Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix search on string that include partial html content

Browse Source
This commit is contained in:
Laurent Destailleur 2024-09-17 14:00:21 +02:00
parent 30c212c732
commit 37d9e6e9e9
3 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
htdocs/admin/system/security.php
View File

@ -376,11 +376,12 @@ if (empty($dolibarr_main_stream_to_disable)) {
} else {
print implode(', ', $dolibarr_main_stream_to_disable);
}
print '<span class="bold"> -> Current PHP streams allowed = </span>';
print '<span class="bold"> &nbsp; -> Current PHP streams allowed = </span>';
$arrayofstreams = stream_get_wrappers();
if (!empty($arrayofstreams)) {
sort($arrayofstreams);
print(implode(',', $arrayofstreams)).' &nbsp; &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': '.$langs->trans("TryToKeepOnly", 'file,http,https,php').')</span>'."\n";
print '<span class="wordbreakall">'.implode(',', $arrayofstreams).'</span>';
print ' &nbsp; &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': '.$langs->trans("TryToKeepOnly", 'file,http,https,php').')</span>'."\n";
}
print '</div>';

6
htdocs/core/lib/functions.lib.php
View File

@ -8267,7 +8267,11 @@ function dol_htmlwithnojs($stringtoencode, $nouseofiframesandbox = 0, $check = '
$out = preg_replace('/&#x?[0-9]+/i', '', $out); // For example if we have j&#x61vascript with an entities without the ; to hide the 'a' of 'javascript'.
// Keep only some html tags and remove also some 'javascript:' strings
$out = dol_string_onlythesehtmltags($out, 0, ($check == 'restricthtmlallowclass' ? 0 : 1), 1);
if ($check == 'restricthtmlallowclass' || $check == 'restricthtmlallowunvalid') {
$out = dol_string_onlythesehtmltags($out, 0, 0, 1);
} else {
$out = dol_string_onlythesehtmltags($out, 0, 1, 1);
}
// Keep only some html attributes and exclude non expected HTML attributes and clean content of some attributes (keep only alt=, title=...).
if (getDolGlobalString('MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES')) {

2
htdocs/website/index.php
View File

@ -342,7 +342,7 @@ if (empty($sortfield)) {
}
}
$searchkey = GETPOST('searchstring', 'restricthtmlallowclass');
$searchkey = GETPOST('searchstring', 'restricthtmlallowunvalid');
if ($action == 'replacesite' || $mode == 'replacesite') { // Test on permission not required
$containertype = GETPOST('optioncontainertype', 'aZ09') != '-1' ? GETPOST('optioncontainertype', 'aZ09') : '';