diff --git a/htdocs/websites/index.php b/htdocs/websites/index.php index 0696c28c86d..91c4921d29d 100644 --- a/htdocs/websites/index.php +++ b/htdocs/websites/index.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2016 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,11 +16,14 @@ */ /** - * \file htdocs/admin/website.php + * \file htdocs/website/index.php * \ingroup website - * \brief Page to setup the module Website + * \brief Page to website view/edit */ +define('NOSCANPOSTFORINJECTION',1); +define('NOSTYLECHECK',1); + /** * Show HTML header HTML + BODY + Top menu + left menu + DIV @@ -78,7 +81,7 @@ $conf->dol_hide_leftmenu = 1; $error=0; $website=GETPOST('website', 'alpha'); $page=GETPOST('page', 'alpha'); -$pageid=GETPOST('pageid', 'alpha'); +$pageid=GETPOST('pageid', 'int'); $action=GETPOST('action','alpha'); if (GETPOST('delete')) { $action='delete'; } @@ -106,12 +109,13 @@ if (empty($website)) break; } } - if ($website) { $res = $object->fetch(0, $website); } -if ($pageid && $action != 'add') + +if ($pageid < 0) $pageid = 0; +if ($pageid > 0 && $action != 'add') { $res = $objectpage->fetch($pageid); } @@ -327,6 +331,10 @@ if ($action == 'updatecontent') { $objectpage->content = GETPOST('PAGE_CONTENT'); + // Clean data. We remove all the head section. + $objectpage->content = preg_replace('//s', '', $objectpage->content); + /* $objectpage->content = preg_replace('//s', '', $objectpage->content); */ + $res = $objectpage->update($user); if (! $res > 0) { @@ -397,7 +405,6 @@ if ($action == 'edit') { print ''; } -if ($website) print ''; // Add a margin under toolbar ? @@ -414,21 +421,25 @@ if (count($object->records) > 0) print ''; print '
'; + $out=''; + $out.=''; + print $out; + print ''; print '
'; @@ -444,7 +455,13 @@ if (count($object->records) > 0) print ''; print ''; } - //else print ''; + + if (in_array($action, array('editcss','editmenu','create'))) + { + if ($action != 'preview') print ''; + if (preg_match('/^create/',$action)) print ''; + if (preg_match('/^edit/',$action)) print ''; + } print ''; @@ -495,13 +512,19 @@ if (count($object->records) > 0) if ($pageid > 0) { - print ''; - print ''; + print ''; + print ''; + //print ''.dol_escape_htmltag($langs->trans("EditPageMeta")).''; + //print ''.dol_escape_htmltag($langs->trans("EditPageContent")).''; } } - else print ''; - if (preg_match('/^create/',$action)) print ''; - if (preg_match('/^edit/',$action)) print ''; + + if (! in_array($action, array('editcss','editmenu','create'))) + { + if ($action != 'preview') print ''; + if (preg_match('/^create/',$action)) print ''; + if (preg_match('/^edit/',$action)) print ''; + } print '';