diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php
index 069f89de048..5a60b07c223 100644
--- a/htdocs/adherents/subscription.php
+++ b/htdocs/adherents/subscription.php
@@ -1057,7 +1057,7 @@ if (($action == 'addsubscription' || $action == 'create_thirdparty') && $user->h
print img_warning($langs->trans("NoThirdPartyAssociatedToMember"));
}
print $langs->trans("NoThirdPartyAssociatedToMember");
- print ' - ';
+ print ' - ';
print $langs->trans("CreateDolibarrThirdParty");
print ')';
}
@@ -1087,7 +1087,7 @@ if (($action == 'addsubscription' || $action == 'create_thirdparty') && $user->h
print img_warning($langs->trans("NoThirdPartyAssociatedToMember"));
}
print $langs->trans("NoThirdPartyAssociatedToMember");
- print ' - ';
+ print ' - ';
print $langs->trans("CreateDolibarrThirdParty");
print ')';
}
diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php
index cce00f8b832..d9c5a933554 100644
--- a/htdocs/comm/card.php
+++ b/htdocs/comm/card.php
@@ -1693,28 +1693,28 @@ if ($object->id > 0) {
if (isModEnabled("propal") && $user->hasRight('propal', 'creer') && $object->status == 1) {
$langs->load("propal");
- print '';
+ print '';
}
if (isModEnabled('order') && $user->hasRight('commande', 'creer') && $object->status == 1) {
$langs->load("orders");
- print '';
+ print '';
}
if ($user->hasRight('contrat', 'creer') && $object->status == 1) {
$langs->load("contracts");
- print '';
+ print '';
}
if (isModEnabled('intervention') && $user->hasRight('ficheinter', 'creer') && $object->status == 1) {
$langs->load("interventions");
- print '';
+ print '';
}
// Add invoice
if (isModEnabled('deplacement') && $object->status == 1) {
$langs->load("trips");
- print '';
+ print '';
}
if (isModEnabled('invoice') && $object->status == 1) {
diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php
index b38b68611fe..26dd8a8c63b 100644
--- a/htdocs/compta/facture/card.php
+++ b/htdocs/compta/facture/card.php
@@ -5908,9 +5908,9 @@ if ($action == 'create') {
print dolGetButtonAction($langs->trans('DoPayment'), '', 'default', '#', '', false, $params);
} else {
// Sometimes we can receive more, so we accept to enter more and will offer a button to convert into discount (but it is not a credit note, just a prepayment done)
- //print ''.$langs->trans('DoPayment').'';
+ //print ''.$langs->trans('DoPayment').'';
unset($params['attr']['title']);
- print dolGetButtonAction($langs->trans('DoPayment'), '', 'default', DOL_URL_ROOT.'/compta/paiement.php?facid='.$object->id.'&action=create'.($object->fk_account > 0 ? '&accountid='.$object->fk_account : ''), '', true, $params);
+ print dolGetButtonAction($langs->trans('DoPayment'), '', 'default', DOL_URL_ROOT.'/compta/paiement.php?facid='.$object->id.'&action=create'.($object->fk_account > 0 ? '&accountid='.$object->fk_account : ''), '', true, $params);
}
}
}
@@ -5925,7 +5925,7 @@ if ($action == 'create') {
if ($resteapayer == 0) {
print ''.$langs->trans('DoPaymentBack').'';
} else {
- print ''.$langs->trans('DoPaymentBack').'';
+ print ''.$langs->trans('DoPaymentBack').'';
}
}
@@ -5978,7 +5978,7 @@ if ($action == 'create') {
if ($objectidnext) {
print ''.$langs->trans('ClassifyCanceled').'';
} else {
- print ''.$langs->trans('ClassifyCanceled').'';
+ print ''.$langs->trans('ClassifyCanceled').'';
}
}
}
@@ -5987,7 +5987,7 @@ if ($action == 'create') {
// Create a credit note
if (($object->type == Facture::TYPE_STANDARD || ($object->type == Facture::TYPE_DEPOSIT && !getDolGlobalString('FACTURE_DEPOSITS_ARE_JUST_PAYMENTS')) || $object->type == Facture::TYPE_PROFORMA) && $object->status > 0 && $usercancreate) {
if (!$objectidnext) {
- print ''.$langs->trans("CreateCreditNote").'';
+ print ''.$langs->trans("CreateCreditNote").'';
}
}
@@ -6001,7 +6001,7 @@ if ($action == 'create') {
&& getDolGlobalInt('INVOICE_USE_SITUATION_CREDIT_NOTE')
) {
if ($usercanunvalidate) {
- print ''.$langs->trans("CreateCreditNote").'';
+ print ''.$langs->trans("CreateCreditNote").'';
} else {
print ''.$langs->trans("CreateCreditNote").'';
}
@@ -6017,7 +6017,7 @@ if ($action == 'create') {
if (($object->type == Facture::TYPE_STANDARD || $object->type == Facture::TYPE_DEPOSIT || $object->type == Facture::TYPE_PROFORMA) && $object->status == 0 && $usercancreate) {
if (!$objectidnext && count($object->lines) > 0) {
unset($params['attr']['title']);
- print dolGetButtonAction($langs->trans('ChangeIntoRepeatableInvoice'), '', 'default', DOL_URL_ROOT.'/compta/facture/card-rec.php?facid='.$object->id.'&action=create', '', true, $params);
+ print dolGetButtonAction($langs->trans('ChangeIntoRepeatableInvoice'), '', 'default', DOL_URL_ROOT.'/compta/facture/card-rec.php?facid='.$object->id.'&action=create', '', true, $params);
}
}
@@ -6031,7 +6031,7 @@ if ($action == 'create') {
&& $usercanunvalidate
) {
if (($object->total_ttc - $totalcreditnotes) == 0) {
- print ''.$langs->trans("RemoveSituationFromCycle").'';
+ print ''.$langs->trans("RemoveSituationFromCycle").'';
} else {
print ''.$langs->trans("RemoveSituationFromCycle").'';
}
@@ -6040,7 +6040,7 @@ if ($action == 'create') {
// Create next situation invoice
if ($usercancreate && ($object->type == 5) && ($object->status == 1 || $object->status == 2)) {
if ($object->is_last_in_cycle() && $object->situation_final != 1) {
- print ''.$langs->trans('CreateNextSituationInvoice').'';
+ print ''.$langs->trans('CreateNextSituationInvoice').'';
} elseif (!$object->is_last_in_cycle()) {
print ''.$langs->trans('CreateNextSituationInvoice').'';
} else {
diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index a23db2adf8a..d148f8fd784 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -6591,7 +6591,7 @@ class Form
$num = $this->num;
if ($num == 0) {
$addcontact = (getDolGlobalString('SOCIETE_ADDRESSES_MANAGEMENT') ? $langs->trans("AddContact") : $langs->trans("AddContactAddress"));
- print '' . $addcontact . '';
+ print '' . $addcontact . '';
}
print '';
print ' | ';
diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php
index a4682c21a13..5507cbd46e2 100644
--- a/htdocs/core/lib/company.lib.php
+++ b/htdocs/core/lib/company.lib.php
@@ -880,7 +880,7 @@ function show_projects($conf, $langs, $db, $object, $backtopage = '', $nocreatel
$newcardbutton = '';
if (isModEnabled('project') && $user->hasRight('projet', 'creer') && empty($nocreatelink)) {
- $newcardbutton .= dolGetButtonTitle($langs->trans('AddProject'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/projet/card.php?socid='.$object->id.'&action=create&backtopage='.urlencode($backtopage));
+ $newcardbutton .= dolGetButtonTitle($langs->trans('AddProject'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/projet/card.php?socid='.$object->id.'&action=create&backtopage='.urlencode($backtopage));
}
print "\n";
@@ -1277,7 +1277,7 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '', $showuserl
$newcardbutton = '';
if ($user->hasRight('societe', 'contact', 'creer')) {
$addcontact = (getDolGlobalString('SOCIETE_ADDRESSES_MANAGEMENT') ? $langs->trans("AddContact") : $langs->trans("AddContactAddress"));
- $newcardbutton .= dolGetButtonTitle($addcontact, '', 'fa fa-plus-circle', DOL_URL_ROOT.'/contact/card.php?socid='.$object->id.'&action=create&backtopage='.urlencode($backtopage));
+ $newcardbutton .= dolGetButtonTitle($addcontact, '', 'fa fa-plus-circle', DOL_URL_ROOT.'/contact/card.php?socid='.$object->id.'&action=create&backtopage='.urlencode($backtopage));
}
print "\n";
diff --git a/htdocs/core/lib/contact.lib.php b/htdocs/core/lib/contact.lib.php
index 24bb66763a5..aa4fa429ae7 100644
--- a/htdocs/core/lib/contact.lib.php
+++ b/htdocs/core/lib/contact.lib.php
@@ -179,7 +179,7 @@ function show_contacts_projects($conf, $langs, $db, $object, $backtopage = '', $
$newcardbutton = '';
if (isModEnabled('project') && $user->hasRight('projet', 'creer') && empty($nocreatelink)) {
- $newcardbutton .= dolGetButtonTitle($langs->trans('AddProject'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/projet/card.php?socid='.$object->id.'&action=create&backtopage='.urlencode($backtopage));
+ $newcardbutton .= dolGetButtonTitle($langs->trans('AddProject'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/projet/card.php?socid='.$object->id.'&action=create&backtopage='.urlencode($backtopage));
}
print "\n";
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index f2268767734..df7b61f06c0 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -2037,6 +2037,22 @@ function dolPrintHTMLForAttribute($s)
return dol_escape_htmltag(dol_string_onlythesehtmltags(dol_htmlentitiesbr($s), 1, 0, 0, 0, array('br', 'b', 'font', 'hr', 'span')), 1, -1, '', 0, 1);
}
+/**
+ * Return a string ready to be output on a href attribute (this one need a special because we need content is HTML with no way to detect it is HTML).
+ * With dolPrintHTMLForAttribute(), the content is HTML encode, even if it is already HTML content.
+ *
+ * @param string $s String to print
+ * @return string String ready for HTML output
+ * @see dolPrintHTML(), dolPrintHTMLFortextArea()
+ */
+function dolPrintHTMLForAttributeUrl($s)
+{
+ // The dol_htmlentitiesbr has been removed compared to dolPrintHTMLForAttribute because we know content is a HTML URL string (even if we have no way to detect it automatically)
+ // The dol_escape_htmltag will escape html chars.
+ $escapeonlyhtmltags = 1;
+ return dol_escape_htmltag(dol_string_onlythesehtmltags($s, 1, 1, 1, 0, array()), 0, 0, '', $escapeonlyhtmltags, 1);
+}
+
/**
* Return a string ready to be output on input textarea.
* Differs from dolPrintHTML because all tags are escape. With dolPrintHTML, all tags except common one are escaped.
@@ -8687,9 +8703,9 @@ function dol_htmlentitiesbr($stringtoencode, $nl2brmode = 0, $pagecodefrom = 'UT
$newstring = preg_replace('/
$/i', '', $newstring); // Remove last
(remove only last one)
}
$newstring = preg_replace('/[\x{200B}-\x{200D}\x{FEFF}]/u', ' ', $newstring);
- $newstring = strtr($newstring, array('&' => '__and__', '<' => '__lt__', '>' => '__gt__', '"' => '__dquot__'));
+ $newstring = strtr($newstring, array('&' => '__PROTECTand__', '<' => '__PROTECTlt__', '>' => '__PROTECTgt__', '"' => '__PROTECTdquot__'));
$newstring = dol_htmlentities($newstring, ENT_COMPAT, $pagecodefrom); // Make entity encoding
- $newstring = strtr($newstring, array('__and__' => '&', '__lt__' => '<', '__gt__' => '>', '__dquot__' => '"'));
+ $newstring = strtr($newstring, array('__PROTECTand__' => '&', '__PROTECTlt__' => '<', '__PROTECTgt__' => '>', '__PROTECTdquot__' => '"'));
} else {
if ($removelasteolbr) {
$newstring = preg_replace('/(\r\n|\r|\n)$/i', '', $newstring); // Remove last \n (may remove several)
@@ -12828,12 +12844,16 @@ function dolGetButtonAction($label, $text = '', $actionType = 'default', $url =
unset($attr['href']);
}
- // escape all attribute
- $attr = array_map('dol_escape_htmltag', $attr);
-
+ // escape all attributes
$TCompiledAttr = array();
foreach ($attr as $key => $value) {
- $TCompiledAttr[] = $key.'= "'.$value.'"';
+ if ($key == 'href') {
+ $value = dolPrintHTMLForAttributeUrl($value);
+ } else {
+ $value = dolPrintHTMLForAttribute($value);
+ }
+
+ $TCompiledAttr[] = $key.'="'.$value.'"'; // $value has been escaped by the dolPrintHTMLForAttribute... just before
}
$compiledAttributes = empty($TCompiledAttr) ? '' : implode(' ', $TCompiledAttr);
diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php
index 8bfe214c523..c3da1b43170 100644
--- a/htdocs/core/menus/standard/eldy.lib.php
+++ b/htdocs/core/menus/standard/eldy.lib.php
@@ -1275,7 +1275,7 @@ function get_left_menu_thridparties($mainmenu, &$newmenu, $usemenuhider = 1, $le
$langs->load("commercial");
$newmenu->add("/societe/list.php?type=p&leftmenu=prospects", $langs->trans("Prospects"), 2, $user->hasRight('societe', 'lire'), '', $mainmenu, 'prospects', 5);
- $newmenu->add("/societe/card.php?leftmenu=prospects&action=create&type=p", $langs->trans("MenuNewProspect"), 3, $user->hasRight('societe', 'creer'));
+ $newmenu->add("/societe/card.php?leftmenu=prospects&action=create&type=p", $langs->trans("MenuNewProspect"), 3, $user->hasRight('societe', 'creer'));
}
// Customers/Prospects
@@ -1283,7 +1283,7 @@ function get_left_menu_thridparties($mainmenu, &$newmenu, $usemenuhider = 1, $le
$langs->load("commercial");
$newmenu->add("/societe/list.php?type=c&leftmenu=customers", $langs->trans("Customers"), 2, $user->hasRight('societe', 'lire'), '', $mainmenu, 'customers', 10);
- $newmenu->add("/societe/card.php?leftmenu=customers&action=create&type=c", $langs->trans("MenuNewCustomer"), 3, $user->hasRight('societe', 'creer'));
+ $newmenu->add("/societe/card.php?leftmenu=customers&action=create&type=c", $langs->trans("MenuNewCustomer"), 3, $user->hasRight('societe', 'creer'));
}
// Suppliers
@@ -1291,7 +1291,7 @@ function get_left_menu_thridparties($mainmenu, &$newmenu, $usemenuhider = 1, $le
$langs->load("suppliers");
$newmenu->add("/societe/list.php?type=f&leftmenu=suppliers", $langs->trans("Suppliers"), 2, ($user->hasRight('fournisseur', 'lire') || $user->hasRight('supplier_order', 'lire') || $user->hasRight('supplier_invoice', 'lire') || $user->hasRight('supplier_proposal', 'lire')), '', $mainmenu, 'suppliers', 15);
- $newmenu->add("/societe/card.php?leftmenu=suppliers&action=create&type=f", $langs->trans("MenuNewSupplier"), 3, $user->hasRight('societe', 'creer') && ($user->hasRight('fournisseur', 'lire') || $user->hasRight('supplier_order', 'lire') || $user->hasRight('supplier_invoice', 'lire') || $user->hasRight('supplier_proposal', 'lire')));
+ $newmenu->add("/societe/card.php?leftmenu=suppliers&action=create&type=f", $langs->trans("MenuNewSupplier"), 3, $user->hasRight('societe', 'creer') && ($user->hasRight('fournisseur', 'lire') || $user->hasRight('supplier_order', 'lire') || $user->hasRight('supplier_invoice', 'lire') || $user->hasRight('supplier_proposal', 'lire')));
}
// Categories
@@ -1317,7 +1317,7 @@ function get_left_menu_thridparties($mainmenu, &$newmenu, $usemenuhider = 1, $le
// Contacts
$newmenu->add("/societe/index.php?leftmenu=thirdparties", (getDolGlobalString('SOCIETE_ADDRESSES_MANAGEMENT') ? $langs->trans("Contacts") : $langs->trans("ContactsAddresses")), 0, $user->hasRight('societe', 'contact', 'lire'), '', $mainmenu, 'contacts', 0, '', '', '', img_picto('', 'contact', 'class="paddingright pictofixedwidth"'));
- $newmenu->add("/contact/card.php?leftmenu=contacts&action=create", (getDolGlobalString('SOCIETE_ADDRESSES_MANAGEMENT') ? $langs->trans("NewContact") : $langs->trans("NewContactAddress")), 1, $user->hasRight('societe', 'contact', 'creer'));
+ $newmenu->add("/contact/card.php?leftmenu=contacts&action=create", (getDolGlobalString('SOCIETE_ADDRESSES_MANAGEMENT') ? $langs->trans("NewContact") : $langs->trans("NewContactAddress")), 1, $user->hasRight('societe', 'contact', 'creer'));
$newmenu->add("/contact/list.php?leftmenu=contacts", $langs->trans("List"), 1, $user->hasRight('societe', 'contact', 'lire'));
if (!getDolGlobalString('SOCIETE_DISABLE_PROSPECTS')) {
$newmenu->add("/contact/list.php?leftmenu=contacts&type=p", $langs->trans("Prospects"), 2, $user->hasRight('societe', 'contact', 'lire'));
@@ -1514,7 +1514,7 @@ function get_left_menu_billing($mainmenu, &$newmenu, $usemenuhider = 1, $leftmen
if (isModEnabled('societe') && isModEnabled('supplier_invoice') && !getDolGlobalString('SUPPLIER_INVOICE_MENU_DISABLED')) {
$langs->load("bills");
$newmenu->add("/fourn/facture/index.php?leftmenu=suppliers_bills", $langs->trans("BillsSuppliers"), 0, $user->hasRight('fournisseur', 'facture', 'lire'), '', $mainmenu, 'suppliers_bills', 0, '', '', '', img_picto('', 'supplier_invoice', 'class="paddingright pictofixedwidth"'));
- $newmenu->add("/fourn/facture/card.php?leftmenu=suppliers_bills&action=create", $langs->trans("NewBill"), 1, ($user->hasRight('fournisseur', 'facture', 'creer') || $user->hasRight('supplier_invoice', 'creer')), '', $mainmenu, 'suppliers_bills_create');
+ $newmenu->add("/fourn/facture/card.php?leftmenu=suppliers_bills&action=create", $langs->trans("NewBill"), 1, ($user->hasRight('fournisseur', 'facture', 'creer') || $user->hasRight('supplier_invoice', 'creer')), '', $mainmenu, 'suppliers_bills_create');
$newmenu->add("/fourn/facture/list.php?leftmenu=suppliers_bills", $langs->trans("List"), 1, $user->hasRight('fournisseur', 'facture', 'lire'), '', $mainmenu, 'suppliers_bills_list');
if ($usemenuhider || empty($leftmenu) || preg_match('/suppliers_bills/', $leftmenu)) {
@@ -1558,7 +1558,7 @@ function get_left_menu_billing($mainmenu, &$newmenu, $usemenuhider = 1, $leftmen
$langs->load("donations");
$newmenu->add("/don/index.php?leftmenu=donations&mainmenu=billing", $langs->trans("Donations"), 0, $user->hasRight('don', 'lire'), '', $mainmenu, 'donations', 0, '', '', '', img_picto('', 'donation', 'class="paddingright pictofixedwidth"'));
if ($usemenuhider || empty($leftmenu) || $leftmenu == "donations") {
- $newmenu->add("/don/card.php?leftmenu=donations&action=create", $langs->trans("NewDonation"), 1, $user->hasRight('don', 'creer'));
+ $newmenu->add("/don/card.php?leftmenu=donations&action=create", $langs->trans("NewDonation"), 1, $user->hasRight('don', 'creer'));
$newmenu->add("/don/list.php?leftmenu=donations", $langs->trans("List"), 1, $user->hasRight('don', 'lire'));
$newmenu->add("/don/paiement/list.php?leftmenu=donations", $langs->trans("Payments"), 1, $user->hasRight('don', 'lire'));
$newmenu->add("/don/stats/index.php", $langs->trans("Statistics"), 1, $user->hasRight('don', 'lire'));
@@ -2000,12 +2000,12 @@ function get_left_menu_accountancy($mainmenu, &$newmenu, $usemenuhider = 1, $lef
// Assets
if (isModEnabled('asset')) {
- $newmenu->add("/asset/list.php?leftmenu=asset&mainmenu=accountancy", $langs->trans("MenuAssets"), 0, $user->hasRight('asset', 'read'), '', $mainmenu, 'asset', 100, '', '', '', img_picto('', 'payment', 'class="paddingright pictofixedwidth"'));
- $newmenu->add("/asset/card.php?leftmenu=asset&action=create", $langs->trans("MenuNewAsset"), 1, $user->hasRight('asset', 'write'));
- $newmenu->add("/asset/list.php?leftmenu=asset&mainmenu=accountancy", $langs->trans("MenuListAssets"), 1, $user->hasRight('asset', 'read'));
+ $newmenu->add("/asset/list.php?leftmenu=asset&mainmenu=accountancy", $langs->trans("MenuAssets"), 0, $user->hasRight('asset', 'read'), '', $mainmenu, 'asset', 100, '', '', '', img_picto('', 'payment', 'class="paddingright pictofixedwidth"'));
+ $newmenu->add("/asset/card.php?leftmenu=asset&action=create", $langs->trans("MenuNewAsset"), 1, $user->hasRight('asset', 'write'));
+ $newmenu->add("/asset/list.php?leftmenu=asset&mainmenu=accountancy", $langs->trans("MenuListAssets"), 1, $user->hasRight('asset', 'read'));
$newmenu->add("/asset/model/list.php?leftmenu=asset_model", $langs->trans("MenuAssetModels"), 1, (!getDolGlobalString('MAIN_USE_ADVANCED_PERMS') && $user->hasRight('asset', 'read')) || (getDolGlobalString('MAIN_USE_ADVANCED_PERMS') && $user->hasRight('asset', 'model_advance', 'read')), '', $mainmenu, 'asset_model');
if ($usemenuhider || empty($leftmenu) || preg_match('/asset_model/', $leftmenu)) {
- $newmenu->add("/asset/model/card.php?leftmenu=asset_model&action=create", $langs->trans("MenuNewAssetModel"), 2, (!getDolGlobalString('MAIN_USE_ADVANCED_PERMS') && $user->hasRight('asset', 'write')) || (getDolGlobalString('MAIN_USE_ADVANCED_PERMS') && $user->hasRight('asset', 'model_advance', 'write')));
+ $newmenu->add("/asset/model/card.php?leftmenu=asset_model&action=create", $langs->trans("MenuNewAssetModel"), 2, (!getDolGlobalString('MAIN_USE_ADVANCED_PERMS') && $user->hasRight('asset', 'write')) || (getDolGlobalString('MAIN_USE_ADVANCED_PERMS') && $user->hasRight('asset', 'model_advance', 'write')));
