mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-12-10 11:31:26 +01:00
NEW Introduce value 'password' formode of sanitization in GETPOST.
This commit is contained in:
Laurent Destailleur
@@ -300,7 +300,7 @@ if (empty($reshook)) {
|
|||||||
$object->gender = trim(GETPOST("gender", 'alphanohtml'));
|
$object->gender = trim(GETPOST("gender", 'alphanohtml'));
|
||||||
$object->login = trim(GETPOST("login", 'alphanohtml'));
|
$object->login = trim(GETPOST("login", 'alphanohtml'));
|
||||||
if (GETPOSTISSET('pass')) {
|
if (GETPOSTISSET('pass')) {
|
||||||
$object->pass = trim(GETPOST("pass", 'none')); // For password, we must use 'none'
|
$object->pass = trim(GETPOST("pass", 'password')); // For password, we must use 'none'
|
||||||
}
|
}
|
||||||
|
|
||||||
$object->societe = trim(GETPOST("societe", 'alphanohtml')); // deprecated
|
$object->societe = trim(GETPOST("societe", 'alphanohtml')); // deprecated
|
||||||
@@ -465,10 +465,10 @@ if (empty($reshook)) {
|
|||||||
$phone = GETPOST("phone", 'alpha');
|
$phone = GETPOST("phone", 'alpha');
|
||||||
$phone_perso = GETPOST("phone_perso", 'alpha');
|
$phone_perso = GETPOST("phone_perso", 'alpha');
|
||||||
$phone_mobile = GETPOST("phone_mobile", 'alpha');
|
$phone_mobile = GETPOST("phone_mobile", 'alpha');
|
||||||
$email = preg_replace('/\s+/', '', GETPOST("member_email", 'alpha'));
|
$email = preg_replace('/\s+/', '', GETPOST("member_email", 'aZ09arobase'));
|
||||||
$url = trim(GETPOST('url', 'custom', 0, FILTER_SANITIZE_URL));
|
$url = trim(GETPOST('url', 'custom', 0, FILTER_SANITIZE_URL));
|
||||||
$login = GETPOST("member_login", 'alphanohtml');
|
$login = GETPOST("member_login", 'alphanohtml');
|
||||||
$pass = GETPOST("password", 'none'); // For password, we use 'none'
|
$pass = GETPOST("password", 'password'); // For password, we use 'none'
|
||||||
$photo = GETPOST("photo", 'alphanohtml');
|
$photo = GETPOST("photo", 'alphanohtml');
|
||||||
$morphy = GETPOST("morphy", 'alphanohtml');
|
$morphy = GETPOST("morphy", 'alphanohtml');
|
||||||
$public = GETPOST("public", 'alphanohtml');
|
$public = GETPOST("public", 'alphanohtml');
|
||||||
@@ -1230,7 +1230,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
|
|||||||
|
|
||||||
// Password
|
// Password
|
||||||
if (!getDolGlobalString('ADHERENT_LOGIN_NOT_REQUIRED')) {
|
if (!getDolGlobalString('ADHERENT_LOGIN_NOT_REQUIRED')) {
|
||||||
print '<tr><td class="fieldrequired">'.$langs->trans("Password").'</td><td><input type="password" name="pass" class="minwidth300" maxlength="50" value="'.dol_escape_htmltag(GETPOSTISSET("pass") ? GETPOST("pass", 'none', 2) : '').'"></td></tr>';
|
print '<tr><td class="fieldrequired">'.$langs->trans("Password").'</td><td><input type="password" name="pass" class="minwidth300" maxlength="50" value="'.dol_escape_htmltag(GETPOSTISSET("pass") ? GETPOST("pass", 'password', 2) : '').'"></td></tr>';
|
||||||
}
|
}
|
||||||
|
|
||||||
// Type
|
// Type
|
||||||
|
|||||||
@@ -131,7 +131,7 @@ if (!getDolGlobalString('ASTERISK_MAX_RETRY')) {
|
|||||||
|
|
||||||
|
|
||||||
$login = GETPOST('login', 'alphanohtml');
|
$login = GETPOST('login', 'alphanohtml');
|
||||||
$password = GETPOST('password', 'none');
|
$password = GETPOST('password', 'password');
|
||||||
$caller = GETPOST('caller', 'alphanohtml');
|
$caller = GETPOST('caller', 'alphanohtml');
|
||||||
$called = GETPOST('called', 'alphanohtml');
|
$called = GETPOST('called', 'alphanohtml');
|
||||||
