CC-6055: Improved escaping

2015-06-12 13:48:54 -04:00 · 2015-06-12 13:48:54 -04:00 · b4c9a77e7c
commit b4c9a77e7c
parent abc81a92b4
10 changed files with 46 additions and 50 deletions
--- a/airtime_mvc/application/services/HistoryService.php
+++ b/airtime_mvc/application/services/HistoryService.php
@ -980,7 +980,7 @@ class Application_Service_HistoryService
 	        	$this->populateTemplateItem($values, $id, $instanceId);
 	        }
 	        else {
-	        	$json["form"] = $form;
+	        	$json["form"] = SecurityHelper::htmlescape_recursive($form);
 	        }

 	        return $json;
@ -1008,7 +1008,8 @@ class Application_Service_HistoryService
 	            $this->populateTemplateFile($values, $id);
 	        }
 	        else {
-	        	$json["error"] = $msgs;
+	        	$json["error"] = $form->getErrorMessages();
+				$json["error"] = SecurityHelper::htmlescape_recursive($json["error"]);
 	        }

 	        return $json;