diff --git a/htdocs/accountancy/admin/fiscalyear_card.php b/htdocs/accountancy/admin/fiscalyear_card.php index 7e1d4fc7f87..3d7cd6b0185 100644 --- a/htdocs/accountancy/admin/fiscalyear_card.php +++ b/htdocs/accountancy/admin/fiscalyear_card.php @@ -46,7 +46,7 @@ $dol_openinpopup = GETPOST('dol_openinpopup', 'aZ09'); if (!empty($backtopagejsfields)) { $tmpbacktopagejsfields = explode(':', $backtopagejsfields); - $dol_openinpopup = $tmpbacktopagejsfields[0]; + $dol_openinpopup = preg_replace('/[^a-z0-9_]/i', '', $tmpbacktopagejsfields[0]); } $error = 0; diff --git a/htdocs/bookcal/calendar_card.php b/htdocs/bookcal/calendar_card.php index 55884aecaea..017ef34be5e 100644 --- a/htdocs/bookcal/calendar_card.php +++ b/htdocs/bookcal/calendar_card.php @@ -51,7 +51,7 @@ $dol_openinpopup = GETPOST('dol_openinpopup', 'aZ09'); if (!empty($backtopagejsfields)) { $tmpbacktopagejsfields = explode(':', $backtopagejsfields); - $dol_openinpopup = $tmpbacktopagejsfields[0]; + $dol_openinpopup = preg_replace('/[^a-z0-9_]/i', '', $tmpbacktopagejsfields[0]); } // Initialize technical objects diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 3b3816446e9..afcf4a94d52 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -11113,11 +11113,11 @@ class Form $retstring .= $withoutdiv ? '' : ''; if ($dol_openinpopup) { - $retstring .= '' . "\n"; + $retstring .= '' . "\n"; $retstring .= ''; } diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index 037d3abc38c..1cca16368ea 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -102,7 +102,7 @@ $dol_openinpopup = GETPOST('dol_openinpopup', 'aZ09'); if (!empty($backtopagejsfields)) { $tmpbacktopagejsfields = explode(':', $backtopagejsfields); - $dol_openinpopup = $tmpbacktopagejsfields[0]; + $dol_openinpopup = preg_replace('/[^a-z0-9_]/i', '', $tmpbacktopagejsfields[0]); } // Initialize technical objects diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index 588bc575d67..2f0fa2d7e6a 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -56,10 +56,10 @@ $backtopagejsfields = GETPOST('backtopagejsfields', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); $confirm = GETPOST('confirm', 'aZ09'); -$dol_openinpopup = 0; +$dol_openinpopup = ''; if (!empty($backtopagejsfields)) { $tmpbacktopagejsfields = explode(':', $backtopagejsfields); - $dol_openinpopup = $tmpbacktopagejsfields[0]; + $dol_openinpopup = preg_replace('/[^a-z0-9_]/i', '', $tmpbacktopagejsfields[0]); } $status = GETPOSTINT('status'); diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index 80b6ca30348..19f08e3c824 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -109,7 +109,7 @@ $confirm = GETPOST('confirm', 'alpha'); $dol_openinpopup = ''; if (!empty($backtopagejsfields)) { $tmpbacktopagejsfields = explode(':', $backtopagejsfields); - $dol_openinpopup = $tmpbacktopagejsfields[0]; + $dol_openinpopup = preg_replace('/[^a-z0-9_]/i', '', $tmpbacktopagejsfields[0]); } $socid = GETPOSTINT('socid') ? GETPOSTINT('socid') : GETPOSTINT('id'); diff --git a/htdocs/workstation/workstation_card.php b/htdocs/workstation/workstation_card.php index 9ad7fd7154b..56cd602e2a1 100644 --- a/htdocs/workstation/workstation_card.php +++ b/htdocs/workstation/workstation_card.php @@ -52,7 +52,7 @@ $dol_openinpopup = GETPOST('dol_openinpopup', 'aZ09'); if (!empty($backtopagejsfields)) { $tmpbacktopagejsfields = explode(':', $backtopagejsfields); - $dol_openinpopup = $tmpbacktopagejsfields[0]; + $dol_openinpopup = preg_replace('/[^a-z0-9_]/i', '', $tmpbacktopagejsfields[0]); } $groups = GETPOST('groups', 'array:int');