Merge remote-tracking branch 'origin/support/2.7' into support/3.0

# Conflicts: # application/dashlet.class.inc.php # pages/ajax.render.php # pages/csvimport.php # test/phpunit.xml.dist
2026-04-24 02:58:43 +02:00 · 2022-05-18 10:38:50 +02:00
parent 3d04cf1cd6 534e7cf59d
commit 87f606f768
13 changed files with 91 additions and 25 deletions
--- a/application/dashlet.class.inc.php
+++ b/application/dashlet.class.inc.php
@@ -262,7 +262,7 @@ abstract class Dashlet
 			}
 		} catch (OqlException $e) {
 			$oDashletContainer->AddCSSClass("dashlet-content");
-			$oDashletContainer->AddHtml('<p>'.$e->GetUserFriendlyDescription().'</p>');
+			$oDashletContainer->AddHtml('<p>'.utils::HtmlEntities($e->GetUserFriendlyDescription()).'</p>');
 		} catch (Exception $e) {
 			$oDashletContainer->AddCSSClass("dashlet-content");
 			$oDashletContainer->AddHtml('<p>'.$e->getMessage().'</p>');
--- a/application/utils.inc.php
+++ b/application/utils.inc.php
@@ -454,6 +454,11 @@ class utils
 				$retValue = preg_replace('/[^a-zA-Z0-9_]/', '', $value);
 				break;

+			// For URL
+			case 'url':
+				$retValue = filter_var($value, FILTER_SANITIZE_URL);
+				break;
+
 			default:
 			case static::ENUM_SANITIZATION_FILTER_RAW_DATA:
 				$retValue = $value;