forked from Wavyzz/dolibarr
Merge remote-tracking branch 'upstream/develop' into zapieruser
This commit is contained in:
Frédéric FRANCE
@@ -659,11 +659,11 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options =
|
||||
break;
|
||||
case 'alpha': // No html and no " and no ../
|
||||
case 'alphanohtml': // Recommended for most scalar parameters and search parameters
|
||||
if (!is_array($out))
|
||||
{
|
||||
if (!is_array($out)) {
|
||||
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
|
||||
// '../' is dangerous because it allows dir transversals
|
||||
$out = str_replace(array('"', '"', '../'), '', trim($out));
|
||||
// keep lines feed
|
||||
$out = dol_string_nohtmltag($out, 0);
|
||||
}
|
||||
break;
|
||||
|
||||
@@ -765,8 +765,8 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM
|
||||
$newmenu->add('/admin/system/phpinfo.php?mainmenu=home&leftmenu=admintools', $langs->trans('InfoPHP'), 1);
|
||||
$newmenu->add('/admin/system/database.php?mainmenu=home&leftmenu=admintools', $langs->trans('InfoDatabase'), 1);
|
||||
if (!empty($conf->global->MAIN_FEATURES_LEVEL)) {
|
||||
$newmenu->add("/admin/system/perf.php?mainmenu=home&leftmenu=admintools", $langs->trans("InfoPerf"),1);
|
||||
$newmenu->add("/admin/system/security.php?mainmenu=home&leftmenu=admintools", $langs->trans("InfoSecurity"),1);
|
||||
$newmenu->add("/admin/system/perf.php?mainmenu=home&leftmenu=admintools", $langs->trans("InfoPerf"), 1);
|
||||
$newmenu->add("/admin/system/security.php?mainmenu=home&leftmenu=admintools", $langs->trans("InfoSecurity"), 1);
|
||||
}
|
||||
$newmenu->add("/admin/tools/dolibarr_export.php?mainmenu=home&leftmenu=admintools", $langs->trans("Backup"), 1);
|
||||
$newmenu->add("/admin/tools/dolibarr_import.php?mainmenu=home&leftmenu=admintools", $langs->trans("Restore"), 1);
|
||||
|
||||
Reference in New Issue
Block a user