Fix #yogosha6567
This commit is contained in:
Laurent Destailleur
parent
0dfa7bdbcc
commit
3dff7e29cc
@ -577,7 +577,6 @@ if (empty($reshook)) {
|
||||
|
||||
if (!$isupload) {
|
||||
$mesgs = array();
|
||||
|
||||
$object->sujet = (string) GETPOST("sujet");
|
||||
$object->body = (string) GETPOST("bodyemail", 'restricthtml');
|
||||
$object->bgcolor = (string) GETPOST("bgcolor");
|
||||
@ -744,7 +743,7 @@ if ($action == 'create') {
|
||||
print '<div style="padding-top: 10px">';
|
||||
// wysiwyg editor
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php';
|
||||
$doleditor = new DolEditor('bodyemail', GETPOST('bodyemail', 'restricthtml'), '', 600, 'dolibarr_mailings', '', true, true, $conf->global->FCKEDITOR_ENABLE_MAILING, 20, '90%');
|
||||
$doleditor = new DolEditor('bodyemail', GETPOST('bodyemail', 'restricthtmlallowunvalid'), '', 600, 'dolibarr_mailings', '', true, true, $conf->global->FCKEDITOR_ENABLE_MAILING, 20, '90%');
|
||||
$doleditor->Create();
|
||||
print '</div>';
|
||||
|
||||
|
||||
@ -208,6 +208,12 @@ class Mailing extends CommonObject
|
||||
{
|
||||
global $conf, $langs;
|
||||
|
||||
// Check properties
|
||||
if ($this->body === 'InvalidHTMLString') {
|
||||
$this->error = 'InvalidHTMLString';
|
||||
return -1;
|
||||
}
|
||||
|
||||
$this->db->begin();
|
||||
|
||||
$this->title = trim($this->title);
|
||||
@ -257,6 +263,12 @@ class Mailing extends CommonObject
|
||||
*/
|
||||
public function update($user)
|
||||
{
|
||||
// Check properties
|
||||
if ($this->body === 'InvalidHTMLString') {
|
||||
$this->error = 'InvalidHTMLString';
|
||||
return -1;
|
||||
}
|
||||
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."mailing ";
|
||||
$sql .= " SET titre = '".$this->db->escape($this->title)."'";
|
||||
$sql .= ", sujet = '".$this->db->escape($this->sujet)."'";
|
||||
|
||||
@ -775,18 +775,21 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options =
|
||||
}
|
||||
break;
|
||||
case 'restricthtml': // Recommended for most html textarea
|
||||
case 'restricthtmlallowunvalid':
|
||||
do {
|
||||
$oldstringtoclean = $out;
|
||||
|
||||
if (!empty($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML)) {
|
||||
$dom = new DOMDocument;
|
||||
if (!empty($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML) && $check != 'restricthtmlallowunvalid') {
|
||||
try {
|
||||
$dom = new DOMDocument;
|
||||
$dom->loadHTML($out, LIBXML_ERR_NONE|LIBXML_HTML_NOIMPLIED|LIBXML_HTML_NODEFDTD|LIBXML_NONET|LIBXML_NOWARNING|LIBXML_NOXMLDECL);
|
||||
} catch(Exception $e) {
|
||||
//print $e->getMessage();
|
||||
return 'InvalidHTMLString';
|
||||
}
|
||||
$out = $dom->saveHTML();
|
||||
}
|
||||
//var_dump($oldstringtoclean);var_dump($out);
|
||||
|
||||
// Ckeditor use the numeric entitic for apostrophe so we force it to text entity (all other special chars are correctly
|
||||
// encoded using text entities). This is a fix for CKeditor.
|
||||
|
||||
@ -340,6 +340,10 @@ class SecurityTest extends PHPUnit\Framework\TestCase
|
||||
$langs=$this->savlangs;
|
||||
$db=$this->savdb;
|
||||
|
||||
// Force default mode
|
||||
$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML = 0;
|
||||
$conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = 0;
|
||||
|
||||
$_COOKIE["id"]=111;
|
||||
$_GET["param1"]="222";
|
||||
$_POST["param1"]="333";
|
||||
|
||||
Loading…
Reference in New Issue
Block a user