lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update functions.lib.php

Browse Source
This commit is contained in:
Frédéric FRANCE 2020-11-04 09:45:02 +01:00 committed by GitHub
parent 1cc7b41de3
commit 7c7a1b5512
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/core/lib/functions.lib.php
View File

@ -659,11 +659,11 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options =
break;
case 'alpha': // No html and no " and no ../
case 'alphanohtml': // Recommended for most scalar parameters and search parameters
if (!is_array($out))
{
if (!is_array($out)) {
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals
$out = str_replace(array('"', '"', '../'), '', trim($out));
// keep lines feed
$out = dol_string_nohtmltag($out, 0);
}
break;