From 3911738b885c2da362f0cc57db33f7d55d6b6b01 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sat, 10 Mar 2018 18:40:45 +0100
Subject: [PATCH] Fix vulnerability reported by DIGITEMIS CYBERSECURITY &
 PRIVACY

---
 htdocs/expensereport/card.php | 13 ++++++-------
 htdocs/expensereport/note.php |  8 ++++----
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php
index 4ad5aaba356..34b78e4eb80 100644
--- a/htdocs/expensereport/card.php
+++ b/htdocs/expensereport/card.php
@@ -2028,15 +2028,14 @@ else
 								print dol_getIdFromCode($db, $line->fk_c_exp_tax_cat, 'c_exp_tax_cat', 'rowid', 'label');
 								print '</td>';
 							}
-							// print '<td style="text-align:center;">'.$langs->trans("TF_".strtoupper(empty($objp->type_fees_libelle)?'OTHER':$objp->type_fees_libelle)).'</td>';
-							print '<td style="text-align:center;">';
+							print '<td class="center">';
 							$labeltype = ($langs->trans(($line->type_fees_code)) == $line->type_fees_code ? $line->type_fees_libelle : $langs->trans($line->type_fees_code));
 							print $labeltype;
 							print '</td>';
-							print '<td style="text-align:left;">'.$line->comments.'</td>';
+							print '<td style="text-align:left;">'.dol_escape_htmltag($line->comments).'</td>';
 							print '<td style="text-align:right;">'.vatrate($line->vatrate,true).'</td>';
 							print '<td style="text-align:right;">'.price($line->value_unit).'</td>';
-							print '<td style="text-align:right;">'.$line->qty.'</td>';
+							print '<td style="text-align:right;">'.dol_escape_htmltag($line->qty).'</td>';
 
 							if ($action != 'editline')
 							{
@@ -2096,7 +2095,7 @@ else
 
 								// Add comments
 								print '<td>';
-								print '<textarea name="comments" class="flat_ndf centpercent">'.$line->comments.'</textarea>';
+								print '<textarea name="comments" class="flat_ndf centpercent">'.dol_escape_htmltag($line->comments).'</textarea>';
 								print '</td>';
 
 								// VAT
@@ -2147,7 +2146,7 @@ else
 					print '<td colspan="3"></td>';
 					print '</tr>';
 
-					print '<tr '.$bc[true].'>';
+					print '<tr class="oddeven">';
 
 					print '<td></td>';
 
@@ -2179,7 +2178,7 @@ else
 
 					// Add comments
 					print '<td>';
-					print '<textarea class="flat_ndf centpercent" name="comments">'.$comments.'</textarea>';
+					print '<textarea class="flat_ndf centpercent" name="comments">'.dol_escape_htmltag($comments).'</textarea>';
 					print '</td>';
 
 					// Select VAT
diff --git a/htdocs/expensereport/note.php b/htdocs/expensereport/note.php
index 8376733d634..a715d85f6a6 100644
--- a/htdocs/expensereport/note.php
+++ b/htdocs/expensereport/note.php
@@ -19,9 +19,9 @@
  */
 
 /**
- *  \file       htdocs/commande/note.php
- *  \ingroup    commande
- *  \brief      Fiche de notes sur une commande
+ *  \file       htdocs/expensereport/note.php
+ *  \ingroup    expensereport
+ *  \brief      Tab for notes on expense reports
  */
 
 require '../main.inc.php';
@@ -90,7 +90,7 @@ if ($id > 0 || ! empty($ref))
 
     print '<div class="fichecenter">';
     print '<div class="underbanner clearboth"></div>';
-
+var_dump($value_public);
 	$cssclass="titlefield";
 	include DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php';