lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix xss

Browse Source
This commit is contained in:
Laurent Destailleur 2019-09-18 14:31:03 +02:00
parent 771104bc68
commit e52788eb75
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/user/card.php
View File

@ -209,7 +209,7 @@ if (empty($reshook)) {
$object->facebook = GETPOST("facebook", 'alphanohtml');
$object->email = preg_replace('/\s+/', '', GETPOST("email", 'alpha'));
$object->job = GETPOST("job", 'alphanohtml');
$object->job = GETPOST("job", 'nohtml');
$object->signature = GETPOST("signature", 'none');
$object->accountancy_code = GETPOST("accountancy_code", 'alphanohtml');
$object->note = GETPOST("note", 'none');
@ -358,7 +358,7 @@ if (empty($reshook)) {
$object->twitter = GETPOST("twitter", 'alpha');
$object->facebook = GETPOST("facebook", 'alpha');
$object->email = preg_replace('/\s+/', '', GETPOST("email", 'alpha'));
$object->job = GETPOST("job", 'alphanohtml');
$object->job = GETPOST("job", 'nohtml');
$object->signature = GETPOST("signature",'none');
$object->accountancy_code = GETPOST("accountancy_code",'alpha');
$object->openid = GETPOST("openid",'alpha');
@ -1156,7 +1156,7 @@ if ($action == 'create' || $action == 'adduserldap')
// Position/Job
print '<tr><td class="titlefieldcreate">'.$langs->trans("PostOrFunction").'</td>';
print '<td>';
print '<input class="maxwidth200" type="text" name="job" value="'.GETPOST('job', 'alphanohtml').'">';
print '<input class="maxwidth200" type="text" name="job" value="'.GETPOST('job', 'nohtml').'">';
print '</td></tr>';