Documents

- Properly escape HTML in the edit modal - Tidy
2023-03-11 19:55:38 +00:00 · 2023-03-11 19:55:38 +00:00 · 90bba73aac
parent 4344a4fcca
commit 90bba73aac
4 changed files with 16 additions and 20 deletions
--- a/client_document_details.php
+++ b/client_document_details.php
@ -1,6 +1,6 @@
-<?php require_once("inc_all_client.php"); ?>
+<?php

-<?php 
+require_once("inc_all_client.php");

 if (isset($_GET['document_id'])) {
 	$document_id = intval($_GET['document_id']);
@ -42,7 +42,7 @@ $document_folder_id = intval($row['document_folder_id']);
 </ol>

 <div class="row">
-	
+
  <div class="col-md-9">
 		<div class="card">
 		  <div class="card-body">
@ -61,7 +61,7 @@ $document_folder_id = intval($row['document_folder_id']);
        <button type="button" class="btn btn-secondary" data-toggle="modal" data-target="#editDocumentModal">
          <i class="fas fa-fw fa-copy mr-2"></i>Copy
        </button>
-        <button type="button" class="btn btn-secondary" data-toggle="modal" data-target="#shareModal" 
+        <button type="button" class="btn btn-secondary" data-toggle="modal" data-target="#shareModal"
          onclick="populateShareModal(<?php echo "$client_id, 'Document', $document_id"; ?>)">
          <i class="fas fa-fw fa-share mr-2"></i>Share
        </button>
@ -72,7 +72,7 @@ $document_folder_id = intval($row['document_folder_id']);
        <h6><i class="fas fa-fw fa-laptop mr-2"></i>Assets</h6>
        <h6><i class="fas fa-fw fa-cube mr-2"></i>Software</h6>
        <h6><i class="fas fa-fw fa-building mr-2"></i>Vendors</h6>
-        
+
      </div>
    </div>

@ -80,11 +80,9 @@ $document_folder_id = intval($row['document_folder_id']);

 </div>

-<?php 
+<?php

-include("client_document_edit_modal.php");
-include("share_modal.php"); 
+require_once("client_document_edit_modal.php");
+require_once("share_modal.php");

-?>
-
-<?php include("footer.php"); ?>
+require_once("footer.php");
--- a/client_document_edit_modal.php
+++ b/client_document_edit_modal.php
@ -17,7 +17,7 @@
                    </div>

                    <div class="form-group">
-                        <textarea class="form-control summernote" name="content"><?php echo $document_content; ?></textarea>
+                        <textarea class="form-control summernote" name="content"><?php echo htmlentities($document_content); ?></textarea>
                    </div>

                    <div class="form-group">
--- a/client_document_template_details.php
+++ b/client_document_template_details.php
@ -1,6 +1,6 @@
-<?php require_once("inc_all_client.php"); ?>
+<?php

-<?php 
+require_once("inc_all_client.php");


 if (isset($_GET['document_id'])) {
@ -58,10 +58,8 @@ $document_updated_at = htmlentities($row['document_updated_at']);
  </div>
 </div>

-<?php 
+<?php

-include("client_document_template_edit_modal.php");
+require_once("client_document_template_edit_modal.php");

-?>
-
-<?php include("footer.php"); ?>
+require_once("footer.php");
--- a/client_document_template_edit_modal.php
+++ b/client_document_template_edit_modal.php
@ -16,7 +16,7 @@
                    </div>

                    <div class="form-group">
-                        <textarea class="form-control summernote" name="content"><?php echo $document_content; ?></textarea>
+                        <textarea class="form-control summernote" name="content"><?php echo htmlentities($document_content); ?></textarea>
                    </div>

                </div>