forked from Wavyzz/dolibarr
Fix disallow < > into meta info
Fix message page regenerated
This commit is contained in:
Laurent Destailleur
@@ -601,7 +601,7 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null
|
||||
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
|
||||
// '../' is dangerous because it allows dir transversals
|
||||
$out = str_replace(array('"', '../'), '', trim($out));
|
||||
$out = dol_string_nohtmltag($out);
|
||||
$out = dol_string_nohtmltag($out, 1);
|
||||
}
|
||||
break;
|
||||
case 'restricthtml': // Recommended for most html textarea
|
||||
|
||||
@@ -131,3 +131,4 @@ AvailableLanguagesAreDefinedIntoWebsiteProperties=Available languages are define
|
||||
ReplacementDoneInXPages=Replacement done in %s pages or containers
|
||||
RSSFeed=RSS Feed
|
||||
RSSFeedDesc=You can get a RSS feed of latest articles with type 'blogpost' using this URL
|
||||
PagesRegenerated=%s page(s)/container(s) regenerated
|
||||
@@ -1274,7 +1274,7 @@ class Website extends CommonObject
|
||||
* Rebuild all files of a containers of a website. TODO Add other files too.
|
||||
* Note: Files are already regenerated during importWebSite so this function is useless when importing a website.
|
||||
*
|
||||
* @return int <0 if KO, >0 if OK
|
||||
* @return int <0 if KO, >=0 if OK
|
||||
*/
|
||||
public function rebuildWebSiteFiles()
|
||||
{
|
||||
@@ -1344,7 +1344,7 @@ class Website extends CommonObject
|
||||
}
|
||||
else
|
||||
{
|
||||
return 1;
|
||||
return $num;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -884,15 +884,15 @@ if ($action == 'addcontainer')
|
||||
}
|
||||
else
|
||||
{
|
||||
$objectpage->title = GETPOST('WEBSITE_TITLE', 'alphanohtml');
|
||||
$objectpage->title = str_replace(array('<', '>'), '', GETPOST('WEBSITE_TITLE', 'alphanohtml'));
|
||||
$objectpage->type_container = GETPOST('WEBSITE_TYPE_CONTAINER', 'aZ09');
|
||||
$objectpage->pageurl = GETPOST('WEBSITE_PAGENAME', 'alpha');
|
||||
$objectpage->aliasalt = GETPOST('WEBSITE_ALIASALT', 'alphanohtml');
|
||||
$objectpage->description = GETPOST('WEBSITE_DESCRIPTION', 'alphanohtml');
|
||||
$objectpage->aliasalt = str_replace(array('<', '>'), '', GETPOST('WEBSITE_ALIASALT', 'alphanohtml'));
|
||||
$objectpage->description = str_replace(array('<', '>'), '', GETPOST('WEBSITE_DESCRIPTION', 'alphanohtml'));
|
||||
$objectpage->lang = GETPOST('WEBSITE_LANG', 'aZ09');
|
||||
$objectpage->otherlang = GETPOST('WEBSITE_OTHERLANG', 'aZ09comma');
|
||||
$objectpage->image = GETPOST('WEBSITE_IMAGE', 'alpha');
|
||||
$objectpage->keywords = GETPOST('WEBSITE_KEYWORDS', 'alphanohtml');
|
||||
$objectpage->keywords = str_replace(array('<', '>'), '', GETPOST('WEBSITE_KEYWORDS', 'alphanohtml'));
|
||||
$objectpage->htmlheader = GETPOST('htmlheader', 'none');
|
||||
$objectpage->author_alias = GETPOST('WEBSITE_AUTHORALIAS', 'alphanohtml');
|
||||
|
||||
@@ -1561,6 +1561,14 @@ if ($action == 'updatemeta')
|
||||
$websitepagetemp = new WebsitePage($db);
|
||||
foreach ($arrayofaliastotest as $aliastotest)
|
||||
{
|
||||
// Disallow alias name pageX (already used to save the page with id)
|
||||
if (preg_match('/^page\d+/i', $aliastotest)) {
|
||||
$error++;
|
||||
$langs->load("errors");
|
||||
setEventMessages("Alias 'pageX' is not allowed", null, 'errors');
|
||||
$action = 'editmeta';
|
||||
break;
|
||||
} else {
|
||||
$result = $websitepagetemp->fetch(-1 * $objectpage->id, $object->id, $aliastotest);
|
||||
if ($result < 0)
|
||||
{
|
||||
@@ -1580,20 +1588,21 @@ if ($action == 'updatemeta')
