From 88e8579baea675ea8e8d2cff0b4734536fe4bc2c Mon Sep 17 00:00:00 2001
From: colemanw <coleman@civicrm.org>
Date: Fri, 19 Sep 2025 14:22:14 -0400
Subject: [PATCH] Ensure html attributes are escaped in templates

This adds escape='htmlattribute' to all translations within tags, which ensures any special characters in the translated string
are properly escaped and don't break out of the quotes or cause other problems.

See https://github.com/civicrm/civicrm-core/pull/26792

Note: This requires CiviCRM 5.65 at minimum.
---
 info.xml                                              | 11 ++++-------
 .../CRM/Contribute/Form/ContributionView.old.tpl      |  2 +-
 .../CRM/Contribute/Form/ContributionView.tpl          |  4 ++--
 3 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/info.xml b/info.xml
index d92d22d..1299c2b 100644
--- a/info.xml
+++ b/info.xml
@@ -1,5 +1,5 @@
-<?xml version="1.0" encoding="iso-8859-1" ?>
- <extension key="uk.co.circleinteractive.offlinerecurring" type="module">
+<?xml version="1.0" encoding="iso-8859-1"?>
+<extension key="uk.co.circleinteractive.offlinerecurring" type="module">
   <downloadUrl>http://extensions.circle-interactive.co.uk/uk.co.circleinteractive.offlinerecurring-v1.6.zip</downloadUrl>
   <file>offlinerecurring</file>
   <name>Offline Recurring Payment</name>
@@ -19,10 +19,7 @@
   <version>1.6</version>
   <develStage>stable</develStage>
   <compatibility>
-    <ver>4.1</ver>
-    <ver>4.2</ver>
-    <ver>4.3</ver>
-    <ver>4.4</ver>
+    <ver>5.65</ver>
   </compatibility>
   <comments>For support, please contact project team on the forums. (http://forum.civicrm.org)</comments>
-</extension>  
+</extension>
diff --git a/legacy/templates/CRM/Contribute/Form/ContributionView.old.tpl b/legacy/templates/CRM/Contribute/Form/ContributionView.old.tpl
index cb98696..0aef6dc 100644
--- a/legacy/templates/CRM/Contribute/Form/ContributionView.old.tpl
+++ b/legacy/templates/CRM/Contribute/Form/ContributionView.old.tpl
@@ -196,7 +196,7 @@
 	{if $softCreditToName}
     <tr>
     	<td class="label">{ts}Soft Credit To{/ts}</td>
-        <td><a href="{crmURL p="civicrm/contact/view" q="reset=1&cid=`$soft_credit_to`"}" id="view_contact" title="{ts}View contact record{/ts}">{$softCreditToName}</a></td>
+        <td><a href="{crmURL p="civicrm/contact/view" q="reset=1&cid=`$soft_credit_to`"}" id="view_contact" title="{ts escape='htmlattribute'}View contact record{/ts}">{$softCreditToName}</a></td>
     </tr>
     {/if}	
 </table>
diff --git a/legacy/templates/CRM/Contribute/Form/ContributionView.tpl b/legacy/templates/CRM/Contribute/Form/ContributionView.tpl
index 23812ef..e927608 100644
--- a/legacy/templates/CRM/Contribute/Form/ContributionView.tpl
+++ b/legacy/templates/CRM/Contribute/Form/ContributionView.tpl
@@ -214,7 +214,7 @@
 	{if $softCreditToName and !$pcp_id} {* We show soft credit name with PCP section if contribution is linked to a PCP. *}
     <tr>
     	<td class="label">{ts}Soft Credit To{/ts}</td>
-        <td><a href="{crmURL p="civicrm/contact/view" q="reset=1&cid=`$soft_credit_to`"}" id="view_contact" title="{ts}View contact record{/ts}">{$softCreditToName}</a></td>
+        <td><a href="{crmURL p="civicrm/contact/view" q="reset=1&cid=`$soft_credit_to`"}" id="view_contact" title="{ts escape='htmlattribute'}View contact record{/ts}">{$softCreditToName}</a></td>
     </tr>
     {/if}	
 </table>
@@ -251,7 +251,7 @@
                 </tr>
                 <tr>
                 	<td class="label">{ts}Soft Credit To{/ts}</td>
-                    <td><a href="{crmURL p="civicrm/contact/view" q="reset=1&cid=`$soft_credit_to`"}" id="view_contact" title="{ts}View contact record{/ts}">{$softCreditToName}</a></td>
+                    <td><a href="{crmURL p="civicrm/contact/view" q="reset=1&cid=`$soft_credit_to`"}" id="view_contact" title="{ts escape='htmlattribute'}View contact record{/ts}">{$softCreditToName}</a></td>
                 </tr>
                 <tr><td class="label">{ts}In Public Honor Roll?{/ts}</td><td>{if $pcp_display_in_roll}{ts}Yes{/ts}{else}{ts}No{/ts}{/if}</td></tr>
                 {if $pcp_roll_nickname}