gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-06 15:14:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix possible xss

Browse Source
This commit is contained in:
Uwe Steinmann 2019-06-28 11:02:10 +02:00
parent c17bd81148
commit 6f2fb3e646
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
views/bootstrap/class.ViewDocument.php
View File

@ -705,10 +705,10 @@ class SeedDMS_View_ViewDocument extends SeedDMS_Bootstrap_Style {
echo "</thead><tbody>";
foreach($statuslog as $entry) {
if($suser = $dms->getUser($entry['userID']))
$fullname = $suser->getFullName();
$fullname = htmlspecialchars($suser->getFullName());
else
$fullname = "--";
echo "<tr><td>".$entry['date']."</td><td>".getOverallStatusText($entry['status'])."</td><td>".$fullname."</td><td>".$entry['comment']."</td></tr>\n";
echo "<tr><td>".$entry['date']."</td><td>".getOverallStatusText($entry['status'])."</td><td>".$fullname."</td><td>".htmlspecialchars($entry['comment'])."</td></tr>\n";
}
print "</tbody>\n</table>\n";
$this->contentContainerEnd();
@ -725,8 +725,8 @@ class SeedDMS_View_ViewDocument extends SeedDMS_Bootstrap_Style {
echo "<td>".$wkflog->getDate()."</td>";
echo "<td>".$wkflog->getTransition()->getAction()->getName()."</td>";
$loguser = $wkflog->getUser();
echo "<td>".$loguser->getFullName()."</td>";
echo "<td>".$wkflog->getComment()."</td>";
echo "<td>".htmlspecialchars($loguser->getFullName())."</td>";
echo "<td>".htmlspecialchars($wkflog->getComment())."</td>";
echo "</tr>";
}
print "</tbody>\n</table>\n";