lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: [Payments] Properly escape variable for JS

Browse Source 
The company name may contain reserved characters such as a quote
which needs proper escaping to prevent upsetting the JavaScript
interpreter.
This commit is contained in:
Raphaël Doursenaud 2017-02-17 16:16:41 +01:00
parent 7f21c3f3f2
commit b697da7399
No known key found for this signature in database
GPG Key ID: 6992A63407576955
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/compta/paiement.php
View File

@ -369,7 +369,7 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
}
if ($(\'#fieldchqemetteur\').val() == \'\')
{
var emetteur = ('.$facture->type.' == 2) ? \''.dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_NOM).'\' : jQuery(\'#thirdpartylabel\').val();
var emetteur = ('.$facture->type.' == 2) ? \''.dol_escape_js(dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_NOM)).'\' : jQuery(\'#thirdpartylabel\').val();
$(\'#fieldchqemetteur\').val(emetteur);
}
}