From 003a5e915291956187ec9cc0140d3526adf93ff6 Mon Sep 17 00:00:00 2001
From: anonymoususer72041
<247563575+anonymoususer72041@users.noreply.github.com>
Date: Wed, 18 Mar 2026 09:15:00 +0100
Subject: [PATCH 1/3] Normalize escaping for affected fields
---
modules/calendar/Calendar.tpl | 4 ++--
modules/candidates/Show.tpl | 6 +++---
modules/companies/Show.tpl | 2 +-
modules/contacts/Show.tpl | 4 ++--
modules/joborders/Show.tpl | 16 ++++++++--------
5 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/modules/calendar/Calendar.tpl b/modules/calendar/Calendar.tpl
index e180fa3dd..191a7d377 100755
--- a/modules/calendar/Calendar.tpl
+++ b/modules/calendar/Calendar.tpl
@@ -67,7 +67,7 @@
*
@@ -217,7 +217,7 @@
*
diff --git a/modules/candidates/Show.tpl b/modules/candidates/Show.tpl
index ab1a343a0..9ec74c9d5 100755
--- a/modules/candidates/Show.tpl
+++ b/modules/candidates/Show.tpl
@@ -4,9 +4,9 @@ use OpenCATS\UI\CandidateQuickActionMenu;
use OpenCATS\UI\CandidateDuplicateQuickActionMenu;
?>
isPopup): ?>
- data['firstName'].' '.$this->data['lastName'], array( 'js/activity.js', 'js/sorttable.js', 'js/match.js', 'js/lib.js', 'js/pipeline.js', 'modules/candidates/quickAction-candidates.js')); ?>
+ data['firstName'], ENT_QUOTES, HTML_ENCODING) . ' ' . htmlspecialchars($this->data['lastName'], ENT_QUOTES, HTML_ENCODING), array( 'js/activity.js', 'js/sorttable.js', 'js/match.js', 'js/lib.js', 'js/pipeline.js', 'js/attachment.js', 'modules/candidates/quickAction-candidates.js')); ?>
- data['firstName'].' '.$this->data['lastName'], array( 'js/activity.js', 'js/sorttable.js', 'js/match.js', 'js/lib.js', 'js/pipeline.js', 'modules/candidates/quickAction-candidates.js', 'modules/candidates/quickAction-duplicates.js')); ?>
+ data['firstName'], ENT_QUOTES, HTML_ENCODING) . ' ' . htmlspecialchars($this->data['lastName'], ENT_QUOTES, HTML_ENCODING), array( 'js/activity.js', 'js/sorttable.js', 'js/match.js', 'js/lib.js', 'js/pipeline.js', 'js/attachment.js', 'modules/candidates/quickAction-candidates.js', 'modules/candidates/quickAction-duplicates.js')); ?>
active); ?>
@@ -614,7 +614,7 @@ use OpenCATS\UI\CandidateDuplicateQuickActionMenu;
lists as $rowNumber => $list): ?>
|
-
+ _($list['name']); ?>
|
diff --git a/modules/companies/Show.tpl b/modules/companies/Show.tpl
index 86ec6a545..e016fba47 100755
--- a/modules/companies/Show.tpl
+++ b/modules/companies/Show.tpl
@@ -2,7 +2,7 @@
include_once('./vendor/autoload.php');
use OpenCATS\UI\QuickActionMenu;
?>
-data['name'], array( 'js/activity.js', 'js/sorttable.js')); ?>
+data['name'], ENT_QUOTES, HTML_ENCODING), array( 'js/activity.js', 'js/sorttable.js', 'js/attachment.js')); ?>
active); ?>
diff --git a/modules/contacts/Show.tpl b/modules/contacts/Show.tpl
index 79b6927a0..79caa6d8a 100755
--- a/modules/contacts/Show.tpl
+++ b/modules/contacts/Show.tpl
@@ -3,7 +3,7 @@
include_once('./vendor/autoload.php');
use OpenCATS\UI\QuickActionMenu;
?>
-data['firstName'].' '.$this->data['lastName'], array( 'js/activity.js')); ?>
+data['firstName'], ENT_QUOTES, HTML_ENCODING) . ' ' . htmlspecialchars($this->data['lastName'], ENT_QUOTES, HTML_ENCODING), array( 'js/activity.js', 'js/attachment.js')); ?>
active); ?>