Add nonce on javascript tags
This commit is contained in:
Laurent Destailleur
parent
2168578f2e
commit
fdcce8d263
@ -448,7 +448,7 @@ if ($useajax || $action == 'deletefile') {
|
||||
|
||||
if ($useajax) {
|
||||
print '<!-- ajaxdirpreview.php: js to manage preview of doc -->'."\n";
|
||||
print '<script type="text/javascript">';
|
||||
print '<script nonce="'.getNonce().'" type="text/javascript">';
|
||||
|
||||
// Enable jquery handlers on new generated HTML objects (same code than into lib_footer.js.php)
|
||||
// Because the content is reloaded by ajax call, we must also reenable some jquery hooks
|
||||
|
||||
@ -155,7 +155,7 @@ if (!empty($conf->use_javascript_ajax) && empty($conf->global->MAIN_ECM_DISABLE_
|
||||
// Enable jquery handlers on new generated HTML objects (same code than into lib_footer.js.php)
|
||||
// Because the content is reloaded by ajax call, we must also reenable some jquery hooks
|
||||
print "\n<!-- JS CODE TO ENABLE Tooltips on all object with class classfortooltip (reload into ajaxdirtree) -->\n";
|
||||
print '<script type="text/javascript">
|
||||
print '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
jQuery(document).ready(function () {
|
||||
jQuery(".classfortooltip").tooltip({
|
||||
show: { collision: "flipfit", effect:\'toggle\', delay:50 },
|
||||
@ -169,7 +169,7 @@ if (!empty($conf->use_javascript_ajax) && empty($conf->global->MAIN_ECM_DISABLE_
|
||||
</script>';
|
||||
|
||||
// This ajax service is called only when a directory $selecteddir is opened but not when closed.
|
||||
//print '<script type="text/javascript">';
|
||||
//print '<script nonce="'.getNonce().'" type="text/javascript">';
|
||||
//print "loadandshowpreview('".dol_escape_js($selecteddir)."');";
|
||||
//print '</script>';
|
||||
}
|
||||
|
||||
@ -256,7 +256,7 @@ class box_actions extends ModeleBoxes
|
||||
}
|
||||
$out .= '</div>';
|
||||
if ($actioncejour) {
|
||||
$out .= '<script>';
|
||||
$out .= '<script nonce="'.getNonce().'">';
|
||||
$out .= '$("#dialogboxaction").dialog({ autoOpen: true });';
|
||||
if ($conf->global->SHOW_DIALOG_HOMEPAGE > 1) { // autoclose after this delay
|
||||
$out .= 'setTimeout(function(){';
|
||||
@ -265,7 +265,7 @@ class box_actions extends ModeleBoxes
|
||||
}
|
||||
$out .= '</script>';
|
||||
} else {
|
||||
$out .= '<script>';
|
||||
$out .= '<script nonce="'.getNonce().'">';
|
||||
$out .= '$("#dialogboxaction").dialog({ autoOpen: false });';
|
||||
$out .= '</script>';
|
||||
}
|
||||
|
||||
@ -227,7 +227,7 @@ class box_graph_invoices_permonth extends ModeleBoxes
|
||||
|
||||
if (!$mesg) {
|
||||
$stringtoshow = '';
|
||||
$stringtoshow .= '<script type="text/javascript">
|
||||
$stringtoshow .= '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
jQuery(document).ready(function() {
|
||||
jQuery("#idsubimg'.$this->boxcode.'").click(function() {
|
||||
jQuery("#idfilter'.$this->boxcode.'").toggle();
|
||||
|
||||
@ -172,7 +172,7 @@ class box_graph_invoices_peryear extends ModeleBoxes
|
||||
|
||||
if (!$mesg) {
|
||||
$stringtoshow = '';
|
||||
$stringtoshow .= '<script type="text/javascript" language="javascript">
|
||||
$stringtoshow .= '<script nonce="'.getNonce().'" type="text/javascript" language="javascript">
|
||||
jQuery(document).ready(function() {
|
||||
jQuery("#idsubimg'.$this->boxcode.'").click(function() {
|
||||
jQuery("#idfilter'.$this->boxcode.'").toggle();
|
||||
|
||||
@ -223,7 +223,7 @@ class box_graph_invoices_supplier_permonth extends ModeleBoxes
|
||||
|
||||
if (!$mesg) {
|
||||
$stringtoshow = '';
|
||||
$stringtoshow .= '<script type="text/javascript">
|
||||
$stringtoshow .= '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
jQuery(document).ready(function() {
|
||||
jQuery("#idsubimg'.$this->boxcode.'").click(function() {
|
||||
jQuery("#idfilter'.$this->boxcode.'").toggle();
|
||||
|
||||
@ -139,7 +139,7 @@ class box_graph_nb_ticket_last_x_days extends ModeleBoxes
|
||||
dol_print_error($this->db);
|
||||
}
|
||||
$stringtoshow = '<div class="div-table-responsive-no-min">';
|
||||
$stringtoshow .= '<script type="text/javascript">
|
||||
$stringtoshow .= '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
jQuery(document).ready(function() {
|
||||
jQuery("#idsubimgDOLUSERCOOKIE_ticket_last_days").click(function() {
|
||||
jQuery("#idfilterDOLUSERCOOKIE_ticket_last_days").toggle();
|
||||
|
||||
@ -228,7 +228,7 @@ class box_graph_orders_permonth extends ModeleBoxes
|
||||
|
||||
if (!$mesg) {
|
||||
$stringtoshow = '';
|
||||
$stringtoshow .= '<script type="text/javascript">
|
||||
$stringtoshow .= '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
jQuery(document).ready(function() {
|
||||
jQuery("#idsubimg'.$this->boxcode.'").click(function() {
|
||||
jQuery("#idfilter'.$this->boxcode.'").toggle();
|
||||
|
||||
@ -227,7 +227,7 @@ class box_graph_orders_supplier_permonth extends ModeleBoxes
|
||||
|
||||
if (!$mesg) {
|
||||
$stringtoshow = '';
|
||||
$stringtoshow .= '<script type="text/javascript">
|
||||
$stringtoshow .= '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
jQuery(document).ready(function() {
|
||||
jQuery("#idsubimg'.$this->boxcode.'").click(function() {
|
||||
jQuery("#idfilter'.$this->boxcode.'").toggle();
|
||||
|
||||
@ -352,7 +352,7 @@ class box_graph_product_distribution extends ModeleBoxes
|
||||
|
||||
if (!$mesg) {
|
||||
$stringtoshow = '';
|
||||
$stringtoshow .= '<script type="text/javascript">
|
||||
$stringtoshow .= '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
jQuery(document).ready(function() {
|
||||
jQuery("#idsubimg'.$this->boxcode.'").click(function() {
|
||||
jQuery("#idfilter'.$this->boxcode.'").toggle();
|
||||
|
||||
@ -231,7 +231,7 @@ class box_graph_propales_permonth extends ModeleBoxes
|
||||
|
||||
if (!$mesg) {
|
||||
$stringtoshow = '';
|
||||
$stringtoshow .= '<script type="text/javascript">
|
||||
$stringtoshow .= '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
jQuery(document).ready(function() {
|
||||
jQuery("#idsubimg'.$this->boxcode.'").click(function() {
|
||||
jQuery("#idfilter'.$this->boxcode.'").toggle();
|
||||
|
||||
@ -126,7 +126,7 @@ class box_task extends ModeleBoxes
|
||||
$boxcontent .= '</form>'."\n";
|
||||
$boxcontent .= '</div>'."\n";
|
||||
if (!empty($conf->use_javascript_ajax)) {
|
||||
$boxcontent .= '<script type="text/javascript">
|
||||
$boxcontent .= '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
jQuery(document).ready(function() {
|
||||
jQuery("#idsubimg'.$this->boxcode.'").click(function() {
|
||||
jQuery(".showiffilter'.$this->boxcode.'").toggle();
|
||||
@ -134,7 +134,7 @@ class box_task extends ModeleBoxes
|
||||
});
|
||||
</script>';
|
||||
// set cookie by js
|
||||
$boxcontent .= '<script>date = new Date(); date.setTime(date.getTime()+(30*86400000)); document.cookie = "'.$cookie_name.'='.$filterValue.'; expires= " + date.toGMTString() + "; path=/ "; </script>';
|
||||
