Commit 7a550820 authored by Robert Lyon's avatar Robert Lyon

Bug 1719480: Need to escape displayname in elasticsearch templates

Change-Id: I663f6ffde03b6b3504d49a767ac0ff55d0ab8437
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
(cherry picked from commit 056d42fc)
(cherry picked from commit 5b0b1f07)
parent e64c164d
......@@ -36,7 +36,7 @@
{/if}
</span></h3>
{if $record->createdbyname}
<div class="createdby">{str tag=createdby section=search.elasticsearch arg1='<a href="`$record->createdby|profile_url`">`$record->createdbyname|safe`</a>'}</div>
<div class="createdby">{str tag=createdby section=search.elasticsearch arg1='<a href="`$record->createdby|profile_url`">`$record->createdbyname`</a>'}</div>
{/if}
<div class="detail">{$record->description|str_shorten_html:100:true|safe}</div>
<!-- RESUMEITEMS -->
......
......@@ -3,7 +3,7 @@
{else}
<h3 class="title"><a href="{$WWWROOT}view/view.php?id={$record->viewid}">{$record->name}</a> <span class="artefacttype">({str tag=collection section=search.elasticsearch})</span></h3>
{if $record->createdbyname}
<div class="createdby">{str tag=createdby section=search.elasticsearch arg1='<a href="`$record->createdby|profile_url}">`$record->createdbyname|safe`</a>'}</div>
<div class="createdby">{str tag=createdby section=search.elasticsearch arg1='<a href="`$record->createdby|profile_url}">`$record->createdbyname`</a>'}</div>
{/if}
<div class="detail">{$record->description|str_shorten_html:140:true|safe}</div>
<div class="tags"><strong>{str tag=pages section=search.elasticsearch}:</strong>
......
......@@ -7,7 +7,7 @@
{if $record->anonymise}
{str tag=createdbyanon section=search.elasticsearch}
{else}
{str tag=createdby section=search.elasticsearch arg1='<a href="`$record->createdby|profile_url`">`$record->createdbyname|safe`</a>'}
{str tag=createdby section=search.elasticsearch arg1='<a href="`$record->createdby|profile_url`">`$record->createdbyname`</a>'}
{/if}
</div>
{/if}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment