diff --git a/interface/web/admin/firewall_edit.php b/interface/web/admin/firewall_edit.php
index 4ee72aa954c6baf3302154e359c03b7a70aef261..01cad2b815b1c09775bf0a95ac31b57e01dcefec 100644
--- a/interface/web/admin/firewall_edit.php
+++ b/interface/web/admin/firewall_edit.php
@@ -57,7 +57,7 @@ class page_action extends tform_actions {
if($this->id ==0) { //* new record
$server_list = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE server_id NOT IN (SELECT server_id FROM firewall) ORDER BY server_name");
if(is_array($server_list)) {
- foreach( $server_list as $server) $server_select .= "<option value='$server[server_id]' >$server[server_name]</option>\r\n";
+ foreach( $server_list as $server) $server_select .= "<option value='$server[server_id]' >" . $app->functions->htmlentities($server['server_name']) . "</option>\r\n";
}
$app->tpl->setVar('server_id', $server_select);
}
diff --git a/interface/web/admin/server_edit.php b/interface/web/admin/server_edit.php
index 5b446c0494adea6818d9292e830718c9efd435f6..b146d8f295d991ed6161f59349373a3800561aa0 100644
--- a/interface/web/admin/server_edit.php
+++ b/interface/web/admin/server_edit.php
@@ -61,7 +61,7 @@ class page_action extends tform_actions {
if(is_array($mirror_servers)) {
foreach( $mirror_servers as $mirror_server) {
$selected = ($mirror_server["server_id"] == $this->dataRecord['mirror_server_id'])?'SELECTED':'';
- $mirror_server_select .= "<option value='$mirror_server[server_id]' $selected>$mirror_server[server_name]</option>\r\n";
+ $mirror_server_select .= "<option value='$mirror_server[server_id]' $selected>" . $app->functions->htmlentities($mirror_server['server_name']) . "</option>\r\n";
}
}
$app->tpl->setVar("mirror_server_id", $mirror_server_select);
diff --git a/interface/web/admin/server_ip_map_edit.php b/interface/web/admin/server_ip_map_edit.php
index 4442287132f6f8c1c9b775b178c9b69dc1297d85..b5188673093184891d15b04dea9e82fed61f6d09 100644
--- a/interface/web/admin/server_ip_map_edit.php
+++ b/interface/web/admin/server_ip_map_edit.php
@@ -52,7 +52,7 @@ class page_action extends tform_actions {
if(is_array($servers)) {
foreach($servers as $server) {
$selected = ($server['server_id'] == $this->dataRecord['server_id'])?'SELECTED':'';
- $server_select .= "<option value='$server[server_id]' $selected>$server[server_name]</option>\r\n";
+ $server_select .= "<option value='$server[server_id]' $selected>" . $app->functions->htmlentities($server['server_name']) . "</option>\r\n";
}
}
unset($servers);
@@ -65,7 +65,7 @@ class page_action extends tform_actions {
if(is_array($ips)) {
foreach( $ips as $ip) {
$selected = ($ip['ip_address'] == $this->dataRecord['source_ip'])?'SELECTED':'';
- $ip_select .= "<option value='$ip[ip_address]' $selected>$ip[source]</option>\r\n";
+ $ip_select .= "<option value='" . $app->functions->htmlentities($ip['ip_address']) . "' $selected>" . $app->functions->htmlentities($ip['source']) . "</option>\r\n";
}
}
unset($ips);
diff --git a/interface/web/client/message_template_edit.php b/interface/web/client/message_template_edit.php
index 7d285ac7ef86e6bd1f6ee7a379ef21cb24f62e7d..1c11ff89577afc49c921d82646e5749fb342ec1b 100644
--- a/interface/web/client/message_template_edit.php
+++ b/interface/web/client/message_template_edit.php
@@ -80,7 +80,7 @@ class page_action extends tform_actions {
if($field_name['Field'] == 'gender'){
$message_variables .= '<a href="javascript:void(0);" class="addPlaceholder">{salutation}</a> ';
} else {
- $message_variables .= '<a href="javascript:void(0);" class="addPlaceholder">{'.$field_name['Field'].'}</a> ';
+ $message_variables .= '<a href="javascript:void(0);" class="addPlaceholder">{'.$app->functions->htmlentities($field_name['Field']).'}</a> ';
}
}
}
diff --git a/interface/web/dns/dns_dkim_edit.php b/interface/web/dns/dns_dkim_edit.php
index 7f7e6856dbe45c494a3121277bcbb669774519c5..35bac0d0c6254b642fc8a198b28209cb64109f49 100644
--- a/interface/web/dns/dns_dkim_edit.php
+++ b/interface/web/dns/dns_dkim_edit.php
@@ -76,8 +76,8 @@ class page_action extends tform_actions {
if(isset($sql['domain']) && $sql['domain'] != '') {
if($sql['dkim'] == 'y') {
$public_key=str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$sql['dkim_public']);
- $app->tpl->setVar('public_key', $public_key);
- $app->tpl->setVar('selector', $sql['dkim_selector']);
+ $app->tpl->setVar('public_key', $public_key, true);
+ $app->tpl->setVar('selector', $sql['dkim_selector'], true);
} else {
//TODO: show warning - use mail_domain for dkim and enabled dkim
}
@@ -85,7 +85,7 @@ class page_action extends tform_actions {
} else {
$app->tpl->setVar('edit_disabled', 0);
}
- $app->tpl->setVar('name', $soa['origin']);
+ $app->tpl->setVar('name', $soa['origin'], true);
}
diff --git a/interface/web/dns/dns_dmarc_edit.php b/interface/web/dns/dns_dmarc_edit.php
index c806c7c20e4a44c35f4866c3a5b93dc2531b2288..7f915074d75deccbf9f3f62cbb2e75a7b8ab6da2 100644
--- a/interface/web/dns/dns_dmarc_edit.php
+++ b/interface/web/dns/dns_dmarc_edit.php
@@ -93,7 +93,7 @@ class page_action extends tform_actions {
if ( isset($rec) && !empty($rec) ) {
$this->id = 1;
$old_data = strtolower($rec['data']);
- $app->tpl->setVar("data", $old_data);
+ $app->tpl->setVar("data", $old_data, true);
if ($rec['active'] == 'Y') $app->tpl->setVar("active", "CHECKED"); else $app->tpl->setVar("active", "UNCHECKED");
$dmarc_rua = '';
$dmarc_ruf = '';
@@ -123,7 +123,7 @@ class page_action extends tform_actions {
}
//set html-values
- $app->tpl->setVar('domain', $domain_name);
+ $app->tpl->setVar('domain', $domain_name, true);
//create dmarc-policy-list
$dmarc_policy_value = array(
@@ -138,9 +138,9 @@ class page_action extends tform_actions {
}
$app->tpl->setVar('dmarc_policy', $dmarc_policy_list);
- if (!empty($dmarc_rua)) $app->tpl->setVar("dmarc_rua", $dmarc_rua);
+ if (!empty($dmarc_rua)) $app->tpl->setVar("dmarc_rua", $dmarc_rua, true);
- if (!empty($dmarc_ruf)) $app->tpl->setVar("dmarc_ruf", $dmarc_ruf);
+ if (!empty($dmarc_ruf)) $app->tpl->setVar("dmarc_ruf", $dmarc_ruf, true);
//set dmarc-fo-options
if (isset($dmarc_fo)) {
@@ -178,9 +178,9 @@ class page_action extends tform_actions {
if ( strpos($dmarc_rf, 'afrf') !== false ) $app->tpl->setVar("dmarc_rf_afrf", 'CHECKED');
if ( strpos($dmarc_rf, 'iodef') !== false ) $app->tpl->setVar("dmarc_rf_iodef", 'CHECKED');
- $app->tpl->setVar("dmarc_pct", $dmarc_pct);
+ $app->tpl->setVar("dmarc_pct", $dmarc_pct, true);
- $app->tpl->setVar("dmarc_ri", $dmarc_ri);
+ $app->tpl->setVar("dmarc_ri", $dmarc_ri, true);
//create dmarc-sp-list
$dmarc_sp_value = array(
diff --git a/interface/web/dns/dns_slave_edit.php b/interface/web/dns/dns_slave_edit.php
index 289ef2ab3833389e32bd5fac131d76a2b9b91433..117b101b875de812e10160b1bfe37031164cecb8 100644
--- a/interface/web/dns/dns_slave_edit.php
+++ b/interface/web/dns/dns_slave_edit.php
@@ -132,7 +132,7 @@ class page_action extends tform_actions {
if ($domain['domain'].'.' == $this->dataRecord["origin"]) {
$domain_select .= " selected";
}
- $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . ".</option>\r\n";
