gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-06 15:14:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

run htmlspecialchars on workflow names

Browse Source
This commit is contained in:
Uwe Steinmann 2021-04-30 09:27:59 +02:00
parent 751e91ceaf
commit 98f7fc85f4
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
views/bootstrap/class.ViewDocument.php
View File

@ -1159,7 +1159,7 @@ class SeedDMS_View_ViewDocument extends SeedDMS_Theme_Style {
echo "<form class=\"form-inline\" action=\"../out/out.RunSubWorkflow.php\" method=\"get\"><input type=\"hidden\" name=\"documentid\" value=\"".$latestContent->getDocument()->getId()."\" /><input type=\"hidden\" name=\"version\" value=\"".$latestContent->getVersion()."\" />";
echo "<select name=\"subworkflow\" class=\"form-control\">";
foreach($subworkflows as $subworkflow) {
echo "<option value=\"".$subworkflow->getID()."\">".$subworkflow->getName()."</option>";
echo "<option value=\"".$subworkflow->getID()."\">".htmlspecialchars($subworkflow->getName())."</option>";
}
echo "</select>";
echo "<label class=\"inline\">";
@ -1178,7 +1178,7 @@ class SeedDMS_View_ViewDocument extends SeedDMS_Theme_Style {
* parent workflow
*/
if($latestContent->getWorkflowState()->getID() == $state->getID()) {
echo "Switching from sub workflow '".$workflow->getName()."' into state ".$state->getName()." of parent workflow '".$parentworkflow->getName()."' is possible<br />";
echo "Switching from sub workflow '".htmlspecialchars($workflow->getName())."' into state ".$state->getName()." of parent workflow '".htmlspecialchars($parentworkflow->getName())."' is possible<br />";
/* Check if the transition from the state where the sub workflow
* starts into the current state is also allowed in the parent
* workflow. Checking at this point is actually too late, because