$boxcontent .= '<script nonce="'.getNonce().'">date = new Date(); date.setTime(date.getTime()+(30*86400000)); document.cookie = "'.$cookie_name.'='.$filterValue.'; expires= " + date.toGMTString() + "; path=/ "; </script>';
|
||||
}
|
||||
$this->info_box_contents[0][] = array(
|
||||
'tr' => 'class="nohover showiffilter'.$this->boxcode.' hideobject"',
|
||||
|
||||
@ -7443,7 +7443,7 @@ abstract class CommonObject
|
||||
|
||||
if (!empty($conf->use_javascript_ajax)) {
|
||||
$out .= '
|
||||
<script>
|
||||
<script nonce="'.getNonce().'">
|
||||
$(document).ready(function() {
|
||||
$("a#'.dol_escape_js($keyprefix.$key.$keysuffix).'_add").click(function() {
|
||||
$("'.dol_escape_js($newInput).'").insertBefore(this);
|
||||
@ -8450,7 +8450,7 @@ abstract class CommonObject
|
||||
public function getJSListDependancies($type = '_extra')
|
||||
{
|
||||
$out = '
|
||||
<script>
|
||||
<script nonce="'.getNonce().'">
|
||||
jQuery(document).ready(function() {
|
||||
function showOptions'.$type.'(child_list, parent_list, orig_select)
|
||||
{
|
||||
|
||||
@ -79,7 +79,7 @@ trait CommonSocialNetworks
|
||||
print '<tr><td'.($colspan ? ' colspan="'.$colspan.'"' : '').'><hr></td></tr>';
|
||||
|
||||
if ($nbofnetworks > 1) {
|
||||
print '<script type="text/javascript">
|
||||
print '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
$("document").ready(function() { toogleSocialNetwork(false); });
|
||||
|
||||
jQuery(".socialnetworklnk").click(function() {
|
||||
|
||||
@ -180,7 +180,7 @@ class DolEditor
|
||||
$htmlencode_force = preg_match('/_encoded$/', $this->toolbarname) ? 'true' : 'false';
|
||||
|
||||
$out .= '<!-- Output ckeditor $disallowAnyContent='.dol_escape_htmltag($disallowAnyContent).' toolbarname='.dol_escape_htmltag($this->toolbarname).' -->'."\n";
|
||||
$out .= '<script type="text/javascript">
|
||||
$out .= '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
$(document).ready(function () {
|
||||
/* console.log("Run ckeditor"); */
|
||||
/* if (CKEDITOR.loadFullCore) CKEDITOR.loadFullCore(); */
|
||||
@ -260,7 +260,7 @@ class DolEditor
|
||||
$out .= '<div class="aceeditorstatusbar" id="statusBar'.$this->htmlname.'">'.$titlecontent;
|
||||
$out .= ' - <a id="morelines" href="#" class="right morelines'.$this->htmlname.' reposition">'.dol_escape_htmltag($langs->trans("ShowMoreLines")).'</a> ';
|
||||
$out .= '</div>';
|
||||
$out .= '<script type="text/javascript">'."\n";
|
||||
$out .= '<script nonce="'.getNonce().'" type="text/javascript">'."\n";
|
||||
$out .= 'jQuery(document).ready(function() {'."\n";
|
||||
$out .= ' var aceEditor = window.ace.edit("'.$this->htmlname.'aceeditorid");
|
||||
aceEditor.moveCursorTo('.($this->posy+1).','.$this->posx.');
|
||||
@ -302,7 +302,7 @@ class DolEditor
|
||||
$out .= htmlspecialchars($this->content);
|
||||
$out .= '</textarea>';
|
||||
|
||||
$out .= '<script type="text/javascript">'."\n";
|
||||
$out .= '<script nonce="'.getNonce().'" type="text/javascript">'."\n";
|
||||
$out .= 'var aceEditor = window.ace.edit("'.$this->htmlname.'aceeditorid");
|
||||
|
||||
aceEditor.session.setMode("ace/mode/'.$format.'");
|
||||
|
||||
@ -831,7 +831,7 @@ class DolGraph
|
||||
}
|
||||
$this->stringtoshow .= '<div id="placeholder_' . $tag . '" style="width:' . $this->width . 'px;height:' . $this->height . 'px;" class="dolgraph' . (empty($dolxaxisvertical) ? '' : ' ' . $dolxaxisvertical) . (empty($this->cssprefix) ? '' : ' dolgraph' . $this->cssprefix) . ' center"></div>' . "\n";
|
||||
|
||||
$this->stringtoshow .= '<script id="' . $tag . '">' . "\n";
|
||||
$this->stringtoshow .= '<script nonce="'.getNonce().'" id="' . $tag . '">' . "\n";
|
||||
$this->stringtoshow .= '$(function () {' . "\n";
|
||||
$i = $firstlot;
|
||||
if ($nblot < 0) {
|
||||
@ -1146,7 +1146,7 @@ class DolGraph
|
||||
}
|
||||
$this->stringtoshow .= '<div id="placeholder_' . $tag . '" style="min-height: ' . $this->height . (strpos($this->height, '%') > 0 ? '' : 'px') . '; width:' . $this->width . (strpos($this->width, '%') > 0 ? '' : 'px') . ';" class="' . $cssfordiv . ' dolgraph' . (empty($dolxaxisvertical) ? '' : ' ' . $dolxaxisvertical) . (empty($this->cssprefix) ? '' : ' dolgraph' . $this->cssprefix) . ' center"><canvas id="canvas_' . $tag . '"></canvas></div>' . "\n";
|
||||
|
||||
$this->stringtoshow .= '<script id="' . $tag . '">' . "\n";
|
||||
$this->stringtoshow .= '<script nonce="'.getNonce().'" id="' . $tag . '">' . "\n";
|
||||
$i = $firstlot;
|
||||
if ($nblot < 0) {
|
||||
$this->stringtoshow .= '<!-- No series of data -->';
|
||||
|
||||
@ -2018,7 +2018,7 @@ class ExtraFields
|
||||
|
||||
if (!empty($conf->use_javascript_ajax)) {
|
||||
$out .= '<!-- Add js script to manage the collapse/uncollapse of extrafields separators '.$key.' -->'."\n";
|
||||
$out .= '<script type="text/javascript">'."\n";
|
||||
$out .= '<script nonce="'.getNonce().'" type="text/javascript">'."\n";
|
||||
$out .= 'jQuery(document).ready(function(){'."\n";
|
||||
if (empty($disabledcookiewrite)) {
|
||||
if ($expand_display === false) {
|
||||
|
||||
@ -452,7 +452,7 @@ class Form
|
||||
$result .= $resultforextrlang;
|
||||
|
||||
$result .= '</div>';
|
||||
$result .= '<script>$(".image-'.$object->element.'-'.$fieldname.'").click(function() { console.log("Toggle lang widget"); jQuery(".field-'.$object->element.'-'.$fieldname.'").toggle(); });</script>';
|
||||
$result .= '<script nonce="'.getNonce().'">$(".image-'.$object->element.'-'.$fieldname.'").click(function() { console.log("Toggle lang widget"); jQuery(".field-'.$object->element.'-'.$fieldname.'").toggle(); });</script>';
|
||||
}
|
||||
|
||||
return $result;
|
||||
@ -833,7 +833,7 @@ class Form
|
||||
|
||||
if (!empty($conf->use_javascript_ajax)) {
|
||||
$ret .= '<!-- JS CODE TO ENABLE mass action select -->
|
||||
<script>
|
||||
<script nonce="'.getNonce().'">
|
||||
function initCheckForSelect(mode, name, cssclass) /* mode is 0 during init of page or click all, 1 when we click on 1 checkboxi, "name" refers to the class of the massaction button, "cssclass" to the class of the checkfor select boxes */
|
||||
{
|
||||
atleastoneselected=0;
|
||||
@ -2261,7 +2261,7 @@ class Form
|
||||
// Method with no ajax
|
||||
if ($action != 'view') {
|
||||
$out .= '<input type="hidden" class="removedassignedhidden" name="removedassigned" value="">';
|
||||
$out .= '<script type="text/javascript">jQuery(document).ready(function () {';
|
||||
$out .= '<script nonce="'.getNonce().'" type="text/javascript">jQuery(document).ready(function () {';
|
||||
$out .= 'jQuery(".removedassigned").click(function() { jQuery(".removedassignedhidden").val(jQuery(this).val()); });';
|
||||
$out .= 'jQuery(".assignedtouser").change(function() { console.log(jQuery(".assignedtouser option:selected").val());';
|
||||
$out .= ' if (jQuery(".assignedtouser option:selected").val() > 0) { jQuery("#'.$action.'assignedtouser").attr("disabled", false); }';
|
||||
@ -2353,7 +2353,7 @@ class Form
|
||||
// when a parent of variant has been selected.
|
||||
$out .= '
|
||||
<!-- script to auto show attributes select tags if a variant was selected -->
|
||||
<script>
|
||||
<script nonce="'.getNonce().'">
|
||||
// auto show attributes fields
|
||||
selected = '.json_encode($selected_combinations).';
|
||||
combvalues = {};
|
||||
@ -4210,7 +4210,7 @@ class Form
|
||||
$out .= '<input id="'.$htmlname.'_deposit_percent" name="'.$htmlname.'_deposit_percent" class="maxwidth50" value="' . $deposit_percent . '" />';
|
||||
$out .= '</span>';
|
||||
$out .= '
|
||||
<script>
|
||||
<script nonce="'.getNonce().'">
|
||||
$(document).ready(function () {
|
||||
$("#' . $htmlname . '").change(function () {
|
||||
let $selected = $(this).find("option:selected");
|
||||
@ -5005,7 +5005,7 @@ class Form
|
||||
* Easiest way to use this is with useajax=1.
|
||||
* If you use useajax='xxx', you must also add jquery code to trigger opening of box (with correct parameters)
|
||||
* just after calling this method. For example:
|
||||
* print '<script type="text/javascript">'."\n";
|
||||
* print '<script nonce="'.getNonce().'" type="text/javascript">'."\n";
|
||||
* print 'jQuery(document).ready(function() {'."\n";
|
||||
* print 'jQuery(".xxxlink").click(function(e) { jQuery("#aparamid").val(jQuery(this).attr("rel")); jQuery("#dialog-confirm-xxx").dialog("open"); return false; });'."\n";
|
||||
* print '});'."\n";
|
||||
@ -5238,7 +5238,7 @@ class Form
|
||||
$formconfirm .= '</div>'."\n";
|
||||
|
||||
$formconfirm .= "\n<!-- begin code of popup for formconfirm page=".$page." -->\n";
|
||||
$formconfirm .= '<script type="text/javascript">'."\n";
|
||||
$formconfirm .= '<script nonce="'.getNonce().'" type="text/javascript">'."\n";
|
||||
$formconfirm .= "/* Code for the jQuery('#dialogforpopup').dialog() */\n";
|
||||
$formconfirm .= 'jQuery(document).ready(function() {
|
||||
$(function() {
|
||||
@ -5398,7 +5398,7 @@ class Form
|
||||
|
||||
if (!empty($conf->use_javascript_ajax)) {
|
||||
$formconfirm .= '<!-- code to disable button to avoid double clic -->';
|
||||
$formconfirm .= '<script type="text/javascript">'."\n";
|
||||
$formconfirm .= '<script nonce="'.getNonce().'" type="text/javascript">'."\n";
|
||||
$formconfirm .= '
|
||||
$(document).ready(function () {
|
||||
$(".confirmvalidatebutton").on("click", function() {
|
||||
@ -6644,7 +6644,7 @@ class Form
|
||||
$minYear = getDolGlobalInt('MIN_YEAR_SELECT_DATE', (date('Y') - 100));
|
||||
$maxYear = getDolGlobalInt('MAX_YEAR_SELECT_DATE', (date('Y') + 100));
|
||||
|
||||
$retstring .= "<script type='text/javascript'>";
|
||||
$retstring .= '<script nonce="'.getNonce().'" type="text/javascript">';
|
||||
$retstring .= "$(function(){ $('#".$prefix."').datepicker({
|
||||
dateFormat: '".$langs->trans("FormatDateShortJQueryInput")."',
|
||||
autoclose: true,
|
||||
@ -6684,7 +6684,7 @@ class Form
|
||||
if (!$disabled) {
|
||||
/* Not required. Managed by option buttonImage of jquery
|
||||
$retstring.=img_object($langs->trans("SelectDate"),'calendarday','id="'.$prefix.'id" class="datecallink"');
|
||||
$retstring.="<script type='text/javascript'>";
|
||||
$retstring.='<script nonce="'.getNonce().'" type="text/javascript">';
|
||||
$retstring.="jQuery(document).ready(function() {";
|
||||
$retstring.=' jQuery("#'.$prefix.'id").click(function() {';
|
||||
$retstring.=" jQuery('#".$prefix."').focus();";
|
||||
@ -8235,7 +8235,7 @@ class Form
|
||||
if (!empty($conf->use_javascript_ajax)) {
|
||||
$tmpplugin = 'select2';
|
||||
$outdelayed = "\n".'<!-- JS CODE TO ENABLE '.$tmpplugin.' for id '.$htmlname.' -->
|
||||
<script>
|
||||
<script nonce="'.getNonce().'">
|
||||
$(document).ready(function () {
|
||||
|
||||
'.($callurlonselect ? 'var saveRemoteData = [];' : '').'
|
||||
@ -8349,7 +8349,7 @@ class Form
|
||||
if (!empty($conf->use_javascript_ajax)) {
|
||||
$tmpplugin = 'select2';
|
||||
$outdelayed = "\n".'<!-- JS CODE TO ENABLE '.$tmpplugin.' for id '.$htmlname.' -->
|
||||
<script>
|
||||
<script nonce="'.getNonce().'">
|
||||
$(document).ready(function () {
|
||||
var data = '.json_encode($formattedarrayresult).';
|
||||
|
||||
@ -8501,7 +8501,7 @@ class Form
|
||||
// Add code for jquery to use multiselect
|
||||
if (!empty($conf->use_javascript_ajax) && !empty($conf->global->MAIN_USE_JQUERY_MULTISELECT) || defined('REQUIRE_JQUERY_MULTISELECT')) {
|
||||
$out .= "\n".'<!-- JS CODE TO ENABLE select for id '.$htmlname.', addjscombo='.$addjscombo.' -->';
|
||||
$out .= "\n".'<script>'."\n";
|
||||
$out .= "\n".'<script nonce="'.getNonce().'">'."\n";
|
||||
if ($addjscombo == 1) {
|
||||
$tmpplugin = empty($conf->global->MAIN_USE_JQUERY_MULTISELECT) ?constant('REQUIRE_JQUERY_MULTISELECT') : $conf->global->MAIN_USE_JQUERY_MULTISELECT;
|
||||
$out .= 'function formatResult(record, container) {'."\n";
|
||||
@ -8645,7 +8645,7 @@ class Form
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
<script type="text/javascript">
|
||||
<script nonce="'.getNonce().'" type="text/javascript">
|
||||
jQuery(document).ready(function () {
|
||||
$(\'.multiselectcheckbox'.$htmlname.' input[type="checkbox"]\').on(\'click\', function () {
|
||||
console.log("A new field was added/removed, we edit field input[name=formfilteraction]");
|
||||
@ -9100,7 +9100,7 @@ class Form
|
||||
|
||||
if (!empty($conf->use_javascript_ajax)) {
|
||||
print '<!-- Add js to show linkto box -->
|
||||
<script>
|
||||
<script nonce="'.getNonce().'">
|
||||
jQuery(document).ready(function() {
|
||||
jQuery(".linkto").click(function() {
|
||||
console.log("We choose to show/hide links for rel="+jQuery(this).attr(\'rel\')+" so #"+jQuery(this).attr(\'rel\')+"list");
|
||||
@ -9819,7 +9819,7 @@ class Form
|
||||
if (!empty($conf->use_javascript_ajax)) {
|
||||
$out .= '<div class="inline-block checkallactions"><input type="checkbox" id="'.$cssclass.'s" name="'.$cssclass.'s" class="checkallactions"></div>';
|
||||
}
|
||||
$out .= '<script>
|
||||
$out .= '<script nonce="'.getNonce().'">
|
||||
$(document).ready(function() {
|
||||
$("#' . $cssclass.'s").click(function() {
|
||||
if($(this).is(\':checked\')){
|
||||
@ -9910,7 +9910,7 @@ class Form
|
||||
if ($resql) {
|
||||
if ($this->db->num_rows($resql) > 0) {
|
||||
$obj = $this->db->fetch_object($resql);
|
||||
$out .= '<script>
|
||||
$out .= '<script nonce="'.getNonce().'">
|
||||
$(function() {
|
||||
$("select[name='.$target.']").on("change", function() {
|
||||
var current_val = $(this).val();
|
||||
@ -10470,7 +10470,7 @@ class Form
|
||||
|
||||
if ($dol_openinpopup) {
|
||||
$retstring .= '<!-- buttons are shown into a $dol_openinpopup='.$dol_openinpopup.' context, so we enable the close of dialog on cancel -->'."\n";
|
||||
$retstring .= '<script>';
|
||||
$retstring .= '<script nonce="'.getNonce().'">';
|
||||
$retstring .= 'jQuery(".button-cancel").click(function(e) {
|
||||
e.preventDefault(); console.log(\'We click on cancel in iframe popup '.$dol_openinpopup.'\');
|
||||
window.parent.jQuery(\'#idfordialog'.$dol_openinpopup.'\').dialog(\'close\');
|
||||
|
||||
@ -518,7 +518,7 @@ class FormAccounting extends Form
|
||||
$out .= Form::selectarray($htmlname, $aux_account, $selectid, ($showempty ? (is_numeric($showempty) ? 1 : $showempty): 0), 0, 0, '', 0, 0, 0, '', $morecss, 1);
|
||||
//automatic filling if we give the name of the subledger_label input
|
||||
if (!empty($conf->use_javascript_ajax) && !empty($labelhtmlname)) {
|
||||
$out .= '<script>
|
||||
$out .= '<script nonce="'.getNonce().'">
|
||||
jQuery(document).ready(() => {
|
||||
$("#'.$htmlname.'").on("select2:select", function(e) {
|
||||
var regExp = /\(([^)]+)\)/;
|
||||
|
||||
@ -79,7 +79,8 @@ class FormActions
|
||||
|
||||
if (!empty($conf->use_javascript_ajax)) {
|
||||
print "\n";
|
||||
print "<script type=\"text/javascript\">
|
||||
print '<script nonce="'.getNonce().'" type="text/javascript">';
|
||||
print "
|
||||
var htmlname = '".$htmlname."';
|
||||
|
||||
$(document).ready(function () {
|
||||
|
||||
@ -67,7 +67,7 @@ class FormBarCode
|
||||
$disable = '';
|
||||
|
||||
if (!empty($conf->use_javascript_ajax)) {
|
||||
print "\n".'<script type="text/javascript">';
|
||||
