Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-09 19:18:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge HEAD, branch 'develop' of github.com:Dolibarr/dolibarr into develop

Browse Source
This commit is contained in:
Florian HENRY
2021-01-07 17:54:49 +01:00
parent 04d8a679a7 094ea841db
commit 7c08e3330c
113 changed files with 1848 additions and 1103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/core/lib/functions.lib.php
View File

@@ -680,7 +680,8 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options =
if (!is_array($out)) {
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals
$out = str_replace(array('"', '"', '../'), '', trim($out));
$out = str_replace(array('"', '"'), "''", trim($out));
$out = str_replace(array('../'), '', $out);
// keep lines feed
$out = dol_string_nohtmltag($out, 0);
}