commit 38d852e55aa25cf67f827188ae78dadba61c748c parent 3789418251ca93db25622330b64b524cf3816671 Author: Jan Dankert <devnull@localhost> Date: Mon, 10 Dec 2018 00:06:41 +0100 Inhalte in Textareas html-escaped ausgeben. Diffstat:
6 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/modules/cms-ui/themes/default/html/views/file/edit.php b/modules/cms-ui/themes/default/html/views/file/edit.php @@ -9,7 +9,7 @@ <div class="input"> <br/> - <input size="40" id="req1544228380881665885_file" type="file" name="file" class="upload" /> + <input size="40" id="req0_file" type="file" name="file" class="upload" /> <br/> diff --git a/modules/cms-ui/themes/default/html/views/folder/createtext.php b/modules/cms-ui/themes/default/html/views/folder/createtext.php @@ -11,7 +11,7 @@ </label> </div> <div class="input"> - <input size="40" id="req15439584921105687493_file" type="file" maxlength="<?php echo $maxlength ?>" name="file" class="upload" multiple="multiple" /> + <input size="40" id="req0_file" type="file" maxlength="<?php echo $maxlength ?>" name="file" class="upload" multiple="multiple" /> </div> </div> diff --git a/modules/cms-ui/themes/default/html/views/object/settings.php b/modules/cms-ui/themes/default/html/views/object/settings.php @@ -5,7 +5,7 @@ <div class="line"> <div class="label"> <label for="<?php echo REQUEST_ID ?>_validity_from_date" class="label"> - <span class="text"><?php echo nl2br(encodeHtml(htmlentities(lang(''.'from'.'')))); ?></span> + <span><?php echo nl2br(encodeHtml(htmlentities(lang(''.'from'.'')))); ?></span> </label> </div> @@ -19,7 +19,7 @@ <div class="line"> <div class="label"> <label for="<?php echo REQUEST_ID ?>_validity_until_date" class="label"> - <span class="text"><?php echo nl2br(encodeHtml(htmlentities(lang(''.'until'.'')))); ?></span> + <span><?php echo nl2br(encodeHtml(htmlentities(lang(''.'until'.'')))); ?></span> </label> </div> @@ -35,12 +35,12 @@ <div class="line"> <div class="label"> <label for="<?php echo REQUEST_ID ?>_settings" class="label"> - <span class="text"><?php echo nl2br(encodeHtml(htmlentities(lang(''.'SETTINGS'.'')))); ?></span> + <span><?php echo nl2br(encodeHtml(htmlentities(lang(''.'SETTINGS'.'')))); ?></span> </label> </div> <div class="input"> - <textarea name="<?php if ('') echo ''.'_' ?>settings<?php if ('') echo '_disabled' ?>" data-extension="" data-mimetype="" data-mode="yaml" class="editor code-editor"><?php echo ${'settings'} ?></textarea> + <textarea name="<?php if ('') echo ''.'_' ?>settings<?php if ('') echo '_disabled' ?>" data-extension="" data-mimetype="" data-mode="yaml" class="editor code-editor"><?php echo htmlentities(${'settings'}) ?></textarea> </div> </div> diff --git a/modules/cms-ui/themes/default/html/views/template/src.php b/modules/cms-ui/themes/default/html/views/template/src.php @@ -5,7 +5,7 @@ <fieldset class="toggle-open-close<?php echo '1'?" open":" closed" ?><?php echo '1'?" show":"" ?>"><legend class="on-click-open-close"><div class="arrow arrow-right on-closed"></div><div class="arrow arrow-down on-open"></div><?php echo $name ?></legend><div> <?php $$name= $source; ?> - <textarea name="<?php if ('source') echo 'source'.'_' ?><?php echo $name ?><?php if ('') echo '_disabled' ?>" data-extension="" data-mimetype="" data-mode="htmlmixed" class="editor code-editor"><?php echo ${$name} ?></textarea> + <textarea name="<?php if ('source') echo 'source'.'_' ?><?php echo $name ?><?php if ('') echo '_disabled' ?>" data-extension="" data-mimetype="" data-mode="htmlmixed" class="editor code-editor"><?php echo htmlentities(${$name}) ?></textarea> </div></fieldset> <?php } ?> diff --git a/modules/cms-ui/themes/default/html/views/text/value.php b/modules/cms-ui/themes/default/html/views/text/value.php @@ -7,7 +7,7 @@ </td> <td> - <textarea name="<?php if ('') echo ''.'_' ?>value<?php if ('') echo '_disabled' ?>" data-extension="<?php echo $extension ?>" data-mimetype="<?php echo $mimetype ?>" data-mode="htmlmixed" class="editor code-editor"><?php echo ${'value'} ?></textarea> + <textarea name="<?php if ('') echo ''.'_' ?>value<?php if ('') echo '_disabled' ?>" data-extension="<?php echo $extension ?>" data-mimetype="<?php echo $mimetype ?>" data-mode="htmlmixed" class="editor code-editor"><?php echo htmlentities(${'value'}) ?></textarea> </td> </tr> diff --git a/modules/template-engine/components/html/editor/Editor.class.php b/modules/template-engine/components/html/editor/Editor.class.php @@ -29,11 +29,11 @@ class EditorComponent extends FieldComponent break; case 'markdown': - echo '<textarea '.$this->outputNameAttribute().' class="editor markdown-editor"><?php echo ${'.$this->value($this->name).'} ?></textarea>'; + echo '<textarea '.$this->outputNameAttribute().' class="editor markdown-editor"><?php echo htmlentities(${'.$this->value($this->name).'}) ?></textarea>'; break; case 'code': - echo '<textarea '.$this->outputNameAttribute().' data-extension="'.$this->htmlvalue($this->extension).'" data-mimetype="'.$this->htmlvalue($this->mimetype).'" data-mode="'.$this->htmlvalue($this->mode).'" class="editor code-editor"><?php echo ${'.$this->value($this->name).'} ?></textarea>'; + echo '<textarea '.$this->outputNameAttribute().' data-extension="'.$this->htmlvalue($this->extension).'" data-mimetype="'.$this->htmlvalue($this->mimetype).'" data-mode="'.$this->htmlvalue($this->mode).'" class="editor code-editor"><?php echo htmlentities(${'.$this->value($this->name).'}) ?></textarea>'; break;