diff --git a/htdocs/lib/doleditor.class.php b/htdocs/lib/doleditor.class.php index de045cd9115..5fa456096d2 100644 --- a/htdocs/lib/doleditor.class.php +++ b/htdocs/lib/doleditor.class.php @@ -81,8 +81,11 @@ class DolEditor { $this->tool = 'textarea'; } - - if ($this->tool == 'fckeditor') + if ($this->tool == 'ckeditor') + { + $content=dol_htmlentitiesbr($content); // If content is not HTML, we convert to HTML. + } + if ($this->tool == 'fckeditor') { require_once(DOL_DOCUMENT_ROOT."/includes/fckeditor/fckeditor.php"); diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php index 7e7249ffbc3..ffbf23cc020 100644 --- a/htdocs/lib/functions.lib.php +++ b/htdocs/lib/functions.lib.php @@ -312,7 +312,8 @@ function dol_string_nospecial($str,$newstr='_',$badchars='') function dol_escape_js($stringtoescape) { // escape quotes and backslashes, newlines, etc. - return strtr($stringtoescape, array("'"=>"\\'",'\\'=>'\\\\',"'"=>"\\'",'"'=>"\\'","\r"=>'\\r',"\n"=>'\\n',''<\/')); + $substitjs=array("'"=>"\\'",'\\'=>'\\\\',"'"=>"\\'",'"'=>"\\'","\r"=>'\\r',"\n"=>'\\n',''<\/'); + return strtr($stringtoescape, $substitjs); } diff --git a/htdocs/product/fiche.php b/htdocs/product/fiche.php index 5a6628f55f8..1f35eb4a41a 100644 --- a/htdocs/product/fiche.php +++ b/htdocs/product/fiche.php @@ -1,6 +1,6 @@ - * Copyright (C) 2004-2010 Laurent Destailleur + * Copyright (C) 2004-2011 Laurent Destailleur * Copyright (C) 2005 Eric Seigne * Copyright (C) 2005-2010 Regis Houssin * Copyright (C) 2006 Andre Cianfarani @@ -1082,7 +1082,7 @@ if ($id || $ref) print ''.$html->editfieldkey("ProductAccountancySellCode",'productaccountancycodesell',$product->accountancy_code_sell,'id',$product->id,$user->rights->produit->creer).''; print $html->editfieldval("ProductAccountancySellCode",'productaccountancycodesell',$product->accountancy_code_sell,'id',$product->id,$user->rights->produit->creer); print ''; - + // Accountancy buy code print ''.$html->editfieldkey("ProductAccountancyBuyCode",'productaccountancycodebuy',$product->accountancy_code_buy,'id',$product->id,$user->rights->produit->creer).''; print $html->editfieldval("ProductAccountancyBuyCode",'productaccountancycodebuy',$product->accountancy_code_buy,'id',$product->id,$user->rights->produit->creer); @@ -1099,7 +1099,7 @@ if ($id || $ref) print ''; // Description - print ''.$langs->trans("Description").''.dol_nl2br($product->description,1,true).''; + print ''.$langs->trans("Description").''.(dol_textishtml($product->description)?$product->description:dol_nl2br($product->description,1,true)).''; // Nature if($product->type!=1) @@ -1196,7 +1196,7 @@ if ($id || $ref) */ // Note - print ''.$langs->trans("Note").''.nl2br($product->note).''; + print ''.$langs->trans("Note").''.(dol_textishtml($product->note)?$product->note:dol_nl2br($product->note,1,true)).''; print "\n"; } diff --git a/htdocs/societe/socnote.php b/htdocs/societe/socnote.php index ae1268e1aa4..6385d48e759 100644 --- a/htdocs/societe/socnote.php +++ b/htdocs/societe/socnote.php @@ -1,6 +1,6 @@ - * Copyright (C) 2004-2010 Laurent Destailleur + * Copyright (C) 2004-2011 Laurent Destailleur * Copyright (C) 2005-2006 Regis Houssin * Copyright (C) 2010 Juanjo Menent * @@ -127,7 +127,7 @@ if ($socid > 0) } else { - print nl2br($societe->note); + print dol_textishtml($societe->note)?$societe->note:dol_nl2br($societe->note,1,true); } print ""; diff --git a/htdocs/user/note.php b/htdocs/user/note.php index 46e54bda603..7308041afb3 100644 --- a/htdocs/user/note.php +++ b/htdocs/user/note.php @@ -1,6 +1,6 @@ - * Copyright (C) 2004-2007 Laurent Destailleur + * Copyright (C) 2004-2011 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -123,21 +123,14 @@ if ($id) { print ""; print "id."\">"; - if ($conf->fckeditor->enabled && $conf->global->FCKEDITOR_ENABLE_USER) - { - // Editeur wysiwyg - require_once(DOL_DOCUMENT_ROOT."/lib/doleditor.class.php"); - $doleditor=new DolEditor('note',$fuser->note,'',280,'dolibarr_notes','In',true); - $doleditor->Create(); - } - else - { - print ''; - } + // Editeur wysiwyg + require_once(DOL_DOCUMENT_ROOT."/lib/doleditor.class.php"); + $doleditor=new DolEditor('note',$fuser->note,'',280,'dolibarr_notes','In',true,false,$conf->fckeditor->enabled && $conf->global->FCKEDITOR_ENABLE_USER,10,80); + $doleditor->Create(); } else { - print nl2br($fuser->note); + print dol_textishtml($fuser->note)?$fuser->note:dol_nl2br($fuser->note,1,true); } print ""; @@ -162,7 +155,7 @@ if ($id) if ($user->rights->user->user->creer && $action != 'edit') { - print "id&action=edit\">".$langs->trans('Modify').""; + print "id."&action=edit\">".$langs->trans('Modify').""; } print "";