From 66927de1a82e3a3004db9741d1505ddac0980e63 Mon Sep 17 00:00:00 2001 From: Alec Smecher Date: Thu, 7 Sep 2023 14:04:33 -0700 Subject: [PATCH] pkp/pkp-lib#9283 Correctly escape special characters in issue title (stable-3_4_0) --- controllers/grid/issues/IssueGridCellProvider.php | 2 +- controllers/grid/issues/IssueGridRow.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/controllers/grid/issues/IssueGridCellProvider.php b/controllers/grid/issues/IssueGridCellProvider.php index e0e89895ea7..75ed055bc9a 100644 --- a/controllers/grid/issues/IssueGridCellProvider.php +++ b/controllers/grid/issues/IssueGridCellProvider.php @@ -58,7 +58,7 @@ public function getCellActions($request, $row, $column, $position = GridHandler: 'edit', new AjaxModal( $router->url($request, null, null, 'editIssue', null, ['issueId' => $issue->getId()]), - __('editor.issues.editIssue', ['issueIdentification' => $issue->getIssueIdentification()]), + __('editor.issues.editIssue', ['issueIdentification' => htmlspecialchars($issue->getIssueIdentification())]), 'modal_edit', true ), diff --git a/controllers/grid/issues/IssueGridRow.php b/controllers/grid/issues/IssueGridRow.php index f9266bc63e0..3eb8b92cb1f 100644 --- a/controllers/grid/issues/IssueGridRow.php +++ b/controllers/grid/issues/IssueGridRow.php @@ -50,7 +50,7 @@ public function initialize($request, $template = null) 'edit', new AjaxModal( $router->url($request, null, null, 'editIssue', null, ['issueId' => $issueId]), - __('editor.issues.editIssue', ['issueIdentification' => $issue->getIssueIdentification()]), + __('editor.issues.editIssue', ['issueIdentification' => htmlspecialchars($issue->getIssueIdentification())]), 'modal_edit', true ),