Skip to content

Instantly share code, notes, and snippets.

@asmecher

asmecher/i4522-ojs-3_0_2-0-lib-pkp.diff

Created February 25, 2019 17:38
Show Gist options
  • Save asmecher/a5298d24d4711c616b4da3d61b745d17 to your computer and use it in GitHub Desktop.
Save asmecher/a5298d24d4711c616b4da3d61b745d17 to your computer and use it in GitHub Desktop.
Download ZIP
Patch for pkp/pkp-lib#4522 for OJS 3.0.2 (lib/pkp submodule)
Raw
i4522-ojs-3_0_2-0-lib-pkp.diff
diff --git a/controllers/api/file/linkAction/DownloadFileLinkAction.inc.php b/controllers/api/file/linkAction/DownloadFileLinkAction.inc.php
index d74897f391..dc097bb803 100644
--- a/controllers/api/file/linkAction/DownloadFileLinkAction.inc.php
+++ b/controllers/api/file/linkAction/DownloadFileLinkAction.inc.php
@@ -42,7 +42,7 @@ function __construct($request, $submissionFile, $stageId = null, $label = null)
// Configure the file link action.
parent::__construct(
- 'downloadFile', $redirectRequest, $this->getLabel($submissionFile),
+ 'downloadFile', $redirectRequest, htmlspecialchars($this->getLabel($submissionFile)),
$submissionFile->getDocumentType(),
$submissionFile->getFileId() . '-' . $submissionFile->getRevision()
);
diff --git a/controllers/api/file/linkAction/DownloadLibraryFileLinkAction.inc.php b/controllers/api/file/linkAction/DownloadLibraryFileLinkAction.inc.php
index d056879432..489c831161 100644
--- a/controllers/api/file/linkAction/DownloadLibraryFileLinkAction.inc.php
+++ b/controllers/api/file/linkAction/DownloadLibraryFileLinkAction.inc.php
@@ -37,7 +37,7 @@ function __construct($request, $libraryFile) {
// Configure the file link action.
parent::__construct(
- 'downloadFile', $redirectRequest, $libraryFile->getLocalizedName(),
+ 'downloadFile', $redirectRequest, htmlspecialchars($libraryFile->getLocalizedName()),
$libraryFile->getDocumentType()
);
}
diff --git a/controllers/grid/announcements/AnnouncementGridCellProvider.inc.php b/controllers/grid/announcements/AnnouncementGridCellProvider.inc.php
index 1fbef07302..5dfe0812f3 100644
--- a/controllers/grid/announcements/AnnouncementGridCellProvider.inc.php
+++ b/controllers/grid/announcements/AnnouncementGridCellProvider.inc.php
@@ -32,11 +32,11 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO
'moreInformation',
new AjaxModal(
$router->url($request, null, null, 'moreInformation', null, $actionArgs),
- $announcement->getLocalizedTitle(),
+ htmlspecialchars($announcement->getLocalizedTitle()),
null,
true
),
- $announcement->getLocalizedTitle(),
+ htmlspecialchars($announcement->getLocalizedTitle()),
'moreInformation'
));
}
diff --git a/controllers/grid/announcements/AnnouncementTypeGridCellProvider.inc.php b/controllers/grid/announcements/AnnouncementTypeGridCellProvider.inc.php
index 1b7ceef620..7993c85fa9 100644
--- a/controllers/grid/announcements/AnnouncementTypeGridCellProvider.inc.php
+++ b/controllers/grid/announcements/AnnouncementTypeGridCellProvider.inc.php
@@ -35,7 +35,7 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO
__('grid.action.edit'),
null,
true),
- $announcementType->getLocalizedTypeName()
+ htmlspecialchars($announcementType->getLocalizedTypeName())
));
}
return parent::getCellActions($request, $row, $column, $position);
diff --git a/controllers/grid/plugins/PluginGalleryGridCellProvider.inc.php b/controllers/grid/plugins/PluginGalleryGridCellProvider.inc.php
index c3a2c8139d..ade498ad04 100644
--- a/controllers/grid/plugins/PluginGalleryGridCellProvider.inc.php
+++ b/controllers/grid/plugins/PluginGalleryGridCellProvider.inc.php
@@ -77,11 +77,11 @@ function getCellActions($request, $row, $column, $position = GRID_ACTION_POSITIO
'moreInformation',
new AjaxModal(
$router->url($request, null, null, 'viewPlugin', null, array('rowId' => $row->getId()+1)),
- $element->getLocalizedName(),
+ htmlspecialchars($element->getLocalizedName()),
'modal_information',
true
),
- $element->getLocalizedName(),
+ htmlspecialchars($element->getLocalizedName()),
'details'
));
}
diff --git a/controllers/grid/queries/QueryTitleGridColumn.inc.php b/controllers/grid/queries/QueryTitleGridColumn.inc.php
index 03671c7ecd..c4e55eb55b 100644
--- a/controllers/grid/queries/QueryTitleGridColumn.inc.php
+++ b/controllers/grid/queries/QueryTitleGridColumn.inc.php
@@ -81,7 +81,7 @@ function getCellActions($request, $row, $position = GRID_ACTION_POSITION_DEFAULT
$headNote?$headNote->getTitle():'—',
'modal_edit'
),
- ($headNote && $headNote->getTitle()!='')?$headNote->getTitle():'—',
+ ($headNote && $headNote->getTitle()!='')?htmlspecialchars($headNote->getTitle()):'—',
null
)
)
diff --git a/controllers/informationCenter/linkAction/FileInfoCenterLinkAction.inc.php b/controllers/informationCenter/linkAction/FileInfoCenterLinkAction.inc.php
