FIX #11638 TIME 0:10 security type and entity tree

apps/maarch_entreprise/class/class_types_Abstract.php

@@ -75,13 +75,12 @@ abstract class types_Abstract extends database
             . " dsl.css_style as style_level2 FROM " . DOCTYPES_TABLE . " d, "
             . $_SESSION['tablename']['doctypes_second_level'] . " dsl, "
             . $_SESSION['tablename']['doctypes_first_level']
-            . " dfl WHERE coll_id = ? and d.enabled = 'Y' "
+            . " dfl WHERE d.enabled = 'Y' "
             . "and d.doctypes_second_level_id = dsl.doctypes_second_level_id "
             . "and d.doctypes_first_level_id = dfl.doctypes_first_level_id "
             . "and dsl.enabled = 'Y' and dfl.enabled = 'Y' "
             . "order by dfl.doctypes_first_level_label,"
-            . "dsl.doctypes_second_level_label, d.description ",
-            array($collId)
+            . "dsl.doctypes_second_level_label, d.description "
         );
         $lastLevel1 = '';
         $nbLevel1 = 0;

apps/maarch_entreprise/indexing_searching/details.php

@@ -844,7 +844,7 @@ if ($stmt->rowCount() == 0) {
                                     } else {
                                         $inputAttr = '';
                                     }
-                                    echo "<option value='{$inputId}' {$inputAttr}>&nbsp;&nbsp;&nbsp;&nbsp;{$inputValue}</option>";
+                                    echo "<option value='{$inputId}' {$inputAttr}>&nbsp;&nbsp;&nbsp;&nbsp;".functions::xssafe($inputValue)."</option>";
                                 }
                                 echo '</optgroup>';
                             }

modules/entities/class/class_manage_entities_Abstract.php

@@ -467,8 +467,8 @@ abstract class entity_Abstract extends functions
                         $entities, 
                         array(
                             'ID' =>$line->entity_id, 
-                            'LABEL' =>  $espace . functions::show_string($line->entity_label),
-                             'SHORT_LABEL' =>$espace . functions::show_string($line->short_label), 
+                            'LABEL' =>  $espace . functions::xssafe($line->entity_label),
+                             'SHORT_LABEL' =>$espace . functions::xssafe($line->short_label), 
                              'KEYWORD' => false,
                              'DISABLED' => false,
                         )
@@ -478,8 +478,8 @@ abstract class entity_Abstract extends functions
                         $entities, 
                         array(
                             'ID' =>$line->entity_id, 
-                            'LABEL' =>  $espace . functions::show_string($line->entity_label),
-                             'SHORT_LABEL' =>$espace . functions::show_string($line->short_label), 
+                            'LABEL' =>  $espace . functions::xssafe($line->entity_label),
+                             'SHORT_LABEL' =>$espace . functions::xssafe($line->short_label), 
                              'KEYWORD' => false,
                              'DISABLED' => true,
                         )
@@ -603,9 +603,9 @@ abstract class entity_Abstract extends functions
                         array_push(
                             $entities, 
                             array(
-                                'ID' =>$parent[$i]['ENTITY_ID'], 'LABEL' => 
-                                $this->show_string($parent[$i]['ENTITY_LABEL']), 
-                                'SHORT_LABEL' => $this->show_string($parent[$i]['SHORT_LABEL']), 
+                                'ID' =>$parent[$i]['ENTITY_ID'], 
+                                'LABEL' => functions::xssafe($parent[$i]['ENTITY_LABEL']), 
+                                'SHORT_LABEL' => functions::xssafe($parent[$i]['SHORT_LABEL']), 
                                 'KEYWORD' => false,
                                 'DISABLED' => false,
                             )