Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

FIX Generic substitution of constant disabled for sensitive constant

Browse Source
This commit is contained in:
Laurent Destailleur
2018-02-24 14:02:27 +01:00
parent e2e0f23d29
commit 1ec5a5d0bf
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/core/lib/functions.lib.php
View File

@@ -5947,7 +5947,8 @@ function make_substitutions($text, $substitutionarray, $outputlangs=null)
if (dol_textishtml($text,1)) $msgishtml = 1;
$keyfound = $reg[1];
$newval=empty($conf->global->$keyfound)?'':$conf->global->$keyfound;
if (preg_match('/(_pass|password|secret|_key|key$)/i', $keyfound)) $newval = '*****forbidden*****';
else $newval=empty($conf->global->$keyfound)?'':$conf->global->$keyfound;
$text = preg_replace('/__\['.preg_quote($keyfound, '/').'\]__/', $msgishtml?dol_htmlentitiesbr($newval):$newval, $text);
}