diff --git a/apps/maarch_entreprise/class/class_types_Abstract.php b/apps/maarch_entreprise/class/class_types_Abstract.php
index 34a90c717c382ef2f076d2638c4b2513a2378a47..dd1cb171d148c85764a63207d80a09c50fe4bb28 100755
--- a/apps/maarch_entreprise/class/class_types_Abstract.php
+++ b/apps/maarch_entreprise/class/class_types_Abstract.php
@@ -75,13 +75,12 @@ abstract class types_Abstract extends database
. " dsl.css_style as style_level2 FROM " . DOCTYPES_TABLE . " d, "
. $_SESSION['tablename']['doctypes_second_level'] . " dsl, "
. $_SESSION['tablename']['doctypes_first_level']
- . " dfl WHERE coll_id = ? and d.enabled = 'Y' "
+ . " dfl WHERE d.enabled = 'Y' "
. "and d.doctypes_second_level_id = dsl.doctypes_second_level_id "
. "and d.doctypes_first_level_id = dfl.doctypes_first_level_id "
. "and dsl.enabled = 'Y' and dfl.enabled = 'Y' "
. "order by dfl.doctypes_first_level_label,"
- . "dsl.doctypes_second_level_label, d.description ",
- array($collId)
+ . "dsl.doctypes_second_level_label, d.description "
);
$lastLevel1 = '';
$nbLevel1 = 0;
diff --git a/apps/maarch_entreprise/indexing_searching/details.php b/apps/maarch_entreprise/indexing_searching/details.php
index 5204abf394df9dfb795460aaf57aa8d278546a81..a41e4f3e7e54791d2e06d33842e4b5c09fd3fa0c 100755
--- a/apps/maarch_entreprise/indexing_searching/details.php
+++ b/apps/maarch_entreprise/indexing_searching/details.php
@@ -844,7 +844,7 @@ if ($stmt->rowCount() == 0) {
} else {
$inputAttr = '';
}
- echo "<option value='{$inputId}' {$inputAttr}> {$inputValue}</option>";
+ echo "<option value='{$inputId}' {$inputAttr}> ".functions::xssafe($inputValue)."</option>";
}
echo '</optgroup>';
}
diff --git a/modules/entities/class/class_manage_entities_Abstract.php b/modules/entities/class/class_manage_entities_Abstract.php
index 913bb8b2c03547f8fbe1eaa81165fcf0cd1f5ed3..05defd428731658a803d6348cf77d8f1ce0ab07b 100755
--- a/modules/entities/class/class_manage_entities_Abstract.php
+++ b/modules/entities/class/class_manage_entities_Abstract.php
@@ -467,8 +467,8 @@ abstract class entity_Abstract extends functions
$entities,
array(
'ID' =>$line->entity_id,
- 'LABEL' => $espace . functions::show_string($line->entity_label),
- 'SHORT_LABEL' =>$espace . functions::show_string($line->short_label),
+ 'LABEL' => $espace . functions::xssafe($line->entity_label),
+ 'SHORT_LABEL' =>$espace . functions::xssafe($line->short_label),
'KEYWORD' => false,
'DISABLED' => false,
)
@@ -478,8 +478,8 @@ abstract class entity_Abstract extends functions
$entities,
array(
'ID' =>$line->entity_id,
- 'LABEL' => $espace . functions::show_string($line->entity_label),
- 'SHORT_LABEL' =>$espace . functions::show_string($line->short_label),
+ 'LABEL' => $espace . functions::xssafe($line->entity_label),
+ 'SHORT_LABEL' =>$espace . functions::xssafe($line->short_label),
'KEYWORD' => false,
'DISABLED' => true,
)
@@ -603,9 +603,9 @@ abstract class entity_Abstract extends functions
array_push(
$entities,
array(
- 'ID' =>$parent[$i]['ENTITY_ID'], 'LABEL' =>
- $this->show_string($parent[$i]['ENTITY_LABEL']),
- 'SHORT_LABEL' => $this->show_string($parent[$i]['SHORT_LABEL']),
+ 'ID' =>$parent[$i]['ENTITY_ID'],
+ 'LABEL' => functions::xssafe($parent[$i]['ENTITY_LABEL']),
+ 'SHORT_LABEL' => functions::xssafe($parent[$i]['SHORT_LABEL']),
'KEYWORD' => false,
'DISABLED' => false,
)