tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Escape backend names in authentication backend reorder form

This commit is contained in:
Alexander A. Klimov 2016-02-24 16:35:28 +01:00
parent e407f6d116
commit 172ebd0fd4
1 changed files with 8 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
application/views/scripts/form/reorder-authbackend.phtml
View File

@ -40,30 +40,26 @@
</td>
<td class="icon-col text-right" data-base-target="_self">
<?php if ($i > 0): ?>
<button type="submit" name="backend_newpos" class="link-button icon-only animated move-up" value="<?= sprintf(
'%s|%s',
$backendNames[$i],
$i - 1
<button type="submit" name="backend_newpos" class="link-button icon-only animated move-up" value="<?= $this->escape(
$backendNames[$i] . '|' . ($i - 1)
) ?>" title="<?= $this->translate(
'Move up in authentication order'
) ?>" aria-label="<?= sprintf(
) ?>" aria-label="<?= $this->escape(sprintf(
$this->translate('Move user backend %s upwards'),
$backendNames[$i]
) ?>">
)) ?>">
<?= $this->icon('up-small') ?>
</button>
<?php endif ?>
<?php if ($i + 1 < count($backendNames)): ?>
<button type="submit" name="backend_newpos" class="link-button icon-only animated move-down" value="<?= sprintf(
'%s|%s',
$backendNames[$i],
$i + 1
<button type="submit" name="backend_newpos" class="link-button icon-only animated move-down" value="<?= $this->escape(
$backendNames[$i] . '|' . ($i + 1)
) ?>" title="<?= $this->translate(
'Move down in authentication order'
) ?>" aria-label="<?= sprintf(
) ?>" aria-label="<?= $this->escape(sprintf(
$this->translate('Move user backend %s downwards'),
$backendNames[$i]
) ?>">
)) ?>">
<?= $this->icon('down-small') ?>
</button>
<?php endif ?>