Add html escaping

2026-01-22 19:18:40 +00:00 · 2017-07-24 20:48:22 +02:00 · 2017-07-24 20:48:22 +02:00 · 746803e7ae
commit 746803e7ae
parent e674923223
3 changed files with 22 additions and 22 deletions
--- a/Theme/Backend/draw-create.tpl.php
+++ b/Theme/Backend/draw-create.tpl.php
@ -23,7 +23,7 @@ echo $this->getData('nav')->render(); ?>
        <section class="box wf-100">
            <div class="inner">
                <form id="drawForm" action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/draw?{?}&csrf={$CSRF}'); ?>" method="POST">
-                    <input type="text" id="iTitle" name="title" class="wf-100"><input type="submit" value="<?= $this->getText('Create', 0, 0); ?>">
+                    <input type="text" id="iTitle" name="title" class="wf-100"><input type="submit" value="<?= $this->getHtml('Create', 0, 0); ?>">
                </form>
            </div>
        </section>
@ -35,8 +35,8 @@ echo $this->getData('nav')->render(); ?>
        <div class="box wf-100">
            <div class="tabular">
                <ul class="tab-links">
-                    <li><label for="c-tab-1"><?= $this->getText('Start') ?></label>
-                    <li><label for="c-tab-2"><?= $this->getText('Layout') ?></label>
+                    <li><label for="c-tab-1"><?= $this->getHtml('Start'); ?></label>
+                    <li><label for="c-tab-2"><?= $this->getHtml('Layout'); ?></label>
                </ul>
                <div class="tab-content">
                    <input type="radio" id="c-tab-1" name="tabular-1" checked>
@ -85,12 +85,12 @@ echo $this->getData('nav')->render(); ?>
            <div class="inner">
                <form>
                    <table class="layout">
-                        <tr><td colspan="2"><label><?= $this->getText('Permission') ?></label>
+                        <tr><td colspan="2"><label><?= $this->getHtml('Permission'); ?></label>
                        <tr><td><select>
                                    <option>
                                </select>
-                        <tr><td colspan="2"><label><?= $this->getText('GroupUser') ?></label>
-                        <tr><td><input id="iPermission" name="group" type="text" placeholder="&#xf084;"><td><button><?= $this->getText('Add', 0, 0) ?></button>
+                        <tr><td colspan="2"><label><?= $this->getHtml('GroupUser'); ?></label>
+                        <tr><td><input id="iPermission" name="group" type="text" placeholder="&#xf084;"><td><button><?= $this->getHtml('Add', 0, 0); ?></button>
                    </table>
                </form>
            </div>
--- a/Theme/Backend/draw-list.tpl.php
+++ b/Theme/Backend/draw-list.tpl.php
@ -28,25 +28,25 @@ echo $this->getData('nav')->render(); ?>
    <div class="col-xs-12">
        <div class="box wf-100">
            <table class="table red">
-                <caption><?= $this->getText('Images'); ?></caption>
+                <caption><?= $this->getHtml('Images') ?></caption>
                <thead>
                <tr>
-                    <td class="wf-100"><?= $this->getText('Name'); ?>
-                    <td><?= $this->getText('Creator'); ?>
-                    <td><?= $this->getText('Created'); ?>
+                    <td class="wf-100"><?= $this->getHtml('Name') ?>
+                    <td><?= $this->getHtml('Creator') ?>
+                    <td><?= $this->getHtml('Created') ?>
                <tfoot>
                <tr>
-                    <td colspan="3"><?= $footerView->render(); ?>
+                    <td colspan="3"><?= htmlspecialchars($footerView->render(), ENT_COMPAT, 'utf-8'); ?>
                <tbody>
                <?php $count = 0; foreach($images as $key => $value) : $count++;
                $url = \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/backend/draw/single?{?}&id=' . $value->getId()); ?>
                    <tr>
-                        <td><a href="<?= $url; ?>"><?= $value->getMedia()->getName(); ?></a>
-                        <td><a href="<?= $url; ?>"><?= $value->getMedia()->getCreatedBy(); ?></a>
