aboutsummaryrefslogtreecommitdiff
path: root/app/views/resources/room_request
diff options
context:
space:
mode:
authorElmar Ludwig <elmar.ludwig@uni-osnabrueck.de>2026-02-27 14:50:39 +0100
committerDavid Siegfried <david.siegfried@uni-vechta.de>2026-02-27 13:50:39 +0000
commitce679651ccf784da2e4bf57d53b57d895a4fbea3 (patch)
tree5946f87af5fcd461808285488fcfc8258afd863b /app/views/resources/room_request
parente752624e6621cda3e9821694d0699e2c91224746 (diff)
fix XSS issues with date formatting, fixes #6277
Closes #6277 Merge request studip/studip!4751
Diffstat (limited to 'app/views/resources/room_request')
-rw-r--r--app/views/resources/room_request/planning.php2
-rw-r--r--app/views/resources/room_request/resolve.php2
2 files changed, 2 insertions, 2 deletions
diff --git a/app/views/resources/room_request/planning.php b/app/views/resources/room_request/planning.php
index 8011dee..1b6c6a3 100644
--- a/app/views/resources/room_request/planning.php
+++ b/app/views/resources/room_request/planning.php
@@ -285,7 +285,7 @@
<? endif ?>
</td>
<td>
- <?= $request->getTypeString() ?>
+ <?= htmlReady($request->getTypeString()) ?>
</td>
</tr>
<? endforeach ?>
diff --git a/app/views/resources/room_request/resolve.php b/app/views/resources/room_request/resolve.php
index 8156dc2..9d4aab8 100644
--- a/app/views/resources/room_request/resolve.php
+++ b/app/views/resources/room_request/resolve.php
@@ -125,7 +125,7 @@
<dd>
<? $dates = $request->getDateString(true, false) ?>
<? if ($dates) : ?>
- <?= implode('<br>', $dates) ?>
+ <?= implode('<br>', array_map('htmlReady', $dates)) ?>
<? else : ?>
<?= _('Keine') ?>
<? endif ?>
generated by cgit v1.0 at 2026-05-27 06:30:14 +0000