|
11 | 11 | * This class implements a lot of functionality that can be extended by a specific action |
12 | 12 | * |
13 | 13 | * @author Tijs Verkoyen <tijs@sumocoders.be> |
| 14 | + * @author Frederik Heyninck <frederik@figure8.be> |
14 | 15 | */ |
15 | 16 | class BackendBaseAction |
16 | 17 | { |
@@ -168,21 +169,21 @@ public function execute() |
168 | 169 | $this->tpl->assign('report', true); |
169 | 170 |
|
170 | 171 | // camelcase the string |
171 | | - $messageName = SpoonFilter::toCamelCase($this->getParameter('report'), '-'); |
| 172 | + $messageName = SpoonFilter::toCamelCase(SpoonFilter::stripHTML($this->getParameter('report')), '-'); |
172 | 173 |
|
173 | 174 | // if we have data to use it will be passed as the var parameter |
174 | 175 | if(!empty($var)) $this->tpl->assign('reportMessage', vsprintf(BL::msg($messageName), $var)); |
175 | 176 | else $this->tpl->assign('reportMessage', BL::msg($messageName)); |
176 | 177 |
|
177 | 178 | // highlight an element with the given id if needed |
178 | | - if($this->getParameter('highlight')) $this->tpl->assign('highlight', $this->getParameter('highlight')); |
| 179 | + if($this->getParameter('highlight')) $this->tpl->assign('highlight', SpoonFilter::stripHTML($this->getParameter('highlight'))); |
179 | 180 | } |
180 | 181 |
|
181 | 182 | // is there an error to show? |
182 | 183 | if($this->getParameter('error') !== null) |
183 | 184 | { |
184 | 185 | // camelcase the string |
185 | | - $errorName = SpoonFilter::toCamelCase($this->getParameter('error'), '-'); |
| 186 | + $errorName = SpoonFilter::toCamelCase(SpoonFilter::stripHTML($this->getParameter('error')), '-'); |
186 | 187 |
|
187 | 188 | // if we have data to use it will be passed as the var parameter |
188 | 189 | if(!empty($var)) $this->tpl->assign('errorMessage', vsprintf(BL::err($errorName), $var)); |
|
0 commit comments