Escape variables in oai module

Jamie Snape · Jamie Snape · commit b6e14c5db827 · 2014-12-08T09:20:02.000-05:00
diff --git a/modules/oai/views/index/index.phtml b/modules/oai/views/index/index.phtml
@@ -22,33 +22,33 @@
 <div class="viewMain">
     <h2>Midas Platform Web API</h2>
     The API will send you a JSON response at the following URL:<br/>
-    <pre><?php echo $this->serverURL.$this->webroot ?>/api/json?method=METHOD_NAME</pre>
+    <pre><?php echo $this->escape($this->serverURL.$this->webroot); ?>/api/json?method=METHOD_NAME</pre>
 
     <div class="api.listmethods" id="api.listmethods">
         Available methods:
         <ul class="listmethods">
             <?php
             foreach ($this->data['api.listmethods'] as $methodname) {
-                echo "<li class='methodListElement'>".$methodname." <a class='showHideHelp'>?</a></li>";
+                echo "<li class='methodListElement'>".$this->escape($methodname)." <a class='showHideHelp'>?</a></li>";
                 if (isset($this->help[$methodname])) {
                     echo "<div class='helpContent'>";
-                    echo $this->help[$methodname]['description'].'<br/>';
+                    echo $this->escape($this->help[$methodname]['description']).'<br/>';
                     if (!empty($this->help[$methodname]['params'])) {
                         echo '<b>Parameters</b>';
                         foreach ($this->help[$methodname]['params'] as $key => $value) {
                             echo '<ul>';
-                            echo "<li><b>{$key}</b> - {$value}</li>";
+                            echo "<li><b>{$this->escape($key)}</b> - {$this->escape($value)}</li>";
                             echo '</ul>';
                         }
                     }
                     if (!empty($this->help[$methodname]['return'])) {
-                        echo '<b>Return</b> - '.$this->help[$methodname]['return'];
+                        echo '<b>Return</b> - '.$this->escape($this->help[$methodname]['return']);
                     }
                     if (!empty($this->help[$methodname]['example'])) {
                         echo '<br/><b>Examples</b>';
                         foreach ($this->help[$methodname]['example'] as $key => $value) {
                             echo '<ul>';
-                            echo "<li><b>{$value}</b> - {$key}</li>";
+                            echo "<li><b>{$this->escape($value)}</b> - {$this->escape($key)}</li>";
                             echo '</ul>';
                         }
                     }
