Fixed escaping problems.

9cffac45 · Demian Katz · 30f48014 · 9cffac45 · 9cffac45 · 9cffac45
Commit 9cffac45 authored 10 years ago by Demian Katz
--- a/themes/blueprint/templates/RecordDriver/EDS/core.phtml
+++ b/themes/blueprint/templates/RecordDriver/EDS/core.phtml
@@ -65,7 +65,7 @@
    <? $pLink = $this->driver->getPLink();
        if($pLink): ?>
      <span>
-        <a href="<?=$pLink?>">
+        <a href="<?=$this->escapeHtmlAttr($pLink)?>">
          <?=$this->transEsc('View in EDS')?>
        </a>
      </span><br />
@@ -94,7 +94,7 @@
            $icon = isset ($customLink['Icon']) ? $customLink['Icon'] : '';
            $name = isset($customLink['Name']) ? $customLink['Name'] : '';?>
        <span>
-          <a href="<?=$url?>" target="_blank" title="<?=$mot?>" class="custom-link">
+          <a href="<?=$this->escapeHtmlAttr($url)?>" target="_blank" title="<?=$mot?>" class="custom-link">
            <? if ($icon): ?><img src="<?=$icon?>" /><? endif; ?><?=$name?>
          </a>
        </span><br />

--- a/themes/blueprint/templates/RecordDriver/EDS/result-list.phtml
+++ b/themes/blueprint/templates/RecordDriver/EDS/result-list.phtml
@@ -54,7 +54,7 @@
            $icon = isset ($customLink['Icon']) ? $customLink['Icon'] : '';
            $name = isset($customLink['Name']) ? $customLink['Name'] : '';?>
        <span>
-          <a href="<?=$url?>" target="_blank" title="<?=$mot?>" class="custom-link">
+          <a href="<?=$this->escapeHtmlAttr($url)?>" target="_blank" title="<?=$mot?>" class="custom-link">
            <? if ($icon): ?><img src="<?=$icon?>" /><? endif; ?><?=$name?>
          </a>
        </span>

--- a/themes/bootstrap/templates/RecordDriver/EDS/core.phtml
+++ b/themes/bootstrap/templates/RecordDriver/EDS/core.phtml
@@ -25,7 +25,7 @@
      <? $pLink = $this->driver->getPLink();
          if($pLink): ?>
        <span>
-          <a href="<?=$pLink?>">
+          <a href="<?=$this->escapeHtmlAttr($pLink)?>">
            <?=$this->transEsc('View in EDS')?>
          </a>
        </span><br />
@@ -54,7 +54,7 @@
              $icon = isset ($customLink['Icon']) ? $customLink['Icon'] : '';
              $name = isset($customLink['Name']) ? $customLink['Name'] : '';?>
          <span>
-            <a href="<?=$url?>" target="_blank" title="<?=$mot?>" class="custom-link">
+            <a href="<?=$this->escapeHtmlAttr($url)?>" target="_blank" title="<?=$mot?>" class="custom-link">
              <? if ($icon): ?><img src="<?=$icon?>" /> <? endif; ?><?=$name?>
            </a>
          </span><br />

--- a/themes/bootstrap/templates/RecordDriver/EDS/result-list.phtml
+++ b/themes/bootstrap/templates/RecordDriver/EDS/result-list.phtml
@@ -53,7 +53,7 @@
          $icon = isset ($customLink['Icon']) ? $customLink['Icon'] : '';
          $name = isset($customLink['Name']) ? $customLink['Name'] : '';?>
      <span>
-        <a href="<?=$url?>" target="_blank" title="<?=$mot?>" class="custom-link">
+        <a href="<?=$this->escapeHtmlAttr($url)?>" target="_blank" title="<?=$mot?>" class="custom-link">
          <? if ($icon): ?><img src="<?=$icon?>" /> <? endif; ?><?=$name?>
        </a>
      </span>

--- a/themes/bootstrap3/templates/RecordDriver/EDS/core.phtml
+++ b/themes/bootstrap3/templates/RecordDriver/EDS/core.phtml
@@ -25,7 +25,7 @@
      <? $pLink = $this->driver->getPLink();
          if($pLink): ?>
        <span>
-          <a href="<?=$pLink?>">
+          <a href="<?=$this->escapeHtmlAttr($pLink)?>">
            <?=$this->transEsc('View in EDS')?>
          </a>
        </span><br />
@@ -54,7 +54,7 @@
              $icon = isset ($customLink['Icon']) ? $customLink['Icon'] : '';
              $name = isset($customLink['Name']) ? $customLink['Name'] : '';?>
          <span>
-            <a href="<?=$url?>" target="_blank" title="<?=$mot?>" class="custom-link">
+            <a href="<?=$this->escapeHtmlAttr($url)?>" target="_blank" title="<?=$mot?>" class="custom-link">
              <? if ($icon): ?><img src="<?=$icon?>" /> <? endif; ?><?=$name?>
            </a>
          </span><br />

--- a/themes/bootstrap3/templates/RecordDriver/EDS/result-list.phtml
+++ b/themes/bootstrap3/templates/RecordDriver/EDS/result-list.phtml
@@ -53,7 +53,7 @@
          $icon = isset ($customLink['Icon']) ? $customLink['Icon'] : '';
          $name = isset($customLink['Name']) ? $customLink['Name'] : '';?>
      <span>
-        <a href="<?=$url?>" target="_blank" title="<?=$mot?>" class="custom-link">
+        <a href="<?=$this->escapeHtmlAttr($url)?>" target="_blank" title="<?=$mot?>" class="custom-link">
          <? if ($icon): ?><img src="<?=$icon?>" /> <? endif; ?><?=$name?>
        </a>
      </span>

--- a/themes/jquerymobile/templates/RecordDriver/EDS/core.phtml
+++ b/themes/jquerymobile/templates/RecordDriver/EDS/core.phtml
@@ -19,7 +19,7 @@
    <? endif; ?>
    <? $pLink = $this->driver->getPLink();
        if($pLink): ?>
-        <br/><a href="<?=$pLink?>">
+        <br/><a href="<?=$this->escapeHtmlAttr($pLink)?>">
          <?=$this->transEsc('View in EDS')?>
        </a>
    <? endif; ?>
@@ -41,7 +41,7 @@
              $mot = isset($customLink['MouseOverText'])? $customLink['MouseOverText'] : '';
              $icon = isset ($customLink['Icon']) ? $customLink['Icon'] : '';
              $name = isset($customLink['Name']) ? $customLink['Name'] : '';?>
-          <a href="<?=$url?>" target="_blank" title="<?=$mot?>" class="custom-link">
+          <a href="<?=$this->escapeHtmlAttr($url)?>" target="_blank" title="<?=$mot?>" class="custom-link">
            <? if ($icon): ?><img src="<?=$icon?>" /> <? endif; ?><?=$name?>
          </a><br/>
        <? endforeach; ?>