|
|
||||||
|
|||||||
@@ -156,7 +156,7 @@ if ($action == 'add' && !empty($permissiontoadd)) {
|
|||||||
$object->$key = '(PROV)';
|
$object->$key = '(PROV)';
|
||||||
}
|
}
|
||||||
if ($key == 'pass_crypted') {
|
if ($key == 'pass_crypted') {
|
||||||
$object->pass = GETPOST("pass", "none");
|
$object->pass = GETPOST("pass", "password");
|
||||||
// TODO Manadatory for password not yet managed
|
// TODO Manadatory for password not yet managed
|
||||||
} else {
|
} else {
|
||||||
if (!empty($val['notnull']) && $val['notnull'] > 0 && $object->$key == '' && !isset($val['default'])) {
|
if (!empty($val['notnull']) && $val['notnull'] > 0 && $object->$key == '' && !isset($val['default'])) {
|
||||||
|
|||||||
@@ -44,7 +44,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/website2.lib.php';
|
|||||||
$action = GETPOST('action', 'alpha');
|
$action = GETPOST('action', 'alpha');
|
||||||
$website_ref = GETPOST('website_ref');
|
$website_ref = GETPOST('website_ref');
|
||||||
$page_id = GETPOST('page_id');
|
$page_id = GETPOST('page_id');
|
||||||
$content = GETPOST('content', 'none');
|
$content = GETPOST('content', 'restricthtml');
|
||||||
$element_id = GETPOST('element_id');
|
$element_id = GETPOST('element_id');
|
||||||
$element_type = GETPOST('element_type');
|
$element_type = GETPOST('element_type');
|
||||||
|
|
||||||
|
|||||||
@@ -729,8 +729,8 @@ function GETPOSTISARRAY($paramname, $method = 0)
|
|||||||
*
|
*
|
||||||
* @param string $paramname Name of parameter to found
|
* @param string $paramname Name of parameter to found
|
||||||
* @param string $check Type of check
|
* @param string $check Type of check
|
||||||
* ''=no check (deprecated)
|
* '' or 'none'=no check (deprecated)
|
||||||
* 'none'=no check (only for param that should have very rich content like passwords)
|
* 'password'=allow characters for a password
|
||||||
* 'array', 'array:restricthtml' or 'array:aZ09' to check it's an array
|
* 'array', 'array:restricthtml' or 'array:aZ09' to check it's an array
|
||||||
* 'int'=check it's numeric (integer or float)
|
* 'int'=check it's numeric (integer or float)
|
||||||
* 'intcomma'=check it's integer+comma ('1,2,3,4...')
|
* 'intcomma'=check it's integer+comma ('1,2,3,4...')
|
||||||
@@ -1157,6 +1157,7 @@ function sanitizeVal($out = '', $check = 'alphanohtml', $filter = null, $options
|
|||||||
// Check is done after replacement
|
// Check is done after replacement
|
||||||
switch ($check) {
|
switch ($check) {
|
||||||
case 'none':
|
case 'none':
|
||||||
|
case 'password':
|
||||||
break;
|
break;
|
||||||
case 'int': // Check param is a numeric value (integer but also float or hexadecimal)
|
case 'int': // Check param is a numeric value (integer but also float or hexadecimal)
|
||||||
if (!is_numeric($out)) {
|
if (!is_numeric($out)) {
|
||||||
|
|||||||
@@ -47,13 +47,13 @@ $main_data_dir = GETPOST('main_data_dir') ? GETPOST('main_data_dir') : (empty($a
|
|||||||
$main_url = GETPOST('main_url') ? GETPOST('main_url') : (empty($argv[5]) ? '' : $argv[5]);
|
$main_url = GETPOST('main_url') ? GETPOST('main_url') : (empty($argv[5]) ? '' : $argv[5]);
|
||||||
// Database login information
|
// Database login information
|
||||||
$userroot = GETPOST('db_user_root', 'alpha') ? GETPOST('db_user_root', 'alpha') : (empty($argv[6]) ? '' : $argv[6]);
|
$userroot = GETPOST('db_user_root', 'alpha') ? GETPOST('db_user_root', 'alpha') : (empty($argv[6]) ? '' : $argv[6]);
|
||||||
