Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

FIX Sanitize title of ajax_dialog

Browse Source
This commit is contained in:
Laurent Destailleur
2016-11-07 00:09:53 +01:00
parent 15351a5a51
commit 90881f2fa9
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/core/lib/ajax.lib.php
View File

@@ -322,7 +322,8 @@ function ajax_dialog($title,$message,$w=350,$h=150)
{ {
global $langs; global $langs;
$msg= '<div id="dialog-info" title="'.dol_escape_htmltag($title).'">'; $newtitle=dol_textishtml($title)?dol_string_nohtmltag($title,1):$title;
$msg= '<div id="dialog-info" title="'.dol_escape_htmltag($newtitle).'">';
$msg.= $message; $msg.= $message;
$msg.= '</div>'."\n"; $msg.= '</div>'."\n";
$msg.= '<script type="text/javascript"> $msg.= '<script type="text/javascript">

2
htdocs/main.inc.php
View File

@@ -1902,7 +1902,7 @@ if (! function_exists("llxFooter"))
print '<div class="error">'.$msg.'</div>'; print '<div class="error">'.$msg.'</div>';
} }
define("MAIN_CORE_ERROR",0); //define("MAIN_CORE_ERROR",0); // Constant was defined and we can't change value of a constant
} }
print "\n\n"; print "\n\n";