lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '14.0' of git@github.com:Dolibarr/dolibarr.git into 15.0

Browse Source
This commit is contained in:
Laurent Destailleur 2022-01-17 08:59:34 +01:00
commit cfc39ebf0a
2 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/functions.lib.php
View File

@ -829,6 +829,8 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options =
// No need to use a loop here, this step is not to sanitize (this is done at next step, this is to try to save chars, even if they are
// using a non coventionnel way to be encoded, to not have them sanitized just after)
$out = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', 'realCharForNumericEntities', $out);
//$out = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', function ($m) { return realCharForNumericEntities($m); }, $out);
// Now we remove all remaining HTML entities starting with a number. We don't want such entities.
$out = preg_replace('/&#x?[0-9]+/i', '', $out); // For example if we have j&#x61vascript with an entities without the ; to hide the 'a' of 'javascript'.

22
htdocs/main.inc.php
View File

@ -1599,12 +1599,17 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr
dol_syslog("Warning: module ".$modcss." declared a css path file into its descriptor that is empty.", LOG_WARNING);
}
// cssfile is a relative path
print '<!-- Includes CSS added by module '.$modcss.' -->'."\n".'<link rel="stylesheet" type="text/css" href="'.dol_buildpath($cssfile, 1);
// We add params only if page is not static, because some web server setup does not return content type text/css if url has parameters, so browser cache is not used.
if (!preg_match('/\.css$/i', $cssfile)) {
print $themeparam;
$urlforcss = dol_buildpath($cssfile, 1);
if ($urlforcss) {
print '<!-- Includes CSS added by module '.$modcss.' -->'."\n".'<link rel="stylesheet" type="text/css" href="'.$urlforcss;
// We add params only if page is not static, because some web server setup does not return content type text/css if url has parameters, so browser cache is not used.
if (!preg_match('/\.css$/i', $cssfile)) {
print $themeparam;
}
print '">'."\n";
} else {
dol_syslog("Warning: module ".$modcss." declared a css path file for a file we can't find.", LOG_WARNING);
}
print '">'."\n";
}
}
}
@ -1738,7 +1743,12 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr
$filesjs = (array) $filesjs; // To be sure filejs is an array
foreach ($filesjs as $jsfile) {
// jsfile is a relative path
print '<!-- Include JS added by module '.$modjs.'-->'."\n".'<script src="'.dol_buildpath($jsfile, 1).((strpos($jsfile, '?') === false) ? '?' : '&amp;').'lang='.$langs->defaultlang.'"></script>'."\n";
$urlforjs = dol_buildpath($jsfile, 1);
if ($urlforjs) {
print '<!-- Include JS added by module '.$modjs.'-->'."\n".'<script src="'.$urlforjs.((strpos($jsfile, '?') === false) ? '?' : '&amp;').'lang='.$langs->defaultlang.'"></script>'."\n";
} else {
dol_syslog("Warning: module ".$modjs." declared a js path file for a file we can't find.", LOG_WARNING);
}
}
}
}