lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX #yogosha9083

Browse Source
This commit is contained in:
Laurent Destailleur 2022-02-24 18:29:24 +01:00
parent 98da84f9b2
commit 117e1057e1
2 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
htdocs/opensurvey/card.php
View File

@ -137,18 +137,18 @@ if (empty($reshook)) {
if (GETPOST('ajoutcomment')) {
$error = 0;
if (!GETPOST('comment')) {
if (!GETPOST('comment', "alphanohtml")) {
$error++;
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Comment")), null, 'errors');
}
if (!GETPOST('commentuser')) {
if (!GETPOST('commentuser', "alphanohtml")) {
$error++;
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("User")), null, 'errors');
}
if (!$error) {
$comment = (string) GETPOST("comment", "restricthtml");
$comment_user = (string) GETPOST('commentuser', "restricthtml");
$comment = (string) GETPOST("comment", "alphanohtml");
$comment_user = (string) GETPOST('commentuser', "alphanohtml");
$resql = $object->addComment($comment, $comment_user);
@ -422,7 +422,7 @@ print '<br>';
if ($object->allow_comments) {
print $langs->trans("AddACommentForPoll").'<br>';
print '<textarea name="comment" rows="2" class="quatrevingtpercent"></textarea><br>'."\n";
print $langs->trans("Name").': <input type="text" class="minwidth300" name="commentuser" value="'.$user->getFullName($langs).'"> '."\n";
print $langs->trans("Name").': <input type="text" class="minwidth300" name="commentuser" value="'.dol_escape_htmltag($user->getFullName($langs)).'"> '."\n";
print '<input type="submit" class="button reposition" name="ajoutcomment" value="'.dol_escape_htmltag($langs->trans("AddComment")).'"><br>'."\n";
}

8
htdocs/public/opensurvey/studs.php
View File

@ -79,8 +79,8 @@ if (GETPOST('ajoutcomment', 'alpha')) {
$error = 0;
$comment = GETPOST("comment", 'restricthtml');
$comment_user = GETPOST('commentuser', 'nohtml');
$comment = GETPOST("comment", 'alphanohtml');
$comment_user = GETPOST('commentuser', 'alphanohtml');
if (!$comment) {
$error++;
@ -780,9 +780,9 @@ if ($comments) {
if ($object->allow_comments) {
print '<br><div class="addcomment"><span class="opacitymedium">'.$langs->trans("AddACommentForPoll")."</span><br>\n";
print '<textarea name="comment" rows="'.ROWS_2.'" class="quatrevingtpercent">'.dol_escape_htmltag(GETPOST('comment', 'restricthtml'), 0, 1).'</textarea><br>'."\n";
print '<textarea name="comment" rows="'.ROWS_2.'" class="quatrevingtpercent">'.dol_escape_htmltag(GETPOST('comment', 'alphanohtml'), 0, 1).'</textarea><br>'."\n";
print $langs->trans("Name").': ';
print '<input type="text" name="commentuser" maxlength="64" value="'.GETPOST('commentuser', 'nohtml').'"> &nbsp; '."\n";
print '<input type="text" name="commentuser" maxlength="64" value="'.dol_escape_htmltag(GETPOST('commentuser', 'alphanohtml')).'"> &nbsp; '."\n";
print '<input type="submit" class="button" name="ajoutcomment" value="'.dol_escape_htmltag($langs->trans("AddComment")).'"><br>'."\n";
print '</form>'."\n";