+ $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . ".</option>\r\n";
}
}
else {
diff --git a/interface/web/dns/dns_soa_edit.php b/interface/web/dns/dns_soa_edit.php
index 8764301c1dcd291c6655226e2abd32a7aae203c5..9b36daee1500fb07ecf1c8b5f43668be3a063c96 100644
--- a/interface/web/dns/dns_soa_edit.php
+++ b/interface/web/dns/dns_soa_edit.php
@@ -179,7 +179,7 @@ class page_action extends tform_actions {
$options_dns_servers = "";
foreach ($dns_servers as $dns_server) {
- $options_dns_servers .= '<option value="'.$dns_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $dns_server['server_id'] ? ' selected="selected"' : '').'>'.$dns_server['server_name'].'</option>';
+ $options_dns_servers .= '<option value="'.$dns_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $dns_server['server_id'] ? ' selected="selected"' : '').'>'.$app->functions->htmlentities($dns_server['server_name']).'</option>';
}
$app->tpl->setVar("client_server_id", $options_dns_servers);
@@ -200,7 +200,7 @@ class page_action extends tform_actions {
if ($domain['domain'].'.' == $this->dataRecord["origin"]) {
$domain_select .= " selected";
}
- $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . ".</option>\r\n";
+ $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . ".</option>\r\n";
}
}
else {
@@ -222,7 +222,7 @@ class page_action extends tform_actions {
$datalog = $app->db->queryOneRecord("SELECT sys_datalog.error, sys_log.tstamp FROM sys_datalog, sys_log WHERE sys_datalog.dbtable = 'dns_soa' AND sys_datalog.dbidx = ? AND sys_datalog.datalog_id = sys_log.datalog_id AND sys_log.message = CONCAT('Processed datalog_id ',sys_log.datalog_id) ORDER BY sys_datalog.tstamp DESC", 'id:' . $this->id);
if(is_array($datalog) && !empty($datalog)){
if(trim($datalog['error']) != ''){
- $app->tpl->setVar("config_error_msg", nl2br(htmlentities($datalog['error'])));
+ $app->tpl->setVar("config_error_msg", nl2br($app->functions->htmlentities($datalog['error'])));
$app->tpl->setVar("config_error_tstamp", date($app->lng('conf_format_datetime'), $datalog['tstamp']));
}
}
diff --git a/interface/web/dns/dns_spf_edit.php b/interface/web/dns/dns_spf_edit.php
index 6fb11a3021312c68fd832c3a877bbeb6f42f9871..94096662a1e8e0af7e0e228d322d0c955076b8f2 100644
--- a/interface/web/dns/dns_spf_edit.php
+++ b/interface/web/dns/dns_spf_edit.php
@@ -83,7 +83,7 @@ class page_action extends tform_actions {
$this->id = 1;
$old_data = strtolower($rec['data']);
- $app->tpl->setVar("data", $old_data);
+ $app->tpl->setVar("data", $old_data, true);
if ($rec['active'] == 'Y') $app->tpl->setVar("active", "CHECKED"); else $app->tpl->setVar("active", "UNCHECKED");
$spf_hostname = '';
diff --git a/interface/web/mail/mail_alias_edit.php b/interface/web/mail/mail_alias_edit.php
index 4292f8f4c2e405c45256a8cdf35000c9eefe8f3c..eb7ff4b4d639f34b887ea6f96bfdd5c1b414d2aa 100644
--- a/interface/web/mail/mail_alias_edit.php
+++ b/interface/web/mail/mail_alias_edit.php
@@ -83,7 +83,7 @@ class page_action extends tform_actions {
foreach( $domains as $domain) {
$domain['domain'] = $app->functions->idn_decode($domain['domain']);
$selected = ($domain["domain"] == @$email_parts[1])?'SELECTED':'';
- $domain_select .= "<option value='$domain[domain]' $selected>$domain[domain]</option>\r\n";
+ $domain_select .= "<option value='" . $app->functions->htmlentities($domain['domain']) . "' $selected>" . $app->functions->htmlentities($domain['domain']) . "</option>\r\n";
}
}
$app->tpl->setVar("email_domain", $domain_select);
diff --git a/interface/web/mail/mail_aliasdomain_edit.php b/interface/web/mail/mail_aliasdomain_edit.php
index 918a5f3a05b47a9e3a16a328c030e4d8eaafa35d..ef3b16275c5bf4bf69e5df1de50aa10150cd1d41 100644
--- a/interface/web/mail/mail_aliasdomain_edit.php
+++ b/interface/web/mail/mail_aliasdomain_edit.php
@@ -82,9 +82,9 @@ class page_action extends tform_actions {
foreach( $domains as $domain) {
$domain['domain'] = $app->functions->idn_decode($domain['domain']);
$selected = ($domain["domain"] == @$source_domain)?'SELECTED':'';
- $source_select .= "<option value='$domain[domain]' $selected>$domain[domain]</option>\r\n";
+ $source_select .= "<option value='" . $app->functions->htmlentities($domain['domain']) . "' $selected>" . $app->functions->htmlentities($domain['domain']) . "</option>\r\n";
$selected = ($domain["domain"] == @$destination_domain)?'SELECTED':'';
- $destination_select .= "<option value='$domain[domain]' $selected>$domain[domain]</option>\r\n";
+ $destination_select .= "<option value='" . $app->functions->htmlentities($domain['domain']) . "' $selected>" . $app->functions->htmlentities($domain['domain']) . "</option>\r\n";
}
}
$app->tpl->setVar("source_domain", $source_select);
diff --git a/interface/web/mail/mail_domain_catchall_edit.php b/interface/web/mail/mail_domain_catchall_edit.php
index 60da619e14363aaaa6903febdb4ec81df3e7ed76..4ef18d45e7c8fee393a5b0666c8e5bf6cf6a1bba 100644
--- a/interface/web/mail/mail_domain_catchall_edit.php
+++ b/interface/web/mail/mail_domain_catchall_edit.php
@@ -82,7 +82,7 @@ class page_action extends tform_actions {
foreach( $domains as $domain) {
$domain['domain'] = $app->functions->idn_decode($domain['domain']);
$selected = (isset($email_parts[1]) && $domain["domain"] == $email_parts[1])?'SELECTED':'';
- $domain_select .= "<option value='$domain[domain]' $selected>$domain[domain]</option>\r\n";
+ $domain_select .= "<option value='" . $app->functions->htmlentities($domain['domain']) . "' $selected>" . $app->functions->htmlentities($domain['domain']) . "</option>\r\n";
}
}
$app->tpl->setVar("email_domain", $domain_select);
diff --git a/interface/web/mail/mail_domain_edit.php b/interface/web/mail/mail_domain_edit.php
index e648b94c3bf1d39104dde3bcb45aba7242c930bb..d7d6ea4c6862bda5ff179078ae38f8efb3474c28 100644
--- a/interface/web/mail/mail_domain_edit.php
+++ b/interface/web/mail/mail_domain_edit.php
@@ -101,7 +101,7 @@ class page_action extends tform_actions {
// Set the mailserver to the default server of the client
$tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $client['default_mailserver']);
- $app->tpl->setVar("server_id", "<option value='$client[default_mailserver]'>$tmp[server_name]</option>");
+ $app->tpl->setVar("server_id", "<option value='$client[default_mailserver]'>" . $app->functions->htmlentities($tmp['server_name']) . "</option>");
unset($tmp);
if ($settings['use_domain_module'] != 'y') {
@@ -142,7 +142,7 @@ class page_action extends tform_actions {
$options_mail_servers = "";
foreach ($mail_servers as $mail_server) {
- $options_mail_servers .= '<option value="'.$mail_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $mail_server['server_id'] ? ' selected="selected"' : '').'>'.$mail_server['server_name'].'</option>';
+ $options_mail_servers .= '<option value="'.$mail_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $mail_server['server_id'] ? ' selected="selected"' : '').'>'.$app->functions->htmlentities($mail_server['server_name']).'</option>';
}
$app->tpl->setVar("client_server_id", $options_mail_servers);
@@ -167,7 +167,7 @@ class page_action extends tform_actions {
if ($domain['domain'] == $this->dataRecord["domain"]) {
