}
if ($this->_action == CRM_Core_Action::UPDATE) {
- $deleteExtra = ts('Are you sure you want to delete contact image.');
+ $deleteExtra = json_encode(ts('Are you sure you want to delete contact image.'));
$deleteURL = array(
CRM_Core_Action::DELETE => array(
'name' => ts('Delete Contact Image'),
'url' => 'civicrm/contact/image',
'qs' => 'reset=1&cid=%%id%%&action=delete',
- 'extra' =>
- 'onclick = "if (confirm( \'' . $deleteExtra . '\' ) ) this.href+=\'&confirmed=1\'; else return false;"',
+ 'extra' => 'onclick = "' . htmlspecialchars("if (confirm($deleteExtra)) this.href+='&confirmed=1'; else return false;") . '"',
),
);
$deleteURL = CRM_Core_Action::formLink($deleteURL,
$customFieldExtends = (CRM_Utils_Array::value('contact_sub_type', $params)) ? $params['contact_sub_type'] : $params['contact_type'];
$params['custom'] = CRM_Core_BAO_CustomField::postProcess($params,
- $customFields,
$this->_contactId,
$customFieldExtends,
TRUE