Skip to content

Commit

Permalink
Better HTML encoding for DbUtils, DisplayPreference and DocumentType
Browse files Browse the repository at this point in the history
  • Loading branch information
@AdrienClairembault @cedric-anne
AdrienClairembault authored and cedric-anne committed Sep 18, 2024
1 parent 6044ae1 commit 9dd9446
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 11 deletions.
14 changes: 7 additions & 7 deletions src/DbUtils.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1476,14 +1476,14 @@ public function getTreeValueCompleteName($table, $ID, $withcomment = false, $tra
$alias = $result['alias'];
if (!empty($alias)) {
$name = $alias;
$comment .= "<span class='b'>" . __('Alias:') . "</span> " . $alias . "<br/>";
$comment .= "<span class='b'>" . __s('Alias:') . "</span> " . htmlspecialchars($alias) . "<br/>";
}
if (!empty($code)) {
$name .= ' - ' . $code;
$comment .= "<span class='b'>" . __('Code:') . "</span> " . $code . "<br/>";
$comment .= "<span class='b'>" . __s('Code:') . "</span> " . htmlspecialchars($code) . "<br/>";
}
if (!empty($address)) {
$acomment .= $address;
$acomment .= htmlspecialchars($address);
}
if (
!empty($address) &&
Expand All @@ -1492,19 +1492,19 @@ public function getTreeValueCompleteName($table, $ID, $withcomment = false, $tra
$acomment .= '<br/>';
}
if (!empty($town)) {
$acomment .= $town;
$acomment .= htmlspecialchars($town);
}
if (!empty($country)) {
if (!empty($town)) {
$acomment .= ' - ';
}
$acomment .= $country;
$acomment .= htmlspecialchars($country);
}
if (trim($acomment) != '') {
$comment .= "<span class='b'>&nbsp;" . __('Address:') . "</span> " . $acomment . "<br/>";
$comment .= "<span class='b'>&nbsp;" . __s('Address:') . "</span> " . $acomment . "<br/>";
}
}
$comment .= "<span class='b'>&nbsp;" . __('Comments') . "&nbsp;</span>";
$comment .= "<span class='b'>&nbsp;" . __s('Comments') . "&nbsp;</span>";
}
$transcomment = $result['transcomment'];
if ($translate && !empty($transcomment)) {
Expand Down
4 changes: 2 additions & 2 deletions src/DisplayPreference.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,8 +80,8 @@ public static function showMassiveActionsSubForm(MassiveAction $ma)
{
switch ($ma->getAction()) {
case 'reset_to_default':
$msg = __('This will reset the columns to the defaults for a new installation.');
$msg2 = __('This will only work for types from GLPI itself or enabled plugins that support this action.');
$msg = __s('This will reset the columns to the defaults for a new installation.');
$msg2 = __s('This will only work for types from GLPI itself or enabled plugins that support this action.');
echo '<div class="alert alert-info">' . $msg . '<br>' . $msg2 . '</div>';
echo Html::submit(_x('button', 'Post'), ['name' => 'massiveaction']);
return true;
Expand Down
5 changes: 3 additions & 2 deletions src/DocumentType.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ public static function getSpecificValueToDisplay($field, $values, array $options
case 'icon':
if (!empty($values[$field])) {
return "&nbsp;<img style='vertical-align:middle;' alt='' src='" .
$CFG_GLPI["typedoc_icon_dir"] . "/" . $values[$field] . "'>";
htmlspecialchars($CFG_GLPI["typedoc_icon_dir"] . "/" . $values[$field]) . "'>";
}
}
return parent::getSpecificValueToDisplay($field, $values, $options);
Expand Down Expand Up @@ -191,7 +191,8 @@ public static function showAvailableTypesLink($options = [])
$display .= Ajax::createIframeModalWindow(
"documenttypelist_{$p['rand']}",
$CFG_GLPI["root_doc"] . "/front/documenttype.list.php",
['title' => static::getTypeName(Session::getPluralNumber()),
[
'title' => static::getTypeName(Session::getPluralNumber()),
'display' => false
]
);
Expand Down

0 comments on commit 9dd9446

Please sign in to comment.