diff options
| -rw-r--r-- | lib/kolab_client_task.php | 2 | ||||
| -rw-r--r-- | lib/kolab_utils.php | 17 |
2 files changed, 18 insertions, 1 deletions
diff --git a/lib/kolab_client_task.php b/lib/kolab_client_task.php index 1fe3761..5713a5b 100644 --- a/lib/kolab_client_task.php +++ b/lib/kolab_client_task.php @@ -1682,7 +1682,7 @@ class kolab_client_task $i++; $cells = array(); $cells[] = array('class' => 'name', 'body' => kolab_html::escape($item), - 'onclick' => "kadm.command('$task.info', '$idx')"); + 'onclick' => "kadm.command('$task.info', '" . kolab_utils::js_escape($idx) . "')"); $rows[] = array('id' => $i, 'class' => implode(' ', $class), 'cells' => $cells); } } diff --git a/lib/kolab_utils.php b/lib/kolab_utils.php index e2602af..91dad55 100644 --- a/lib/kolab_utils.php +++ b/lib/kolab_utils.php @@ -206,4 +206,21 @@ class kolab_utils return $str; } + + /** + * Escape string for use in javascript code + * + * @param string $str String + * + * @return string Escaped string + */ + public static function js_escape($str) + { + return strtr($str, array( + '"' => '\\"', + "'" => "\\'", + "\\" => "\\\\", + "\n" => '\n', + )); + } } |