From 9cffac45f14d38e39b56c523c8caeea4aa137ca5 Mon Sep 17 00:00:00 2001
From: Demian Katz <demian.katz@villanova.edu>
Date: Mon, 4 Aug 2014 11:36:26 -0400
Subject: [PATCH] Fixed escaping problems.

---
 themes/blueprint/templates/RecordDriver/EDS/core.phtml        | 4 ++--
 themes/blueprint/templates/RecordDriver/EDS/result-list.phtml | 2 +-
 themes/bootstrap/templates/RecordDriver/EDS/core.phtml        | 4 ++--
 themes/bootstrap/templates/RecordDriver/EDS/result-list.phtml | 2 +-
 themes/bootstrap3/templates/RecordDriver/EDS/core.phtml       | 4 ++--
 .../bootstrap3/templates/RecordDriver/EDS/result-list.phtml   | 2 +-
 themes/jquerymobile/templates/RecordDriver/EDS/core.phtml     | 4 ++--
 7 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/themes/blueprint/templates/RecordDriver/EDS/core.phtml b/themes/blueprint/templates/RecordDriver/EDS/core.phtml
index bcbad12e7e6..79fa1d3bf10 100644
--- a/themes/blueprint/templates/RecordDriver/EDS/core.phtml
+++ b/themes/blueprint/templates/RecordDriver/EDS/core.phtml
@@ -65,7 +65,7 @@
     <? $pLink = $this->driver->getPLink();
         if($pLink): ?>
       <span>
-        <a href="<?=$pLink?>">
+        <a href="<?=$this->escapeHtmlAttr($pLink)?>">
           <?=$this->transEsc('View in EDS')?>
         </a>
       </span><br />
@@ -94,7 +94,7 @@
             $icon = isset ($customLink['Icon']) ? $customLink['Icon'] : '';
             $name = isset($customLink['Name']) ? $customLink['Name'] : '';?>
         <span>
-          <a href="<?=$url?>" target="_blank" title="<?=$mot?>" class="custom-link">
+          <a href="<?=$this->escapeHtmlAttr($url)?>" target="_blank" title="<?=$mot?>" class="custom-link">
             <? if ($icon): ?><img src="<?=$icon?>" /><? endif; ?><?=$name?>
           </a>
         </span><br />
diff --git a/themes/blueprint/templates/RecordDriver/EDS/result-list.phtml b/themes/blueprint/templates/RecordDriver/EDS/result-list.phtml
index 1c3b59d0be5..ebfe35f8f8c 100644
--- a/themes/blueprint/templates/RecordDriver/EDS/result-list.phtml
+++ b/themes/blueprint/templates/RecordDriver/EDS/result-list.phtml
@@ -54,7 +54,7 @@
             $icon = isset ($customLink['Icon']) ? $customLink['Icon'] : '';
             $name = isset($customLink['Name']) ? $customLink['Name'] : '';?>
         <span>
-          <a href="<?=$url?>" target="_blank" title="<?=$mot?>" class="custom-link">
+          <a href="<?=$this->escapeHtmlAttr($url)?>" target="_blank" title="<?=$mot?>" class="custom-link">
             <? if ($icon): ?><img src="<?=$icon?>" /><? endif; ?><?=$name?>
           </a>
         </span>
diff --git a/themes/bootstrap/templates/RecordDriver/EDS/core.phtml b/themes/bootstrap/templates/RecordDriver/EDS/core.phtml
index 9479852c8bd..747833f2d14 100644
--- a/themes/bootstrap/templates/RecordDriver/EDS/core.phtml
+++ b/themes/bootstrap/templates/RecordDriver/EDS/core.phtml
@@ -25,7 +25,7 @@
       <? $pLink = $this->driver->getPLink();
           if($pLink): ?>
         <span>
-          <a href="<?=$pLink?>">
+          <a href="<?=$this->escapeHtmlAttr($pLink)?>">
             <?=$this->transEsc('View in EDS')?>
           </a>
         </span><br />
@@ -54,7 +54,7 @@
               $icon = isset ($customLink['Icon']) ? $customLink['Icon'] : '';
               $name = isset($customLink['Name']) ? $customLink['Name'] : '';?>
           <span>
-            <a href="<?=$url?>" target="_blank" title="<?=$mot?>" class="custom-link">
+            <a href="<?=$this->escapeHtmlAttr($url)?>" target="_blank" title="<?=$mot?>" class="custom-link">
               <? if ($icon): ?><img src="<?=$icon?>" /> <? endif; ?><?=$name?>
             </a>
           </span><br />
diff --git a/themes/bootstrap/templates/RecordDriver/EDS/result-list.phtml b/themes/bootstrap/templates/RecordDriver/EDS/result-list.phtml
