Skip to content

Commit

Permalink
#850 additional escaping in menu ul
Browse files Browse the repository at this point in the history
  • Loading branch information
@4unkur @vbezruchkin
4unkur authored and vbezruchkin committed Feb 28, 2020
1 parent 06950c2 commit 0e9180d
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 9 deletions.
4 changes: 2 additions & 2 deletions templates/_common/menu-ul.tpl
View file
Expand Up @@ -7,7 +7,7 @@
{if 'mainmenu' == $position && $menu@iteration > $core.config.max_top_menu_items|default:5 && $menu.level < 1}{capture append=dropdown name=$menu.page_name}{/if}

{if in_array($position, ['left', 'right', 'user1', 'user2', 'top'])}
<a class="list-group-item{if $menu.active} active{/if}" href="{if $menu.url}{$menu.url}{else}{$smarty.const.IA_SELF}#{/if}"{if $menu.nofollow} rel="nofollow"{/if}{if $menu.new_window} target="_blank"{/if}>{$menu.text}</a>
<a class="list-group-item{if $menu.active} active{/if}" href="{if $menu.url}{$menu.url}{else}{$smarty.const.IA_SELF}#{/if}"{if $menu.nofollow} rel="nofollow"{/if}{if $menu.new_window} target="_blank"{/if}>{$menu.text|escape}</a>
{else}
<li class="m_{$menu.page_name}
{if isset($data[$menu.el_id]) || isset($menu_children)} dropdown{/if}
Expand All @@ -20,7 +20,7 @@
{if $menu.nofollow} rel="nofollow"{/if}
{if $menu.new_window} target="_blank"{/if}
>
{$menu.text}
{$menu.text|escape}
</a>
{if (isset($data[$menu.el_id]) || isset($menu_children)) && $menu.level == 0 && $position != 'left'}<span class="navbar-nav__drop dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false"><span class="fa fa-angle-down"></span></span>{/if}
{if isset($data[$menu.el_id])}
Expand Down
8 changes: 4 additions & 4 deletions templates/_common/render-menu.tpl
View file
Expand Up @@ -7,9 +7,9 @@
<ul class="nav navbar-nav navbar-right nav-account">
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">
{ia_image file=$member.avatar title=$member.fullname|default:$member.username class='img-circle' gravatar=true email=$member.email}
{ia_image file=$member.avatar title=$member.fullname|escape|default:$member.username|escape class='img-circle' gravatar=true email=$member.email}

{$member.fullname|default:$member.username}
{$member.fullname|escape|default:$member.username|escape}
</a>
<span class="navbar-nav__drop dropdown-toggle" data-toggle="dropdown"><span class="fa fa-angle-down"></span></span>
{ia_hooker name='smartyFrontInsideAccountBox'}
Expand All @@ -24,7 +24,7 @@
{/if}
{elseif in_array($position, ['left', 'right', 'user1', 'user2', 'top'])}
{if !empty($menu.contents[0]) && 'account' != $menu.name}
{ia_block header=$menu.header title=$menu.title movable=true id=$menu.id name=$menu.name collapsible=$menu.collapsible classname=$menu.classname}
{ia_block header=$menu.header title=$menu.title|escape movable=true id=$menu.id name=$menu.name collapsible=$menu.collapsible classname=$menu.classname}
{ia_menu menus=$menu.contents class="list-group {$menu.classname}"}
{/ia_block}
{/if}
Expand All @@ -33,7 +33,7 @@
{else}
<!--__ms_{$menu.id}-->
{if $menu.header || isset($manageMode)}
<div class="nav-menu-header {$menu.classname}">{$menu.title}</div>
<div class="nav-menu-header {$menu.classname}">{$menu.title|escape}</div>
{else}
<div class="menu {$menu.classname}">
{/if}
Expand Down
4 changes: 2 additions & 2 deletions templates/kickstart/menu-ul.tpl
View file
Expand Up @@ -7,7 +7,7 @@
{if 'mainmenu' == $position && $menu@iteration > $core.config.max_top_menu_items|default:5 && $menu.level < 1}{capture append=dropdown name=$menu.page_name}{/if}

{if in_array($position, array('left', 'right', 'user1', 'user2', 'top'))}
<a class="list-group-item{if $menu.active} active{/if}" href="{if $menu.url}{$menu.url}{else}{$smarty.const.IA_SELF}#{/if}"{if $menu.nofollow} rel="nofollow"{/if}{if $menu.new_window} target="_blank"{/if}>{$menu.text}</a>
<a class="list-group-item{if $menu.active} active{/if}" href="{if $menu.url}{$menu.url}{else}{$smarty.const.IA_SELF}#{/if}"{if $menu.nofollow} rel="nofollow"{/if}{if $menu.new_window} target="_blank"{/if}>{$menu.text|escape}</a>
{else}
<li class="m_{$menu.page_name}
{if isset($data[$menu.el_id]) || isset($menu_children)} dropdown{/if}
Expand All @@ -21,7 +21,7 @@
{if $menu.new_window} target="_blank"{/if}
{if (isset($data[$menu.el_id]) || isset($menu_children)) && $menu.level == 0 && $position != 'left'}data-toggle="dropdown"{/if}
>
{$menu.text}
{$menu.text|escape}
{if (isset($data[$menu.el_id]) || isset($menu_children)) && $menu.level == 0 && $position != 'left'}<span class="caret"></span>{/if}
</a>
{if isset($data[$menu.el_id])}
Expand Down
2 changes: 1 addition & 1 deletion templates/kickstart/render-menu.tpl
View file
Expand Up @@ -26,7 +26,7 @@
{/if}
{elseif in_array($position, array('left', 'right', 'user1', 'user2', 'top'))}
{if !empty($menu.contents[0]) && 'account' != $menu.name}
{ia_block header=$menu.header title=$menu.title movable=true id=$menu.id name=$menu.name collapsible=$menu.collapsible classname=$menu.classname}
{ia_block header=$menu.header title=$menu.title|escape movable=true id=$menu.id name=$menu.name collapsible=$menu.collapsible classname=$menu.classname}
{ia_menu menus=$menu.contents class="list-group {$menu.classname}"}
{/ia_block}
{/if}
Expand Down

0 comments on commit 0e9180d

Please sign in to comment.