Commit ee39b8a2ce31b732afe6e64d26d365337650f8d2
1 parent
4212e9cd
KTS-2873
"Double quote (") is not accepted as valid input for metadata when the name of a Lookup field or a Tree field has a Double quote in."
Fixed. The values in the sub categories needed to be htmlentities().
Committed by: Megan Watson
Reviewed by: Jonathan Byrne
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@8163 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
3 additions
and
2 deletions
lib/documentmanagement/MDTree.inc
| @@ -289,7 +289,7 @@ class MDTree { | @@ -289,7 +289,7 @@ class MDTree { | ||
| 289 | $extraclass = ' inactive'; | 289 | $extraclass = ' inactive'; |
| 290 | } | 290 | } |
| 291 | 291 | ||
| 292 | - $treeStr .= '<li class="treenode' . $extraclass . '"><a class="pathnode" onclick="toggleElementClass(\'active\', this.parentNode);toggleElementClass(\'inactive\', this.parentNode);">' . $treeToRender->mapnodes[$subnode_val]->getName() . '</a>'; | 292 | + $treeStr .= '<li class="treenode' . $extraclass . '"><a class="pathnode" onclick="toggleElementClass(\'active\', this.parentNode);toggleElementClass(\'inactive\', this.parentNode);">' . htmlentities($treeToRender->mapnodes[$subnode_val]->getName()) . '</a>'; |
| 293 | $treeStr .= $this->_evilTreeRecursion($subnode_val, $treeToRender, $inputname); | 293 | $treeStr .= $this->_evilTreeRecursion($subnode_val, $treeToRender, $inputname); |
| 294 | $treeStr .= '</li>'; | 294 | $treeStr .= '</li>'; |
| 295 | } | 295 | } |
| @@ -301,7 +301,8 @@ class MDTree { | @@ -301,7 +301,8 @@ class MDTree { | ||
| 301 | if ($leaf === $this->activevalue) { | 301 | if ($leaf === $this->activevalue) { |
| 302 | $is_selected=' checked="checked"'; | 302 | $is_selected=' checked="checked"'; |
| 303 | } | 303 | } |
| 304 | - $treeStr .= '<li class="leafnode"><input type="radio" name="'.$inputname.'" value="'.$treeToRender->lookups[$leaf]->getName().'" '.$is_selected.'>' . $treeToRender->lookups[$leaf]->getName() .'</input>'; | 304 | + $sValue = htmlentities($treeToRender->lookups[$leaf]->getName()); |
| 305 | + $treeStr .= '<li class="leafnode"><input type="radio" name="'.$inputname.'" value="'.$sValue.'" '.$is_selected.'>' . $sValue .'</input>'; | ||
| 305 | $treeStr .= '</li>'; } | 306 | $treeStr .= '</li>'; } |
| 306 | } | 307 | } |
| 307 | } | 308 | } |