From d1dfc924b56c6d556c74bcd5e2b08828b30d508c Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Wed, 26 Mar 2025 08:39:58 +0100
Subject: [PATCH] fix possible xss attack when document name contains malicious
 code

---
 views/bootstrap/class.Tasks.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/views/bootstrap/class.Tasks.php b/views/bootstrap/class.Tasks.php
index cfcb6c1be..dfb29f9fc 100644
--- a/views/bootstrap/class.Tasks.php
+++ b/views/bootstrap/class.Tasks.php
@@ -203,7 +203,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Theme_Style {
 		$subitems = [];
 		foreach($tasks['review'] as $t) {
 			$doc = $dms->getDocument($t['id']);
-			$subitems[] = array('label'=>$doc->getName(), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=revapp", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
+			$subitems[] = array('label'=>htmlspecialchars($doc->getName()), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=revapp", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
 		}
 		$menuitems['tasks']['children']['review'] = array('label'=>getMLText('documents_to_review'), 'children'=>$subitems);
 
@@ -212,7 +212,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Theme_Style {
 		$subitems = [];
 		foreach($tasks['approval'] as $t) {
 			$doc = $dms->getDocument($t['id']);
-			$subitems[] = array('label'=>$doc->getName(), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=revapp", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
+			$subitems[] = array('label'=>htmlspecialchars($doc->getName()), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=revapp", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
 		}
 		$menuitems['tasks']['children']['approval'] = array('label'=>getMLText('documents_to_approve'), 'children'=>$subitems);
 		}
@@ -220,7 +220,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Theme_Style {
 		$subitems = [];
 		foreach($tasks['workflow'] as $t) {
 			$doc = $dms->getDocument($t['id']);
-			$subitems[] = array('label'=>$doc->getName(), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=workflow", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
+			$subitems[] = array('label'=>htmlspecialchars($doc->getName()), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=workflow", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
 		}
 		$menuitems['tasks']['children']['workflow'] = array('label'=>getMLText('documents_to_trigger_workflow'), 'children'=>$subitems);
 		}
@@ -228,7 +228,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Theme_Style {
 		$subitems = [];
 		foreach($tasks['rejected'] as $t) {
 			$doc = $dms->getDocument($t['id']);
-			$subitems[] = array('label'=>$doc->getName(), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=docinfo", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
+			$subitems[] = array('label'=>htmlspecialchars($doc->getName()), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."&currenttab=docinfo", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID());
 		}
 		$menuitems['tasks']['children']['rejected'] = array('label'=>getMLText('documents_rejected'), 'children'=>$subitems);
 		}