Commit 5ba0f704 authored by Côme Chilliet's avatar Côme Chilliet
Browse files

🚑 fix(msg_dialog) Escape HTML in error dialogs

We’ll need to check there is no error message which actually needs HTML.

issue #5907
parent 60cdb7c6
......@@ -41,12 +41,12 @@
{elseif $i_Type == $smarty.const.INFO_DIALOG || $i_Type == $smarty.const.CONFIRM_DIALOG}
<img src="geticon.php?context=status&amp;icon=dialog-information&amp;size=32" class="center" alt="{t}Information{/t}"/>
{/if}
{$s_Title}
{$s_Title|escape}
</h2>
</div>
<div style="z-index:250;width:100%;">
{$s_Message}
{$s_Message|escape}
</div>
<div class="plugbottom">
{if $s_Trace != "" && $i_TraceCnt != 0}
......
......@@ -172,8 +172,8 @@ class msg_dialog
<img src="geticon.php?context=status&amp;icon=dialog-error&amp;size=32" alt="'._('Error').'"/>
</td>
<td style="width:100%">
<b>'.$this->s_Title.'</b><br/>
'.$this->s_Message.'<br><br/>
<b>'.htmlentities($this->s_Title, ENT_COMPAT, 'UTF-8').'</b><br/>
'.htmlentities($this->s_Message, ENT_COMPAT, 'UTF-8').'<br><br/>
'._('Please fix the above error and reload the page.').'
</td>
</tr>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment