Fix GH-11: HTML silently removed with Dolibarr 13+

The behaviour of GETPOST(..., 'alpha') changed with Dolibarr 13, copying
'alphanohtml'. Unfortunately, there is no retro-compatible option. Thus the
'none' filter seems the better call since there doesn't seem to have any big
attack involving emails' body (except HTML+JS...)

For the next big version, maybe use the 'restricthtml' filter, but it only
appeared in Dolibarr 12.
This commit is contained in:
Chl 2024-08-17 21:27:57 +02:00
parent 44c54ab3f7
commit e1ac0a6d69

View file

@ -146,8 +146,8 @@ do {
$mailObject->sendcc_free = GETPOST('sendcc_free', 'alpha');
$mailObject->sendcc_thirdparty = in_array('thirdparty', GETPOST('sendcc_socpeople', 'array'));
$mailObject->subject = GETPOST('subject', 'alpha');
$mailObject->body = GETPOST('body', 'alpha');
$mailObject->subject = GETPOST('subject', 'none');
$mailObject->body = GETPOST('body', 'none');
$mailObject->body_ishtml = (int)GETPOST('body_ishtml', 'int');
// Save into database