-                        <td><a href="<?= $url; ?>"><?= $value->getMedia()->getCreatedAt()->format('Y-m-d'); ?></a>
+                        <td><a href="<?= $url; ?>"><?= htmlspecialchars($value->getMedia()->getName(), ENT_COMPAT, 'utf-8'); ?></a>
+                        <td><a href="<?= $url; ?>"><?= htmlspecialchars($value->getMedia()->getCreatedBy(), ENT_COMPAT, 'utf-8'); ?></a>
+                        <td><a href="<?= $url; ?>"><?= htmlspecialchars($value->getMedia()->getCreatedAt()->format('Y-m-d'), ENT_COMPAT, 'utf-8'); ?></a>
                <?php endforeach; ?>
                <?php if($count === 0) : ?>
-                <tr><td colspan="5" class="empty"><?= $this->getText('Empty', 0, 0); ?>
+                <tr><td colspan="5" class="empty"><?= $this->getHtml('Empty', 0, 0); ?>
                        <?php endif; ?>
            </table>
        </div>
--- a/Theme/Backend/draw-single.tpl.php
+++ b/Theme/Backend/draw-single.tpl.php
@ -25,7 +25,7 @@ echo $this->getData('nav')->render(); ?>
        <section class="box wf-100">
            <div class="inner">
                <form id="drawForm" action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/draw?{?}&csrf={$CSRF}'); ?>" method="POST">
-                    <input type="text" id="iTitle" name="title" class="wf-100" value="<?= $image->getMedia()->getName(); ?>"><input type="submit" value="<?= $this->getText('Save', 0, 0); ?>">
+                    <input type="text" id="iTitle" name="title" class="wf-100" value="<?= htmlspecialchars($image->getMedia()->getName(), ENT_COMPAT, 'utf-8'); ?>"><input type="submit" value="<?= $this->getHtml('Save', 0, 0); ?>">
                </form>
            </div>
        </section>
@ -37,8 +37,8 @@ echo $this->getData('nav')->render(); ?>
        <div class="box wf-100">
            <div class="tabular">
                <ul class="tab-links">
-                    <li><label for="c-tab-1"><?= $this->getText('Start') ?></label>
-                    <li><label for="c-tab-2"><?= $this->getText('Layout') ?></label>
+                    <li><label for="c-tab-1"><?= $this->getHtml('Start'); ?></label>
+                    <li><label for="c-tab-2"><?= $this->getHtml('Layout'); ?></label>
                </ul>
                <div class="tab-content">
                    <input type="radio" id="c-tab-1" name="tabular-1" checked>
@ -74,7 +74,7 @@ echo $this->getData('nav')->render(); ?>
        <div class="m-draw">
            <section class="box wf-100" style="height: 30%;">
                <div class="inner resizable">
-                    <canvas data-src="<?= $this->request->getUri()->getBase() . $image->getMedia()->getPath(); ?>" id="canvasImage resizable" name="image" form="drawForm"></canvas>
+                    <canvas data-src="<?= htmlspecialchars($this->request->getUri()->getBase() . $image->getMedia()->getPath(), ENT_COMPAT, 'utf-8'); ?>" id="canvasImage resizable" name="image" form="drawForm"></canvas>
                </div>
            </section>
        </div>
@ -87,12 +87,12 @@ echo $this->getData('nav')->render(); ?>
            <div class="inner">
                <form>
                    <table class="layout">
-                        <tr><td colspan="2"><label><?= $this->getText('Permission') ?></label>
+                        <tr><td colspan="2"><label><?= $this->getHtml('Permission'); ?></label>
                        <tr><td><select>
                                    <option>
                                </select>
-                        <tr><td colspan="2"><label><?= $this->getText('GroupUser') ?></label>
-                        <tr><td><input id="iPermission" name="group" type="text" placeholder="&#xf084;"><td><button><?= $this->getText('Add', 0, 0) ?></button>
+                        <tr><td colspan="2"><label><?= $this->getHtml('GroupUser'); ?></label>
+                        <tr><td><input id="iPermission" name="group" type="text" placeholder="&#xf084;"><td><button><?= $this->getHtml('Add', 0, 0); ?></button>
                    </table>
                </form>
            </div>