index f1b508dae6..4606fce9b5 100644
--- a/controllers/informationCenter/linkAction/FileInfoCenterLinkAction.inc.php
+++ b/controllers/informationCenter/linkAction/FileInfoCenterLinkAction.inc.php
@@ -45,7 +45,7 @@ function getModal($request, $submissionFile, $stageId) {
import('lib.pkp.classes.linkAction.request.AjaxModal');
$router = $request->getRouter();
- $title = (isset($submissionFile)) ? implode(': ', array(__('informationCenter.informationCenter'), $submissionFile->getLocalizedName())) : __('informationCenter.informationCenter');
+ $title = (isset($submissionFile)) ? implode(': ', array(__('informationCenter.informationCenter'), htmlspecialchars($submissionFile->getLocalizedName()))) : __('informationCenter.informationCenter');
$ajaxModal = new AjaxModal(
$router->url(
diff --git a/controllers/informationCenter/linkAction/SubmissionInfoCenterLinkAction.inc.php b/controllers/informationCenter/linkAction/SubmissionInfoCenterLinkAction.inc.php
index 784023ad6c..196e2b9e51 100644
--- a/controllers/informationCenter/linkAction/SubmissionInfoCenterLinkAction.inc.php
+++ b/controllers/informationCenter/linkAction/SubmissionInfoCenterLinkAction.inc.php
@@ -50,7 +50,7 @@ function __construct($request, $submissionId, $linkKey = 'informationCenter.edit
null,
array('submissionId' => $submissionId)
),
- $title,
+ htmlspecialchars($title),
'modal_information'
);
diff --git a/controllers/review/linkAction/ReviewNotesLinkAction.inc.php b/controllers/review/linkAction/ReviewNotesLinkAction.inc.php
index fd7f613dc3..f78a132a69 100644
--- a/controllers/review/linkAction/ReviewNotesLinkAction.inc.php
+++ b/controllers/review/linkAction/ReviewNotesLinkAction.inc.php
@@ -43,7 +43,7 @@ function __construct($request, $reviewAssignment, $submission, $user, $handler,
$handler, 'readReview',
null, $actionArgs
),
- __('editor.review') . ': ' . $submission->getLocalizedTitle(),
+ __('editor.review') . ': ' . htmlspecialchars($submission->getLocalizedTitle()),
'modal_information'
);
diff --git a/templates/authorDashboard/authorDashboard.tpl b/templates/authorDashboard/authorDashboard.tpl
index c2623ab2a1..8dadf59fae 100644
--- a/templates/authorDashboard/authorDashboard.tpl
+++ b/templates/authorDashboard/authorDashboard.tpl
@@ -28,11 +28,11 @@
<div class="pkp_page_title">
<h1 class="pkp_submission_title">
<span class="pkp_screen_reader">{translate key="submission.submissionTitle"}</span>
- {$submission->getLocalizedTitle()}
+ {$submission->getLocalizedTitle()|escape}
</h1>
<div class="pkp_submission_author">
<span class="pkp_screen_reader">{translate key="user.role.author_s"}</span>
- {$submission->getAuthorString()}
+ {$submission->getAuthorString()|escape}
</div>
<ul class="pkp_submission_actions">
{if $uploadFileAction}
diff --git a/templates/frontend/objects/announcement_full.tpl b/templates/frontend/objects/announcement_full.tpl
index ed49fa5f46..2cc4c1ae13 100644
--- a/templates/frontend/objects/announcement_full.tpl
+++ b/templates/frontend/objects/announcement_full.tpl
@@ -13,7 +13,7 @@
<article class="obj_announcement_full">
<h1>
- {$announcement->getLocalizedTitle()}
+ {$announcement->getLocalizedTitle()|escape}
</h1>
<div class="date">
{$announcement->getDatePosted()|date_format:$dateFormatShort}
diff --git a/templates/frontend/pages/announcement.tpl b/templates/frontend/pages/announcement.tpl
index 861d7eae1f..072941e5b3 100644
--- a/templates/frontend/pages/announcement.tpl
+++ b/templates/frontend/pages/announcement.tpl
@@ -9,7 +9,7 @@
*
* @uses $announcement Announcement The announcement to display
*}
-{include file="frontend/components/header.tpl" pageTitleTranslated=$announcement->getLocalizedTitle()}
+{include file="frontend/components/header.tpl" pageTitleTranslated=$announcement->getLocalizedTitle()|escape}
<div class="page page_announcement">
diff --git a/templates/workflow/submissionHeader.tpl b/templates/workflow/submissionHeader.tpl
index 19f710e982..d5404bfbcf 100644
--- a/templates/workflow/submissionHeader.tpl
+++ b/templates/workflow/submissionHeader.tpl
@@ -10,11 +10,11 @@
<div class="pkp_page_title">
<h1 class="pkp_submission_title">
<span class="pkp_screen_reader">{translate key="submission.submissionTitle"}</span>
- {$submission->getLocalizedTitle()}
+ {$submission->getLocalizedTitle()|escape}
</h1>
<div class="pkp_submission_author">
<span class="pkp_screen_reader">{translate key="user.role.author_s"}</span>
- {$submission->getAuthorString()}
+ {$submission->getAuthorString()|escape}
</div>
<ul class="pkp_submission_actions">
{if $submissionEntryAction}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment