lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX: in edit mode, dictionary inputs do not escape the string inside the 'value' attribute, causing errors if there are any double quotes

Browse Source
This commit is contained in:
atm-florian.m 2019-06-13 16:21:07 +02:00
parent 6a5af0511d
commit 787e1319b9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/admin/dict.php
View File

@ -1976,7 +1976,7 @@ function fieldList($fieldlist, $obj='', $tabname='', $context='')
}
if (! $transfound)
{
print '<input type="text" class="flat'.($class?' '.$class:'').'" value="'.(isset($obj->{$fieldlist[$field]})?$obj->{$fieldlist[$field]}:'').'" name="'.$fieldlist[$field].'">';
print '<input type="text" class="flat'.($class?' '.$class:'').'" value="'.dol_escape_htmltag(isset($obj->{$fieldlist[$field]})?$obj->{$fieldlist[$field]}:'').'" name="'.$fieldlist[$field].'">';
}
print '</td>';
}