[Noalyss-commit] [noalyss] 16/23: IText : protect against Quote and Doub

noalyss-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Noalyss-commit] [noalyss] 16/23: IText : protect against Quote and Doub

From:	Dany De Bontridder
Subject:	[Noalyss-commit] [noalyss] 16/23: IText : protect against Quote and Double Quote
Date:	Tue, 24 Nov 2020 14:22:43 -0500 (EST)

sparkyx pushed a commit to branch master
in repository noalyss.

commit 4ff9782a1f0c003d8cbc6461ec8a00bdcbfad1ef
Author: sparkyx <danydb@noalyss.eu>
AuthorDate: Sat Nov 14 19:40:03 2020 +0100

    IText : protect against Quote and Double Quote
---
 include/lib/itext.class.php | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/include/lib/itext.class.php b/include/lib/itext.class.php
index e74c238..fdbd114 100644
--- a/include/lib/itext.class.php
+++ b/include/lib/itext.class.php
@@ -48,7 +48,6 @@ class IText extends HtmlInput
 
         $t= 'title="'.$this->title.'" ';
         $autofocus=($this->autofocus)?" autofocus ":"";
-        $this->value=str_replace('"','',$this->value);
         $require=($this->require)?"required":"";
         if ( ! isset ($this->css_size))
         {
@@ -58,7 +57,7 @@ class IText extends HtmlInput
                     ',$this->style,
                     $this->id,
                     $this->name,
-                    htmlentities($this->value, ENT_COMPAT, "UTF-8"),
+                    htmlentities($this->value, ENT_COMPAT|ENT_QUOTES, "UTF-8"),
                     $this->placeholder,
                     $this->title,
                     $this->size,
@@ -73,7 +72,7 @@ class IText extends HtmlInput
                     ',$this->style,
                     $this->id,
                     $this->name,
-                    htmlentities($this->value, ENT_COMPAT, "UTF-8"),
+                     htmlentities($this->value, ENT_COMPAT|ENT_QUOTES, 
"UTF-8"),
                     $this->placeholder,
                     $this->title,
                     $this->css_size,
@@ -98,7 +97,7 @@ class IText extends HtmlInput
         $extra=(isset($this->extra))?$this->extra:"";
 
         $readonly=" readonly ";
-        $this->value=str_replace('"','',$this->value);
+        htmlentities($this->value, ENT_COMPAT|ENT_QUOTES, "UTF-8"),
                 $this->style=' class="input_text_ro" ';
          if ( ! isset ($this->css_size))
         {

[Prev in Thread]

Current Thread

[Next in Thread]

[Noalyss-commit] [noalyss] 01/23: Security administration : add a confirmation with generate random string and record it in audit, (continued)
- [Noalyss-commit] [noalyss] 01/23: Security administration : add a confirmation with generate random string and record it in audit, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 04/23: Security, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 05/23: Version 8.0, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 08/23: Security remove direct access to $_REQUEST, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 06/23: Follow-up : list , the name is a tip, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 15/23: fixup! Translate , make failed chrome because of HTML in javascript message, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 17/23: Typo, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 20/23: Fix: template doesn't delete LOB files, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 09/23: IText require , used for admin and password, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 07/23: ANCGL : export CSV add the date of payment, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 16/23: IText : protect against Quote and Double Quote, Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 18/23: Merge branch 'dev8000', Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 13/23: Translate , make failed chrome because of HTML in javascript message, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 21/23: CfgPlugin : improve trace, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 19/23: Bug Securimage : fix if session is expired then $code is undefined, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 22/23: Merge branch 'dev8001', Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 23/23: IText , remove double-quote, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 10/23: typo, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 11/23: Small typo, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 12/23: Correct language for Chrome, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 14/23: Bug : Follow Up returns to list, Dany De Bontridder, 2020/11/24

Prev by Date: [Noalyss-commit] [noalyss] 07/23: ANCGL : export CSV add the date of payment
Next by Date: [Noalyss-commit] [noalyss] 18/23: Merge branch 'dev8000'
Previous by thread: [Noalyss-commit] [noalyss] 07/23: ANCGL : export CSV add the date of payment
Next by thread: [Noalyss-commit] [noalyss] 18/23: Merge branch 'dev8000'
Index(es):
- Date
- Thread