CVE-2022-4504: bug fixes (#5846) · openemr/openemr@37d7ed4

@@ -680,17 +680,17 @@ function _nodeToHTML($nodeObj, $prefix, $return = 'newNode’, $currentDepth = 0,

$expanded = $this->isDynamic ? ($nodeObj->expanded ? ‘true’ : ‘false’) : 'true’;

$isDynamic = $this->isDynamic ? ($nodeObj->isDynamic ? ‘true’ : ‘false’) : 'false’;

$html = sprintf(

"\t %s = %s.addItem(new TreeNode('%s’, %s, %s, %s, %s, '%s’, '%s’, %s));\n",

"\t %s = %s.addItem(new TreeNode(jsAttr(%s), jsAttr(%s), jsAttr(%s), %s, %s, '%s’, '%s’, jsAttr(%s)));\n",

$return,

$prefix,

attr($nodeObj->text),

!empty($nodeObj->icon) ? “’” . $nodeObj->icon . “’” : 'null’,

!empty($nodeObj->link) ? “’” . attr($nodeObj->link) . “’” : 'null’,

js_escape($nodeObj->text),

!empty($nodeObj->icon) ? js_escape($nodeObj->icon) : 'null’,

!empty($nodeObj->link) ? js_escape($nodeObj->link) : 'null’,

$expanded,

$isDynamic,

$nodeObj->cssClass,

$nodeObj->linkTarget,

!empty($nodeObj->expandedIcon) ? “’” . $nodeObj->expandedIcon . “’” : ‘null’

!empty($nodeObj->expandedIcon) ? js_escape($nodeObj->expandedIcon) : ‘null’

);

foreach ($nodeObj->events as $event => $handler) {