Skip to content
GitLab
Commit e556bcc3 authored by Côme Chilliet's avatar Côme Chilliet
Browse files

:ambulance: fix(departments) Escape HTML code set in department descriptions 

issue #5868
parent eef5e5ad
dev 6342-update-the-locales-for-1-5 6344-template-issue-when-creating-a-template-with-empty-password-error-message-should-not-be-seen 6365-core-locking-mechanism-is-not-changing-the-mail-ressource-it-does-lock-the-mail-account 6365-core-when-lock-mechanism-is-trigger-the-user-should-not-be-editable-if-not-unlock 6378-orcid-test-method-is-wrong-and-break-orcid-saving 6379-core-ogroups-creation-with-backend-default-user-available-for-selection core-php8 master fusiondirectory-1.5 fusiondirectory-1.4 fusiondirectory-1.3.1 fusiondirectory-1.3
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 7 additions and 8 deletions
+7 -8
include/class_baseSelector.inc
+ 5
5
View file @ e556bcc3
......@@ -238,9 +238,9 @@ class baseSelector
$this->tree .= "<li><a$selected $link>".
'<img class="center" '.
'src="'.htmlentities($config->department_info[$base]['img'], ENT_COMPAT, 'UTF-8').'" '.
'alt="'.$config->department_info[$base]['name'].'"/>&nbsp;'.
$this->gennonbreaks($config->department_info[$base]['name']).
($config->department_info[$base]['description'] == '' ? '' : '&nbsp;<span class="informal">['.$this->gennonbreaks($config->department_info[$base]['description']).']</span>').
'alt="'.htmlentities($config->department_info[$base]['name'], ENT_COMPAT, 'UTF-8').'"/>&nbsp;'.
$this->escape($config->department_info[$base]['name']).
(($config->department_info[$base]['description'] == '') ? '' : '&nbsp;<span class="informal">['.$this->escape($config->department_info[$base]['description']).']</span>').
'</a>';
$last_indent = $indent;
......@@ -267,13 +267,13 @@ class baseSelector
/*!
* \brief Replace all space of the string by non-breaking space
* \brief Replace all space of the string by non-breaking space and escapes HTML
*
* \param String $string The string which his space will be replaced
*/
function gennonbreaks($string)
{
return str_replace('-', '&#8209;', str_replace(' ', '&nbsp;', $string));
return str_replace(' ', '&nbsp;', htmlentities($string, ENT_COMPAT, 'UTF-8'));
}
/*!
......
plugins/admin/departments/class_departmentManagement.inc
+ 2
3
View file @ e556bcc3
......@@ -93,10 +93,9 @@ class departmentManagement extends simpleManagement
{
$ou = $ou[0];
if ($dn == $base) {
$ou = ".";
$ou = '.';
}
$dn = func_get_arg(1);
return "<a href='?plug=".$_GET['plug']."&amp;PID=$pid&amp;act=listing_open_$row' title='$dn'>$ou</a>";
return '<a href="?plug='.$_GET['plug'].'&amp;PID='.$pid.'&amp;act=listing_open_'.$row.'" title="'.htmlentities($dn, ENT_COMPAT, 'UTF-8').'">'.htmlentities($ou, ENT_COMPAT, 'UTF-8').'</a>';
}
// Finally remove departments and update departmnet browsers
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment