lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '15.0' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source
This commit is contained in:
Laurent Destailleur 2022-01-17 13:57:59 +01:00
commit 2462700975
3 changed files with 24 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
htdocs/core/lib/functions.lib.php
View File

@ -828,7 +828,10 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options =
// We replace chars from a/A to z/Z encoded with numeric HTML entities with the real char so we won't loose the chars at the next step (preg_replace).
// No need to use a loop here, this step is not to sanitize (this is done at next step, this is to try to save chars, even if they are
// using a non coventionnel way to be encoded, to not have them sanitized just after)
$out = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', 'realCharForNumericEntities', $out);
//$out = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', 'realCharForNumericEntities', $out);
$out = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', function ($m) {
return realCharForNumericEntities($m); }, $out);
// Now we remove all remaining HTML entities starting with a number. We don't want such entities.
$out = preg_replace('/&#x?[0-9]+/i', '', $out); // For example if we have j&#x61vascript with an entities without the ; to hide the 'a' of 'javascript'.

2
htdocs/langs/ta_IN/main.lang
View File

@ -4,7 +4,7 @@ DIRECTION=ltr
# msungstdlight or cid0ct are for traditional Chinese (traditional does not render with Ubuntu pdf reader)
# stsongstdlight or cid0cs are for simplified Chinese
# To read Chinese pdf with Linux: sudo apt-get install poppler-data
FONTFORPDF=freeserif
FONTFORPDF=freemono
FONTSIZEFORPDF=10
SeparatorDecimal=.
SeparatorThousand=,

26
htdocs/main.inc.php
View File

@ -94,7 +94,9 @@ function testSqlAndScriptInject($val, $type)
do {
$oldval = $val;
$val = html_entity_decode($val, ENT_QUOTES | ENT_HTML5);
$val = preg_replace_callback('/&#(x?[0-9][0-9a-f]+)/i', 'realCharForNumericEntities', $val); // Sometimes we have entities without the ; at end so html_entity_decode does not work but entities is still interpreted by browser.
//$val = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', 'realCharForNumericEntities', $val); // Sometimes we have entities without the ; at end so html_entity_decode does not work but entities is still interpreted by browser.
$val = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', function ($m) {
return realCharForNumericEntities($m); }, $val);
} while ($oldval != $val);
//print "after decoding $val\n";
@ -1599,12 +1601,17 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr
dol_syslog("Warning: module ".$modcss." declared a css path file into its descriptor that is empty.", LOG_WARNING);
}
// cssfile is a relative path
print '<!-- Includes CSS added by module '.$modcss.' -->'."\n".'<link rel="stylesheet" type="text/css" href="'.dol_buildpath($cssfile, 1);
// We add params only if page is not static, because some web server setup does not return content type text/css if url has parameters, so browser cache is not used.
if (!preg_match('/\.css$/i', $cssfile)) {
print $themeparam;
$urlforcss = dol_buildpath($cssfile, 1);
if ($urlforcss) {
print '<!-- Includes CSS added by module '.$modcss.' -->'."\n".'<link rel="stylesheet" type="text/css" href="'.$urlforcss;
// We add params only if page is not static, because some web server setup does not return content type text/css if url has parameters, so browser cache is not used.
if (!preg_match('/\.css$/i', $cssfile)) {
print $themeparam;
}
print '">'."\n";
} else {
dol_syslog("Warning: module ".$modcss." declared a css path file for a file we can't find.", LOG_WARNING);
}
print '">'."\n";
}
}
}
@ -1738,7 +1745,12 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr
$filesjs = (array) $filesjs; // To be sure filejs is an array
foreach ($filesjs as $jsfile) {
// jsfile is a relative path
print '<!-- Include JS added by module '.$modjs.'-->'."\n".'<script src="'.dol_buildpath($jsfile, 1).((strpos($jsfile, '?') === false) ? '?' : '&amp;').'lang='.$langs->defaultlang.'"></script>'."\n";
$urlforjs = dol_buildpath($jsfile, 1);
if ($urlforjs) {
print '<!-- Include JS added by module '.$modjs.'-->'."\n".'<script src="'.$urlforjs.((strpos($jsfile, '?') === false) ? '?' : '&amp;').'lang='.$langs->defaultlang.'"></script>'."\n";
} else {
dol_syslog("Warning: module ".$modjs." declared a js path file for a file we can't find.", LOG_WARNING);
}
}
}
}