print "\n".'<script nonce="'.getNonce().'" type="text/javascript">';
|
||||
print 'jQuery(document).ready(function () {
|
||||
jQuery("#select'.$idForm.'").change(function() {
|
||||
var formName = document.getElementById("form'.$idForm.'");
|
||||
|
||||
@ -645,7 +645,7 @@ class FormCompany extends Form
|
||||
$events[] = array('method' => 'getContacts', 'url' => dol_buildpath('/core/ajax/contacts.php', 1), 'htmlname' => 'contactid', 'params' => array('add-customer-contact' => 'disabled'));
|
||||
|
||||
if (count($events)) { // If there is some ajax events to run once selection is done, we add code here to run events
|
||||
print '<script type="text/javascript">
|
||||
print '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
jQuery(document).ready(function() {
|
||||
$("#search_'.$htmlname.'").change(function() {
|
||||
var obj = '.json_encode($events).';
|
||||
|
||||
@ -423,7 +423,7 @@ class FormFile
|
||||
if (preg_match('/massfilesarea_/', $modulepart)) {
|
||||
$out .= '<div id="show_files"><br></div>'."\n";
|
||||
$title = $langs->trans("MassFilesArea").' <a href="" id="togglemassfilesarea" ref="shown">('.$langs->trans("Hide").')</a>';
|
||||
$title .= '<script>
|
||||
$title .= '<script nonce="'.getNonce().'">
|
||||
jQuery(document).ready(function() {
|
||||
jQuery(\'#togglemassfilesarea\').click(function() {
|
||||
if (jQuery(\'#togglemassfilesarea\').attr(\'ref\') == "shown")
|
||||
|
||||
@ -793,7 +793,7 @@ class FormMail extends Form
|
||||
if (is_numeric($this->withfile)) {
|
||||
// TODO Trick to have param removedfile containing nb of file to delete. But this does not works without javascript
|
||||
$out .= '<input type="hidden" class="removedfilehidden" name="removedfile" value="">'."\n";
|
||||
$out .= '<script type="text/javascript">';
|
||||
$out .= '<script nonce="'.getNonce().'" type="text/javascript">';
|
||||
$out .= 'jQuery(document).ready(function () {';
|
||||
$out .= ' jQuery(".removedfile").click(function() {';
|
||||
$out .= ' jQuery(".removedfilehidden").val(jQuery(this).val());';
|
||||
@ -1001,7 +1001,7 @@ class FormMail extends Form
|
||||
|
||||
// Disable enter key if option MAIN_MAILFORM_DISABLE_ENTERKEY is set
|
||||
if (!empty($conf->global->MAIN_MAILFORM_DISABLE_ENTERKEY)) {
|
||||
$out .= '<script type="text/javascript">';
|
||||
$out .= '<script nonce="'.getNonce().'" type="text/javascript">';
|
||||
$out .= 'jQuery(document).ready(function () {';
|
||||
$out .= ' $(document).on("keypress", \'#mailform\', function (e) { /* Note this is called at every key pressed ! */
|
||||
var code = e.keyCode || e.which;
|
||||
|
||||
@ -224,13 +224,13 @@ class FormMargin
|
||||
print '<span id="showMarginInfos" class="linkobject valignmiddle ' . (!empty($hidemargininfos) ? '' : 'hideobject') . '">' . img_picto($langs->trans("Disabled"), 'switch_off') . '</span>';
|
||||
print '<span id="hideMarginInfos" class="linkobject valignmiddle ' . (!empty($hidemargininfos) ? 'hideobject' : '') . '">' . img_picto($langs->trans("Enabled"), 'switch_on') . '</span>';
|
||||
|
||||
print '<script>$(document).ready(function() {
|
||||
$("span#showMarginInfos").click(function() { console.log("click on showMargininfos"); date = new Date(); date.setTime(date.getTime()+(30*86400000)); document.cookie = "DOLUSER_MARGININFO_HIDE_SHOW=0; expires=" + date.toGMTString() + "; path=/ "; $(".margintable").show(); $("span#showMarginInfos").addClass("hideobject"); $("span#hideMarginInfos").removeClass("hideobject"); });
|
||||
$("span#hideMarginInfos").click(function() { console.log("click on hideMarginInfos"); date = new Date(); date.setTime(date.getTime()+(30*86400000)); document.cookie = "DOLUSER_MARGININFO_HIDE_SHOW=1; expires=" + date.toGMTString() + "; path=/ "; $(".margintable").hide(); $("span#hideMarginInfos").addClass("hideobject"); $("span#showMarginInfos").removeClass("hideobject"); });
|
||||
});</script>';
|
||||
print '<script nonce="'.getNonce().'">$(document).ready(function() {';
|
||||
print '$("span#showMarginInfos").click(function() { console.log("click on showMargininfos"); date = new Date(); date.setTime(date.getTime()+(30*86400000)); document.cookie = "DOLUSER_MARGININFO_HIDE_SHOW=0; expires=" + date.toGMTString() + "; path=/ "; $(".margintable").show(); $("span#showMarginInfos").addClass("hideobject"); $("span#hideMarginInfos").removeClass("hideobject"); });';
|
||||
print '$("span#hideMarginInfos").click(function() { console.log("click on hideMarginInfos"); date = new Date(); date.setTime(date.getTime()+(30*86400000)); document.cookie = "DOLUSER_MARGININFO_HIDE_SHOW=1; expires=" + date.toGMTString() + "; path=/ "; $(".margintable").hide(); $("span#hideMarginInfos").addClass("hideobject"); $("span#showMarginInfos").removeClass("hideobject"); });';
|
||||
if (!empty($hidemargininfos)) {
|
||||
print '<script>$(document).ready(function() { console.log("hide the margin info"); $("#margintable").hide(); });</script>';
|
||||
print 'console.log("hide the margin info"); $("#margintable").hide();';
|
||||
}
|
||||
print '});</script>';
|
||||
}
|
||||
|
||||
print '<div class="div-table-responsive-no-min">';
|
||||
|
||||
@ -104,7 +104,7 @@ class FormOther
|
||||
$out .= '<br>';
|
||||
$out .= '<div type="text" id="scantoolmessage" class="scantoolmessage ok nopadding"></div>';
|
||||
|
||||
$out .= '<script>';
|
||||
$out .= '<script nonce="'.getNonce().'">';
|
||||
$out .= 'jQuery("#barcodeforautodetect, #barcodeforproduct, #barcodeforlotserial").click(function(){';
|
||||
$out .= 'console.log("select choice");';
|
||||
$out .= 'jQuery("#scantoolmessage").text("");';
|
||||
@ -847,8 +847,8 @@ class FormOther
|
||||
$langs->load("other");
|
||||
if (empty($conf->dol_use_jmobile) && !empty($conf->use_javascript_ajax)) {
|
||||
$out .= '<link rel="stylesheet" media="screen" type="text/css" href="'.DOL_URL_ROOT.'/includes/jquery/plugins/jpicker/css/jPicker-1.1.6.css" />';
|
||||
$out .= '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jpicker/jpicker-1.1.6.js"></script>';
|
||||
$out .= '<script type="text/javascript">
|
||||
$out .= '<script nonce="'.getNonce().'" type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jpicker/jpicker-1.1.6.js"></script>';
|
||||
$out .= '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
jQuery(document).ready(function(){
|
||||
var originalhex = null;
|
||||
$(\'#colorpicker'.$prefix.'\').jPicker( {
|
||||
@ -915,8 +915,8 @@ class FormOther
|
||||
} else { // In most cases, this is not used. We used instead function with no specific list of colors
|
||||
if (empty($conf->dol_use_jmobile) && !empty($conf->use_javascript_ajax)) {
|
||||
$out .= '<link rel="stylesheet" href="'.DOL_URL_ROOT.'/includes/jquery/plugins/colorpicker/jquery.colorpicker.css" type="text/css" media="screen" />';
|
||||
$out .= '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/colorpicker/jquery.colorpicker.js" type="text/javascript"></script>';
|
||||
$out .= '<script type="text/javascript">
|
||||
$out .= '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/colorpicker/jquery.colorpicker.js" type="text/javascript"></script>';
|
||||
$out .= '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
jQuery(document).ready(function(){
|
||||
jQuery(\'#colorpicker'.$prefix.'\').colorpicker({
|
||||
size: 14,
|
||||
@ -1237,7 +1237,7 @@ class FormOther
|
||||
|
||||
// Javascript code for dynamic actions
|
||||
if (!empty($conf->use_javascript_ajax)) {
|
||||
$selectboxlist .= '<script type="text/javascript">
|
||||
$selectboxlist .= '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
|
||||
// To update list of activated boxes
|
||||
function updateBoxOrder(closing) {
|
||||
|
||||
@ -127,7 +127,7 @@ class FormSms
|
||||
print "\n<!-- Begin form SMS -->\n";
|
||||
|
||||
print '
|
||||
<script type="text/javascript">
|
||||
<script nonce="'.getNonce().'" type="text/javascript">
|
||||
function limitChars(textarea, limit, infodiv)
|
||||
{
|
||||
var text = textarea.value;
|
||||
|
||||
@ -248,7 +248,7 @@ class FormTicket
|
||||
|
||||
// search contact form email
|
||||
$langs->load('errors');
|
||||
print '<script type="text/javascript">
|
||||
