Added double encoding for already existing HTMl entities

Added encoding into HTML-ENTITIES Added revert back into UTF-8 Changed version to 3.2.5
2018-02-01 16:01:09 +01:00
parent f6fb74ff4e
commit c5589795df
5 changed files with 39 additions and 14 deletions
--- a/front/processmaker.helpdesk.form.php
+++ b/front/processmaker.helpdesk.form.php
@@ -583,7 +583,17 @@ function processMakerShowCase( $ID, $from_helpdesk ) {

      // to change this HTML code
      $dom = new DOMDocument();
-      $dom->loadHTML($buffer, LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD | LIBXML_NOXMLDECL);
+
+      // will convert '&' to '&amp;', '<' to '&lt;' and '>' to '&gt;'
+      $buffer = htmlspecialchars($buffer, ENT_NOQUOTES);
+      // will restore '&lt;' to '<' and '&gt;' to '>'
+      // so that only the already escaped entites will get the double encoding
+      $buffer = str_replace(['&lt;', '&gt;'], ['<', '>'], $buffer);
+
+      // will convert any UTF-8 char that can't be expressed in ASCII into an HTML entity
+      $buffer = mb_convert_encoding($buffer, 'HTML-ENTITIES');
+
+      $dom->loadHTML($buffer, LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD );
      $xpath = new DOMXPath($dom);

      // hide some fields
@@ -606,8 +616,8 @@ function processMakerShowCase( $ID, $from_helpdesk ) {
         $elt->setAttribute( 'colspan', '2');
      }

-      //$res = $xpath->query('//*[@name="content"]/ancestor::tr[1]');
-      $res = $xpath->query('//*[@name="add"]/ancestor::tr[@class="tab_bg_1"]/preceding-sibling::tr[1]');
+      $res = $xpath->query('//*[@name="content"]/ancestor::tr[1]');
+      //$res = $xpath->query('//*[@name="add"]/ancestor::tr[@class="tab_bg_1"]/preceding-sibling::tr[1]');
      $table = $xpath->query('//*[@name="add"]/ancestor::table[1]');

      $tr = $table->item(0)->insertBefore(new DOMElement('tr'), $res->item(0));
@@ -634,8 +644,9 @@ function processMakerShowCase( $ID, $from_helpdesk ) {

      $buffer = $dom->saveHTML();

+      // will revert back any char converted above
+      $buffer = mb_convert_encoding($buffer, 'UTF-8', 'HTML-ENTITIES');
      echo $buffer;
-      //showFormHelpdesk($ID, $pmItem, $caseInfo);
   }

 }
--- a/inc/processmaker.class.php
+++ b/inc/processmaker.class.php
@@ -2704,4 +2704,22 @@ class PluginProcessmakerProcessmaker extends CommonDBTM {

      echo Html::scriptBlock($scriptblock);
   }
+
+   //static protected $saved_ob_level;
+
+   //static function pre_item_form_processmakerticket($item) {
+   //   self::$saved_ob_level = ob_get_level();
+   //   ob_start();
+
+   //}
+
+   //static function post_item_form_processmakerticket($item) {
+   //   $buffer = ob_get_clean();
+   //   // 9.1 only: hack to fix an issue with the initEditorSystem which calls scriptStart without calling scriptEnd
+   //   if (ob_get_level() > self::$saved_ob_level) {
+   //      $buffer = ob_get_clean().$buffer;
+   //   }
+   //   echo $buffer;
+   //}
+
 }
--- a/js/cases.helpdesk.js
+++ b/js/cases.helpdesk.js
@@ -14,6 +14,7 @@ function onClickContinue(obj) {
   }

   // call old handler if any
+   //debugger;
   if (obj != undefined && oldHandler) {
      oldHandler(obj.target);
   }
@@ -65,15 +66,10 @@ function onLoadFrame( evt, caseId, delIndex, caseNumber, processName ) {
            //debugger;

            bGLPIHideElement(linkList, 'href', 'cases_Step?TYPE=ASSIGN_TASK&UID=-1&POSITION=10000&ACTION=ASSIGN');
-
-            //buttonContinue.form.action = null; //'';
-            //if (buttonContinue.addEventListener)
-            //    buttonContinue.addEventListener("click", onClickContinue, false);
-            //else
-            //    buttonContinue.attachEvent("onclick", onClickContinue);
+            
            oldHandler = buttonContinue.onclick;
            buttonContinue.onclick = onClickContinue;
-
+            
            submitButton = $("input[name='add'][type=submit]")[0];
            submitButton.insertAdjacentHTML('beforebegin', "<input type='hidden' name='processmaker_action' value='routecase'/>");
            submitButton.insertAdjacentHTML('beforebegin', "<input type='hidden' name='processmaker_caseid' value='" + caseId + "'/>");
--- a/processmaker.xml
+++ b/processmaker.xml
@@ -23,11 +23,11 @@
   </authors>
   <versions>
      <version>
-         <num>3.2.4</num>
+         <num>3.2.5</num>
         <compatibility>9.2</compatibility>
      </version>
      <version>
-          <num>3.2.4</num>
+          <num>3.2.5</num>
          <compatibility>9.1</compatibility>
      </version>
   </versions>
--- a/setup.php
+++ b/setup.php
@@ -119,7 +119,7 @@ function plugin_version_processmaker() {
   global $LANG;

   return array ('name'           => 'Process Maker',
-                'version'        => '3.2.4',
+                'version'        => '3.2.5',
                'author'         => 'Olivier Moron',
                'homepage'       => 'https://github.com/tomolimo/processmaker',
                'minGlpiVersion' => '9.1');