diff --git a/Classes/Domain/Finishers/SaveFormToDatabaseFinisher.php b/Classes/Domain/Finishers/SaveFormToDatabaseFinisher.php
index 20c526f..9f193fa 100644
--- a/Classes/Domain/Finishers/SaveFormToDatabaseFinisher.php
+++ b/Classes/Domain/Finishers/SaveFormToDatabaseFinisher.php
@@ -79,10 +79,10 @@ protected function getFormValues(): array
foreach ($page->getElementsRecursively() as $pageElem) {
if ($pageElem->getType() !== 'Honeypot') {
if($pageElem->getType() !== 'FileUpload' && $pageElem->getType() !== 'ImageUpload'){
- $values[$pageElem->getIdentifier()]['value'] = $valuesWithPages[$pageElem->getIdentifier()];
+ $values[$pageElem->getIdentifier()]['value'] = htmlspecialchars($valuesWithPages[$pageElem->getIdentifier()]);
}else{
if($valuesWithPages[$pageElem->getIdentifier()]){
- $values[$pageElem->getIdentifier()]['value'] = $valuesWithPages[$pageElem->getIdentifier()]->getOriginalResource()->getName();
+ $values[$pageElem->getIdentifier()]['value'] = htmlspecialchars($valuesWithPages[$pageElem->getIdentifier()]->getOriginalResource()->getName());
}
}
$values[$pageElem->getIdentifier()]['conf']['label'] = $pageElem->getLabel();
diff --git a/Classes/Form/FormAnswersJsonElement.php b/Classes/Form/FormAnswersJsonElement.php
index 0d73fee..60fa2fc 100644
--- a/Classes/Form/FormAnswersJsonElement.php
+++ b/Classes/Form/FormAnswersJsonElement.php
@@ -19,9 +19,9 @@ public function render()
if (is_array($fieldValues)) {
foreach ($fieldValues as $fieldKey => $fieldValue) {
if ($fieldValue['conf']['label']) {
- $out .= ''.$fieldValue['conf']['label'].' - '.(is_array($fieldValue['value']) ? implode(",", $fieldValue['value']) : $fieldValue['value']).'';
+ $out .= ''.$fieldValue['conf']['label'].' - '.(is_array($fieldValue['value']) ? implode(",", htmlspecialchars($fieldValue['value'])) : htmlspecialchars($fieldValue['value'])).'';
} else {
- $out .= ''.$fieldKey.' - '.(is_array($fieldValue['value']) ? implode(",", $fieldValue['value']) : $fieldValue['value']).'';
+ $out .= ''.$fieldKey.' - '.(is_array($fieldValue['value']) ? implode(",", htmlspecialchars($fieldValue['value'])) : htmlspecialchars($fieldValue['value'])).'';
}
}
}
diff --git a/Resources/Private/Backend/Partials/FormEntry/Properties.html b/Resources/Private/Backend/Partials/FormEntry/Properties.html
index 182892d..e654405 100644
--- a/Resources/Private/Backend/Partials/FormEntry/Properties.html
+++ b/Resources/Private/Backend/Partials/FormEntry/Properties.html
@@ -9,7 +9,7 @@
key="LLL:EXT:frp_form_answers/Resources/Private/Language/locallang_be.xlf:tx_frpformanswers_domain_model_formentry.answers"/>
|
- {formEntry.answers}
+ {formEntry.answers}
|
@@ -18,7 +18,7 @@
key="LLL:EXT:frp_form_answers/Resources/Private/Language/locallang_be.xlf:tx_frpformanswers_domain_model_formentry.field_hash"/>
|
- {formEntry.fieldHash}
+ {formEntry.fieldHash}
|
@@ -27,7 +27,7 @@
key="LLL:EXT:frp_form_answers/Resources/Private/Language/locallang_be.xlf:tx_frpformanswers_domain_model_formentry.form"/>
|
- {formEntry.form}
+ {formEntry.form}
|
@@ -36,7 +36,7 @@
key="LLL:EXT:frp_form_answers/Resources/Private/Language/locallang_be.xlf:tx_frpformanswers_domain_model_formentry.exported"/>
|
- {formEntry.exported}
+ {formEntry.exported}
|
\ No newline at end of file
diff --git a/Resources/Private/CommandTask/Partials/FormEntries/InMail.html b/Resources/Private/CommandTask/Partials/FormEntries/InMail.html
index 1de6203..49966e9 100755
--- a/Resources/Private/CommandTask/Partials/FormEntries/InMail.html
+++ b/Resources/Private/CommandTask/Partials/FormEntries/InMail.html
@@ -16,8 +16,8 @@
{mailItem.crdate}
Form name: {mailItem.form}
- From: {mailItem.answers.name.value} - {mailItem.answers.email.value}
- Message: {mailItem.answers.message.value}
+ From: {mailItem.answers.name.value} - {mailItem.answers.email.value}
+ Message: {mailItem.answers.message.value}