lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Code comment

Browse Source
This commit is contained in:
Laurent Destailleur 2021-03-15 10:08:02 +01:00
parent 382b810ba1
commit 26e8a9c795
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/core/lib/functions.lib.php
View File

@ -1023,16 +1023,20 @@ function dol_sanitizeUrl($stringtoclean, $type = 1)
$stringtoclean = str_replace('\\', '/', $stringtoclean);
if ($type == 1) {
// removing : should disable links to external url like http:aaa)
// removing ';' should disable "named" html entities encode into an url (we should not have this into an url)
$stringtoclean = str_replace(array(':', ';', '@'), '', $stringtoclean);
}
do {
$oldstringtoclean = $stringtoclean;
// removing '&colon' should disable links to external url like http:aaa)
// removing '&#' should disable "numeric" html entities encode into an url (we should not have this into an url)
$stringtoclean = str_ireplace(array('javascript', 'vbscript', '&colon', '&#'), '', $stringtoclean);
} while ($oldstringtoclean != $stringtoclean);
if ($type == 1) {
// removing '//' should disable links to external url like //aaa or http//)
$stringtoclean = preg_replace(array('/^[a-z]*\/\/+/i'), '', $stringtoclean);
}