Fix GH-11: HTML silently removed with Dolibarr 13+
The behaviour of GETPOST(..., 'alpha') changed with Dolibarr 13, copying 'alphanohtml'. Unfortunately, there is no retro-compatible option. Thus the 'none' filter seems the better call since there doesn't seem to have any big attack involving emails' body (except HTML+JS...) For the next big version, maybe use the 'restricthtml' filter, but it only appeared in Dolibarr 12.
This commit is contained in:
parent
44c54ab3f7
commit
e1ac0a6d69
1 changed files with 2 additions and 2 deletions
|
@ -146,8 +146,8 @@ do {
|
|||
$mailObject->sendcc_free = GETPOST('sendcc_free', 'alpha');
|
||||
$mailObject->sendcc_thirdparty = in_array('thirdparty', GETPOST('sendcc_socpeople', 'array'));
|
||||
|
||||
$mailObject->subject = GETPOST('subject', 'alpha');
|
||||
$mailObject->body = GETPOST('body', 'alpha');
|
||||
$mailObject->subject = GETPOST('subject', 'none');
|
||||
$mailObject->body = GETPOST('body', 'none');
|
||||
$mailObject->body_ishtml = (int)GETPOST('body_ishtml', 'int');
|
||||
|
||||
// Save into database
|
||||
|
|
Loading…
Reference in a new issue