Peter M. Groen / knowledgetree

Commit ee39b8a2ce31b732afe6e64d26d365337650f8d2

Authored by megan_w
1 parent 4212e9cd

KTS-2873 

"Double quote (") is not accepted as valid input for metadata when the name of a Lookup field or a Tree field has a Double quote in."
Fixed. The values in the sub categories needed to be htmlentities().

Committed by: Megan Watson
Reviewed by: Jonathan Byrne



git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@8163 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 3 additions and 2 deletions
lib/documentmanagement/MDTree.inc
  View file @ee39b8a
... ... @@ -289,7 +289,7 @@ class MDTree {
289 289 $extraclass = ' inactive';
290 290 }
291 291  
292   - $treeStr .= '<li class="treenode' . $extraclass . '"><a class="pathnode" onclick="toggleElementClass(\'active\', this.parentNode);toggleElementClass(\'inactive\', this.parentNode);">' . $treeToRender->mapnodes[$subnode_val]->getName() . '</a>';
  292 + $treeStr .= '<li class="treenode' . $extraclass . '"><a class="pathnode" onclick="toggleElementClass(\'active\', this.parentNode);toggleElementClass(\'inactive\', this.parentNode);">' . htmlentities($treeToRender->mapnodes[$subnode_val]->getName()) . '</a>';
293 293 $treeStr .= $this->_evilTreeRecursion($subnode_val, $treeToRender, $inputname);
294 294 $treeStr .= '</li>';
295 295 }
... ... @@ -301,7 +301,8 @@ class MDTree {
301 301 if ($leaf === $this->activevalue) {
302 302 $is_selected=' checked="checked"';
303 303 }
304   - $treeStr .= '<li class="leafnode"><input type="radio" name="'.$inputname.'" value="'.$treeToRender->lookups[$leaf]->getName().'" '.$is_selected.'>' . $treeToRender->lookups[$leaf]->getName() .'</input>';
  304 + $sValue = htmlentities($treeToRender->lookups[$leaf]->getName());
  305 + $treeStr .= '<li class="leafnode"><input type="radio" name="'.$inputname.'" value="'.$sValue.'" '.$is_selected.'>' . $sValue .'</input>';
305 306 $treeStr .= '</li>'; }
306 307 }
307 308 }
... ...