From 71a226e118eebb08464b2f8d83c2c2cd4d662bd7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come@opensides.be>
Date: Mon, 13 Aug 2018 17:34:34 +0200
Subject: [PATCH] :ambulance: fix(departments) Escape HTML code set in
department descriptions
issue #5868
---
include/class_baseSelector.inc | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/include/class_baseSelector.inc b/include/class_baseSelector.inc
index 7fac5d877..344776ee7 100644
--- a/include/class_baseSelector.inc
+++ b/include/class_baseSelector.inc
@@ -238,9 +238,9 @@ class baseSelector
$this->tree .= "<li><a$selected $link>".
'<img class="center" '.
'src="'.htmlentities($config->department_info[$base]['img'], ENT_COMPAT, 'UTF-8').'" '.
- 'alt="'.$config->department_info[$base]['name'].'"/> '.
- $this->gennonbreaks($config->department_info[$base]['name']).
- ($config->department_info[$base]['description'] == '' ? '' : ' <span class="informal">['.$this->gennonbreaks($config->department_info[$base]['description']).']</span>').
+ 'alt="'.htmlentities($config->department_info[$base]['name'], ENT_COMPAT, 'UTF-8').'"/> '.
+ $this->escape($config->department_info[$base]['name']).
+ (($config->department_info[$base]['description'] == '') ? '' : ' <span class="informal">['.$this->escape($config->department_info[$base]['description']).']</span>').
'</a>';
$last_indent = $indent;
@@ -267,13 +267,13 @@ class baseSelector
/*!
- * \brief Replace all space of the string by non-breaking space
+ * \brief Replace all space of the string by non-breaking space and escapes HTML
*
* \param String $string The string which his space will be replaced
*/
- function gennonbreaks($string)
+ function escape($string)
{
- return str_replace('-', '‑', str_replace(' ', ' ', $string));
+ return str_replace(' ', ' ', htmlentities($string, ENT_COMPAT, 'UTF-8'));
}
/*!
--
GitLab