Commit 3d9d5a43 authored by Robert Lyon's avatar Robert Lyon

Bug 1720034: Journal/Journal post title not being escaped in delete button

behatnotneeded

Change-Id: I6f0c82a74e0d60614230aac1d4fc3884eae387a5
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
(cherry picked from commit c367be4d)
(cherry picked from commit 465b7df2)
parent fdc23f0b
......@@ -514,7 +514,7 @@ class ArtefactTypeBlog extends ArtefactType {
global $THEME;
$confirm = get_string('deleteblog?', 'artefact.blog');
$title = hsc($title);
// Check if this blog has posts.
$postcnt = count_records_sql("
SELECT COUNT(*)
......@@ -1127,6 +1127,7 @@ class ArtefactTypeBlogPost extends ArtefactType {
$post = new ArtefactTypeBlogPost($id);
$published = $post->published;
}
$title = hsc($title);
if ($published) {
$strchangepoststatus = '<span class="icon icon-times icon-lg left text-danger" role="presentation" aria-hidden="true"></span> ' .get_string('unpublish', 'artefact.blog');
}
......@@ -1158,6 +1159,7 @@ class ArtefactTypeBlogPost extends ArtefactType {
}
public static function delete_form($id, $title = '') {
$title = hsc($title);
global $THEME;
return pieform(array(
'name' => 'delete_' . $id,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment