diff options
| author | Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de> | 2026-02-27 14:50:39 +0100 |
|---|---|---|
| committer | David Siegfried <david.siegfried@uni-vechta.de> | 2026-02-27 13:50:39 +0000 |
| commit | ce679651ccf784da2e4bf57d53b57d895a4fbea3 (patch) | |
| tree | 5946f87af5fcd461808285488fcfc8258afd863b /templates/dates/course_date_list.php | |
| parent | e752624e6621cda3e9821694d0699e2c91224746 (diff) | |
fix XSS issues with date formatting, fixes #6277
Closes #6277
Merge request studip/studip!4751
Diffstat (limited to 'templates/dates/course_date_list.php')
| -rw-r--r-- | templates/dates/course_date_list.php | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/templates/dates/course_date_list.php b/templates/dates/course_date_list.php index 8fdcd69..0a7bf41 100644 --- a/templates/dates/course_date_list.php +++ b/templates/dates/course_date_list.php @@ -12,14 +12,32 @@ <? if (!$collection->isEmpty()) : ?> <ul class="list-unstyled"> <? foreach ($collection->getRegularDates() as $regular_date) : ?> - <li><?= $regular_date->toString('long-start') ?></li> + <li> + <?= $regular_date->toString('long-start', true) ?> + </li> <? endforeach ?> <? foreach ($collection->getSingleDates() as $single_date) : ?> - <li><?= $single_date->getFullName($with_room_names ? 'long-include-room' : 'long') ?></li> + <li> + <?= htmlReady($single_date->getFullName('long')) ?> + <? if ($with_room_names): ?> + <? $rooms = $single_date->getRooms() ?> + <? if ($rooms): ?> + <? foreach ($rooms as $room): ?> + <a href="<?= $room->getActionLink() ?>" data-dialog> + <?= htmlReady($room->name) ?> + </a> + <? endforeach ?> + <? else: ?> + <?= htmlReady($single_date->raum) ?> + <? endif ?> + <? endif ?> + </li> <? endforeach ?> <? if ($with_cancelled_dates) : ?> <? foreach ($collection->getCancelledDates() as $cancelled_date) : ?> - <li><?= $cancelled_date->getFullName() ?></li> + <li> + <?= htmlReady($cancelled_date->getFullName()) ?> + </li> <? endforeach ?> <? endif ?> </ul> |