$passroot = GETPOST('db_pass_root', 'none') ? GETPOST('db_pass_root', 'none') : (empty($argv[7]) ? '' : $argv[7]);
|
$passroot = GETPOST('db_pass_root', 'password') ? GETPOST('db_pass_root', 'password') : (empty($argv[7]) ? '' : $argv[7]);
|
||||||
// Database server
|
// Database server
|
||||||
$db_type = GETPOST('db_type', 'aZ09') ? GETPOST('db_type', 'aZ09') : (empty($argv[8]) ? '' : $argv[8]);
|
$db_type = GETPOST('db_type', 'aZ09') ? GETPOST('db_type', 'aZ09') : (empty($argv[8]) ? '' : $argv[8]);
|
||||||
$db_host = GETPOST('db_host', 'alpha') ? GETPOST('db_host', 'alpha') : (empty($argv[9]) ? '' : $argv[9]);
|
$db_host = GETPOST('db_host', 'alpha') ? GETPOST('db_host', 'alpha') : (empty($argv[9]) ? '' : $argv[9]);
|
||||||
$db_name = GETPOST('db_name', 'aZ09') ? GETPOST('db_name', 'aZ09') : (empty($argv[10]) ? '' : $argv[10]);
|
$db_name = GETPOST('db_name', 'aZ09') ? GETPOST('db_name', 'aZ09') : (empty($argv[10]) ? '' : $argv[10]);
|
||||||
$db_user = GETPOST('db_user', 'alpha') ? GETPOST('db_user', 'alpha') : (empty($argv[11]) ? '' : $argv[11]);
|
$db_user = GETPOST('db_user', 'alpha') ? GETPOST('db_user', 'alpha') : (empty($argv[11]) ? '' : $argv[11]);
|
||||||
$db_pass = GETPOST('db_pass', 'none') ? GETPOST('db_pass', 'none') : (empty($argv[12]) ? '' : $argv[12]);
|
$db_pass = GETPOST('db_pass', 'password') ? GETPOST('db_pass', 'password') : (empty($argv[12]) ? '' : $argv[12]);
|
||||||
$db_port = GETPOSTINT('db_port') ? GETPOSTINT('db_port') : (empty($argv[13]) ? '' : $argv[13]);
|
$db_port = GETPOSTINT('db_port') ? GETPOSTINT('db_port') : (empty($argv[13]) ? '' : $argv[13]);
|
||||||
$db_prefix = GETPOST('db_prefix', 'aZ09') ? GETPOST('db_prefix', 'aZ09') : (empty($argv[14]) ? '' : $argv[14]);
|
$db_prefix = GETPOST('db_prefix', 'aZ09') ? GETPOST('db_prefix', 'aZ09') : (empty($argv[14]) ? '' : $argv[14]);
|
||||||
$db_create_database = GETPOST('db_create_database', 'alpha') ? GETPOST('db_create_database', 'alpha') : (empty($argv[15]) ? '' : $argv[15]);
|
$db_create_database = GETPOST('db_create_database', 'alpha') ? GETPOST('db_create_database', 'alpha') : (empty($argv[15]) ? '' : $argv[15]);
|
||||||
|
|||||||
@@ -873,7 +873,7 @@ if (!defined('NOLOGIN')) {
|
|||||||
}
|
}
|
||||||
// TODO Remove use of $_COOKIE['login_dolibarr'] ? Replace $usertotest = with $usertotest = GETPOST("username", "alpha", $allowedmethodtopostusername);
|
// TODO Remove use of $_COOKIE['login_dolibarr'] ? Replace $usertotest = with $usertotest = GETPOST("username", "alpha", $allowedmethodtopostusername);
|
||||||
$usertotest = (!empty($_COOKIE['login_dolibarr']) ? preg_replace('/[^a-zA-Z0-9_@\-\.]/', '', $_COOKIE['login_dolibarr']) : GETPOST("username", "alpha", $allowedmethodtopostusername));
|
$usertotest = (!empty($_COOKIE['login_dolibarr']) ? preg_replace('/[^a-zA-Z0-9_@\-\.]/', '', $_COOKIE['login_dolibarr']) : GETPOST("username", "alpha", $allowedmethodtopostusername));
|
||||||
$passwordtotest = GETPOST('password', 'none', $allowedmethodtopostusername);
|
$passwordtotest = GETPOST('password', 'password', $allowedmethodtopostusername);
|
||||||
$entitytotest = (GETPOSTINT('entity') ? GETPOSTINT('entity') : (!empty($conf->entity) ? $conf->entity : 1));
|
$entitytotest = (GETPOSTINT('entity') ? GETPOSTINT('entity') : (!empty($conf->entity) ? $conf->entity : 1));
|
||||||
|
|
||||||
// Define if we received the correct data to go into the test of the login with the checkLoginPassEntity().
