Escaped attributes in resource template property row form.

omeka · Aug 17, 2020 · 47b0986 · 47b0986
1 parent 06e84d6
commit 47b0986
Showing 1 changed file with 9 additions and 8 deletions.
diff --git a/application/view/omeka/admin/resource-template/show-property-row.phtml b/application/view/omeka/admin/resource-template/show-property-row.phtml
@@ -1,21 +1,22 @@
 <?php
 $translate = $this->plugin('translate');
 $escape = $this->plugin('escapeHtml');
+$escapeAttr = $this->plugin('escapeHtmlAttr');
 $property = $propertyRow['o:property'];
 $namePrefix = 'o:resource_template_property[' . bin2hex(random_bytes(8)) . ']';
 $propertyId = $escape($property->id());
 ?>
 
 <li class="property row" data-property-id="<?php echo $propertyId; ?>">
 
- <input class="property-id" type="hidden" name="<?php echo $escape($namePrefix . '[o:property][o:id]'); ?>" value="<?php echo $escape($property->id()); ?>">
- <input class="original-label" type="hidden" name="<?php echo $escape($namePrefix . '[o:original_label]'); ?>" value="<?php echo $escape($translate($property->label())); ?>">
- <input class="alternate-label" type="hidden" name="<?php echo $escape($namePrefix . '[o:alternate_label]'); ?>" value="<?php echo $escape($propertyRow['o:alternate_label']); ?>">
- <input class="original-comment" type="hidden" name="<?php echo $escape($namePrefix . '[o:original_comment]'); ?>" value="<?php echo $escape($translate($property->comment())); ?>">
- <input class="alternate-comment" type="hidden" name="<?php echo $escape($namePrefix . '[o:alternate_comment]'); ?>" value="<?php echo $escape($propertyRow['o:alternate_comment']); ?>">
- <input class="is-required" type="hidden" name="<?php echo $escape($namePrefix . '[o:is_required]'); ?>" value="<?php echo $escape($propertyRow['o:is_required']); ?>">
- <input class="is-private" type="hidden" name="<?php echo $escape($namePrefix . '[o:is_private]'); ?>" value="<?php echo $escape($propertyRow['o:is_private']); ?>">
- <input class="data-type" type="hidden" name="<?php echo $escape($namePrefix . '[o:data_type]'); ?>" value="<?php echo is_array($propertyRow['o:data_type']) ? $escape(implode(',', $propertyRow['o:data_type'])) : $propertyRow['o:data_type']; ?>">
+ <input class="property-id" type="hidden" name="<?php echo $namePrefix . '[o:property][o:id]'; ?>" value="<?php echo $escapeAttr($property->id()); ?>">
+ <input class="original-label" type="hidden" name="<?php echo $namePrefix . '[o:original_label]'; ?>" value="<?php echo $escapeAttr($translate($property->label())); ?>">
+ <input class="alternate-label" type="hidden" name="<?php echo $namePrefix . '[o:alternate_label]'; ?>" value="<?php echo $escapeAttr($propertyRow['o:alternate_label']); ?>">
+ <input class="original-comment" type="hidden" name="<?php echo $namePrefix . '[o:original_comment]'; ?>" value="<?php echo $escapeAttr($translate($property->comment())); ?>">
+ <input class="alternate-comment" type="hidden" name="<?php echo $namePrefix . '[o:alternate_comment]'; ?>" value="<?php echo $escapeAttr($propertyRow['o:alternate_comment']); ?>">
+ <input class="is-required" type="hidden" name="<?php echo $namePrefix . '[o:is_required]'; ?>" value="<?php echo $escapeAttr($propertyRow['o:is_required']); ?>">
+ <input class="is-private" type="hidden" name="<?php echo $namePrefix . '[o:is_private]'; ?>" value="<?php echo $escapeAttr($propertyRow['o:is_private']); ?>">
+ <input class="data-type" type="hidden" name="<?php echo $namePrefix . '[o:data_type]'; ?>" value="<?php echo is_array($propertyRow['o:data_type']) ? $escapeAttr(implode(',', $propertyRow['o:data_type'])) : $escapeAttr($propertyRow['o:data_type']); ?>">
 
  <span class="sortable-handle"></span>
  <span class="original-label-cell"><?php echo $escape($translate($property->label())); ?></span>