Commit 18763947 authored by Richard Mansfield's avatar Richard Mansfield

XSS fixes on view view/artefact pages

parent 6398759a
......@@ -6,7 +6,7 @@
<table class="filedata">
<tr><th>{str tag=Type section=artefact.file}:</th><td>{$filetype}</td></tr>
<tr><th>{str tag=Description section=artefact.file}:</th><td>{$description|escape}</td></tr>
<tr><th>{str tag=Owner section=artefact.file}:</th><td>{$owner}</td></tr>
<tr><th>{str tag=Owner section=artefact.file}:</th><td>{$owner|escape}</td></tr>
<tr><th>{str tag=Created section=artefact.file}:</th><td>{$created}</td></tr>
<tr><th>{str tag=lastmodified section=artefact.file}:</th><td>{$modified}</td></tr>
<tr><th>{str tag=Size section=artefact.file}:</th><td>{$size|escape}</td></tr>
......
......@@ -3,8 +3,8 @@
{include file="columnfullstart.tpl"}
<h2>
<a href="{$WWWROOT}view/view.php?id={$viewid}">{$viewtitle}</a>{if $ownername} {str tag=by section=view}
<a href="{$WWWROOT}{$ownerlink}">{$ownername}</a>{/if}{foreach from=$artefactpath item=a}:
<a href="{$WWWROOT}view/view.php?id={$viewid}">{$viewtitle|escape}</a>{if $ownername} {str tag=by section=view}
<a href="{$WWWROOT}{$ownerlink}">{$ownername|escape}</a>{/if}{foreach from=$artefactpath item=a}:
{if $a.url}<a href="{$a.url}">{/if}{$a.title}{if $a.url}</a>{/if}
{/foreach}
</h2>
......
......@@ -2,7 +2,7 @@
{include file="columnfullstart.tpl"}
<h2>{if !$new}<a href="{$WWWROOT}view/view.php?id={$viewid}">{/if}{$viewtitle}{if !$new}</a>{/if}{if $ownername} {str tag=by section=view} <a href="{$WWWROOT}{$ownerlink}">{$ownername}</a>{/if}</h2>
<h2>{if !$new}<a href="{$WWWROOT}view/view.php?id={$viewid}">{/if}{$viewtitle|escape}{if !$new}</a>{/if}{if $ownername} {str tag=by section=view} <a href="{$WWWROOT}{$ownerlink}">{$ownername|escape}</a>{/if}</h2>
{if $can_edit}
<div class="fr editview">
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment