FIX #13277
This commit is contained in:
Laurent Destailleur
parent
77730b882c
commit
967d4223c6
@ -141,7 +141,6 @@ $result = restrictedArea($user, 'facture', $id, '', '', 'fk_soc', $fieldid, $isd
|
||||
|
||||
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
*/
|
||||
|
||||
@ -85,44 +85,6 @@ class DolEditor
|
||||
if ($okforextendededitor === 'ace') $this->tool = 'ace';
|
||||
//if ($conf->dol_use_jmobile) $this->tool = 'textarea'; // ckeditor and ace seems ok with mobile
|
||||
|
||||
// Define content and some properties
|
||||
if ($this->tool == 'ckeditor')
|
||||
{
|
||||
$content = dol_htmlentitiesbr($content); // If content is not HTML, we convert to HTML.
|
||||
}
|
||||
/*if ($this->tool == 'fckeditor')
|
||||
{
|
||||
require_once DOL_DOCUMENT_ROOT.'/includes/fckeditor/fckeditor.php';
|
||||
|
||||
$content = dol_htmlentitiesbr($content); // If content is not HTML, we convert to HTML.
|
||||
|
||||
$this->editor = new FCKeditor($htmlname);
|
||||
$this->editor->BasePath = DOL_URL_ROOT.'/includes/fckeditor/';
|
||||
$this->editor->Value = $content;
|
||||
$this->editor->Height = $height;
|
||||
if (!empty($width)) $this->editor->Width = $width;
|
||||
$this->editor->ToolbarSet = $shorttoolbarname; // Profile of this toolbar set is deinfed into theme/mytheme/ckeditor/config.js
|
||||
$this->editor->Config['AutoDetectLanguage'] = 'true'; // Language of user (browser)
|
||||
$this->editor->Config['ToolbarLocation'] = $toolbarlocation ? $toolbarlocation : 'In';
|
||||
$this->editor->Config['ToolbarStartExpanded'] = $toolbarstartexpanded;
|
||||
|
||||
// Rem: Le forcage de ces 2 parametres ne semble pas fonctionner.
|
||||
// Dolibarr utilise toujours liens avec modulepart='fckeditor' quelque soit modulepart.
|
||||
// Ou se trouve donc cette valeur /viewimage.php?modulepart=fckeditor&file=' ?
|
||||
$modulepart = 'fckeditor';
|
||||
$this->editor->Config['UserFilesPath'] = '/viewimage.php?modulepart='.$modulepart.'&entity='.$conf->entity.'&file=';
|
||||
$this->editor->Config['UserFilesAbsolutePath'] = DOL_DATA_ROOT.'/'.$modulepart.'/';
|
||||
|
||||
$this->editor->Config['LinkBrowser'] = ($uselocalbrowser ? 'true' : 'false');
|
||||
$this->editor->Config['ImageBrowser'] = ($uselocalbrowser ? 'true' : 'false');
|
||||
|
||||
if (file_exists(DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/fckeditor/fckconfig.js'))
|
||||
{
|
||||
$this->editor->Config['CustomConfigurationsPath'] = DOL_URL_ROOT.'/theme/'.$conf->theme.'/fckeditor/fckconfig.js';
|
||||
$this->editor->Config['SkinPath'] = DOL_URL_ROOT.'/theme/'.$conf->theme.'/fckeditor/';
|
||||
}
|
||||
}*/
|
||||
|
||||
// Define some properties
|
||||
if (in_array($this->tool, array('textarea', 'ckeditor', 'ace')))
|
||||
{
|
||||
@ -172,7 +134,8 @@ class DolEditor
|
||||
{
|
||||
$found = 1;
|
||||
//$out.= '<textarea id="'.$this->htmlname.'" name="'.$this->htmlname.'" '.($this->readonly?' disabled':'').' rows="'.$this->rows.'"'.(preg_match('/%/',$this->cols)?' style="margin-top: 5px; width: '.$this->cols.'"':' cols="'.$this->cols.'"').' class="flat">';
|
||||
// TODO We do not put the disabled tag because on a read form, it change style with grey.
|
||||
// TODO We do not put the 'disabled' tag because on a read form, it change style with grey.
