Merge pull request #8537 from atm-arnaud/FIX_8023_missing_escape_htmltag

FIX #8023
2025-02-20 13:46:52 +01:00 · 2018-04-11 16:25:33 +02:00 · 2018-04-11 16:25:33 +02:00 · b732844e91
commit b732844e91
parent c392b9b8ef 628b437e28
1 changed files with 2 additions and 2 deletions
--- a/htdocs/compta/bank/card.php
+++ b/htdocs/compta/bank/card.php
@ -845,11 +845,11 @@ else

 		// Ref
 		print '<tr><td class="fieldrequired titlefieldcreate">'.$langs->trans("Ref").'</td>';
-		print '<td><input size="8" type="text" class="flat" name="ref" value="'.(isset($_POST["ref"])?GETPOST("ref"):$object->ref).'"></td></tr>';
+		print '<td><input size="8" type="text" class="flat" name="ref" value="'.dol_escape_htmltag(isset($_POST["ref"])?GETPOST("ref"):$object->ref).'"></td></tr>';

 		// Label
        print '<tr><td class="fieldrequired">'.$langs->trans("Label").'</td>';
-        print '<td><input type="text" class="flat minwidth300" name="label" value="'.(isset($_POST["label"])?GETPOST("label"):$object->label).'"></td></tr>';
+        print '<td><input type="text" class="flat minwidth300" name="label" value="'.dol_escape_htmltag(isset($_POST["label"])?GETPOST("label"):$object->label).'"></td></tr>';

        // Type
        print '<tr><td class="fieldrequired">'.$langs->trans("AccountType").'</td>';