diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php
index 9b69f4f8a..7d7f4408d 100644
--- a/views/bootstrap/class.Bootstrap.php
+++ b/views/bootstrap/class.Bootstrap.php
@@ -3277,7 +3277,7 @@ $('body').on('click', '[id^=\"table-row-folder\"] td:nth-child(2)', function(ev)
$content .= "
";
foreach($categories as $category) {
$color = substr(md5($category->getName()), 0, 6);
- $content .= "".$category->getName()." ";
+ $content .= "".htmlspecialchars($category->getName())." ";
}
}
if(!empty($extracontent['bottom_title']))
diff --git a/views/bootstrap/class.EditDocument.php b/views/bootstrap/class.EditDocument.php
index 48c1d47c0..5d4746e33 100644
--- a/views/bootstrap/class.EditDocument.php
+++ b/views/bootstrap/class.EditDocument.php
@@ -139,7 +139,7 @@ $(document).ready( function() {
if(!$nodocumentformfields || !in_array('categories', $nodocumentformfields)) {
$options = array();
foreach($categories as $category) {
- $options[] = array($category->getID(), $category->getName(), in_array($category, $document->getCategories()));
+ $options[] = array($category->getID(), htmlspecialchars($category->getName()), in_array($category, $document->getCategories()));
}
$this->formField(
getMLText("categories"),
diff --git a/views/bootstrap/class.Search.php b/views/bootstrap/class.Search.php
index e602de15d..12c64f56f 100644
--- a/views/bootstrap/class.Search.php
+++ b/views/bootstrap/class.Search.php
@@ -369,9 +369,9 @@ $(document).ready(function() {
}
}
if($removecategory) {
- $this->setParam('batchmsg', getMLText('batch_remove_category_msg', ['count'=>$j, 'catname'=>$changecategory->getName()]));
+ $this->setParam('batchmsg', getMLText('batch_remove_category_msg', ['count'=>$j, 'catname'=>htmlspecialchars($changecategory->getName())]));
} else {
- $this->setParam('batchmsg', getMLText('batch_add_category_msg', ['count'=>$j, 'catname'=>$changecategory->getName()]));
+ $this->setParam('batchmsg', getMLText('batch_add_category_msg', ['count'=>$j, 'catname'=>htmlspecialchars($changecategory->getName())]));
}
} else {
}
@@ -710,7 +710,7 @@ $(document).ready(function() {
$allcategories = $dms->getDocumentCategories();
if($allcategories) {
foreach($allcategories as $acategory) {
- $options[] = array($acategory->getID(), $acategory->getName(), in_array($acategory->getId(), $tmpcatids));
+ $options[] = array($acategory->getID(), htmlspecialchars($acategory->getName()), in_array($acategory->getId(), $tmpcatids));
}
$this->formField(
getMLText("categories"),
@@ -947,7 +947,7 @@ $(document).ready(function() {
$options = array();
$allcategories = $dms->getDocumentCategories();
foreach($allcategories as $acategory) {
- $options[] = array($acategory->getID(), $acategory->getName(), in_array($acategory->getId(), $tmpcatids));
+ $options[] = array($acategory->getID(), htmlspecialchars($acategory->getName()), in_array($acategory->getId(), $tmpcatids));
}
$this->formField(
getMLText("category_filter"),
diff --git a/views/bootstrap4/class.Bootstrap4.php b/views/bootstrap4/class.Bootstrap4.php
index ebafc2524..93ffc29f2 100644
--- a/views/bootstrap4/class.Bootstrap4.php
+++ b/views/bootstrap4/class.Bootstrap4.php
@@ -3326,7 +3326,7 @@ $('body').on('click', '[id^=\"table-row-folder\"] td:nth-child(2)', function(ev)
$content .= "
";
foreach($categories as $category) {
$color = substr(md5($category->getName()), 0, 6);
- $content .= "".$category->getName()." ";
+ $content .= "".htmlspecialchars($category->getName())." ";
}
}
if(!empty($extracontent['bottom_title']))