index 2e1401e47ae..a2cdf646b58 100644
--- a/themes/bootstrap/templates/RecordDriver/EDS/result-list.phtml
+++ b/themes/bootstrap/templates/RecordDriver/EDS/result-list.phtml
@@ -53,7 +53,7 @@
           $icon = isset ($customLink['Icon']) ? $customLink['Icon'] : '';
           $name = isset($customLink['Name']) ? $customLink['Name'] : '';?>
       <span>
-        <a href="<?=$url?>" target="_blank" title="<?=$mot?>" class="custom-link">
+        <a href="<?=$this->escapeHtmlAttr($url)?>" target="_blank" title="<?=$mot?>" class="custom-link">
           <? if ($icon): ?><img src="<?=$icon?>" /> <? endif; ?><?=$name?>
         </a>
       </span>
diff --git a/themes/bootstrap3/templates/RecordDriver/EDS/core.phtml b/themes/bootstrap3/templates/RecordDriver/EDS/core.phtml
index e8c5081a9ea..9c3ec6964a0 100644
--- a/themes/bootstrap3/templates/RecordDriver/EDS/core.phtml
+++ b/themes/bootstrap3/templates/RecordDriver/EDS/core.phtml
@@ -25,7 +25,7 @@
       <? $pLink = $this->driver->getPLink();
           if($pLink): ?>
         <span>
-          <a href="<?=$pLink?>">
+          <a href="<?=$this->escapeHtmlAttr($pLink)?>">
             <?=$this->transEsc('View in EDS')?>
           </a>
         </span><br />
@@ -54,7 +54,7 @@
               $icon = isset ($customLink['Icon']) ? $customLink['Icon'] : '';
               $name = isset($customLink['Name']) ? $customLink['Name'] : '';?>
           <span>
-            <a href="<?=$url?>" target="_blank" title="<?=$mot?>" class="custom-link">
+            <a href="<?=$this->escapeHtmlAttr($url)?>" target="_blank" title="<?=$mot?>" class="custom-link">
               <? if ($icon): ?><img src="<?=$icon?>" /> <? endif; ?><?=$name?>
             </a>
           </span><br />
diff --git a/themes/bootstrap3/templates/RecordDriver/EDS/result-list.phtml b/themes/bootstrap3/templates/RecordDriver/EDS/result-list.phtml
index cd9fef56a0d..7748ac658d5 100644
--- a/themes/bootstrap3/templates/RecordDriver/EDS/result-list.phtml
+++ b/themes/bootstrap3/templates/RecordDriver/EDS/result-list.phtml
@@ -53,7 +53,7 @@
           $icon = isset ($customLink['Icon']) ? $customLink['Icon'] : '';
           $name = isset($customLink['Name']) ? $customLink['Name'] : '';?>
       <span>
-        <a href="<?=$url?>" target="_blank" title="<?=$mot?>" class="custom-link">
+        <a href="<?=$this->escapeHtmlAttr($url)?>" target="_blank" title="<?=$mot?>" class="custom-link">
           <? if ($icon): ?><img src="<?=$icon?>" /> <? endif; ?><?=$name?>
         </a>
       </span>
diff --git a/themes/jquerymobile/templates/RecordDriver/EDS/core.phtml b/themes/jquerymobile/templates/RecordDriver/EDS/core.phtml
index 5dedde78f68..2df2a31f938 100644
--- a/themes/jquerymobile/templates/RecordDriver/EDS/core.phtml
+++ b/themes/jquerymobile/templates/RecordDriver/EDS/core.phtml
@@ -19,7 +19,7 @@
     <? endif; ?>
     <? $pLink = $this->driver->getPLink();
         if($pLink): ?>
-        <br/><a href="<?=$pLink?>">
+        <br/><a href="<?=$this->escapeHtmlAttr($pLink)?>">
           <?=$this->transEsc('View in EDS')?>
         </a>
     <? endif; ?>
@@ -41,7 +41,7 @@
               $mot = isset($customLink['MouseOverText'])? $customLink['MouseOverText'] : '';
               $icon = isset ($customLink['Icon']) ? $customLink['Icon'] : '';
               $name = isset($customLink['Name']) ? $customLink['Name'] : '';?>
-          <a href="<?=$url?>" target="_blank" title="<?=$mot?>" class="custom-link">
+          <a href="<?=$this->escapeHtmlAttr($url)?>" target="_blank" title="<?=$mot?>" class="custom-link">
             <? if ($icon): ?><img src="<?=$icon?>" /> <? endif; ?><?=$name?>
           </a><br/>
         <? endforeach; ?>
-- 
GitLab