From ec7ea921d443f327b7de17bb5624a0baadc39497 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 8 Nov 2024 18:45:56 +0100 Subject: [PATCH] Debug v21 --- htdocs/core/class/html.formfile.class.php | 3 ++- htdocs/core/lib/functions.lib.php | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index 5cdc77d7339..9a9732d2329 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -1403,7 +1403,8 @@ class FormFile // Show title of list of existing files $morehtmlright = ''; if (!empty($moreoptions['showhideaddbutton']) && $conf->use_javascript_ajax) { - $morehtmlright .= dolGetButtonTitle($langs->trans('New'), '', 'fa fa-plus-circle', 'javascript:console.log("open add file form");jQuery(".divattachnewfile").toggle(); if (!jQuery(".divattachnewfile").is(":hidden")) { jQuery("input[type=\'file\']").click(); }', '', $permtoeditline); + $url = 'javascript:console.log("open add file form");jQuery(".divattachnewfile").toggle(); if (!jQuery(".divattachnewfile").is(":hidden")) { jQuery("input[type=\'file\']").click(); }'; + $morehtmlright .= dolGetButtonTitle($langs->trans('New'), '', 'fa fa-plus-circle', $url, '', $permtoeditline); } if ((empty($useinecm) || $useinecm == 3 || $useinecm == 6) && $title != 'none') { diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 20d3eaa1d37..30c9a2fe43d 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -12874,7 +12874,7 @@ function dolGetButtonTitle($label, $helpText = '', $iconClass = 'fa fa-file', $u $TCompiledAttr = array(); foreach ($attr as $key => $value) { - $TCompiledAttr[] = $key.'="'.dolPrintHTMLForAttribute($value).'"'; + $TCompiledAttr[] = $key.'="'.dol_escape_htmltag($value).'"'; // Do not use dolPrintHTMLForAttribute() here, we must accept "javascript:string" } $compiledAttributes = (empty($TCompiledAttr) ? '' : implode(' ', $TCompiledAttr));