Commit 8926222c authored by Robert Lyon's avatar Robert Lyon Committed by Gerrit Code Review
Browse files

Merge "Bug 1720034: Journal/Journal post title not being escaped in delete button"

parents 629e1a91 c367be4d
...@@ -557,7 +557,7 @@ class ArtefactTypeBlog extends ArtefactType { ...@@ -557,7 +557,7 @@ class ArtefactTypeBlog extends ArtefactType {
global $THEME; global $THEME;
$confirm = get_string('deleteblog?', 'artefact.blog'); $confirm = get_string('deleteblog?', 'artefact.blog');
$title = hsc($title);
// Check if this blog has posts. // Check if this blog has posts.
$postcnt = count_records_sql(" $postcnt = count_records_sql("
SELECT COUNT(*) SELECT COUNT(*)
...@@ -1181,6 +1181,7 @@ class ArtefactTypeBlogPost extends ArtefactType { ...@@ -1181,6 +1181,7 @@ class ArtefactTypeBlogPost extends ArtefactType {
$published = empty($published) ? $post->published : $published; $published = empty($published) ? $post->published : $published;
$title = empty($title) ? $post->title : $title; $title = empty($title) ? $post->title : $title;
} }
$title = hsc($title);
if ($published) { if ($published) {
$strchangepoststatus = '<span class="icon icon-times icon-lg left text-danger" role="presentation" aria-hidden="true"></span><span class="sr-only">' . get_string('unpublishspecific', 'artefact.blog', $title) . '</span> ' . get_string('unpublish', 'artefact.blog'); $strchangepoststatus = '<span class="icon icon-times icon-lg left text-danger" role="presentation" aria-hidden="true"></span><span class="sr-only">' . get_string('unpublishspecific', 'artefact.blog', $title) . '</span> ' . get_string('unpublish', 'artefact.blog');
} }
...@@ -1212,6 +1213,7 @@ class ArtefactTypeBlogPost extends ArtefactType { ...@@ -1212,6 +1213,7 @@ class ArtefactTypeBlogPost extends ArtefactType {
} }
public static function delete_form($id, $title = '') { public static function delete_form($id, $title = '') {
$title = hsc($title);
global $THEME; global $THEME;
return pieform(array( return pieform(array(
'name' => 'delete_' . $id, 'name' => 'delete_' . $id,
......
...@@ -234,7 +234,7 @@ function changepoststatus_submit(Pieform $form, $values) { ...@@ -234,7 +234,7 @@ function changepoststatus_submit(Pieform $form, $values) {
'message' => $strmessage, 'message' => $strmessage,
'goto' => get_config('wwwroot') . 'artefact/blog/view/index.php?id=' . $blogpost->get('parent'), 'goto' => get_config('wwwroot') . 'artefact/blog/view/index.php?id=' . $blogpost->get('parent'),
'id' => $values['changepoststatus'], 'id' => $values['changepoststatus'],
'title' => $blogpost->get('title'), 'title' => hsc($blogpost->get('title')),
)); ));
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment