From 6f778b2fc9ab5e27b3b1699640cfcef944993f9b Mon Sep 17 00:00:00 2001
From: Heiko Weber <heiko@wecos.de>
Date: Wed, 31 Mar 2021 09:34:23 +0200
Subject: [PATCH] Ensure the breadcrump is always html escaped when translated

---
 .../view/templates/default/deletedialog/approve.tpl.php         | 2 +-
 .../view/templates/default/deletedialog/approve_status.tpl.php  | 2 +-
 .../view/templates/default/notifications/my.tpl.php             | 2 +-
 .../view/templates/default/notifications/settings.tpl.php       | 2 +-
 .../usermanagement/view/templates/default/users/create.tpl.php  | 2 +-
 .../view/templates/default/users/dashboard.tpl.php              | 2 +-
 .../view/templates/default/users/edit_self.tpl.php              | 2 +-
 .../usermanagement/view/templates/default/users/list.tpl.php    | 2 +-
 .../usermanagement/view/templates/default/users/login.tpl.php   | 2 +-
 .../view/templates/default/users/lost_password.tpl.php          | 2 +-
 .../view/templates/default/users/register.tpl.php               | 2 +-
 .../templates/default/users/resend_registration_mail.tpl.php    | 2 +-
 gyro/core/view/widgets/actionlink.widget.php                    | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/contributions/deletedialog/view/templates/default/deletedialog/approve.tpl.php b/contributions/deletedialog/view/templates/default/deletedialog/approve.tpl.php
index 3fb0ee87..078a722b 100644
--- a/contributions/deletedialog/view/templates/default/deletedialog/approve.tpl.php
+++ b/contributions/deletedialog/view/templates/default/deletedialog/approve.tpl.php
@@ -10,7 +10,7 @@
 $page_data->breadcrumb = WidgetBreadcrumb::output(
 	array(
 		$instance,
-		tr('Delete', 'deletedialog')
+		GyroString::escape(tr('Delete', 'deletedialog'))
 	)
 );
 ?>
diff --git a/contributions/deletedialog/view/templates/default/deletedialog/approve_status.tpl.php b/contributions/deletedialog/view/templates/default/deletedialog/approve_status.tpl.php
index 0a176073..4ea3de1f 100644
--- a/contributions/deletedialog/view/templates/default/deletedialog/approve_status.tpl.php
+++ b/contributions/deletedialog/view/templates/default/deletedialog/approve_status.tpl.php
@@ -14,7 +14,7 @@
 $page_data->breadcrumb = WidgetBreadcrumb::output(
 	array(
 		$instance,
-		tr('Delete', 'deletedialog')
+		GyroString::escape(tr('Delete', 'deletedialog'))
 	)
 );
 ?>
diff --git a/contributions/usermanagement.notifications/view/templates/default/notifications/my.tpl.php b/contributions/usermanagement.notifications/view/templates/default/notifications/my.tpl.php
index 95731c57..f9f15851 100644
--- a/contributions/usermanagement.notifications/view/templates/default/notifications/my.tpl.php
+++ b/contributions/usermanagement.notifications/view/templates/default/notifications/my.tpl.php
@@ -1,7 +1,7 @@
 <?php
 $title = tr('Your Notifications', 'notifications');
 $page_data->head->title = $title;
-$page_data->breadcrumb = WidgetBreadcrumb::output($title);
+$page_data->breadcrumb = WidgetBreadcrumb::output(GyroString::escape($title));
 ?>
 <h1><?=$title?></h1>
 
diff --git a/contributions/usermanagement.notifications/view/templates/default/notifications/settings.tpl.php b/contributions/usermanagement.notifications/view/templates/default/notifications/settings.tpl.php
index 2c8fa1fe..cc36a481 100644
--- a/contributions/usermanagement.notifications/view/templates/default/notifications/settings.tpl.php
+++ b/contributions/usermanagement.notifications/view/templates/default/notifications/settings.tpl.php
@@ -6,7 +6,7 @@
 $page_data->head->title = $title;
 $page_data->breadcrumb = WidgetBreadcrumb::output(array(
 	WidgetActionLink::output(tr('Your Notifications', 'notifications'), 'users_notifications'),
-	tr('Settings', 'notifications')
+	GyroString::escape(tr('Settings', 'notifications'))
 ));
 ?>
 <h1><?=$title?></h1>
diff --git a/contributions/usermanagement/view/templates/default/users/create.tpl.php b/contributions/usermanagement/view/templates/default/users/create.tpl.php
index 37f11fa8..03879c92 100644
--- a/contributions/usermanagement/view/templates/default/users/create.tpl.php
+++ b/contributions/usermanagement/view/templates/default/users/create.tpl.php
@@ -4,7 +4,7 @@
 $page_data->breadcrumb = WidgetBreadcrumb::output(
 	array(
 		WidgetActionLink::output('Users', 'users_list_all'),
-		$title
+		GyroString::escape($title)
 	)
 );
 ?>
diff --git a/contributions/usermanagement/view/templates/default/users/dashboard.tpl.php b/contributions/usermanagement/view/templates/default/users/dashboard.tpl.php
index d58467cc..bc3ec0b0 100644
--- a/contributions/usermanagement/view/templates/default/users/dashboard.tpl.php
+++ b/contributions/usermanagement/view/templates/default/users/dashboard.tpl.php
@@ -3,7 +3,7 @@
 $page_data->head->robots_index = ROBOTS_NOINDEX;
 $page_data->head->title = $page_title; 
 $page_data->breadcrumb = WidgetBreadcrumb::output(
-	tr('Your personal site', 'users')
+	GyroString::escape(tr('Your personal site', 'users'))
 );
 ?>
 
diff --git a/contributions/usermanagement/view/templates/default/users/edit_self.tpl.php b/contributions/usermanagement/view/templates/default/users/edit_self.tpl.php
index 80a32b2e..c97db135 100644
--- a/contributions/usermanagement/view/templates/default/users/edit_self.tpl.php
+++ b/contributions/usermanagement/view/templates/default/users/edit_self.tpl.php
@@ -2,7 +2,7 @@
 /* @var $page_data PageData */
 $page_data->head->title = tr('Edit your account settings', 'users');
 $page_data->breadcrumb = WidgetBreadcrumb::output(array(
-	tr('Change Account Data', 'users')
+	GyroString::escape(tr('Change Account Data', 'users'))
 ))
 ?>
 <h1><?=tr('Change Account Data', 'users')?></h1>
diff --git a/contributions/usermanagement/view/templates/default/users/list.tpl.php b/contributions/usermanagement/view/templates/default/users/list.tpl.php
index 92ac397e..3e2158ef 100644
--- a/contributions/usermanagement/view/templates/default/users/list.tpl.php
+++ b/contributions/usermanagement/view/templates/default/users/list.tpl.php
@@ -4,7 +4,7 @@
 
 $title = tr('Users List', 'users');
 $page_data->breadcrumb = WidgetBreadcrumb::output(
-	$title
+	GyroString::escape($title)
 );
 ?>
 <h1><?=$title?></h1>
diff --git a/contributions/usermanagement/view/templates/default/users/login.tpl.php b/contributions/usermanagement/view/templates/default/users/login.tpl.php
index 06729798..894b5391 100644
--- a/contributions/usermanagement/view/templates/default/users/login.tpl.php
+++ b/contributions/usermanagement/view/templates/default/users/login.tpl.php
@@ -3,7 +3,7 @@
 $title = tr('Login', 'users');
 $page_data->head->title = $title;
 $page_data->breadcrumb = WidgetBreadcrumb::output(
-	$title
+	GyroString::escape($title)
 );
 ?>
 <h1><?=$title?></h1>
diff --git a/contributions/usermanagement/view/templates/default/users/lost_password.tpl.php b/contributions/usermanagement/view/templates/default/users/lost_password.tpl.php
index 611d7924..4b21b5fb 100644
--- a/contributions/usermanagement/view/templates/default/users/lost_password.tpl.php
+++ b/contributions/usermanagement/view/templates/default/users/lost_password.tpl.php
@@ -3,7 +3,7 @@
 $title = tr('Lost Password', 'users');
 $page_data->head->title = $title;
 $page_data->breadcrumb = WidgetBreadcrumb::output(
-	$title
+	GyroString::escape($title)
 );
 ?>
 <h1><?=$title?></h1>
diff --git a/contributions/usermanagement/view/templates/default/users/register.tpl.php b/contributions/usermanagement/view/templates/default/users/register.tpl.php
index 0ccab2fa..168766f1 100644
--- a/contributions/usermanagement/view/templates/default/users/register.tpl.php
+++ b/contributions/usermanagement/view/templates/default/users/register.tpl.php
@@ -3,7 +3,7 @@
 $title = tr('Become a member', 'users');
 $page_data->head->title = $title;
 $page_data->breadcrumb = WidgetBreadcrumb::output(
-	$title
+	GyroString::escape($title)
 );?>
 
 <h1><?=$title;?></h1>
diff --git a/contributions/usermanagement/view/templates/default/users/resend_registration_mail.tpl.php b/contributions/usermanagement/view/templates/default/users/resend_registration_mail.tpl.php
index f9bee69c..8c30f480 100644
--- a/contributions/usermanagement/view/templates/default/users/resend_registration_mail.tpl.php
+++ b/contributions/usermanagement/view/templates/default/users/resend_registration_mail.tpl.php
@@ -4,7 +4,7 @@
 $page_data->head->robots_index = ROBOTS_NOINDEX_FOLLOW;
 
 $page_data->breadcrumb = WidgetBreadcrumb::output(
-	$title
+	GyroString::escape($title)
 );
 ?>
 <h1><?=$title?></h1>
diff --git a/gyro/core/view/widgets/actionlink.widget.php b/gyro/core/view/widgets/actionlink.widget.php
index a442ca81..b7eba078 100644
--- a/gyro/core/view/widgets/actionlink.widget.php
+++ b/gyro/core/view/widgets/actionlink.widget.php
@@ -14,7 +14,7 @@ class WidgetActionLink implements IWidget {
 	/**
 	 * @param string|ISelfDescribing $text The content of the anchor to create. Gets escaped if instance of ISelfDescribing, else it is printed as given
 	 * @param string $action The action to retrieve URL for
-	 * @param array|null $params The parameters for aboev action
+	 * @param array|null $params The parameters for above action
 	 * @param array $html_attrs Attributes to pass to HTML anchor. If a gyro_query is passed, this is added as query to the generated action URL
 	 * @return string
 	 */