diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 4105682a06a..169d979cc8b 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -601,7 +601,7 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null // '"' is dangerous because param in url can close the href= or src= and add javascript functions. // '../' is dangerous because it allows dir transversals $out = str_replace(array('"', '../'), '', trim($out)); - $out = dol_string_nohtmltag($out); + $out = dol_string_nohtmltag($out, 1); } break; case 'restricthtml': // Recommended for most html textarea diff --git a/htdocs/langs/en_US/website.lang b/htdocs/langs/en_US/website.lang index 04338f38e6e..4f07b0ca9fb 100644 --- a/htdocs/langs/en_US/website.lang +++ b/htdocs/langs/en_US/website.lang @@ -130,4 +130,5 @@ PublicAuthorAlias=Public author alias AvailableLanguagesAreDefinedIntoWebsiteProperties=Available languages are defined into website properties ReplacementDoneInXPages=Replacement done in %s pages or containers RSSFeed=RSS Feed -RSSFeedDesc=You can get a RSS feed of latest articles with type 'blogpost' using this URL \ No newline at end of file +RSSFeedDesc=You can get a RSS feed of latest articles with type 'blogpost' using this URL +PagesRegenerated=%s page(s)/container(s) regenerated \ No newline at end of file diff --git a/htdocs/website/class/website.class.php b/htdocs/website/class/website.class.php index 2d69131d469..03203d9eac7 100644 --- a/htdocs/website/class/website.class.php +++ b/htdocs/website/class/website.class.php @@ -1274,7 +1274,7 @@ class Website extends CommonObject * Rebuild all files of a containers of a website. TODO Add other files too. * Note: Files are already regenerated during importWebSite so this function is useless when importing a website. * - * @return int <0 if KO, >0 if OK + * @return int <0 if KO, >=0 if OK */ public function rebuildWebSiteFiles() { @@ -1344,7 +1344,7 @@ class Website extends CommonObject } else { - return 1; + return $num; } } diff --git a/htdocs/website/index.php b/htdocs/website/index.php index d67a04deb06..2a3b50df2f6 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -884,15 +884,15 @@ if ($action == 'addcontainer') } else { - $objectpage->title = GETPOST('WEBSITE_TITLE', 'alphanohtml'); + $objectpage->title = str_replace(array('<', '>'), '', GETPOST('WEBSITE_TITLE', 'alphanohtml')); $objectpage->type_container = GETPOST('WEBSITE_TYPE_CONTAINER', 'aZ09'); $objectpage->pageurl = GETPOST('WEBSITE_PAGENAME', 'alpha'); - $objectpage->aliasalt = GETPOST('WEBSITE_ALIASALT', 'alphanohtml'); - $objectpage->description = GETPOST('WEBSITE_DESCRIPTION', 'alphanohtml'); + $objectpage->aliasalt = str_replace(array('<', '>'), '', GETPOST('WEBSITE_ALIASALT', 'alphanohtml')); + $objectpage->description = str_replace(array('<', '>'), '', GETPOST('WEBSITE_DESCRIPTION', 'alphanohtml')); $objectpage->lang = GETPOST('WEBSITE_LANG', 'aZ09'); $objectpage->otherlang = GETPOST('WEBSITE_OTHERLANG', 'aZ09comma'); $objectpage->image = GETPOST('WEBSITE_IMAGE', 'alpha'); - $objectpage->keywords = GETPOST('WEBSITE_KEYWORDS', 'alphanohtml'); + $objectpage->keywords = str_replace(array('<', '>'), '', GETPOST('WEBSITE_KEYWORDS', 'alphanohtml')); $objectpage->htmlheader = GETPOST('htmlheader', 'none'); $objectpage->author_alias = GETPOST('WEBSITE_AUTHORALIAS', 'alphanohtml'); @@ -1561,22 +1561,31 @@ if ($action == 'updatemeta') $websitepagetemp = new WebsitePage($db); foreach ($arrayofaliastotest as $aliastotest) { - $result = $websitepagetemp->fetch(-1 * $objectpage->id, $object->id, $aliastotest); - if ($result < 0) - { + // Disallow alias name pageX (already used to save the page with id) + if (preg_match('/^page\d+/i', $aliastotest)) { $error++; $langs->load("errors"); - setEventMessages($websitepagetemp->error, $websitepagetemp->errors, 'errors'); - $action = 'editmeta'; - break; - } - if ($result > 