Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

allow links and scripts on website htmlheader (#30708)

Browse Source
This commit is contained in:
Mohamed DAOUD
2024-08-21 14:10:09 +02:00
committed by GitHub
parent ca414de526
commit f4417e502e
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/functions.lib.php
View File

@@ -8377,7 +8377,7 @@ function dol_htmlwithnojs($stringtoencode, $nouseofiframesandbox = 0, $check = '
// Keep only some html tags and remove also some 'javascript:' strings // Keep only some html tags and remove also some 'javascript:' strings
if ($check == 'restricthtmlallowlinkscript') { if ($check == 'restricthtmlallowlinkscript') {
$out = dol_string_onlythesehtmltags($out, 0, 1, 0, 0, array(), 1); $out = dol_string_onlythesehtmltags($out, 0, 1, 0, 0, array(), 1, 1);
} elseif ($check == 'restricthtmlallowclass') { } elseif ($check == 'restricthtmlallowclass') {
$out = dol_string_onlythesehtmltags($out, 0, 0, 1); $out = dol_string_onlythesehtmltags($out, 0, 0, 1);
} else { } else {

2
htdocs/website/index.php
View File

@@ -1594,7 +1594,7 @@ if ($action == 'updatecss' && $usercanedit) {
} }
$dataposted = trim(GETPOST('WEBSITE_HTML_HEADER', 'none')); // Must accept tags like '<script>' and '<link>' $dataposted = trim(GETPOST('WEBSITE_HTML_HEADER', 'restricthtmlallowlinkscript')); // Must accept tags like '<script>' and '<link>'
$dataposted = preg_replace(array('/<html>\n*/ims', '/<\/html>\n*/ims'), array('', ''), $dataposted); $dataposted = preg_replace(array('/<html>\n*/ims', '/<\/html>\n*/ims'), array('', ''), $dataposted);
$dataposted = str_replace('<?=', '<?php', $dataposted); $dataposted = str_replace('<?=', '<?php', $dataposted);