Escape the legal settings, service and category name in the booking page

alextselegidis · Apr 15, 2023 · 46a8653 · 46a8653
1 parent bddc5cb
commit 46a8653
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 8 deletions.
diff --git a/application/views/components/booking_type_step.php b/application/views/components/booking_type_step.php
@@ -1,7 +1,7 @@
 <?php
 /**
  * Local variables.
- * 
+ *
  * @var array $available_services
  */
 ?>
@@ -66,11 +66,11 @@
 
                                 if (count($group) > 0)
                                 {
-                                    echo '<optgroup label="' . $group_label . '">';
+                                    echo '<optgroup label="' . e($group_label) . '">';
                                     foreach ($group as $service)
                                     {
                                         echo '<option value="' . $service['id'] . '">'
-                                            . $service['name'] . '</option>';
+                                            . e($service['name']) . '</option>';
                                     }
                                     echo '</optgroup>';
                                 }
@@ -80,7 +80,7 @@
                         {
                             foreach ($available_services as $service)
                             {
-                                echo '<option value="' . $service['id'] . '">' . $service['name'] . '</option>';
+                                echo '<option value="' . $service['id'] . '">' . e($service['name']) . '</option>';
                             }
                         }
                         ?>

diff --git a/application/views/components/cookie_notice_modal.php b/application/views/components/cookie_notice_modal.php
@@ -13,7 +13,7 @@
                 <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
             </div>
             <div class="modal-body">
-                <p><?= $cookie_notice_content ?></p>
+                <p><?= e($cookie_notice_content) ?></p>
             </div>
             <div class="modal-footer">
                 <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">

diff --git a/application/views/components/privacy_policy_modal.php b/application/views/components/privacy_policy_modal.php
@@ -15,7 +15,7 @@
                 </button>
             </div>
             <div class="modal-body">
-                <p><?= $privacy_policy_content ?></p>
+                <p><?= e($privacy_policy_content) ?></p>
             </div>
             <div class="modal-footer">
                 <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">

diff --git a/application/views/components/terms_and_conditions_modal.php b/application/views/components/terms_and_conditions_modal.php
@@ -14,7 +14,7 @@
                 <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
             </div>
             <div class="modal-body">
-                <p><?= $terms_and_conditions_content ?></p>
+                <p><?= e($terms_and_conditions_content) ?></p>
             </div>
             <div class="modal-footer">
                 <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">

diff --git a/assets/js/pages/booking.js b/assets/js/pages/booking.js
@@ -803,7 +803,7 @@ App.Pages.Booking = (function () {
         }
 
         $('<strong/>', {
-            'text': service.name
+            'text': App.Utils.String.escapeHtml(service.name),
         }).appendTo($serviceDescription);
 
         if (service.description) {