|
// Define if we received the correct data to go into the test of the login with the checkLoginPassEntity().
|
||||||
|
|||||||
@@ -243,10 +243,10 @@ if (empty($reshook) && $action == 'add') {
|
|||||||
if (getDolGlobalString('ADHERENT_MAIL_REQUIRED') && empty(GETPOST('email'))) {
|
if (getDolGlobalString('ADHERENT_MAIL_REQUIRED') && empty(GETPOST('email'))) {
|
||||||
$error++;
|
$error++;
|
||||||
$errmsg .= $langs->trans('ErrorFieldRequired', $langs->transnoentitiesnoconv('Email'))."<br>\n";
|
$errmsg .= $langs->trans('ErrorFieldRequired', $langs->transnoentitiesnoconv('Email'))."<br>\n";
|
||||||
} elseif (GETPOST("email") && !isValidEmail(GETPOST("email"))) {
|
} elseif (GETPOST("email", "aZ09arobase") && !isValidEmail(GETPOST("email", "aZ09arobase"))) {
|
||||||
$langs->load('errors');
|
$langs->load('errors');
|
||||||
$error++;
|
$error++;
|
||||||
$errmsg .= $langs->trans("ErrorBadEMail", GETPOST("email"))."<br>\n";
|
$errmsg .= $langs->trans("ErrorBadEMail", GETPOST("email", "aZ09arobase"))."<br>\n";
|
||||||
}
|
}
|
||||||
$birthday = dol_mktime(GETPOSTINT("birthhour"), GETPOSTINT("birthmin"), GETPOSTINT("birthsec"), GETPOSTINT("birthmonth"), GETPOSTINT("birthday"), GETPOSTINT("birthyear"));
|
$birthday = dol_mktime(GETPOSTINT("birthhour"), GETPOSTINT("birthmin"), GETPOSTINT("birthsec"), GETPOSTINT("birthmonth"), GETPOSTINT("birthday"), GETPOSTINT("birthyear"));
|
||||||
if (GETPOST("birthmonth") && empty($birthday)) {
|
if (GETPOST("birthmonth") && empty($birthday)) {
|
||||||
@@ -278,6 +278,7 @@ if (empty($reshook) && $action == 'add') {
|
|||||||
// E-mail looks OK and login does not exist
|
// E-mail looks OK and login does not exist
|
||||||
$adh = new Adherent($db);
|
$adh = new Adherent($db);
|
||||||
$adh->statut = -1;
|
$adh->statut = -1;
|
||||||
|
$adh->status = -1;
|
||||||
$adh->public = $public;
|
$adh->public = $public;
|
||||||
$adh->firstname = GETPOST('firstname');
|
$adh->firstname = GETPOST('firstname');
|
||||||
$adh->lastname = GETPOST('lastname');
|
$adh->lastname = GETPOST('lastname');
|
||||||
@@ -287,10 +288,10 @@ if (empty($reshook) && $action == 'add') {
|
|||||||
$adh->address = GETPOST('address');
|
$adh->address = GETPOST('address');
|
||||||
$adh->zip = GETPOST('zipcode');
|
$adh->zip = GETPOST('zipcode');
|
||||||
$adh->town = GETPOST('town');
|
$adh->town = GETPOST('town');
|
||||||
$adh->email = GETPOST('email');
|
$adh->email = GETPOST('email', 'aZ09arobase');
|
||||||
if (!getDolGlobalString('ADHERENT_LOGIN_NOT_REQUIRED')) {
|
if (!getDolGlobalString('ADHERENT_LOGIN_NOT_REQUIRED')) {
|
||||||
$adh->login = GETPOST('login');
|
$adh->login = GETPOST('login');
|
||||||
$adh->pass = GETPOST('pass1');
|
$adh->pass = GETPOST('pass1', 'password');
|
||||||
}
|
}
|
||||||
$adh->photo = GETPOST('photo');
|
$adh->photo = GETPOST('photo');
|
||||||
$adh->country_id = getDolGlobalInt("MEMBER_NEWFORM_FORCECOUNTRYCODE", GETPOSTINT('country_id'));
|
$adh->country_id = getDolGlobalInt("MEMBER_NEWFORM_FORCECOUNTRYCODE", GETPOSTINT('country_id'));
|
||||||
@@ -632,7 +633,7 @@ if (getDolGlobalString('MEMBER_SKIP_TABLE') || getDolGlobalString('MEMBER_NEWFOR
|
|||||||
// EMail
|
// EMail
|
||||||
