diff --git a/workflow/engine/classes/class.processMap.php b/workflow/engine/classes/class.processMap.php index 11307a8ea..6a5446f0a 100755 --- a/workflow/engine/classes/class.processMap.php +++ b/workflow/engine/classes/class.processMap.php @@ -90,7 +90,7 @@ class processMap $aRow = $oProcess->load( $sProcessUID ); $oPM->title = new stdclass(); - $oPM->title->label = strip_tags( $aRow['PRO_TITLE'] ); + $oPM->title->label = htmlentities( $aRow['PRO_TITLE'], ENT_QUOTES, 'UTF-8' ); $oPM->title->position = new stdclass(); $oPM->title->position->x = $aRow['PRO_TITLE_X']; $oPM->title->position->y = $aRow['PRO_TITLE_Y']; @@ -127,7 +127,7 @@ class processMap $aFields1 = $oTask1->load( $oTask->uid ); $aRow1['CON_VALUE'] = $oTask1->getTasTitle(); } - $oTask->label = strip_tags( $aRow1['CON_VALUE'] ); + $oTask->label = htmlentities( $aRow1['CON_VALUE'], ENT_QUOTES, 'UTF-8' ); } else { $oCriteria = new Criteria( 'workflow' ); $del = DBAdapter::getStringDelimiter(); @@ -152,9 +152,9 @@ class processMap if ($oProcess->exists( $aRowx['PRO_UID'] )) { //$aRowy = $oProcess->load($aRowx['PRO_UID']); //$oTask->label = $aRowy['PRO_TITLE']; - $oTask->label = $aRowx['TAS_TITLE']; + $oTask->label = htmlentities( $aRowx['TAS_TITLE'], ENT_QUOTES, 'UTF-8' ); } else { - $oTask->label = strip_tags( $aRow1['CON_VALUE'] ); + $oTask->label = htmlentities( $aRow1['CON_VALUE'], ENT_QUOTES, 'UTF-8' ); } } $oTask->taskINI = (strtolower( $aRow1['TAS_START'] ) == 'true' ? true : false); @@ -410,7 +410,7 @@ class processMap case 'text': $oText = null; $oText->uid = $aRow['SWI_UID']; - $oText->label = strip_tags( ($aRow['CON_VALUE'] != '' ? str_replace( chr( 92 ), '\', str_replace( '<', '<', $aRow['CON_VALUE'] ) ) : '-') ); + $oText->label = htmlentities( ($aRow['CON_VALUE'] != '' ? str_replace( chr( 92 ), '\', str_replace( '<', '<', $aRow['CON_VALUE'] ) ) : '-'), ENT_QUOTES, 'UTF-8' ); // $oText->label = '->' . $aRow ['CON_VALUE'] . '<-' ; $oText->position->x = $aRow['SWI_X']; $oText->position->y = $aRow['SWI_Y']; diff --git a/workflow/engine/js/processmap/core/processes_Map.js b/workflow/engine/js/processmap/core/processes_Map.js index 35361da7a..c4bba5ae5 100755 --- a/workflow/engine/js/processmap/core/processes_Map.js +++ b/workflow/engine/js/processmap/core/processes_Map.js @@ -252,7 +252,7 @@ var saveTaskData = function(oForm, iForm, iType) var res = rpc.xmlhttp.responseText.parseJSON(); if (oTaskData.TAS_TITLE) { - Pm.data.db.task[getField("INDEX").value].label = Pm.data.db.task[getField("INDEX").value].object.elements.label.innerHTML = oTaskData.TAS_TITLE.replace(re2, "&"); + Pm.data.db.task[getField("INDEX").value].label = Pm.data.db.task[getField("INDEX").value].object.elements.label.innerHTML = htmlentities(oTaskData.TAS_TITLE, 'ENT_QUOTES'); } if (oTaskData.TAS_START) { diff --git a/workflow/engine/methods/cases/casesStartPage_Ajax.php b/workflow/engine/methods/cases/casesStartPage_Ajax.php index fe1741776..dbd9f2472 100755 --- a/workflow/engine/methods/cases/casesStartPage_Ajax.php +++ b/workflow/engine/methods/cases/casesStartPage_Ajax.php @@ -77,7 +77,7 @@ function getProcessList () $tempTreeChildren = array (); foreach ($processList[$key] as $keyChild => $processInfoChild) { //print_r($processInfo); - $tempTreeChild['text'] = $keyChild; //ellipsis ( $keyChild, 50 ); + $tempTreeChild['text'] = htmlentities($keyChild, ENT_QUOTES, 'UTF-8'); //ellipsis ( $keyChild, 50 ); //$tempTree['text']=$key; $tempTreeChild['id'] = preg_replace('([^A-Za-z0-9 ()])', '', $keyChild); $tempTreeChild['draggable'] = true; diff --git a/workflow/engine/templates/cases/casesStartCase.js b/workflow/engine/templates/cases/casesStartCase.js index b119c50a8..74bbd71b2 100755 --- a/workflow/engine/templates/cases/casesStartCase.js +++ b/workflow/engine/templates/cases/casesStartCase.js @@ -138,7 +138,8 @@ Ext.onReady(function() { style : { fontSize:'11px' }, - id:"processName" + id:"processName", + htmlEncode: true }, { xtype: 'compositefield', @@ -169,7 +170,8 @@ Ext.onReady(function() { allowBlank:false, value: '', width:200, - id:"taskName" + id:"taskName", + htmlEncode: true } ]}, { @@ -192,7 +194,8 @@ Ext.onReady(function() { style : { fontSize:'11px' }, - id:"processCategory" + id:"processCategory", + htmlEncode: true }, { fieldLabel: TRANSLATIONS.ID_CALENDAR,