Fixed issue #18917: [security] Stored XSS in the user group deletion …

…confirmation popup (#3249)

application/extensions/admin/grid/GridActionsWidget/views/action_dropdown.php

@@ -20,7 +20,7 @@ class="dropdown-item <?= $enabledCondition ? "" : "disabled" ?> <?= $dropdownIte
                        role="button"
                         <?php if (isset($dropdownItem['linkAttributes']) && is_array($dropdownItem['linkAttributes'])) : ?>
                             <?php foreach ($dropdownItem['linkAttributes'] as $attribute => $value) : ?>
-                                <?= $attribute . '=' . $value ?>
+                                <?= "$attribute='$value'" ?>
                             <?php endforeach; ?>
                         <?php endif; ?>>
                         <?php if (isset($dropdownItem['iconClass'])) : ?>

application/models/UserGroup.php

@@ -358,7 +358,6 @@ public function getButtons()
             'url'              => Yii::app()->createUrl("userGroup/mailToAllUsersInGroup/ugid/$this->ugid"),
             'enabledCondition' => $permissionUsergroupsEdit
         ];
-
         $deletePostData = json_encode(['ugid' => $this->ugid]);
         $dropdownItems[] = [
             'title'            => gT('Delete user group'),
@@ -368,7 +367,7 @@ public function getButtons()
                 'data-bs-toggle' => "modal",
                 'data-post-url'  => App()->createUrl("userGroup/deleteGroup"),
                 'data-post-datas' => $deletePostData,
-                'data-message'   => sprintf(gt("Are you sure you want to delete user group '%s'?"), $this->name),
+                'data-message'   => sprintf(gt("Are you sure you want to delete user group '%s'?"), CHtml::encode($this->name)),
                 'data-bs-target' => "#confirmation-modal",
                 'data-btnclass'  => 'btn-danger',
                 'data-btntext'   => gt('Delete'),