Skip to content
Snippets Groups Projects
Commit 3e158306 authored by Laurent Destailleur's avatar Laurent Destailleur
Browse files

Fix: Data into an input text must be encode by htmlspecialchars

parent 4540360a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 2 additions and 3 deletions
htdocs/admin/const.php
+ 2
3
View file @ 3e158306
......@@ -39,7 +39,6 @@ $typeconst=array('yesno','texte','chaine');
/*
* Actions
*/
if ($_POST["action"] == 'update' || $_POST["action"] == 'add')
{
if (! dolibarr_set_const($db, $_POST["constname"],$_POST["constvalue"],$typeconst[$_POST["consttype"]],1,isset($_POST["constnote"])?$_POST["constnote"]:'',$_POST["entity"]));
......@@ -148,11 +147,11 @@ if ($result)
// Value
print '<td>';
print '<input type="text" class="flat" size="30" name="constvalue" value="'.$obj->value.'">';
print '<input type="text" class="flat" size="30" name="constvalue" value="'.htmlspecialchars($obj->value).'">';
print '</td><td>';
// Note
print '<input type="text" class="flat" size="40" name="constnote" value="'.nl2br($obj->note).'">';
print '<input type="text" class="flat" size="40" name="constnote" value="'.htmlspecialchars($obj->note,1).'">';
print '</td>';
// Entity
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment