lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/3.3' into 3.4

Browse Source 
Conflicts:
	htdocs/core/class/doleditor.class.php
	htdocs/main.inc.php
This commit is contained in:
Laurent Destailleur 2014-03-08 14:14:23 +01:00
commit 2e2f86b968
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
htdocs/core/class/doleditor.class.php
View File

@ -172,6 +172,7 @@ class DolEditor
//$skin='office2003';
//$skin='v2';
$skin='kama';
if (constant('JS_CKEDITOR')) $skin='moono'; // To use external ckeditor 4 js lib
$htmlencode_force=preg_match('/_encoded$/',$this->toolbarname)?'true':'false';

11
htdocs/main.inc.php
View File

@ -102,7 +102,7 @@ function test_sql_and_script_inject($val, $type)
}
// For XSS Injection done by adding javascript closing html tags like with onmousemove, etc... (closing a src or href tag with not cleaned param)
if ($type == 1) $sql_inj += preg_match('/"/i', $val); // We refused " in GET parameters value
if ($type == 2) $sql_inj += preg_match('/[;"]/', $val); // PHP_SELF is a file system path. It can contains spaces.
if ($type == 2) $sql_inj += preg_match('/[;"]/', $val); // PHP_SELF is a file system path. It can contains spaces.
return $sql_inj;
}
@ -1181,14 +1181,19 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs
{
print '<!-- Includes JS for CKEditor -->'."\n";
$pathckeditor=DOL_URL_ROOT.'/includes/ckeditor/';
if (constant('JS_CKEDITOR')) $pathckeditor=JS_CKEDITOR; // To use external ckeditor js lib
$jsckeditor='ckeditor_basic.js';
if (constant('JS_CKEDITOR')) // To use external ckeditor 4 js lib
{
$pathckeditor=constant('JS_CKEDITOR');
$jsckeditor='ckeditor.js';
}
print '<script type="text/javascript">';
print 'var CKEDITOR_BASEPATH = \''.$pathckeditor.'\';'."\n";
print 'var ckeditorConfig = \''.dol_buildpath($themesubdir.'/theme/'.$conf->theme.'/ckeditor/config.js',1).'\';'."\n"; // $themesubdir='' in standard usage
print 'var ckeditorFilebrowserBrowseUrl = \''.DOL_URL_ROOT.'/core/filemanagerdol/browser/default/browser.php?Connector='.DOL_URL_ROOT.'/core/filemanagerdol/connectors/php/connector.php\';'."\n";
print 'var ckeditorFilebrowserImageBrowseUrl = \''.DOL_URL_ROOT.'/core/filemanagerdol/browser/default/browser.php?Type=Image&Connector='.DOL_URL_ROOT.'/core/filemanagerdol/connectors/php/connector.php\';'."\n";
print '</script>'."\n";
print '<script type="text/javascript" src="'.$pathckeditor.'ckeditor_basic.js"></script>'."\n";
print '<script type="text/javascript" src="'.$pathckeditor.$jsckeditor.'"></script>'."\n";
}
// Global js function