KTS-825: Escape entities in document or folder name in TitleColumn,

document view, and breadcrumbs. git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@5415 c91229c3-7414-0410-bfa2-8a42b809f60b

KTS-825: Escape entities in document or folder name in TitleColumn,
document view, and breadcrumbs. git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@5415 c91229c3-7414-0410-bfa2-8a42b809f60b
nbm
1 parent c32cc5ae
Showing 3 changed files with 5 additions and 5 deletions
lib/browse/BrowseColumns.inc.php
templates/kt3/standard_page.smarty
templates/kt3/view_document.smarty
@@ -107,14 +107,14 @@ class TitleColumn extends BrowseColumn {
     function renderFolderLink($aDataRow) {
         $outStr = '<a href="' . $this->buildFolderLink($aDataRow) . '">';
-        $outStr .= $aDataRow["folder"]->getName();
+        $outStr .= htmlentities($aDataRow["folder"]->getName(), ENT_NOQUOTES, 'UTF-8');
         $outStr .= '</a> ';
         return $outStr;
     }
     function renderDocumentLink($aDataRow) {
         $outStr = '<a href="' . $this->buildDocumentLink($aDataRow) . '" title="' . $aDataRow["document"]->getFilename().'">';
-        $outStr .= $aDataRow["document"]->getName();
+        $outStr .= htmlentities($aDataRow["document"]->getName(), ENT_NOQUOTES, 'UTF-8');
         $outStr .= '</a>';
         return $outStr;
     }
@@ -104,9 +104,9 @@
 {if ($page->breadcrumbs !== false)}
   {foreach item=aCrumb from=$page->breadcrumbs name=bc}
      {if ($aCrumb.url) }
-        <a href="{$aCrumb.url}">{$aCrumb.label}</a> 
+        <a href="{$aCrumb.url}">{$aCrumb.label|escape}</a> 
      {else}
-        <span>{$aCrumb.label}</span> 
+        <span>{$aCrumb.label|escape}</span> 
      {/if}
      {if (!$smarty.foreach.bc.last)}
         &raquo;
-<h2>{$document->getName()}</h2>
+<h2>{$document->getName()|escape}</h2>
 {capture assign=version}
 {$document->getMajorVersionNumber()}.{$document->getMinorVersionNumber()}
 {/capture}