$newmenu->add("/asset/model/list.php?leftmenu=asset_model", $langs->trans("MenuListAssetModels"), 2, (!getDolGlobalString('MAIN_USE_ADVANCED_PERMS') && $user->hasRight('asset', 'read')) || (getDolGlobalString('MAIN_USE_ADVANCED_PERMS') && $user->hasRight('asset', 'model_advance', 'read')));
}
}
@@ -2113,8 +2113,8 @@ function get_left_menu_products($mainmenu, &$newmenu, $usemenuhider = 1, $leftme
// Products
if (isModEnabled('product')) {
$newmenu->add("/product/index.php?leftmenu=product", $langs->trans("Products"), 0, $user->hasRight('product', 'read'), '', $mainmenu, 'product', 0, '', '', '', img_picto('', 'product', 'class="paddingright pictofixedwidth"'));
- $newmenu->add("/product/card.php?leftmenu=product&action=create&type=0", $langs->trans("NewProduct"), 1, $user->hasRight('product', 'creer'));
- $newmenu->add("/product/list.php?leftmenu=product&type=0", $langs->trans("List"), 1, $user->hasRight('product', 'read'));
+ $newmenu->add("/product/card.php?leftmenu=product&action=create&type=0", $langs->trans("NewProduct"), 1, $user->hasRight('product', 'creer'));
+ $newmenu->add("/product/list.php?leftmenu=product&type=0", $langs->trans("List"), 1, $user->hasRight('product', 'read'));
if (isModEnabled('stock')) {
$newmenu->add("/product/reassort.php?type=0", $langs->trans("MenuStocks"), 1, $user->hasRight('product', 'read') && $user->hasRight('stock', 'lire'));
}
@@ -2141,8 +2141,8 @@ function get_left_menu_products($mainmenu, &$newmenu, $usemenuhider = 1, $leftme
// Services
if (isModEnabled('service')) {
$newmenu->add("/product/index.php?leftmenu=service", $langs->trans("Services"), 0, $user->hasRight('service', 'read'), '', $mainmenu, 'service', 0, '', '', '', img_picto('', 'service', 'class="paddingright pictofixedwidth"'));
- $newmenu->add("/product/card.php?leftmenu=service&action=create&type=1", $langs->trans("NewService"), 1, $user->hasRight('service', 'creer'));
- $newmenu->add("/product/list.php?leftmenu=service&type=1", $langs->trans("List"), 1, $user->hasRight('service', 'read'));
+ $newmenu->add("/product/card.php?leftmenu=service&action=create&type=1", $langs->trans("NewService"), 1, $user->hasRight('service', 'creer'));
+ $newmenu->add("/product/list.php?leftmenu=service&type=1", $langs->trans("List"), 1, $user->hasRight('service', 'read'));
if (isModEnabled('stock') && getDolGlobalString('STOCK_SUPPORTS_SERVICES')) {
$newmenu->add("/product/reassort.php?type=1", $langs->trans("MenuStocks"), 1, $user->hasRight('service', 'read') && $user->hasRight('stock', 'lire'));
@@ -2259,7 +2259,7 @@ function get_left_menu_mrp($mainmenu, &$newmenu, $usemenuhider = 1, $leftmenu =
$langs->load("mrp");
$newmenu->add("", $langs->trans("MenuBOM"), 0, $user->hasRight('bom', 'read'), '', $mainmenu, 'bom', 0, '', '', '', img_picto('', 'bom', 'class="paddingright pictofixedwidth"'));
- $newmenu->add("/bom/bom_card.php?leftmenu=bom&action=create", $langs->trans("NewBOM"), 1, $user->hasRight('bom', 'write'), '', $mainmenu, 'bom');
+ $newmenu->add("/bom/bom_card.php?leftmenu=bom&action=create", $langs->trans("NewBOM"), 1, $user->hasRight('bom', 'write'), '', $mainmenu, 'bom');
$newmenu->add("/bom/bom_list.php?leftmenu=bom", $langs->trans("List"), 1, $user->hasRight('bom', 'read'), '', $mainmenu, 'bom');
}
@@ -2267,7 +2267,7 @@ function get_left_menu_mrp($mainmenu, &$newmenu, $usemenuhider = 1, $leftmenu =
$langs->load("mrp");
$newmenu->add("", $langs->trans("MenuMRP"), 0, $user->hasRight('mrp', 'read'), '', $mainmenu, 'mrp', 0, '', '', '', img_picto('', 'mrp', 'class="paddingright pictofixedwidth"'));
- $newmenu->add("/mrp/mo_card.php?leftmenu=mo&action=create", $langs->trans("NewMO"), 1, $user->hasRight('mrp', 'write'), '', $mainmenu, '');
+ $newmenu->add("/mrp/mo_card.php?leftmenu=mo&action=create", $langs->trans("NewMO"), 1, $user->hasRight('mrp', 'write'), '', $mainmenu, '');
$newmenu->add("/mrp/mo_list.php?leftmenu=mo", $langs->trans("List"), 1, $user->hasRight('mrp', 'read'), '', $mainmenu, '');
}
}
@@ -2485,7 +2485,7 @@ function get_left_menu_tools($mainmenu, &$newmenu, $usemenuhider = 1, $leftmenu
$titlenew .= ' | '.$langs->trans("NewSMSing");
}
$newmenu->add("/comm/mailing/index.php?leftmenu=mailing", $titleindex, 0, $user->hasRight('mailing', 'lire'), '', $mainmenu, 'mailing', 0, '', '', '', img_picto('', 'email', 'class="paddingright pictofixedwidth"'));
- $newmenu->add("/comm/mailing/card.php?leftmenu=mailing&action=create", $titlenew, 1, $user->hasRight('mailing', 'creer'));
+ $newmenu->add("/comm/mailing/card.php?leftmenu=mailing&action=create", $titlenew, 1, $user->hasRight('mailing', 'creer'));
$newmenu->add("/comm/mailing/list.php?leftmenu=mailing", $titlelist, 1, $user->hasRight('mailing', 'lire'));
}
@@ -2525,16 +2525,16 @@ function get_left_menu_members($mainmenu, &$newmenu, $usemenuhider = 1, $leftmen
// Load translation files required by the page
$langs->loadLangs(array("members", "compta"));
- $newmenu->add("/adherents/index.php?leftmenu=members&mainmenu=members", $langs->trans("Members"), 0, $user->hasRight('adherent', 'read'), '', $mainmenu, 'members', 0, '', '', '', img_picto('', 'member', 'class="paddingright pictofixedwidth"'));
- $newmenu->add("/adherents/card.php?leftmenu=members&action=create", $langs->trans("NewMember"), 1, $user->hasRight('adherent', 'write'));
+ $newmenu->add("/adherents/index.php?leftmenu=members&mainmenu=members", $langs->trans("Members"), 0, $user->hasRight('adherent', 'read'), '', $mainmenu, 'members', 0, '', '', '', img_picto('', 'member', 'class="paddingright pictofixedwidth"'));
+ $newmenu->add("/adherents/card.php?leftmenu=members&action=create", $langs->trans("NewMember"), 1, $user->hasRight('adherent', 'write'));
$newmenu->add("/adherents/list.php?leftmenu=members", $langs->trans("List"), 1, $user->hasRight('adherent', 'read'));
- $newmenu->add("/adherents/list.php?leftmenu=members&statut=-1", $langs->trans("MenuMembersToValidate"), 2, $user->hasRight('adherent', 'read'));
- $newmenu->add("/adherents/list.php?leftmenu=members&statut=1", $langs->trans("MenuMembersValidated"), 2, $user->hasRight('adherent', 'read'));
- $newmenu->add("/adherents/list.php?leftmenu=members&statut=1&filter=waitingsubscription", $langs->trans("WaitingSubscription"), 3, $user->hasRight('adherent', 'read'));
- $newmenu->add("/adherents/list.php?leftmenu=members&statut=1&filter=uptodate", $langs->trans("UpToDate"), 3, $user->hasRight('adherent', 'read'));
- $newmenu->add("/adherents/list.php?leftmenu=members&statut=1&filter=outofdate", $langs->trans("OutOfDate"), 3, $user->hasRight('adherent', 'read'));
- $newmenu->add("/adherents/list.php?leftmenu=members&statut=0", $langs->trans("MenuMembersResiliated"), 2, $user->hasRight('adherent', 'read'));
- $newmenu->add("/adherents/list.php?leftmenu=members&statut=-2", $langs->trans("MenuMembersExcluded"), 2, $user->hasRight('adherent', 'read'));
+ $newmenu->add("/adherents/list.php?leftmenu=members&statut=-1", $langs->trans("MenuMembersToValidate"), 2, $user->hasRight('adherent', 'read'));
+ $newmenu->add("/adherents/list.php?leftmenu=members&statut=1", $langs->trans("MenuMembersValidated"), 2, $user->hasRight('adherent', 'read'));
+ $newmenu->add("/adherents/list.php?leftmenu=members&statut=1&filter=waitingsubscription", $langs->trans("WaitingSubscription"), 3, $user->hasRight('adherent', 'read'));
+ $newmenu->add("/adherents/list.php?leftmenu=members&statut=1&filter=uptodate", $langs->trans("UpToDate"), 3, $user->hasRight('adherent', 'read'));
+ $newmenu->add("/adherents/list.php?leftmenu=members&statut=1&filter=outofdate", $langs->trans("OutOfDate"), 3, $user->hasRight('adherent', 'read'));
+ $newmenu->add("/adherents/list.php?leftmenu=members&statut=0", $langs->trans("MenuMembersResiliated"), 2, $user->hasRight('adherent', 'read'));
+ $newmenu->add("/adherents/list.php?leftmenu=members&statut=-2", $langs->trans("MenuMembersExcluded"), 2, $user->hasRight('adherent', 'read'));
$newmenu->add("/adherents/stats/index.php?leftmenu=members", $langs->trans("MenuMembersStats"), 1, $user->hasRight('adherent', 'read'));
$newmenu->add("/adherents/cartes/carte.php?leftmenu=export", $langs->trans("MembersCards"), 1, $user->hasRight('adherent', 'export'));
@@ -2554,7 +2554,7 @@ function get_left_menu_members($mainmenu, &$newmenu, $usemenuhider = 1, $leftmen
// Type
$newmenu->add("/adherents/type.php?leftmenu=setup&mainmenu=members", $langs->trans("MembersTypes"), 0, $user->hasRight('adherent', 'configurer'), '', $mainmenu, 'setup', 0, '', '', '', img_picto('', 'members', 'class="paddingright pictofixedwidth"'));
- $newmenu->add("/adherents/type.php?leftmenu=setup&mainmenu=members&action=create", $langs->trans("New"), 1, $user->hasRight('adherent', 'configurer'));
+ $newmenu->add("/adherents/type.php?leftmenu=setup&mainmenu=members&action=create", $langs->trans("New"), 1, $user->hasRight('adherent', 'configurer'));
$newmenu->add("/adherents/type.php?leftmenu=setup&mainmenu=members", $langs->trans("List"), 1, $user->hasRight('adherent', 'configurer'));
}
}
diff --git a/htdocs/core/modules/modAgenda.class.php b/htdocs/core/modules/modAgenda.class.php
index bc0d440bad8..0cbbbb0dd8b 100644
--- a/htdocs/core/modules/modAgenda.class.php
+++ b/htdocs/core/modules/modAgenda.class.php
@@ -249,7 +249,7 @@ class modAgenda extends DolibarrModules
'type' => 'left',
'titre' => 'NewAction',
'mainmenu' => 'agenda',
- 'url' => '/comm/action/card.php?mainmenu=agenda&leftmenu=agenda&action=create',
+ 'url' => '/comm/action/card.php?mainmenu=agenda&leftmenu=agenda&action=create',
'langs' => 'commercial',
'position' => 101,
'perms' => '($user->hasRight("agenda", "myactions", "create") || $user->hasRight("agenda", "allactions", "create"))',
diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php
index 56d300c9b8f..e0cd273c028 100644
--- a/htdocs/expensereport/card.php
+++ b/htdocs/expensereport/card.php
@@ -2848,7 +2848,7 @@ if ($action != 'create' && $action != 'edit' && $action != 'editline') {
if ($remaintopay == 0) {
print ''.$langs->trans('DoPayment').'
