Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-07 16:41:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX CVE-2024-55227 and CVE-2024-55228 CSRF when

Browse Source 
MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY is
on (hidden option not on by default)
This commit is contained in:
Laurent Destailleur (aka Eldy)
2025-01-08 17:41:45 +01:00
committed by Laurent Destailleur
parent a1003a1a90
commit 9aa24d9d9a
91 changed files with 326 additions and 189 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/commande/class/commande.class.php
View File

@@ -3898,9 +3898,9 @@ class Commande extends CommonOrder
if (empty($notooltip) && $user->hasRight('commande', 'lire')) {
if (getDolGlobalString('MAIN_OPTIMIZEFORTEXTBROWSER')) {
$label = $langs->trans("Order");
$linkclose .= ' alt="'.dol_escape_htmltag($label, 1).'"';
$linkclose .= ' alt="'.dolPrintHtmlForAttribute($label).'"';
}
$linkclose .= ($label ? ' title="'.dol_escape_htmltag($label, 1).'"' : ' title="tocomplete"');
$linkclose .= ($label ? ' title="'.dolPrintHtmlForAttribute($label).'"' : ' title="tocomplete"');
$linkclose .= $dataparams.' class="'.$classfortooltip.'"';
$target_value = array('_self', '_blank', '_parent', '_top');