asmecher/i4522-ojs-3_1_1-0.diff

## i4522-ojs-3_1_1-0.diff
diff --git a/controllers/grid/issues/IssueGridCellProvider.inc.php b/controllers/grid/issues/IssueGridCellProvider.inc.php
index 0f36e7af3b..092a925213 100644
--- a/controllers/grid/issues/IssueGridCellProvider.inc.php
+++ b/controllers/grid/issues/IssueGridCellProvider.inc.php
@@ -48,7 +48,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO
 						'modal_edit',
 						true
 					),
-					$issue->getIssueIdentification()
+					htmlspecialchars($issue->getIssueIdentification())
 				)
 			);
 		}
diff --git a/controllers/grid/pubIds/PubIdExportIssuesListGridCellProvider.inc.php b/controllers/grid/pubIds/PubIdExportIssuesListGridCellProvider.inc.php
index 4f5d2309a5..02ee1af943 100644
--- a/controllers/grid/pubIds/PubIdExportIssuesListGridCellProvider.inc.php
+++ b/controllers/grid/pubIds/PubIdExportIssuesListGridCellProvider.inc.php
@@ -56,7 +56,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO
 							$dispatcher->url($request, ROUTE_COMPONENT, null, 'grid.issues.BackIssueGridHandler', 'editIssue', null, array('issueId' => $publishedIssue->getId())),
 							__('plugins.importexport.common.settings.DOIPluginSettings')
 						),
-						$publishedIssue->getIssueIdentification(),
+						htmlspecialchars($publishedIssue->getIssueIdentification()),
 						null
 					)
 				);
diff --git a/controllers/grid/pubIds/PubIdExportRepresentationsListGridCellProvider.inc.php b/controllers/grid/pubIds/PubIdExportRepresentationsListGridCellProvider.inc.php
index 2995b1f9bd..4e3f255a03 100644
--- a/controllers/grid/pubIds/PubIdExportRepresentationsListGridCellProvider.inc.php
+++ b/controllers/grid/pubIds/PubIdExportRepresentationsListGridCellProvider.inc.php
@@ -63,7 +63,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO
 									->get('submission')
 									->getWorkflowUrlByUserRoles($publishedSubmission)
 						),
-						$title
+						htmlspecialchars($title)
 					)
 				);
 			case 'issue':
@@ -82,7 +82,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO
 							$dispatcher->url($request, ROUTE_COMPONENT, null, 'grid.issues.BackIssueGridHandler', 'editIssue', null, array('issueId' => $issue->getId())),
 							__('plugins.importexport.common.settings.DOIPluginSettings')
 						),
-						$issue->getIssueIdentification(),
+						htmlspecialchars($issue->getIssueIdentification()),
 						null
 					)
 				);
@@ -99,7 +99,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO
 								$statusActions[$status],
 								'_blank'
 							),
-							$statusNames[$status]
+							htmlspecialchars($statusNames[$status])
 						)
 					);
 				}
diff --git a/controllers/grid/submissions/ExportPublishedSubmissionsListGridCellProvider.inc.php b/controllers/grid/submissions/ExportPublishedSubmissionsListGridCellProvider.inc.php
index d7f3cac3be..f7f392b38e 100644
--- a/controllers/grid/submissions/ExportPublishedSubmissionsListGridCellProvider.inc.php
+++ b/controllers/grid/submissions/ExportPublishedSubmissionsListGridCellProvider.inc.php
@@ -58,7 +58,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO
 						new RedirectAction(
 							ServicesContainer::instance()->get('submission')->getWorkflowUrlByUserRoles($publishedSubmission)
 						),
-						$title
+						htmlspecialchars($title)
 					)
 				);
 			case 'issue':
@@ -77,7 +77,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO
 							$dispatcher->url($request, ROUTE_COMPONENT, null, 'grid.issues.BackIssueGridHandler', 'editIssue', null, array('issueId' => $issue->getId())),
 							__('plugins.importexport.common.settings.DOIPluginSettings')
 						),
-						$issue->getIssueIdentification(),
+						htmlspecialchars($issue->getIssueIdentification()),
 						null
 					)
 				);
@@ -94,7 +94,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO
 								$statusActions[$status],
 								'_blank'
 							),
-							$statusNames[$status]
+							htmlspecialchars($statusNames[$status])
 						)
 					);
 				}
diff --git a/plugins/generic/htmlArticleGalley/display.tpl b/plugins/generic/htmlArticleGalley/display.tpl
index f87617ba87..475d73dbca 100644
--- a/plugins/generic/htmlArticleGalley/display.tpl
+++ b/plugins/generic/htmlArticleGalley/display.tpl
@@ -9,7 +9,7 @@
  *}
 <!DOCTYPE html>
 <html lang="{$currentLocale|replace:"_":"-"}" xml:lang="{$currentLocale|replace:"_":"-"}">
-{translate|assign:"pageTitleTranslated" key="article.pageTitle title=$article->getLocalizedTitle()}
+{translate|assign:"pageTitleTranslated" key="article.pageTitle" title=$article->getLocalizedTitle()|escape}
 {include file="frontend/components/headerHead.tpl"}
 <body class="pkp_page_{$requestedPage|escape} pkp_op_{$requestedOp|escape}">

diff --git a/templates/frontend/objects/article_summary.tpl b/templates/frontend/objects/article_summary.tpl
index b6d5a53758..8f3e3c9c25 100644
--- a/templates/frontend/objects/article_summary.tpl
+++ b/templates/frontend/objects/article_summary.tpl
@@ -44,7 +44,7 @@
 	<div class="meta">
 		{if $showAuthor}
 		<div class="authors">
-			{$article->getAuthorString()}
+			{$article->getAuthorString()|escape}
 		</div>
 		{/if}

diff --git a/templates/manager/statistics/statistics.tpl b/templates/manager/statistics/statistics.tpl
index ea257a0182..3a5f35fb1e 100644
--- a/templates/manager/statistics/statistics.tpl
+++ b/templates/manager/statistics/statistics.tpl
@@ -45,7 +45,7 @@
 			</script>
 				<select name="sectionIds[]" class="selectMenu" multiple="multiple" size="5">
 					{foreach from=$sections item=section}
-						<option {if in_array($section->getId(), $sectionIds)}selected="selected" {/if}value="{$section->getId()}">{$section->getLocalizedTitle()}</option>
+						<option {if in_array($section->getId(), $sectionIds)}selected="selected" {/if}value="{$section->getId()}">{$section->getLocalizedTitle()|escape}</option>
 					{/foreach}
 				</select><br/>&nbsp;<br/>
 				<input type="submit" value="{translate key="common.record"}" class="button defaultButton"/>
	diff --git a/controllers/grid/issues/IssueGridCellProvider.inc.php b/controllers/grid/issues/IssueGridCellProvider.inc.php
	index 0f36e7af3b..092a925213 100644
	--- a/controllers/grid/issues/IssueGridCellProvider.inc.php
	+++ b/controllers/grid/issues/IssueGridCellProvider.inc.php
	@@ -48,7 +48,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO
	'modal_edit',
	true
	),
	- $issue->getIssueIdentification()
	+ htmlspecialchars($issue->getIssueIdentification())
	)
	);
	}
	diff --git a/controllers/grid/pubIds/PubIdExportIssuesListGridCellProvider.inc.php b/controllers/grid/pubIds/PubIdExportIssuesListGridCellProvider.inc.php
	index 4f5d2309a5..02ee1af943 100644
	--- a/controllers/grid/pubIds/PubIdExportIssuesListGridCellProvider.inc.php
	+++ b/controllers/grid/pubIds/PubIdExportIssuesListGridCellProvider.inc.php
	@@ -56,7 +56,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO
	$dispatcher->url($request, ROUTE_COMPONENT, null, 'grid.issues.BackIssueGridHandler', 'editIssue', null, array('issueId' => $publishedIssue->getId())),
	__('plugins.importexport.common.settings.DOIPluginSettings')
	),
	- $publishedIssue->getIssueIdentification(),
	+ htmlspecialchars($publishedIssue->getIssueIdentification()),
	null
	)
	);
	diff --git a/controllers/grid/pubIds/PubIdExportRepresentationsListGridCellProvider.inc.php b/controllers/grid/pubIds/PubIdExportRepresentationsListGridCellProvider.inc.php
	index 2995b1f9bd..4e3f255a03 100644
	--- a/controllers/grid/pubIds/PubIdExportRepresentationsListGridCellProvider.inc.php
	+++ b/controllers/grid/pubIds/PubIdExportRepresentationsListGridCellProvider.inc.php
	@@ -63,7 +63,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO
	->get('submission')
	->getWorkflowUrlByUserRoles($publishedSubmission)
	),
	- $title
	+ htmlspecialchars($title)
	)
	);
	case 'issue':
	@@ -82,7 +82,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO
	$dispatcher->url($request, ROUTE_COMPONENT, null, 'grid.issues.BackIssueGridHandler', 'editIssue', null, array('issueId' => $issue->getId())),
	__('plugins.importexport.common.settings.DOIPluginSettings')
	),
	- $issue->getIssueIdentification(),
	+ htmlspecialchars($issue->getIssueIdentification()),
	null
	)
	);
	@@ -99,7 +99,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO
	$statusActions[$status],
	'_blank'
	),
	- $statusNames[$status]
	+ htmlspecialchars($statusNames[$status])
	)
	);
	}
	diff --git a/controllers/grid/submissions/ExportPublishedSubmissionsListGridCellProvider.inc.php b/controllers/grid/submissions/ExportPublishedSubmissionsListGridCellProvider.inc.php
	index d7f3cac3be..f7f392b38e 100644
	--- a/controllers/grid/submissions/ExportPublishedSubmissionsListGridCellProvider.inc.php
	+++ b/controllers/grid/submissions/ExportPublishedSubmissionsListGridCellProvider.inc.php
	@@ -58,7 +58,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO
	new RedirectAction(
	ServicesContainer::instance()->get('submission')->getWorkflowUrlByUserRoles($publishedSubmission)
	),
	- $title
	+ htmlspecialchars($title)
	)
	);
	case 'issue':
	@@ -77,7 +77,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO
	$dispatcher->url($request, ROUTE_COMPONENT, null, 'grid.issues.BackIssueGridHandler', 'editIssue', null, array('issueId' => $issue->getId())),
	__('plugins.importexport.common.settings.DOIPluginSettings')
	),
	- $issue->getIssueIdentification(),
	+ htmlspecialchars($issue->getIssueIdentification()),
	null
	)
	);
	@@ -94,7 +94,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO
	$statusActions[$status],
	'_blank'
	),
	- $statusNames[$status]
	+ htmlspecialchars($statusNames[$status])
	)
	);
	}
	diff --git a/plugins/generic/htmlArticleGalley/display.tpl b/plugins/generic/htmlArticleGalley/display.tpl
	index f87617ba87..475d73dbca 100644
	--- a/plugins/generic/htmlArticleGalley/display.tpl
	+++ b/plugins/generic/htmlArticleGalley/display.tpl
	@@ -9,7 +9,7 @@
	*}
	<!DOCTYPE html>
	<html lang="{$currentLocale\|replace:"_":"-"}" xml:lang="{$currentLocale\|replace:"_":"-"}">
	-{translate\|assign:"pageTitleTranslated" key="article.pageTitle title=$article->getLocalizedTitle()}
	+{translate\|assign:"pageTitleTranslated" key="article.pageTitle" title=$article->getLocalizedTitle()\|escape}
	{include file="frontend/components/headerHead.tpl"}
	<body class="pkp_page_{$requestedPage\|escape} pkp_op_{$requestedOp\|escape}">

	diff --git a/templates/frontend/objects/article_summary.tpl b/templates/frontend/objects/article_summary.tpl
	index b6d5a53758..8f3e3c9c25 100644
	--- a/templates/frontend/objects/article_summary.tpl
	+++ b/templates/frontend/objects/article_summary.tpl
	@@ -44,7 +44,7 @@
	<div class="meta">
	{if $showAuthor}
	<div class="authors">
	- {$article->getAuthorString()}
	+ {$article->getAuthorString()\|escape}
	</div>
	{/if}

	diff --git a/templates/manager/statistics/statistics.tpl b/templates/manager/statistics/statistics.tpl
	index ea257a0182..3a5f35fb1e 100644
	--- a/templates/manager/statistics/statistics.tpl
	+++ b/templates/manager/statistics/statistics.tpl
	@@ -45,7 +45,7 @@
	</script>
	<select name="sectionIds[]" class="selectMenu" multiple="multiple" size="5">
	{foreach from=$sections item=section}
	- <option {if in_array($section->getId(), $sectionIds)}selected="selected" {/if}value="{$section->getId()}">{$section->getLocalizedTitle()}</option>
	+ <option {if in_array($section->getId(), $sectionIds)}selected="selected" {/if}value="{$section->getId()}">{$section->getLocalizedTitle()\|escape}</option>
	{/foreach}
	</select><br/> <br/>
	<input type="submit" value="{translate key="common.record"}" class="button defaultButton"/>