Chaining purify method to ensure safe rendering of translation keys (m…

…autic#14270) * Chaining purify method to ensure safe rendering of translation keys * Updated report and chart templates to work as expected. * Corrected changes * Reverted Installer check template
galvani · Nov 21, 2024 · 91b34ff · 91b34ff
1 parent f49a39e
commit 91b34ff
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 8 deletions.
diff --git a/app/bundles/CampaignBundle/Resources/views/SubscribedEvents/Timeline/index.html.twig b/app/bundles/CampaignBundle/Resources/views/SubscribedEvents/Timeline/index.html.twig
@@ -60,10 +60,10 @@
     {% endif %}
 
     {% if (item.campaign_description) %}
-        <p class="mt-0 mb-10">{{ 'mautic.campaign.campaign.description'|trans({'%description%' : item.campaign_description}) }}</p>
+        <p class="mt-0 mb-10">{{ 'mautic.campaign.campaign.description'|trans({'%description%' : item.campaign_description})|purify }}</p>
     {% endif %}
     {% if (item.event_description) %}
-        <p class="mt-0 mb-10">{{ 'mautic.campaign.campaign.description'|trans({'%description%' : item.event_description}) }}</p>
+        <p class="mt-0 mb-10">{{ 'mautic.campaign.campaign.description'|trans({'%description%' : item.event_description})|purify }}</p>
     {% endif %}
 {% endif %}
 </div>
diff --git a/app/bundles/CoreBundle/Resources/views/Helper/chart.html.twig b/app/bundles/CoreBundle/Resources/views/Helper/chart.html.twig
@@ -1,4 +1,4 @@
-{% if chartType is defined and chartData is defined %}
+{% if chartType is defined and chartData is defined and chartData.datasets is defined %}
     {% set dataValues = chartData.datasets[0].data %}
     {% if dataValues|reduce((carry, v) => carry + v) > 0 %}
         <div class="chart-wrapper">

diff --git a/app/bundles/IntegrationsBundle/Resources/views/Config/form.html.twig b/app/bundles/IntegrationsBundle/Resources/views/Config/form.html.twig
@@ -50,7 +50,7 @@
     <div class="tab-pane fade{% if 'details-container' == activeTab %} in active{% endif %} bdr-w-0" id="details-container">
         {% if useConfigFormNotes and integrationObject.getAuthorizationNote() is instanceof('\\Mautic\\IntegrationsBundle\\DTO\\Note') %}
             <div class="alert alert-{{ integrationObject.getAuthorizationNote().getType() }}">
-                {{ integrationObject.getAuthorizationNote().getNote()|trans  }}
+                {{ integrationObject.getAuthorizationNote().getNote()|trans|purify  }}
             </div>
         {% endif %}
         {{ form_row(form.isPublished) }}
@@ -96,7 +96,7 @@
     <div class="tab-pane fade{% if 'features-container' == activeTab %} in active{% endif %} bdr-w-0" id="features-container">
         {% if useConfigFormNotes and integrationObject.getFeaturesNote() is instanceof('\\Mautic\\IntegrationsBundle\\DTO\\Note') %}
             <div class="alert alert-{{ integrationObject.getFeaturesNote().getType() }}">
-                {{ integrationObject.getFeaturesNote().getNote()|trans  }}
+                {{ integrationObject.getFeaturesNote().getNote()|trans|purify  }}
             </div>
         {% endif %}
 
@@ -136,7 +136,7 @@
 
         {% if useConfigFormNotes and integrationObject.getFieldMappingNote() is instanceof('\\Mautic\\IntegrationsBundle\\DTO\\Note') %}
             <div class="alert alert-{{ integrationObject.getFieldMappingNote().getType() }}">
-                {{ integrationObject.getFieldMappingNote().getNote()|trans  }}
+                {{ integrationObject.getFieldMappingNote().getNote()|trans|purify  }}
             </div>
         {% endif %}
 

diff --git a/app/bundles/LeadBundle/Resources/views/Timeline/_list.html.twig b/app/bundles/LeadBundle/Resources/views/Timeline/_list.html.twig
@@ -43,7 +43,7 @@
             {% if eventLabel is iterable %}
                 {% set eventLabel %}
                   <a href="{{ eventLabel.href }}" {% if eventLabel.isExternal is not defined %}data-toggle="ajax"{% else %}target="_new"{% endif %}>
-                    {{- eventLabel.label -}}
+                    {{- eventLabel.label|purify -}}
                   </a>
                 {% endset %}
             {% endif %}

diff --git a/app/bundles/ReportBundle/Resources/views/SubscribedEvents/Dashboard/widget.html.twig b/app/bundles/ReportBundle/Resources/views/SubscribedEvents/Dashboard/widget.html.twig
@@ -25,7 +25,7 @@
     <div class="clearfix"></div>
 {% else %}
     <div class="ml-20 mr-20 mt-lg px-2 alert alert-danger" role="alert">
-        <a href="#" class="alert-link"><i class="ri-alert-line" aria-hidden="true"></i> {{ 'mautic.report.dashboard.widgets.no_report_found'|trans }}</a>
+        <a href="#" class="alert-link"><i class="ri-alert-line" aria-hidden="true"></i> {{ 'mautic.report.dashboard.widgets.no_report_found'|trans|purify }}</a>
     </div>
     <div class="clearfix"></div>
 {% endif %}