Documents

- Properly escape HTML in the edit modal - Tidy
2023-03-11 19:55:38 +00:00
parent 4344a4fcca
commit 90bba73aac
4 changed files with 16 additions and 20 deletions
@@ -1,7 +1,7 @@
-<?php require_once("inc_all_client.php"); ?>
-
 <?php

+require_once("inc_all_client.php");
+
 if (isset($_GET['document_id'])) {
 	$document_id = intval($_GET['document_id']);
 }
@@ -82,9 +82,7 @@ $document_folder_id = intval($row['document_folder_id']);

 <?php

-include("client_document_edit_modal.php");
-include("share_modal.php"); 
+require_once("client_document_edit_modal.php");
+require_once("share_modal.php");

-?>
-
-<?php include("footer.php"); ?>
+require_once("footer.php");
@@ -17,7 +17,7 @@
                    </div>

                    <div class="form-group">
-                        <textarea class="form-control summernote" name="content"><?php echo $document_content; ?></textarea>
+                        <textarea class="form-control summernote" name="content"><?php echo htmlentities($document_content); ?></textarea>
                    </div>

                    <div class="form-group">
@@ -1,7 +1,7 @@
-<?php require_once("inc_all_client.php"); ?>
-
 <?php

+require_once("inc_all_client.php");
+

 if (isset($_GET['document_id'])) {
 	$document_id = intval($_GET['document_id']);
@@ -60,8 +60,6 @@ $document_updated_at = htmlentities($row['document_updated_at']);

 <?php

-include("client_document_template_edit_modal.php");
+require_once("client_document_template_edit_modal.php");

-?>
-
-<?php include("footer.php"); ?>
+require_once("footer.php");
@@ -16,7 +16,7 @@
                    </div>

                    <div class="form-group">
-                        <textarea class="form-control summernote" name="content"><?php echo $document_content; ?></textarea>
+                        <textarea class="form-control summernote" name="content"><?php echo htmlentities($document_content); ?></textarea>
                    </div>

                </div>