From d1ced3804f910f31cc40acb76ab00054bde53e53 Mon Sep 17 00:00:00 2001 From: Alec Smecher Date: Tue, 12 Oct 2021 17:23:10 -0700 Subject: [PATCH] pkp/pkp-lib#7378 Fix reflected XSS issues --- .../controllers/grid/settings/series/form/seriesForm.tpl | 4 ++-- templates/controllers/grid/users/chapter/form/chapterForm.tpl | 4 ++-- templates/frontend/objects/monograph_full.tpl | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/templates/controllers/grid/settings/series/form/seriesForm.tpl b/templates/controllers/grid/settings/series/form/seriesForm.tpl index 888559d2e0d..5da16e21a08 100644 --- a/templates/controllers/grid/settings/series/form/seriesForm.tpl +++ b/templates/controllers/grid/settings/series/form/seriesForm.tpl @@ -83,7 +83,7 @@ {if count($availableSubeditors)} {fbvFormSection list=true title="submissionGroup.assignedSubEditors"} {foreach from=$availableSubeditors item="subEditor" key="id"} - {fbvElement type="checkbox" id="subEditors[]" value=$id checked=in_array($id, $assignedToSeries) label=$subEditor translate=false} + {fbvElement type="checkbox" id="subEditors[]" value=$id checked=in_array($id, $assignedToSeries) label=$subEditor|escape translate=false} {/foreach} {/fbvFormSection} {/if} @@ -91,7 +91,7 @@ {if count($allCategories)} {fbvFormSection list=true title="grid.category.categories"} {foreach from=$allCategories item="category" key="id"} - {fbvElement type="checkbox" id="categories[]" value=$id checked=in_array($id, $selectedCategories) label=$category translate=false} + {fbvElement type="checkbox" id="categories[]" value=$id checked=in_array($id, $selectedCategories) label=$category|escape translate=false} {/foreach} {/fbvFormSection} {/if} diff --git a/templates/controllers/grid/users/chapter/form/chapterForm.tpl b/templates/controllers/grid/users/chapter/form/chapterForm.tpl index 3a2133ea0a3..c3428bf4b1d 100644 --- a/templates/controllers/grid/users/chapter/form/chapterForm.tpl +++ b/templates/controllers/grid/users/chapter/form/chapterForm.tpl @@ -50,13 +50,13 @@ {fbvFormSection list=true title="submission.submit.addAuthor"} {foreach from=$chapterAuthorOptions item="chapterAuthor" key="id"} - {fbvElement type="checkbox" id="authors[]" value=$id checked=in_array($id, $selectedChapterAuthors) label=$chapterAuthor translate=false} + {fbvElement type="checkbox" id="authors[]" value=$id checked=in_array($id, $selectedChapterAuthors) label=$chapterAuthor|escape translate=false} {/foreach} {/fbvFormSection} {fbvFormSection list=true title="submission.files"} {foreach from=$chapterFileOptions item="chapterFile" key="id"} - {fbvElement type="checkbox" id="files[]" value=$id checked=in_array($id, $selectedChapterFiles) label=$chapterFile translate=false} + {fbvElement type="checkbox" id="files[]" value=$id checked=in_array($id, $selectedChapterFiles) label=$chapterFile|escape translate=false} {/foreach} {/fbvFormSection} diff --git a/templates/frontend/objects/monograph_full.tpl b/templates/frontend/objects/monograph_full.tpl index 3270a4f8c8d..a447a6def64 100644 --- a/templates/frontend/objects/monograph_full.tpl +++ b/templates/frontend/objects/monograph_full.tpl @@ -144,7 +144,7 @@ {capture assign="authorName"}{$author->getFullName()|escape}{/capture} {/if} {capture assign="authorAffiliation"}{$author->getLocalizedAffiliation()|escape}{/capture} - {translate key="submission.authorWithAffiliation" name=$authorName affiliation=$authorAffiliation} + {translate key="submission.authorWithAffiliation" name=$authorName|escape affiliation=$authorAffiliation|escape} {else} {$author->getFullName()|escape} {/if} @@ -293,7 +293,7 @@ {if $author->getLocalizedAffiliation()} {capture assign="authorName"}{$author->getFullName()|escape}{/capture} {capture assign="authorAffiliation"}{$author->getLocalizedAffiliation()|escape}{/capture} - {translate key="submission.authorWithAffiliation" name=$authorName affiliation=$authorAffiliation} + {translate key="submission.authorWithAffiliation" name=$authorName|escape affiliation=$authorAffiliation|escape} {else} {$author->getFullName()|escape} {/if}