$domain_select .= " selected";
}
- $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . "</option>\r\n";
+ $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . "</option>\r\n";
}
}
else {
@@ -193,7 +193,7 @@ class page_action extends tform_actions {
if(is_array($policys)) {
foreach( $policys as $p) {
$selected = ($p["id"] == $tmp_user["policy_id"])?'SELECTED':'';
- $policy_select .= "<option value='$p[id]' $selected>$p[policy_name]</option>\r\n";
+ $policy_select .= "<option value='$p[id]' $selected>" . $app->functions->htmlentities($p['policy_name']) . "</option>\r\n";
}
}
$app->tpl->setVar("policy", $policy_select);
@@ -214,10 +214,10 @@ class page_action extends tform_actions {
$rec = $app->db->queryOneRecord($sql, $app->functions->intval($_GET['id']));
$dns_key = str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$rec['dkim_public']);
$dns_record = $rec['dkim_selector'] . '._domainkey.' . $rec['domain'] . '. 3600 TXT v=DKIM1; t=s; p=' . $dns_key;
- $app->tpl->setVar('dkim_selector', $rec['dkim_selector']);
- $app->tpl->setVar('dkim_private', $rec['dkim_private']);
- $app->tpl->setVar('dkim_public', $rec['dkim_public']);
- if (!empty($rec['dkim_public'])) $app->tpl->setVar('dns_record', $dns_record);
+ $app->tpl->setVar('dkim_selector', $rec['dkim_selector'], true);
+ $app->tpl->setVar('dkim_private', $rec['dkim_private'], true);
+ $app->tpl->setVar('dkim_public', $rec['dkim_public'], true);
+ if (!empty($rec['dkim_public'])) $app->tpl->setVar('dns_record', $dns_record, true);
parent::onShowEnd();
}
diff --git a/interface/web/mail/mail_forward_edit.php b/interface/web/mail/mail_forward_edit.php
index 17ce213cb2a31a511bf09173a55493497b0b305f..ee8c5f29971b38bbe2cf27e674496eca68a1bb9a 100644
--- a/interface/web/mail/mail_forward_edit.php
+++ b/interface/web/mail/mail_forward_edit.php
@@ -82,7 +82,7 @@ class page_action extends tform_actions {
foreach( $domains as $domain) {
$domain['domain'] = $app->functions->idn_decode($domain['domain']);
$selected = (isset($email_parts[1]) && $domain["domain"] == $email_parts[1])?'SELECTED':'';
- $domain_select .= "<option value='$domain[domain]' $selected>$domain[domain]</option>\r\n";
+ $domain_select .= "<option value='" . $app->functions->htmlentities($domain['domain']) . "' $selected>" . $app->functions->htmlentities($domain['domain']) . "</option>\r\n";
}
$app->tpl->setVar("email_domain", $domain_select);
diff --git a/interface/web/mail/mail_mailinglist_edit.php b/interface/web/mail/mail_mailinglist_edit.php
index a0c9e021739ce66fb4df63d907fa44070ae3227d..57d9c77f2efe9f01a0f22a51566fe1d034155684 100644
--- a/interface/web/mail/mail_mailinglist_edit.php
+++ b/interface/web/mail/mail_mailinglist_edit.php
@@ -116,7 +116,7 @@ class page_action extends tform_actions {
if(is_array($domains)) {
foreach( $domains as $domain) {
$selected = ($domain["domain"] == $this->dataRecord["domain"])?'SELECTED':'';
- $domain_select .= "<option value='$domain[domain]' $selected>$domain[domain]</option>\r\n";
+ $domain_select .= "<option value='" . $app->functions->htmlentities($domain['domain']) . "' $selected>" . $app->functions->htmlentities($domain['domain']) . "</option>\r\n";
}
}
$app->tpl->setVar("domain_option", $domain_select);
diff --git a/interface/web/mail/mail_spamfilter_edit.php b/interface/web/mail/mail_spamfilter_edit.php
index 6282a38b0ff85596a30322381133af5f9a8772ca..c47ec8b41a72072a94a670cd8702e1b051f735d3 100644
--- a/interface/web/mail/mail_spamfilter_edit.php
+++ b/interface/web/mail/mail_spamfilter_edit.php
@@ -67,7 +67,7 @@ class page_action extends tform_actions {
$domain_select = '';
foreach( $domains as $domain) {
$selected = ($domain["domain"] == $email_parts[1])?'SELECTED':'';
- $domain_select .= "<option value='$domain[domain]' $selected>$domain[domain]</option>\r\n";
+ $domain_select .= "<option value='" . $app->functions->htmlentities($domain['domain']) . "' $selected>" . $app->functions->htmlentities($domain['domain']) . "</option>\r\n";
}
$app->tpl->setVar("email_domain", $domain_select);
diff --git a/interface/web/mail/mail_transport_edit.php b/interface/web/mail/mail_transport_edit.php
index 9707d2fce018433c4e8c0c84a61ba9649548d06a..65667726ad39ff8d6c0d5d5d8b18adc51b6ef705 100644
--- a/interface/web/mail/mail_transport_edit.php
+++ b/interface/web/mail/mail_transport_edit.php
@@ -70,6 +70,7 @@ class page_action extends tform_actions {
function onShowEnd() {
global $app, $conf;
+ $rec = array();
$types = array('smtp' => 'smtp', 'uucp' => 'uucp', 'slow' => 'slow', 'error' => 'error', 'custom' => 'custom', '' => 'null');
$tmp_parts = explode(":", $this->dataRecord["transport"]);
if(!empty($this->id) && !stristr($this->dataRecord["transport"], ':')) {
@@ -106,7 +107,7 @@ class page_action extends tform_actions {
}
}
$rec["type"] = $type_select;
- $app->tpl->setVar($rec);
+ $app->tpl->setVar($rec, null, true);
unset($type);
unset($types);
diff --git a/interface/web/mail/mail_user_edit.php b/interface/web/mail/mail_user_edit.php
index b6e84bf33f0e083ef467a3c755b1b33666925b1f..dd2c46799dcf97359003471bd21ba86f995f51b8 100644
--- a/interface/web/mail/mail_user_edit.php
+++ b/interface/web/mail/mail_user_edit.php
@@ -84,7 +84,7 @@ class page_action extends tform_actions {
foreach( $domains as $domain) {
$domain['domain'] = $app->functions->idn_decode($domain['domain']);
$selected = ($domain["domain"] == @$email_parts[1])?'SELECTED':'';
- $domain_select .= "<option value='$domain[domain]' $selected>$domain[domain]</option>\r\n";
+ $domain_select .= "<option value='" . $app->functions->htmlentities($domain['domain']) . "' $selected>" . $app->functions->htmlentities($domain['domain']) . "</option>\r\n";
}
}
$app->tpl->setVar("email_domain", $domain_select);
@@ -100,7 +100,7 @@ class page_action extends tform_actions {
if(is_array($policys)) {
foreach( $policys as $p) {
$selected = ($p["id"] == $tmp_user["policy_id"])?'SELECTED':'';
- $policy_select .= "<option value='$p[id]' $selected>$p[policy_name]</option>\r\n";
+ $policy_select .= "<option value='$p[id]' $selected>" . $app->functions->htmlentities(($p['policy_name']) . "</option>\r\n";
}
}
$app->tpl->setVar("policy", $policy_select);
diff --git a/interface/web/mail/xmpp_domain_edit.php b/interface/web/mail/xmpp_domain_edit.php
index 499882454cea5efb25f2bbe7ad509a49e1be5834..a89d27c4524a76332f22bbdf0f996ddc870e318f 100644
--- a/interface/web/mail/xmpp_domain_edit.php
+++ b/interface/web/mail/xmpp_domain_edit.php
@@ -165,7 +165,7 @@ class page_action extends tform_actions {
$options_xmpp_servers = "";
foreach ($xmpp_servers as $xmpp_server) {
- $options_xmpp_servers .= "<option value='$xmpp_server[server_id]'>$xmpp_server[server_name]</option>";
+ $options_xmpp_servers .= "<option value='$xmpp_server[server_id]'>" . $app->functions->htmlentities($xmpp_server['server_name']) . "</option>";
}
$app->tpl->setVar("client_server_id", $options_xmpp_servers);
@@ -190,7 +190,7 @@ class page_action extends tform_actions {
if ($domain['domain'] == $this->dataRecord["domain"]) {
$domain_select .= " selected";
}
