fix add template - refs BT#13086

8 years ago · 9b7cdb9c50
parent cd16e6ce99
commit 9b7cdb9c50
1 changed files with 11 additions and 5 deletions
--- a/main/admin/settings.lib.php
+++ b/main/admin/settings.lib.php
@ -1081,23 +1081,29 @@ function addEditTemplate()

            // Store the information in the database (as insert or as update).
            $table_system_template = Database::get_main_table('system_template');
+            $cssFile = api_get_path(WEB_CSS_PATH).'themes/'.api_get_visual_theme().'/editor.css';
+            $style = '<link href="'.$cssFile.'" rel="stylesheet" media="screen" type="text/css" />';
+            $bootstrap = '<link href="'.api_get_path(WEB_PUBLIC_PATH).'assets/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet" media="screen" type="text/css" />';
+            $viewport = '<meta name="viewport" content="width=device-width, initial-scale=1.0">';
+            
            if ($_GET['action'] == 'add') {
-                $content_template = Security::remove_XSS($values['template_text'], COURSEMANAGERLOWSECURITY);
+                $templateContent = '<head>'.$viewport.'<title>'.$values['title'].'</title>'.$style.$bootstrap.'</head>'
+                    . '<body>'.Database::escape_string($values['template_text']).'</body>';
+                $content_template = Security::remove_XSS($templateContent, COURSEMANAGERLOWSECURITY);
                $params = [
                    'title' =>  $values['title'],
                    'content' => $content_template,
                    'image' => $new_file_name
                ];
+                
+                
                Database::insert($table_system_template, $params);

                // Display a feedback message.
                echo Display::return_message(get_lang('TemplateAdded'), 'confirm');
                echo '<a href="settings.php?category=Templates&action=add">'.Display::return_icon('new_template.png', get_lang('AddTemplate'), '', ICON_SIZE_MEDIUM).'</a>';
            } else {
-                $cssFile = api_get_path(WEB_CSS_PATH).'themes/'.api_get_visual_theme().'/editor.css';
-                $style = '<link href="'.$cssFile.'" rel="stylesheet" media="screen" type="text/css" />';
-                $bootstrap = '<link href="'.api_get_path(WEB_PUBLIC_PATH).'assets/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet" media="screen" type="text/css" />';
-                $viewport = '<meta name="viewport" content="width=device-width, initial-scale=1.0">';
+                
                $content_template = '<head>'.$viewport.'<title>'.$values['title'].'</title>'.$style.$bootstrap.'</head>'
                    . '<body>'.Database::escape_string($values['template_text']).'</body>';
                $sql = "UPDATE $table_system_template set title = '".Database::escape_string($values['title'])."', content = '".$content_template."'";