print '<tr><td class="'.(getDolGlobalString("ADHERENT_MAIL_REQUIRED") ? 'classfortooltip' : '').'" title="'.dol_escape_htmltag($messagemandatory).'">'.$langs->trans("Email").(getDolGlobalString("ADHERENT_MAIL_REQUIRED") ? ' <span class="star">*</span>' : '').'</td><td>';
|
print '<tr><td class="'.(getDolGlobalString("ADHERENT_MAIL_REQUIRED") ? 'classfortooltip' : '').'" title="'.dol_escape_htmltag($messagemandatory).'">'.$langs->trans("Email").(getDolGlobalString("ADHERENT_MAIL_REQUIRED") ? ' <span class="star">*</span>' : '').'</td><td>';
|
||||||
//print img_picto('', 'email', 'class="pictofixedwidth"');
|
//print img_picto('', 'email', 'class="pictofixedwidth"');
|
||||||
print '<input type="text" name="email" maxlength="255" class="minwidth200" value="'.dol_escape_htmltag(GETPOST('email')).'"></td></tr>'."\n";
|
print '<input type="email" name="email" maxlength="255" class="minwidth200" value="'.dol_escape_htmltag(GETPOST('email', "aZ09arobase")).'"></td></tr>'."\n";
|
||||||
|
|
||||||
// Login
|
// Login
|
||||||
if (!getDolGlobalString('ADHERENT_LOGIN_NOT_REQUIRED')) {
|
if (!getDolGlobalString('ADHERENT_LOGIN_NOT_REQUIRED')) {
|
||||||
@@ -809,7 +810,7 @@ if (getDolGlobalString('MEMBER_SKIP_TABLE') || getDolGlobalString('MEMBER_NEWFOR
|
|||||||
// Display Captcha code if is enabled
|
// Display Captcha code if is enabled
|
||||||
if (getDolGlobalString('MAIN_SECURITY_ENABLECAPTCHA')) {
|
if (getDolGlobalString('MAIN_SECURITY_ENABLECAPTCHA')) {
|
||||||
require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
|
require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
|
||||||
print '<tr><td class="titlefield"><label for="email"><span class="fieldrequired">'.$langs->trans("SecurityCode").'</span></label></td><td>';
|
print '<tr><td class="titlefield"><label><span class="fieldrequired">'.$langs->trans("SecurityCode").'</span></label></td><td>';
|
||||||
print '<span class="span-icon-security inline-block">';
|
print '<span class="span-icon-security inline-block">';
|
||||||
print '<input id="securitycode" placeholder="'.$langs->trans("SecurityCode").'" class="flat input-icon-security width150" type="text" maxlength="5" name="code" tabindex="3" />';
|
print '<input id="securitycode" placeholder="'.$langs->trans("SecurityCode").'" class="flat input-icon-security width150" type="text" maxlength="5" name="code" tabindex="3" />';
|
||||||
print '</span>';
|
print '</span>';
|
||||||
|
|||||||
@@ -136,7 +136,7 @@ if (!defined('WEBPORTAL_NOLOGIN') && !empty($context->controllerInstance->access
|
|||||||
|
|
||||||
if ($action == 'login') {
|
if ($action == 'login') {
|
||||||
$login = GETPOST('login', 'alphanohtml');
|
$login = GETPOST('login', 'alphanohtml');
|
||||||
$password = GETPOST('password', 'none');
|
$password = GETPOST('password', 'password');
|
||||||
// $security_code = GETPOST('security_code', 'alphanohtml');
|
// $security_code = GETPOST('security_code', 'alphanohtml');
|
||||||
|
|
||||||
if (empty($login)) {
|
if (empty($login)) {
|
||||||
|
|||||||
@@ -349,8 +349,8 @@ if (empty($reshook)) {
|
|||||||
$id = $object->create($user);
|
$id = $object->create($user);
|
||||||
if ($id > 0) {
|
if ($id > 0) {
|
||||||
$resPass = 0;
|
$resPass = 0;
|
||||||
if (GETPOST('password', 'none')) {
|
if (GETPOST('password', 'password')) {
|
||||||
$resPass = $object->setPassword($user, GETPOST('password', 'none'));
|