- $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . "</option>\r\n";
+ $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . "</option>\r\n";
}
}
else {
diff --git a/interface/web/mail/xmpp_user_edit.php b/interface/web/mail/xmpp_user_edit.php
index 16d440a9f1a5419a968765eb602d077b43b3504e..188de01ae240d7f3331509e581c82df5df0b1494 100644
--- a/interface/web/mail/xmpp_user_edit.php
+++ b/interface/web/mail/xmpp_user_edit.php
@@ -83,7 +83,7 @@ class page_action extends tform_actions {
foreach( $domains as $domain) {
$domain['domain'] = $app->functions->idn_decode($domain['domain']);
$selected = ($domain["domain"] == @$jid_parts[1])?'SELECTED':'';
- $domain_select .= "<option value='$domain[domain]' $selected>$domain[domain]</option>\r\n";
+ $domain_select .= "<option value='" . $app->functions->htmlentities($domain['domain']) . "' $selected>" . $app->functions->htmlentities($domain['domain']) . "</option>\r\n";
}
}
$app->tpl->setVar("jid_domain", $domain_select);
diff --git a/interface/web/mailuser/mail_user_cc_edit.php b/interface/web/mailuser/mail_user_cc_edit.php
index 39e5bdf6f95b01fdf1d865aca92b70138ac5186e..778be781ece87a4d7ee5f35bc715c96aafb2cc01 100644
--- a/interface/web/mailuser/mail_user_cc_edit.php
+++ b/interface/web/mailuser/mail_user_cc_edit.php
@@ -75,7 +75,7 @@ class page_action extends tform_actions {
global $app, $conf;
$rec = $app->tform->getDataRecord($this->id);
- $app->tpl->setVar("email", $rec['email']);
+ $app->tpl->setVar("email", $rec['email'], true);
parent::onShowEnd();
}
diff --git a/interface/web/mailuser/mail_user_password_edit.php b/interface/web/mailuser/mail_user_password_edit.php
index 07a19259ea0d045e4d3d65ac939d32453dfb6b2f..5c5706177a6b2d0fa41b7a9edd386546764ed688 100644
--- a/interface/web/mailuser/mail_user_password_edit.php
+++ b/interface/web/mailuser/mail_user_password_edit.php
@@ -63,7 +63,7 @@ class page_action extends tform_actions {
global $app, $conf;
$rec = $app->tform->getDataRecord($_SESSION['s']['user']['mailuser_id']);
- $app->tpl->setVar("email", $rec['email']);
+ $app->tpl->setVar("email", $rec['email'], true);
parent::onShowEnd();
}
diff --git a/interface/web/mailuser/mail_user_spamfilter_edit.php b/interface/web/mailuser/mail_user_spamfilter_edit.php
index 9d3735672184d0d3c3596c0e7eb19fc59a6a27f8..abbea219376204ce922762129849da67122a4738 100644
--- a/interface/web/mailuser/mail_user_spamfilter_edit.php
+++ b/interface/web/mailuser/mail_user_spamfilter_edit.php
@@ -112,7 +112,7 @@ class page_action extends tform_actions {
global $app, $conf;
$rec = $app->tform->getDataRecord($this->id);
- $app->tpl->setVar("email", $rec['email']);
+ $app->tpl->setVar("email", $rec['email'], true);
// Get the spamfilter policys for the user
$tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = ?", $rec['email']);
@@ -122,7 +122,7 @@ class page_action extends tform_actions {
if(is_array($policys)) {
foreach( $policys as $p) {
$selected = ($p["id"] == $tmp_user["policy_id"])?'SELECTED':'';
- $policy_select .= "<option value='$p[id]' $selected>$p[policy_name]</option>\r\n";
+ $policy_select .= "<option value='$p[id]' $selected>" . $app->functions->htmlentities($p['policy_name']) . "</option>\r\n";
}
}
$app->tpl->setVar("policy", $policy_select);
diff --git a/interface/web/sites/database_edit.php b/interface/web/sites/database_edit.php
index 7af4b4351fcf7bda8dab5899e25147c4047ab072..71e5acaf27c120d8d332485e494de8af8fd1689a 100644
--- a/interface/web/sites/database_edit.php
+++ b/interface/web/sites/database_edit.php
@@ -89,7 +89,7 @@ class page_action extends tform_actions {
}
foreach ($tmp as $db_server) {
- $options_db_servers .= '<option value="'.$db_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $db_server['server_id'] ? ' selected="selected"' : '').'>'.$db_server['server_name'].'</option>';
+ $options_db_servers .= '<option value="'.$db_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $db_server['server_id'] ? ' selected="selected"' : '').'>'.$app->functions->htmlentities($db_server['server_name']).'</option>';
}
$app->tpl->setVar("server_id", $options_db_servers);
@@ -112,7 +112,7 @@ class page_action extends tform_actions {
}
foreach ($tmp as $db_server) {
- $options_db_servers .= '<option value="'.$db_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $db_server['server_id'] ? ' selected="selected"' : '').'>'.$db_server['server_name'].'</option>';
+ $options_db_servers .= '<option value="'.$db_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $db_server['server_id'] ? ' selected="selected"' : '').'>'.$app->functions->htmlentities($db_server['server_name']).'</option>';
}
$app->tpl->setVar("server_id", $options_db_servers);
@@ -147,7 +147,7 @@ class page_action extends tform_actions {
}
if($this->dataRecord['database_name'] == "") {
- $app->tpl->setVar("database_name_prefix", $dbname_prefix);
+ $app->tpl->setVar("database_name_prefix", $dbname_prefix, true);
} else {
$app->tpl->setVar("database_name_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_name_prefix'], $dbname_prefix, $global_config['dbname_prefix']), true);
}
diff --git a/interface/web/sites/database_user_edit.php b/interface/web/sites/database_user_edit.php
index 6f6e887ccaca234c7c40f2cf5951fa8629fdd5ff..07fa1315f062960e5f214aefdaa3eebb19f8837b 100644
--- a/interface/web/sites/database_user_edit.php
+++ b/interface/web/sites/database_user_edit.php
@@ -122,7 +122,7 @@ class page_action extends tform_actions {
}
if($this->dataRecord['database_user'] == "") {
- $app->tpl->setVar("database_user_prefix", $dbuser_prefix);
+ $app->tpl->setVar("database_user_prefix", $dbuser_prefix, true);
} else {
$app->tpl->setVar("database_user_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_user_prefix'], $dbuser_prefix, $global_config['dbuser_prefix']), true);
}
diff --git a/interface/web/sites/ftp_user_edit.php b/interface/web/sites/ftp_user_edit.php
index a98e447796d91a9a2c0f27e362b537e080cc1b4d..7fab1e2273e850d9e59fcb7c48bbd0d4186e1f7a 100644
--- a/interface/web/sites/ftp_user_edit.php
+++ b/interface/web/sites/ftp_user_edit.php
@@ -83,7 +83,7 @@ class page_action extends tform_actions {
}
if($this->dataRecord['username'] == "") {
- $app->tpl->setVar("username_prefix", $ftpuser_prefix);
+ $app->tpl->setVar("username_prefix", $ftpuser_prefix, true);
} else {
$app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $ftpuser_prefix, $global_config['ftpuser_prefix']), true);
}
diff --git a/interface/web/sites/shell_user_edit.php b/interface/web/sites/shell_user_edit.php
index 2f0a029890b1f373e4572585fbe7ea861ead560c..7f74d893fc54cef87bdbdd423ea7ba6be267a89f 100644
--- a/interface/web/sites/shell_user_edit.php
+++ b/interface/web/sites/shell_user_edit.php
@@ -83,7 +83,7 @@ class page_action extends tform_actions {
}
if($this->dataRecord['username'] == "") {
- $app->tpl->setVar("username_prefix", $shelluser_prefix);
+ $app->tpl->setVar("username_prefix", $shelluser_prefix, true);
} else {
$app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $shelluser_prefix, $global_config['shelluser_prefix']), true);
}
diff --git a/interface/web/sites/web_childdomain_edit.php b/interface/web/sites/web_childdomain_edit.php
index 622d0d0790cae9ef8d48e4d8efb9eb1cce3e3574..2da58a4661c4342dfe92402dc6c23aace687ae91 100644
--- a/interface/web/sites/web_childdomain_edit.php
+++ b/interface/web/sites/web_childdomain_edit.php
@@ -87,7 +87,7 @@ class page_action extends tform_actions {
}
}
- $app->tpl->setVar('childdomain_type', $this->_childdomain_type);
+ $app->tpl->setVar('childdomain_type', $this->_childdomain_type, true);
parent::onShowNew();
}
@@ -118,7 +118,7 @@ class page_action extends tform_actions {
} elseif($this->_childdomain_type == 'aliasdomain' && $domain['domain'] == $this->dataRecord["domain"]) {
$domain_select .= " selected";
}
- $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . "</option>\r\n";
+ $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . "</option>\r\n";
}
}
else {
@@ -159,7 +159,7 @@ class page_action extends tform_actions {
$proxy_directive_snippets_txt = '';
if(is_array($proxy_directive_snippets) && !empty($proxy_directive_snippets)){
foreach($proxy_directive_snippets as $proxy_directive_snippet){
- $proxy_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$proxy_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.$proxy_directive_snippet['snippet'].'</pre></a> ';
+ $proxy_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$app->functions->htmlentities($proxy_directive_snippet['name']).']<pre class="addPlaceholderContent" style="display:none;">'.$app->functions->htmlentities($proxy_directive_snippet['snippet']).'</pre></a> ';
}
}
if($proxy_directive_snippets_txt == '') $proxy_directive_snippets_txt = '------';
@@ -167,7 +167,7 @@ class page_action extends tform_actions {
$app->tpl->setVar('limit_ssl_letsencrypt', 'y');
}
- $app->tpl->setVar('childdomain_type', $this->_childdomain_type);
+ $app->tpl->setVar('childdomain_type', $this->_childdomain_type, true);
parent::onShowEnd();
diff --git a/interface/web/sites/web_vhost_domain_edit.php b/interface/web/sites/web_vhost_domain_edit.php
index f04dc019e31232be5ae5d858f39df2d138c4de49..52771819c34c2f275e1ce69b689bcf1bd8a4aeb4 100644
--- a/interface/web/sites/web_vhost_domain_edit.php
+++ b/interface/web/sites/web_vhost_domain_edit.php
@@ -115,7 +115,7 @@ class page_action extends tform_actions {
$client = $app->db->queryOneRecord("SELECT client.web_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$web_servers = explode(',', $client['web_servers']);
$server_id = $web_servers[0];
- $app->tpl->setVar("server_id_value", $server_id);
+ $app->tpl->setVar("server_id_value", $server_id, true);
unset($web_servers);
} else {
$settings = $app->getconf->get_global_config('sites');
@@ -130,7 +130,7 @@ class page_action extends tform_actions {
$app->tform->formDef['tabs']['domain']['fields']['php']['default'] = $web_config['php_handler'];
$app->tform->formDef['tabs']['domain']['readonly'] = false;
- $app->tpl->setVar('vhostdomain_type', $this->_vhostdomain_type);
+ $app->tpl->setVar('vhostdomain_type', $this->_vhostdomain_type, true);
parent::onShowNew();
}
@@ -179,7 +179,7 @@ class page_action extends tform_actions {
$options_web_servers = "";
foreach ($web_servers as $web_server) {
- $options_web_servers .= '<option value="'.$web_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $web_server['server_id'] ? ' selected="selected"' : '').'>'.$web_server['server_name'].'</option>';
+ $options_web_servers .= '<option value="'.$web_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $web_server['server_id'] ? ' selected="selected"' : '').'>'.$app->functions->htmlentities($web_server['server_name']).'</option>';
}
$app->tpl->setVar("server_id", $options_web_servers);
@@ -214,7 +214,7 @@ class page_action extends tform_actions {
if(is_array($ips)) {
foreach( $ips as $ip) {
$selected = ($ip["ip_address"] == $this->dataRecord["ip_address"])?'SELECTED':'';
- $ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
+ $ip_select .= "<option value='" . $app->functions->htmlentities($ip['ip_address']) . "' $selected>" . $app->functions->htmlentities($ip['ip_address']) . "</option>\r\n";
}
}
$app->tpl->setVar("ip_address", $ip_select);
@@ -230,7 +230,7 @@ class page_action extends tform_actions {
if(is_array($ips)) {
foreach( $ips as $ip) {
$selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':'';
- $ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
+ $ip_select .= "<option value='" . $app->functions->htmlentities($ip['ip_address']) . "' $selected>" . $app->functions->htmlentities($ip['ip_address']) . "</option>\r\n";
}
}
$app->tpl->setVar("ipv6_address", $ip_select);
@@ -266,7 +266,7 @@ class page_action extends tform_actions {
$php_version = $php_record['name'].':'.$php_record['php_fastcgi_binary'].':'.$php_record['php_fastcgi_ini_dir'];
}
$selected = ($php_version == $this->dataRecord["fastcgi_php_version"])?'SELECTED':'';
- $php_select .= "<option value='$php_version' $selected>".$php_record['name']."</option>\r\n";
+ $php_select .= "<option value='" . $app->functions->htmlentities($php_version) . "' $selected>".$app->functions->htmlentities($php_record['name'])."</option>\r\n";
}
}
$app->tpl->setVar("fastcgi_php_version", $php_select);
@@ -306,7 +306,7 @@ class page_action extends tform_actions {
$options_web_servers = "";
foreach ($web_servers as $web_server) {
- $options_web_servers .= '<option value="'.$web_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $web_server['server_id'] ? ' selected="selected"' : '').'>'.$web_server['server_name'].'</option>';
+ $options_web_servers .= '<option value="'.$web_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $web_server['server_id'] ? ' selected="selected"' : '').'>'.$app->functions->htmlentities($web_server['server_name']).'</option>';
}
$app->tpl->setVar("server_id", $options_web_servers);
@@ -361,7 +361,7 @@ class page_action extends tform_actions {
if(is_array($ips)) {
foreach( $ips as $ip) {
$selected = ($ip["ip_address"] == $this->dataRecord["ip_address"])?'SELECTED':'';
- $ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
+ $ip_select .= "<option value='" . $app->functions->htmlentities($ip['ip_address']) . "' $selected>" . $app->functions->htmlentities($ip['ip_address']) . "</option>\r\n";
}
}
$app->tpl->setVar("ip_address", $ip_select);
@@ -376,7 +376,7 @@ class page_action extends tform_actions {
if(is_array($ips)) {
foreach( $ips as $ip) {
$selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':'';
- $ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
+ $ip_select .= "<option value='" . $app->functions->htmlentities($ip['ip_address']) . "' $selected>" . $app->functions->htmlentities($ip['ip_address']) . "</option>\r\n";
}
}
$app->tpl->setVar("ipv6_address", $ip_select);
@@ -413,7 +413,7 @@ class page_action extends tform_actions {
$php_version = $php_record['name'].':'.$php_record['php_fastcgi_binary'].':'.$php_record['php_fastcgi_ini_dir'];
}
$selected = ($php_version == $this->dataRecord["fastcgi_php_version"])?'SELECTED':'';
- $php_select .= "<option value='$php_version' $selected>".$php_record['name']."</option>\r\n";
+ $php_select .= "<option value='" . $app->functions->htmlentities($php_version) . "' $selected>".$app->functions->htmlentities($php_record['name'])."</option>\r\n";
}
}
$app->tpl->setVar("fastcgi_php_version", $php_select);
@@ -441,7 +441,7 @@ class page_action extends tform_actions {
$php_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'<br>';
foreach($php_directive_snippets as $php_directive_snippet){
$php_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $php_directive_snippet['snippet'] . PHP_EOL;
- $php_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$php_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($php_directive_snippet['snippet']).'</pre></a> ';
+ $php_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$app->functions->htmlentities($php_directive_snippet['name']).']<pre class="addPlaceholderContent" style="display:none;">'.$app->functions->htmlentities($php_directive_snippet['snippet']).'</pre></a> ';
}
}
if($php_directive_snippets_txt == '') $php_directive_snippets_txt = '------';
@@ -464,7 +464,7 @@ class page_action extends tform_actions {
$apache_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'<br>';
foreach($apache_directive_snippets as $apache_directive_snippet){
$apache_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $apache_directive_snippet['snippet'] . PHP_EOL;
- $apache_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$apache_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($apache_directive_snippet['snippet']).'</pre></a> ';
+ $apache_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$app->functions->htmlentities($apache_directive_snippet['name']).']<pre class="addPlaceholderContent" style="display:none;">'.$app->functions->htmlentities($apache_directive_snippet['snippet']).'</pre></a> ';
}
}
if($apache_directive_snippets_txt == '') $apache_directive_snippets_txt = '------';
@@ -478,7 +478,7 @@ class page_action extends tform_actions {
$nginx_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'<br>';
foreach($nginx_directive_snippets as $nginx_directive_snippet){
$nginx_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $nginx_directive_snippet['snippet'] . PHP_EOL;
- $nginx_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$nginx_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($nginx_directive_snippet['snippet']).'</pre></a> ';
+ $nginx_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$app->functions->htmlentities($nginx_directive_snippet['name']).']<pre class="addPlaceholderContent" style="display:none;">'.$app->functions->htmlentities($nginx_directive_snippet['snippet']).'</pre></a> ';
}
$nginx_directive_snippets_txt .= '<br><br>';
}
@@ -488,7 +488,7 @@ class page_action extends tform_actions {
$nginx_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'<br>';
foreach($nginx_directive_snippets as $nginx_directive_snippet){
$nginx_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $nginx_directive_snippet['snippet'] . PHP_EOL;
- $nginx_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$nginx_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($nginx_directive_snippet['snippet']).'</pre></a> ';
+ $nginx_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$app->functions->htmlentities($nginx_directive_snippet['name']).']<pre class="addPlaceholderContent" style="display:none;">'.$app->functions->htmlentities($nginx_directive_snippet['snippet']).'</pre></a> ';
}
}
if($nginx_directive_snippets_txt == '') $nginx_directive_snippets_txt = '------';
@@ -501,7 +501,7 @@ class page_action extends tform_actions {
$proxy_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'<br>';
foreach($proxy_directive_snippets as $proxy_directive_snippet){
$proxy_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $proxy_directive_snippet['snippet'] . PHP_EOL;
- $proxy_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$proxy_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($proxy_directive_snippet['snippet']).'</pre></a> ';
+ $proxy_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$app->functions->htmlentities($proxy_directive_snippet['name']).']<pre class="addPlaceholderContent" style="display:none;">'.$app->functions->htmlentities($proxy_directive_snippet['snippet']).'</pre></a> ';
}
$proxy_directive_snippets_txt .= '<br><br>';
}
@@ -511,7 +511,7 @@ class page_action extends tform_actions {
$proxy_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'<br>';
foreach($proxy_directive_snippets as $proxy_directive_snippet){
$proxy_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $proxy_directive_snippet['snippet'] . PHP_EOL;
- $proxy_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$proxy_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($proxy_directive_snippet['snippet']).'</pre></a> ';
+ $proxy_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$app->functions->htmlentities($proxy_directive_snippet['name']).']<pre class="addPlaceholderContent" style="display:none;">'.$app->functions->htmlentities($proxy_directive_snippet['snippet']).'</pre></a> ';
}
}
if($proxy_directive_snippets_txt == '') $proxy_directive_snippets_txt = '------';
@@ -557,7 +557,7 @@ class page_action extends tform_actions {
if(is_array($ips)) {
foreach( $ips as $ip) {
$selected = ($ip["ip_address"] == $this->dataRecord["ip_address"])?'SELECTED':'';
- $ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
+ $ip_select .= "<option value='" . $app->functions->htmlentities($ip['ip_address']) . "' $selected>" . $app->functions->htmlentities($ip['ip_address']) . "</option>\r\n";
}
}
$app->tpl->setVar("ip_address", $ip_select);
@@ -572,7 +572,7 @@ class page_action extends tform_actions {
if(is_array($ips)) {
foreach( $ips as $ip) {
$selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':'';
- $ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
+ $ip_select .= "<option value='" . $app->functions->htmlentities($ip['ip_address']) . "' $selected>" . $app->functions->htmlentities($ip['ip_address']) . "</option>\r\n";
}
}
$app->tpl->setVar("ipv6_address", $ip_select);
@@ -633,7 +633,7 @@ class page_action extends tform_actions {
$php_version = $php_record['name'].':'.$php_record['php_fastcgi_binary'].':'.$php_record['php_fastcgi_ini_dir'];
}
$selected = ($php_version == $this->dataRecord["fastcgi_php_version"])?'SELECTED':'';
- $php_select .= "<option value='$php_version' $selected>".$php_record['name']."</option>\r\n";
+ $php_select .= "<option value='" . $app->functions->htmlentities($php_version) . "' $selected>".$app->functions->htmlentities($php_record['name'])."</option>\r\n";
}
}
$app->tpl->setVar("fastcgi_php_version", $php_select);
@@ -648,7 +648,7 @@ class page_action extends tform_actions {
$php_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'<br>';
foreach($php_directive_snippets as $php_directive_snippet){
$php_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $php_directive_snippet['snippet'] . PHP_EOL;
- $php_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$php_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($php_directive_snippet['snippet']).'</pre></a> ';
