From bf254baa0299e0493a37b231cbebf88e86cce67d Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 15 Apr 2015 18:50:41 +0200
Subject: [PATCH] Fix doliforge bug 1707

---
 htdocs/core/lib/functions.lib.php | 5 +++--
 test/phpunit/FunctionsLibTest.php | 9 ++++++++-
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index b9afa7f098e..2cdda2c52d3 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -3880,7 +3880,7 @@ function dol_htmlentitiesbr($stringtoencode,$nl2brmode=0,$pagecodefrom='UTF-8',$
 		$newstring=strtr($newstring,array('__and__'=>'&','__lt__'=>'<','__gt__'=>'>','__dquot__'=>'"'));
 	}
 	else
-	{
+	{print 'eee';
 		if ($removelasteolbr) $newstring=preg_replace('/(\r\n|\r|\n)$/i','',$newstring);	// Remove last \n (may remove several)
 		$newstring=dol_nl2br(dol_htmlentities($newstring,ENT_COMPAT,$pagecodefrom),$nl2brmode);
 	}
@@ -4064,7 +4064,8 @@ function dol_textishtml($msg,$option=0)
 		elseif (preg_match('/<(br|div|font|li|span|strong|table)>/i',$msg)) 	  return true;
 		elseif (preg_match('/<(br|div|font|li|span|strong|table)\s+[^<>\/]*>/i',$msg)) return true;
 		elseif (preg_match('/<(br|div|font|li|span|strong|table)\s+[^<>\/]*\/>/i',$msg)) return true;
-		elseif (preg_match('/<(img)\s+[^<>]*>/i',$msg)) return true;			// must accept <img src="http://mydomain.com/aaa.png" />
+		elseif (preg_match('/<img\s+[^<>]*src[^<>]*>/i',$msg)) return true;	// must accept <img src="http://mydomain.com/aaa.png" />
+		elseif (preg_match('/<a\s+[^<>]*href[^<>]*>/i',$msg)) return true;	// must accept <a href="http://mydomain.com/aaa.png" />
 		elseif (preg_match('/<h[0-9]>/i',$msg))			return true;
 		elseif (preg_match('/&[A-Z0-9]{1,6};/i',$msg))	return true;    // Html entities names (http://www.w3schools.com/tags/ref_entities.asp)
 		elseif (preg_match('/&#[0-9]{2,3};/i',$msg))	return true;    // Html entities numbers (http://www.w3schools.com/tags/ref_entities.asp)
diff --git a/test/phpunit/FunctionsLibTest.php b/test/phpunit/FunctionsLibTest.php
index 8282be3eaea..0f1969c9e6a 100755
--- a/test/phpunit/FunctionsLibTest.php
+++ b/test/phpunit/FunctionsLibTest.php
@@ -233,9 +233,12 @@ class FunctionsLibTest extends PHPUnit_Framework_TestCase
         $input='<h2>abc</h2>';
         $after=dol_textishtml($input);
         $this->assertTrue($after);
-        $input='<img src="https://xxx.com/aaa/image.png" />';
+        $input='<img id="abc" src="https://xxx.com/aaa/image.png" />';
         $after=dol_textishtml($input);
         $this->assertTrue($after,'Failure on test of img tag');
+        $input='<a class="azerty" href="https://xxx.com/aaa/image.png" />';
+        $after=dol_textishtml($input);
+        $this->assertTrue($after,'Failure on test of a tag');
 
         // False
         $input='xxx < br>';
@@ -247,6 +250,10 @@ class FunctionsLibTest extends PHPUnit_Framework_TestCase
         $input='xxx <brstyle="ee">';
         $after=dol_textishtml($input);
         $this->assertFalse($after);
+        $input='This is a text with html comments <!-- comment -->';	// we suppose this is not enough to be html content
+        $after=dol_textishtml($input);
+        $this->assertFalse($after);
+
     }
 
 
-- 
GitLab