$resPass = $object->setPassword($user, GETPOST('password', 'password'));
|
||||||
}
|
}
|
||||||
if (is_int($resPass) && $resPass < 0) {
|
if (is_int($resPass) && $resPass < 0) {
|
||||||
$langs->load("errors");
|
$langs->load("errors");
|
||||||
@@ -438,7 +438,7 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
$object->gender = GETPOST("gender", 'aZ09');
|
$object->gender = GETPOST("gender", 'aZ09');
|
||||||
if ($caneditpasswordandsee) {
|
if ($caneditpasswordandsee) {
|
||||||
$object->pass = GETPOST("password", 'none'); // We can keep 'none' for password fields
|
$object->pass = GETPOST("password", 'password');
|
||||||
}
|
}
|
||||||
if ($caneditpasswordandsee || $user->hasRight("api", "apikey", "generate")) {
|
if ($caneditpasswordandsee || $user->hasRight("api", "apikey", "generate")) {
|
||||||
$object->api_key = (GETPOST("api_key", 'alphanohtml')) ? GETPOST("api_key", 'alphanohtml') : $object->api_key;
|
$object->api_key = (GETPOST("api_key", 'alphanohtml')) ? GETPOST("api_key", 'alphanohtml') : $object->api_key;
|
||||||
@@ -658,10 +658,10 @@ if (empty($reshook)) {
|
|||||||
|
|
||||||
$object->fetch($id);
|
$object->fetch($id);
|
||||||
|
|
||||||
if (GETPOST("password", "none")) { // If pass is empty, we do not change it.
|
if (GETPOST("password", "password")) { // If pass is empty, we do not change it.
|
||||||
$object->oldcopy = clone $object;
|
$object->oldcopy = clone $object;
|
||||||
|
|
||||||
$ret = $object->setPassword($user, GETPOST("password", "none"));
|
$ret = $object->setPassword($user, GETPOST("password", "password"));
|
||||||
if (is_int($ret) && $ret < 0) {
|
if (is_int($ret) && $ret < 0) {
|
||||||
setEventMessages($object->error, $object->errors, 'errors');
|
setEventMessages($object->error, $object->errors, 'errors');
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1926,7 +1926,7 @@ class User extends CommonObject
|
|||||||
$this->db->commit();
|
$this->db->commit();
|
||||||
return $this->id;
|
return $this->id;
|
||||||
} else {
|
} else {
|
||||||
// $this->error deja positionne
|
// $this->error was already set
|
||||||
$this->db->rollback();
|
$this->db->rollback();
|
||||||
return -2;
|
return -2;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1152,7 +1152,7 @@ if ($action == 'addcontainer' && $usercanedit) {
|
|||||||
$objectpage->image = GETPOST('WEBSITE_IMAGE', 'alpha');
|
$objectpage->image = GETPOST('WEBSITE_IMAGE', 'alpha');
|
||||||
$objectpage->keywords = str_replace(array('<', '>'), '', GETPOST('WEBSITE_KEYWORDS', 'alphanohtml'));
|
$objectpage->keywords = str_replace(array('<', '>'), '', GETPOST('WEBSITE_KEYWORDS', 'alphanohtml'));
|
||||||
$objectpage->allowed_in_frames = GETPOST('WEBSITE_ALLOWED_IN_FRAMES', 'aZ09');
|
$objectpage->allowed_in_frames = GETPOST('WEBSITE_ALLOWED_IN_FRAMES', 'aZ09');
|
||||||
$objectpage->htmlheader = GETPOST('htmlheader', 'none');
|
$objectpage->htmlheader = GETPOST('htmlheader', 'none'); // Must accept tags like '<script>' and '<link>'
|
||||||
$objectpage->author_alias = GETPOST('WEBSITE_AUTHORALIAS', 'alphanohtml');
|
$objectpage->author_alias = GETPOST('WEBSITE_AUTHORALIAS', 'alphanohtml');
|
||||||
$objectpage->object_type = GETPOST('WEBSITE_OBJECTCLASS');
|
$objectpage->object_type = GETPOST('WEBSITE_OBJECTCLASS');
|
||||||
$objectpage->fk_object = GETPOST('WEBSITE_OBJECTID');
|
