Add escaping for menu item keys and script properties

app/Models/Pages/Admin.php

@@ -51,30 +51,30 @@ class Admin extends Page
     {
         $r   = $this->c->Router;
         $nav = [
-            'index' => [$r->link('Admin'), __('Admin index')],
-            'users' => [$r->link('AdminUsers'), __('Users')],
+            'index' => [$r->link('Admin'), 'Admin index'],
+            'users' => [$r->link('AdminUsers'), 'Users'],
         ];
 
         if ($this->c->userRules->banUsers) {
-            $nav['bans'] = [$r->link('AdminBans'), __('Bans')];
+            $nav['bans'] = [$r->link('AdminBans'), 'Bans'];
         }
         if (
             $this->user->isAdmin
             || 0 === $this->c->config->i_report_method
             || 2 === $this->c->config->i_report_method
         ) {
-            $nav['reports'] = [$r->link('AdminReports'), __('Reports')];
+            $nav['reports'] = [$r->link('AdminReports'), 'Reports'];
         }
 
         if ($this->user->isAdmin) {
             $nav += [
-                'options'     => [$r->link('AdminOptions'), __('Admin options')],
-                'parser'      => [$r->link('AdminParser'), __('Parser settings')],
-                'categories'  => [$r->link('AdminCategories'), __('Categories')],
-                'forums'      => [$r->link('AdminForums'), __('Forums')],
-                'groups'      => [$r->link('AdminGroups'), __('User groups')],
-                'censoring'   => [$r->link('AdminCensoring'), __('Censoring')],
-                'maintenance' => [$r->link('AdminMaintenance'), __('Maintenance')]
+                'options'     => [$r->link('AdminOptions'), 'Admin options'],
+                'parser'      => [$r->link('AdminParser'), 'Parser settings'],
+                'categories'  => [$r->link('AdminCategories'), 'Categories'],
+                'forums'      => [$r->link('AdminForums'), 'Forums'],
+                'groups'      => [$r->link('AdminGroups'), 'User groups'],
+                'censoring'   => [$r->link('AdminCensoring'), 'Censoring'],
+                'maintenance' => [$r->link('AdminMaintenance'), 'Maintenance'],
             ];
         }
 
@@ -89,7 +89,10 @@ class Admin extends Page
     {
         if ('index' !== $this->aIndex) {
             if (isset($this->aNavigation[$this->aIndex])) {
-                $crumbs[] = $this->aNavigation[$this->aIndex];
+                $crumbs[] = [
+                    $this->aNavigation[$this->aIndex][0],
+                    __($this->aNavigation[$this->aIndex][1]),
+                ];
             } else {
                 $crumbs[] = 'unknown';
             }

app/templates/layouts/admin.forkbb.php

@@ -11,7 +11,7 @@
           <label id="id-an-label" class="f-menu-toggle" for="id-an-checkbox"></label>
           <ul class="f-menu-items">
     @foreach ($p->aNavigation as $key => $val)
-            <li id="id-anav-{{ $key }}" class="f-menu-item"><a class="f-menu-a @if ($key == $p->aIndex) active @endif" href="{{ $val[0] }}"><span class="f-menu-span">{!! $val[1] !!}</span></a></li>
+            <li id="id-anav-{{ $key }}" class="f-menu-item"><a class="f-menu-a @if ($key == $p->aIndex) active @endif" href="{{ $val[0] }}"><span class="f-menu-span">{!! __($val[1]) !!}</span></a></li>
     @endforeach
           </ul>
         </nav>

app/templates/layouts/main.forkbb.php

@@ -27,14 +27,14 @@
         <label id="id-mn-label" class="f-menu-toggle" for="id-mn-checkbox"></label>
         <ul class="f-menu-items">
     @foreach ($p->fNavigation as $key => $val)
-          <li id="id-nav-{!! $key !!}" class="f-menu-item"><!-- inline -->
+          <li id="id-nav-{{ $key }}" class="f-menu-item"><!-- inline -->
             <a class="f-menu-a @if ($key == $p->fIndex) active @endif" href="{{ $val[0] }}" @if ($val[2]) title="{!! __($val[2]) !!}" @endif>
               <span class="f-menu-span">{!! __($val[1]) !!}</span>
             </a>
         @if ($val[3])
             <ul class="f-submenu-items">
             @foreach ($val[3] as $key => $val)
-              <li id="id-nav-{!! $key !!}" class="f-menu-item">
+              <li id="id-nav-{{ $key }}" class="f-menu-item">
                 @if ($val[0])
                 <a class="f-menu-a @if ($key == $p->fSubIndex) active @endif" href="{{ $val[0] }}" @if ($val[2]) title="{!! __($val[2]) !!}" @endif>
                   <span class="f-menu-span">{!! __($val[1]) !!}</span>
@@ -52,14 +52,14 @@
     @if ($p->fNavigationUser)
         <ul class="f-menu-user-items">
         @foreach ($p->fNavigationUser as $key => $val)
-          <li id="id-nav-{!! $key !!}" class="f-menu-item"><!-- inline -->
+          <li id="id-nav-{{ $key }}" class="f-menu-item"><!-- inline -->
             <a class="f-menu-a @if ($key == $p->fIndex) active @endif" href="{{ $val[0] }}" @if ($val[2]) title="{!! __($val[2]) !!}" @endif>
               <span class="f-menu-span">{!! __($val[1]) !!}</span>
             </a>
             @if ($val[3])
             <ul class="f-submenu-items">
                 @foreach ($val[3] as $key => $val)
-              <li id="id-nav-{!! $key !!}" class="f-menu-item">
+              <li id="id-nav-{{ $key }}" class="f-menu-item">
                     @if ($val[0])
                 <a class="f-menu-a @if ($key == $p->fSubIndex) active @endif" href="{{ $val[0] }}" @if ($val[2]) title="{!! __($val[2]) !!}" @endif>
                   <span class="f-menu-span">{!! __($val[1]) !!}</span>
@@ -100,7 +100,7 @@
 @foreach ($p->pageHeaders as $pageHeader)
     @if ('script' === $pageHeader['type'])
         @if (empty($pageHeader['values']['inline']))
-  <script @foreach ($pageHeader['values'] as $key => $val) {!! $key !!}="{{ $val }}" @endforeach></script>
+  <script @foreach ($pageHeader['values'] as $key => $val) {{ $key }}="{{ $val }}" @endforeach></script>
         @else
   <script>{{ $pageHeader['values']['inline'] }}</script>
         @endif