gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2024-11-26 15:32:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- call htmlspeciachars() before output of comment

Browse Source
This commit is contained in:
steinm 2011-12-05 13:21:09 +00:00
parent ac434cd171
commit 7c5805badb
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
out/out.ApproveDocument.php
View File

@ -126,7 +126,7 @@ if ($approvalStatus['type'] == 0) {
print "<td>"; print "<td>";
printApprovalStatusText($approvalStatus["status"]); printApprovalStatusText($approvalStatus["status"]);
print "</td>"; print "</td>";
print "<td>".$approvalStatus["comment"]."</td>"; print "<td>".htmlspecialchars($approvalStatus["comment"])."</td>";
$indUser = $dms->getUser($approvalStatus["userID"]); $indUser = $dms->getUser($approvalStatus["userID"]);
print "<td>".$approvalStatus["date"]." - ". $indUser->getFullname() ."</td>"; print "<td>".$approvalStatus["date"]." - ". $indUser->getFullname() ."</td>";
print "</tr></tbody></table><br>\n"; print "</tr></tbody></table><br>\n";

4
out/out.ReviewDocument.php
View File

@ -126,7 +126,7 @@ if ($reviewStatus['type'] == 0) {
print "<td>"; print "<td>";
printReviewStatusText($reviewStatus["status"]); printReviewStatusText($reviewStatus["status"]);
print "</td>"; print "</td>";
print "<td>".$reviewStatus["comment"]."</td>"; print "<td>".htmlspecialchars($reviewStatus["comment"])."</td>";
$indUser = $dms->getUser($reviewStatus["userID"]); $indUser = $dms->getUser($reviewStatus["userID"]);
print "<td>".$reviewStatus["date"]." - ". htmlspecialchars($indUser->getFullname()) ."</td>"; print "<td>".$reviewStatus["date"]." - ". htmlspecialchars($indUser->getFullname()) ."</td>";
print "</tr></tbody></table><br>"; print "</tr></tbody></table><br>";
@ -164,7 +164,7 @@ else if ($reviewStatus['type'] == 1) {
print "<td>"; print "<td>";
printReviewStatusText($reviewStatus["status"]); printReviewStatusText($reviewStatus["status"]);
print "</td>"; print "</td>";
print "<td>".$reviewStatus["comment"]."</td>"; print "<td>".htmlspecialchars($reviewStatus["comment"])."</td>";
$indUser = $dms->getUser($reviewStatus["userID"]); $indUser = $dms->getUser($reviewStatus["userID"]);
print "<td>".$reviewStatus["date"]." - ". htmlspecialchars($indUser->getFullname()) ."</td>"; print "<td>".$reviewStatus["date"]." - ". htmlspecialchars($indUser->getFullname()) ."</td>";
print "</tr></tbody></table><br>\n"; print "</tr></tbody></table><br>\n";