From ef8021467b337bd0a117264c3f3c7b14a3ff4ff8 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 6 Jan 2021 20:41:40 +0100
Subject: [PATCH] FIX #15892 #15017

---
 htdocs/core/lib/functions.lib.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 3bf47b7da7a..054d932a1f1 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -680,7 +680,8 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options =
 			if (!is_array($out)) {
 				// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
 				// '../' is dangerous because it allows dir transversals
-				$out = str_replace(array('&quot;', '"', '../'), '', trim($out));
+				$out = str_replace(array('&quot;', '"'), "''", trim($out));
+				$out = str_replace(array('../'), '', trim($out));
 				// keep lines feed
 				$out = dol_string_nohtmltag($out, 0);
 			}