diff --git a/htdocs/core/actions_sendmails.inc.php b/htdocs/core/actions_sendmails.inc.php index 8f7ee1287fe..419180d6830 100644 --- a/htdocs/core/actions_sendmails.inc.php +++ b/htdocs/core/actions_sendmails.inc.php @@ -191,7 +191,7 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO // Recipient was provided from combo list if ($val == 'thirdparty') // Id of third party { - $tmparray[] = $thirdparty->name.' <'.$thirdparty->email.'>'; + $tmparray[] = dol_string_nospecial($thirdparty->name, ' ', array(",")).' <'.$thirdparty->email.'>'; } elseif ($val) // Id du contact { @@ -221,7 +221,7 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO // Recipient was provided from combo list if ($val == 'thirdparty') // Id of third party { - $tmparray[] = $thirdparty->name.' <'.$thirdparty->email.'>'; + $tmparray[] = dol_string_nospecial($thirdparty->name, ' ', array(",")).' <'.$thirdparty->email.'>'; } elseif ($val) // Id du contact { @@ -245,13 +245,13 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO $fromtype = GETPOST('fromtype','alpha'); if ($fromtype === 'robot') { - $from = $conf->global->MAIN_MAIL_EMAIL_FROM .' <'.$conf->global->MAIN_MAIL_EMAIL_FROM.'>'; + $from = dol_string_nospecial($conf->global->MAIN_MAIL_EMAIL_FROM, ' ', array(",")) .' <'.$conf->global->MAIN_MAIL_EMAIL_FROM.'>'; } elseif ($fromtype === 'user') { - $from = $user->getFullName($langs) .' <'.$user->email.'>'; + $from = dol_string_nospecial($user->getFullName($langs), ' ', array(",")) .' <'.$user->email.'>'; } elseif ($fromtype === 'company') { - $from = $conf->global->MAIN_INFO_SOCIETE_NOM .' <'.$conf->global->MAIN_INFO_SOCIETE_MAIL.'>'; + $from = dol_string_nospecial($conf->global->MAIN_INFO_SOCIETE_NOM, ' ', array(",")) .' <'.$conf->global->MAIN_INFO_SOCIETE_MAIL.'>'; } elseif (preg_match('/user_aliases_(\d+)/', $fromtype, $reg)) { $tmp=explode(',', $user->email_aliases); @@ -267,14 +267,14 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO $obj = $db->fetch_object($resql); if ($obj) { - $from = $obj->label.' <'.$obj->email.'>'; + $from = dol_string_nospecial($obj->label, ' ', array(",")).' <'.$obj->email.'>'; } } else { - $from = $_POST['fromname'] . ' <' . $_POST['frommail'] .'>'; + $from = dol_string_nospecial($_POST['fromname'], ' ', array(",")) . ' <' . $_POST['frommail'] .'>'; } - $replyto = $_POST['replytoname']. ' <' . $_POST['replytomail'].'>'; + $replyto = dol_string_nospecial($_POST['replytoname'], ' ', array(",")). ' <' . $_POST['replytomail'].'>'; $message = GETPOST('message','none'); $subject = GETPOST('subject','none'); diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index a1b9c2d2c2c..a0d67e5072b 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -939,7 +939,7 @@ function dol_escape_js($stringtoescape, $mode=0, $noescapebackslashn=0) * @param int $keepb 1=Preserve b tags (otherwise, remove them) * @param int $keepn 1=Preserve \r\n strings (otherwise, replace them with escaped value) * @return string Escaped string - * @see dol_string_nohtmltag + * @see dol_string_nohtmltag, dol_string_nospecial, dol_string_unaccent */ function dol_escape_htmltag($stringtoescape, $keepb=0, $keepn=0) { diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 62cb8956169..2a896df0170 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -2407,7 +2407,7 @@ class Societe extends CommonObject { $obj = $this->db->fetch_object($resql); - if ($mode == 'email') $contact_property = dolGetFirstLastname($obj->firstname, $obj->lastname)." <".$obj->email.">"; + if ($mode == 'email') $contact_property = dol_string_nospecial(dolGetFirstLastname($obj->firstname, $obj->lastname), ' ', array(","))." <".$obj->email.">"; else if ($mode == 'mobile') $contact_property = $obj->phone_mobile; } return $contact_property;