$objectpage->fk_object = GETPOST('WEBSITE_OBJECTID');
|
||||||
@@ -1594,7 +1594,7 @@ if ($action == 'updatecss' && $usercanedit) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
$dataposted = trim(GETPOST('WEBSITE_HTML_HEADER', 'none'));
|
$dataposted = trim(GETPOST('WEBSITE_HTML_HEADER', 'restricthtmlallowunvalid'));
|
||||||
$dataposted = preg_replace(array('/<html>\n*/ims', '/<\/html>\n*/ims'), array('', ''), $dataposted);
|
$dataposted = preg_replace(array('/<html>\n*/ims', '/<\/html>\n*/ims'), array('', ''), $dataposted);
|
||||||
$dataposted = str_replace('<?=', '<?php', $dataposted);
|
$dataposted = str_replace('<?=', '<?php', $dataposted);
|
||||||
|
|
||||||
@@ -1776,7 +1776,7 @@ if ($action == 'updatecss' && $usercanedit) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
$dataposted = trim(GETPOST('WEBSITE_MANIFEST_JSON', 'none'));
|
$dataposted = trim(GETPOST('WEBSITE_MANIFEST_JSON', 'restricthtmlallowunvalid'));
|
||||||
$dataposted = str_replace('<?=', '<?php', $dataposted);
|
$dataposted = str_replace('<?=', '<?php', $dataposted);
|
||||||
|
|
||||||
// Manifest.json file
|
// Manifest.json file
|
||||||
@@ -2038,7 +2038,7 @@ if ($action == 'updatemeta' && $usercanedit) {
|
|||||||
$objectpage->image = GETPOST('WEBSITE_IMAGE', 'alpha');
|
$objectpage->image = GETPOST('WEBSITE_IMAGE', 'alpha');
|
||||||
$objectpage->keywords = str_replace(array('<', '>'), '', GETPOST('WEBSITE_KEYWORDS', 'alphanohtml'));
|
$objectpage->keywords = str_replace(array('<', '>'), '', GETPOST('WEBSITE_KEYWORDS', 'alphanohtml'));
|
||||||
$objectpage->allowed_in_frames = GETPOST('WEBSITE_ALLOWED_IN_FRAMES', 'aZ09');
|
$objectpage->allowed_in_frames = GETPOST('WEBSITE_ALLOWED_IN_FRAMES', 'aZ09');
|
||||||
$objectpage->htmlheader = trim(GETPOST('htmlheader', 'none'));
|
$objectpage->htmlheader = trim(GETPOST('htmlheader', 'none')); // Must accept tags like '<script>' and '<link>'
|
||||||
$objectpage->fk_page = (GETPOSTINT('pageidfortranslation') > 0 ? GETPOSTINT('pageidfortranslation') : 0);
|
$objectpage->fk_page = (GETPOSTINT('pageidfortranslation') > 0 ? GETPOSTINT('pageidfortranslation') : 0);
|
||||||
$objectpage->author_alias = trim(GETPOST('WEBSITE_AUTHORALIAS', 'alphanohtml'));
|
$objectpage->author_alias = trim(GETPOST('WEBSITE_AUTHORALIAS', 'alphanohtml'));
|
||||||
$objectpage->object_type = GETPOST('WEBSITE_OBJECTCLASS', 'alpha');
|
$objectpage->object_type = GETPOST('WEBSITE_OBJECTCLASS', 'alpha');
|
||||||
@@ -3822,7 +3822,7 @@ if ($action == 'editcss') {
|
|||||||
// Clean the php htmlheader file to remove php code and get only html part
|
// Clean the php htmlheader file to remove php code and get only html part
|
||||||
$htmlheadercontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP( \?>)?\n*/ims', '', $htmlheadercontent);
|
$htmlheadercontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP( \?>)?\n*/ims', '', $htmlheadercontent);
|
||||||
} else {
|
} else {
|
||||||
$htmlheadercontent = GETPOST('WEBSITE_HTML_HEADER', 'none');
|
$htmlheadercontent = GETPOST('WEBSITE_HTML_HEADER', 'none'); // Must accept tags like '<script>' and '<link>'
|
||||||
}
|
}
|
||||||
if (!trim($htmlheadercontent)) {
|
if (!trim($htmlheadercontent)) {
|
||||||
$htmlheadercontent = "<html>\n";
|
$htmlheadercontent = "<html>\n";
|
||||||
