Fix: escape double quotes into dol_html_escapetag
New: Passwords not reset into install page.
This commit is contained in:
Laurent Destailleur
parent
42c25a4c0c
commit
c273f9f698
@ -436,8 +436,8 @@ function dol_escape_htmltag($stringtoescape,$keepb=0)
|
||||
{
|
||||
// escape quotes and backslashes, newlines, etc.
|
||||
$tmp=dol_html_entity_decode($stringtoescape,ENT_COMPAT,'UTF-8');
|
||||
if ($keepb) $tmp=strtr($tmp, array('"'=>'',"\r"=>'\\r',"\n"=>'\\n'));
|
||||
else $tmp=strtr($tmp, array('"'=>'',"\r"=>'\\r',"\n"=>'\\n',"<b>"=>'','</b>'=>''));
|
||||
if ($keepb) $tmp=strtr($tmp, array("\r"=>'\\r',"\n"=>'\\n'));
|
||||
else $tmp=strtr($tmp, array("\r"=>'\\r',"\n"=>'\\n',"<b>"=>'','</b>'=>''));
|
||||
return dol_htmlentities($tmp,ENT_COMPAT,'UTF-8');
|
||||
}
|
||||
|
||||
|
||||
@ -384,9 +384,13 @@ if (! empty($force_install_message))
|
||||
<tr class="hidesqlite">
|
||||
<td class="label" valign="top"><b><?php echo $langs->trans("Password"); ?></b>
|
||||
</td>
|
||||
<td class="label" valign="top"><input type="password" id="db_pass"
|
||||
<td class="label" valign="top"><input type="text" id="db_pass" autocomplete="off"
|
||||
name="db_pass"
|
||||
value="<?php print (! empty($dolibarr_main_db_pass))?$dolibarr_main_db_pass:$force_install_databasepass; ?>"></td>
|
||||
value="<?php
|
||||
$autofill=((! empty($dolibarr_main_db_pass))?$dolibarr_main_db_pass:$force_install_databasepass);
|
||||
if ($dolibarr_main_prod) $autofill='';
|
||||
print dol_escape_htmltag($autofill);
|
||||
?>"></td>
|
||||
<td class="comment"><?php echo $langs->trans("AdminPassword"); ?></td>
|
||||
</tr>
|
||||
|
||||
@ -433,9 +437,13 @@ if (! empty($force_install_message))
|
||||
<tr class="hidesqlite">
|
||||
<td class="label" valign="top"><?php echo $langs->trans("Password"); ?>
|
||||
</td>
|
||||
<td class="label" valign="top"><input type="password"
|
||||
<td class="label" valign="top"><input type="text" autocomplete="off"
|
||||
id="db_pass_root" name="db_pass_root" class="needroot"
|
||||
value="<?php print (! empty($db_pass_root))?$db_pass_root:$force_install_databaserootpass; ?>"></td>
|
||||
value="<?php
|
||||
$autofill=((! empty($db_pass_root))?$db_pass_root:$force_install_databaserootpass);
|
||||
if ($dolibarr_main_prod) $autofill='';
|
||||
print dol_escape_htmltag($autofill);
|
||||
?>"></td>
|
||||
<td class="comment"><?php echo $langs->trans("KeepEmptyIfNoPassword"); ?>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
@ -357,6 +357,37 @@ class FunctionsTest extends PHPUnit_Framework_TestCase
|
||||
$this->assertEquals(7200-($tz*3600),$result); // Should be 7200 if we are at greenwich winter
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* testDolEscapeJs
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function testDolEscapeJs()
|
||||
{
|
||||
$input="x&<b>#</b>,\"'"; // " will be converted into '
|
||||
$result=dol_escape_js($input);
|
||||
$this->assertEquals("x&<b>#<\/b>,\'\'",$result);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* testDolEscapeHtmlTag
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function testDolEscapeHtmlTag()
|
||||
{
|
||||
$input='x&<b>#</b>,"'; // & and " are converted into html entities, <b> are removed
|
||||
$result=dol_escape_htmltag($input);
|
||||
$this->assertEquals('x&#,"',$result);
|
||||
|
||||
$input='x&<b>#</b>,"'; // & and " are converted into html entities, <b> are not removed
|
||||
$result=dol_escape_htmltag($input,1);
|
||||
$this->assertEquals('x&<b>#</b>,"',$result);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* testDolNow
|
||||
*
|
||||
|
||||
Loading…
Reference in New Issue
Block a user