Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-07 16:41:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

use dol_escape_htmltag

Browse Source
This commit is contained in:
John BOTELLA
2021-12-01 16:59:30 +01:00
parent e97e0e4f17
commit c0d00a859f
1 changed files with 2 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
htdocs/core/class/html.formsetup.class.php
View File

@@ -103,17 +103,6 @@ class FormSetup
}
}
/**
* a quick method to sanitize html attributes
* @param string $var the string to sanitize
* @return string
*/
static public function sanitizeHtmlAttribute($var)
{
$var = preg_replace("/\r|\n/", "", $var);
return htmlspecialchars($var, ENT_QUOTES);
}
/**
* Generate an attributes string form an input array
* @param array $attributes an array of attributes keys and values,
@@ -127,7 +116,7 @@ class FormSetup
if (is_array($value) || is_object($value)) {
continue;
}
$Aattr[] = $attribute.'="'.self::sanitizeHtmlAttribute($value).'"';
$Aattr[] = $attribute.'="'.dol_escape_htmltag($value).'"';
}
}
@@ -164,7 +153,7 @@ class FormSetup
// generate hidden values from $this->formHiddenInputs
if (!empty($this->formHiddenInputs) && is_array($this->formHiddenInputs)) {
foreach ($this->formHiddenInputs as $hiddenKey => $hiddenValue) {
$out.= '<input type="hidden" name="'.self::sanitizeHtmlAttribute($hiddenKey).'" value="' . self::sanitizeHtmlAttribute($hiddenValue) . '">';
$out.= '<input type="hidden" name="'.dol_escape_htmltag($hiddenKey).'" value="' . dol_escape_htmltag($hiddenValue) . '">';
}
}
}