forked from mirrors/easyappointments
Escape the legal settings, service and category name in the booking page
This commit is contained in:
parent
bddc5cbeb7
commit
46a865300e
5 changed files with 8 additions and 8 deletions
|
@ -66,11 +66,11 @@
|
|||
|
||||
if (count($group) > 0)
|
||||
{
|
||||
echo '<optgroup label="' . $group_label . '">';
|
||||
echo '<optgroup label="' . e($group_label) . '">';
|
||||
foreach ($group as $service)
|
||||
{
|
||||
echo '<option value="' . $service['id'] . '">'
|
||||
. $service['name'] . '</option>';
|
||||
. e($service['name']) . '</option>';
|
||||
}
|
||||
echo '</optgroup>';
|
||||
}
|
||||
|
@ -80,7 +80,7 @@
|
|||
{
|
||||
foreach ($available_services as $service)
|
||||
{
|
||||
echo '<option value="' . $service['id'] . '">' . $service['name'] . '</option>';
|
||||
echo '<option value="' . $service['id'] . '">' . e($service['name']) . '</option>';
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
<button type="button" class="btn-close" data-bs-dismiss="modal"></button>
|
||||
</div>
|
||||
<div class="modal-body">
|
||||
<p><?= $cookie_notice_content ?></p>
|
||||
<p><?= e($cookie_notice_content) ?></p>
|
||||
</div>
|
||||
<div class="modal-footer">
|
||||
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
</button>
|
||||
</div>
|
||||
<div class="modal-body">
|
||||
<p><?= $privacy_policy_content ?></p>
|
||||
<p><?= e($privacy_policy_content) ?></p>
|
||||
</div>
|
||||
<div class="modal-footer">
|
||||
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
<button type="button" class="btn-close" data-bs-dismiss="modal"></button>
|
||||
</div>
|
||||
<div class="modal-body">
|
||||
<p><?= $terms_and_conditions_content ?></p>
|
||||
<p><?= e($terms_and_conditions_content) ?></p>
|
||||
</div>
|
||||
<div class="modal-footer">
|
||||
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">
|
||||
|
|
|
@ -803,7 +803,7 @@ App.Pages.Booking = (function () {
|
|||
}
|
||||
|
||||
$('<strong/>', {
|
||||
'text': service.name
|
||||
'text': App.Utils.String.escapeHtml(service.name),
|
||||
}).appendTo($serviceDescription);
|
||||
|
||||
if (service.description) {
|
||||
|
|
Loading…
Reference in a new issue