Skip to content

Commit

Permalink
Sanitize field names and values (#7)
Browse files Browse the repository at this point in the history
  • Loading branch information
@unboundeduniverse
unboundeduniverse authored May 6, 2022
1 parent 5c944f3 commit ea11790
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
4 changes: 2 additions & 2 deletions pages/configure_links.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,11 +74,11 @@
if ( $t_custom_field_def['type'] == CUSTOM_FIELD_TYPE_ENUM ||
$t_custom_field_def['type'] == CUSTOM_FIELD_TYPE_MULTILIST)
{
echo '<td>'. string_display_line( $t_custom_field_def['name'] ).'</td>';
echo '<td>'. string_attribute( $t_custom_field_def['name'] ).'</td>';
$t_linked_field_id = LinkedCustomFieldsDao::getLinkedFieldId( $t_custom_field );
if ( $t_linked_field_id ) {
$t_linked_field = custom_field_get_definition( $t_linked_field_id );
echo '<td>' . $t_linked_field['name'] .'</td>';
echo '<td>' . string_attribute($t_linked_field['name']) .'</td>';
} else {
echo '<td> None </td>';
}
Expand Down
8 changes: 4 additions & 4 deletions pages/link_edit.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@
<tbody>
<tr>
<th class="width-30"><?php echo plugin_lang_get('custom_field') ?></th>
<td><?php echo $f_custom_field['name'] ?></td>
<td><?php echo string_attribute($f_custom_field['name']) ?></td>
</tr>
<tr>
<th>
Expand All @@ -95,7 +95,7 @@

$t_selected = $t_target_field_id == $t_target_candidate['id'] ? ' selected="selected"' : "";

echo '<option' . $t_selected . ' value="' . $t_target_candidate['id'] .'">'.$t_target_candidate['name'].'</option>';
echo '<option' . $t_selected . ' value="' . $t_target_candidate['id'] .'">'. string_attribute($t_target_candidate['name']) .'</option>';
}
?>
</select>
Expand Down Expand Up @@ -126,7 +126,7 @@
</div>

<div class="widget-toolbox padding-8 clearfix">
<?php echo sprintf( plugin_lang_get( 'warning_no_mapping' ), $f_custom_field['name'] ) ; ?>
<?php echo sprintf( plugin_lang_get( 'warning_no_mapping' ), string_attribute($f_custom_field['name']) ) ; ?>
</div>

<div class="widget-body">
Expand All @@ -143,7 +143,7 @@
<?php foreach( explode('|', $f_custom_field['possible_values'] ) as $t_idx => $t_possible_value ) { ?>
<tr>
<td id="source_field_value_<?php echo $t_idx ?>">
<?php echo $t_possible_value ?>
<?php echo string_attribute($t_possible_value) ?>
</td>
<td>
<!--suppress HtmlFormInputWithoutLabel -->
Expand Down

0 comments on commit ea11790

Please sign in to comment.