@@ -3876,7 +3876,7 @@ if ($action == 'editcss') {
|
|||||||
// Clean the readme file to remove php code and get only html part
|
// Clean the readme file to remove php code and get only html part
|
||||||
$readmecontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP( \?>)?\n*/ims', '', $readmecontent);
|
$readmecontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP( \?>)?\n*/ims', '', $readmecontent);
|
||||||
} else {
|
} else {
|
||||||
$readmecontent = GETPOST('WEBSITE_README', 'none');
|
$readmecontent = GETPOST('WEBSITE_README', 'restricthtmlallowunvalid');
|
||||||
}
|
}
|
||||||
if (!trim($readmecontent)) {
|
if (!trim($readmecontent)) {
|
||||||
//$readmecontent.="";
|
//$readmecontent.="";
|
||||||
@@ -3887,7 +3887,7 @@ if ($action == 'editcss') {
|
|||||||
// Clean the readme file to remove php code and get only html part
|
// Clean the readme file to remove php code and get only html part
|
||||||
$licensecontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP( \?>)?\n*/ims', '', $licensecontent);
|
$licensecontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP( \?>)?\n*/ims', '', $licensecontent);
|
||||||
} else {
|
} else {
|
||||||
$licensecontent = GETPOST('WEBSITE_LICENSE', 'none');
|
$licensecontent = GETPOST('WEBSITE_LICENSE', 'restricthtmlallowunvalid');
|
||||||
}
|
}
|
||||||
if (!trim($licensecontent)) {
|
if (!trim($licensecontent)) {
|
||||||
//$readmecontent.="";
|
//$readmecontent.="";
|
||||||
@@ -4361,7 +4361,7 @@ if ($action == 'editmeta' || $action == 'createcontainer') { // Edit properties
|
|||||||
if (GETPOST('WEBSITE_ALLOWED_IN_FRAMES', 'aZ09')) {
|
if (GETPOST('WEBSITE_ALLOWED_IN_FRAMES', 'aZ09')) {
|
||||||
$pageallowedinframes = GETPOST('WEBSITE_ALLOWED_IN_FRAMES', 'aZ09');
|
$pageallowedinframes = GETPOST('WEBSITE_ALLOWED_IN_FRAMES', 'aZ09');
|
||||||
}
|
}
|
||||||
if (GETPOST('htmlheader', 'none')) {
|
if (GETPOST('htmlheader', 'none')) { // Must accept tags like '<script>' and '<link>'
|
||||||
$pagehtmlheader = GETPOST('htmlheader', 'none');
|
$pagehtmlheader = GETPOST('htmlheader', 'none');
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -4694,9 +4694,7 @@ if ($action == 'editmeta' || $action == 'createcontainer') { // Edit properties
|
|||||||
//$doleditor = new DolEditor('content', GETPOST('content', 'restricthtmlallowunvalid'), '', 200, 'dolibarr_mailings', 'In', true, true, true, 40, '90%');
|
//$doleditor = new DolEditor('content', GETPOST('content', 'restricthtmlallowunvalid'), '', 200, 'dolibarr_mailings', 'In', true, true, true, 40, '90%');
|
||||||
$doleditor = new DolEditor('content', GETPOST('content', 'none'), '', 200, 'dolibarr_mailings', 'In', true, true, true, 40, '90%');
|
$doleditor = new DolEditor('content', GETPOST('content', 'none'), '', 200, 'dolibarr_mailings', 'In', true, true, true, 40, '90%');
|
||||||
$doleditor->Create();
|
$doleditor->Create();
|
||||||
//print '<div class="websitesample" id="contentpreview" name="contentpreview" style="height: 200px; border: 1px solid #bbb; overflow: scroll">';
|
|
||||||
print '</div>';
|
print '</div>';
|
||||||
//print '<textarea id="content" name="content" class="hideobject">'.GETPOST('content', 'none').'</textarea>';
|
|
||||||
print '</td></tr>';
|
print '</td></tr>';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user