gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-30 21:47:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix possible xss attack when document name contains malicious code

Browse Source
This commit is contained in:
Uwe Steinmann 2025-03-26 08:39:58 +01:00
parent 5a40423836
commit d1dfc924b5
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
views/bootstrap/class.Tasks.php
View File

@ -203,7 +203,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Theme_Style {
$subitems = [];
foreach($tasks['review'] as $t) {
$doc = $dms->getDocument($t['id']);
$subitems[] = array('label'=>$doc->getName(), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=revapp", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
$subitems[] = array('label'=>htmlspecialchars($doc->getName()), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=revapp", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
}
$menuitems['tasks']['children']['review'] = array('label'=>getMLText('documents_to_review'), 'children'=>$subitems);
@ -212,7 +212,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Theme_Style {
$subitems = [];
foreach($tasks['approval'] as $t) {
$doc = $dms->getDocument($t['id']);
$subitems[] = array('label'=>$doc->getName(), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=revapp", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
$subitems[] = array('label'=>htmlspecialchars($doc->getName()), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=revapp", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
}
$menuitems['tasks']['children']['approval'] = array('label'=>getMLText('documents_to_approve'), 'children'=>$subitems);
}
@ -220,7 +220,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Theme_Style {
$subitems = [];
foreach($tasks['workflow'] as $t) {
$doc = $dms->getDocument($t['id']);
$subitems[] = array('label'=>$doc->getName(), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=workflow", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
$subitems[] = array('label'=>htmlspecialchars($doc->getName()), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=workflow", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
}
$menuitems['tasks']['children']['workflow'] = array('label'=>getMLText('documents_to_trigger_workflow'), 'children'=>$subitems);
}
@ -228,7 +228,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Theme_Style {
$subitems = [];
foreach($tasks['rejected'] as $t) {
$doc = $dms->getDocument($t['id']);
$subitems[] = array('label'=>$doc->getName(), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=docinfo", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
$subitems[] = array('label'=>htmlspecialchars($doc->getName()), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=docinfo", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
}
$menuitems['tasks']['children']['rejected'] = array('label'=>getMLText('documents_rejected'), 'children'=>$subitems);
}