Some escaping

alma · Aug 1, 2019 · ab847e5 · ab847e5
1 parent cd6148a
commit ab847e5
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/alma/views/templates/admin/_configure/helpers/form/form.tpl b/alma/views/templates/admin/_configure/helpers/form/form.tpl
@@ -28,7 +28,7 @@
         {assign var='value_text' value=$fields_value[$input.name]}
             <input type="number"
                    name="{$input.name|escape:'htmlall':'UTF-8'}"
-                   id="{if isset($input.id)}{$input.id}{else}{$input.name|escape:'htmlall':'UTF-8'}{/if}"
+                   id="{if isset($input.id)}{$input.id|escape:'htmlall':'UTF-8'}{else}{$input.name|escape:'htmlall':'UTF-8'}{/if}"
                    value="{$value_text|escape:'html':'UTF-8'}"
                    class="alma {if isset($input.class)}{$input.class|escape:'htmlall':'UTF-8'}{/if}"
                     {if isset($input.size)} size="{$input.size|escape:'htmlall':'UTF-8'}"{/if}

diff --git a/alma/views/templates/hook/pnx_fees.tpl b/alma/views/templates/hook/pnx_fees.tpl
@@ -38,7 +38,7 @@
     <br>
     {if $fee_plan["merchant_fee_variable"] > 0}
         <b>{l s='You pay:' mod='alma'}</b>
-        {rtrim(sprintf("%.2f", $fee_plan["merchant_fee_variable"] / 100.0), '.0')}%
+        {rtrim(sprintf("%.2f", $fee_plan["merchant_fee_variable"] / 100.0), '.0')|escape:'htmlall':'UTF-8'}%
     {/if}
 
     {if $fee_plan["merchant_fee_fixed"] > 0}
@@ -47,13 +47,13 @@
         {else}
             +
         {/if}
-        {rtrim(sprintf("%.2f", $fee_plan["merchant_fee_fixed"] / 100.0), '.0')}€
+        {rtrim(sprintf("%.2f", $fee_plan["merchant_fee_fixed"] / 100.0), '.0')|escape:'htmlall':'UTF-8'}€
     {/if}
 
     {if $fee_plan["customer_fee_variable"] > 0}
         <br>
         <b>{l s='Customers pay:' mod='alma'}</b>
-        {rtrim(sprintf("%.2f", $fee_plan["customer_fee_variable"] / 100.0), '.0')}%
+        {rtrim(sprintf("%.2f", $fee_plan["customer_fee_variable"] / 100.0), '.0')|escape:'htmlall':'UTF-8'}%
     {/if}
 
     {if $fee_plan["customer_fee_fixed"] > 0}
@@ -63,7 +63,7 @@
         {else}
             +
         {/if}
-        {rtrim(sprintf("%.2f", $fee_plan["customer_fee_fixed"] / 100.0), '.0')}€
+        {rtrim(sprintf("%.2f", $fee_plan["customer_fee_fixed"] / 100.0), '.0')|escape:'htmlall':'UTF-8'}€
     {/if}
 
     <br><br>