Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 09:38:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix disallow < > into meta info

Browse Source 
Fix message page regenerated
This commit is contained in:
Laurent Destailleur
2020-06-09 21:43:42 +02:00
parent 063b3263cc
commit 756ef0b583
4 changed files with 40 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/functions.lib.php
View File

@@ -601,7 +601,7 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals
$out = str_replace(array('"', '../'), '', trim($out));
$out = dol_string_nohtmltag($out);
$out = dol_string_nohtmltag($out, 1);
}
break;
case 'restricthtml': // Recommended for most html textarea