0) - { - $error++; - $langs->load("errors"); - setEventMessages($langs->trans("ErrorAPageWithThisNameOrAliasAlreadyExists", $websitepagetemp->pageurl), null, 'errors'); + setEventMessages("Alias 'pageX' is not allowed", null, 'errors'); $action = 'editmeta'; break; + } else { + $result = $websitepagetemp->fetch(-1 * $objectpage->id, $object->id, $aliastotest); + if ($result < 0) + { + $error++; + $langs->load("errors"); + setEventMessages($websitepagetemp->error, $websitepagetemp->errors, 'errors'); + $action = 'editmeta'; + break; + } + if ($result > 0) + { + $error++; + $langs->load("errors"); + setEventMessages($langs->trans("ErrorAPageWithThisNameOrAliasAlreadyExists", $websitepagetemp->pageurl), null, 'errors'); + $action = 'editmeta'; + break; + } } } } @@ -1585,15 +1594,15 @@ if ($action == 'updatemeta') { $objectpage->old_object = clone $objectpage; - $objectpage->title = GETPOST('WEBSITE_TITLE', 'alphanohtml'); - $objectpage->type_container = GETPOST('WEBSITE_TYPE_CONTAINER', 'alphanohtml'); + $objectpage->title = str_replace(array('<', '>'), '', GETPOST('WEBSITE_TITLE', 'alphanohtml')); + $objectpage->type_container = GETPOST('WEBSITE_TYPE_CONTAINER', 'aZ09'); $objectpage->pageurl = GETPOST('WEBSITE_PAGENAME', 'alpha'); - $objectpage->aliasalt = GETPOST('WEBSITE_ALIASALT', 'alpha'); + $objectpage->aliasalt = str_replace(array('<', '>'), '', GETPOST('WEBSITE_ALIASALT', 'alphanohtml')); $objectpage->lang = GETPOST('WEBSITE_LANG', 'aZ09'); $objectpage->otherlang = GETPOST('WEBSITE_OTHERLANG', 'aZ09comma'); - $objectpage->description = GETPOST('WEBSITE_DESCRIPTION', 'alphanohtml'); + $objectpage->description = str_replace(array('<', '>'), '', GETPOST('WEBSITE_DESCRIPTION', 'alphanohtml')); $objectpage->image = GETPOST('WEBSITE_IMAGE', 'alpha'); - $objectpage->keywords = GETPOST('WEBSITE_KEYWORDS', 'alphanohtml'); + $objectpage->keywords = str_replace(array('<', '>'), '', GETPOST('WEBSITE_KEYWORDS', 'alphanohtml')); $objectpage->htmlheader = trim(GETPOST('htmlheader', 'none')); $objectpage->fk_page = (GETPOST('pageidfortranslation', 'int') > 0 ? GETPOST('pageidfortranslation', 'int') : 0); $objectpage->author_alias = trim(GETPOST('WEBSITE_AUTHORALIAS', 'alphanohtml')); @@ -2023,7 +2032,7 @@ if ($action == 'regeneratesite') $result = $object->rebuildWebSiteFiles(); if ($result > 0) { - setEventMessages($langs->trans("PagesRegenerated"), null, 'mesgs'); + setEventMessages($langs->trans("PagesRegenerated", $result), null, 'mesgs'); $action = 'preview'; } else @@ -3290,12 +3299,12 @@ if ($action == 'editmeta' || $action == 'createcontainer') $pageauthoralias = ''; $pagestatus = 1; } - if (GETPOST('WEBSITE_TITLE', 'alpha')) $pagetitle = GETPOST('WEBSITE_TITLE', 'alpha'); + if (GETPOST('WEBSITE_TITLE', 'alpha')) $pagetitle = str_replace(array('<', '>'), '', GETPOST('WEBSITE_TITLE', 'alphanohtml')); if (GETPOST('WEBSITE_PAGENAME', 'alpha')) $pageurl = GETPOST('WEBSITE_PAGENAME', 'alpha'); - if (GETPOST('WEBSITE_ALIASALT', 'alpha')) $pagealiasalt = GETPOST('WEBSITE_ALIASALT', 'alpha'); - if (GETPOST('WEBSITE_DESCRIPTION', 'alpha')) $pagedescription = GETPOST('WEBSITE_DESCRIPTION', 'alpha'); + if (GETPOST('WEBSITE_ALIASALT', 'alpha')) $pagealiasalt = str_replace(array('<', '>'), '', GETPOST('WEBSITE_ALIASALT', 'alphanohtml')); + if (GETPOST('WEBSITE_DESCRIPTION', 'alpha')) $pagedescription = str_replace(array('<', '>'), '', GETPOST('WEBSITE_DESCRIPTION', 'alphanohtml')); if (GETPOST('WEBSITE_IMAGE', 'alpha')) $pageimage = GETPOST('WEBSITE_IMAGE', 'alpha'); - if (GETPOST('WEBSITE_KEYWORDS', 'alpha')) $pagekeywords = GETPOST('WEBSITE_KEYWORDS', 'alpha'); + if (GETPOST('WEBSITE_KEYWORDS', 'alpha')) $pagekeywords = str_replace(array('<', '>'), '', GETPOST('WEBSITE_KEYWORDS', 'alphanohtml')); if (GETPOST('WEBSITE_LANG', 'aZ09')) $pagelang = GETPOST('WEBSITE_LANG', 'aZ09'); if (GETPOST('htmlheader', 'none')) $pagehtmlheader = GETPOST('htmlheader', 'none');