Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Enhance protection on limit of external links

Browse Source
This commit is contained in:
Laurent Destailleur
2022-08-10 22:55:09 +02:00
parent c1bea1b1e4
commit 185980c9c6
1 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
htdocs/core/lib/functions.lib.php
View File

@@ -954,12 +954,15 @@ function sanitizeVal($out = '', $check = 'alphanohtml', $filter = null, $options
// Restore entity ' into ' (restricthtml is for html content so we can use html entity)
$out = preg_replace('/'/i', "'", $out);
preg_match_all('/(<img)/i', $out, $reg);
if (count($reg[0]) > getDolGlobalInt("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT", 1000)) {
$out = '';
}
} while ($oldstringtoclean != $out);
// Check the limit of external links in a Rich text content. We count '<img' and 'url('
$reg = array();
preg_match_all('/(<img|url\()/i', $out, $reg);
if (count($reg[0]) > getDolGlobalInt("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT", 1000)) {
return 'TooManyLinksIntoHTMLString';
}
break;
case 'custom':
if (empty($filter)) {