEASED || $docstatus == S_REJECTED) { if($docstatus == S_RELEASED || $docstatus == S_REJECTED) {
echo "<br /><i class=\"icon-arrow-right\"></i> ".getOverallStatusText($docstatus); echo "<br /><i class=\"icon-arrow-right\"></i> ".getOverallStatusText($docstatus);
} }
echo "</td>"; echo "</td>";
echo "<td><i class=\"icon-sign-blank workflow-action\"></i> ".$action->getName()."</td>"; echo "<td><i class=\"icon-sign-blank workflow-action\"></i> ".htmlspecialchars($action->getName())."</td>";
echo "<td>"; echo "<td>";
foreach($transusers as $transuser) { foreach($transusers as $transuser) {
$u = $transuser->getUser(); $u = $transuser->getUser();
@ -237,7 +237,7 @@ $(document).ready(function() {
$g = $transgroup->getGroup(); $g = $transgroup->getGroup();
echo '<i class="icon-group"></i> '.getMLText('at_least_n_users_of_group', echo '<i class="icon-group"></i> '.getMLText('at_least_n_users_of_group',
array("number_of_users" => $transgroup->getNumOfUsers(), array("number_of_users" => $transgroup->getNumOfUsers(),
"group" => $g->getName())); "group" => htmlspecialchars($g->getName())));
echo "<br />"; echo "<br />";
} }
echo "</td>"; echo "</td>";
@ -264,20 +264,20 @@ $(document).ready(function() {
echo "<select name=\"state\">"; echo "<select name=\"state\">";
$states = $dms->getAllWorkflowStates(); $states = $dms->getAllWorkflowStates();
foreach($states as $state) { foreach($states as $state) {
echo "<option value=\"".$state->getID()."\">".$state->getName()."</option>"; echo "<option value=\"".$state->getID()."\">".htmlspecialchars($state->getName())."</option>";
} }
echo "</select><br />"; echo "</select><br />";
echo "<select name=\"nextstate\">"; echo "<select name=\"nextstate\">";
$states = $dms->getAllWorkflowStates(); $states = $dms->getAllWorkflowStates();
foreach($states as $state) { foreach($states as $state) {
echo "<option value=\"".$state->getID()."\">".$state->getName()."</option>"; echo "<option value=\"".$state->getID()."\">".htmlspecialchars($state->getName())."</option>";
} }
echo "</select>"; echo "</select>";
echo "</td>"; echo "</td>";
echo "<td>"; echo "<td>";
echo "<select name=\"action\">"; echo "<select name=\"action\">";
foreach($actions as $action) { foreach($actions as $action) {
echo "<option value=\"".$action->getID()."\">".$action->getName()."</option>"; echo "<option value=\"".$action->getID()."\">".htmlspecialchars($action->getName())."</option>";
} }
echo "</select>"; echo "</select>";
echo "</td>"; echo "</td>";

6
views/bootstrap/class.WorkflowStatesMgr.php
View File

@ -87,11 +87,11 @@ $(document).ready(function() {
$workflow = $transition->getWorkflow(); $workflow = $transition->getWorkflow();
echo "<tr>"; echo "<tr>";
echo "<td>"; echo "<td>";
echo $workflow->getName(); echo htmlspecialchars($workflow->getName());
echo "</td><td>"; echo "</td><td>";
echo '<i class="icon-circle'.($workflow->getInitState()->getId() == $state->getId() ? ' initstate' : ' in-workflow').'"></i> '.$state->getName(); echo '<i class="icon-circle'.($workflow->getInitState()->getId() == $state->getId() ? ' initstate' : ' in-workflow').'"></i> '.htmlspecialchars($state->getName());
echo "</td><td>"; echo "</td><td>";
echo '<i class="icon-circle'.($docstatus == S_RELEASED ? ' released' : ($docstatus == S_REJECTED ? ' rejected' : ' in-workflow')).'"></i> '.$nextstate->getName(); echo '<i class="icon-circle'.($docstatus == S_RELEASED ? ' released' : ($docstatus == S_REJECTED ? ' rejected' : ' in-workflow')).'"></i> '.htmlspecialchars($nextstate->getName());
echo "</td></tr>"; echo "</td></tr>";
} }
echo "</tbody>"; echo "</tbody>";