+ $php_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$app->functions->htmlentities($php_directive_snippet['name']).']<pre class="addPlaceholderContent" style="display:none;">'.$app->functions->htmlentities($php_directive_snippet['snippet']).'</pre></a> ';
}
$php_directive_snippets_txt .= '<br><br>';
}
@@ -658,7 +658,7 @@ class page_action extends tform_actions {
$php_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'<br>';
foreach($php_directive_snippets as $php_directive_snippet){
$php_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $php_directive_snippet['snippet'] . PHP_EOL;
- $php_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$php_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($php_directive_snippet['snippet']).'</pre></a> ';
+ $php_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$app->functions->htmlentities($php_directive_snippet['name']).']<pre class="addPlaceholderContent" style="display:none;">'.$app->functions->htmlentities($php_directive_snippet['snippet']).'</pre></a> ';
}
}
if($php_directive_snippets_txt == '') $php_directive_snippets_txt = '------';
@@ -671,7 +671,7 @@ class page_action extends tform_actions {
$apache_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'<br>';
foreach($apache_directive_snippets as $apache_directive_snippet){
$apache_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $apache_directive_snippet['snippet'] . PHP_EOL;
- $apache_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$apache_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($apache_directive_snippet['snippet']).'</pre></a> ';
+ $apache_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$app->functions->htmlentities($apache_directive_snippet['name']).']<pre class="addPlaceholderContent" style="display:none;">'.$app->functions->htmlentities($apache_directive_snippet['snippet']).'</pre></a> ';
}
$apache_directive_snippets_txt .= '<br><br>';
}
@@ -681,7 +681,7 @@ class page_action extends tform_actions {
$apache_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'<br>';
foreach($apache_directive_snippets as $apache_directive_snippet){
$apache_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $apache_directive_snippet['snippet'] . PHP_EOL;
- $apache_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$apache_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($apache_directive_snippet['snippet']).'</pre></a> ';
+ $apache_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$app->functions->htmlentities($apache_directive_snippet['name']).']<pre class="addPlaceholderContent" style="display:none;">'.$app->functions->htmlentities($apache_directive_snippet['snippet']).'</pre></a> ';
}
}
if($apache_directive_snippets_txt == '') $apache_directive_snippets_txt = '------';
@@ -695,7 +695,7 @@ class page_action extends tform_actions {
$nginx_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'<br>';
foreach($nginx_directive_snippets as $nginx_directive_snippet){
$nginx_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $nginx_directive_snippet['snippet'] . PHP_EOL;
- $nginx_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$nginx_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($nginx_directive_snippet['snippet']).'</pre></a> ';
+ $nginx_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$app->functions->htmlentities($nginx_directive_snippet['name']).']<pre class="addPlaceholderContent" style="display:none;">'.$app->functions->htmlentities($nginx_directive_snippet['snippet']).'</pre></a> ';
}
$nginx_directive_snippets_txt .= '<br><br>';
}
@@ -705,7 +705,7 @@ class page_action extends tform_actions {
$nginx_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'<br>';
foreach($nginx_directive_snippets as $nginx_directive_snippet){
$nginx_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $nginx_directive_snippet['snippet'] . PHP_EOL;
- $nginx_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$nginx_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($nginx_directive_snippet['snippet']).'</pre></a> ';
+ $nginx_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$app->functions->htmlentities($nginx_directive_snippet['name']).']<pre class="addPlaceholderContent" style="display:none;">'.$app->functions->htmlentities($nginx_directive_snippet['snippet']).'</pre></a> ';
}
}
if($nginx_directive_snippets_txt == '') $nginx_directive_snippets_txt = '------';
@@ -718,7 +718,7 @@ class page_action extends tform_actions {
$proxy_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'<br>';
foreach($proxy_directive_snippets as $proxy_directive_snippet){
$proxy_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $proxy_directive_snippet['snippet'] . PHP_EOL;
- $proxy_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$proxy_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($proxy_directive_snippet['snippet']).'</pre></a> ';
+ $proxy_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$app->functions->htmlentities($proxy_directive_snippet['name']).']<pre class="addPlaceholderContent" style="display:none;">'.$app->functions->htmlentities($proxy_directive_snippet['snippet']).'</pre></a> ';
}
$proxy_directive_snippets_txt .= '<br><br>';
}
@@ -728,7 +728,7 @@ class page_action extends tform_actions {
$proxy_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'<br>';
foreach($proxy_directive_snippets as $proxy_directive_snippet){
$proxy_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $proxy_directive_snippet['snippet'] . PHP_EOL;
- $proxy_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$proxy_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($proxy_directive_snippet['snippet']).'</pre></a> ';
+ $proxy_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$app->functions->htmlentities($proxy_directive_snippet['name']).']<pre class="addPlaceholderContent" style="display:none;">'.$app->functions->htmlentities($proxy_directive_snippet['snippet']).'</pre></a> ';
}
}
if($proxy_directive_snippets_txt == '') $proxy_directive_snippets_txt = '------';
@@ -748,7 +748,7 @@ class page_action extends tform_actions {
if(is_array($ssl_domains)) {
foreach( $ssl_domains as $ssl_domain) {
$selected = ($ssl_domain == $this->dataRecord['ssl_domain'])?'SELECTED':'';
- $ssl_domain_select .= "<option value='$ssl_domain' $selected>".$app->functions->idn_decode($ssl_domain)."</option>\r\n";
+ $ssl_domain_select .= "<option value='" . $app->functions->htmlentities($ssl_domain) . "' $selected>".$app->functions->htmlentities($app->functions->idn_decode($ssl_domain))."</option>\r\n";
}
}
$app->tpl->setVar("ssl_domain", $ssl_domain_select);
@@ -798,7 +798,7 @@ class page_action extends tform_actions {
} elseif($this->_vhostdomain_type == 'domain' && $domain['domain'] == $this->dataRecord["domain"]) {
$domain_select .= " selected";
}
- $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . "</option>\r\n";
+ $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . "</option>\r\n";
}
}
else {
@@ -827,13 +827,13 @@ class page_action extends tform_actions {
$datalog = $app->db->queryOneRecord("SELECT sys_datalog.error, sys_log.tstamp FROM sys_datalog, sys_log WHERE sys_datalog.dbtable = 'web_domain' AND sys_datalog.dbidx = ? AND sys_datalog.datalog_id = sys_log.datalog_id AND sys_log.message = CONCAT('Processed datalog_id ',sys_log.datalog_id) ORDER BY sys_datalog.tstamp DESC", 'domain_id:' . $this->id);
