[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 16/23: IText : protect against Quote and Doub
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 16/23: IText : protect against Quote and Double Quote |
Date: |
Tue, 24 Nov 2020 14:22:43 -0500 (EST) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 4ff9782a1f0c003d8cbc6461ec8a00bdcbfad1ef
Author: sparkyx <danydb@noalyss.eu>
AuthorDate: Sat Nov 14 19:40:03 2020 +0100
IText : protect against Quote and Double Quote
---
include/lib/itext.class.php | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/include/lib/itext.class.php b/include/lib/itext.class.php
index e74c238..fdbd114 100644
--- a/include/lib/itext.class.php
+++ b/include/lib/itext.class.php
@@ -48,7 +48,6 @@ class IText extends HtmlInput
$t= 'title="'.$this->title.'" ';
$autofocus=($this->autofocus)?" autofocus ":"";
- $this->value=str_replace('"','',$this->value);
$require=($this->require)?"required":"";
if ( ! isset ($this->css_size))
{
@@ -58,7 +57,7 @@ class IText extends HtmlInput
',$this->style,
$this->id,
$this->name,
- htmlentities($this->value, ENT_COMPAT, "UTF-8"),
+ htmlentities($this->value, ENT_COMPAT|ENT_QUOTES, "UTF-8"),
$this->placeholder,
$this->title,
$this->size,
@@ -73,7 +72,7 @@ class IText extends HtmlInput
',$this->style,
$this->id,
$this->name,
- htmlentities($this->value, ENT_COMPAT, "UTF-8"),
+ htmlentities($this->value, ENT_COMPAT|ENT_QUOTES,
"UTF-8"),
$this->placeholder,
$this->title,
$this->css_size,
@@ -98,7 +97,7 @@ class IText extends HtmlInput
$extra=(isset($this->extra))?$this->extra:"";
$readonly=" readonly ";
- $this->value=str_replace('"','',$this->value);
+ htmlentities($this->value, ENT_COMPAT|ENT_QUOTES, "UTF-8"),
$this->style=' class="input_text_ro" ';
if ( ! isset ($this->css_size))
{
- [Noalyss-commit] [noalyss] 01/23: Security administration : add a confirmation with generate random string and record it in audit, (continued)
- [Noalyss-commit] [noalyss] 01/23: Security administration : add a confirmation with generate random string and record it in audit, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 04/23: Security, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 05/23: Version 8.0, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 08/23: Security remove direct access to $_REQUEST, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 06/23: Follow-up : list , the name is a tip, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 15/23: fixup! Translate , make failed chrome because of HTML in javascript message, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 17/23: Typo, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 20/23: Fix: template doesn't delete LOB files, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 09/23: IText require , used for admin and password, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 07/23: ANCGL : export CSV add the date of payment, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 16/23: IText : protect against Quote and Double Quote,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 18/23: Merge branch 'dev8000', Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 13/23: Translate , make failed chrome because of HTML in javascript message, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 21/23: CfgPlugin : improve trace, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 19/23: Bug Securimage : fix if session is expired then $code is undefined, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 22/23: Merge branch 'dev8001', Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 23/23: IText , remove double-quote, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 10/23: typo, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 11/23: Small typo, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 12/23: Correct language for Chrome, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 14/23: Bug : Follow Up returns to list, Dany De Bontridder, 2020/11/24