Commit 77cc040b authored by Robert Lyon's avatar Robert Lyon
Browse files

Bug 1720034: Journal/Journal post title not being escaped in delete button



behatnotneeded

Change-Id: I6f0c82a74e0d60614230aac1d4fc3884eae387a5
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
(cherry picked from commit c367be4d)
(cherry picked from commit 465b7df2)
parent 6cb55c8d
...@@ -417,7 +417,7 @@ class ArtefactTypeBlog extends ArtefactType { ...@@ -417,7 +417,7 @@ class ArtefactTypeBlog extends ArtefactType {
global $THEME; global $THEME;
$confirm = get_string('deleteblog?', 'artefact.blog'); $confirm = get_string('deleteblog?', 'artefact.blog');
$title = hsc($title);
// Check if this blog has posts. // Check if this blog has posts.
$postcnt = count_records_sql(" $postcnt = count_records_sql("
SELECT COUNT(*) SELECT COUNT(*)
...@@ -971,6 +971,7 @@ class ArtefactTypeBlogPost extends ArtefactType { ...@@ -971,6 +971,7 @@ class ArtefactTypeBlogPost extends ArtefactType {
$post = new ArtefactTypeBlogPost($id); $post = new ArtefactTypeBlogPost($id);
$published = $post->published; $published = $post->published;
} }
$title = hsc($title);
if ($published) { if ($published) {
$strchangepoststatus = get_string('unpublish', 'artefact.blog'); $strchangepoststatus = get_string('unpublish', 'artefact.blog');
} }
...@@ -1002,6 +1003,7 @@ class ArtefactTypeBlogPost extends ArtefactType { ...@@ -1002,6 +1003,7 @@ class ArtefactTypeBlogPost extends ArtefactType {
} }
public static function delete_form($id, $title = '') { public static function delete_form($id, $title = '') {
$title = hsc($title);
global $THEME; global $THEME;
return pieform(array( return pieform(array(
'name' => 'delete_' . $id, 'name' => 'delete_' . $id,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment