Skip to content

Commit

Permalink
Escape resource name.
Browse files Browse the repository at this point in the history
  • Loading branch information
@yunosh
yunosh committed Jan 14, 2014
1 parent df1d05c commit 0d0c6f2
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
8 changes: 4 additions & 4 deletions kronolith/lib/FreeBusy/View.php
View file
Expand Up @@ -129,7 +129,7 @@ public function render(Horde_Date $day = null)
$blocks = $this->_getBlocks($member, $member->getBusyPeriods(), 'busyblock.html', _("Busy"));
$template = $GLOBALS['injector']->createInstance('Horde_Template');
$template->set('blocks', $blocks);
$template->set('name', $member->getName());
$template->set('name', htmlspecialchars($member->getName()));
$rows .= $template->fetch(KRONOLITH_TEMPLATES . '/fbview/row.html');
}

Expand All @@ -150,7 +150,7 @@ public function render(Horde_Date $day = null)
$blocks = $this->_getBlocks($member, $member->getBusyPeriods(), 'busyblock.html', _("Busy"));
$template = $GLOBALS['injector']->createInstance('Horde_Template');
$template->set('blocks', $blocks);
$template->set('name', $member->getName());
$template->set('name', htmlspecialchars($member->getName()));
$rows .= $template->fetch(KRONOLITH_TEMPLATES . '/fbview/row.html');
}

Expand All @@ -172,15 +172,15 @@ public function render(Horde_Date $day = null)
$blocks = $this->_getBlocks($member, $member->getBusyPeriods(), 'busyblock.html', _("Busy"));
$template = $GLOBALS['injector']->createInstance('Horde_Template');
$template->set('blocks', $blocks);
$template->set('name', $member->getName());
$template->set('name', htmlspecialchars($member->getName()));
$rows .= $template->fetch(KRONOLITH_TEMPLATES . '/fbview/row.html');
}
foreach ($this->_optionalResourceMembers as $member) {
$member->simplify();
$blocks = $this->_getBlocks($member, $member->getBusyPeriods(), 'busyblock.html', _("Busy"));
$template = $GLOBALS['injector']->createInstance('Horde_Template');
$template->set('blocks', $blocks);
$template->set('name', $member->getName());
$template->set('name', htmlspecialchars($member->getName()));
$rows .= $template->fetch(KRONOLITH_TEMPLATES . '/fbview/row.html');
}
$template = $GLOBALS['injector']->createInstance('Horde_Template');
Expand Down
2 changes: 1 addition & 1 deletion kronolith/templates/attendees/attendees.inc
View file
Expand Up @@ -139,7 +139,7 @@ function switchDateView(view, date)
<select id="resourceselect" name="resourceselect">
<option value="0"><?php echo _("Select resource")?></option>
<?php foreach ($allResources as $id => $resource):?>
<?php printf('<option value="%s">%s</option>', $resource->getId(), $resource->get('name')) ?>
<?php printf('<option value="%s">%s</option>', $resource->getId(), htmlspecialchars($resource->get('name'))) ?>
<?php endforeach;?>
</select>
</td>
Expand Down

0 comments on commit 0d0c6f2

Please sign in to comment.