Created
February 25, 2019 17:34
-
-
Save asmecher/421e42837919d5e9dd934cf8808b3322 to your computer and use it in GitHub Desktop.
Patch for pkp/pkp-lib#4522 for OJS 3.1.1-0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/controllers/grid/issues/IssueGridCellProvider.inc.php b/controllers/grid/issues/IssueGridCellProvider.inc.php | |
index 0f36e7af3b..092a925213 100644 | |
--- a/controllers/grid/issues/IssueGridCellProvider.inc.php | |
+++ b/controllers/grid/issues/IssueGridCellProvider.inc.php | |
@@ -48,7 +48,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO | |
'modal_edit', | |
true | |
), | |
- $issue->getIssueIdentification() | |
+ htmlspecialchars($issue->getIssueIdentification()) | |
) | |
); | |
} | |
diff --git a/controllers/grid/pubIds/PubIdExportIssuesListGridCellProvider.inc.php b/controllers/grid/pubIds/PubIdExportIssuesListGridCellProvider.inc.php | |
index 4f5d2309a5..02ee1af943 100644 | |
--- a/controllers/grid/pubIds/PubIdExportIssuesListGridCellProvider.inc.php | |
+++ b/controllers/grid/pubIds/PubIdExportIssuesListGridCellProvider.inc.php | |
@@ -56,7 +56,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO | |
$dispatcher->url($request, ROUTE_COMPONENT, null, 'grid.issues.BackIssueGridHandler', 'editIssue', null, array('issueId' => $publishedIssue->getId())), | |
__('plugins.importexport.common.settings.DOIPluginSettings') | |
), | |
- $publishedIssue->getIssueIdentification(), | |
+ htmlspecialchars($publishedIssue->getIssueIdentification()), | |
null | |
) | |
); | |
diff --git a/controllers/grid/pubIds/PubIdExportRepresentationsListGridCellProvider.inc.php b/controllers/grid/pubIds/PubIdExportRepresentationsListGridCellProvider.inc.php | |
index 2995b1f9bd..4e3f255a03 100644 | |
--- a/controllers/grid/pubIds/PubIdExportRepresentationsListGridCellProvider.inc.php | |
+++ b/controllers/grid/pubIds/PubIdExportRepresentationsListGridCellProvider.inc.php | |
@@ -63,7 +63,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO | |
->get('submission') | |
->getWorkflowUrlByUserRoles($publishedSubmission) | |
), | |
- $title | |
+ htmlspecialchars($title) | |
) | |
); | |
case 'issue': | |
@@ -82,7 +82,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO | |
$dispatcher->url($request, ROUTE_COMPONENT, null, 'grid.issues.BackIssueGridHandler', 'editIssue', null, array('issueId' => $issue->getId())), | |
__('plugins.importexport.common.settings.DOIPluginSettings') | |
), | |
- $issue->getIssueIdentification(), | |
+ htmlspecialchars($issue->getIssueIdentification()), | |
null | |
) | |
); | |
@@ -99,7 +99,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO | |
$statusActions[$status], | |
'_blank' | |
), | |
- $statusNames[$status] | |
+ htmlspecialchars($statusNames[$status]) | |
) | |
); | |
} | |
diff --git a/controllers/grid/submissions/ExportPublishedSubmissionsListGridCellProvider.inc.php b/controllers/grid/submissions/ExportPublishedSubmissionsListGridCellProvider.inc.php | |
index d7f3cac3be..f7f392b38e 100644 | |
--- a/controllers/grid/submissions/ExportPublishedSubmissionsListGridCellProvider.inc.php | |
+++ b/controllers/grid/submissions/ExportPublishedSubmissionsListGridCellProvider.inc.php | |
@@ -58,7 +58,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO | |
new RedirectAction( | |
ServicesContainer::instance()->get('submission')->getWorkflowUrlByUserRoles($publishedSubmission) | |
), | |
- $title | |
+ htmlspecialchars($title) | |
) | |
); | |
case 'issue': | |
@@ -77,7 +77,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO | |
$dispatcher->url($request, ROUTE_COMPONENT, null, 'grid.issues.BackIssueGridHandler', 'editIssue', null, array('issueId' => $issue->getId())), | |
__('plugins.importexport.common.settings.DOIPluginSettings') | |
), | |
- $issue->getIssueIdentification(), | |
+ htmlspecialchars($issue->getIssueIdentification()), | |
null | |
) | |
); | |
@@ -94,7 +94,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO | |
$statusActions[$status], | |
'_blank' | |
), | |
- $statusNames[$status] | |
+ htmlspecialchars($statusNames[$status]) | |
) | |
); | |
} | |
diff --git a/plugins/generic/htmlArticleGalley/display.tpl b/plugins/generic/htmlArticleGalley/display.tpl | |
index f87617ba87..475d73dbca 100644 | |
--- a/plugins/generic/htmlArticleGalley/display.tpl | |
+++ b/plugins/generic/htmlArticleGalley/display.tpl | |
@@ -9,7 +9,7 @@ | |
*} | |
<!DOCTYPE html> | |
<html lang="{$currentLocale|replace:"_":"-"}" xml:lang="{$currentLocale|replace:"_":"-"}"> | |
-{translate|assign:"pageTitleTranslated" key="article.pageTitle title=$article->getLocalizedTitle()} | |
+{translate|assign:"pageTitleTranslated" key="article.pageTitle" title=$article->getLocalizedTitle()|escape} | |
{include file="frontend/components/headerHead.tpl"} | |
<body class="pkp_page_{$requestedPage|escape} pkp_op_{$requestedOp|escape}"> | |
diff --git a/templates/frontend/objects/article_summary.tpl b/templates/frontend/objects/article_summary.tpl | |
index b6d5a53758..8f3e3c9c25 100644 | |
--- a/templates/frontend/objects/article_summary.tpl | |
+++ b/templates/frontend/objects/article_summary.tpl | |
@@ -44,7 +44,7 @@ | |
<div class="meta"> | |
{if $showAuthor} | |
<div class="authors"> | |
- {$article->getAuthorString()} | |
+ {$article->getAuthorString()|escape} | |
</div> | |
{/if} | |
diff --git a/templates/manager/statistics/statistics.tpl b/templates/manager/statistics/statistics.tpl | |
index ea257a0182..3a5f35fb1e 100644 | |
--- a/templates/manager/statistics/statistics.tpl | |
+++ b/templates/manager/statistics/statistics.tpl | |
@@ -45,7 +45,7 @@ | |
</script> | |
<select name="sectionIds[]" class="selectMenu" multiple="multiple" size="5"> | |
{foreach from=$sections item=section} | |
- <option {if in_array($section->getId(), $sectionIds)}selected="selected" {/if}value="{$section->getId()}">{$section->getLocalizedTitle()}</option> | |
+ <option {if in_array($section->getId(), $sectionIds)}selected="selected" {/if}value="{$section->getId()}">{$section->getLocalizedTitle()|escape}</option> | |
{/foreach} | |
</select><br/> <br/> | |
<input type="submit" value="{translate key="common.record"}" class="button defaultButton"/> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment