CVE-2023-2566: fixes · openemr/openemr@a2adac7

Expand Up @@ -92,11 +92,29 @@ function xmlEscape($text) }
/** * Special function to remove the ‘javascript’ string (case insensitive) for when including a variable within a html link * Special function to remove the ‘javascript’ strings (case insensitive) for when including a variable within a html link */ function javascriptStringRemove($text) function javascriptStringRemove(?string $text): string { return str_ireplace('javascript’, '’, $text ?? ‘’); $returnText = str_ireplace('javascript’, '’, $text ?? ‘’);
if (javascriptStringCheck($returnText)) { $returnText = javascriptStringRemove($returnText); }
return $returnText; }
/** * Special function to check if ‘javascript’ string (case insensitive) is in a variable within a html link */ function javascriptStringCheck(?string $text): bool { if (stripos($text ?? '’, ‘javascript’) === false) { return false; } else { return true; } }
/** Expand Down