gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-03-12 00:45:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

htmlencode() the complete content in deletion dialog

Browse Source 
this used to be just the filename, but translations of the text
may also contain qoutes which break the javascript
This commit is contained in:
Uwe Steinmann 2015-02-04 07:41:33 +01:00
parent 92279dcaf4
commit 8963879f5d
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
views/bootstrap/class.Bootstrap.php
View File

@ -1352,7 +1352,7 @@ $('#delete-document-btn-".$docid."').popover({
title: '".getMLText("rm_document")."',
placement: 'left',
html: true,
content: \"<div>".getMLText("confirm_rm_document", array ("documentname" => htmlspecialchars($document->getName(), ENT_QUOTES)))."</div><div><button class='btn btn-danger removedocument' style='float: right; margin:10px 0px;' rel='".$docid."' msg='".getMLText($msg)."' formtoken='".createFormKey('removedocument')."' id='confirm-delete-document-btn-".$docid."'><i class='icon-remove'></i> ".getMLText("rm_document")."</button> <button type='button' class='btn' style='float: right; margin:10px 10px;' onclick='$(&quot;#delete-document-btn-".$docid."&quot;).popover(&quot;hide&quot;);'>".getMLText('cancel')."</button></div>\"});
content: \"<div>".htmlspecialchars(getMLText("confirm_rm_document", array ("documentname" => $document->getName())), ENT_QUOTES)."</div><div><button class='btn btn-danger removedocument' style='float: right; margin:10px 0px;' rel='".$docid."' msg='".getMLText($msg)."' formtoken='".createFormKey('removedocument')."' id='confirm-delete-document-btn-".$docid."'><i class='icon-remove'></i> ".getMLText("rm_document")."</button> <button type='button' class='btn' style='float: right; margin:10px 10px;' onclick='$(&quot;#delete-document-btn-".$docid."&quot;).popover(&quot;hide&quot;);'>".getMLText('cancel')."</button></div>\"});
");
if($return)
return $content;
@ -1381,7 +1381,7 @@ $('#delete-folder-btn-".$folderid."').popover({
title: '".getMLText("rm_folder")."',
placement: 'left',
html: true,
content: \"<div>".getMLText("confirm_rm_folder", array ("foldername" => htmlspecialchars($folder->getName(), ENT_QUOTES)))."</div><div><button class='btn btn-danger removefolder' style='float: right; margin:10px 0px;' rel='".$folderid."' msg='".getMLText($msg)."' formtoken='".createFormKey('removefolder')."' id='confirm-delete-folder-btn-".$folderid."'><i class='icon-remove'></i> ".getMLText("rm_folder")."</button> <button type='button' class='btn' style='float: right; margin:10px 10px;' onclick='$(&quot;#delete-folder-btn-".$folderid."&quot;).popover(&quot;hide&quot;);'>".getMLText('cancel')."</button></div>\"});
content: \"<div>".htmlspecialchars(getMLText("confirm_rm_folder", array ("foldername" => $folder->getName())), ENT_QUOTES)."</div><div><button class='btn btn-danger removefolder' style='float: right; margin:10px 0px;' rel='".$folderid."' msg='".getMLText($msg)."' formtoken='".createFormKey('removefolder')."' id='confirm-delete-folder-btn-".$folderid."'><i class='icon-remove'></i> ".getMLText("rm_folder")."</button> <button type='button' class='btn' style='float: right; margin:10px 10px;' onclick='$(&quot;#delete-folder-btn-".$folderid."&quot;).popover(&quot;hide&quot;);'>".getMLText('cancel')."</button></div>\"});
");
if($return)
return $content;