From 2c87a3b3e60d7eb9cbd2e9cd5eb6df11394b9daa Mon Sep 17 00:00:00 2001 From: nbm Date: Mon, 22 May 2006 10:39:50 +0000 Subject: [PATCH] KTS-825: Escape entities in document or folder name in TitleColumn, document view, and breadcrumbs. --- lib/browse/BrowseColumns.inc.php | 4 ++-- templates/kt3/standard_page.smarty | 4 ++-- templates/kt3/view_document.smarty | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/browse/BrowseColumns.inc.php b/lib/browse/BrowseColumns.inc.php index 4b633ff..303c834 100644 --- a/lib/browse/BrowseColumns.inc.php +++ b/lib/browse/BrowseColumns.inc.php @@ -107,14 +107,14 @@ class TitleColumn extends BrowseColumn { function renderFolderLink($aDataRow) { $outStr = ''; - $outStr .= $aDataRow["folder"]->getName(); + $outStr .= htmlentities($aDataRow["folder"]->getName(), ENT_NOQUOTES, 'UTF-8'); $outStr .= ' '; return $outStr; } function renderDocumentLink($aDataRow) { $outStr = 'getFilename().'">'; - $outStr .= $aDataRow["document"]->getName(); + $outStr .= htmlentities($aDataRow["document"]->getName(), ENT_NOQUOTES, 'UTF-8'); $outStr .= ''; return $outStr; } diff --git a/templates/kt3/standard_page.smarty b/templates/kt3/standard_page.smarty index 869537b..32772f0 100644 --- a/templates/kt3/standard_page.smarty +++ b/templates/kt3/standard_page.smarty @@ -104,9 +104,9 @@ {if ($page->breadcrumbs !== false)} {foreach item=aCrumb from=$page->breadcrumbs name=bc} {if ($aCrumb.url) } - {$aCrumb.label} + {$aCrumb.label|escape} {else} - {$aCrumb.label} + {$aCrumb.label|escape} {/if} {if (!$smarty.foreach.bc.last)} » diff --git a/templates/kt3/view_document.smarty b/templates/kt3/view_document.smarty index e70d44d..2350ef0 100644 --- a/templates/kt3/view_document.smarty +++ b/templates/kt3/view_document.smarty @@ -1,4 +1,4 @@ -

{$document->getName()}

+

{$document->getName()|escape}

{capture assign=version} {$document->getMajorVersionNumber()}.{$document->getMinorVersionNumber()} {/capture} -- libgit2 0.21.4