Escape page title for users who can't edit

They have a separate unlinked display of the page titles that wasn't being escaped. Escape the slugs at the same time, even though they should already be guaranteed to never contain "interesting" characters. (cherry picked from commit 43dda13)
omeka · Aug 21, 2023 · 4482f4f · 4482f4f
1 parent 9a1b8c6
commit 4482f4f
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/application/view/omeka/site-admin/page/index.phtml b/application/view/omeka/site-admin/page/index.phtml
@@ -36,7 +36,7 @@ $this->htmlElement('body')->appendAttribute('class', 'sites pages browse');
             <?php if ($page->userIsAllowed('update')): ?>
             <?php echo $page->link($page->title(), 'edit'); ?>
             <?php else: ?>
-            <?php echo $page->title(); ?>
+            <?php echo $escape($page->title()); ?>
             <?php endif; ?>
             <?php if (!$page->isPublic()): ?>
                 <span class="o-icon-private" aria-label="<?php echo $translate('Private'); ?>"></span>
@@ -65,7 +65,7 @@ $this->htmlElement('body')->appendAttribute('class', 'sites pages browse');
                 <?php endif; ?>
             </ul>
         </td>
-        <td><?php echo $page->slug(); ?></td>
+        <td><?php echo $escape($page->slug()); ?></td>
         <td><?php echo $escape($i18n->dateFormat($sortBy === 'created' ? $page->created() : $page->modified())); ?></td>
     </tr>
 <?php endforeach; ?>