Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 09:38:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX Param keepn must be 1 when dol_escape_htmltag used for textarea

Browse Source 
Conflicts:
	htdocs/expensereport/card.php
	htdocs/projet/card.php
	htdocs/public/members/new.php
	htdocs/public/opensurvey/studs.php
This commit is contained in:
Laurent Destailleur
2019-03-15 15:13:28 +01:00
parent 074ba0729a
commit 6f0fbc42c1
6 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/functions.lib.php
View File

@@ -965,7 +965,7 @@ function dol_escape_js($stringtoescape, $mode=0, $noescapebackslashn=0)
* *
* @param string $stringtoescape String to escape * @param string $stringtoescape String to escape
* @param int $keepb 1=Preserve b tags (otherwise, remove them) * @param int $keepb 1=Preserve b tags (otherwise, remove them)
* @param int $keepn 1=Preserve \r\n strings (otherwise, replace them with escaped value) * @param int $keepn 1=Preserve \r\n strings (otherwise, replace them with escaped value). Set to 1 when escaping for a <textarea>.
* @return string Escaped string * @return string Escaped string
* @see dol_string_nohtmltag, dol_string_nospecial, dol_string_unaccent * @see dol_string_nohtmltag, dol_string_nospecial, dol_string_unaccent
*/ */

4
htdocs/don/card.php
View File

@@ -396,7 +396,7 @@ if ($action == 'create')
print "<tr>".'<td>'.$langs->trans("Lastname").'</td><td><input type="text" name="lastname" value="'.dol_escape_htmltag(GETPOST("lastname")).'" class="maxwidth200"></td></tr>'; print "<tr>".'<td>'.$langs->trans("Lastname").'</td><td><input type="text" name="lastname" value="'.dol_escape_htmltag(GETPOST("lastname")).'" class="maxwidth200"></td></tr>';
print "<tr>".'<td>'.$langs->trans("Firstname").'</td><td><input type="text" name="firstname" value="'.dol_escape_htmltag(GETPOST("firstname")).'" class="maxwidth200"></td></tr>'; print "<tr>".'<td>'.$langs->trans("Firstname").'</td><td><input type="text" name="firstname" value="'.dol_escape_htmltag(GETPOST("firstname")).'" class="maxwidth200"></td></tr>';
print "<tr>".'<td>'.$langs->trans("Address").'</td><td>'; print "<tr>".'<td>'.$langs->trans("Address").'</td><td>';
print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="3">'.dol_escape_htmltag(GETPOST("address")).'</textarea></td></tr>'; print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="3">'.dol_escape_htmltag(GETPOST("address", "none"), 0, 1).'</textarea></td></tr>';
// Zip / Town // Zip / Town
print '<tr><td>'.$langs->trans("Zip").' / '.$langs->trans("Town").'</td><td>'; print '<tr><td>'.$langs->trans("Zip").' / '.$langs->trans("Town").'</td><td>';
@@ -535,7 +535,7 @@ if (! empty($id) && $action == 'edit')
print '<tr><td>'.$langs->trans("Lastname").'</td><td><input type="text" name="lastname" class="maxwidth200" value="'.dol_escape_htmltag($object->lastname).'"></td></tr>'; print '<tr><td>'.$langs->trans("Lastname").'</td><td><input type="text" name="lastname" class="maxwidth200" value="'.dol_escape_htmltag($object->lastname).'"></td></tr>';
print '<tr><td>'.$langs->trans("Firstname").'</td><td><input type="text" name="firstname" class="maxwidth200" value="'.dol_escape_htmltag($object->firstname).'"></td></tr>'; print '<tr><td>'.$langs->trans("Firstname").'</td><td><input type="text" name="firstname" class="maxwidth200" value="'.dol_escape_htmltag($object->firstname).'"></td></tr>';
print '<tr><td>'.$langs->trans("Address").'</td><td>'; print '<tr><td>'.$langs->trans("Address").'</td><td>';
print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.dol_escape_htmltag($object->address).'</textarea></td></tr>'; print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.dol_escape_htmltag($object->address, 0, 1).'</textarea></td></tr>';
// Zip / Town // Zip / Town
print '<tr><td>'.$langs->trans("Zip").' / '.$langs->trans("Town").'</td><td>'; print '<tr><td>'.$langs->trans("Zip").' / '.$langs->trans("Town").'</td><td>';

4
htdocs/expensereport/card.php
View File

@@ -2132,7 +2132,7 @@ else
// Add comments // Add comments
print '<td>'; print '<td>';
print '<textarea name="comments" class="flat_ndf centpercent">'.dol_escape_htmltag($line->comments).'</textarea>'; print '<textarea name="comments" class="flat_ndf centpercent">'.dol_escape_htmltag($line->comments, 0, 1).'</textarea>';
print '</td>'; print '</td>';
// VAT // VAT
@@ -2215,7 +2215,7 @@ else
// Add comments // Add comments
print '<td>'; print '<td>';
print '<textarea class="flat_ndf centpercent" name="comments">'.dol_escape_htmltag($comments).'</textarea>'; print '<textarea class="flat_ndf centpercent" name="comments" rows="'.ROWS_2.'">'.dol_escape_htmltag($comments, 0, 1).'</textarea>';
print '</td>'; print '</td>';
// Select VAT // Select VAT