';
} else {
- print '';
+ print '';
}
}
diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php
index 1d330322f87..39d971bba99 100644
--- a/htdocs/fourn/facture/card.php
+++ b/htdocs/fourn/facture/card.php
@@ -4094,7 +4094,7 @@ if ($action == 'create') {
// Create payment
if ($object->type != FactureFournisseur::TYPE_CREDIT_NOTE && $object->status == FactureFournisseur::STATUS_VALIDATED && $object->paid == 0) {
- print ''.$langs->trans('DoPayment').''; // must use facid because id is for payment id not invoice
+ print ''.$langs->trans('DoPayment').''; // must use facid because id is for payment id not invoice
}
// Reverse back money or convert to reduction
@@ -4104,7 +4104,7 @@ if ($action == 'create') {
if ($resteapayer == 0) {
print ''.$langs->trans('DoPaymentBack').'';
} else {
- print ''.$langs->trans('DoPaymentBack').'';
+ print ''.$langs->trans('DoPaymentBack').'';
}
}
@@ -4154,7 +4154,7 @@ if ($action == 'create') {
// Create a credit note
if (($object->type == FactureFournisseur::TYPE_STANDARD || $object->type == FactureFournisseur::TYPE_DEPOSIT) && $object->status > 0 && $usercancreate) {
if (!$objectidnext) {
- print ''.$langs->trans("CreateCreditNote").'';
+ print ''.$langs->trans("CreateCreditNote").'';
}
}
diff --git a/htdocs/societe/paymentmodes.php b/htdocs/societe/paymentmodes.php
index cacc2c3e002..774e274a426 100644
--- a/htdocs/societe/paymentmodes.php
+++ b/htdocs/societe/paymentmodes.php
@@ -1206,7 +1206,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
if ($showcardpaymentmode && $object->client) {
$morehtmlright = '';
if (getDolGlobalString('STRIPE_ALLOW_LOCAL_CARD')) {
- $morehtmlright .= dolGetButtonTitle($langs->trans('Add'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"].'?socid='.$object->id.'&action=createcard');
+ $morehtmlright .= dolGetButtonTitle($langs->trans('Add'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"].'?socid='.$object->id.'&action=createcard');
}
print load_fiche_titre($langs->trans('CreditCard'), $morehtmlright, 'fa-credit-card');
//($stripeacc ? ' (Stripe connection with StripeConnect account '.$stripeacc.')' : ' (Stripe connection with keys from Stripe module setup)')
@@ -1557,7 +1557,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
// List of bank accounts
if ($permissiontoaddupdatepaymentinformation) {
- $morehtmlright = dolGetButtonTitle($langs->trans('Add'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"] . '?socid=' . $object->id . '&action=create');
+ $morehtmlright = dolGetButtonTitle($langs->trans('Add'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"] . '?socid=' . $object->id . '&action=create');
}
print load_fiche_titre($langs->trans("BankAccounts"), $morehtmlright, 'bank');
diff --git a/htdocs/user/bank.php b/htdocs/user/bank.php
index 2b31b7097f0..c098ac3c762 100644
--- a/htdocs/user/bank.php
+++ b/htdocs/user/bank.php
@@ -836,7 +836,7 @@ if ($action != 'edit' && $action != 'create') { // If not bank account yet, $ac
$morehtmlright = '';
if ($account->id == 0) {
if ($permissiontoaddbankaccount) {
- $morehtmlright = dolGetButtonTitle($langs->trans('Add'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=create');
+ $morehtmlright = dolGetButtonTitle($langs->trans('Add'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=create');
} else {
$morehtmlright = dolGetButtonTitle($langs->trans('Add'), $langs->trans('NotEnoughPermissions'), 'fa fa-plus-circle', '', '', -2);
}
diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php
index 28c2bcf6f90..bfb49309025 100644
--- a/test/phpunit/SecurityTest.php
+++ b/test/phpunit/SecurityTest.php
@@ -828,6 +828,24 @@ class SecurityTest extends CommonClassTest
$this->assertEquals($stringfixed, $result, 'Error in dolPrintHTMLForAttribute test 2'); // Expected '' because should failed because login 'auto' does not exists
+ // dolPrintHTMLForAttributeUrl - With dolPrintHTMLForAttributeUrl(), the param should already be and HTML URL encoded
+
+ $stringtotest = "aa & & a=%10";
+ $stringfixed = "aa & & a=%10";
