Fix security mecanism generating data loss

2021-01-06 10:45:54 +01:00 · 2021-01-06 10:45:54 +01:00 · 92a4314779
commit 92a4314779
parent 5709216427
1 changed files with 1 additions and 0 deletions
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@ -602,6 +602,7 @@ function GETPOST($paramname, $check = 'none', $method = 0, $filter = null, $opti
 				$out = trim($out);
 				// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
 				// '../' is dangerous because it allows dir transversals
+				$out = str_replace('"', "''", trim($out));
 				if (preg_match('/"/', $out)) $out = '';
 				elseif (preg_match('/\.\.\//', $out)) $out = '';
 				$out = dol_string_nohtmltag($out);