From bb3ad0734f59d6e5844cadd807c451b980d9ccd5 Mon Sep 17 00:00:00 2001 From: ovclas Date: Mon, 16 Jul 2012 04:45:10 +0000 Subject: [PATCH] issue 1985 when insert db, add htmlspecialchars to menu name git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.3.1@10899 201d5d3c-b55e-5fd7-737f-ddc643e51545 --- modules/menu/menu.admin.controller.php | 5 +++++ modules/menu/tpl/js/sitemap.js | 6 ++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/modules/menu/menu.admin.controller.php b/modules/menu/menu.admin.controller.php index 505519319..8c9ead51c 100644 --- a/modules/menu/menu.admin.controller.php +++ b/modules/menu/menu.admin.controller.php @@ -160,6 +160,11 @@ else $args->name = $source_args->menu_name; + if(!strstr($args->name, '$user_lang->')) + { + $args->name = htmlspecialchars($args->name); + } + $args->url = trim($source_args->menu_url); $args->open_window = $source_args->menu_open_window; $args->expand = $source_args->menu_expand; diff --git a/modules/menu/tpl/js/sitemap.js b/modules/menu/tpl/js/sitemap.js index 6b7b60e27..ca27df18c 100644 --- a/modules/menu/tpl/js/sitemap.js +++ b/modules/menu/tpl/js/sitemap.js @@ -51,12 +51,14 @@ $('form.siteMap') var menuItem = obj.menu_item; menuUrl = menuItem.url; var successReturnUrl = editForm.find('input[name=success_return_url]').val() + menuItem.menu_srl; + var menuName = $('
').html(menuItem.name).text(); + editForm.find('.h2').text(xe.lang.edit_menu); editForm.find('input[name=menu_srl]').val(menuItem.menu_srl); editForm.find('input[name=menu_item_srl]').val(menuItem.menu_item_srl); editForm.find('input[name=parent_srl]').val(menuItem.parent_srl); - editForm.find('input[name=menu_name_key]').val(menuItem.name_key); - editForm.find('input[name=menu_name]').val(menuItem.name); + editForm.find('input[name=menu_name_key]').val(menuName); + editForm.find('input[name=menu_name]').val(menuName); editForm.find('input[name=success_return_url]').val(successReturnUrl); var moduleType = menuItem.moduleType;