× Help Forum English

Special chars need to be escaped in event title

Start
Prev
1
Next
End

Lemke
Topic Author
New Member

4 years 5 months ago #17076 by Lemke

Special chars need to be escaped in event title was created by Lemke

I am currently evaluating whether ICagenda is suitable for my purposes. In the course I discovered that event titles containing double quotes lead to errors. Example:
The event title is

Industrielle Praxis "Cloud Operations Workshop mit Bosch" (Workshop für Studierende)

This leads to the following generated html:

<div class="event ic-event ic-clearfix">
       <a href="/joomla/index.php/veranstaltungen-2/1-industrielle-praxis-cloud-operations-workshop-mit-bosch-workshop-fuer-studierende?date=2020-11-02-17-30" title="Industrielle Praxis " cloud="" operations="" workshop="" mit="" bosch"="" (workshop="" für="" studierende)"="">

I suppose the event title needs to be escaped using php htmlspecialchars. This might also be a security risk.

Please Log in or Create an account to join the conversation.

Lyr!C
Administrator
Lead Developer

4 years 5 months ago #17077 by Lyr!C

Replied by Lyr!C on topic Special chars need to be escaped in event title

Hello,

Thank you for this report!

I don't see any security risk here, as it's only in a html layout rendering function.

But it's missing to escape...

Attached a version with the patch!

Best regards,
Cyril

File Attachment:

File Name: iCagenda_3...dev1.zip
File Size:1,775 KB

Latest version : iCagenda 3.9.7
We recommend every user to keep iCagenda updated.
Don't forget to have your Joomla!™ up-to-date!

Do you like iCagenda?
I would appreciate if you could take 5 minutes to post a review on JED (Joomla Extensions Directory) .