+ // $result = dol_escape_htmltag(dol_string_onlythesehtmltags($s, 1, 1, 1, 0, array()), 0, 0, '', $escapeonlyhtmltags, 1);
+ $result = dolPrintHTMLForAttributeUrl($stringtotest);
+ print __METHOD__." result=".$result."\n";
+ $this->assertEquals($stringfixed, $result, 'Error in dolPrintHTMLForAttributeUrl test 1'); // Expected '' because should failed because login 'auto' does not exists
+
+ // For a string that is already HTML (contains HTML tags) with special tags but badly formatted
+ $stringtotest = "aa & & a=%10";
+ $stringfixed = "aa & & a=%10";
+ // $result = dol_escape_htmltag(dol_string_onlythesehtmltags($s, 1, 1, 1, 0, array()), 0, 0, '', $escapeonlyhtmltags, 1);
+ $result = dolPrintHTMLForAttributeUrl($stringtotest);
+ print __METHOD__." result=".$result."\n";
+ $this->assertEquals($stringfixed, $result, 'Error in dolPrintHTMLForAttributeUrl test 2'); // Expected '' because should failed because login 'auto' does not exists
+
+
// dolPrintHTML
/*
diff --git a/test/phpunit/test.php b/test/phpunit/test.php
index 6e8f0c8565a..bd471275f1f 100755
--- a/test/phpunit/test.php
+++ b/test/phpunit/test.php
@@ -12,18 +12,30 @@ include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$langs->setDefaultLang('fr');
$langs->loadLangs(array('main', 'companies'));
-var_dump($langs->tab_translate["Preview"]);
+$s = 'aa & & a=%10';
+print $s."\n";
+//print dol_htmlentitiesbr($s)."\n";
+//print dol_escape_htmltag(dol_string_onlythesehtmltags(dol_htmlentitiesbr($s), 1, 0, 0, 0, array('br', 'b', 'font', 'hr', 'span')), 1, -1, '', 0, 1);
+print dolPrintHTMLForAttributeUrl('aa & & a=%10');
+print "\n";
+$s = 'aa & & a=%10';
+print $s."\n";
+//print dol_htmlentitiesbr($s)."\n";
+//print dol_escape_htmltag(dol_string_onlythesehtmltags(dol_htmlentitiesbr($s), 1, 0, 0, 0, array('br', 'b', 'font', 'hr', 'span')), 1, -1, '', 0, 1);
+print dolPrintHTMLForAttributeUrl('aa & & a=%10');
+print "\n";
+
print $langs->tr("Preview");
print "\n";
print $langs->trans("Preview");
print "\n";
-print ">>> dol_escape_htmltag(eée < > bbbold ç) - should not happen\n";
-print dol_escape_htmltag("eée < > bbbold ç", 1);
+print ">>> dol_escape_htmltag(< > bbbold ç &) - should not happen\n";
+print dol_escape_htmltag("< > bbbold ç &", 1);
print "\n";
-print ">>> dol_escape_htmltag(eée < > bbbold ç)\n";
-print dol_escape_htmltag("eée < > bbbold ç", 1);
+print ">>> dol_escape_htmltag(< > bbbold ç &)\n";
+print dol_escape_htmltag("< > bbbold ç &", 1);
print "\n";
print '>>> dol_escape_htmltag(<script>alert("azerty")</script>)'."\n";
print dol_escape_htmltag('<script>alert("azerty")</script>', 1);
@@ -32,11 +44,11 @@ print "\n";
print "\n";
// dol_escape_htmltag(dol_htmlwithnojs(dol_string_onlythesehtmltags(dol_htmlentitiesbr($s), 1, 1, 1, array())), 1, 1, 'common', 0, 1);
-print ">>> dolPrintHtml(eée < > bbbold ç) - should not happen\n";
-print dolPrintHtml("eée < > bbbold ç");
+print ">>> dolPrintHtml(< > bbbold ç &) - should not happen\n";
+print dolPrintHtml("< > bbbold ç &");
print "\n";
-print ">>> dolPrintHtml(eée < > bbbold ç)\n";
-print dolPrintHtml("eée < > bbbold ç");
+print ">>> dolPrintHtml(< > bbbold ç &)\n";
+print dolPrintHtml("< > bbbold ç &");
print "\n";
print '>>> dolPrintHtml(<script>alert("azerty")</script>)'."\n";
print dolPrintHtml('<script>alert("azerty")</script>');
@@ -45,11 +57,11 @@ print "\n";
print "\n";
// dol_escape_htmltag(dol_string_onlythesehtmltags(dol_htmlentitiesbr($s), 1, 0, 0, 0, array('br', 'b', 'font', 'hr', 'span')), 1, -1, '', 0, 1);
-print ">>> dolPrintHtmlForattribute(eée < > bbbold ç)\n";
-print dolPrintHTMLForAttribute("eée < > bbbold ç");
+print ">>> dolPrintHtmlForattribute(< > bbbold ç & )\n";
+print dolPrintHTMLForAttribute("< > bbbold ç &");
print "\n";
-print ">>> dolPrintHTMLForAttribute(eée < > bbbold ç)\n";
-print dolPrintHTMLForAttribute("eée < > bbbold ç");
+print ">>> dolPrintHTMLForAttribute(< > bbbold ç &)\n";
+print dolPrintHTMLForAttribute("< > bbbold ç &");
print "\n";
print '>>> dolPrintHtmlForattribute(<script>alert("azerty")</script>)'."\n";
print dolPrintHTMLForAttribute('<script>alert("azerty")</script>');