lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

use dol_escape_htmltag

Browse Source
This commit is contained in:
John BOTELLA 2021-12-01 16:59:30 +01:00
parent e97e0e4f17
commit c0d00a859f
1 changed files with 2 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
htdocs/core/class/html.formsetup.class.php
View File

@ -103,17 +103,6 @@ class FormSetup
} }
} }
/**
* a quick method to sanitize html attributes
* @param string $var the string to sanitize
* @return string
*/
static public function sanitizeHtmlAttribute($var)
{
$var = preg_replace("/\r|\n/", "", $var);
return htmlspecialchars($var, ENT_QUOTES);
}
/** /**
* Generate an attributes string form an input array * Generate an attributes string form an input array
* @param array $attributes an array of attributes keys and values, * @param array $attributes an array of attributes keys and values,
@ -127,7 +116,7 @@ class FormSetup
if (is_array($value) || is_object($value)) { if (is_array($value) || is_object($value)) {
continue; continue;
} }
$Aattr[] = $attribute.'="'.self::sanitizeHtmlAttribute($value).'"'; $Aattr[] = $attribute.'="'.dol_escape_htmltag($value).'"';
} }
} }
@ -164,7 +153,7 @@ class FormSetup
// generate hidden values from $this->formHiddenInputs // generate hidden values from $this->formHiddenInputs
if (!empty($this->formHiddenInputs) && is_array($this->formHiddenInputs)) { if (!empty($this->formHiddenInputs) && is_array($this->formHiddenInputs)) {
foreach ($this->formHiddenInputs as $hiddenKey => $hiddenValue) { foreach ($this->formHiddenInputs as $hiddenKey => $hiddenValue) {
$out.= '<input type="hidden" name="'.self::sanitizeHtmlAttribute($hiddenKey).'" value="' . self::sanitizeHtmlAttribute($hiddenValue) . '">'; $out.= '<input type="hidden" name="'.dol_escape_htmltag($hiddenKey).'" value="' . dol_escape_htmltag($hiddenValue) . '">';
} }
} }
} }