From a683634a058566e116c0a56f1db85ef89d97987f Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Mon, 12 Jul 2021 14:41:26 +0200 Subject: [PATCH] =?UTF-8?q?N=C2=B04126=20Fix=20HTML=20escaped=20in=20\Setu?= =?UTF-8?q?pUtils::CheckDbServer=20messages=20As=20content=20is=20sent=20t?= =?UTF-8?q?o=20JS=20returned=20to=20the=20AJAX=20request,=20we=20need=20to?= =?UTF-8?q?=20escape=20JS=20string=20delimiter=20(single=20quote)=20We=20h?= =?UTF-8?q?ad=20previously=20a=20\utils::HtmlEntities=20call,=20but=20this?= =?UTF-8?q?=20isn't=20necessary=20as=20all=20content=20is=20generated=20in?= =?UTF-8?q?ternally,=20without=20calling=20any=20dict=20or=20extensibility?= =?UTF-8?q?=20interface.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- setup/setuputils.class.inc.php | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/setup/setuputils.class.inc.php b/setup/setuputils.class.inc.php index 565df2456..a759ee1c1 100644 --- a/setup/setuputils.class.inc.php +++ b/setup/setuputils.class.inc.php @@ -1381,30 +1381,24 @@ JS } } } - if (count($aErrors) > 0) - { - $sErrorsToDisplay = utils::HtmlEntities(implode('
', $aErrors)); + if (count($aErrors) > 0) { + $sErrorsToDisplay = str_replace('\'', '\\\'', implode('
', $aErrors)); $oPage->add_ready_script('$("#wiz_form").data("db_connection", "error");'); $oPage->add_ready_script( -<<Error:$sErrorsToDisplay'); JS ); - } - else - { - if (count($aWarnings) > 0) - { - $sWarningsToDisplay = utils::HtmlEntities(implode('
', $aWarnings)); + } else { + if (count($aWarnings) > 0) { + $sWarningsToDisplay = str_replace('\'', '\\\'', implode('
', $aWarnings)); $oPage->add_ready_script('$("#wiz_form").data("db_connection", "");'); $oPage->add_ready_script( <<Warning:$sWarningsToDisplay'); JS ); - } - else - { + } else { $oPage->add_ready_script('$("#wiz_form").data("db_connection", "");'); $oPage->add_ready_script( <<