From 89d310258bfd52375fb1a54a84dfd7536861c8fc Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Thu, 9 May 2019 10:36:52 +0200 Subject: [PATCH] =?UTF-8?q?N=C2=B02198=20ReloadBlock=20call=20and=20parame?= =?UTF-8?q?ter=20escaping=20improvements=20Use=20an=20anonymous=20function?= =?UTF-8?q?=20instead=20of=20a=20string=20to=20get=20rid=20of=20a=20useles?= =?UTF-8?q?s=20level=20of=20escaping=20Use=20json=5Fencode=20instead=20of?= =?UTF-8?q?=20addslashes=20(many=20thanks=20for=20the=20tips=20@bruno-ds?= =?UTF-8?q?=20!!)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/displayblock.class.inc.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/application/displayblock.class.inc.php b/application/displayblock.class.inc.php index 2a2dcb3a8..fa707816a 100644 --- a/application/displayblock.class.inc.php +++ b/application/displayblock.class.inc.php @@ -1173,8 +1173,10 @@ EOF if (($bAutoReload) && ($this->m_sStyle != 'search')) // Search form do NOT auto-reload { // Used either for asynchronous or auto_reload - $sFilter = addslashes(str_replace("'", "\'", $this->m_oFilter->serialize())); - $sExtraParams = addslashes(str_replace("'", "\'", json_encode($aExtraParams))); + // does a json_encode twice to get a string usable as function parameter + $sFilterBefore = $this->m_oFilter->serialize(); + $sFilter = json_encode($sFilterBefore); + $sExtraParams = json_encode(json_encode($aExtraParams)); $oPage->add_script( <<m_sStyle}', '$sFilter', '$sExtraParams')", '$iReloadInterval'); + +window.oAutoReloadBlock['$sId'] = setInterval(function() { + ReloadBlock('$sId', '{$this->m_sStyle}', $sFilter, $sExtraParams); +}, '$iReloadInterval'); JS ); }