print '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
jQuery(document).ready(function() {
|
||||
var contact = jQuery.parseJSON("'.dol_escape_js(json_encode($with_contact), 2).'");
|
||||
jQuery("#contact_search_line").hide();
|
||||
@ -369,7 +369,7 @@ class FormTicket
|
||||
// KM Articles
|
||||
print '<tr id="KWwithajax"></tr>';
|
||||
print '<!-- Script to manage change of ticket group -->
|
||||
<script>
|
||||
<script nonce="'.getNonce().'">
|
||||
jQuery(document).ready(function() {
|
||||
function groupticketchange() {
|
||||
console.log("We called groupticketchange, so we try to load list KM linked to event");
|
||||
@ -487,7 +487,7 @@ class FormTicket
|
||||
$out .= '<td>';
|
||||
// TODO Trick to have param removedfile containing nb of image to delete. But this does not works without javascript
|
||||
$out .= '<input type="hidden" class="removedfilehidden" name="removedfile" value="">'."\n";
|
||||
$out .= '<script type="text/javascript">';
|
||||
$out .= '<script nonce="'.getNonce().'" type="text/javascript">';
|
||||
$out .= 'jQuery(document).ready(function () {';
|
||||
$out .= ' jQuery(".removedfile").click(function() {';
|
||||
$out .= ' jQuery(".removedfilehidden").val(jQuery(this).val());';
|
||||
@ -549,7 +549,7 @@ class FormTicket
|
||||
print '</td></tr>';
|
||||
if (!empty($conf->use_javascript_ajax) && !empty($conf->global->COMPANY_USE_SEARCH_TO_SELECT)) {
|
||||
$htmlname = 'socid';
|
||||
print '<script type="text/javascript">
|
||||
print '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
$(document).ready(function () {
|
||||
jQuery("#'.$htmlname.'").change(function () {
|
||||
var obj = '.json_encode($events).';
|
||||
@ -1046,7 +1046,7 @@ class FormTicket
|
||||
}
|
||||
$stringtoprint .='</select>';
|
||||
|
||||
$stringtoprint .='<script>';
|
||||
$stringtoprint .='<script nonce="'.getNonce().'">';
|
||||
$stringtoprint .='arraynotparents = '.json_encode($arraycodenotparent).';'; // when the last visible combo list is number x, this is the array of group
|
||||
$stringtoprint .='if (arraynotparents.includes($("#'.$htmlname.($levelid > 1 ?'_child_'.($levelid-1):'').'").val())){
|
||||
console.log("'.$htmlname.'_child_'.$levelid.'")
|
||||
@ -1107,7 +1107,7 @@ class FormTicket
|
||||
$stringtoprint .='})';
|
||||
$stringtoprint .='</script>';
|
||||
}
|
||||
$stringtoprint .='<script>';
|
||||
$stringtoprint .='<script nonce="'.getNonce().'">';
|
||||
$stringtoprint .='$("#'.$htmlname.'_child_'.$use_multilevel.'").change(function() {
|
||||
$("#ticketcategory_select").val($(this).val());
|
||||
$("#ticketcategory_select_child_id").val($(this).attr("child_id"));
|
||||
@ -1346,7 +1346,7 @@ class FormTicket
|
||||
$send_email = GETPOST('send_email', 'int') ? GETPOST('send_email', 'int') : 0;
|
||||
|
||||
// Example 1 : Adding jquery code
|
||||
print '<script type="text/javascript">
|
||||
print '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
jQuery(document).ready(function() {
|
||||
send_email=' . $send_email.';
|
||||
if (send_email) {
|
||||
@ -1532,7 +1532,7 @@ class FormTicket
|
||||
$out .= '<td>';
|
||||
// TODO Trick to have param removedfile containing nb of image to delete. But this does not works without javascript
|
||||
$out .= '<input type="hidden" class="removedfilehidden" name="removedfile" value="">'."\n";
|
||||
$out .= '<script type="text/javascript">';
|
||||
$out .= '<script nonce="'.getNonce().'" type="text/javascript">';
|
||||
$out .= 'jQuery(document).ready(function () {';
|
||||
$out .= ' jQuery(".removedfile").click(function() {';
|
||||
$out .= ' jQuery(".removedfilehidden").val(jQuery(this).val());';
|
||||
|
||||
@ -422,7 +422,7 @@ class SimpleOpenID
|
||||
// phpcs:enable
|
||||
$redirect_to = $this->GetRedirectURL();
|
||||
if (headers_sent()) { // Use JavaScript to redirect if content has been previously sent (not recommended, but safe)
|
||||
echo '<script type="text/javascript">window.location=\'';
|
||||
echo '<script nonce="'.getNonce().'" type="text/javascript">window.location=\'';
|
||||
echo $redirect_to;
|
||||
echo '\';</script>';
|
||||
} else { // Default Header Redirect
|
||||
|
||||
@ -443,7 +443,7 @@ if (empty($conf->use_javascript_ajax)) {
|
||||
print '<input type="submit" class="button buttongen button-save nomargintop" name="changeobjecttype" value="'.$langs->trans("Refresh").'">';
|
||||
} else {
|
||||
print '<!-- js code to reload page with good object type -->
|
||||
<script type="text/javascript">
|
||||
<script nonce="'.getNonce().'" type="text/javascript">
|
||||
jQuery(document).ready(function() {
|
||||
jQuery("#objecttype").change(function() {
|
||||
console.log("Reload for "+jQuery("#objecttype").val());
|
||||
|
||||
@ -73,7 +73,7 @@ print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://ww
|
||||
print '<html>'."\n";
|
||||
print '<head>'."\n";
|
||||
if (GETPOST('mode') && GETPOST('mode') == 'test') {
|
||||
print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/core/js/lib_head.js.php"></script>'."\n";
|
||||
print '<script nonce="'.getNonce().'" type="text/javascript" src="'.DOL_URL_ROOT.'/core/js/lib_head.js.php"></script>'."\n";
|
||||
} else {
|
||||
print '<title>'.$langs->trans("Calendar").'</title>';
|
||||
}
|
||||
@ -93,7 +93,7 @@ $tradTemp = array(
|
||||
$langs->trans("November"),
|
||||
$langs->trans("December")
|
||||
);
|
||||
print '<script type="text/javascript">';
|
||||
print '<script nonce="'.getNonce().'" type="text/javascript">';
|
||||
print 'var tradMonths = [';
|
||||
foreach ($tradTemp as $val) {
|
||||
print '"'.addslashes($val).'",';
|
||||
|
||||
@ -216,7 +216,7 @@ if ($langs->trans("DIRECTION") == 'rtl') {
|
||||
}
|
||||
</style>
|
||||
|
||||
<script type="text/javascript">
|
||||
<script nonce="'.getNonce().'" type="text/javascript">
|
||||
$(document).ready(function(){
|
||||
$("body ul").click(function(){
|
||||
console.log("We click on body ul");
|
||||
|
||||
@ -1792,7 +1792,7 @@ function dolButtonToOpenUrlInDialogPopup($name, $label, $buttonstring, $url, $di
|
||||
$out .= '<div id="varforreturndialogid'.$name.'" class="hidden">div for returned id</div>';
|
||||
$out .= '<div id="varforreturndialoglabel'.$name.'" class="hidden">div for returned label</div>';
|
||||
$out .= '<!-- Add js code to open dialog popup on dialog -->';
|
||||
$out .= '<script type="text/javascript">
|
||||
$out .= '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
jQuery(document).ready(function () {
|
||||
jQuery(".button_'.$name.'").click(function () {
|
||||
console.log(\'Open popup with jQuery(...).dialog() on URL '.dol_escape_js(DOL_URL_ROOT.$url).'\');
|
||||
@ -2011,7 +2011,7 @@ function dol_get_fiche_head($links = array(), $active = '', $title = '', $notab
|
||||
$out .= '<div></div>';
|
||||
$out .= "</div>\n";
|
||||
|
||||
$out .= "<script>";
|
||||
$out .= '<script nonce="'.getNonce().'">';
|
||||
$out .= "$('#moretabs".$tabsname."').mouseenter( function() {
|
||||
var x = this.offsetLeft, y = this.offsetTop;
|
||||
console.log('mouseenter ".$left." x='+x+' y='+y+' window.innerWidth='+window.innerWidth);
|
||||
@ -4959,7 +4959,7 @@ function info_admin($text, $infoonimgalt = 0, $nodiv = 0, $admin = '1', $morecss
|
||||
|
||||
if ($textfordropdown) {
|
||||
$tmpresult = '<span class="'.$class.'text opacitymedium cursorpointer">'.$langs->trans($textfordropdown).' '.img_picto($langs->trans($textfordropdown), '1downarrow').'</span>';
|
||||
$tmpresult .= '<script type="text/javascript">
|
||||
$tmpresult .= '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
jQuery(document).ready(function() {
|
||||
jQuery(".'.$class.'text").click(function() {
|
||||
console.log("toggle text");
|
||||
@ -8605,7 +8605,7 @@ function get_htmloutput_mesg($mesgstring = '', $mesgarray = '', $style = 'ok', $
|
||||
|
||||
if ($out) {
|
||||
if (!empty($conf->use_javascript_ajax) && empty($conf->global->MAIN_DISABLE_JQUERY_JNOTIFY) && empty($keepembedded)) {
|
||||
$return = '<script>
|
||||
$return = '<script nonce="'.getNonce().'">
|
||||
$(document).ready(function() {
|
||||
var block = '.(!empty($conf->global->MAIN_USE_JQUERY_BLOCKUI) ? "true" : "false").'
