From b577457c86c5693e9f7b71c26b491cb2ed4682a2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 12 Apr 2023 14:50:19 +0200 Subject: [PATCH 1/5] css --- htdocs/projet/class/project.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index 1e4c6862c58..edf26bcd292 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -307,7 +307,7 @@ class Project extends CommonObject 'fk_user_creat' =>array('type'=>'integer', 'label'=>'UserCreation', 'enabled'=>1, 'visible'=>0, 'notnull'=>1, 'position'=>410), 'fk_user_modif' =>array('type'=>'integer', 'label'=>'UserModification', 'enabled'=>1, 'visible'=>0, 'position'=>415), 'import_key' =>array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>1, 'visible'=>-1, 'position'=>420), - 'email_msgid'=>array('type'=>'varchar(255)', 'label'=>'EmailMsgID', 'enabled'=>1, 'visible'=>-1, 'position'=>450, 'help'=>'EmailMsgIDWhenSourceisEmail'), + 'email_msgid'=>array('type'=>'varchar(255)', 'label'=>'EmailMsgID', 'enabled'=>1, 'visible'=>-1, 'position'=>450, 'help'=>'EmailMsgIDWhenSourceisEmail', 'csslist'=>'tdoverflowmax125'), 'fk_statut' =>array('type'=>'smallint(6)', 'label'=>'Status', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'position'=>500), ); // END MODULEBUILDER PROPERTIES From 24fdec736bd72d0f58bfc85b98590deb0653820e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 12 Apr 2023 14:53:54 +0200 Subject: [PATCH 2/5] Fix missing escape html --- htdocs/projet/list.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index 671f528483b..a85817704a5 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -1793,10 +1793,12 @@ while ($i < $imaxinloop) { } // Email MsgID if (!empty($arrayfields['p.email_msgid']['checked'])) { - print ''; - print $obj->email_msgid; + print ''; + print dol_escape_htmltag($obj->email_msgid); print ''; - if (!$i) $totalarray['nbfield']++; + if (!$i) { + $totalarray['nbfield']++; + } } // Import key if (!empty($arrayfields['p.import_key']['checked'])) { From 4fe73e1fc3bf72c70f8bd56c9ac1c7a260796272 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 13 Apr 2023 10:40:57 +0200 Subject: [PATCH 3/5] Fix duplicate defined --- htdocs/public/eventorganization/attendee_new.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/htdocs/public/eventorganization/attendee_new.php b/htdocs/public/eventorganization/attendee_new.php index 1b9a555f246..f74c5b8fa24 100644 --- a/htdocs/public/eventorganization/attendee_new.php +++ b/htdocs/public/eventorganization/attendee_new.php @@ -34,9 +34,7 @@ if (!defined('NOIPCHECK')) { if (!defined('NOBROWSERNOTIF')) { define('NOBROWSERNOTIF', '1'); } -if (!defined('NOIPCHECK')) { - define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -} + // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php @@ -553,8 +551,8 @@ if (empty($reshook) && $action == 'add' && (!empty($conference->id) && $conferen // Add link between invoice and the attendee registration /*if (!$error) { - $facture->add_object_linked($confattendee->element, $confattendee->id); - }*/ + $facture->add_object_linked($confattendee->element, $confattendee->id); + }*/ } if (!$error) { @@ -726,6 +724,9 @@ if ($project->date_start_event || $project->date_end_event) { if ($project->location) { print ''.dol_escape_htmltag($project->location).'
'; } +if ($project->note_public) { + print '
'.dol_escape_htmltag($project->note_public).'
'; +} print ''; From fbe8e2731d7584fd3fcdb9e3394a857b7c72e656 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 13 Apr 2023 12:58:06 +0200 Subject: [PATCH 4/5] Fix escapment --- htdocs/core/lib/functions.lib.php | 2 +- htdocs/public/eventorganization/attendee_new.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index c306005cffe..0f8ee157340 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -1488,7 +1488,7 @@ function dol_escape_json($stringtoescape) * @param string $noescapetags '' or 'common' or list of tags to not escape. TODO Does not works yet when there is attributes into tag. * @param int $escapeonlyhtmltags 1=Escape only html tags, not the special chars like accents. * @return string Escaped string - * @see dol_string_nohtmltag(), dol_string_nospecial(), dol_string_unaccent() + * @see dol_string_nohtmltag(), dol_string_nospecial(), dol_string_unaccent(), dol_htmlentitiesbr() */ function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $noescapetags = '', $escapeonlyhtmltags = 0) { diff --git a/htdocs/public/eventorganization/attendee_new.php b/htdocs/public/eventorganization/attendee_new.php index f74c5b8fa24..043e52f5808 100644 --- a/htdocs/public/eventorganization/attendee_new.php +++ b/htdocs/public/eventorganization/attendee_new.php @@ -725,7 +725,7 @@ if ($project->location) { print ''.dol_escape_htmltag($project->location).'
'; } if ($project->note_public) { - print '
'.dol_escape_htmltag($project->note_public).'
'; + print '
'.dol_htmlentitiesbr($project->note_public).'
'; } print ''; From 4fc8b40b71619511fba9d1a9b9b486b55dc47d6e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 13 Apr 2023 13:06:09 +0200 Subject: [PATCH 5/5] Fix too verbose --- htdocs/emailcollector/class/emailcollector.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/emailcollector/class/emailcollector.class.php b/htdocs/emailcollector/class/emailcollector.class.php index 7391d6e6acd..ff10cedcb66 100644 --- a/htdocs/emailcollector/class/emailcollector.class.php +++ b/htdocs/emailcollector/class/emailcollector.class.php @@ -1020,8 +1020,8 @@ class EmailCollector extends CommonObject } } //var_dump($substitutionarray); - dol_syslog('substitutionarray='.var_export($substitutionarray, true)); - //var_dump($substitutionarray); + //dol_syslog('substitutionarray='.var_export($substitutionarray, true)); + $valuetouse = make_substitutions($valuetouse, $substitutionarray); if (preg_match('/^options_/', $tmpproperty)) { $object->array_options[preg_replace('/^options_/', '', $tmpproperty)] = $valuetouse;