KTC-475

"Workflow with '''Â´`""\/:&;!.~,$%()|<>#= in its name, transition names and state names appear incorrect on the second page of the Workflow creation wizard." Fixed. The input name and values needed to be sanitised. Committed by: Megan Watson Reviewed by: Jonathan Byrne git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/STABLE/branches/3.5.2c-Release-Branch@8471 c91229c3-7414-0410-bfa2-8a42b809f60b

KTC-475
"Workflow with '''Â´`""\/:&;!.~,$%()|<>#= in its name, transition names and state names appear incorrect on the second page of the Workflow creation wizard." Fixed. The input name and values needed to be sanitised. Committed by: Megan Watson Reviewed by: Jonathan Byrne git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/STABLE/branches/3.5.2c-Release-Branch@8471 c91229c3-7414-0410-bfa2-8a42b809f60b
megan_w
1 parent 9001d669
Showing 1 changed file with 9 additions and 9 deletions
templates/ktcore/workflow/admin/new_wizard_step2.smarty
@@ -14,30 +14,30 @@ states.  Use the table below to configure this behaviour.{/i18n}&lt;/p&gt;
         <thead>
             <tr>
                 <th>{i18n}Transition{/i18n}</th>
-                <th>{i18n}Leads to state{/i18n}</th>                
+                <th>{i18n}Leads to state{/i18n}</th>
                 {foreach from=$states item=state}
-                <th>{$state}</th>                
-                {/foreach}                
+                <th>{$state}</th>
+                {/foreach}
             </tr>
         </thead>
         <tbody>
             {foreach from=$transitions item=transition}
                 <tr class="row {cycle values=odd,even}">
                     <td>{$transition}</td>
-                    <td><select name="fTo[{$transition}]">
+                    <td><select name="fTo[{$transition|sanitize}]">
                         {foreach from=$states item=state}
-                            <option value="{$state}">{$state}</option>
+                            <option value="{$state|sanitize}">{$state}</option>
                         {/foreach}
-                    </select></td>     
+                    </select></td>
                     {foreach from=$states item=state}
-                        <td><input type="checkbox" name="fFrom[{$transition}][{$state}]"/></td>
-                    {/foreach}               
+                        <td><input type="checkbox" name="fFrom[{$transition|sanitize}][{$state|sanitize}]"/></td>
+                    {/foreach}
                 </tr>
             {/foreach}
         </tbody>
     </table>
     </div>
-    
+
     <div class="form_actions">
         <input type="submit" value="{i18n}Create Workflow{/i18n}" />
         <a href="{$smarty.server.PHP_SELF}">{i18n}Cancel{/i18n}</a>