FIX Sanitize title of ajax_dialog

2016-11-07 00:09:53 +01:00
parent 15351a5a51
commit 90881f2fa9
2 changed files with 3 additions and 2 deletions
--- a/htdocs/core/lib/ajax.lib.php
+++ b/htdocs/core/lib/ajax.lib.php
@@ -322,7 +322,8 @@ function ajax_dialog($title,$message,$w=350,$h=150)
 {
 	global $langs;

-	$msg= '<div id="dialog-info" title="'.dol_escape_htmltag($title).'">';
+	$newtitle=dol_textishtml($title)?dol_string_nohtmltag($title,1):$title;
+	$msg= '<div id="dialog-info" title="'.dol_escape_htmltag($newtitle).'">';
 	$msg.= $message;
 	$msg.= '</div>'."\n";
    $msg.= '<script type="text/javascript">