Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

dolPrintHTMLForAttribute remove \n

Browse Source
This commit is contained in:
Laurent Destailleur
2023-10-23 13:14:59 +02:00
parent 0b11668660
commit d8d3faa50f
1 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
htdocs/core/lib/functions.lib.php
View File

@@ -1645,7 +1645,9 @@ function dolPrintHTML($s, $allowiframe = 0)
*/ */
function dolPrintHTMLForAttribute($s) function dolPrintHTMLForAttribute($s)
{ {
return dol_escape_htmltag($s); // The dol_htmlentitiesbr will convert simple text into html
// The dol_escape_htmltag will escape html chars.
return dol_escape_htmltag(dol_htmlentitiesbr($s), 1, -1);
} }
/** /**
@@ -1682,7 +1684,7 @@ function dolPrintPassword($s)
* *
* @param string $stringtoescape String to escape * @param string $stringtoescape String to escape
* @param int $keepb 1=Keep b tags, 0=remove them completely * @param int $keepb 1=Keep b tags, 0=remove them completely
* @param int $keepn 1=Preserve \r\n strings (otherwise, replace them with escaped value). Set to 1 when escaping for a <textarea>. * @param int $keepn 1=Preserve \r\n strings, 0=Replace them with escaped value, -1=Remove them. Set to 1 when escaping for a <textarea>.
* @param string $noescapetags '' or 'common' or list of tags to not escape. TODO Does not works yet when there is attributes into tag. * @param string $noescapetags '' or 'common' or list of tags to not escape. TODO Does not works yet when there is attributes into tag.
* @param int $escapeonlyhtmltags 1=Escape only html tags, not the special chars like accents. * @param int $escapeonlyhtmltags 1=Escape only html tags, not the special chars like accents.
* @param int $cleanalsojavascript Clean also javascript. @TODO switch this option to 1 by default. * @param int $cleanalsojavascript Clean also javascript. @TODO switch this option to 1 by default.
@@ -1709,18 +1711,20 @@ function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $noescapeta
} }
if (!$keepn) { if (!$keepn) {
$tmp = strtr($tmp, array("\r"=>'\\r', "\n"=>'\\n')); $tmp = strtr($tmp, array("\r"=>'\\r', "\n"=>'\\n'));
} elseif ($keepn == -1) {
$tmp = strtr($tmp, array("\r"=>'', "\n"=>''));
} }
if ($escapeonlyhtmltags) { if ($escapeonlyhtmltags) {
return htmlspecialchars($tmp, ENT_COMPAT, 'UTF-8'); return htmlspecialchars($tmp, ENT_COMPAT, 'UTF-8');
} else { } else {
// Escape tags to keep // Escape tags to keep
// TODO Does not works yet when there is attributes into tag
$tmparrayoftags = array(); $tmparrayoftags = array();
if ($noescapetags) { if ($noescapetags) {
$tmparrayoftags = explode(',', $noescapetags); $tmparrayoftags = explode(',', $noescapetags);
} }
if (count($tmparrayoftags)) { if (count($tmparrayoftags)) {
// TODO Does not works yet when there is attributes into tag
foreach ($tmparrayoftags as $tagtoreplace) { foreach ($tmparrayoftags as $tagtoreplace) {
$tmp = str_ireplace('<'.$tagtoreplace.'>', '__BEGINTAGTOREPLACE'.$tagtoreplace.'__', $tmp); $tmp = str_ireplace('<'.$tagtoreplace.'>', '__BEGINTAGTOREPLACE'.$tagtoreplace.'__', $tmp);
$tmp = str_ireplace('</'.$tagtoreplace.'>', '__ENDTAGTOREPLACE'.$tagtoreplace.'__', $tmp); $tmp = str_ireplace('</'.$tagtoreplace.'>', '__ENDTAGTOREPLACE'.$tagtoreplace.'__', $tmp);