|
||||
if (block) {
|
||||
@ -9696,16 +9696,16 @@ function printCommonFooter($zone = 'private')
|
||||
foreach ($tmptagarray as $tmptag) {
|
||||
print "\n";
|
||||
print "<!-- JS CODE TO ENABLE for google analtics tag -->\n";
|
||||
print "
|
||||
print '
|
||||
<!-- Global site tag (gtag.js) - Google Analytics -->
|
||||
<script async src=\"https://www.googletagmanager.com/gtag/js?id=".trim($tmptag)."\"></script>
|
||||
<script nonce="'.getNonce().'" async src="https://www.googletagmanager.com/gtag/js?id='.trim($tmptag).'"></script>
|
||||
<script>
|
||||
window.dataLayer = window.dataLayer || [];
|
||||
function gtag(){dataLayer.push(arguments);}
|
||||
gtag('js', new Date());
|
||||
gtag(\'js\', new Date());
|
||||
|
||||
gtag('config', '".trim($tmptag)."');
|
||||
</script>";
|
||||
gtag(\'config\', \''.trim($tmptag).'\');
|
||||
</script>';
|
||||
print "\n";
|
||||
}
|
||||
}
|
||||
@ -9772,7 +9772,7 @@ function dolExplodeIntoArray($string, $delimiter = ';', $kv = '=')
|
||||
function dol_set_focus($selector)
|
||||
{
|
||||
print "\n".'<!-- Set focus onto a specific field -->'."\n";
|
||||
print '<script>jQuery(document).ready(function() { jQuery("'.dol_escape_js($selector).'").focus(); });</script>'."\n";
|
||||
print '<script nonce="'.getNonce().'">jQuery(document).ready(function() { jQuery("'.dol_escape_js($selector).'").focus(); });</script>'."\n";
|
||||
}
|
||||
|
||||
|
||||
@ -10074,7 +10074,7 @@ function getAdvancedPreviewUrl($modulepart, $relativepath, $alldata = 0, $param
|
||||
function ajax_autoselect($htmlname, $addlink = '', $textonlink = 'Link')
|
||||
{
|
||||
global $langs;
|
||||
$out = '<script>
|
||||
$out = '<script nonce="'.getNonce().'">
|
||||
jQuery(document).ready(function () {
|
||||
jQuery("'.((strpos($htmlname, '.') === 0 ? '' : '#').$htmlname).'").click(function() { jQuery(this).select(); } );
|
||||
});
|
||||
@ -11294,6 +11294,23 @@ function currentToken()
|
||||
return isset($_SESSION['token']) ? $_SESSION['token'] : '';
|
||||
}
|
||||
|
||||
/**
|
||||
* Return a random string to be used as a nonce value for js
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function getNonce()
|
||||
{
|
||||
global $conf;
|
||||
|
||||
if (empty($conf->cache['nonce'])) {
|
||||
$conf->cache['nonce'] = dolGetRandomBytes(8);
|
||||
}
|
||||
|
||||
return $conf->cache['nonce'];
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Start a table with headers and a optinal clickable number (don't forget to use "finishSimpleTable()" after the last table row)
|
||||
*
|
||||
|
||||
@ -1265,15 +1265,6 @@ function projectLinesPerAction(&$inc, $parent, $fuser, $lines, &$level, &$projec
|
||||
|
||||
print convertSecondToTime($lines[$i]->timespent_duration, 'allhourmin');
|
||||
|
||||
// Comment for avoid unnecessary multiple calculation
|
||||
/*$modeinput = 'hours';
|
||||
|
||||
print '<script type="text/javascript">';
|
||||
print "jQuery(document).ready(function () {\n";
|
||||
print " jQuery('.inputhour, .inputminute').bind('keyup', function(e) { updateTotal(0, '".$modeinput."') });";
|
||||
print "})\n";
|
||||
print '</script>';*/
|
||||
|
||||
print '</td>';
|
||||
|
||||
// Note
|
||||
@ -1656,15 +1647,6 @@ function projectLinesPerDay(&$inc, $parent, $fuser, $lines, &$level, &$projectsr
|
||||
//$tableCell.=' <input type="submit" class="button"'.($disabledtask?' disabled':'').' value="'.$langs->trans("Add").'">';
|
||||
print $tableCell;
|
||||
|
||||
// Comment for avoid unnecessary multiple calculation
|
||||
/*$modeinput = 'hours';
|
||||
|
||||
print '<script type="text/javascript">';
|
||||
print "jQuery(document).ready(function () {\n";
|
||||
print " jQuery('.inputhour, .inputminute').bind('keyup', function(e) { updateTotal(0, '".$modeinput."') });";
|
||||
print "})\n";
|
||||
print '</script>';*/
|
||||
|
||||
print '</td>';
|
||||
|
||||
// Note
|
||||
|
||||
@ -570,7 +570,8 @@ function dolJSToSetRandomPassword($htmlname, $htmlnameofbutton = 'generate_token
|
||||
global $conf;
|
||||
|
||||
if (!empty($conf->use_javascript_ajax)) {
|
||||
print "\n".'<!-- Js code to suggest a security key --><script type="text/javascript">';
|
||||
print "\n".'<!-- Js code to suggest a security key -->';
|
||||
print '<script nonce="'.getNonce().'" type="text/javascript">';
|
||||
print '$(document).ready(function () {
|
||||
$("#'.dol_escape_js($htmlnameofbutton).'").click(function() {
|
||||
console.log("We click on the button '.dol_escape_js($htmlnameofbutton).' to suggest a key. We will fill '.dol_escape_js($htmlname).'");
|
||||
|
||||
@ -121,7 +121,7 @@ function tree_recur($tab, $pere, $rang, $iddivjstree = 'iddivjstree', $donoreset
|
||||
|
||||
if ($rang == 0) {
|
||||
// Test also done with jstree and dynatree (not able to have <a> inside label)
|
||||
print '<script type="text/javascript">
|
||||
print '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
$(document).ready(function(){
|
||||
$("#'.$iddivjstree.'").treeview({
|
||||
collapsed: true,
|
||||
|
||||
@ -632,7 +632,7 @@ function getStructuredData($type, $data = array())
|
||||
|
||||
if ($type == 'software') {
|
||||
$ret = '<!-- Add structured data for entry in a software annuary -->'."\n";
|
||||
$ret .= '<script type="application/ld+json">'."\n";
|
||||
$ret .= '<script nonce="'.getNonce().'" type="application/ld+json">'."\n";
|
||||
$ret .= '{
|
||||
"@context": "https://schema.org",
|
||||
"@type": "SoftwareApplication",
|
||||
@ -660,7 +660,7 @@ function getStructuredData($type, $data = array())
|
||||