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!$error)
|
||||
{
|
||||
$objectpage->old_object = clone $objectpage;
|
||||
|
||||
$objectpage->title = GETPOST('WEBSITE_TITLE', 'alphanohtml');
|
||||
$objectpage->type_container = GETPOST('WEBSITE_TYPE_CONTAINER', 'alphanohtml');
|
||||
$objectpage->title = str_replace(array('<', '>'), '', GETPOST('WEBSITE_TITLE', 'alphanohtml'));
|
||||
$objectpage->type_container = GETPOST('WEBSITE_TYPE_CONTAINER', 'aZ09');
|
||||
$objectpage->pageurl = GETPOST('WEBSITE_PAGENAME', 'alpha');
|
||||
$objectpage->aliasalt = GETPOST('WEBSITE_ALIASALT', 'alpha');
|
||||
$objectpage->aliasalt = str_replace(array('<', '>'), '', GETPOST('WEBSITE_ALIASALT', 'alphanohtml'));
|
||||
$objectpage->lang = GETPOST('WEBSITE_LANG', 'aZ09');
|
||||
$objectpage->otherlang = GETPOST('WEBSITE_OTHERLANG', 'aZ09comma');
|
||||
$objectpage->description = GETPOST('WEBSITE_DESCRIPTION', 'alphanohtml');
|
||||
$objectpage->description = str_replace(array('<', '>'), '', GETPOST('WEBSITE_DESCRIPTION', 'alphanohtml'));
|
||||
$objectpage->image = GETPOST('WEBSITE_IMAGE', 'alpha');
|
||||
$objectpage->keywords = GETPOST('WEBSITE_KEYWORDS', 'alphanohtml');
|
||||
$objectpage->keywords = str_replace(array('<', '>'), '', GETPOST('WEBSITE_KEYWORDS', 'alphanohtml'));
|
||||
$objectpage->htmlheader = trim(GETPOST('htmlheader', 'none'));
|
||||
$objectpage->fk_page = (GETPOST('pageidfortranslation', 'int') > 0 ? GETPOST('pageidfortranslation', 'int') : 0);
|
||||
$objectpage->author_alias = trim(GETPOST('WEBSITE_AUTHORALIAS', 'alphanohtml'));
|
||||
@@ -2023,7 +2032,7 @@ if ($action == 'regeneratesite')
|
||||
$result = $object->rebuildWebSiteFiles();
|
||||
if ($result > 0)
|
||||
{
|
||||
setEventMessages($langs->trans("PagesRegenerated"), null, 'mesgs');
|
||||
setEventMessages($langs->trans("PagesRegenerated", $result), null, 'mesgs');
|
||||
$action = 'preview';
|
||||
}
|
||||
else
|
||||
@@ -3290,12 +3299,12 @@ if ($action == 'editmeta' || $action == 'createcontainer')
|
||||
$pageauthoralias = '';
|
||||
$pagestatus = 1;
|
||||
}
|
||||
if (GETPOST('WEBSITE_TITLE', 'alpha')) $pagetitle = GETPOST('WEBSITE_TITLE', 'alpha');
|
||||
if (GETPOST('WEBSITE_TITLE', 'alpha')) $pagetitle = str_replace(array('<', '>'), '', GETPOST('WEBSITE_TITLE', 'alphanohtml'));
|
||||
if (GETPOST('WEBSITE_PAGENAME', 'alpha')) $pageurl = GETPOST('WEBSITE_PAGENAME', 'alpha');
|
||||
if (GETPOST('WEBSITE_ALIASALT', 'alpha')) $pagealiasalt = GETPOST('WEBSITE_ALIASALT', 'alpha');
|
||||
if (GETPOST('WEBSITE_DESCRIPTION', 'alpha')) $pagedescription = GETPOST('WEBSITE_DESCRIPTION', 'alpha');
|
||||
if (GETPOST('WEBSITE_ALIASALT', 'alpha')) $pagealiasalt = str_replace(array('<', '>'), '', GETPOST('WEBSITE_ALIASALT', 'alphanohtml'));
|
||||
if (GETPOST('WEBSITE_DESCRIPTION', 'alpha')) $pagedescription = str_replace(array('<', '>'), '', GETPOST('WEBSITE_DESCRIPTION', 'alphanohtml'));
|
||||
if (GETPOST('WEBSITE_IMAGE', 'alpha')) $pageimage = GETPOST('WEBSITE_IMAGE', 'alpha');
|
||||
if (GETPOST('WEBSITE_KEYWORDS', 'alpha')) $pagekeywords = GETPOST('WEBSITE_KEYWORDS', 'alpha');
|
||||
if (GETPOST('WEBSITE_KEYWORDS', 'alpha')) $pagekeywords = str_replace(array('<', '>'), '', GETPOST('WEBSITE_KEYWORDS', 'alphanohtml'));
|
||||
if (GETPOST('WEBSITE_LANG', 'aZ09')) $pagelang = GETPOST('WEBSITE_LANG', 'aZ09');
|
||||
if (GETPOST('htmlheader', 'none')) $pagehtmlheader = GETPOST('htmlheader', 'none');
|
||||
|
||||
|
||||
Reference in New Issue
Block a user