FIX Ensure actions panel keys and values have possible HTML escaped

This commit is contained in:
Robbie Averill 2017-12-06 13:40:46 +13:00 committed by GitHub
parent 45092dfb16
commit 0e84799f59
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1320,6 +1320,9 @@ class DMSDocument extends DataObject implements DMSDocumentInterface
. '<ul>'; . '<ul>';
foreach ($this->actionTasks as $panelKey => $title) { foreach ($this->actionTasks as $panelKey => $title) {
$panelKey = Convert::raw2xml($panelKey);
$title = Convert::raw2xml($title);
$html .= '<li class="ss-ui-button dmsdocument-action" data-panel="' . $panelKey . '">' $html .= '<li class="ss-ui-button dmsdocument-action" data-panel="' . $panelKey . '">'
. _t('DMSDocument.ACTION_' . strtoupper($panelKey), $title) . _t('DMSDocument.ACTION_' . strtoupper($panelKey), $title)
. '</li>'; . '</li>';