Escape the legal settings, service and category name in the booking page

This commit is contained in:
Alex Tselegidis 2023-04-15 14:14:42 +02:00
parent bddc5cbeb7
commit 46a865300e
5 changed files with 8 additions and 8 deletions

View file

@ -66,11 +66,11 @@
if (count($group) > 0) if (count($group) > 0)
{ {
echo '<optgroup label="' . $group_label . '">'; echo '<optgroup label="' . e($group_label) . '">';
foreach ($group as $service) foreach ($group as $service)
{ {
echo '<option value="' . $service['id'] . '">' echo '<option value="' . $service['id'] . '">'
. $service['name'] . '</option>'; . e($service['name']) . '</option>';
} }
echo '</optgroup>'; echo '</optgroup>';
} }
@ -80,7 +80,7 @@
{ {
foreach ($available_services as $service) foreach ($available_services as $service)
{ {
echo '<option value="' . $service['id'] . '">' . $service['name'] . '</option>'; echo '<option value="' . $service['id'] . '">' . e($service['name']) . '</option>';
} }
} }
?> ?>

View file

@ -13,7 +13,7 @@
<button type="button" class="btn-close" data-bs-dismiss="modal"></button> <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
</div> </div>
<div class="modal-body"> <div class="modal-body">
<p><?= $cookie_notice_content ?></p> <p><?= e($cookie_notice_content) ?></p>
</div> </div>
<div class="modal-footer"> <div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">

View file

@ -15,7 +15,7 @@
</button> </button>
</div> </div>
<div class="modal-body"> <div class="modal-body">
<p><?= $privacy_policy_content ?></p> <p><?= e($privacy_policy_content) ?></p>
</div> </div>
<div class="modal-footer"> <div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">

View file

@ -14,7 +14,7 @@
<button type="button" class="btn-close" data-bs-dismiss="modal"></button> <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
</div> </div>
<div class="modal-body"> <div class="modal-body">
<p><?= $terms_and_conditions_content ?></p> <p><?= e($terms_and_conditions_content) ?></p>
</div> </div>
<div class="modal-footer"> <div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">

View file

@ -803,7 +803,7 @@ App.Pages.Booking = (function () {
} }
$('<strong/>', { $('<strong/>', {
'text': service.name 'text': App.Utils.String.escapeHtml(service.name),
}).appendTo($serviceDescription); }).appendTo($serviceDescription);
if (service.description) { if (service.description) {