Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-10 03:28:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Code comment

Browse Source
This commit is contained in:
Laurent Destailleur
2021-01-15 19:24:53 +01:00
parent 80ed651c5e
commit d36c406074
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/functions.lib.php
View File

@@ -686,7 +686,7 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options =
$out = dol_string_nohtmltag($out, 0);
}
break;
case 'alphawithlgt': // No " and no ../ but we keep < > tags
case 'alphawithlgt': // No " and no ../ but we keep < > tags. Can be used for email string like "Name <email>"
if (!is_array($out)) {
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals