Strip out any javascript added by application and it properly to the AJAX response

This commit is contained in:
Nathan Gray 2013-07-17 09:57:50 +00:00
parent 5f0ac7a70b
commit 0bba8fd032

View File

@ -286,8 +286,16 @@ class etemplate_new extends etemplate_widget_template
}
error_log(__METHOD__."(,".array2string($content).')');
error_log(' validated='.array2string($validated));
$content = ExecMethod(self::$request->method, self::complete_array_merge(self::$request->preserv, $validated));
if (isset($GLOBALS['egw_info']['flags']['java_script']))
{
// Strip out any script tags
$GLOBALS['egw_info']['flags']['java_script'] = preg_replace(array('/(<script[^>]*>)([^<]*)/is','/<\/script>/'),array('$2',''),$GLOBALS['egw_info']['flags']['java_script']);
self::$response->script($GLOBALS['egw_info']['flags']['java_script']);
error_log($app .' added javascript to $GLOBALS[egw_info][flags][java_script] - use egw_json_response->script() instead.');
}
return ExecMethod(self::$request->method, self::complete_array_merge(self::$request->preserv, $validated));
return $content;
}
/**