Escape the legal settings, service and category name in the booking page

This commit is contained in:
Alex Tselegidis 2023-04-15 14:14:42 +02:00
parent bddc5cbeb7
commit 46a865300e
5 changed files with 8 additions and 8 deletions

View file

@ -66,11 +66,11 @@
if (count($group) > 0)
{
echo '<optgroup label="' . $group_label . '">';
echo '<optgroup label="' . e($group_label) . '">';
foreach ($group as $service)
{
echo '<option value="' . $service['id'] . '">'
. $service['name'] . '</option>';
. e($service['name']) . '</option>';
}
echo '</optgroup>';
}
@ -80,7 +80,7 @@
{
foreach ($available_services as $service)
{
echo '<option value="' . $service['id'] . '">' . $service['name'] . '</option>';
echo '<option value="' . $service['id'] . '">' . e($service['name']) . '</option>';
}
}
?>

View file

@ -13,7 +13,7 @@
<button type="button" class="btn-close" data-bs-dismiss="modal"></button>
</div>
<div class="modal-body">
<p><?= $cookie_notice_content ?></p>
<p><?= e($cookie_notice_content) ?></p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">

View file

@ -15,7 +15,7 @@
</button>
</div>
<div class="modal-body">
<p><?= $privacy_policy_content ?></p>
<p><?= e($privacy_policy_content) ?></p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">

View file

@ -14,7 +14,7 @@
<button type="button" class="btn-close" data-bs-dismiss="modal"></button>
</div>
<div class="modal-body">
<p><?= $terms_and_conditions_content ?></p>
<p><?= e($terms_and_conditions_content) ?></p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">

View file

@ -803,7 +803,7 @@ App.Pages.Booking = (function () {
}
$('<strong/>', {
'text': service.name
'text': App.Utils.String.escapeHtml(service.name),
}).appendTo($serviceDescription);
if (service.description) {