Skip to content

Commit c3b9a10

Browse files
jmontoyaajmontoyaa
committed
Add security::removeXSS see #8094
1 parent 9c5f418 commit c3b9a10

File tree

1 file changed

+8
-3
lines changed

1 file changed

+8
-3
lines changed

main/work/view.php

+8-3
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,11 @@
1717
api_not_allowed(true);
1818
}
1919

20-
$interbreadcrumb[] = array ('url' => 'work.php', 'name' => get_lang('StudentPublications'));
20+
21+
$work['title'] = isset($work['title']) ? Security::remove_XSS($work['title']) : '';
22+
$work['description'] = isset($work['description']) ? Security::remove_XSS($work['description']) : '';
23+
24+
$interbreadcrumb[] = array ('url' => 'work.php?'.api_get_self(), 'name' => get_lang('StudentPublications'));
2125

2226
$my_folder_data = get_work_data_by_id($work['parent_id']);
2327
$courseInfo = api_get_course_info();
@@ -37,9 +41,9 @@
3741
)
3842
) {
3943
if ((api_is_allowed_to_edit() || api_is_coach()) || api_is_drh()) {
40-
$url_dir = 'work_list_all.php?id='.$my_folder_data['id'];
44+
$url_dir = 'work_list_all.php?id='.$my_folder_data['id'].'&'.api_get_cidreq();
4145
} else {
42-
$url_dir = 'work_list.php?id='.$my_folder_data['id'];
46+
$url_dir = 'work_list.php?id='.$my_folder_data['id'].'&'.api_get_cidreq();
4347
}
4448

4549
$userInfo = api_get_user_info($work['user_id']);
@@ -99,6 +103,7 @@
99103
$commentForm = getWorkCommentForm($work);
100104

101105
$tpl = new Template();
106+
102107
$tpl->assign('work', $work);
103108
$tpl->assign('comments', $comments);
104109

0 commit comments

Comments
 (0)