From 92fe8ebe1d93e14c38ee50e43eec45ea6cd5f524 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 30 May 2012 12:33:47 +0200
Subject: [PATCH] Fix: js not escaped

---
 htdocs/core/class/html.form.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 2e28e13803e..b701d06d721 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -2262,9 +2262,9 @@ class Form
 			             		});
 			             		//alert(options);
 			             	}
-			             	location.href=\''.$pageyes.'\' + options;
+			             	location.href=\''.dol_escape_js($pageyes).'\' + options;
 			             }
-                         '.($pageno?'if (choice == \'ko\') location.href=\''.$pageno.'\';':'').'
+                         '.($pageno?'if (choice == \'ko\') location.href=\''.dol_escape_js($pageno).'\';':'').'
 		              },
 			        buttons: {
 			            \''.dol_escape_js($langs->transnoentities("Yes")).'\': function() {