From e3b8a5abf88838b515f5f6676d10242b28480292 Mon Sep 17 00:00:00 2001
From: Ghislain Loas <ghislo@sandbox.pergame.net>
Date: Thu, 3 Sep 2015 11:06:55 +0200
Subject: [PATCH] #26137 fix rt comment : use escape in view

---
 .../admin/views/scripts/modo/formulaires.phtml     | 14 +++++++-------
 library/Class/Formulaire.php                       |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/application/modules/admin/views/scripts/modo/formulaires.phtml b/application/modules/admin/views/scripts/modo/formulaires.phtml
index 53b71b53ab3..288ddfd5ae9 100644
--- a/application/modules/admin/views/scripts/modo/formulaires.phtml
+++ b/application/modules/admin/views/scripts/modo/formulaires.phtml
@@ -1,5 +1,5 @@
 <h1><?php echo $this->_('Modération des formulaires: '.$this->article->getTitre());?></h1>
-<?php 
+<?php
 if($this->liste==='all')
 echo $this->tagAnchor($this->url(['module'=>'admin',
                                   'controller'=>'modo',
@@ -31,8 +31,8 @@ echo $this->tagAnchor($this->url(['module'=>'admin',
     <thead>
       <tr>
         <th><?php echo $this->_('Date') ?></th>
-        <th><?php echo $this->_('Posté par') ?></th> 
-        <th><?php echo $this->_('Bibliothèque') ?></th> 
+        <th><?php echo $this->_('Posté par') ?></th>
+        <th><?php echo $this->_('Bibliothèque') ?></th>
         <?php foreach($data_names as $name) echo '<th>'.$name.'</th>'; ?>
           <th><?php echo $this->_('Actions') ?></th>
       </tr>
@@ -40,14 +40,14 @@ echo $this->tagAnchor($this->url(['module'=>'admin',
     <tbody>
       <?php
       foreach($this->formulaires as $formulaire) {
-        $datas = [$this->humanDate($formulaire->getDateCreation(), 'dd/MM/yyyy'), 
-                  $formulaire->getCompte(), 
+        $datas = [$this->humanDate($formulaire->getDateCreation(), 'dd/MM/yyyy'),
+                  $formulaire->getCompte(),
                   $formulaire->getLibelleBib()];
         foreach($data_names as $name)
         $datas[]=$formulaire->getDataNamed($name);
 
         echo '<tr>';
-        foreach($datas as $data) echo '<td>'.$data.'</td>';
+        foreach($datas as $data) echo '<td>' . $this->escape($data) . '</td>';
 
         echo '<td>';
         echo $this->tagAnchor(['action' => 'visualiser-reponse-ajax',
@@ -59,7 +59,7 @@ echo $this->tagAnchor($this->url(['module'=>'admin',
         echo $this->tagAnchor(['action' => 'validate-formulaire',
                                'id' => $formulaire->getId()],
                               $this->boutonIco('type=validate'));
-        
+
         echo '</td>';
         echo '</tr>';
       }
diff --git a/library/Class/Formulaire.php b/library/Class/Formulaire.php
index 5ccf2e0846a..e0b5256485f 100644
--- a/library/Class/Formulaire.php
+++ b/library/Class/Formulaire.php
@@ -107,7 +107,7 @@ class Class_Formulaire extends Storm_Model_Abstract {
 
   public function getDataNamed($name) {
     $datas = array_change_key_case($this->getDatas());
-    return isset($datas[$name]) ? strip_tags($datas[$name]) : '' ;
+    return isset($datas[$name]) ? $datas[$name] : '' ;
   }
 
 
-- 
GitLab