composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

N°2313 - Markup extensibility: Fix raw value and attribute label not always being escaped

Browse Source
This commit is contained in:
Molkobain
2020-01-24 17:38:18 +01:00
parent 27f343e543
commit 5485897bbb
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
application/webpage.class.inc.php
View File

@@ -511,7 +511,7 @@ class WebPage implements Page
$sDataAttributeCode = isset($aAttrib['attcode']) ? 'data-attribute-code="'.$aAttrib['attcode'].'"' : '';
$sDataAttributeType = isset($aAttrib['atttype']) ? 'data-attribute-type="'.$aAttrib['atttype'].'"' : '';
$sDataAttributeLabel = isset($aAttrib['attlabel']) ? 'data-attribute-label="'.utils::HtmlEntities($aAttrib['attlabel']).'"' : '';
$sDataValueRaw = isset($aAttrib['value_raw']) ? 'data-value-raw="'.$aAttrib['value_raw'].'"' : '';
$sDataValueRaw = isset($aAttrib['value_raw']) ? 'data-value-raw="'.utils::HtmlEntities($aAttrib['value_raw']).'"' : '';
$sHtml .= "<div class=\"field_container field_{$sLayout}\" $sDataAttributeCode $sDataAttributeType $sDataAttributeLabel $sDataValueRaw>\n";
$sHtml .= "<div class=\"field_label label\">{$aAttrib['label']}</div>\n";

4
core/attributedef.class.inc.php
View File

@@ -1032,10 +1032,10 @@ abstract class AttributeDefinition
// Metadata
$oFormField->AddMetadata('attribute-code', $this->GetCode());
$oFormField->AddMetadata('attribute-type', get_class($this));
$oFormField->AddMetadata('attribute-label', $this->GetLabel());
$oFormField->AddMetadata('attribute-label', utils::HtmlEntities($this->GetLabel()));
if ($this::IsScalar())
{
$oFormField->AddMetadata('value-raw', $oObject->Get($this->GetCode()));
$oFormField->AddMetadata('value-raw', utils::HtmlEntities($oObject->Get($this->GetCode())));
}
return $oFormField;