|
||||
//print $this->content;
|
||||
$out .= '<textarea id="'.$this->htmlname.'" name="'.$this->htmlname.'" rows="'.$this->rows.'"'.(preg_match('/%/', $this->cols) ? ' style="margin-top: 5px; width: '.$this->cols.'"' : ' cols="'.$this->cols.'"').' class="flat">';
|
||||
$out .= htmlspecialchars($this->content);
|
||||
$out .= '</textarea>';
|
||||
|
||||
@ -987,23 +987,32 @@ function dol_escape_js($stringtoescape, $mode = 0, $noescapebackslashn = 0)
|
||||
/**
|
||||
* Returns text escaped for inclusion in HTML alt or title tags, or into values of HTML input fields.
|
||||
*
|
||||
* @param string $stringtoescape String to escape
|
||||
* @param int $keepb 1=Preserve b tags (otherwise, remove them)
|
||||
* @param int $keepn 1=Preserve \r\n strings (otherwise, replace them with escaped value). Set to 1 when escaping for a <textarea>.
|
||||
* @param string $keepmoretags '' or 'common' or list of tags
|
||||
* @return string Escaped string
|
||||
* @param string $stringtoescape String to escape
|
||||
* @param int $keepb 1=Preserve b tags (otherwise, remove them)
|
||||
* @param int $keepn 1=Preserve \r\n strings (otherwise, replace them with escaped value). Set to 1 when escaping for a <textarea>.
|
||||
* @param string $keepmoretags '' or 'common' or list of tags
|
||||
* @param int $escapeonlyhtmltags 1=Escape only html tags, not the special chars like accents.
|
||||
* @return string Escaped string
|
||||
* @see dol_string_nohtmltag(), dol_string_nospecial(), dol_string_unaccent()
|
||||
*/
|
||||
function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $keepmoretags = '')
|
||||
function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $keepmoretags = '', $escapeonlyhtmltags = 0)
|
||||
{
|
||||
if ($keepmoretags == 'common') $keepmoretags = 'html,body,a,em,i,u,ul,li,br,div,img,font,p,span,strong,table,tr,td,th,tbody';
|
||||
// TODO Implement $keepmoretags
|
||||
|
||||
// escape quotes and backslashes, newlines, etc.
|
||||
$tmp = html_entity_decode($stringtoescape, ENT_COMPAT, 'UTF-8'); // TODO Use htmlspecialchars_decode instead, that make only required change for html tags
|
||||
if ($escapeonlyhtmltags) {
|
||||
$tmp = htmlspecialchars_decode($stringtoescape, ENT_COMPAT);
|
||||
} else {
|
||||
$tmp = html_entity_decode($stringtoescape, ENT_COMPAT, 'UTF-8');
|
||||
}
|
||||
if (!$keepb) $tmp = strtr($tmp, array("<b>"=>'', '</b>'=>''));
|
||||
if (!$keepn) $tmp = strtr($tmp, array("\r"=>'\\r', "\n"=>'\\n'));
|
||||
return htmlentities($tmp, ENT_COMPAT, 'UTF-8'); // TODO Use htmlspecialchars instead, that make only required change for html tags
|
||||
if ($escapeonlyhtmltags) {
|
||||
return htmlspecialchars($tmp, ENT_COMPAT, 'UTF-8');
|
||||
} else {
|
||||
return htmlentities($tmp, ENT_COMPAT, 'UTF-8');
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -5933,6 +5942,7 @@ function dol_textishtml($msg, $option = 0)
|
||||
{
|
||||
if (preg_match('/<html/i', $msg)) return true;
|
||||
elseif (preg_match('/<body/i', $msg)) return true;
|
||||
elseif (preg_match('/<\/textarea/i', $msg)) return true;
|
||||
elseif (preg_match('/<br/i', $msg)) return true;
|
||||
return false;
|
||||
}
|
||||
@ -5940,6 +5950,7 @@ function dol_textishtml($msg, $option = 0)
|
||||
{
|
||||
if (preg_match('/<html/i', $msg)) return true;
|
||||
elseif (preg_match('/<body/i', $msg)) return true;
|
||||
elseif (preg_match('/<\/textarea/i', $msg)) return true;
|
||||
elseif (preg_match('/<(b|em|i|u)>/i', $msg)) return true;
|
||||
elseif (preg_match('/<br\/>/i', $msg)) return true;
|
||||
elseif (preg_match('/<(br|div|font|li|p|span|strong|table)>/i', $msg)) return true;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user