Commit 039bbd9b authored by Robert Lyon's avatar Robert Lyon

Bug 1720034: Journal/Journal post title not being escaped in delete button

behatnotneeded

Change-Id: I6f0c82a74e0d60614230aac1d4fc3884eae387a5
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
(cherry picked from commit c367be4d)
(cherry picked from commit 465b7df2)
parent 644b4f23
......@@ -557,7 +557,7 @@ class ArtefactTypeBlog extends ArtefactType {
global $THEME;
$confirm = get_string('deleteblog?', 'artefact.blog');
$title = hsc($title);
// Check if this blog has posts.
$postcnt = count_records_sql("
SELECT COUNT(*)
......@@ -1181,6 +1181,7 @@ class ArtefactTypeBlogPost extends ArtefactType {
$published = empty($published) ? $post->published : $published;
$title = empty($title) ? $post->title : $title;
}
$title = hsc($title);
if ($published) {
$strchangepoststatus = '<span class="icon icon-times icon-lg left text-danger" role="presentation" aria-hidden="true"></span><span class="sr-only">' . get_string('unpublishspecific', 'artefact.blog', $title) . '</span> ' . get_string('unpublish', 'artefact.blog');
}
......@@ -1212,6 +1213,7 @@ class ArtefactTypeBlogPost extends ArtefactType {
}
public static function delete_form($id, $title = '') {
$title = hsc($title);
global $THEME;
return pieform(array(
'name' => 'delete_' . $id,
......
......@@ -234,7 +234,7 @@ function changepoststatus_submit(Pieform $form, $values) {
'message' => $strmessage,
'goto' => get_config('wwwroot') . 'artefact/blog/view/index.php?id=' . $blogpost->get('parent'),
'id' => $values['changepoststatus'],
'title' => $blogpost->get('title'),
'title' => hsc($blogpost->get('title')),
));
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment