lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: Data into an input text must be encode by htmlspecialchars

Browse Source
This commit is contained in:
Laurent Destailleur 2009-08-25 15:19:29 +00:00
parent 4540360a17
commit 3e15830678
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
htdocs/admin/const.php
View File

@ -39,7 +39,6 @@ $typeconst=array('yesno','texte','chaine');
/*
* Actions
*/
if ($_POST["action"] == 'update' || $_POST["action"] == 'add')
{
if (! dolibarr_set_const($db, $_POST["constname"],$_POST["constvalue"],$typeconst[$_POST["consttype"]],1,isset($_POST["constnote"])?$_POST["constnote"]:'',$_POST["entity"]));
@ -148,11 +147,11 @@ if ($result)
// Value
print '<td>';
print '<input type="text" class="flat" size="30" name="constvalue" value="'.$obj->value.'">';
print '<input type="text" class="flat" size="30" name="constvalue" value="'.htmlspecialchars($obj->value).'">';
print '</td><td>';
// Note
print '<input type="text" class="flat" size="40" name="constnote" value="'.nl2br($obj->note).'">';
print '<input type="text" class="flat" size="40" name="constnote" value="'.htmlspecialchars($obj->note,1).'">';
print '</td>';
// Entity