forked from Wavyzz/dolibarr
Merge branch '21.0' of git@github.com:Dolibarr/dolibarr.git into develop
This commit is contained in:
ldestailleur
@@ -12957,7 +12957,7 @@ function dolGetStatus($statusLabel = '', $statusLabelShort = '', $html = '', $st
|
||||
* @param string $id Attribute id of action button. Example 'action-delete'. This can be used for full ajax confirm if this code is reused into the ->formconfirm() method.
|
||||
* @param int|boolean $userRight User action right
|
||||
* // phpcs:disable
|
||||
* @param array{confirm?:array{url?:string,title?:string,content?:string,action-btn-label?:string,cancel-btn-label?:string,modal?:bool},attr?:array<string,mixed>,areDropdownButtons?:bool,backtopage?:string,lang?:string,enabled?:bool,perm?:int<0,1>,label?:string,url?:string,isDropdown?:int<0,1>,isDropDown?:int<0,1>} $params = [ // Various params for future : recommended rather than adding more function arguments
|
||||
* @param array{confirm?:array{url?:string,title?:string,content?:string,use_unsecured_unescapedattr?:bool|string[],action-btn-label?:string,cancel-btn-label?:string,modal?:bool},attr?:array<string,mixed>,areDropdownButtons?:bool,backtopage?:string,lang?:string,enabled?:bool,perm?:int<0,1>,label?:string,url?:string,isDropdown?:int<0,1>,isDropDown?:int<0,1>} $params = [ // Various params for future : recommended rather than adding more function arguments
|
||||
* 'attr' => [ // to add or override button attributes
|
||||
* 'xxxxx' => '', // your xxxxx attribute you want
|
||||
* 'class' => 'reposition', // to add more css class to the button class attribute
|
||||
@@ -12974,7 +12974,7 @@ function dolGetStatus($statusLabel = '', $statusLabelShort = '', $html = '', $st
|
||||
* ],
|
||||
* ]
|
||||
* // phpcs:enable
|
||||
* Example: array('attr' => array('class' => 'reposition'))
|
||||
* Example: array('attr' => array('class' => 'reposition'))
|
||||
* @return string html button
|
||||
*/
|
||||
function dolGetButtonAction($label, $text = '', $actionType = 'default', $url = '', $id = '', $userRight = 1, $params = array())
|
||||
@@ -13138,7 +13138,23 @@ function dolGetButtonAction($label, $text = '', $actionType = 'default', $url =
|
||||
unset($attr['href']);
|
||||
}
|
||||
|
||||
// escape all attributes
|
||||
// Escape all attributes
|
||||
if (!empty($params['use_unsecured_unescapedattr'])) { // Not recommended.
|
||||
if (is_array($params['use_unsecured_unescapedattr'])) {
|
||||
foreach ($attr as $attrK => $attrV) {
|
||||
if (in_array($attrK, $params['use_unsecured_unescapedattr'])) {
|
||||
$attr[$attrK] = dol_htmlentities($attrV, ENT_QUOTES | ENT_SUBSTITUTE);
|
||||
} else {
|
||||
$attr[$attrK] = dolPrintHTMLForAttribute($attrV);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$attr = array_map('dol_htmlentities', $attr);
|
||||
}
|
||||
} else {
|
||||
$attr = array_map('dolPrintHTMLForAttribute', $attr);
|
||||
}
|
||||
|
||||
$TCompiledAttr = array();
|
||||
foreach ($attr as $key => $value) {
|
||||
if ($key == 'href') {
|
||||
|
||||
Reference in New Issue
Block a user