diff --git a/interface/lib/classes/functions.inc.php b/interface/lib/classes/functions.inc.php
index da35a370025a75215ef61c7934ad3e778ff58327..a646e1be0a293e2e39882fd8cc72c67068ad97ed 100644
--- a/interface/lib/classes/functions.inc.php
+++ b/interface/lib/classes/functions.inc.php
@@ -454,6 +454,25 @@ class functions {
$app->log("Failed to create SSH keypair for ".$username, LOGLEVEL_WARN);
}
}
+
+ public function htmlentities($value) {
+ global $conf;
+
+ if(is_array($value)) {
+ $out = array();
+ foreach($value as $key => $val) {
+ if(is_array($val)) {
+ $out[$key] = $this->htmlentities($val);
+ } else {
+ $out[$key] = htmlentities($val, ENT_QUOTES, $conf["html_content_encoding"]);
+ }
+ }
+ } else {
+ $out = htmlentities($value, ENT_QUOTES, $conf["html_content_encoding"]);
+ }
+
+ return $out;
+ }
}
?>
diff --git a/interface/lib/classes/listform.inc.php b/interface/lib/classes/listform.inc.php
index 4999f7e5427b631a8e964a68791cba091a804376..15a1a53add169892e4aaba3e1b7d4dcb775d398c 100644
--- a/interface/lib/classes/listform.inc.php
+++ b/interface/lib/classes/listform.inc.php
@@ -179,6 +179,7 @@ class listform {
&& $k == $_SESSION['search'][$list_name][$search_prefix.$field]
&& $_SESSION['search'][$list_name][$search_prefix.$field] != '')
? ' SELECTED' : '';
+ $v = $app->functions->htmlentities($v);
$out .= "<option value='$k'$selected>$v</option>\r\n";
}
}
@@ -610,17 +611,8 @@ class listform {
}
function escapeArrayValues($search_values) {
- global $conf;
-
- $out = array();
- if(is_array($search_values)) {
- foreach($search_values as $key => $val) {
- $out[$key] = htmlentities($val, ENT_QUOTES, $conf["html_content_encoding"]);
- }
- }
-
- return $out;
-
+ global $app;
+ return $app->functions->htmlentities($search_values);
}
}
diff --git a/interface/lib/classes/listform_actions.inc.php b/interface/lib/classes/listform_actions.inc.php
index 1bf615e857bc00e229553e4a3e765e04d784fbf9..b4366feaa6535782c082cee801ecbf08924f224b 100644
--- a/interface/lib/classes/listform_actions.inc.php
+++ b/interface/lib/classes/listform_actions.inc.php
@@ -180,7 +180,7 @@ class listform_actions {
$rec['_'.$key.'_'] = (strtolower($rec[$key]) == 'y')?'x16/tick_circle.png':'x16/cross_circle.png';
}
//* substitute value for select field
- $rec[$key] = @$field['value'][$rec[$key]];
+ $rec[$key] = $app->functions->htmlentities(@$field['value'][$rec[$key]]);
}
}
}
diff --git a/interface/lib/classes/quota_lib.inc.php b/interface/lib/classes/quota_lib.inc.php
index 93d8baa5de2cb21154125737e87f400764f81595..e5d55ff80c17c00354fa6001d6add5c49def61a5 100644
--- a/interface/lib/classes/quota_lib.inc.php
+++ b/interface/lib/classes/quota_lib.inc.php
@@ -243,7 +243,8 @@ class quota_lib {
if(is_array($emails) && !empty($emails)){
for($i=0;$i<sizeof($emails);$i++){
$email = $emails[$i]['email'];
-
+
+ $emails[$i]['name'] = $app->functions->htmlentities($emails[$i]['name']);
$emails[$i]['used'] = isset($monitor_data[$email]['used']) ? $monitor_data[$email]['used'] : array(1 => 0);
if (!is_numeric($emails[$i]['used'])) $emails[$i]['used']=$emails[$i]['used'][1];
diff --git a/interface/lib/classes/tform_base.inc.php b/interface/lib/classes/tform_base.inc.php
index 8bb8cb7b7dbb4e9fe907dac4ebbabf67f14d05c3..d06072e830c75e9b33e7abe960c3ef69311d1d31 100644
--- a/interface/lib/classes/tform_base.inc.php
+++ b/interface/lib/classes/tform_base.inc.php
@@ -473,8 +473,8 @@ class tform_base {
if(is_array($field['value'])) {
foreach($field['value'] as $k => $v) {
$selected = ($k == $val)?' SELECTED':'';
- if(isset($this->wordbook[$v]))
- $v = $this->wordbook[$v];
+ if(isset($this->wordbook[$v])) $v = $this->wordbook[$v];
+ else $v = $app->functions->htmlentities($v);
$out .= "<option value='$k'$selected>".$this->lng($v)."</option>\r\n";
}
}
@@ -494,7 +494,7 @@ class tform_base {
foreach($vals as $tvl) {
if(trim($tvl) == trim($k)) $selected = ' SELECTED';
}
-
+ $v = $app->functions->htmlentities($v);
$out .= "<option value='$k'$selected>$v</option>\r\n";
}
}
@@ -577,7 +577,7 @@ class tform_base {
default:
if(isset($record[$key])) {
- $new_record[$key] = htmlspecialchars($record[$key]);
+ $new_record[$key] = $app->functions->htmlentities($record[$key]);
} else {
$new_record[$key] = '';
}
@@ -608,7 +608,8 @@ class tform_base {
$out = '';
foreach($field['value'] as $k => $v) {
$selected = ($k == $field["default"])?' SELECTED':'';
- $out .= "<option value='$k'$selected>".$this->lng($v)."</option>\r\n";
+ $v = $app->functions->htmlentities($this->lng($v));
+ $out .= "<option value='$k'$selected>".$v."</option>\r\n";
}
}
if(isset($out)) $new_record[$key] = $out;
@@ -622,7 +623,7 @@ class tform_base {
// HTML schreiben
$out = '';
foreach($field['value'] as $k => $v) {
-
+ $v = $app->functions->htmlentities($v);
$out .= "<option value='$k'>$v</option>\r\n";
}
}
@@ -693,7 +694,7 @@ class tform_base {
break;
default:
- $new_record[$key] = htmlspecialchars($field['default']);
+ $new_record[$key] = $app->functions->htmlentities($field['default']);
}
}
@@ -911,6 +912,12 @@ class tform_base {
case 'NOWHITESPACE':
$returnval = preg_replace('/\s+/', '', $returnval);
break;
+ case 'STRIPTAGS':
+ $returnval = strip_tags(preg_replace('/<script[^>]*?>.*?<\/script>/is', '', $returnval));
+ break;
+ case 'STRIPNL':
+ $returnval = str_replace(array("\n","\r"),'', $returnval);
+ break;
default:
$this->errorMessage .= "Unknown Filter: ".$filter['type'];
break;
diff --git a/interface/web/admin/form/directive_snippets.tform.php b/interface/web/admin/form/directive_snippets.tform.php
index 4d34fefb59c02e15e63e8f8375691d12ad310607..544cb8b85537df42206ea5c861f20d0050bfb69b 100644
--- a/interface/web/admin/form/directive_snippets.tform.php
+++ b/interface/web/admin/form/directive_snippets.tform.php
@@ -71,6 +71,12 @@ $form["tabs"]['directive_snippets'] = array (
1 => array ( 'type' => 'UNIQUE',
'errmsg'=> 'directive_snippets_name_error_unique'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/admin/form/groups.tform.php b/interface/web/admin/form/groups.tform.php
index c7b3f74fdb37c793f321e809317b3a0ae9d7da65..5bcbe6279f7a82a3e5d49c4b08c67f9e313c7266 100644
--- a/interface/web/admin/form/groups.tform.php
+++ b/interface/web/admin/form/groups.tform.php
@@ -81,6 +81,12 @@ $form["tabs"]['groups'] = array (
'name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'regex' => '/^.{1,30}$/',
'errmsg' => 'name_err',
'default' => '',
@@ -94,6 +100,10 @@ $form["tabs"]['groups'] = array (
'description' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'regex' => '',
'errmsg' => '',
'default' => '',
diff --git a/interface/web/admin/form/iptables.tform.php b/interface/web/admin/form/iptables.tform.php
index 7d09ca3f5e1b3bd40875ad3a94754d3530e6ab1c..76d747020d3966a7390d141c7df50c2262687764 100644
--- a/interface/web/admin/form/iptables.tform.php
+++ b/interface/web/admin/form/iptables.tform.php
@@ -52,6 +52,12 @@ $form["tabs"]['iptables'] = array (
'source_ip' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '',
@@ -60,6 +66,12 @@ $form["tabs"]['iptables'] = array (
'destination_ip' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '',
@@ -68,6 +80,12 @@ $form["tabs"]['iptables'] = array (
'singleport' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '',
@@ -76,6 +94,12 @@ $form["tabs"]['iptables'] = array (
'multiport' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '',
@@ -84,6 +108,12 @@ $form["tabs"]['iptables'] = array (
'state' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '',
diff --git a/interface/web/admin/form/server.tform.php b/interface/web/admin/form/server.tform.php
index 1bf079e1b0bb08791cdddb7f70b9797e5720e504..95dca6c33b5cb552b29692b3c0f27f2e76924024 100644
--- a/interface/web/admin/form/server.tform.php
+++ b/interface/web/admin/form/server.tform.php
@@ -61,6 +61,12 @@ $form["tabs"]['services'] = array (
'server_name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/admin/form/server_config.tform.php b/interface/web/admin/form/server_config.tform.php
index 6c9e56772b33a1b6a65f509aa212c8d49bb00b42..70aac48e0787e06835b32a6773012e1cf213ec16 100644
--- a/interface/web/admin/form/server_config.tform.php
+++ b/interface/web/admin/form/server_config.tform.php
@@ -145,6 +145,12 @@ $form["tabs"]['server'] = array(
'validators' => array(0 => array('type' => 'NOTEMPTY',
'errmsg' => 'nameservers_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'value' => '',
'width' => '40',
'maxlength' => '255'
@@ -316,6 +322,12 @@ $form["tabs"]['server'] = array(
'monit_user' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -344,6 +356,12 @@ $form["tabs"]['server'] = array(
'munin_user' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -426,6 +444,12 @@ $form["tabs"]['mail'] = array(
'dkim_path' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '/var/lib/amavis/dkim',
'value' => '',
'width' => '40',
@@ -527,6 +551,12 @@ $form["tabs"]['mail'] = array(
'relayhost' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -535,6 +565,12 @@ $form["tabs"]['mail'] = array(
'relayhost_user' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -719,6 +755,12 @@ $form["tabs"]['web'] = array(
'website_autoalias' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -1135,6 +1177,12 @@ $form["tabs"]['web'] = array(
'validators' => array( 0 => array('type' => 'NOTEMPTY',
'errmsg' => 'htaccess_allow_override_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'value' => '',
'width' => '40',
'maxlength' => '255'
@@ -1161,6 +1209,12 @@ $form["tabs"]['web'] = array(
'validators' => array(0 => array('type' => 'NOTEMPTY',
'errmsg' => 'apps_vhost_port_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'value' => '',
'width' => '40',
'maxlength' => '255'
@@ -1172,6 +1226,12 @@ $form["tabs"]['web'] = array(
'validators' => array(0 => array('type' => 'NOTEMPTY',
'errmsg' => 'apps_vhost_ip_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'value' => '',
'width' => '40',
'maxlength' => '255'
@@ -1179,6 +1239,12 @@ $form["tabs"]['web'] = array(
'apps_vhost_servername' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -1187,6 +1253,12 @@ $form["tabs"]['web'] = array(
'awstats_conf_dir' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -1486,6 +1558,12 @@ $form["tabs"]['xmpp'] = array(
'xmpp_server_admins' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'admin@service.com, superuser@service.com',
'value' => '',
'width' => '15'
@@ -1494,6 +1572,12 @@ $form["tabs"]['xmpp'] = array(
'xmpp_modules_enabled' => array(
'datatype' => 'TEXT',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => "saslauth, tls, dialback, disco, discoitems, version, uptime, time, ping, admin_adhoc, admin_telnet, bosh, posix, announce, offline, webpresence, mam, stream_management, message_carbons",
'value' => '',
'separator' => ","
diff --git a/interface/web/admin/form/server_php.tform.php b/interface/web/admin/form/server_php.tform.php
index d5b0c5ff73781ac56b3da21dc0d8f598c0eac892..c94bb38c015aa50ea9b1626c17f410f34692a62b 100644
--- a/interface/web/admin/form/server_php.tform.php
+++ b/interface/web/admin/form/server_php.tform.php
@@ -112,6 +112,12 @@ $form["tabs"]['php_name'] = array (
'validators' => array(0 => array('type' => 'NOTEMPTY',
'errmsg' => 'server_php_name_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -135,6 +141,12 @@ $form["tabs"]['php_fastcgi'] = array(
'php_fastcgi_binary' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -143,6 +155,12 @@ $form["tabs"]['php_fastcgi'] = array(
'php_fastcgi_ini_dir' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -165,6 +183,12 @@ $form["tabs"]['php_fpm'] = array(
'php_fpm_init_script' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -173,6 +197,12 @@ $form["tabs"]['php_fpm'] = array(
'php_fpm_ini_dir' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -181,6 +211,12 @@ $form["tabs"]['php_fpm'] = array(
'php_fpm_pool_dir' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
diff --git a/interface/web/admin/form/software_package.tform.php b/interface/web/admin/form/software_package.tform.php
index 1db7056acc1b0b779962fbcdc6820fca5257e34d..b8368d545751d19216fac8c69c588dc62b1cad48 100644
--- a/interface/web/admin/form/software_package.tform.php
+++ b/interface/web/admin/form/software_package.tform.php
@@ -87,6 +87,12 @@ $form["tabs"]['software_package'] = array (
'package_title' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'validators' => '',
'default' => '',
'value' => '',
@@ -99,6 +105,12 @@ $form["tabs"]['software_package'] = array (
'package_key' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'validators' => '',
'default' => '',
'value' => '',
diff --git a/interface/web/admin/form/software_repo.tform.php b/interface/web/admin/form/software_repo.tform.php
index 6d1c50f921ea643d7d3f68121c3b46c902acc365..cbf68b3a3588e5e31d2c998e87c3b28b3fe20134 100644
--- a/interface/web/admin/form/software_repo.tform.php
+++ b/interface/web/admin/form/software_repo.tform.php
@@ -92,6 +92,12 @@ $form["tabs"]['software_repo'] = array (
1 => array ( 'type' => 'UNIQUE',
'errmsg'=> 'repo_name_unique'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -108,6 +114,12 @@ $form["tabs"]['software_repo'] = array (
1 => array ( 'type' => 'UNIQUE',
'errmsg'=> 'repo_name_unique'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -119,6 +131,12 @@ $form["tabs"]['software_repo'] = array (
'repo_username' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
diff --git a/interface/web/admin/form/system_config.tform.php b/interface/web/admin/form/system_config.tform.php
index 72618657968a7642d32f8f35ef1607af82877fef..681d166b34c729a824902385c77d8cbfb3795f75 100644
--- a/interface/web/admin/form/system_config.tform.php
+++ b/interface/web/admin/form/system_config.tform.php
@@ -282,7 +282,11 @@ $form["tabs"]['mail'] = array (
1 => array( 'event' => 'SHOW',
'type' => 'IDNTOUTF8'),
2 => array( 'event' => 'SAVE',
- 'type' => 'TOLOWER')
+ 'type' => 'TOLOWER'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
'formtype' => 'TEXT',
'default' => '',
@@ -293,6 +297,12 @@ $form["tabs"]['mail'] = array (
'admin_name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -311,7 +321,11 @@ $form["tabs"]['mail'] = array (
1 => array( 'event' => 'SHOW',
'type' => 'IDNTOUTF8'),
2 => array( 'event' => 'SAVE',
- 'type' => 'TOLOWER')
+ 'type' => 'TOLOWER'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
'formtype' => 'TEXT',
'default' => '',
@@ -322,6 +336,12 @@ $form["tabs"]['mail'] = array (
'smtp_port' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '25',
'value' => '',
'width' => '30',
@@ -330,6 +350,12 @@ $form["tabs"]['mail'] = array (
'smtp_user' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -419,6 +445,10 @@ $form["tabs"]['domains'] = array (
'new_domain_html' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => ''
),
@@ -463,12 +493,24 @@ $form["tabs"]['misc'] = array (
'company_name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => ''
),
'custom_login_text' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => ''
),
@@ -485,18 +527,36 @@ $form["tabs"]['misc'] = array (
'dashboard_atom_url_admin' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'http://www.ispconfig.org/atom',
'value' => ''
),
'dashboard_atom_url_reseller' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'http://www.ispconfig.org/atom',
'value' => ''
),
'dashboard_atom_url_client' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'http://www.ispconfig.org/atom',
'value' => ''
),
@@ -539,36 +599,72 @@ $form["tabs"]['misc'] = array (
'admin_dashlets_left' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => ''
),
'admin_dashlets_right' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => ''
),
'reseller_dashlets_left' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => ''
),
'reseller_dashlets_right' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => ''
),
'client_dashlets_left' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => ''
),
'client_dashlets_right' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => ''
),
diff --git a/interface/web/admin/form/tpl_default.tform.php b/interface/web/admin/form/tpl_default.tform.php
index df52bbec5f3633e64090e2c96557ca0ad2fc4417..baa84d7b309ecb999de03f7098a10c5a17f790be 100644
--- a/interface/web/admin/form/tpl_default.tform.php
+++ b/interface/web/admin/form/tpl_default.tform.php
@@ -87,6 +87,12 @@ $form["tabs"]['basic'] = array (
'username' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'validators' => '',
'default' => 'global',
'value' => 'global',
@@ -97,6 +103,12 @@ $form["tabs"]['basic'] = array (
'logo_url' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'validators' => '',
'default' => '',
'value' => '',
diff --git a/interface/web/admin/list/directive_snippets.list.php b/interface/web/admin/list/directive_snippets.list.php
index c41bcd5786b31cbe15846ea88169f511eae57184..31332e5ecf7232b25e1cc38e12b5a5d129f5fbd0 100644
--- a/interface/web/admin/list/directive_snippets.list.php
+++ b/interface/web/admin/list/directive_snippets.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "name",
@@ -82,7 +82,7 @@ $liste["item"][] = array( 'field' => "customer_viewable",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "master_directive_snippets_id",
'datatype' => "BOOLEAN",
diff --git a/interface/web/admin/list/firewall.list.php b/interface/web/admin/list/firewall.list.php
index 786b7b848ae756f78a69e987b0af7a98a6cfdfed..884779110a908577ad81747f280b9de288eb4dde 100644
--- a/interface/web/admin/list/firewall.list.php
+++ b/interface/web/admin/list/firewall.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "server_id",
'datatype' => "VARCHAR",
diff --git a/interface/web/admin/list/iptables.list.php b/interface/web/admin/list/iptables.list.php
index 3ad78404ea4c195e8d35cdd79f9fec4338fe1f97..beaf1d7e5e2297fb6f0963d59f5284d708988012 100644
--- a/interface/web/admin/list/iptables.list.php
+++ b/interface/web/admin/list/iptables.list.php
@@ -18,7 +18,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array("y" => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", "n" => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array("y" => $app->lng('yes_txt'), "n" => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "server_id",
'datatype' => "INTEGER",
diff --git a/interface/web/admin/list/server.list.php b/interface/web/admin/list/server.list.php
index 9ca54c07d5d2df744ac530f6898792264a666d25..58779eec9c6a1e84c9c175b78fc3824969b71c42 100644
--- a/interface/web/admin/list/server.list.php
+++ b/interface/web/admin/list/server.list.php
@@ -63,7 +63,7 @@ $liste['item'][] = array( 'field' => 'mail_server',
'prefix' => '%',
'suffix' => '%',
'width' => '',
- 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('1' => $app->lng('yes_txt'), '0' => $app->lng('no_txt')));
$liste['item'][] = array( 'field' => 'web_server',
'datatype' => 'VARCHAR',
@@ -72,7 +72,7 @@ $liste['item'][] = array( 'field' => 'web_server',
'prefix' => '%',
'suffix' => '%',
'width' => '',
- 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('1' => $app->lng('yes_txt'), '0' => $app->lng('no_txt')));
$liste['item'][] = array( 'field' => 'dns_server',
'datatype' => 'VARCHAR',
@@ -81,7 +81,7 @@ $liste['item'][] = array( 'field' => 'dns_server',
'prefix' => '%',
'suffix' => '%',
'width' => '',
- 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('1' => $app->lng('yes_txt'), '0' => $app->lng('no_txt')));
$liste['item'][] = array( 'field' => 'file_server',
'datatype' => 'VARCHAR',
@@ -90,7 +90,7 @@ $liste['item'][] = array( 'field' => 'file_server',
'prefix' => '%',
'suffix' => '%',
'width' => '',
- 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('1' => $app->lng('yes_txt'), '0' => $app->lng('no_txt')));
$liste['item'][] = array( 'field' => 'db_server',
'datatype' => 'VARCHAR',
@@ -99,7 +99,7 @@ $liste['item'][] = array( 'field' => 'db_server',
'prefix' => '%',
'suffix' => '%',
'width' => '',
- 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('1' => $app->lng('yes_txt'), '0' => $app->lng('no_txt')));
$liste['item'][] = array( 'field' => 'vserver_server',
'datatype' => 'VARCHAR',
@@ -108,7 +108,7 @@ $liste['item'][] = array( 'field' => 'vserver_server',
'prefix' => '%',
'suffix' => '%',
'width' => '',
- 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('1' => $app->lng('yes_txt'), '0' => $app->lng('no_txt')));
$liste['item'][] = array( 'field' => 'xmpp_server',
'datatype' => 'VARCHAR',
@@ -117,6 +117,6 @@ $liste['item'][] = array( 'field' => 'xmpp_server',
'prefix' => '%',
'suffix' => '%',
'width' => '',
- 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('1' => $app->lng('yes_txt'), '0' => $app->lng('no_txt')));
?>
diff --git a/interface/web/admin/list/server_ip.list.php b/interface/web/admin/list/server_ip.list.php
index 6340172b0e9ebdb0321a8bfbd81c7f00b840f6bc..1e9bd8f4ecf7a9648d3716b43305715dddc3f207 100644
--- a/interface/web/admin/list/server_ip.list.php
+++ b/interface/web/admin/list/server_ip.list.php
@@ -95,7 +95,7 @@ $liste["item"][] = array( 'field' => "virtualhost",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste['item'][] = array( 'field' => 'virtualhost_port',
diff --git a/interface/web/admin/list/server_ip_map.list.php b/interface/web/admin/list/server_ip_map.list.php
index a70a76081bec28293499e40e82bf317b7ff2444a..6f9e60cfe83476bb2cddfdeb5d3331b2b5fbb23d 100644
--- a/interface/web/admin/list/server_ip_map.list.php
+++ b/interface/web/admin/list/server_ip_map.list.php
@@ -18,7 +18,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste['item'][] = array( 'field' => 'server_id',
'datatype' => 'INTEGER',
diff --git a/interface/web/admin/list/software_repo.list.php b/interface/web/admin/list/software_repo.list.php
index 824c66d6d9d29f0ae04727cd605535f272573b71..0e172ace99ad7bf2bf53234922d2aa7432a90fb3 100644
--- a/interface/web/admin/list/software_repo.list.php
+++ b/interface/web/admin/list/software_repo.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "repo_name",
'datatype' => "VARCHAR",
diff --git a/interface/web/admin/list/users.list.php b/interface/web/admin/list/users.list.php
index 53e3f440a6f6e76f6c79e0eb16610ee0bb45c61c..f241cd8506f281ffd5dc369959f03abbeb697b99 100644
--- a/interface/web/admin/list/users.list.php
+++ b/interface/web/admin/list/users.list.php
@@ -60,7 +60,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('1' => $app->lng('yes_txt'), '0' => $app->lng('no_txt')));
$liste['item'][] = array( 'field' => 'username',
'datatype' => 'VARCHAR',
diff --git a/interface/web/client/client_edit.php b/interface/web/client/client_edit.php
index 10e3f3cadd640efc130e84182de38f32dcbb93d5..8577a1b32d94a5c1e27de0c622495d3f0b4ca2be 100644
--- a/interface/web/client/client_edit.php
+++ b/interface/web/client/client_edit.php
@@ -133,6 +133,7 @@ class page_action extends tform_actions {
$tpls = $app->db->queryAllRecords($sql);
$option = '';
$tpl = array();
+ $tpls = $app->functions->htmlentities($tpls);
foreach($tpls as $item){
$option .= '<option value="' . $item['template_id'] . '|' . $item['template_name'] . '">' . $item['template_name'] . '</option>';
$tpl[$item['template_id']] = $item['template_name'];
@@ -154,7 +155,7 @@ class page_action extends tform_actions {
$tmp->id = $item['assigned_template_id'];
$tmp->data = '';
$app->plugin->raiseEvent('get_client_template_details', $tmp);
- if($tmp->data != '') $text .= '<br /><em>' . $tmp->data . '</em>';
+ if($tmp->data != '') $text .= '<br /><em>' . $app->functions->htmlentities($tmp->data) . '</em>';
$text .= '</li>';
$items[] = $item['assigned_template_id'] . ':' . $item['client_template_id'];
@@ -219,6 +220,7 @@ class page_action extends tform_actions {
// Fill the client select field
$sql = "SELECT client.client_id, sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 AND client.limit_client != 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = "<option value='0'>- ".$app->tform->lng('none_txt')." -</option>";
//$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($clients)) {
diff --git a/interface/web/client/domain_edit.php b/interface/web/client/domain_edit.php
index 67be43e04c829058babcdde95b54928964351d07..8867e295783b6280bd6d26bff8c6f5e22a29b544 100644
--- a/interface/web/client/domain_edit.php
+++ b/interface/web/client/domain_edit.php
@@ -83,6 +83,7 @@ class page_action extends tform_actions {
//$sql = "SELECT groupid, name FROM sys_group WHERE client_id > 0 ORDER BY name";
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = '';
if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
if($this->id > 0) $tmp_data_record = $app->tform->getDataRecord($this->id); else $tmp_data_record = $this->dataRecord;
@@ -98,11 +99,13 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
-
+ $client = $app->functions->htmlentities($client);
+
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
//die($sql);
$records = $app->db->queryAllRecords($sql, $client['client_id']);
+ $records = $app->functions->htmlentities($records);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
diff --git a/interface/web/client/form/client.tform.php b/interface/web/client/form/client.tform.php
index 3a8d4f2fccfc8c6ed044939233f4088e3efe4772..151c5dc95926373f089135c8fc278ddd8105d821 100644
--- a/interface/web/client/form/client.tform.php
+++ b/interface/web/client/form/client.tform.php
@@ -91,6 +91,12 @@ $form["tabs"]['address'] = array (
'company_name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -119,6 +125,10 @@ $form["tabs"]['address'] = array (
'searchable' => 1,
'filters' => array( 0 => array( 'event' => 'SAVE',
'type' => 'TRIM'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 2 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
),
'contact_name' => array (
@@ -137,6 +147,10 @@ $form["tabs"]['address'] = array (
'searchable' => 1,
'filters' => array( 0 => array( 'event' => 'SAVE',
'type' => 'TRIM'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 2 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
),
'customer_no' => array (
@@ -146,6 +160,12 @@ $form["tabs"]['address'] = array (
'errmsg'=> 'customer_no_error_unique',
'allowempty' => 'y'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -226,6 +246,12 @@ $form["tabs"]['address'] = array (
'street' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -238,6 +264,12 @@ $form["tabs"]['address'] = array (
'zip' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -250,6 +282,12 @@ $form["tabs"]['address'] = array (
'city' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -262,6 +300,12 @@ $form["tabs"]['address'] = array (
'state' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -285,6 +329,12 @@ $form["tabs"]['address'] = array (
'telephone' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -297,6 +347,12 @@ $form["tabs"]['address'] = array (
'mobile' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -309,6 +365,12 @@ $form["tabs"]['address'] = array (
'fax' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -345,6 +407,12 @@ $form["tabs"]['address'] = array (
'internet' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'http://',
'value' => '',
'separator' => '',
@@ -357,6 +425,12 @@ $form["tabs"]['address'] = array (
'icq' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -385,12 +459,22 @@ $form["tabs"]['address'] = array (
1 => array( 'event' => 'SAVE',
'type' => 'TOUPPER'),
2 => array( 'event' => 'SAVE',
- 'type' => 'NOWHITESPACE')
+ 'type' => 'NOWHITESPACE'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
),
'company_id' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -402,6 +486,12 @@ $form["tabs"]['address'] = array (
'bank_account_owner' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -413,6 +503,12 @@ $form["tabs"]['address'] = array (
'bank_account_number' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -424,6 +520,12 @@ $form["tabs"]['address'] = array (
'bank_code' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -435,6 +537,12 @@ $form["tabs"]['address'] = array (
'bank_name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -458,7 +566,11 @@ $form["tabs"]['address'] = array (
1 => array( 'event' => 'SAVE',
'type' => 'TOUPPER'),
2 => array( 'event' => 'SAVE',
- 'type' => 'NOWHITESPACE')
+ 'type' => 'NOWHITESPACE'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
),
'bank_account_swift' => array (
@@ -476,12 +588,20 @@ $form["tabs"]['address'] = array (
1 => array( 'event' => 'SAVE',
'type' => 'TOUPPER'),
2 => array( 'event' => 'SAVE',
- 'type' => 'NOWHITESPACE')
+ 'type' => 'NOWHITESPACE'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
),
'notes' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -538,6 +658,12 @@ $form["tabs"]['address'] = array (
'added_by' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => $_SESSION['s']['user']['username'],
'value' => '',
'separator' => '',
diff --git a/interface/web/client/form/client_circle.tform.php b/interface/web/client/form/client_circle.tform.php
index 91b96b3549d94c773198732b255e69a079acfbeb..64eee542d71bbc22eed2134a5775c74aa9735617 100644
--- a/interface/web/client/form/client_circle.tform.php
+++ b/interface/web/client/form/client_circle.tform.php
@@ -91,6 +91,12 @@ $form["tabs"]['circle'] = array (
'circle_name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -115,6 +121,10 @@ $form["tabs"]['circle'] = array (
'description' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'separator' => '',
diff --git a/interface/web/client/form/client_template.tform.php b/interface/web/client/form/client_template.tform.php
index 13e8cfbcce718d94b8f3518dddb26ed63d45986b..5d9f81de0b80114e81068d23f9b465939d891118 100644
--- a/interface/web/client/form/client_template.tform.php
+++ b/interface/web/client/form/client_template.tform.php
@@ -82,6 +82,12 @@ $form["tabs"]['template'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'error_template_name_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/client/form/message_template.tform.php b/interface/web/client/form/message_template.tform.php
index 14dfea1cd0904ebeec69b27c2bf1b05de435b707..ab2d19134003e949254649bfbe8cb3b219be864e 100644
--- a/interface/web/client/form/message_template.tform.php
+++ b/interface/web/client/form/message_template.tform.php
@@ -67,6 +67,12 @@ $form["tabs"]['template'] = array (
'template_name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -81,6 +87,12 @@ $form["tabs"]['template'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'subject_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
diff --git a/interface/web/client/form/reseller.tform.php b/interface/web/client/form/reseller.tform.php
index 903c8d8c0cd28260bf28d830d8736b0bd3bc5f5c..706219f76afa9f74ed177ba79cb323d0ce37ba4b 100644
--- a/interface/web/client/form/reseller.tform.php
+++ b/interface/web/client/form/reseller.tform.php
@@ -91,6 +91,12 @@ $form["tabs"]['address'] = array (
'company_name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -119,6 +125,10 @@ $form["tabs"]['address'] = array (
'searchable' => 1,
'filters' => array( 0 => array( 'event' => 'SAVE',
'type' => 'TRIM'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 2 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
),
'contact_name' => array (
@@ -137,6 +147,10 @@ $form["tabs"]['address'] = array (
'searchable' => 1,
'filters' => array( 0 => array( 'event' => 'SAVE',
'type' => 'TRIM'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 2 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
),
'customer_no' => array (
@@ -146,6 +160,12 @@ $form["tabs"]['address'] = array (
'errmsg'=> 'customer_no_error_unique',
'allowempty' => 'y'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -226,6 +246,12 @@ $form["tabs"]['address'] = array (
'street' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -238,6 +264,12 @@ $form["tabs"]['address'] = array (
'zip' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -250,6 +282,12 @@ $form["tabs"]['address'] = array (
'city' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -262,6 +300,12 @@ $form["tabs"]['address'] = array (
'state' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -286,6 +330,12 @@ $form["tabs"]['address'] = array (
'telephone' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -298,6 +348,12 @@ $form["tabs"]['address'] = array (
'mobile' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -310,6 +366,12 @@ $form["tabs"]['address'] = array (
'fax' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -343,6 +405,12 @@ $form["tabs"]['address'] = array (
'internet' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'http://',
'value' => '',
'separator' => '',
@@ -355,6 +423,12 @@ $form["tabs"]['address'] = array (
'icq' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -383,12 +457,22 @@ $form["tabs"]['address'] = array (
1 => array( 'event' => 'SAVE',
'type' => 'TOUPPER'),
2 => array( 'event' => 'SAVE',
- 'type' => 'NOWHITESPACE')
+ 'type' => 'NOWHITESPACE'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
),
'company_id' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -400,6 +484,12 @@ $form["tabs"]['address'] = array (
'bank_account_owner' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -411,6 +501,12 @@ $form["tabs"]['address'] = array (
'bank_account_number' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -422,6 +518,12 @@ $form["tabs"]['address'] = array (
'bank_code' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -433,6 +535,12 @@ $form["tabs"]['address'] = array (
'bank_name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -456,7 +564,11 @@ $form["tabs"]['address'] = array (
1 => array( 'event' => 'SAVE',
'type' => 'TOUPPER'),
2 => array( 'event' => 'SAVE',
- 'type' => 'NOWHITESPACE')
+ 'type' => 'NOWHITESPACE'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
),
'bank_account_swift' => array (
@@ -474,12 +586,20 @@ $form["tabs"]['address'] = array (
1 => array( 'event' => 'SAVE',
'type' => 'TOUPPER'),
2 => array( 'event' => 'SAVE',
- 'type' => 'NOWHITESPACE')
+ 'type' => 'NOWHITESPACE'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
),
'notes' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -536,6 +656,12 @@ $form["tabs"]['address'] = array (
'added_by' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => $_SESSION['s']['user']['username'],
'value' => '',
'separator' => '',
diff --git a/interface/web/client/list/client_circle.list.php b/interface/web/client/list/client_circle.list.php
index 56085c4c366858aff2b2361b9306610cf728b054..292b0d679720c570a5c649f56aa1b2775a7a4af1 100644
--- a/interface/web/client/list/client_circle.list.php
+++ b/interface/web/client/list/client_circle.list.php
@@ -63,7 +63,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "circle_name",
'datatype' => "VARCHAR",
diff --git a/interface/web/client/reseller_edit.php b/interface/web/client/reseller_edit.php
index 8ab091ef4d03517e9bec09940a07c3aeb18575ee..7a84be525300ccedf01d95ce1f7aacacf8368fe7 100644
--- a/interface/web/client/reseller_edit.php
+++ b/interface/web/client/reseller_edit.php
@@ -127,6 +127,7 @@ class page_action extends tform_actions {
$tpls = $app->db->queryAllRecords($sql);
$option = '';
$tpl = array();
+ $tpls = $app->functions->htmlentities($tpls);
foreach($tpls as $item){
$option .= '<option value="' . $item['template_id'] . '|' . $item['template_name'] . '">' . $item['template_name'] . '</option>';
$tpl[$item['template_id']] = $item['template_name'];
@@ -148,7 +149,7 @@ class page_action extends tform_actions {
$tmp->id = $item['assigned_template_id'];
$tmp->data = '';
$app->plugin->raiseEvent('get_client_template_details', $tmp);
- if($tmp->data != '') $text .= '<br /><em>' . $tmp->data . '</em>';
+ if($tmp->data != '') $text .= '<br /><em>' . $app->functions->htmlentities($tmp->data) . '</em>';
$text .= '</li>';
$items[] = $item['assigned_template_id'] . ':' . $item['client_template_id'];
diff --git a/interface/web/client/templates/clients_list.htm b/interface/web/client/templates/clients_list.htm
index 644c770d34fed953d62bb5b91294f52b879a52c1..25d0dfcaf3554562d5b87103f7e75863b578237c 100644
--- a/interface/web/client/templates/clients_list.htm
+++ b/interface/web/client/templates/clients_list.htm
@@ -33,7 +33,7 @@
<td><input class="form-control" type="text" name="search_customer_no" value="{tmpl_var name='search_customer_no'}" /></td>
<td><input class="form-control" type="text" name="search_username" value="{tmpl_var name='search_username'}" /></td>
<td><input class="form-control" type="text" name="search_city" value="{tmpl_var name='search_city'}" /></td>
- <td><select class="form-control" name="search_country">{tmpl_var name='search_country'}</select></td>
+ <td><select class="form-control flags" name="search_country">{tmpl_var name='search_country'}</select></td>
<tmpl_if name="has_robot"><td><select class="form-control" name="search_validation_status">{tmpl_var name='search_validation_status'}</select></td></tmpl_if>
<td class="text-right">
<button type="button" class="btn btn-default formbutton-default formbutton-narrow" name="Filter" id="Filter" value="{tmpl_var name="filter_txt"}" data-submit-form="pageForm" data-form-action="client/client_list.php"><span class="icon icon-filter"></span></button>
diff --git a/interface/web/client/templates/resellers_list.htm b/interface/web/client/templates/resellers_list.htm
index 50a9ec239c326d5a8c6dc1a1230cb0b4e4810ff0..8edfa08546d28bf66201ffde13a3311e7acec7cf 100644
--- a/interface/web/client/templates/resellers_list.htm
+++ b/interface/web/client/templates/resellers_list.htm
@@ -32,7 +32,7 @@
<td><input class="form-control" type="text" name="search_customer_no" value="{tmpl_var name='search_customer_no'}" /></td>
<td><input class="form-control" type="text" name="search_username" value="{tmpl_var name='search_username'}" /></td>
<td><input class="form-control" type="text" name="search_city" value="{tmpl_var name='search_city'}" /></td>
- <td><select class="form-control" name="search_country">{tmpl_var name='search_country'}</select></td>
+ <td><select class="form-control flags" name="search_country">{tmpl_var name='search_country'}</select></td>
<td class="text-right">
<button type="button" class="btn btn-default formbutton-default formbutton-narrow" name="Filter" id="Filter" value="{tmpl_var name="filter_txt"}" data-submit-form="pageForm" data-form-action="client/reseller_list.php"><span class="icon icon-filter"></span></button>
</td>
diff --git a/interface/web/dashboard/ajax_get_json.php b/interface/web/dashboard/ajax_get_json.php
index 30a668a77f01436b2b818a5e2374444c7c24b115..32fc8912e05ee6c2b91f62783efc667e969c2e49 100644
--- a/interface/web/dashboard/ajax_get_json.php
+++ b/interface/web/dashboard/ajax_get_json.php
@@ -189,6 +189,7 @@ function _search($module, $section, $additional_sql = '', $params = ''){
$sql = "SELECT * FROM ?? WHERE ".$where_clause.$authsql.$order_clause." LIMIT 0,10";
$results = $app->db->queryAllRecords($sql, $db_table);
+ $results = $app->functions->htmlentities($results);
if(is_array($results) && !empty($results)){
$lng_file = '../'.$module.'/lib/lang/'.$_SESSION['s']['language'].'_'.$section.'.lng';
diff --git a/interface/web/dashboard/dashlets/databasequota.php b/interface/web/dashboard/dashlets/databasequota.php
index 6880d780a030be3206ba43678b6b9859dfaf9318..6439cdee1269e2c2d2e4db64eb8d3003a1669f81 100644
--- a/interface/web/dashboard/dashlets/databasequota.php
+++ b/interface/web/dashboard/dashlets/databasequota.php
@@ -21,6 +21,7 @@ class dashlet_databasequota {
$has_databasequota = false;
if(is_array($databases) && !empty($databases)){
+ $databases = $app->functions->htmlentities($databases);
$tpl->setloop('databasequota', $databases);
$has_databasequota = isset($databases[0]['used']);
}
diff --git a/interface/web/dashboard/dashlets/limits.php b/interface/web/dashboard/dashlets/limits.php
index 2455da87bdeabd7c4d088f3dbbd5b0bf90ba0c1e..d58c3eb8e0dcd8c7c5e5cd362e3a28e35e816fd0 100644
--- a/interface/web/dashboard/dashlets/limits.php
+++ b/interface/web/dashboard/dashlets/limits.php
@@ -154,6 +154,7 @@ class dashlet_limits {
'percentage' => $percentage);
}
}
+ $rows = $app->functions->htmlentities($rows);
$tpl->setLoop('rows', $rows);
diff --git a/interface/web/dashboard/dashlets/mailquota.php b/interface/web/dashboard/dashlets/mailquota.php
index 27b8333775d9989af87f255fed8b7c727e77fb1e..4629d6a4630c23bea7fe6d71a3846ca76667da6d 100644
--- a/interface/web/dashboard/dashlets/mailquota.php
+++ b/interface/web/dashboard/dashlets/mailquota.php
@@ -21,6 +21,8 @@ class dashlet_mailquota {
$has_mailquota = false;
if(is_array($emails) && !empty($emails)){
+ // email username is quoted in quota.lib already, so no htmlentities here to prevent double encoding
+ //$emails = $app->functions->htmlentities($emails);
$tpl->setloop('mailquota', $emails);
$has_mailquota = isset($emails[0]['used']);
}
diff --git a/interface/web/dashboard/dashlets/quota.php b/interface/web/dashboard/dashlets/quota.php
index a72e1fd23772c692923083a45943695094f07955..6ff975b6235f368a14597ac72d5d461ff19d83f2 100644
--- a/interface/web/dashboard/dashlets/quota.php
+++ b/interface/web/dashboard/dashlets/quota.php
@@ -21,6 +21,7 @@ class dashlet_quota {
$has_quota = false;
if(is_array($sites) && !empty($sites)){
+ $sites = $app->functions->htmlentities($sites);
$tpl->setloop('quota', $sites);
$has_quota = isset($sites[0]['used']);
}
diff --git a/interface/web/dns/dns_import.php b/interface/web/dns/dns_import.php
index 814db71db852522aa269ccd7d979ccfff1ef8af3..fb66b7b176ae6392add54894cab364f0b3d6fbe1 100644
--- a/interface/web/dns/dns_import.php
+++ b/interface/web/dns/dns_import.php
@@ -102,6 +102,7 @@ if($_SESSION['s']['user']['typ'] == 'admin') {
// load the list of clients
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = '';
if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
if(is_array($clients)) {
@@ -119,11 +120,12 @@ if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSIO
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
-
+ $client = $app->functions->htmlentities($client);
// load the list of clients
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $clients = $app->functions->htmlentities($clients);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
if(is_array($clients)) {
diff --git a/interface/web/dns/dns_slave_edit.php b/interface/web/dns/dns_slave_edit.php
index 44103608eb4cc7754296237dfacef777fbfd9d64..4d588ef8e032ab1e0bfd3ae270aacb6bc8292d85 100644
--- a/interface/web/dns/dns_slave_edit.php
+++ b/interface/web/dns/dns_slave_edit.php
@@ -85,6 +85,7 @@ class page_action extends tform_actions {
// Getting Domains of the user
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = '';
if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
//$tmp_data_record = $app->tform->getDataRecord($this->id);
@@ -100,10 +101,12 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT client.client_id, sys_group.name, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+ $client = $app->functions->htmlentities($client);
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $clients = $app->functions->htmlentities($clients);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
diff --git a/interface/web/dns/dns_soa_edit.php b/interface/web/dns/dns_soa_edit.php
index 8997146bb6a707ab75624a48458ccdf5699ec9eb..6faefac3903ec588d400fa2b8bb48e69a612ac35 100644
--- a/interface/web/dns/dns_soa_edit.php
+++ b/interface/web/dns/dns_soa_edit.php
@@ -107,6 +107,7 @@ class page_action extends tform_actions {
// Getting Domains of the user
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = '';
if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
//$tmp_data_record = $app->tform->getDataRecord($this->id);
@@ -122,10 +123,12 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
-
+ $client = $app->functions->htmlentities($client);
+
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $clients = $app->functions->htmlentities($clients);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php
index e163e4eeab5d33e68799c5d4720d94f52b747005..0e955bee09044a9a339b90ea74b631b0ff619db3 100644
--- a/interface/web/dns/dns_wizard.php
+++ b/interface/web/dns/dns_wizard.php
@@ -102,6 +102,7 @@ if($_SESSION['s']['user']['typ'] == 'admin') {
// load the list of clients
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = '';
if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
if(is_array($clients)) {
@@ -120,12 +121,13 @@ if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSIO
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
-
+ $client = $app->functions->htmlentities($client);
if ($domains_settings['use_domain_module'] != 'y') {
// load the list of clients
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $clients = $app->functions->htmlentities($clients);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
if(is_array($clients)) {
diff --git a/interface/web/dns/form/dns_soa.tform.php b/interface/web/dns/form/dns_soa.tform.php
index d76c403447c9224baa6062c561481318a5564786..910b2e6bb304f04ef16ca678f8ae3838ed857ea3 100644
--- a/interface/web/dns/form/dns_soa.tform.php
+++ b/interface/web/dns/form/dns_soa.tform.php
@@ -253,6 +253,12 @@ $form["tabs"]['dns_soa'] = array (
'update_acl' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -273,6 +279,10 @@ $form["tabs"]['dns_soa'] = array (
'dnssec_info' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/dns/list/dns_a.list.php b/interface/web/dns/list/dns_a.list.php
index b65fdf677cc5b4559fa0b063ef5874ef7c1b8946..748bc405d82072d25aa4183b2259368c04f58ed2 100644
--- a/interface/web/dns/list/dns_a.list.php
+++ b/interface/web/dns/list/dns_a.list.php
@@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('Y' => $app->lng('yes_txt'), 'N' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/dns/list/dns_slave.list.php b/interface/web/dns/list/dns_slave.list.php
index 529a18966283063ff5e6fae67454ee3768ad62f9..de0fd3a211191fc3c7e8f00446d5de7e49e9dc7c 100644
--- a/interface/web/dns/list/dns_slave.list.php
+++ b/interface/web/dns/list/dns_slave.list.php
@@ -59,7 +59,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('Y' => $app->lng('yes_txt'), 'N' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/dns/list/dns_soa.list.php b/interface/web/dns/list/dns_soa.list.php
index 2f4233e066ad6b37478095bbd382806029cb50b3..c08a3802cb29a19abab7b61153a303c7790123fe 100644
--- a/interface/web/dns/list/dns_soa.list.php
+++ b/interface/web/dns/list/dns_soa.list.php
@@ -59,7 +59,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('Y' => $app->lng('yes_txt'), 'N' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/dns/list/dns_template.list.php b/interface/web/dns/list/dns_template.list.php
index be5d6934160c223e81dda23fec6399cf32cf6205..534f3eb77d44c93dd365399067bc008f1e58997e 100644
--- a/interface/web/dns/list/dns_template.list.php
+++ b/interface/web/dns/list/dns_template.list.php
@@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "visible",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('Y' => $app->lng('yes_txt'), 'N' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "name",
diff --git a/interface/web/help/form/faq_sections.tform.php b/interface/web/help/form/faq_sections.tform.php
index 1a1076876ee720b2ce11ee564377db65ad96b5ae..86c9520f150464fc3e96845f5bfab287b3a917a0 100644
--- a/interface/web/help/form/faq_sections.tform.php
+++ b/interface/web/help/form/faq_sections.tform.php
@@ -63,6 +63,12 @@ $form['tabs']['message'] = array(
'errmsg'=> 'subject_is_empty'
),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/help/form/support_message.tform.php b/interface/web/help/form/support_message.tform.php
index d80cc158157afa3f8aa6b79fc97dddad9b76a546..caf1a010c60b355acf77a6e79eaca63556bd3bc9 100644
--- a/interface/web/help/form/support_message.tform.php
+++ b/interface/web/help/form/support_message.tform.php
@@ -100,6 +100,12 @@ $form["tabs"]['message'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'subject_is_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => $sm_default_subject,
'value' => '',
'width' => '30',
@@ -111,6 +117,10 @@ $form["tabs"]['message'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'message_is_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'cols' => '30',
diff --git a/interface/web/mail/backup_stats.php b/interface/web/mail/backup_stats.php
index ec32d35f8e3955c137c15974c4a8b71f4344c7db..1317326573491aca4882b27dad7684bf1891ca1a 100644
--- a/interface/web/mail/backup_stats.php
+++ b/interface/web/mail/backup_stats.php
@@ -22,9 +22,9 @@ class list_action extends listform_actions {
$rec = parent::prepareDataRow($rec);
- $rec['active'] = "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>";
+ $rec['active'] = "Yes";
if ($rec['backup_interval'] === 'none') {
- $rec['active'] = "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>";
+ $rec['active'] = "No";
$rec['backup_copies'] = 0;
}
$recBackup = $app->db->queryOneRecord('SELECT COUNT(backup_id) AS backup_count FROM mail_backup WHERE mailuser_id = ?', $rec['mailuser_id']);
diff --git a/interface/web/mail/form/mail_aliasdomain.tform.php b/interface/web/mail/form/mail_aliasdomain.tform.php
index 64c5992483e7f78cc514ec9bd7c67f812f3e1e0e..66db01e5aa51c5823670826acae8398372239036 100644
--- a/interface/web/mail/form/mail_aliasdomain.tform.php
+++ b/interface/web/mail/form/mail_aliasdomain.tform.php
@@ -103,7 +103,11 @@ $form["tabs"]['alias'] = array (
1 => array( 'event' => 'SHOW',
'type' => 'IDNTOUTF8'),
2 => array( 'event' => 'SAVE',
- 'type' => 'TOLOWER')
+ 'type' => 'TOLOWER'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
diff --git a/interface/web/mail/form/mail_blacklist.tform.php b/interface/web/mail/form/mail_blacklist.tform.php
index f0b35d21cec335be34b0cb205ab7e6bacd428ba2..8b268147fb0a18301d33da51722729f7585187c4 100644
--- a/interface/web/mail/form/mail_blacklist.tform.php
+++ b/interface/web/mail/form/mail_blacklist.tform.php
@@ -76,6 +76,12 @@ $form["tabs"]['blacklist'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'source_error_notempty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'value' => '',
'width' => '30',
'maxlength' => '255'
diff --git a/interface/web/mail/form/mail_forward.tform.php b/interface/web/mail/form/mail_forward.tform.php
index 3c891506b9e69a64abb916c9ddd3662bea4b6730..260d953982778b81ccc453b926e398f84b52f3e0 100644
--- a/interface/web/mail/form/mail_forward.tform.php
+++ b/interface/web/mail/form/mail_forward.tform.php
@@ -98,7 +98,11 @@ $form["tabs"]['forward'] = array (
1 => array( 'event' => 'SHOW',
'type' => 'IDNTOUTF8'),
2 => array( 'event' => 'SAVE',
- 'type' => 'TOLOWER')
+ 'type' => 'TOLOWER'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
diff --git a/interface/web/mail/form/mail_get.tform.php b/interface/web/mail/form/mail_get.tform.php
index 4521e4002882f1ad6c9902f7740bc029da282149..9f7de76e013273ad615082307b38f2b518c4a09b 100644
--- a/interface/web/mail/form/mail_get.tform.php
+++ b/interface/web/mail/form/mail_get.tform.php
@@ -109,6 +109,12 @@ $form["tabs"]['mailget'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'source_username_error_isempty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/mail/form/mail_mailinglist.tform.php b/interface/web/mail/form/mail_mailinglist.tform.php
index 24c4f003c9ef4f9ebff5f3cc1c4269b13dbcfb11..ba877f410cec3f6c57b4dbe571d2691c9f905d46 100644
--- a/interface/web/mail/form/mail_mailinglist.tform.php
+++ b/interface/web/mail/form/mail_mailinglist.tform.php
@@ -104,6 +104,12 @@ $form["tabs"]['mailinglist'] = array (
1 => array ( 'type' => 'UNIQUE',
'errmsg'=> 'listname_error_unique'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/mail/form/mail_relay_recipient.tform.php b/interface/web/mail/form/mail_relay_recipient.tform.php
index 4c5b2b1db1656d4fcad9531f45f216733bf997f7..34c23861e47fbfd5f8b01fded64c9f62f643c4b4 100644
--- a/interface/web/mail/form/mail_relay_recipient.tform.php
+++ b/interface/web/mail/form/mail_relay_recipient.tform.php
@@ -76,6 +76,12 @@ $form["tabs"]['relay_recipient'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'source_error_notempty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'value' => '',
'width' => '30',
'maxlength' => '255'
@@ -83,6 +89,12 @@ $form["tabs"]['relay_recipient'] = array (
'access' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'OK',
'value' => 'OK',
'width' => '30',
diff --git a/interface/web/mail/form/mail_spamfilter.tform.php b/interface/web/mail/form/mail_spamfilter.tform.php
index fe3f6c0f2695f6f77e3f94105fd10dd60e546a06..fb9a3c311be5679cc1f2d963cf4e16d00da2ceca 100644
--- a/interface/web/mail/form/mail_spamfilter.tform.php
+++ b/interface/web/mail/form/mail_spamfilter.tform.php
@@ -108,6 +108,12 @@ $form["tabs"]['spamfilter'] = array (
'spam_rewrite_subject' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '***SPAM***',
'value' => '',
'width' => '30',
diff --git a/interface/web/mail/form/mail_transport.tform.php b/interface/web/mail/form/mail_transport.tform.php
index 000584246bbd0b8999832707ab5360732ab4cdb9..ee3c52b447d311cf742977a6d558b7754c042a7e 100644
--- a/interface/web/mail/form/mail_transport.tform.php
+++ b/interface/web/mail/form/mail_transport.tform.php
@@ -82,7 +82,11 @@ $form["tabs"]['transport'] = array (
1 => array( 'event' => 'SHOW',
'type' => 'IDNTOUTF8'),
2 => array( 'event' => 'SAVE',
- 'type' => 'TOLOWER')
+ 'type' => 'TOLOWER'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
@@ -93,6 +97,12 @@ $form["tabs"]['transport'] = array (
'transport' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/mail/form/mail_user.tform.php b/interface/web/mail/form/mail_user.tform.php
index 7ba56888292636c3e9016a6497ccb22e3ae08ac9..631c507f900be8866843cb02c9d2bb509fcea648 100644
--- a/interface/web/mail/form/mail_user.tform.php
+++ b/interface/web/mail/form/mail_user.tform.php
@@ -144,6 +144,12 @@ $form["tabs"]['mailuser'] = array(
'name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -205,6 +211,12 @@ $form["tabs"]['mailuser'] = array(
'maildir' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -213,6 +225,12 @@ $form["tabs"]['mailuser'] = array(
'maildir_format' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -221,6 +239,12 @@ $form["tabs"]['mailuser'] = array(
'homedir' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -304,6 +328,12 @@ if ($global_config['mail']['mailbox_show_autoresponder_tab'] === 'y') {
'autoresponder_subject' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'Out of office reply',
'value' => '',
'width' => '30',
@@ -312,6 +342,10 @@ if ($global_config['mail']['mailbox_show_autoresponder_tab'] === 'y') {
'autoresponder_text' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'cols' => '30',
diff --git a/interface/web/mail/form/mail_user_filter.tform.php b/interface/web/mail/form/mail_user_filter.tform.php
index d5f6a0ab5bd719bf0de027a2f86f297c68c04759..becb09351e869b3e4e3ccfd73ab635a1de40beff 100644
--- a/interface/web/mail/form/mail_user_filter.tform.php
+++ b/interface/web/mail/form/mail_user_filter.tform.php
@@ -73,6 +73,12 @@ $form["tabs"]['filter'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'rulename_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -97,6 +103,10 @@ $form["tabs"]['filter'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'searchterm_is_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/mail/form/mail_whitelist.tform.php b/interface/web/mail/form/mail_whitelist.tform.php
index ce8f954e5be9b6510144d7cdff0d578bd258702c..00fc971647ef9c87fea815e4f2fb958d03f182c0 100644
--- a/interface/web/mail/form/mail_whitelist.tform.php
+++ b/interface/web/mail/form/mail_whitelist.tform.php
@@ -76,6 +76,12 @@ $form["tabs"]['whitelist'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'source_error_notempty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'value' => '',
'width' => '30',
'maxlength' => '255'
@@ -83,6 +89,12 @@ $form["tabs"]['whitelist'] = array (
'access' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'OK',
'value' => 'OK',
'width' => '30',
diff --git a/interface/web/mail/form/spamfilter_blacklist.tform.php b/interface/web/mail/form/spamfilter_blacklist.tform.php
index a6637473eba94f8dee3374506326d1c161858fee..3514eed4344fa049149bc32ec96d9dd40addffb9 100644
--- a/interface/web/mail/form/spamfilter_blacklist.tform.php
+++ b/interface/web/mail/form/spamfilter_blacklist.tform.php
@@ -72,6 +72,12 @@ $form["tabs"]['blacklist'] = array (
'wb' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'B',
'value' => array('W' => 'blacklist', 'B' => 'Blacklist')
),
@@ -90,6 +96,17 @@ $form["tabs"]['blacklist'] = array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
+ 'filters' => array( 0 => array( 'event' => 'SAVE',
+ 'type' => 'IDNTOASCII'),
+ 1 => array( 'event' => 'SHOW',
+ 'type' => 'IDNTOUTF8'),
+ 2 => array( 'event' => 'SAVE',
+ 'type' => 'TOLOWER'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'email_error_notempty'),
),
diff --git a/interface/web/mail/form/spamfilter_policy.tform.php b/interface/web/mail/form/spamfilter_policy.tform.php
