[Noalyss-commit] [noalyss] 175/218: mantis #1690: Bug : impossible d'uti

noalyss-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Noalyss-commit] [noalyss] 175/218: mantis #1690: Bug : impossible d'uti

From:	Dany De Bontridder
Subject:	[Noalyss-commit] [noalyss] 175/218: mantis #1690: Bug : impossible d'utiliser < dans Inplace_Edit Use base64_decode to protect the string in serialize
Date:	Thu, 12 Sep 2019 15:59:04 -0400 (EDT)

sparkyx pushed a commit to branch entreprise
in repository noalyss.

commit bf6d515f246899583b646a37f44d3c3203fc94fd
Author: Dany De Bontridder <address@hidden>
Date:   Sun Jan 27 21:04:52 2019 +0100

    mantis #1690: Bug : impossible d'utiliser < dans Inplace_Edit
    Use base64_decode to protect the string in serialize
---
 include/ajax/ajax_anc_plan.php     |  1 +
 include/lib/inplace_edit.class.php | 15 +++++++--------
 scenario/inplace_edit.test.php     |  1 +
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/include/ajax/ajax_anc_plan.php b/include/ajax/ajax_anc_plan.php
index 88115cb..d839be0 100644
--- a/include/ajax/ajax_anc_plan.php
+++ b/include/ajax/ajax_anc_plan.php
@@ -33,6 +33,7 @@ if ( $g_user->check_module("PLANANC ") ) die("forbidden");
 $input = $http->request("input");
 $action = $http->request("ieaction", "string", "display");
 $pa_id=$http->post("id","number");
+
 $answer = Inplace_Edit::build($input);
 $answer->add_json_param("gDossier", Dossier::id());
 $answer->set_callback("ajax_misc.php");
diff --git a/include/lib/inplace_edit.class.php 
b/include/lib/inplace_edit.class.php
index 5d869ca..3913757 100644
--- a/include/lib/inplace_edit.class.php
+++ b/include/lib/inplace_edit.class.php
@@ -53,16 +53,15 @@ class Inplace_Edit
      */
     function __construct(HtmlInput $p_input) {
         $this->input=$p_input;
-        $x["input"]=serialize($p_input);
-        $this->json=json_encode($x, 
JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES|JSON_NUMERIC_CHECK);
+        $x["input"]=base64_encode(serialize($p_input));
+        $this->json=json_encode($x, JSON_HEX_TAG | JSON_HEX_APOS | 
JSON_HEX_QUOT | JSON_HEX_AMP 
|JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES|JSON_NUMERIC_CHECK);
         $this->message=_("Cliquez pour éditer");
     }
     ///@brief build a Inplace_Edit object from
     /// a serialized string (ajax json parameter = input)
     static function build($p_serialize)
     {
-        
-        $input=  unserialize($p_serialize);
+        $input=  unserialize(base64_decode($p_serialize));
         $obj=new Inplace_Edit($input);
         return $obj;
     }
@@ -170,7 +169,7 @@ EOF;
     function add_json_param($p_attribute,$p_value) {
         $x=json_decode($this->json,TRUE);
         $x[$p_attribute]=$p_value;
-        $this->json=json_encode($x, 
JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES|JSON_NUMERIC_CHECK);
+        $this->json=json_encode($x, JSON_HEX_TAG | JSON_HEX_APOS | 
JSON_HEX_QUOT | JSON_HEX_AMP 
|JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES|JSON_NUMERIC_CHECK);
     }
     /**
      * \brief return the HtmlObject , var input
@@ -187,8 +186,8 @@ EOF;
     function set_input(HtmlInput $p_input) {
         $this->input = $p_input;
         $x=json_decode($this->json,TRUE);
-        $x["input"]=serialize($p_input);
-        $this->json=json_encode($x, 
JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES|JSON_NUMERIC_CHECK);
+        $x["input"]=base64_encode(serialize($p_input));
+        $this->json=json_encode($x, JSON_HEX_TAG | JSON_HEX_APOS | 
JSON_HEX_QUOT | JSON_HEX_AMP 
|JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES|JSON_NUMERIC_CHECK);
     }
     /**
      * Set the value of the HtmlInput object $input
@@ -196,7 +195,7 @@ EOF;
      */
     function set_value($p_value) {
         $input=$this->get_input();
-        $this->input->set_value(strip_tags($p_value));
+        $this->input->set_value($p_value);
         $this->set_input($input);
     }
     /**
diff --git a/scenario/inplace_edit.test.php b/scenario/inplace_edit.test.php
index c3d3a83..aa5261a 100644
--- a/scenario/inplace_edit.test.php
+++ b/scenario/inplace_edit.test.php
@@ -29,6 +29,7 @@ require_once NOALYSS_INCLUDE . '/lib/itext.class.php';
 require_once NOALYSS_INCLUDE . '/lib/inum.class.php';
 require_once NOALYSS_INCLUDE . '/lib/inplace_edit.class.php';
 if (!isset($_REQUEST["TestAjaxFile"])) {
+    html_page_start();
     echo h1(_("Test Inplace_Edit"));
     /***********************************************
      * If TestAjaxFile is not set it is not a ajax call

[Prev in Thread]

Current Thread

[Next in Thread]

[Noalyss-commit] [noalyss] 95/218: currency : adapt for FIN, (continued)
- [Noalyss-commit] [noalyss] 95/218: currency : adapt for FIN, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 122/218: Currency : display correctly the saldo at the end / beginning operation, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 136/218: Translation, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 115/218: Currency : ledger printing for FIN + detail operation, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 143/218: Currency : precision 6, display default currency , protect used currency against delete, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 149/218: Currency : purchase, save all detail also in currency, fix problem with the advance payment, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 151/218: Task #1660 : place the button for the inventory on the top, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 157/218: Merge branch 'r700-currency' of gitlab.noalyss.eu:noalyss/noalyss into r700-currency, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 75/218: Improve waiting box, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 171/218: Mantis #0001666: Export CSV depuis histo ne filtre pas par journal, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 175/218: mantis #1690: Bug : impossible d'utiliser < dans Inplace_Edit Use base64_decode to protect the string in serialize, Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 194/218: TEST : fix some little bugs, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 199/218: Merge with dev7109, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 215/218: Improve Doxygen, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 217/218: Mantis #0001442: CA - facilité de manipulation - effacement Button for cleaning detail analytique in operation, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 187/218: Wrong merge broke fiche.class.php, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 205/218: Merge branch 'dev7109' into entreprise, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 211/218: Periode : order by date asc, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 156/218: Merge branch 'r700-currency' of gitlab.noalyss.eu:noalyss/noalyss into r700-currency, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 163/218: PHP 7.2 mistyped command, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 153/218: Fix problem with total in balance export, Dany De Bontridder, 2019/09/12

Prev by Date: [Noalyss-commit] [noalyss] 171/218: Mantis #0001666: Export CSV depuis histo ne filtre pas par journal
Next by Date: [Noalyss-commit] [noalyss] 194/218: TEST : fix some little bugs
Previous by thread: [Noalyss-commit] [noalyss] 171/218: Mantis #0001666: Export CSV depuis histo ne filtre pas par journal
Next by thread: [Noalyss-commit] [noalyss] 194/218: TEST : fix some little bugs
Index(es):
- Date
- Thread