$url = $mysoc->url;
|
||||
|
||||
$ret = '<!-- Add structured data for organization -->'."\n";
|
||||
$ret .= '<script type="application/ld+json">'."\n";
|
||||
$ret .= '<script nonce="'.getNonce().'" type="application/ld+json">'."\n";
|
||||
$ret .= '{
|
||||
"@context": "https://schema.org",
|
||||
"@type": "Organization",
|
||||
@ -712,7 +712,7 @@ function getStructuredData($type, $data = array())
|
||||
$description = str_replace('__WEBSITE_KEY__', $website->ref, $description);
|
||||
|
||||
$ret = '<!-- Add structured data for blog post -->'."\n";
|
||||
$ret .= '<script type="application/ld+json">'."\n";
|
||||
$ret .= '<script nonce="'.getNonce().'" type="application/ld+json">'."\n";
|
||||
$ret .= '{
|
||||
"@context": "https://schema.org",
|
||||
"@type": "NewsArticle",
|
||||
@ -760,7 +760,7 @@ function getStructuredData($type, $data = array())
|
||||
}
|
||||
} elseif ($type == 'product') {
|
||||
$ret = '<!-- Add structured data for product -->'."\n";
|
||||
$ret .= '<script type="application/ld+json">'."\n";
|
||||
$ret .= '<script nonce="'.getNonce().'" type="application/ld+json">'."\n";
|
||||
$ret .= '{
|
||||
"@context": "https://schema.org/",
|
||||
"@type": "Product",
|
||||
@ -795,7 +795,7 @@ function getStructuredData($type, $data = array())
|
||||
$ret .= '</script>'."\n";
|
||||
} elseif ($type == 'qa') {
|
||||
$ret = '<!-- Add structured data for QA -->'."\n";
|
||||
$ret .= '<script type="application/ld+json">'."\n";
|
||||
$ret .= '<script nonce="'.getNonce().'" type="application/ld+json">'."\n";
|
||||
$ret .= '{
|
||||
"@context": "https://schema.org/",
|
||||
"@type": "QAPage",
|
||||
@ -918,7 +918,7 @@ function getSocialNetworkSharingLinks()
|
||||
// Twitter
|
||||
$out .= '<div class="dol-social-share-tw">'."\n";
|
||||
$out .= '<a href="https://twitter.com/share" class="twitter-share-button" data-url="'.$fullurl.'" data-text="'.dol_escape_htmltag($websitepage->description).'" data-lang="'.$websitepage->lang.'" data-size="small" data-related="" data-hashtags="'.preg_replace('/^#/', '', $hashtags).'" data-count="horizontal">Tweet</a>';
|
||||
$out .= '<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?\'http\':\'https\';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+\'://platform.twitter.com/widgets.js\';fjs.parentNode.insertBefore(js,fjs);}}(document, \'script\', \'twitter-wjs\');</script>';
|
||||
$out .= '<script nonce="'.getNonce().'">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?\'http\':\'https\';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+\'://platform.twitter.com/widgets.js\';fjs.parentNode.insertBefore(js,fjs);}}(document, \'script\', \'twitter-wjs\');</script>';
|
||||
$out .= '</div>'."\n";
|
||||
|
||||
// Reddit
|
||||
@ -931,7 +931,7 @@ function getSocialNetworkSharingLinks()
|
||||
// Facebook
|
||||
$out .= '<div class="dol-social-share-fbl">'."\n";
|
||||
$out .= '<div id="fb-root"></div>'."\n";
|
||||
$out .= '<script>(function(d, s, id) {
|
||||
$out .= '<script nonce="'.getNonce().'">(function(d, s, id) {
|
||||
var js, fjs = d.getElementsByTagName(s)[0];
|
||||
if (d.getElementById(id)) return;
|
||||
js = d.createElement(s); js.id = id;
|
||||
|
||||
@ -248,7 +248,7 @@ function dolSavePageContent($filetpl, Website $object, WebsitePage $objectpage,
|
||||
// Add js
|
||||
$tplcontent .= '<link rel="stylesheet" href="/styles.css.php?website=<?php echo $websitekey; ?>" type="text/css" />'."\n";
|
||||
$tplcontent .= '<!-- Include link to JS file -->'."\n";
|
||||
$tplcontent .= '<script async src="/javascript.js.php"></script>'."\n";
|
||||
$tplcontent .= '<script nonce="'.getNonce().'" async src="/javascript.js.php"></script>'."\n";
|
||||
// Add headers
|
||||
$tplcontent .= '<!-- Include HTML header from common file -->'."\n";
|
||||
$tplcontent .= '<?php if (file_exists(DOL_DATA_ROOT."/website/".$websitekey."/htmlheader.html")) include DOL_DATA_ROOT."/website/".$websitekey."/htmlheader.html"; ?>'."\n";
|
||||
|
||||
@ -600,7 +600,7 @@ if (!empty($conf->use_javascript_ajax)) {
|
||||
}
|
||||
|
||||
/* Check that mandatory fields are filled */
|
||||
print '<script type="text/javascript">
|
||||
print '<script nonce="'.getNonce().'" type="text/javascript">
|
||||
jQuery(document).ready(function() {
|
||||
$("#submitcrop").click(function(e) {
|
||||
console.log("We click on submitcrop");
|
||||
|
||||
@ -444,7 +444,7 @@ if (!empty($morelogincontent) && is_array($morelogincontent)) {
|
||||
}
|
||||
|
||||
// Google Analytics
|
||||
// TODO Add a hook here
|
||||
// TODO Remove this, and add content into hook getLoginPageExtraOptions() instead
|
||||
if (!empty($conf->google->enabled) && !empty($conf->global->MAIN_GOOGLE_AN_ID)) {
|
||||
$tmptagarray = explode(',', $conf->global->MAIN_GOOGLE_AN_ID);
|
||||
foreach ($tmptagarray as $tmptag) {
|
||||
|
||||
@ -278,7 +278,7 @@ if (!empty($morelogincontent) && is_array($morelogincontent)) {
|
||||
}
|
||||
|
||||
// Google Analytics
|
||||
// TODO Add a hook here
|
||||
// TODO Remove this, and add content into hook getPasswordForgottenPageExtraOptions() instead
|
||||
if (!empty($conf->google->enabled) && !empty($conf->global->MAIN_GOOGLE_AN_ID)) {
|
||||
$tmptagarray = explode(',', $conf->global->MAIN_GOOGLE_AN_ID);
|
||||
foreach ($tmptagarray as $tmptag) {
|
||||
|
||||
@ -15,6 +15,7 @@
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
// Page called to validate a password change
|
||||
// To show this page, we need parameters: setnewpassword=1&username=...&passworduidhash=...
