Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix serious regression

Browse Source
This commit is contained in:
ldestailleur
2025-03-10 19:24:21 +01:00
parent f70f623466
commit e362f99aa0
1 changed files with 4 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
htdocs/core/lib/functions.lib.php
View File

@@ -12889,26 +12889,12 @@ function dolGetButtonAction($label, $text = '', $actionType = 'default', $url =
unset($attr['href']); unset($attr['href']);
} }
// Escape all attributes
if (!empty($params['use_unsecured_unescapedattr'])) { // Not recommended.
if (is_array($params['use_unsecured_unescapedattr'])) {
foreach ($attr as $attrK => $attrV) {
if (in_array($attrK, $params['use_unsecured_unescapedattr'])) {
$attr[$attrK] = dol_htmlentities($attrV, ENT_QUOTES | ENT_SUBSTITUTE);
} else {
$attr[$attrK] = dolPrintHTMLForAttribute($attrV);
}
}
} else {
$attr = array_map('dol_htmlentities', $attr);
}
} else {
$attr = array_map('dolPrintHTMLForAttribute', $attr);
}
$TCompiledAttr = array(); $TCompiledAttr = array();
foreach ($attr as $key => $value) { foreach ($attr as $key => $value) {
if ($key == 'href') { if (!empty($params['use_unsecured_unescapedattr']) && is_array($params['use_unsecured_unescapedattr']) && in_array($key, $params['use_unsecured_unescapedattr'])) {
// Not recommended
$value = dol_htmlentities($attrV, ENT_QUOTES | ENT_SUBSTITUTE);
} elseif ($key == 'href') {
$value = dolPrintHTMLForAttributeUrl($value); $value = dolPrintHTMLForAttributeUrl($value);
} else { } else {
$value = dolPrintHTMLForAttribute($value); $value = dolPrintHTMLForAttribute($value);