From 7d61609462e4035727b355ca0384846589450674 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 17 Aug 2021 13:08:03 +0200
Subject: [PATCH] FIX #yogosha6907

---
 htdocs/core/lib/barcode.lib.php                      |  8 +++-----
 .../core/modules/barcode/doc/phpbarcode.modules.php  |  6 +++---
 .../modules/barcode/doc/tcpdfbarcode.modules.php     |  2 +-
 htdocs/viewimage.php                                 | 12 ++++++++----
 4 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/htdocs/core/lib/barcode.lib.php b/htdocs/core/lib/barcode.lib.php
index 54bbc0a7666..12022ed178c 100644
--- a/htdocs/core/lib/barcode.lib.php
+++ b/htdocs/core/lib/barcode.lib.php
@@ -20,7 +20,7 @@
 
 /**
  *	\file       htdocs/core/lib/barcode.lib.php
- *	\brief      Set of functions used for barcode generation
+ *	\brief      Set of functions used for barcode generation (internal lib, also code 'phpbarcode')
  *	\ingroup    core
  */
 
@@ -69,7 +69,7 @@ if (defined('PHP-BARCODE_PATH_COMMAND')) {
  * Print barcode
  *
  * @param	string	       $code		Code
- * @param	string	       $encoding	Encoding
+ * @param	string	       $encoding	Encoding ('EAN13', 'ISBN', 'C128', 'UPC', 'CBR', 'QRCODE', 'DATAMATRIX', 'ANY'...)
  * @param	integer	       $scale		Scale
  * @param	string	       $mode		'png' or 'jpg' ...
  * @return	array|string   $bars		array('encoding': the encoding which has been used, 'bars': the bars, 'text': text-positioning info) or string with error message
@@ -149,12 +149,10 @@ function barcode_encode($code, $encoding)
 		dol_syslog("barcode.lib.php::barcode_encode Use genbarcode ".$genbarcode_loc." code=".$code." encoding=".$encoding);
 		$bars = barcode_encode_genbarcode($code, $encoding);
 	} else {
-		print "barcode_encode needs an external programm for encodings other then EAN/ISBN (code=".$code.", encoding=".$encoding.")<BR>\n";
+		print "barcode_encode needs an external program for encodings other then EAN/ISBN (code=".dol_escape_htmltag($code).", encoding=".dol_escape_htmltag($encoding).")<BR>\n";
 		print "<UL>\n";
 		print "<LI>download gnu-barcode from <A href=\"https://www.gnu.org/software/barcode/\">www.gnu.org/software/barcode/</A>\n";
 		print "<LI>compile and install them\n";
-		print "<LI>download genbarcode from <A href=\"http://www.ashberg.de/bar/\">www.ashberg.de/bar/</A>\n";
-		print "<LI>compile and install them\n";
 		print "<LI>specify path the genbarcode in barcode module setup\n";
 		print "</UL>\n";
 		print "<BR>\n";
diff --git a/htdocs/core/modules/barcode/doc/phpbarcode.modules.php b/htdocs/core/modules/barcode/doc/phpbarcode.modules.php
index fe36f7604c2..443e3f436f8 100644
--- a/htdocs/core/modules/barcode/doc/phpbarcode.modules.php
+++ b/htdocs/core/modules/barcode/doc/phpbarcode.modules.php
@@ -20,7 +20,7 @@
 /**
  *	\file       htdocs/core/modules/barcode/doc/phpbarcode.modules.php
  *	\ingroup    barcode
- *	\brief      File with class to generate barcode images using php barcode generator
+ *	\brief      File with class to generate barcode images using php internal lib barcode generator
  */
 
 require_once DOL_DOCUMENT_ROOT.'/core/modules/barcode/modules_barcode.class.php';
@@ -126,7 +126,7 @@ class modPhpbarcode extends ModeleBarCode
 	 *
 	 *	@param	string   	$code			  Value to encode
 	 *	@param  string	 	$encoding		  Mode of encoding
-	 *	@param  string	 	$readable		  Code can be read
+	 *	@param  string	 	$readable		  Code can be read (What is this ? is this used ?)
 	 *	@param	integer		$scale			  Scale
 	 *  @param  integer     $nooutputiferror  No output if error
 	 *	@return	int							  <0 if KO, >0 if OK
@@ -163,7 +163,7 @@ class modPhpbarcode extends ModeleBarCode
 		if (!is_array($result)) {
 			$this->error = $result;
 			if (empty($nooutputiferror)) {
-				print $this->error;
+				print dol_escape_htmltag($this->error);
 			}
 			return -1;
 		}
diff --git a/htdocs/core/modules/barcode/doc/tcpdfbarcode.modules.php b/htdocs/core/modules/barcode/doc/tcpdfbarcode.modules.php
index df9ec39546d..ed32667a67e 100644
--- a/htdocs/core/modules/barcode/doc/tcpdfbarcode.modules.php
+++ b/htdocs/core/modules/barcode/doc/tcpdfbarcode.modules.php
@@ -100,7 +100,7 @@ class modTcpdfbarcode extends ModeleBarCode
 	 *
 	 *	@param	   string	    $code		      Value to encode
 	 *	@param	   string	    $encoding	      Mode of encoding
-	 *	@param	   string	    $readable	      Code can be read
+	 *	@param	   string	    $readable	      Code can be read (What is this ? is this used ?)
 	 *	@param	   integer		$scale			  Scale (not used with this engine)
 	 *  @param     integer      $nooutputiferror  No output if error (not used with this engine)
 	 *	@return	   int			                  <0 if KO, >0 if OK
diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php
index e01bad39d77..9c584f5b8bb 100644
--- a/htdocs/viewimage.php
+++ b/htdocs/viewimage.php
@@ -282,10 +282,14 @@ if (preg_match('/\.\./', $fullpath_original_file) || preg_match('/[<>|]/', $full
 
 
 if ($modulepart == 'barcode') {
-	$generator = GETPOST("generator", "alpha");
-	$code = GETPOST("code", 'none'); // This can be rich content (qrcode, datamatrix, ...)
-	$encoding = GETPOST("encoding", "alpha");
-	$readable = GETPOST("readable", 'alpha') ?GETPOST("readable", "alpha") : "Y";
+	$generator = GETPOST("generator", "aZ09");
+	$encoding = GETPOST("encoding", "aZ09");
+	$readable = GETPOST("readable", 'aZ09') ? GETPOST("readable", "aZ09") : "Y";
+	if (in_array($encoding, array('EAN8', 'EAN13'))) {
+		$code = GETPOST("code", 'alphanohtml');
+	} else {
+		$code = GETPOST("code", 'none'); // This can be rich content (qrcode, datamatrix, ...)
+	}
 
 	if (empty($generator) || empty($encoding)) {
 		print 'Error: Parameter "generator" or "encoding" not defined';