From 7eb45226364630cfe01d14bc15f5f835ada90219 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 19 Mar 2020 11:59:57 +0100 Subject: [PATCH] FIX missing token and save of survey description --- htdocs/admin/modules.php | 2 +- htdocs/core/lib/functions.lib.php | 3 ++- htdocs/opensurvey/card.php | 6 ++++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index 21d54908cf1..72eb8240c10 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -930,7 +930,7 @@ if ($mode == 'marketplace') ?>
- +
trans('Keyword') ?>:
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 6976b5fec40..6e71125cbd5 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -508,6 +508,7 @@ function GETPOST($paramname, $check = 'none', $method = 0, $filter = null, $opti // We do this only if var is a GET. If it is a POST, may be we want to post the text with vars as the setup text. if (!is_array($out) && empty($_POST[$paramname]) && empty($noreplace)) { + $reg = array(); $maxloop = 20; $loopnb = 0; // Protection against infinite loop while (preg_match('/__([A-Z0-9]+_?[A-Z0-9]+)__/i', $out, $reg) && ($loopnb < $maxloop)) // Detect '__ABCDEF__' as key 'ABCDEF' and '__ABC_DEF__' as key 'ABC_DEF'. Detection is also correct when 2 vars are side by side. { @@ -5579,7 +5580,7 @@ function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1) $allowed_tags_string = '<'.$allowed_tags_string.'>'; if ($cleanalsosomestyles) { - $stringtoclean = preg_replace('/position\s*:\s*(absolute|fixed)\s*!\s*important/', '', $stringtoclean); // Note: If hacker try to introduce css comment into string to avoid this, string should be encoded by the dol_htmlentitiesbr so be harmless + $stringtoclean = preg_replace('/position\s*:\s*(absolute|fixed)\s*!\s*important/', '', $stringtoclean); // Note: If hacker try to introduce css comment into string to bypass this regex, the string must also be encoded by the dol_htmlentitiesbr during output so it become harmless } $temp = strip_tags($stringtoclean, $allowed_tags_string); diff --git a/htdocs/opensurvey/card.php b/htdocs/opensurvey/card.php index 302ecf5f1ff..28b8f2a7640 100644 --- a/htdocs/opensurvey/card.php +++ b/htdocs/opensurvey/card.php @@ -113,8 +113,8 @@ if (empty($reshook)) if (!$error) { $object->titre = GETPOST('nouveautitre', 'nohtml'); - $object->commentaires = GETPOST('nouveauxcommentaires', 'nohtml'); - $object->description = GETPOST('nouveauxcommentaires', 'nohtml'); + $object->commentaires = GETPOST('nouveauxcommentaires', 'restricthtml'); + $object->description = GETPOST('nouveauxcommentaires', 'restricthtml'); $object->mail_admin = GETPOST('nouvelleadresse', 'alpha'); $object->date_fin = $expiredate; $object->allow_comments = GETPOST('cancomment', 'alpha') == 'on' ? true : false; @@ -208,6 +208,7 @@ $toutsujet = str_replace("@", "
", $toutsujet); $toutsujet = str_replace("°", "'", $toutsujet); print ''."\n"; +print ''; print ''; $head = opensurvey_prepare_head($object); @@ -395,6 +396,7 @@ print '
'; print ''."\n"; +print ''; print load_fiche_titre($langs->trans("CommentsOfVoters"), '', '');