diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php index e0dfcd75277..573d4c5fbaa 100644 --- a/htdocs/admin/mails_templates.php +++ b/htdocs/admin/mails_templates.php @@ -50,7 +50,7 @@ $confirm = GETPOST('confirm','alpha'); // Result of a confirmation $id = GETPOST('id','int'); $rowid = GETPOST('rowid','alpha'); -$search_label=GETPOST('search_label','alpha'); +$search_label=GETPOST('search_label', 'alphanohtml'); // Must allow value like 'Abc Def' or '(MyTemplateName)' $search_type_template=GETPOST('search_type_template','alpha'); $search_lang=GETPOST('search_lang','alpha'); $search_fk_user=GETPOST('search_fk_user','intcomma'); @@ -262,6 +262,7 @@ if (empty($reshook)) { //var_dump($i.' - '.$listfieldvalue[$i].' - '.$_POST[$listfieldvalue[$i]].' - '.$value); $keycode=$listfieldvalue[$i]; + if ($value == 'label') $_POST[$keycode] = dol_escape_htmltag($_POST[$keycode]); if ($value == 'lang') $keycode='langcode'; if ($value == 'entity') $_POST[$keycode] = $conf->entity; if ($i) $sql.=","; @@ -666,8 +667,6 @@ if ($resql) print ''; foreach ($fieldlist as $field => $value) { - // Determine le nom du champ par rapport aux noms possibles - // dans les dictionnaires de donnees $showfield=1; // By defaut $align="left"; $sortable=1; @@ -694,7 +693,7 @@ if ($resql) if ($fieldlist[$field]=='content') { $valuetoshow=$langs->trans("Content"); $showfield=0;} if ($fieldlist[$field]=='content_lines') { $valuetoshow=$langs->trans("ContentLines"); $showfield=0; } - // Affiche nom du champ + // Show fields if ($showfield) { if (! empty($tabhelp[$id][$value])) @@ -812,6 +811,10 @@ if ($resql) $showfield=1; $align="left"; $valuetoshow=$obj->{$fieldlist[$field]}; + if ($value == 'label' || $value == 'topic') + { + $valuetoshow = dol_escape_htmltag($valuetoshow); + } if ($value == 'type_template') { $valuetoshow = isset($elementList[$valuetoshow])?$elementList[$valuetoshow]:$valuetoshow;