lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sanitize at creation of the product instead of the creation of the filepath

Browse Source
This commit is contained in:
atm-josselin 2019-07-01 09:31:01 +02:00
parent 7a17c43b26
commit c24a95b7ad
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/class/html.formfile.class.php
View File

@ -764,7 +764,7 @@ class FormFile
// Show file name with link to download
$out.= '<td class="minwidth200">';
$out.= '<a class="documentdownload paddingright" href="'.$documenturl.'?modulepart='.$modulepart.'&amp;file='.urlencode(dol_sanitizePathName($relativepath)).($param?'&'.$param:'').'"';
$out.= '<a class="documentdownload paddingright" href="'.$documenturl.'?modulepart='.$modulepart.'&amp;file='.urlencode($relativepath).($param?'&'.$param:'').'"';
$mime=dol_mimetype($relativepath,'',0);
if (preg_match('/text/',$mime)) $out.= ' target="_blank"';
$out.= '>';

2
htdocs/product/class/product.class.php
View File

@ -429,7 +429,7 @@ class Product extends CommonObject
$error=0;
// Clean parameters
$this->ref = dol_string_nospecial(trim($this->ref));
$this->ref = dol_sanitizeFileName(dol_string_nospecial(trim($this->ref)));
$this->label = trim($this->label);
$this->price_ttc=price2num($this->price_ttc);
$this->price=price2num($this->price);