gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-11 20:21:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix possible xss attack

Browse Source
This commit is contained in:
Uwe Steinmann 2025-03-25 18:09:41 +01:00
parent 5ce55216ad
commit edb91d3299
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
views/bootstrap/class.Clipboard.php
View File

@ -52,12 +52,12 @@ class SeedDMS_View_Clipboard extends SeedDMS_Theme_Style {
$subitems = [];
foreach($clipboard['folders'] as $folderid) {
if($folder = $this->params['dms']->getFolder($folderid)) {
$subitems[] = array('label'=>'<i class="fa fa-folder-o"></i> '.$folder->getName(), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewFolder.php?folderid=".$folder->getID(), 'class'=>"table-row-folder droptarget", 'attributes'=>array(array('data-droptarget', "folder_".$folder->getID()), array('rel', "folder_".$folder->getID()), array('data-name', htmlspecialchars($folder->getName(), ENT_QUOTES))));
$subitems[] = array('label'=>'<i class="fa fa-folder-o"></i> '.htmlspecialchars($folder->getName()), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewFolder.php?folderid=".$folder->getID(), 'class'=>"table-row-folder droptarget", 'attributes'=>array(array('data-droptarget', "folder_".$folder->getID()), array('rel', "folder_".$folder->getID()), array('data-name', htmlspecialchars($folder->getName(), ENT_QUOTES))));
}
}
foreach($clipboard['docs'] as $docid) {
if($document = $this->params['dms']->getDocument($docid))
$subitems[] = array('label'=>'<i class="fa fa-file"></i> '.$document->getName(), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$document->getID(), 'class'=>"table-row-document droptarget", 'attributes'=>array(array('data-droptarget', "document_".$document->getID()), array('rel', "document_".$document->getID()), array('formtoken', createFormKey('')), array('data-name', htmlspecialchars($document->getName(), ENT_QUOTES))));
$subitems[] = array('label'=>'<i class="fa fa-file"></i> '.htmlspecialchars($document->getName()), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$document->getID(), 'class'=>"table-row-document droptarget", 'attributes'=>array(array('data-droptarget', "document_".$document->getID()), array('rel', "document_".$document->getID()), array('formtoken', createFormKey('')), array('data-name', htmlspecialchars($document->getName(), ENT_QUOTES))));
}
if((count($clipboard['docs']) + count($clipboard['folders'])) > 0) {
$subitems[] = array('divider'=>true);