diff --git a/htdocs/core/class/doleditor.class.php b/htdocs/core/class/doleditor.class.php index e5b7512895c..1de16e0c764 100644 --- a/htdocs/core/class/doleditor.class.php +++ b/htdocs/core/class/doleditor.class.php @@ -163,7 +163,7 @@ class DolEditor $skin = 'moono-lisa'; // default with ckeditor 4.6 : moono-lisa } - $pluginstodisable = 'elementspath,save,flash'; + $pluginstodisable = 'elementspath,save,flash,div'; if (!empty($conf->dol_optimize_smallscreen)) { $pluginstodisable .= ',scayt,wsc,find,undo'; } diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php index 48e6eab2484..c098197cf5b 100644 --- a/htdocs/core/class/html.formmail.class.php +++ b/htdocs/core/class/html.formmail.class.php @@ -822,7 +822,7 @@ class FormMail extends Form $out .= '
'; } } elseif (empty($this->withmaindocfile)) { - $out .= ''.$langs->trans("NoAttachedFiles").'
'; + //$out .= ''.$langs->trans("NoAttachedFiles").'
'; } if ($this->withfile == 2) { $maxfilesizearray = getMaxFileSizeArray(); @@ -837,7 +837,7 @@ class FormMail extends Form $out .= ''; } $out .= ' '; - $out .= ''; + $out .= ''; } } else { $out .= $this->withfile; @@ -947,10 +947,13 @@ class FormMail extends Form } $out .= ''; - $out .= ''; + $out .= ''; $out .= $form->textwithpicto($langs->trans('MailText'), $helpforsubstitution, 1, 'help', '', 0, 2, 'substittooltipfrombody'); $out .= ''; - $out .= ''; + $out .= ''; + + $out .= ''; + $out .= ''; if ($this->withbodyreadonly) { $out .= nl2br($defaultmessage); $out .= ''; diff --git a/htdocs/core/lib/website2.lib.php b/htdocs/core/lib/website2.lib.php index 6f532e078b3..74e6bc4d9e8 100644 --- a/htdocs/core/lib/website2.lib.php +++ b/htdocs/core/lib/website2.lib.php @@ -643,7 +643,7 @@ function showWebsiteTemplates(Website $website) print '
'; print $subdir.' ('.dol_print_size(dol_filesize($dirtheme."/".$subdir), 1, 1).')'; - print '
ref.'&templateuserfile='.$subdir.'" class="button">'.$langs->trans("Load").''; + print '
ref).'&templateuserfile='.urlencode($subdir).'" class="button">'.$langs->trans("Load").''; print ''; $i++; diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 6fd72261bd1..934782b89ec 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -518,7 +518,7 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt( $sensitiveget = false; if ((GETPOSTISSET('massaction') || GETPOST('action', 'aZ09')) && getDolGlobalInt('MAIN_SECURITY_CSRF_WITH_TOKEN') >= 3) { // All GET actions and mass actions are processed as sensitive. - if (GETPOSTISSET('massaction') || !in_array(GETPOST('action', 'aZ09'), array('create', 'file_manager', 'presend', 'presend_addmessage'))) { // We exclude the case action='create' and action='file_manager' that are legitimate + if (GETPOSTISSET('massaction') || !in_array(GETPOST('action', 'aZ09'), array('create', 'createsite', 'file_manager', 'presend', 'presend_addmessage'))) { // We exclude the case action='create' and action='file_manager' that are legitimate $sensitiveget = true; } } elseif (getDolGlobalInt('MAIN_SECURITY_CSRF_WITH_TOKEN') >= 2) {