|
||||
|
||||
if (!defined('NOBROWSERNOTIF')) {
|
||||
@ -317,7 +318,7 @@ if (!empty($morelogincontent) && is_array($morelogincontent)) {
|
||||
}
|
||||
|
||||
// Google Analytics
|
||||
// TODO Add a hook here
|
||||
// TODO Remove this, and add content into hook getPasswordForgottenPageExtraOptions() instead
|
||||
if (!empty($conf->google->enabled) && !empty($conf->global->MAIN_GOOGLE_AN_ID)) {
|
||||
$tmptagarray = explode(',', $conf->global->MAIN_GOOGLE_AN_ID);
|
||||
foreach ($tmptagarray as $tmptag) {
|
||||
|
||||
@ -1797,34 +1797,34 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr
|
||||
// JQuery. Must be before other includes
|
||||
print '<!-- Includes JS for JQuery -->'."\n";
|
||||
if (defined('JS_JQUERY') && constant('JS_JQUERY')) {
|
||||
print '<script src="'.JS_JQUERY.'jquery.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
print '<script nonce="'.getNonce().'" src="'.JS_JQUERY.'jquery.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
} else {
|
||||
print '<script src="'.DOL_URL_ROOT.'/includes/jquery/js/jquery.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/js/jquery.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
}
|
||||
if (defined('JS_JQUERY_UI') && constant('JS_JQUERY_UI')) {
|
||||
print '<script src="'.JS_JQUERY_UI.'jquery-ui.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
print '<script nonce="'.getNonce().'" src="'.JS_JQUERY_UI.'jquery-ui.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
} else {
|
||||
print '<script src="'.DOL_URL_ROOT.'/includes/jquery/js/jquery-ui.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/js/jquery-ui.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
}
|
||||
// jQuery jnotify
|
||||
if (empty($conf->global->MAIN_DISABLE_JQUERY_JNOTIFY) && !defined('DISABLE_JQUERY_JNOTIFY')) {
|
||||
print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jnotify/jquery.jnotify.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jnotify/jquery.jnotify.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
}
|
||||
// Table drag and drop lines
|
||||
if (empty($disableforlogin) && !defined('DISABLE_JQUERY_TABLEDND')) {
|
||||
print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/tablednd/jquery.tablednd.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/tablednd/jquery.tablednd.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
}
|
||||
// Chart
|
||||
if (empty($disableforlogin) && (empty($conf->global->MAIN_JS_GRAPH) || $conf->global->MAIN_JS_GRAPH == 'chart') && !defined('DISABLE_JS_GRAPH')) {
|
||||
print '<script src="'.DOL_URL_ROOT.'/includes/nnnick/chartjs/dist/chart.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/nnnick/chartjs/dist/chart.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
}
|
||||
|
||||
// jQuery jeditable for Edit In Place features
|
||||
if (!empty($conf->global->MAIN_USE_JQUERY_JEDITABLE) && !defined('DISABLE_JQUERY_JEDITABLE')) {
|
||||
print '<!-- JS to manage editInPlace feature -->'."\n";
|
||||
print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ui-datepicker.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ui-autocomplete.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ui-datepicker.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ui-autocomplete.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
print '<script>'."\n";
|
||||
print 'var urlSaveInPlace = \''.DOL_URL_ROOT.'/core/ajax/saveinplace.php\';'."\n";
|
||||
print 'var urlLoadInPlace = \''.DOL_URL_ROOT.'/core/ajax/loadinplace.php\';'."\n";
|
||||
@ -1835,21 +1835,21 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr
|
||||
print 'var indicatorInPlace = \'<img src="'.DOL_URL_ROOT."/theme/".$conf->theme."/img/working.gif".'">\';'."\n";
|
||||
print 'var withInPlace = 300;'; // width in pixel for default string edit
|
||||
print '</script>'."\n";
|
||||
print '<script src="'.DOL_URL_ROOT.'/core/js/editinplace.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ckeditor.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/core/js/editinplace.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/jeditable/jquery.jeditable.ckeditor.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
}
|
||||
// jQuery Timepicker
|
||||
if (!empty($conf->global->MAIN_USE_JQUERY_TIMEPICKER) || defined('REQUIRE_JQUERY_TIMEPICKER')) {
|
||||
print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/timepicker/jquery-ui-timepicker-addon.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
print '<script src="'.DOL_URL_ROOT.'/core/js/timepicker.js.php?lang='.$langs->defaultlang.($ext ? '&'.$ext : '').'"></script>'."\n";
|
||||
print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/timepicker/jquery-ui-timepicker-addon.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/core/js/timepicker.js.php?lang='.$langs->defaultlang.($ext ? '&'.$ext : '').'"></script>'."\n";
|
||||
}
|
||||
if (!defined('DISABLE_SELECT2') && (!empty($conf->global->MAIN_USE_JQUERY_MULTISELECT) || defined('REQUIRE_JQUERY_MULTISELECT'))) {
|
||||
// jQuery plugin "mutiselect", "multiple-select", "select2", ...
|
||||
$tmpplugin = empty($conf->global->MAIN_USE_JQUERY_MULTISELECT) ?constant('REQUIRE_JQUERY_MULTISELECT') : $conf->global->MAIN_USE_JQUERY_MULTISELECT;
|
||||
print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/'.$tmpplugin.'/dist/js/'.$tmpplugin.'.full.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n"; // We include full because we need the support of containerCssClass
|
||||
print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/'.$tmpplugin.'/dist/js/'.$tmpplugin.'.full.min.js'.($ext ? '?'.$ext : '').'"></script>'."\n"; // We include full because we need the support of containerCssClass
|
||||
}
|
||||
if (!defined('DISABLE_MULTISELECT')) { // jQuery plugin "mutiselect" to select with checkboxes. Can be removed once we have an enhanced search tool
|
||||
print '<script src="'.DOL_URL_ROOT.'/includes/jquery/plugins/multiselect/jquery.multi-select.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/multiselect/jquery.multi-select.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
}
|
||||
}
|
||||
|
||||
@ -1863,7 +1863,7 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr
|
||||
// To use external ckeditor 4 js lib
|
||||
$pathckeditor = constant('JS_CKEDITOR');
|
||||
}
|
||||
print '<script>';
|
||||
print '<script nonce="'.getNonce().'">';
|
||||
print '/* enable ckeditor by main.inc.php */';
|
||||
print 'var CKEDITOR_BASEPATH = \''.dol_escape_js($pathckeditor).'\';'."\n";
|
||||
print 'var ckeditorConfig = \''.dol_escape_js(dol_buildpath($themesubdir.'/theme/'.$conf->theme.'/ckeditor/config.js'.($ext ? '?'.$ext : ''), 1)).'\';'."\n"; // $themesubdir='' in standard usage
|
||||
@ -1891,13 +1891,13 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr
|
||||
}
|
||||
if ($enablebrowsernotif) {
|
||||
print '<!-- Includes JS of Dolibarr (browser layout = '.$conf->browser->layout.')-->'."\n";
|
||||
print '<script src="'.DOL_URL_ROOT.'/core/js/lib_notification.js.php'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/core/js/lib_notification.js.php'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
}
|
||||
}
|
||||
|
||||
// Global js function
|
||||
print '<!-- Includes JS of Dolibarr -->'."\n";
|
||||
print '<script src="'.DOL_URL_ROOT.'/core/js/lib_head.js.php?lang='.$langs->defaultlang.($ext ? '&'.$ext : '').'"></script>'."\n";
|
||||
print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/core/js/lib_head.js.php?lang='.$langs->defaultlang.($ext ? '&'.$ext : '').'"></script>'."\n";
|
||||
|
||||
// JS forced by modules (relative url starting with /)
|
||||
if (!empty($conf->modules_parts['js'])) { // $conf->modules_parts['js'] is array('module'=>array('file1','file2'))
|
||||
@ -1908,7 +1908,8 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr
|
||||
// jsfile is a relative path
|
||||
$urlforjs = dol_buildpath($jsfile, 1);
|
||||
if ($urlforjs && $urlforjs != '/') {
|
||||
print '<!-- Include JS added by module '.$modjs.'-->'."\n".'<script src="'.$urlforjs.((strpos($jsfile, '?') === false) ? '?' : '&').'lang='.$langs->defaultlang.'"></script>'."\n";
|
||||
print '<!-- Include JS added by module '.$modjs.'-->'."\n";
|
||||
print '<script nonce="'.getNonce().'" src="'.$urlforjs.((strpos($jsfile, '?') === false) ? '?' : '&').'lang='.$langs->defaultlang.'"></script>'."\n";
|
||||
} else {
|
||||
dol_syslog("Warning: module ".$modjs." declared a js path file for a file we can't find.", LOG_WARNING);
|
||||
}
|
||||
@ -1920,9 +1921,9 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr
|
||||
print '<!-- Includes JS added by page -->'."\n";
|
||||
foreach ($arrayofjs as $jsfile) {
|
||||
if (preg_match('/^(http|\/\/)/i', $jsfile)) {
|
||||
print '<script src="'.$jsfile.((strpos($jsfile, '?') === false) ? '?' : '&').'lang='.$langs->defaultlang.'"></script>'."\n";
|
||||
print '<script nonce="'.getNonce().'" src="'.$jsfile.((strpos($jsfile, '?') === false) ? '?' : '&').'lang='.$langs->defaultlang.'"></script>'."\n";
|
||||
} else {
|
||||
print '<script src="'.dol_buildpath($jsfile, 1).((strpos($jsfile, '?') === false) ? '?' : '&').'lang='.$langs->defaultlang.'"></script>'."\n";
|
||||
print '<script nonce="'.getNonce().'" src="'.dol_buildpath($jsfile, 1).((strpos($jsfile, '?') === false) ? '?' : '&').'lang='.$langs->defaultlang.'"></script>'."\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1932,7 +1933,7 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr
|
||||
if (!empty($conf->global->ALLOW_THEME_JS)) {
|
||||
$theme_js = dol_buildpath('/theme/'.$conf->theme.'/'.$conf->theme.'.js', 0);
|
||||
if (file_exists($theme_js)) {
|
||||
print '<script src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/'.$conf->theme.'.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
print '<script nonce="'.getNonce().'" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/'.$conf->theme.'.js'.($ext ? '?'.$ext : '').'"></script>'."\n";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user