From fbffdbde78544c83138ee6234c62d43056f407b6 Mon Sep 17 00:00:00 2001
From: Ola Hneini <ola.hneini@gmail.com>
Date: Tue, 15 Mar 2022 15:23:13 +0000
Subject: [PATCH] fix: move html escaping on credits page
---
app/Controllers/CreditsController.php | 25 ++++++++++++-------------
themes/cp_app/pages/credits.php | 2 +-
2 files changed, 13 insertions(+), 14 deletions(-)
diff --git a/app/Controllers/CreditsController.php b/app/Controllers/CreditsController.php
index a96015610d..7bfe5b844c 100644
--- a/app/Controllers/CreditsController.php
+++ b/app/Controllers/CreditsController.php
@@ -65,10 +65,9 @@ class CreditsController extends BaseController
: $credit->podcast->link,
'title' => $credit->episode_id
? (count($allPodcasts) > 1
- ? "{$credit->podcast->title} › "
+ ? esc($credit->podcast->title) . ' › '
: '') .
- $credit->episode
- ->title .
+ esc($credit->episode->title) .
episode_numbering(
$credit->episode
->number,
@@ -77,7 +76,7 @@ class CreditsController extends BaseController
'text-xs ml-2',
true,
)
- : $credit->podcast->title,
+ : esc($credit->podcast->title),
],
],
],
@@ -103,9 +102,9 @@ class CreditsController extends BaseController
: $credit->podcast->link,
'title' => $credit->episode_id
? (count($allPodcasts) > 1
- ? "{$credit->podcast->title} › "
+ ? esc($credit->podcast->title) . ' › '
: '') .
- $credit->episode->title .
+ esc($credit->episode->title) .
episode_numbering(
$credit->episode->number,
$credit->episode
@@ -113,7 +112,7 @@ class CreditsController extends BaseController
'text-xs ml-2',
true,
)
- : $credit->podcast->title,
+ : esc($credit->podcast->title),
],
],
],
@@ -132,16 +131,16 @@ class CreditsController extends BaseController
: $credit->podcast->link,
'title' => $credit->episode_id
? (count($allPodcasts) > 1
- ? "{$credit->podcast->title} › "
+ ? esc($credit->podcast->title) . ' › '
: '') .
- $credit->episode->title .
+ esc($credit->episode->title) .
episode_numbering(
$credit->episode->number,
$credit->episode->season_number,
'text-xs ml-2',
true,
)
- : $credit->podcast->title,
+ : esc($credit->podcast->title),
],
],
];
@@ -154,16 +153,16 @@ class CreditsController extends BaseController
: $credit->podcast->link,
'title' => $credit->episode_id
? (count($allPodcasts) > 1
- ? "{$credit->podcast->title} › "
+ ? esc($credit->podcast->title) . ' › '
: '') .
- $credit->episode->title .
+ esc($credit->episode->title) .
episode_numbering(
$credit->episode->number,
$credit->episode->season_number,
'text-xs ml-2',
true,
)
- : $credit->podcast->title,
+ : esc($credit->podcast->title),
];
}
}
diff --git a/themes/cp_app/pages/credits.php b/themes/cp_app/pages/credits.php
index 3207d5d6cf..0e8b4f232a 100644
--- a/themes/cp_app/pages/credits.php
+++ b/themes/cp_app/pages/credits.php
@@ -38,7 +38,7 @@
<?php foreach ($role['is_in'] as $in): ?>
<a href="<?= esc($in[
'link'
- ]) ?>" class="text-sm text-skin-muted hover:underline"><?= esc($in['title']) ?></a>
+ ]) ?>" class="text-sm text-skin-muted hover:underline"><?= $in['title'] ?></a>
<?php endforeach; ?>
<?php endforeach; ?>
</div>
--
GitLab