From f871ade5452630ad12bab6608eb53e18fcdb870e Mon Sep 17 00:00:00 2001 From: Florian Mortgat Date: Mon, 7 Dec 2020 15:15:41 +0100 Subject: [PATCH] FIX 12.0 - the stringent XSS prodection provided by 'alphanohtml' causes problems with some clients who used basic tags (bold, italic, underline) in product labels. Using 'restricthtml' instead could be a good compromise. --- htdocs/product/card.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 8b4654ba921..8659e5bcc23 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -201,7 +201,7 @@ if (empty($reshook)) { $error = 0; - if (!GETPOST('label', 'alphanohtml')) + if (!GETPOST('label', 'restricthtml')) { setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentities('Label')), null, 'errors'); $action = "create"; @@ -225,7 +225,7 @@ if (empty($reshook)) $units = GETPOST('units', 'int'); $object->ref = $ref; - $object->label = GETPOST('label', 'alphanohtml'); + $object->label = GETPOST('label', 'restricthtml'); $object->price_base_type = GETPOST('price_base_type', 'aZ09'); if ($object->price_base_type == 'TTC') @@ -406,7 +406,7 @@ if (empty($reshook)) $object->oldcopy = clone $object; $object->ref = $ref; - $object->label = GETPOST('label', 'alphanohtml'); + $object->label = GETPOST('label', 'restricthtml'); $object->description = dol_htmlcleanlastbr(GETPOST('desc', 'none')); $object->url = GETPOST('url'); if (!empty($conf->global->MAIN_DISABLE_NOTES_TAB)) @@ -1005,7 +1005,7 @@ else print ''; // Label - print ''.$langs->trans("Label").''; + print ''.$langs->trans("Label").''; // On sell print ''.$langs->trans("Status").' ('.$langs->trans("Sell").')';