Escape the legal settings, service and category name in the booking page

2023-04-15 14:14:42 +02:00 · 2023-04-15 14:14:42 +02:00 · 46a865300e
commit 46a865300e
parent bddc5cbeb7
5 changed files with 8 additions and 8 deletions
--- a/application/views/components/booking_type_step.php
+++ b/application/views/components/booking_type_step.php
@ -1,7 +1,7 @@
 <?php
 /**
 * Local variables.
- * 
+ *
 * @var array $available_services
 */
 ?>
@ -66,11 +66,11 @@

                                if (count($group) > 0)
                                {
-                                    echo '<optgroup label="' . $group_label . '">';
+                                    echo '<optgroup label="' . e($group_label) . '">';
                                    foreach ($group as $service)
                                    {
                                        echo '<option value="' . $service['id'] . '">'
-                                            . $service['name'] . '</option>';
+                                            . e($service['name']) . '</option>';
                                    }
                                    echo '</optgroup>';
                                }
@ -80,7 +80,7 @@
                        {
                            foreach ($available_services as $service)
                            {
-                                echo '<option value="' . $service['id'] . '">' . $service['name'] . '</option>';
+                                echo '<option value="' . $service['id'] . '">' . e($service['name']) . '</option>';
                            }
                        }
                        ?>
--- a/application/views/components/cookie_notice_modal.php
+++ b/application/views/components/cookie_notice_modal.php
@ -13,7 +13,7 @@
                <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
            </div>
            <div class="modal-body">
-                <p><?= $cookie_notice_content ?></p>
+                <p><?= e($cookie_notice_content) ?></p>
            </div>
            <div class="modal-footer">
                <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">
--- a/application/views/components/privacy_policy_modal.php
+++ b/application/views/components/privacy_policy_modal.php
@ -15,7 +15,7 @@
                </button>
            </div>
            <div class="modal-body">
-                <p><?= $privacy_policy_content ?></p>
+                <p><?= e($privacy_policy_content) ?></p>
            </div>
            <div class="modal-footer">
                <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">
--- a/application/views/components/terms_and_conditions_modal.php
+++ b/application/views/components/terms_and_conditions_modal.php
@ -14,7 +14,7 @@
                <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
            </div>
            <div class="modal-body">
-                <p><?= $terms_and_conditions_content ?></p>
+                <p><?= e($terms_and_conditions_content) ?></p>
            </div>
            <div class="modal-footer">
                <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">
--- a/assets/js/pages/booking.js
+++ b/assets/js/pages/booking.js
@ -803,7 +803,7 @@ App.Pages.Booking = (function () {
        }

        $('<strong/>', {
-            'text': service.name
+            'text': App.Utils.String.escapeHtml(service.name),
        }).appendTo($serviceDescription);

        if (service.description) {