Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 09:38:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX Hide a feature that is a security vulnerability.

Browse Source
This commit is contained in:
Laurent Destailleur
2024-09-20 00:19:36 +02:00
parent 3976525aef ed8560ca07
commit c340c34aeb
16 changed files with 184 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/core/lib/functions.lib.php
View File

@@ -263,7 +263,7 @@ function getDolUserString($key, $default = '', $tmpuser = null)
$tmpuser = $user;
}
return (string) (empty($tmpuser->conf->$key) ? $default : $tmpuser->conf->$key);
return (string) (isset($tmpuser->conf->$key) ? $tmpuser->conf->$key : $default);
}
/**
@@ -281,7 +281,7 @@ function getDolUserInt($key, $default = 0, $tmpuser = null)
$tmpuser = $user;
}
return (int) (empty($tmpuser->conf->$key) ? $default : $tmpuser->conf->$key);
return (int) (isset($tmpuser->conf->$key) ? $tmpuser->conf->$key: $default);
}
@@ -8413,7 +8413,7 @@ function dol_htmlwithnojs($stringtoencode, $nouseofiframesandbox = 0, $check = '
// Keep only some html tags and remove also some 'javascript:' strings
if ($check == 'restricthtmlallowlinkscript') {
$out = dol_string_onlythesehtmltags($out, 0, 1, 0, 0, array(), 1, 1);
} elseif ($check == 'restricthtmlallowclass') {
} elseif ($check == 'restricthtmlallowclass' || $check == 'restricthtmlallowunvalid') {
$out = dol_string_onlythesehtmltags($out, 0, 0, 1);
} else {
$out = dol_string_onlythesehtmltags($out, 0, 1, 1);