4 năm trước cách đây · b5af3b17d5
--- a/doc/images/README.md
+++ b/doc/images/README.md
@@ -10,17 +10,16 @@
 
															 https://github.com/Dolibarr/foundation
														
 
															-* Few icons are / were from website led24.de 
														
 
															-* Attention: This website is no longer available! 
														
 
															+# LICENCE OF IMAGE RESOURCES
														
 
															+--------------------------------
														
 
															-This is original README file for this source:
														
 
															--------------------------------------------------------
														
 
															-You can do whatever you want with these icons (use on web or in desktop applications) as long as you don’t pass them off as your own and remove this readme file. A credit statement and a link back to
														
 
															-http://led24.de/iconset/ or http://led24.de/ would be appreciated.
														
 
															+* All image resources (except dolihelp.ico and doliadmin.ico) in this directory are distributed under licence CC BY-SA
														
 
															-Follow us on twitter http://twitter.com/gasyoun or email leds24@gmail.com
														
 
															-512 icons 20/05/2009
														
 
															--------------------------------------------------------
														
 
															 List of icons from http://led24.de/iconset/ are:
														
 
															+- doliadmin.ico
														
 
															 - dolihelp.ico
														
 
															+
														
 
															+This is original README file for the package with this 2 images:
														
 
															+You can do whatever you want with these icons (use on web or in desktop applications) as long as you don’t pass them off as your own and remove this readme file. A credit statement and a link back to
														
 
															+http://led24.de/iconset/ or http://led24.de/ would be appreciated.
														
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -145,9 +145,9 @@ function testSqlAndScriptInject($val, $type)
 
															 	// List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp and https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers
														
 
															 	$inj += preg_match('/on(mouse|drag|key|load|touch|pointer|select|transition)([a-z]*)\s*=/i', $val); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
														
 
															 	$inj += preg_match('/on(abort|afterprint|animation|auxclick|beforeprint|beforeunload|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|copy|cut)\s*=/i', $val);
														
 
															-	$inj += preg_match('/on(lostpointercapture|dblclick|drop|durationchange|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)\s*=/i', $val);
														
 
															-	$inj += preg_match('/on(offline|online|pagehide|pageshow)\s*=/i', $val);
														
 
															-	$inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeking|show|stalled|start|submit|suspend)\s*=/i', $val);
														
 
															+	$inj += preg_match('/on(dblclick|drop|durationchange|emptied|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)\s*=/i', $val);
														
 
															+	$inj += preg_match('/on(lostpointercapture|offline|online|pagehide|pageshow)\s*=/i', $val);
														
 
															+	$inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeked|seeking|show|stalled|start|submit|suspend)\s*=/i', $val);
														
 
															 	$inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting|wheel)\s*=/i', $val);
														
 
															 	// We refuse html into html because some hacks try to obfuscate evil strings by inserting HTML into HTML. Example: <img on<a>error=alert(1) to bypass test on onerror
														
@@ -155,9 +155,9 @@ function testSqlAndScriptInject($val, $type)
 
															 	// List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp and https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers
														
 
															 	$inj += preg_match('/on(mouse|drag|key|load|touch|pointer|select|transition)([a-z]*)\s*=/i', $val); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
														
 
															 	$inj += preg_match('/on(abort|afterprint|animation|auxclick|beforeprint|beforeunload|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|copy|cut)\s*=/i', $tmpval);
														
 
															-	$inj += preg_match('/on(dblclick|drop|durationchange|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)\s*=/i', $tmpval);
														
 
															+	$inj += preg_match('/on(dblclick|drop|durationchange|emptied|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)\s*=/i', $tmpval);
														
 
															 	$inj += preg_match('/on(lostpointercapture|offline|online|pagehide|pageshow)\s*=/i', $tmpval);
														
 
															-	$inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeking|show|stalled|start|submit|suspend)\s*=/i', $tmpval);
														
 
															+	$inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeked|seeking|show|stalled|start|submit|suspend)\s*=/i', $tmpval);
														
 
															 	$inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting|wheel)\s*=/i', $tmpval);
														
 
															 	//$inj += preg_match('/on[A-Z][a-z]+\*=/', $val);   // To lock event handlers onAbort(), ...