Commit 18763947 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

XSS fixes on view view/artefact pages

parent 6398759a
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
<table class="filedata"> <table class="filedata">
<tr><th>{str tag=Type section=artefact.file}:</th><td>{$filetype}</td></tr> <tr><th>{str tag=Type section=artefact.file}:</th><td>{$filetype}</td></tr>
<tr><th>{str tag=Description section=artefact.file}:</th><td>{$description|escape}</td></tr> <tr><th>{str tag=Description section=artefact.file}:</th><td>{$description|escape}</td></tr>
<tr><th>{str tag=Owner section=artefact.file}:</th><td>{$owner}</td></tr> <tr><th>{str tag=Owner section=artefact.file}:</th><td>{$owner|escape}</td></tr>
<tr><th>{str tag=Created section=artefact.file}:</th><td>{$created}</td></tr> <tr><th>{str tag=Created section=artefact.file}:</th><td>{$created}</td></tr>
<tr><th>{str tag=lastmodified section=artefact.file}:</th><td>{$modified}</td></tr> <tr><th>{str tag=lastmodified section=artefact.file}:</th><td>{$modified}</td></tr>
<tr><th>{str tag=Size section=artefact.file}:</th><td>{$size|escape}</td></tr> <tr><th>{str tag=Size section=artefact.file}:</th><td>{$size|escape}</td></tr>
......
...@@ -3,8 +3,8 @@ ...@@ -3,8 +3,8 @@
{include file="columnfullstart.tpl"} {include file="columnfullstart.tpl"}
<h2> <h2>
<a href="{$WWWROOT}view/view.php?id={$viewid}">{$viewtitle}</a>{if $ownername} {str tag=by section=view} <a href="{$WWWROOT}view/view.php?id={$viewid}">{$viewtitle|escape}</a>{if $ownername} {str tag=by section=view}
<a href="{$WWWROOT}{$ownerlink}">{$ownername}</a>{/if}{foreach from=$artefactpath item=a}: <a href="{$WWWROOT}{$ownerlink}">{$ownername|escape}</a>{/if}{foreach from=$artefactpath item=a}:
{if $a.url}<a href="{$a.url}">{/if}{$a.title}{if $a.url}</a>{/if} {if $a.url}<a href="{$a.url}">{/if}{$a.title}{if $a.url}</a>{/if}
{/foreach} {/foreach}
</h2> </h2>
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
{include file="columnfullstart.tpl"} {include file="columnfullstart.tpl"}
<h2>{if !$new}<a href="{$WWWROOT}view/view.php?id={$viewid}">{/if}{$viewtitle}{if !$new}</a>{/if}{if $ownername} {str tag=by section=view} <a href="{$WWWROOT}{$ownerlink}">{$ownername}</a>{/if}</h2> <h2>{if !$new}<a href="{$WWWROOT}view/view.php?id={$viewid}">{/if}{$viewtitle|escape}{if !$new}</a>{/if}{if $ownername} {str tag=by section=view} <a href="{$WWWROOT}{$ownerlink}">{$ownername|escape}</a>{/if}</h2>
{if $can_edit} {if $can_edit}
<div class="fr editview"> <div class="fr editview">
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment