lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '12.0' of git@github.com:Dolibarr/dolibarr.git into 12.0

Browse Source
This commit is contained in:
Laurent Destailleur 2020-12-08 22:24:14 +01:00
commit 89854ea137
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
htdocs/product/card.php
View File

@ -86,6 +86,9 @@ $accountancy_code_buy = GETPOST('accountancy_code_buy', 'alpha');
$accountancy_code_buy_intra = GETPOST('accountancy_code_buy_intra', 'alpha'); $accountancy_code_buy_intra = GETPOST('accountancy_code_buy_intra', 'alpha');
$accountancy_code_buy_export = GETPOST('accountancy_code_buy_export', 'alpha'); $accountancy_code_buy_export = GETPOST('accountancy_code_buy_export', 'alpha');
// by default 'alphanohtml' (better security); hidden conf MAIN_SECURITY_ALLOW_UNSECURED_LABELS_WITH_HTML allows basic html
$label_security_check = empty($conf->global->MAIN_SECURITY_ALLOW_UNSECURED_LABELS_WITH_HTML) ? 'alphanohtml' : 'restricthtml';
if (!empty($user->socid)) $socid = $user->socid; if (!empty($user->socid)) $socid = $user->socid;
$object = new Product($db); $object = new Product($db);
@ -201,7 +204,7 @@ if (empty($reshook))
{ {
$error = 0; $error = 0;
if (!GETPOST('label', 'alphanohtml')) if (!GETPOST('label', $label_security_check))
{ {
setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentities('Label')), null, 'errors'); setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentities('Label')), null, 'errors');
$action = "create"; $action = "create";
@ -225,7 +228,7 @@ if (empty($reshook))
$units = GETPOST('units', 'int'); $units = GETPOST('units', 'int');
$object->ref = $ref; $object->ref = $ref;
$object->label = GETPOST('label', 'alphanohtml'); $object->label = GETPOST('label', $label_security_check);
$object->price_base_type = GETPOST('price_base_type', 'aZ09'); $object->price_base_type = GETPOST('price_base_type', 'aZ09');
if ($object->price_base_type == 'TTC') if ($object->price_base_type == 'TTC')
@ -406,7 +409,7 @@ if (empty($reshook))
$object->oldcopy = clone $object; $object->oldcopy = clone $object;
$object->ref = $ref; $object->ref = $ref;
$object->label = GETPOST('label', 'alphanohtml'); $object->label = GETPOST('label', $label_security_check);
$object->description = dol_htmlcleanlastbr(GETPOST('desc', 'none')); $object->description = dol_htmlcleanlastbr(GETPOST('desc', 'none'));
$object->url = GETPOST('url'); $object->url = GETPOST('url');
if (!empty($conf->global->MAIN_DISABLE_NOTES_TAB)) if (!empty($conf->global->MAIN_DISABLE_NOTES_TAB))
@ -1005,7 +1008,7 @@ else
print '</td></tr>'; print '</td></tr>';
// Label // Label
print '<tr><td class="fieldrequired">'.$langs->trans("Label").'</td><td colspan="3"><input name="label" class="minwidth300 maxwidth400onsmartphone" maxlength="255" value="'.dol_escape_htmltag(GETPOST('label', 'alphanohtml')).'"></td></tr>'; print '<tr><td class="fieldrequired">'.$langs->trans("Label").'</td><td colspan="3"><input name="label" class="minwidth300 maxwidth400onsmartphone" maxlength="255" value="'.dol_escape_htmltag(GETPOST('label', $label_security_check)).'"></td></tr>';
// On sell // On sell
print '<tr><td class="fieldrequired">'.$langs->trans("Status").' ('.$langs->trans("Sell").')</td><td colspan="3">'; print '<tr><td class="fieldrequired">'.$langs->trans("Status").' ('.$langs->trans("Sell").')</td><td colspan="3">';