index da63732c80a24a3a5e6695980c9fcc767e4bb09b..31e8b8092a0833023f677dc7ea9a6ccef7e40a0a 100644
--- a/interface/web/mail/form/spamfilter_policy.tform.php
+++ b/interface/web/mail/form/spamfilter_policy.tform.php
@@ -65,6 +65,12 @@ $form["tabs"]['policy'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'policyname_error_notempty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'value' => '',
'width' => '30',
'maxlength' => '255'
@@ -129,6 +135,12 @@ $form["tabs"]['quarantine'] = array (
'virus_quarantine_to' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -137,6 +149,12 @@ $form["tabs"]['quarantine'] = array (
'spam_quarantine_to' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -145,6 +163,12 @@ $form["tabs"]['quarantine'] = array (
'banned_quarantine_to' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -153,6 +177,12 @@ $form["tabs"]['quarantine'] = array (
'bad_header_quarantine_to' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -161,6 +191,12 @@ $form["tabs"]['quarantine'] = array (
'clean_quarantine_to' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -169,6 +205,12 @@ $form["tabs"]['quarantine'] = array (
'other_quarantine_to' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -237,6 +279,12 @@ $form["tabs"]['taglevel'] = array (
'spam_subject_tag' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -245,6 +293,12 @@ $form["tabs"]['taglevel'] = array (
'spam_subject_tag2' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -268,6 +322,12 @@ $form["tabs"]['other'] = array (
'addr_extension_virus' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -276,6 +336,12 @@ $form["tabs"]['other'] = array (
'addr_extension_spam' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -284,6 +350,12 @@ $form["tabs"]['other'] = array (
'addr_extension_banned' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -292,6 +364,12 @@ $form["tabs"]['other'] = array (
'addr_extension_bad_header' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -318,6 +396,12 @@ $form["tabs"]['other'] = array (
'newvirus_admin' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -326,6 +410,12 @@ $form["tabs"]['other'] = array (
'virus_admin' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -334,6 +424,12 @@ $form["tabs"]['other'] = array (
'banned_admin' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -342,6 +438,12 @@ $form["tabs"]['other'] = array (
'bad_header_admin' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -350,6 +452,12 @@ $form["tabs"]['other'] = array (
'spam_admin' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -367,6 +475,12 @@ $form["tabs"]['other'] = array (
'banned_rulenames' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/mail/form/spamfilter_users.tform.php b/interface/web/mail/form/spamfilter_users.tform.php
index 0eba0bbefbcc228b29b4f5102f49122b0bd4eb0a..1ed9e54b0d86c66d34c71dcc9fc5acea9122daf8 100644
--- a/interface/web/mail/form/spamfilter_users.tform.php
+++ b/interface/web/mail/form/spamfilter_users.tform.php
@@ -91,7 +91,11 @@ $form["tabs"]['users'] = array (
'formtype' => 'TEXT',
'default' => '',
'filters' => array( 0 => array( 'event' => 'SAVE',
- 'type' => 'TOLOWER')
+ 'type' => 'TOLOWER'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 2 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'email_error_notempty'),
@@ -107,6 +111,12 @@ $form["tabs"]['users'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'fullname_error_notempty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'value' => '',
'width' => '30',
'maxlength' => '255'
diff --git a/interface/web/mail/form/spamfilter_whitelist.tform.php b/interface/web/mail/form/spamfilter_whitelist.tform.php
index 5f8a176be715b1e60e14da5d799a6f8fadb7d4e1..f0802fa4912c2e8f298f221e3387470f963bc0f8 100644
--- a/interface/web/mail/form/spamfilter_whitelist.tform.php
+++ b/interface/web/mail/form/spamfilter_whitelist.tform.php
@@ -72,6 +72,12 @@ $form["tabs"]['whitelist'] = array (
'wb' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'W',
'value' => array('W' => 'Whitelist', 'B' => 'Blacklist')
),
@@ -95,7 +101,11 @@ $form["tabs"]['whitelist'] = array (
1 => array( 'event' => 'SHOW',
'type' => 'IDNTOUTF8'),
2 => array( 'event' => 'SAVE',
- 'type' => 'TOLOWER')
+ 'type' => 'TOLOWER'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'email_error_notempty'),
diff --git a/interface/web/mail/form/xmpp_domain.tform.php b/interface/web/mail/form/xmpp_domain.tform.php
index 095c72fba2317415284885be53849b5fa03f02c8..bbe694f9fd389fe24d741fb02c739e3a1b40362d 100644
--- a/interface/web/mail/form/xmpp_domain.tform.php
+++ b/interface/web/mail/form/xmpp_domain.tform.php
@@ -139,12 +139,22 @@ $form["tabs"]['domain'] = array (
'registration_message' => array(
'datatype' => 'TEXT',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => "",
'value' => ''
),
'domain_admins' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '15',
diff --git a/interface/web/mail/list/mail_alias.list.php b/interface/web/mail/list/mail_alias.list.php
index 044fc84baad24b5db048730d34730f0327cb1091..97716401f12097e3b50292e733e57a5a34dd9a84 100644
--- a/interface/web/mail/list/mail_alias.list.php
+++ b/interface/web/mail/list/mail_alias.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "source",
diff --git a/interface/web/mail/list/mail_aliasdomain.list.php b/interface/web/mail/list/mail_aliasdomain.list.php
index b97d265e48345287c2f8ee15138e3dfcf37d30cd..b2cb315394b30b98962ac2030c61d05901b78a77 100644
--- a/interface/web/mail/list/mail_aliasdomain.list.php
+++ b/interface/web/mail/list/mail_aliasdomain.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "source",
diff --git a/interface/web/mail/list/mail_blacklist.list.php b/interface/web/mail/list/mail_blacklist.list.php
index 45a3a9987c05d1cd219add6014a9b51fe80776a0..a2f3997fd7aaa5c080c8d1072aca29030c08659f 100644
--- a/interface/web/mail/list/mail_blacklist.list.php
+++ b/interface/web/mail/list/mail_blacklist.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
diff --git a/interface/web/mail/list/mail_content_filter.list.php b/interface/web/mail/list/mail_content_filter.list.php
index c585a1601a0ad602a173b2dc70365a3023cdef4c..53767a153c40911ff5b90fe122ae8492d2d09a68 100644
--- a/interface/web/mail/list/mail_content_filter.list.php
+++ b/interface/web/mail/list/mail_content_filter.list.php
@@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
diff --git a/interface/web/mail/list/mail_domain.list.php b/interface/web/mail/list/mail_domain.list.php
index 7946f4c51ab4fa375c38f4b9f4859567e05f89fe..5304ab622665fee3f185ed303cc033953cafb712 100644
--- a/interface/web/mail/list/mail_domain.list.php
+++ b/interface/web/mail/list/mail_domain.list.php
@@ -59,7 +59,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
if($_SESSION['s']['user']['typ'] == 'admin') {
diff --git a/interface/web/mail/list/mail_domain_catchall.list.php b/interface/web/mail/list/mail_domain_catchall.list.php
index e2aa2d63aa28913e1e0b630157e26fa714000c7b..0f179ead7707b4c8ede24ed3b6fddac9295ab748 100644
--- a/interface/web/mail/list/mail_domain_catchall.list.php
+++ b/interface/web/mail/list/mail_domain_catchall.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "source",
diff --git a/interface/web/mail/list/mail_forward.list.php b/interface/web/mail/list/mail_forward.list.php
index bd334d74347eaf01b4814a44032a9e33c82c9884..decf14c37eb0ed3525fbf72e87339902c1935160 100644
--- a/interface/web/mail/list/mail_forward.list.php
+++ b/interface/web/mail/list/mail_forward.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "source",
diff --git a/interface/web/mail/list/mail_get.list.php b/interface/web/mail/list/mail_get.list.php
index 3163f4e10867ba4040ba51ea7d0d232b248d65a7..0a8c0dcc88332f2631a64b189afc865a18b715de 100644
--- a/interface/web/mail/list/mail_get.list.php
+++ b/interface/web/mail/list/mail_get.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/mail/list/mail_relay_recipient.list.php b/interface/web/mail/list/mail_relay_recipient.list.php
index 3e3fd91012c5235c3faf89148c68f2fddf0e8c0b..af00d7c90c633cdb5d451f2e0a9c6a43b63be485 100644
--- a/interface/web/mail/list/mail_relay_recipient.list.php
+++ b/interface/web/mail/list/mail_relay_recipient.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/mail/list/mail_spamfilter.list.php b/interface/web/mail/list/mail_spamfilter.list.php
index f1f4e612c28576d84c12cb9c4a1411e3c4afb278..09d3292bc73289677011f0d9112f38dbabacdc43 100644
--- a/interface/web/mail/list/mail_spamfilter.list.php
+++ b/interface/web/mail/list/mail_spamfilter.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('1' => $app->lng('yes_txt'), '0' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/mail/list/mail_transport.list.php b/interface/web/mail/list/mail_transport.list.php
index 9124b937fdc7504e676c50d5531c2bf55c7aa3d9..3dd87e17105e129c109dd3562580f38f5ae4ddcb 100644
--- a/interface/web/mail/list/mail_transport.list.php
+++ b/interface/web/mail/list/mail_transport.list.php
@@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/mail/list/mail_user.list.php b/interface/web/mail/list/mail_user.list.php
index 1c56140cb24e0a685472df6fe430d1ad323027c9..4513a516c910cb05cdc6bb7d36388240e7afe818 100644
--- a/interface/web/mail/list/mail_user.list.php
+++ b/interface/web/mail/list/mail_user.list.php
@@ -87,7 +87,7 @@ $liste["item"][] = array( 'field' => "autoresponder",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "postfix",
'datatype' => "VARCHAR",
@@ -96,7 +96,7 @@ $liste["item"][] = array( 'field' => "postfix",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "disablesmtp",
'datatype' => "VARCHAR",
@@ -105,7 +105,7 @@ $liste["item"][] = array( 'field' => "disablesmtp",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('n' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'y' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('n' => $app->lng('yes_txt'), 'y' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "disableimap",
'datatype' => "VARCHAR",
@@ -114,7 +114,7 @@ $liste["item"][] = array( 'field' => "disableimap",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('n' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'y' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('n' => $app->lng('yes_txt'), 'y' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "disablepop3",
'datatype' => "VARCHAR",
@@ -123,6 +123,6 @@ $liste["item"][] = array( 'field' => "disablepop3",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('n' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'y' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('n' => $app->lng('yes_txt'), 'y' => $app->lng('no_txt')));
?>
diff --git a/interface/web/mail/list/mail_whitelist.list.php b/interface/web/mail/list/mail_whitelist.list.php
index 321db859926c97488e78759ed44c7ce1ab2bd4f6..e27edad6dabee79f085dc64b67a96eabad31723c 100644
--- a/interface/web/mail/list/mail_whitelist.list.php
+++ b/interface/web/mail/list/mail_whitelist.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/mail/list/spamfilter_blacklist.list.php b/interface/web/mail/list/spamfilter_blacklist.list.php
index b4be804fbe4f15dea44aa13516661f90f0411e76..33e0b433a3e43d9d19964e85dcb92ae85aaaf2b6 100644
--- a/interface/web/mail/list/spamfilter_blacklist.list.php
+++ b/interface/web/mail/list/spamfilter_blacklist.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/mail/list/spamfilter_policy.list.php b/interface/web/mail/list/spamfilter_policy.list.php
index e7e0def6824b13163a662eb6b481cdba70b8caf0..646a45c87044ee700126ff2e07cef8d580886138 100644
--- a/interface/web/mail/list/spamfilter_policy.list.php
+++ b/interface/web/mail/list/spamfilter_policy.list.php
@@ -65,7 +65,7 @@ $liste["item"][] = array( 'field' => "virus_lover",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('Y' => $app->lng('yes_txt'), 'N' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "spam_lover",
@@ -75,7 +75,7 @@ $liste["item"][] = array( 'field' => "spam_lover",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('Y' => $app->lng('yes_txt'), 'N' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "banned_files_lover",
@@ -85,7 +85,7 @@ $liste["item"][] = array( 'field' => "banned_files_lover",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('Y' => $app->lng('yes_txt'), 'N' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "bad_header_lover",
@@ -95,7 +95,7 @@ $liste["item"][] = array( 'field' => "bad_header_lover",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('Y' => $app->lng('yes_txt'), 'N' => $app->lng('no_txt')));
diff --git a/interface/web/mail/list/spamfilter_users.list.php b/interface/web/mail/list/spamfilter_users.list.php
index e9d703b94295eba400fded746be7ca93c8493847..d952640283469e8e5aa95459e04c35d4e1a0dd76 100644
--- a/interface/web/mail/list/spamfilter_users.list.php
+++ b/interface/web/mail/list/spamfilter_users.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "local",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('Y' => $app->lng('yes_txt'), 'N' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/mail/list/spamfilter_whitelist.list.php b/interface/web/mail/list/spamfilter_whitelist.list.php
index 713187e0080c220ca31981df73a46fa9eaa45d59..0cd3333e6963e5b7caf43c9381b40601e53057c5 100644
--- a/interface/web/mail/list/spamfilter_whitelist.list.php
+++ b/interface/web/mail/list/spamfilter_whitelist.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/mail/list/xmpp_domain.list.php b/interface/web/mail/list/xmpp_domain.list.php
index be87ec735ea2387241bbbac6120fa0aed8a135ce..191508db3919a67f8ec480eefc9bda476b068758 100644
--- a/interface/web/mail/list/xmpp_domain.list.php
+++ b/interface/web/mail/list/xmpp_domain.list.php
@@ -59,7 +59,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
if($_SESSION['s']['user']['typ'] == 'admin') {
diff --git a/interface/web/mail/mail_domain_edit.php b/interface/web/mail/mail_domain_edit.php
index ad383c474bc7ad45204e48acd7d5592624791a64..7565752bd31c575d38731fe09af55c191ba81c70 100644
--- a/interface/web/mail/mail_domain_edit.php
+++ b/interface/web/mail/mail_domain_edit.php
@@ -80,6 +80,7 @@ class page_action extends tform_actions {
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = '';
if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
//$tmp_data_record = $app->tform->getDataRecord($this->id);
@@ -96,6 +97,7 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.default_mailserver, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ? order by client.contact_name", $client_group_id);
+ $client = $app->functions->htmlentities($client);
// Set the mailserver to the default server of the client
$tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $client['default_mailserver']);
@@ -106,6 +108,7 @@ class page_action extends tform_actions {
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $clients = $app->functions->htmlentities($clients);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
diff --git a/interface/web/mail/mail_mailinglist_edit.php b/interface/web/mail/mail_mailinglist_edit.php
index 5515670734700a4ec1c700085dadd0eb073df24e..1419627529253adf23bba5bdfb5f00ba0de749d5 100644
--- a/interface/web/mail/mail_mailinglist_edit.php
+++ b/interface/web/mail/mail_mailinglist_edit.php
@@ -74,6 +74,7 @@ class page_action extends tform_actions {
// Getting Clients of the user
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = '';
if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
$tmp_data_record = $app->tform->getDataRecord($this->id);
@@ -90,10 +91,12 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.default_mailserver, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ? order by contact_name", $client_group_id);
+ $client = $app->functions->htmlentities($client);
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $clients = $app->functions->htmlentities($clients);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
$tmp_data_record = $app->tform->getDataRecord($this->id);
diff --git a/interface/web/mail/xmpp_domain_edit.php b/interface/web/mail/xmpp_domain_edit.php
index ec5a5fc11bb67e114f6b77c8ecb65473e1055de3..39132011148a73989d67a73cc7057e234f65bb2d 100644
--- a/interface/web/mail/xmpp_domain_edit.php
+++ b/interface/web/mail/xmpp_domain_edit.php
@@ -108,6 +108,7 @@ class page_action extends tform_actions {
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = '';
if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
//$tmp_data_record = $app->tform->getDataRecord($this->id);
@@ -124,11 +125,13 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ? order by client.contact_name", $client_group_id);
+ $client = $app->functions->htmlentities($client);
if ($settings['use_domain_module'] != 'y') {
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $clients = $app->functions->htmlentities($clients);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
diff --git a/interface/web/mailuser/form/mail_user_autoresponder.tform.php b/interface/web/mailuser/form/mail_user_autoresponder.tform.php
index 44ce15cd5c9bc2830c8da3a4305fd6eb617449ad..e642534c13fbf34250aedf51ba88173395857f93 100644
--- a/interface/web/mailuser/form/mail_user_autoresponder.tform.php
+++ b/interface/web/mailuser/form/mail_user_autoresponder.tform.php
@@ -62,6 +62,12 @@ $form["tabs"]['autoresponder'] = array (
'autoresponder_subject' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'Out of office reply',
'value' => '',
'width' => '30',
@@ -70,6 +76,10 @@ $form["tabs"]['autoresponder'] = array (
'autoresponder_text' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'cols' => '30',
diff --git a/interface/web/sites/backup_stats.php b/interface/web/sites/backup_stats.php
index 640b0c17bb925fd5c47c35499739582615826ff6..7a3b81553c79485be472c3c628b88bee35136a2f 100644
--- a/interface/web/sites/backup_stats.php
+++ b/interface/web/sites/backup_stats.php
@@ -22,9 +22,9 @@ class list_action extends listform_actions {
$rec = parent::prepareDataRow($rec);
- $rec['active'] = "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>";
+ $rec['active'] = "Yes";
if ($rec['backup_interval'] === 'none') {
- $rec['active'] = "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>";
+ $rec['active'] = "No";
$rec['backup_copies'] = 0;
}
diff --git a/interface/web/sites/database_user_edit.php b/interface/web/sites/database_user_edit.php
index 5224cc50a8cca00470c69c3800dbbd9b50e61e29..e7bfa611a937be481efde7ae8ba7a8308cbaf01c 100644
--- a/interface/web/sites/database_user_edit.php
+++ b/interface/web/sites/database_user_edit.php
@@ -87,6 +87,7 @@ class page_action extends tform_actions {
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$records = $app->db->queryAllRecords($sql, $client['client_id']);
+ $records = $app->functions->htmlentities($records);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contact_name'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
@@ -101,6 +102,7 @@ class page_action extends tform_actions {
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = "<option value='0'></option>";
//$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($clients)) {
diff --git a/interface/web/sites/form/web_vhost_domain.tform.php b/interface/web/sites/form/web_vhost_domain.tform.php
index ebe5d7b1d538dbd01dc992361f24a4f289a81ffd..ce51cc3a4d15a0fd3c076f21eb91e1bd507595a2 100644
--- a/interface/web/sites/form/web_vhost_domain.tform.php
+++ b/interface/web/sites/form/web_vhost_domain.tform.php
@@ -520,6 +520,12 @@ if($ssl_available) {
'ssl_domain' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -528,6 +534,10 @@ if($ssl_available) {
'ssl_key' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'cols' => '30',
@@ -536,6 +546,10 @@ if($ssl_available) {
'ssl_request' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'cols' => '30',
@@ -544,6 +558,10 @@ if($ssl_available) {
'ssl_cert' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'cols' => '30',
@@ -552,6 +570,10 @@ if($ssl_available) {
'ssl_bundle' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'cols' => '30',
diff --git a/interface/web/sites/form/webdav_user.tform.php b/interface/web/sites/form/webdav_user.tform.php
index a1bfd3056d6a7479e20034bbeb913db30849d0a1..8d5c0c561f29b4a33db9da70f05367d5163ec21b 100644
--- a/interface/web/sites/form/webdav_user.tform.php
+++ b/interface/web/sites/form/webdav_user.tform.php
@@ -130,6 +130,12 @@ $form["tabs"]['webdav'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'directory_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/sites/list/aps_availablepackages.list.php b/interface/web/sites/list/aps_availablepackages.list.php
index 812e57fd60782c2392848ae15262430e685c4ad7..9fd19434223308f933b2b6a62171c1964d008aaf 100644
--- a/interface/web/sites/list/aps_availablepackages.list.php
+++ b/interface/web/sites/list/aps_availablepackages.list.php
@@ -80,7 +80,7 @@ if($_SESSION['s']['user']['typ'] == 'admin')
'prefix' => '',
'suffix' => '',
'width' => '',
- 'value' => array(PACKAGE_ENABLED => '<div class="swap" id="ir-Yes"><span>'.$app->lng('Yes').'</span></div>',
- PACKAGE_LOCKED => '<div class="swap" id="ir-No"><span>'.$app->lng('No').'</span></div>'));
+ 'value' => array(PACKAGE_ENABLED => $app->lng('Yes'),
+ PACKAGE_LOCKED => $app->lng('No')));
}
?>
diff --git a/interface/web/sites/list/cron.list.php b/interface/web/sites/list/cron.list.php
index 7679a2e1c18c1ae42403242c582ad7472484bc8c..fc8c9691a63181094f68e4b8742eb0725a8c247c 100644
--- a/interface/web/sites/list/cron.list.php
+++ b/interface/web/sites/list/cron.list.php
@@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/sites/list/database.list.php b/interface/web/sites/list/database.list.php
index b4d1196b59067c759fcbbda88bc23b082d8c1733..25e1b8de7f3811e6ef3a7bc51a1d459c445b572e 100644
--- a/interface/web/sites/list/database.list.php
+++ b/interface/web/sites/list/database.list.php
@@ -59,7 +59,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "remote_access",
'datatype' => "VARCHAR",
@@ -68,7 +68,7 @@ $liste["item"][] = array( 'field' => "remote_access",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "type",
'datatype' => "VARCHAR",
diff --git a/interface/web/sites/list/ftp_user.list.php b/interface/web/sites/list/ftp_user.list.php
index 765740638287838efcb710225aec2c999657104c..20a8a327acb60feaf76877a4da1a085a7ab44267 100644
--- a/interface/web/sites/list/ftp_user.list.php
+++ b/interface/web/sites/list/ftp_user.list.php
@@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/sites/list/shell_user.list.php b/interface/web/sites/list/shell_user.list.php
index 9ea244ed0b2071ccd47cfb29b4b4d55d84fd409d..3f51082d6e99b5446568a084d4a05a2a6f613865 100644
--- a/interface/web/sites/list/shell_user.list.php
+++ b/interface/web/sites/list/shell_user.list.php
@@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/sites/list/web_childdomain.list.php b/interface/web/sites/list/web_childdomain.list.php
index 1e38b24a4152f564031320843db558f8a427f00e..202744e8de522feb60f5a1d23771c3549f27b7a3 100644
--- a/interface/web/sites/list/web_childdomain.list.php
+++ b/interface/web/sites/list/web_childdomain.list.php
@@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/sites/list/web_folder.list.php b/interface/web/sites/list/web_folder.list.php
index fce8cfd1efef57f5d482ef0066514f94c9aa3150..dc2fb0418acddfb631520d186cab114f63d9fac3 100644
--- a/interface/web/sites/list/web_folder.list.php
+++ b/interface/web/sites/list/web_folder.list.php
@@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/sites/list/web_folder_user.list.php b/interface/web/sites/list/web_folder_user.list.php
index c8f078a4be9738581accb3e9d90434379a9f991c..f0a1cd8ad29481f819d212986e09c252da5084b9 100644
--- a/interface/web/sites/list/web_folder_user.list.php
+++ b/interface/web/sites/list/web_folder_user.list.php
@@ -57,7 +57,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "web_folder_id",
diff --git a/interface/web/sites/list/web_vhost_domain.list.php b/interface/web/sites/list/web_vhost_domain.list.php
index 1d167a77bc67674a1d2e1e07f406e8c3e99aba8e..e6b0cd25193a601e1e866b88fbc111e49d0ed6d8 100644
--- a/interface/web/sites/list/web_vhost_domain.list.php
+++ b/interface/web/sites/list/web_vhost_domain.list.php
@@ -78,7 +78,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
if($_SESSION['s']['user']['typ'] == 'admin' && $vhostdomain_type == 'domain') {
$liste["item"][] = array( 'field' => "sys_groupid",
diff --git a/interface/web/sites/list/webdav_user.list.php b/interface/web/sites/list/webdav_user.list.php
index 5d1aeec94a9f82e6857639475d91ecf000904ea6..04b772d15683448d4654fc5cfa18602a19f854b3 100644
--- a/interface/web/sites/list/webdav_user.list.php
+++ b/interface/web/sites/list/webdav_user.list.php
@@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "server_id",
diff --git a/interface/web/sites/templates/web_vhost_domain_list.htm b/interface/web/sites/templates/web_vhost_domain_list.htm
index 1ece7aca9ae8837766e0f9b3ca2717425321f4cd..b784f159652e7d51a6a8231c10f4630c7bf3af7f 100644
--- a/interface/web/sites/templates/web_vhost_domain_list.htm
+++ b/interface/web/sites/templates/web_vhost_domain_list.htm
@@ -41,7 +41,7 @@
</tr>
<tr>
<tmpl_if name="vhostdomain_type" value="domain"><td><input class="form-control" type="text" name="search_domain_id" value="{tmpl_var name='search_domain_id'}" /></td></tmpl_if>
- <td><select class="form-control" name="search_active">{tmpl_var name='search_active'}</select></td>
+ <td><select class="form-control active-switch" name="search_active">{tmpl_var name='search_active'}</select></td>
<td><select class="form-control" name="search_server_id">{tmpl_var name='search_server_id'}</select></td>
<tmpl_if name="vhostdomain_type" op="!=" value="domain"><td><select class="form-control" name="search_parent_domain_id">{tmpl_var name='search_parent_domain_id'}</select></td></tmpl_if>
<td><input class="form-control" type="text" name="search_domain" value="{tmpl_var name='search_domain'}" /></td>
diff --git a/interface/web/sites/web_vhost_domain_edit.php b/interface/web/sites/web_vhost_domain_edit.php
index 82cf226a374ce4858f6f251ac227bd53aad7f085..023f8db0c52938f467b5c3eb5c8ba6d61e9420c5 100644
--- a/interface/web/sites/web_vhost_domain_edit.php
+++ b/interface/web/sites/web_vhost_domain_edit.php
@@ -290,6 +290,7 @@ class page_action extends tform_actions {
} elseif($this->_vhostdomain_type == 'aliasdomain') {
$client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_aliasdomain, client.web_servers, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
}
+ $client = $app->functions->htmlentities($client);
$client['web_servers_ids'] = explode(',', $client['web_servers']);
$only_one_server = count($client['web_servers_ids']) === 1;
@@ -326,6 +327,7 @@ class page_action extends tform_actions {
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$records = $app->db->queryAllRecords($sql, $client['client_id']);
+ $records = $app->functions->htmlentities($records);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
@@ -585,6 +587,7 @@ class page_action extends tform_actions {
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = "<option value='0'></option>";
//$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($clients)) {
diff --git a/interface/web/themes/default/assets/javascripts/ispconfig.js b/interface/web/themes/default/assets/javascripts/ispconfig.js
index fcd5167a885847119270013db5294bc6b95ec71f..5f797af3286f8b0a7902f8bcebe4f48bcdf70c46 100644
--- a/interface/web/themes/default/assets/javascripts/ispconfig.js
+++ b/interface/web/themes/default/assets/javascripts/ispconfig.js
@@ -103,13 +103,15 @@ var ISPConfig = {
width: 'element',
selectOnBlur: true,
allowClear: true,
- formatResult: function(o) {
- if(o.id && $(o.element).parent().hasClass('flags')) return '<span class="flags flag-' + o.id.toLowerCase() + '">' + o.text + '</span>';
- else return o.text;
+ formatResult: function(o, cont, qry, escapeMarkup) {
+ if(o.id && $(o.element).parent().hasClass('flags')) return '<span class="flags flag-' + o.id.toLowerCase() + '">' + escapeMarkup(o.text) + '</span>';
+ else if(o.id && $(o.element).parent().hasClass('active-switch')) return '<span class="active active-' + o.id.toLowerCase() + '">' + escapeMarkup(o.text) + '</span>';
+ else return escapeMarkup(o.text);
},
- formatSelection: function(o) {
- if(o.id && $(o.element).parent().hasClass('flags')) return '<span class="flags flag-' + o.id.toLowerCase() + '">' + o.text + '</span>';
- else return o.text;
+ formatSelection: function(o, cont, escapeMarkup) {
+ if(o.id && $(o.element).parent().hasClass('flags')) return '<span class="flags flag-' + o.id.toLowerCase() + '">' + escapeMarkup(o.text) + '</span>';
+ else if(o.id && $(o.element).parent().hasClass('active-switch')) return '<span class="active active-' + o.id.toLowerCase() + '">' + escapeMarkup(o.text) + '</span>';
+ else return escapeMarkup(o.text);
}
}).on('change', function(e) {
if ($("#pageForm .table #Filter").length > 0) {
diff --git a/interface/web/vm/form/openvz_ostemplate.tform.php b/interface/web/vm/form/openvz_ostemplate.tform.php
index 07eeafef0f8d349e1e951d2efe702963d078f33a..a28bbc6adeaf9ea3d28318f1d6d63945b5230db3 100644
--- a/interface/web/vm/form/openvz_ostemplate.tform.php
+++ b/interface/web/vm/form/openvz_ostemplate.tform.php
@@ -69,6 +69,12 @@ $form["tabs"]['main'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'template_name_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -81,6 +87,12 @@ $form["tabs"]['main'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'template_file_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -113,6 +125,10 @@ $form["tabs"]['main'] = array (
'description' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'separator' => '',
diff --git a/interface/web/vm/form/openvz_template.tform.php b/interface/web/vm/form/openvz_template.tform.php
index 8279ce085c8566a0b41096b2800f1b5013d0d919..1a069361cbdeb6d74ff5b792aab36f1a0dcc6efa 100644
--- a/interface/web/vm/form/openvz_template.tform.php
+++ b/interface/web/vm/form/openvz_template.tform.php
@@ -69,6 +69,12 @@ $form["tabs"]['main'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'template_name_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -155,6 +161,12 @@ $form["tabs"]['main'] = array (
'hostname' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -172,6 +184,12 @@ $form["tabs"]['main'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'template_nameserver_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '8.8.8.8 8.8.4.4',
'value' => '',
'width' => '30',
@@ -187,6 +205,10 @@ $form["tabs"]['main'] = array (
'description' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'separator' => '',
diff --git a/interface/web/vm/form/openvz_vm.tform.php b/interface/web/vm/form/openvz_vm.tform.php
index 44f20dc6ec496da791cf5106a4def0cd222431cf..fe61e27c453e2957d5c8066ba50bccc6d98e258a 100644
--- a/interface/web/vm/form/openvz_vm.tform.php
+++ b/interface/web/vm/form/openvz_vm.tform.php
@@ -122,7 +122,11 @@ $form["tabs"]['main'] = array (
1 => array( 'event' => 'SHOW',
'type' => 'IDNTOUTF8'),
2 => array( 'event' => 'SAVE',
- 'type' => 'TOLOWER')
+ 'type' => 'TOLOWER'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'hostname_error_empty'),
@@ -178,6 +182,10 @@ $form["tabs"]['main'] = array (
'description' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'separator' => '',
diff --git a/interface/web/vm/list/openvz_ip.list.php b/interface/web/vm/list/openvz_ip.list.php
index 77a52dbcf956eb04d5d60f82910f92c5193a8742..80869918ad4dfc0b1275bde69a358d25ae433881 100644
--- a/interface/web/vm/list/openvz_ip.list.php
+++ b/interface/web/vm/list/openvz_ip.list.php
@@ -91,7 +91,7 @@ $liste["item"][] = array( 'field' => "reserved",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
diff --git a/interface/web/vm/list/openvz_ostemplate.list.php b/interface/web/vm/list/openvz_ostemplate.list.php
index ca6132d827726321b6ebde6ef5e9c14db776dfa4..c2df7eb3867924ce031b0275b9dbb08ca859fdd4 100644
--- a/interface/web/vm/list/openvz_ostemplate.list.php
+++ b/interface/web/vm/list/openvz_ostemplate.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "ostemplate_id",
'datatype' => "INTEGER",
@@ -96,7 +96,7 @@ $liste["item"][] = array( 'field' => "allservers",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
diff --git a/interface/web/vm/list/openvz_template.list.php b/interface/web/vm/list/openvz_template.list.php
index e87314e98e4efac02b3e96ab664995872cbedfff..2d92f7baf4bf1aef12d19b7a5edb38938e7e0fb3 100644
--- a/interface/web/vm/list/openvz_template.list.php
+++ b/interface/web/vm/list/openvz_template.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "template_name",
diff --git a/interface/web/vm/list/openvz_vm.list.php b/interface/web/vm/list/openvz_vm.list.php
index 51e23b3ab2b0deaaf2d7604c3e392603db55397b..261427491bf1a3e6130bfca9be4a5fbf40d2b557 100644
--- a/interface/web/vm/list/openvz_vm.list.php
+++ b/interface/web/vm/list/openvz_vm.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));
+ 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt')));
$liste["item"][] = array( 'field' => "veid",
'datatype' => "VARCHAR",
diff --git a/interface/web/vm/openvz_vm_edit.php b/interface/web/vm/openvz_vm_edit.php
index 69265885cd9e3d0e6a104cabf09066847068f09c..2a5b12f3d712886143a05b65acdfbed536afcad1 100644
--- a/interface/web/vm/openvz_vm_edit.php
+++ b/interface/web/vm/openvz_vm_edit.php
@@ -97,11 +97,12 @@ class page_action extends tform_actions {
//* Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.limit_openvz_vm_template_id, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
-
+ $client = $app->functions->htmlentities($client);
//* Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$records = $app->db->queryAllRecords($sql, $client['client_id']);
+ $records = $app->functions->htmlentities($records);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
@@ -134,6 +135,7 @@ class page_action extends tform_actions {
//* Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = "<option value='0'></option>";
//$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($clients)) {