[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 55/173: mantis #1690: Bug : impossible d'util
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 55/173: mantis #1690: Bug : impossible d'utiliser < dans Inplace_Edit Use base64_decode to protect the string in serialize |
Date: |
Mon, 22 Mar 2021 12:58:40 -0400 (EDT) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit bf6d515f246899583b646a37f44d3c3203fc94fd
Author: Dany De Bontridder <dany@alchimerys.be>
AuthorDate: Sun Jan 27 21:04:52 2019 +0100
mantis #1690: Bug : impossible d'utiliser < dans Inplace_Edit
Use base64_decode to protect the string in serialize
---
include/ajax/ajax_anc_plan.php | 1 +
include/lib/inplace_edit.class.php | 15 +++++++--------
scenario/inplace_edit.test.php | 1 +
3 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/include/ajax/ajax_anc_plan.php b/include/ajax/ajax_anc_plan.php
index 88115cb..d839be0 100644
--- a/include/ajax/ajax_anc_plan.php
+++ b/include/ajax/ajax_anc_plan.php
@@ -33,6 +33,7 @@ if ( $g_user->check_module("PLANANC ") ) die("forbidden");
$input = $http->request("input");
$action = $http->request("ieaction", "string", "display");
$pa_id=$http->post("id","number");
+
$answer = Inplace_Edit::build($input);
$answer->add_json_param("gDossier", Dossier::id());
$answer->set_callback("ajax_misc.php");
diff --git a/include/lib/inplace_edit.class.php
b/include/lib/inplace_edit.class.php
index 5d869ca..3913757 100644
--- a/include/lib/inplace_edit.class.php
+++ b/include/lib/inplace_edit.class.php
@@ -53,16 +53,15 @@ class Inplace_Edit
*/
function __construct(HtmlInput $p_input) {
$this->input=$p_input;
- $x["input"]=serialize($p_input);
- $this->json=json_encode($x,
JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES|JSON_NUMERIC_CHECK);
+ $x["input"]=base64_encode(serialize($p_input));
+ $this->json=json_encode($x, JSON_HEX_TAG | JSON_HEX_APOS |
JSON_HEX_QUOT | JSON_HEX_AMP
|JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES|JSON_NUMERIC_CHECK);
$this->message=_("Cliquez pour éditer");
}
///@brief build a Inplace_Edit object from
/// a serialized string (ajax json parameter = input)
static function build($p_serialize)
{
-
- $input= unserialize($p_serialize);
+ $input= unserialize(base64_decode($p_serialize));
$obj=new Inplace_Edit($input);
return $obj;
}
@@ -170,7 +169,7 @@ EOF;
function add_json_param($p_attribute,$p_value) {
$x=json_decode($this->json,TRUE);
$x[$p_attribute]=$p_value;
- $this->json=json_encode($x,
JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES|JSON_NUMERIC_CHECK);
+ $this->json=json_encode($x, JSON_HEX_TAG | JSON_HEX_APOS |
JSON_HEX_QUOT | JSON_HEX_AMP
|JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES|JSON_NUMERIC_CHECK);
}
/**
* \brief return the HtmlObject , var input
@@ -187,8 +186,8 @@ EOF;
function set_input(HtmlInput $p_input) {
$this->input = $p_input;
$x=json_decode($this->json,TRUE);
- $x["input"]=serialize($p_input);
- $this->json=json_encode($x,
JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES|JSON_NUMERIC_CHECK);
+ $x["input"]=base64_encode(serialize($p_input));
+ $this->json=json_encode($x, JSON_HEX_TAG | JSON_HEX_APOS |
JSON_HEX_QUOT | JSON_HEX_AMP
|JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES|JSON_NUMERIC_CHECK);
}
/**
* Set the value of the HtmlInput object $input
@@ -196,7 +195,7 @@ EOF;
*/
function set_value($p_value) {
$input=$this->get_input();
- $this->input->set_value(strip_tags($p_value));
+ $this->input->set_value($p_value);
$this->set_input($input);
}
/**
diff --git a/scenario/inplace_edit.test.php b/scenario/inplace_edit.test.php
index c3d3a83..aa5261a 100644
--- a/scenario/inplace_edit.test.php
+++ b/scenario/inplace_edit.test.php
@@ -29,6 +29,7 @@ require_once NOALYSS_INCLUDE . '/lib/itext.class.php';
require_once NOALYSS_INCLUDE . '/lib/inum.class.php';
require_once NOALYSS_INCLUDE . '/lib/inplace_edit.class.php';
if (!isset($_REQUEST["TestAjaxFile"])) {
+ html_page_start();
echo h1(_("Test Inplace_Edit"));
/***********************************************
* If TestAjaxFile is not set it is not a ajax call
- [Noalyss-commit] [noalyss] 37/173: Merge branch 'r700-currency' of gitlab.noalyss.eu:noalyss/noalyss into r700-currency, (continued)
- [Noalyss-commit] [noalyss] 37/173: Merge branch 'r700-currency' of gitlab.noalyss.eu:noalyss/noalyss into r700-currency, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 38/173: Merge branch 'master' of gitlab.noalyss.eu:noalyss/noalyss into r700-currency, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 39/173: Currency : because of Misc Operation, the tiers must also be saved into operation_currency. Fix also PRINTJRN for currency, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 44/173: Currency Show currency info for MISC, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 46/173: Typo, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 48/173: translation, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 49/173: Mantis #0001688: Affichage centime dans l'écran de confirmation, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 50/173: Merge branch 'r700-currency' of gitlab.noalyss.eu:noalyss/noalyss into r700-currency, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 51/173: Mantis #0001666: Export CSV depuis histo ne filtre pas par journal, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 54/173: Merge branch 'r700-currency' of gitlab.noalyss.eu:noalyss/noalyss into r700-currency, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 55/173: mantis #1690: Bug : impossible d'utiliser < dans Inplace_Edit Use base64_decode to protect the string in serialize,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 57/173: Mantis #1643: Déplacement du "bouton" «retour en-haut/calculatrice», Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 60/173: Mantis #0001614: Problème bilans , changement pour bilan ASBL, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 61/173: Mantis #1611: Problème Plan comptable - mise en évidence poste utilisés, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 62/173: Bug : CARD misplace of "Search Card", Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 63/173: Fix bug from merge, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 65/173: Merge issue : inappropriate rollback, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 66/173: Fix Inappropriate merge, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 69/173: Fiche.clasS.php fix broken merge, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 70/173: translate, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 73/173: Php7.2 incompatibility, Dany De Bontridder, 2021/03/22