Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Update functions.lib.php

Browse Source
This commit is contained in:
Frédéric FRANCE
2020-11-04 09:45:02 +01:00
committed by GitHub
parent 1cc7b41de3
commit 7c7a1b5512
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/core/lib/functions.lib.php
View File

@@ -659,11 +659,11 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options =
break; break;
case 'alpha': // No html and no " and no ../ case 'alpha': // No html and no " and no ../
case 'alphanohtml': // Recommended for most scalar parameters and search parameters case 'alphanohtml': // Recommended for most scalar parameters and search parameters
if (!is_array($out)) if (!is_array($out)) {
{
// '"' is dangerous because param in url can close the href= or src= and add javascript functions. // '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals // '../' is dangerous because it allows dir transversals
$out = str_replace(array('"', '"', '../'), '', trim($out)); $out = str_replace(array('"', '"', '../'), '', trim($out));
// keep lines feed
$out = dol_string_nohtmltag($out, 0); $out = dol_string_nohtmltag($out, 0);
} }
break; break;