2
htdocs/projet/card.php
View File

@@ -616,7 +616,7 @@ if ($action == 'create' && $user->rights->projet->creer)
// Description // Description
print '<tr><td class="tdtop">'.$langs->trans("Description").'</td>'; print '<tr><td class="tdtop">'.$langs->trans("Description").'</td>';
print '<td>'; print '<td>';
print '<textarea name="description" wrap="soft" class="centpercent" rows="'.ROWS_3.'">'.dol_escape_htmltag(GETPOST("description",'none')).'</textarea>'; print '<textarea name="description" wrap="soft" class="centpercent" rows="'.ROWS_3.'">'.dol_escape_htmltag(GETPOST("description", 'none'), 0, 1).'</textarea>';
print '</td></tr>'; print '</td></tr>';
// Bill time // Bill time

4
htdocs/public/members/new.php
View File

@@ -586,7 +586,7 @@ print '<tr><td>'.$langs->trans("Firstname").' <FONT COLOR="red">*</FONT></td><td
print '<tr id="trcompany" class="trcompany"><td>'.$langs->trans("Company").'</td><td><input type="text" name="societe" class="minwidth150" value="'.dol_escape_htmltag(GETPOST('societe')).'"></td></tr>'."\n"; print '<tr id="trcompany" class="trcompany"><td>'.$langs->trans("Company").'</td><td><input type="text" name="societe" class="minwidth150" value="'.dol_escape_htmltag(GETPOST('societe')).'"></td></tr>'."\n";
// Address // Address
print '<tr><td>'.$langs->trans("Address").'</td><td>'."\n"; print '<tr><td>'.$langs->trans("Address").'</td><td>'."\n";
print '<textarea name="address" id="address" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.dol_escape_htmltag(GETPOST('address')).'</textarea></td></tr>'."\n"; print '<textarea name="address" id="address" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.dol_escape_htmltag(GETPOST('address', 'none'), 0, 1).'</textarea></td></tr>'."\n";
// Zip / Town // Zip / Town
print '<tr><td>'.$langs->trans('Zip').' / '.$langs->trans('Town').'</td><td>'; print '<tr><td>'.$langs->trans('Zip').' / '.$langs->trans('Town').'</td><td>';
print $formcompany->select_ziptown(GETPOST('zipcode'), 'zipcode', array('town','selectcountry_id','state_id'), 6, 1); print $formcompany->select_ziptown(GETPOST('zipcode'), 'zipcode', array('town','selectcountry_id','state_id'), 6, 1);
@@ -641,7 +641,7 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_add.tpl.php';
// Comments // Comments
print '<tr>'; print '<tr>';
print '<td class="tdtop">'.$langs->trans("Comments").'</td>'; print '<td class="tdtop">'.$langs->trans("Comments").'</td>';
print '<td class="tdtop"><textarea name="note_private" id="note_private" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.dol_escape_htmltag(GETPOST('note_private','none')).'</textarea></td>'; print '<td class="tdtop"><textarea name="note_private" id="note_private" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.dol_escape_htmltag(GETPOST('note_private', 'none'), 0, 1).'</textarea></td>';
print '</tr>'."\n"; print '</tr>'."\n";
// Add specific fields used by Dolibarr foundation for example // Add specific fields used by Dolibarr foundation for example

2
htdocs/public/opensurvey/studs.php
View File

@@ -752,7 +752,7 @@ if ($comments)
if ($object->allow_comments) { if ($object->allow_comments) {
print '<div class="addcomment">' .$langs->trans("AddACommentForPoll") . "<br>\n"; print '<div class="addcomment">' .$langs->trans("AddACommentForPoll") . "<br>\n";
print '<textarea name="comment" rows="'.ROWS_2.'" class="quatrevingtpercent">'.dol_escape_htmltag(GETPOST('comment','none')).'</textarea><br>'."\n"; print '<textarea name="comment" rows="'.ROWS_2.'" class="quatrevingtpercent">'.dol_escape_htmltag(GETPOST('comment', 'none'), 0, 1).'</textarea><br>'."\n";
print $langs->trans("Name") .': '; print $langs->trans("Name") .': ';
print '<input type="text" name="commentuser" maxlength="64" value="'.GETPOST('commentuser','nohtml').'"> &nbsp; '."\n"; print '<input type="text" name="commentuser" maxlength="64" value="'.GETPOST('commentuser','nohtml').'"> &nbsp; '."\n";
print '<input type="submit" class="button" name="ajoutcomment" value="'.dol_escape_htmltag($langs->trans("AddComment")).'"><br>'."\n"; print '<input type="submit" class="button" name="ajoutcomment" value="'.dol_escape_htmltag($langs->trans("AddComment")).'"><br>'."\n";