Fight against $_POST

2020-11-30 14:47:07 +01:00
parent fa8b960520
commit 00ad6df395
51 changed files with 199 additions and 211 deletions
--- a/htdocs/core/class/html.formsms.class.php
+++ b/htdocs/core/class/html.formsms.class.php
@@ -288,7 +288,7 @@ function limitChars(textarea, limit, infodiv)
 				$defaultmessage = $this->withbody;
 			}
 			$defaultmessage = make_substitutions($defaultmessage, $this->substit);
-			if (isset($_POST["message"])) $defaultmessage = $_POST["message"];
+			if (GETPOSTISSET("message")) $defaultmessage = GETPOST("message", 'restricthtml');
 			$defaultmessage = str_replace('\n', "\n", $defaultmessage);

 			print "<tr>";