if(is_array($datalog) && !empty($datalog)){
if(trim($datalog['error']) != ''){
- $app->tpl->setVar("config_error_msg", nl2br(htmlentities($datalog['error'])));
+ $app->tpl->setVar("config_error_msg", nl2br($app->functions->htmlentities($datalog['error'])));
$app->tpl->setVar("config_error_tstamp", date($app->lng('conf_format_datetime'), $datalog['tstamp']));
}
}
}
- $app->tpl->setVar('vhostdomain_type', $this->_vhostdomain_type);
+ $app->tpl->setVar('vhostdomain_type', $this->_vhostdomain_type, true);
$app->tpl->setVar('is_spdy_enabled', ($web_config['enable_spdy'] === 'y'));
$app->tpl->setVar("is_admin", $is_admin);
@@ -859,7 +859,7 @@ class page_action extends tform_actions {
if(is_array($m_directive_snippets) && !empty($m_directive_snippets)){
$directive_snippets_id_select .= '<optgroup label="'.$app->tform->wordbook["select_master_directive_snippet_txt"].'">';
foreach($m_directive_snippets as $m_directive_snippet){
- $directive_snippets_id_select .= '<option value="'.$m_directive_snippet['directive_snippets_id'].'"'.($this->dataRecord['directive_snippets_id'] == $m_directive_snippet['directive_snippets_id']? ' selected="selected"' : '').'>'.$m_directive_snippet['name'].'</option>';
+ $directive_snippets_id_select .= '<option value="'.$m_directive_snippet['directive_snippets_id'].'"'.($this->dataRecord['directive_snippets_id'] == $m_directive_snippet['directive_snippets_id']? ' selected="selected"' : '').'>'.$app->functions->htmlentities($m_directive_snippet['name']).'</option>';
}
$directive_snippets_id_select .= '</optgroup>';
}
@@ -868,7 +868,7 @@ class page_action extends tform_actions {
if(is_array($directive_snippets) && !empty($directive_snippets)){
$directive_snippets_id_select .= '<optgroup label="'.$app->tform->wordbook["select_directive_snippet_txt"].'">';
foreach($directive_snippets as $directive_snippet){
- $directive_snippets_id_select .= '<option value="'.$directive_snippet['directive_snippets_id'].'"'.($this->dataRecord['directive_snippets_id'] == $directive_snippet['directive_snippets_id']? ' selected="selected"' : '').'>'.$directive_snippet['name'].'</option>';
+ $directive_snippets_id_select .= '<option value="'.$directive_snippet['directive_snippets_id'].'"'.($this->dataRecord['directive_snippets_id'] == $directive_snippet['directive_snippets_id']? ' selected="selected"' : '').'>'.$app->functions->htmlentities($directive_snippet['name']).'</option>';
}
$directive_snippets_id_select .= '</optgroup>';
}
diff --git a/interface/web/sites/webdav_user_edit.php b/interface/web/sites/webdav_user_edit.php
index e94625fd9d0122a253b4b151e7119e3aa09645ae..e02e0bdaff10e56bb3ac4a41d615a4b53b6ce79b 100644
--- a/interface/web/sites/webdav_user_edit.php
+++ b/interface/web/sites/webdav_user_edit.php
@@ -82,7 +82,7 @@ class page_action extends tform_actions {
}
if($this->dataRecord['username'] == "") {
- $app->tpl->setVar("username_prefix", $webdavuser_prefix);
+ $app->tpl->setVar("username_prefix", $webdavuser_prefix, true);
} else {
$app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $webdavuser_prefix, $global_config['webdavuser_prefix']), true);
}
diff --git a/interface/web/vm/openvz_vm_edit.php b/interface/web/vm/openvz_vm_edit.php
index 8109859ecef09107cded1d5b976ccec92fa789f6..4dd1a551deff4e8cb40c7f2cb23200acbc93627e 100644
--- a/interface/web/vm/openvz_vm_edit.php
+++ b/interface/web/vm/openvz_vm_edit.php
@@ -86,7 +86,7 @@ class page_action extends tform_actions {
if(is_array($records)) {
foreach( $records as $rec) {
$selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':'';
- $template_id_select .= "<option value='$rec[template_id]' $selected>$rec[template_name]</option>\r\n";
+ $template_id_select .= "<option value='$rec[template_id]' $selected>" . $app->functions->htmlentities($rec['template_name']) . "</option>\r\n";
}
}
$app->tpl->setVar("template_id_select", $template_id_select);
@@ -109,7 +109,7 @@ class page_action extends tform_actions {
if(is_array($records)) {
foreach( $records as $rec) {
$selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
- $client_select .= "<option value='$rec[groupid]' $selected>$rec[contactname]</option>\r\n";
+ $client_select .= "<option value='$rec[groupid]' $selected>" . $app->functions->htmlentities($rec['contactname']) . "</option>\r\n";
}
}
$app->tpl->setVar("client_group_id", $client_select);
@@ -124,7 +124,7 @@ class page_action extends tform_actions {
if(is_array($records)) {
foreach( $records as $rec) {
$selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':'';
- $template_id_select .= "<option value='$rec[template_id]' $selected>$rec[template_name]</option>\r\n";
+ $template_id_select .= "<option value='$rec[template_id]' $selected>" . $app->functions->htmlentities($rec['template_name']) . "</option>\r\n";
}
}
$app->tpl->setVar("template_id_select", $template_id_select);
@@ -141,7 +141,7 @@ class page_action extends tform_actions {
if(is_array($clients)) {
foreach( $clients as $client) {
$selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
- $client_select .= "<option value='$client[groupid]' $selected>$client[contactname]</option>\r\n";
+ $client_select .= "<option value='$client[groupid]' $selected>" . $app->functions->htmlentities($client['contactname']) . "</option>\r\n";
}
}
$app->tpl->setVar("client_group_id", $client_select);
@@ -153,7 +153,7 @@ class page_action extends tform_actions {
$template_id_select='';
foreach( $records as $rec) {
$selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':'';
- $template_id_select .= "<option value='$rec[template_id]' $selected>$rec[template_name]</option>\r\n";
+ $template_id_select .= "<option value='$rec[template_id]' $selected>" . $app->functions->htmlentities($rec['template_name']) . "</option>\r\n";
}
}
$app->tpl->setVar("template_id_select", $template_id_select);
@@ -175,7 +175,7 @@ class page_action extends tform_actions {
if(is_array($ips)) {
foreach( $ips as $ip) {
$selected = ($ip["ip_address"] == $this->dataRecord["ip_address"])?'SELECTED':'';
- $ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
+ $ip_select .= "<option value='$ip[ip_address]' $selected>" . $app->functions->htmlentities($ip['ip_address']) . "</option>\r\n";
}
}
$app->tpl->setVar("ip_address", $ip_select);
@@ -188,7 +188,7 @@ class page_action extends tform_actions {
foreach ($additional_ips as $idx => $rec) {
$temp .= "<input type='hidden' id='id".$idx."' name='additional_ip[".$idx."]' name='additional_ip[".$idx."]' value='0'>";
$used = @($rec['additional']=='y')?'CHECKED':'';
- $temp .= "<input type='checkbox' value='".$rec['ip_address']."' id='id".$idx."' name='additional_ip[".$idx."]' ".$used."> ".$rec['ip_address']."<br>";
+ $temp .= "<input type='checkbox' value='".$app->functions->htmlentities($rec['ip_address'])."' id='id".$idx."' name='additional_ip[".$idx."]' ".$used."> ".$app->functions->htmlentities($rec['ip_address'])."<br>";
}
$app->tpl->setVar("additional_ip", $temp);
unset($used);