diff --git a/redaxo/src/addons/install/pages/packages.add.php b/redaxo/src/addons/install/pages/packages.add.php
index 4887a62b93..cff30a46fa 100644
--- a/redaxo/src/addons/install/pages/packages.add.php
+++ b/redaxo/src/addons/install/pages/packages.add.php
@@ -127,10 +127,10 @@
$content .= '
|
- ' . $key . ' |
- ' . $addon['name'] . ' ' . rex_escape($addon['author']) . ' |
+ ' . rex_escape($key) . ' |
+ ' . rex_escape($addon['name']) . ' ' . rex_escape($addon['author']) . ' |
' . rex_escape(rex_formatter::strftime(reset($addon['files'])['created'])) . ' |
- ' . nl2br($addon['shortdescription']) . ' |
+ ' . nl2br(rex_escape($addon['shortdescription'])) . ' |
' . $package->i18n('addon_already_exists') . ' |
';
} else {
@@ -139,7 +139,7 @@
|
' . rex_escape($key) . ' |
- ' . rex_escape($addon['name']) . ' ' . $addon['author'] . ' |
+ ' . rex_escape($addon['name']) . ' ' . rex_escape($addon['author']) . ' |
' . rex_escape(rex_formatter::strftime(reset($addon['files'])['created'])) . ' |
' . nl2br(rex_escape($addon['shortdescription'])) . ' |
' . rex_i18n::msg('view') . ' |
diff --git a/redaxo/src/addons/install/pages/packages.upload.php b/redaxo/src/addons/install/pages/packages.upload.php
index 33a4e2b24b..a1e6f5d0aa 100644
--- a/redaxo/src/addons/install/pages/packages.upload.php
+++ b/redaxo/src/addons/install/pages/packages.upload.php
@@ -110,7 +110,7 @@
$fragment = new rex_fragment();
$fragment->setVar('class', 'edit', false);
- $fragment->setVar('title', $addonkey . ' ' . $package->i18n($new ? 'file_add' : 'file_edit') . '', false);
+ $fragment->setVar('title', rex_escape($addonkey) . ' ' . $package->i18n($new ? 'file_add' : 'file_edit') . '', false);
$fragment->setVar('body', $panel, false);
$fragment->setVar('buttons', $buttons, false);
$content = $fragment->parse('core/page/section.php');
@@ -129,12 +129,12 @@
$("#rex-js-install-packages-upload-upload-file").change(function(){
if($(this).is(":checked"))
{
- ' . ($newVersion != $file['version'] ? '$("#rex-js-install-packages-upload-version").html(\'' . $file['version'] . ' ' . $newVersion . '\');' : '') . '
+ ' . ($newVersion != $file['version'] ? '$("#rex-js-install-packages-upload-version").html(\'' . $file['version'] . ' ' . rex_escape($newVersion, 'js') . '\');' : '') . '
$("#rex-js-install-packages-upload-replace-assets, #rex-js-install-packages-upload-ignore-tests").removeAttr("disabled");
}
else
{
- $("#rex-js-install-packages-upload-version").html("' . $file['version'] . '");
+ $("#rex-js-install-packages-upload-version").html("' . rex_escape($file['version'], 'js') . '");
$("#rex-js-install-packages-upload-replace-assets, #rex-js-install-packages-upload-ignore-tests").attr("disabled", "disabled");
}
});
@@ -172,7 +172,7 @@
';
$fragment = new rex_fragment();
- $fragment->setVar('title', $addonkey . ' ' . $package->i18n('information') . '', false);
+ $fragment->setVar('title', rex_escape($addonkey) . ' ' . $package->i18n('information') . '', false);
$fragment->setVar('content', $panel, false);
$content = $fragment->parse('core/page/section.php');