Commit 6162d46a authored by Robert Lyon's avatar Robert Lyon Committed by Gerrit Code Review
Browse files

Merge "Bug 1720034: Journal/Journal post title not being escaped in delete...

Merge "Bug 1720034: Journal/Journal post title not being escaped in delete button" into 15.04_STABLE
parents a15466b4 77cc040b
...@@ -417,7 +417,7 @@ class ArtefactTypeBlog extends ArtefactType { ...@@ -417,7 +417,7 @@ class ArtefactTypeBlog extends ArtefactType {
global $THEME; global $THEME;
$confirm = get_string('deleteblog?', 'artefact.blog'); $confirm = get_string('deleteblog?', 'artefact.blog');
$title = hsc($title);
// Check if this blog has posts. // Check if this blog has posts.
$postcnt = count_records_sql(" $postcnt = count_records_sql("
SELECT COUNT(*) SELECT COUNT(*)
...@@ -971,6 +971,7 @@ class ArtefactTypeBlogPost extends ArtefactType { ...@@ -971,6 +971,7 @@ class ArtefactTypeBlogPost extends ArtefactType {
$post = new ArtefactTypeBlogPost($id); $post = new ArtefactTypeBlogPost($id);
$published = $post->published; $published = $post->published;
} }
$title = hsc($title);
if ($published) { if ($published) {
$strchangepoststatus = get_string('unpublish', 'artefact.blog'); $strchangepoststatus = get_string('unpublish', 'artefact.blog');
} }
...@@ -1002,6 +1003,7 @@ class ArtefactTypeBlogPost extends ArtefactType { ...@@ -1002,6 +1003,7 @@ class ArtefactTypeBlogPost extends ArtefactType {
} }
public static function delete_form($id, $title = '') { public static function delete_form($id, $title = '') {
$title = hsc($title);
global $THEME; global $THEME;
return pieform(array( return pieform(array(
'name' => 'delete_' . $id, 'name' => 'delete_' . $id,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment