Merge pull request #237 from maximilianoraul/master

Fix XSS Vulnerability in CRUD views generated

src/generators/crud/default/views/create.php

@@ -34,7 +34,7 @@
         <?= "<?= Yii::t('{$generator->modelMessageCategory}', '{$modelName}') ?>\n" ?>
         <small>
             <?php $label = StringHelper::basename($generator->modelClass); ?>
-            <?= '<?= $model->'.$generator->getModelNameAttribute($generator->modelClass)." ?>\n" ?>
+            <?= '<?= Html::encode($model->'.$generator->getModelNameAttribute($generator->modelClass).") ?>\n" ?>
         </small>
     </h1>
 

src/generators/crud/default/views/update.php

@@ -37,7 +37,7 @@
 
         <small>
             <?php $label = StringHelper::basename($generator->modelClass); ?>
-            <?= '<?= $model->'.$generator->getModelNameAttribute($generator->modelClass)." ?>\n" ?>
+            <?= '<?= Html::encode($model->'.$generator->getModelNameAttribute($generator->modelClass).") ?>\n" ?>
         </small>
     </h1>
 

src/generators/crud/default/views/view.php

@@ -63,7 +63,7 @@
     <h1>
         <?= "<?= Yii::t('{$generator->modelMessageCategory}', '{$modelName}') ?>\n" ?>
         <small>
-            <?= '<?= $model->'.$generator->getModelNameAttribute($generator->modelClass)." ?>\n" ?>
+            <?= '<?= Html::encode($model->'.$generator->getModelNameAttribute($generator->modelClass).") ?>\n" ?>
         </small>
     </h1>
 
@@ -140,7 +140,7 @@
 
     $items = <<<EOS
 [
-    'label'   => '<b class=""># '.\$model->{$model->primaryKey()[0]}.'</b>',
+    'label'   => '<b class=""># '.Html::encode(\$model->{$model->primaryKey()[0]}).'</b>',
     'content' => \$this->blocks['{$generator->modelClass}'],
     'active'  => true,
 ],