diff --git a/interface/lib/classes/functions.inc.php b/interface/lib/classes/functions.inc.php index da35a370025a75215ef61c7934ad3e778ff58327..a646e1be0a293e2e39882fd8cc72c67068ad97ed 100644 --- a/interface/lib/classes/functions.inc.php +++ b/interface/lib/classes/functions.inc.php @@ -454,6 +454,25 @@ class functions { $app->log("Failed to create SSH keypair for ".$username, LOGLEVEL_WARN); } } + + public function htmlentities($value) { + global $conf; + + if(is_array($value)) { + $out = array(); + foreach($value as $key => $val) { + if(is_array($val)) { + $out[$key] = $this->htmlentities($val); + } else { + $out[$key] = htmlentities($val, ENT_QUOTES, $conf["html_content_encoding"]); + } + } + } else { + $out = htmlentities($value, ENT_QUOTES, $conf["html_content_encoding"]); + } + + return $out; + } } ?> diff --git a/interface/lib/classes/listform.inc.php b/interface/lib/classes/listform.inc.php index 4999f7e5427b631a8e964a68791cba091a804376..15a1a53add169892e4aaba3e1b7d4dcb775d398c 100644 --- a/interface/lib/classes/listform.inc.php +++ b/interface/lib/classes/listform.inc.php @@ -179,6 +179,7 @@ class listform { && $k == $_SESSION['search'][$list_name][$search_prefix.$field] && $_SESSION['search'][$list_name][$search_prefix.$field] != '') ? ' SELECTED' : ''; + $v = $app->functions->htmlentities($v); $out .= "\r\n"; } } @@ -610,17 +611,8 @@ class listform { } function escapeArrayValues($search_values) { - global $conf; - - $out = array(); - if(is_array($search_values)) { - foreach($search_values as $key => $val) { - $out[$key] = htmlentities($val, ENT_QUOTES, $conf["html_content_encoding"]); - } - } - - return $out; - + global $app; + return $app->functions->htmlentities($search_values); } } diff --git a/interface/lib/classes/listform_actions.inc.php b/interface/lib/classes/listform_actions.inc.php index 1bf615e857bc00e229553e4a3e765e04d784fbf9..b4366feaa6535782c082cee801ecbf08924f224b 100644 --- a/interface/lib/classes/listform_actions.inc.php +++ b/interface/lib/classes/listform_actions.inc.php @@ -180,7 +180,7 @@ class listform_actions { $rec['_'.$key.'_'] = (strtolower($rec[$key]) == 'y')?'x16/tick_circle.png':'x16/cross_circle.png'; } //* substitute value for select field - $rec[$key] = @$field['value'][$rec[$key]]; + $rec[$key] = $app->functions->htmlentities(@$field['value'][$rec[$key]]); } } } diff --git a/interface/lib/classes/quota_lib.inc.php b/interface/lib/classes/quota_lib.inc.php index 93d8baa5de2cb21154125737e87f400764f81595..e5d55ff80c17c00354fa6001d6add5c49def61a5 100644 --- a/interface/lib/classes/quota_lib.inc.php +++ b/interface/lib/classes/quota_lib.inc.php @@ -243,7 +243,8 @@ class quota_lib { if(is_array($emails) && !empty($emails)){ for($i=0;$ifunctions->htmlentities($emails[$i]['name']); $emails[$i]['used'] = isset($monitor_data[$email]['used']) ? $monitor_data[$email]['used'] : array(1 => 0); if (!is_numeric($emails[$i]['used'])) $emails[$i]['used']=$emails[$i]['used'][1]; diff --git a/interface/lib/classes/tform_base.inc.php b/interface/lib/classes/tform_base.inc.php index 8bb8cb7b7dbb4e9fe907dac4ebbabf67f14d05c3..d06072e830c75e9b33e7abe960c3ef69311d1d31 100644 --- a/interface/lib/classes/tform_base.inc.php +++ b/interface/lib/classes/tform_base.inc.php @@ -473,8 +473,8 @@ class tform_base { if(is_array($field['value'])) { foreach($field['value'] as $k => $v) { $selected = ($k == $val)?' SELECTED':''; - if(isset($this->wordbook[$v])) - $v = $this->wordbook[$v]; + if(isset($this->wordbook[$v])) $v = $this->wordbook[$v]; + else $v = $app->functions->htmlentities($v); $out .= "\r\n"; } } @@ -494,7 +494,7 @@ class tform_base { foreach($vals as $tvl) { if(trim($tvl) == trim($k)) $selected = ' SELECTED'; } - + $v = $app->functions->htmlentities($v); $out .= "\r\n"; } } @@ -577,7 +577,7 @@ class tform_base { default: if(isset($record[$key])) { - $new_record[$key] = htmlspecialchars($record[$key]); + $new_record[$key] = $app->functions->htmlentities($record[$key]); } else { $new_record[$key] = ''; } @@ -608,7 +608,8 @@ class tform_base { $out = ''; foreach($field['value'] as $k => $v) { $selected = ($k == $field["default"])?' SELECTED':''; - $out .= "\r\n"; + $v = $app->functions->htmlentities($this->lng($v)); + $out .= "\r\n"; } } if(isset($out)) $new_record[$key] = $out; @@ -622,7 +623,7 @@ class tform_base { // HTML schreiben $out = ''; foreach($field['value'] as $k => $v) { - + $v = $app->functions->htmlentities($v); $out .= "\r\n"; } } @@ -693,7 +694,7 @@ class tform_base { break; default: - $new_record[$key] = htmlspecialchars($field['default']); + $new_record[$key] = $app->functions->htmlentities($field['default']); } } @@ -911,6 +912,12 @@ class tform_base { case 'NOWHITESPACE': $returnval = preg_replace('/\s+/', '', $returnval); break; + case 'STRIPTAGS': + $returnval = strip_tags(preg_replace('/]*?>.*?<\/script>/is', '', $returnval)); + break; + case 'STRIPNL': + $returnval = str_replace(array("\n","\r"),'', $returnval); + break; default: $this->errorMessage .= "Unknown Filter: ".$filter['type']; break; diff --git a/interface/web/admin/form/directive_snippets.tform.php b/interface/web/admin/form/directive_snippets.tform.php index 4d34fefb59c02e15e63e8f8375691d12ad310607..544cb8b85537df42206ea5c861f20d0050bfb69b 100644 --- a/interface/web/admin/form/directive_snippets.tform.php +++ b/interface/web/admin/form/directive_snippets.tform.php @@ -71,6 +71,12 @@ $form["tabs"]['directive_snippets'] = array ( 1 => array ( 'type' => 'UNIQUE', 'errmsg'=> 'directive_snippets_name_error_unique'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', diff --git a/interface/web/admin/form/groups.tform.php b/interface/web/admin/form/groups.tform.php index c7b3f74fdb37c793f321e809317b3a0ae9d7da65..5bcbe6279f7a82a3e5d49c4b08c67f9e313c7266 100644 --- a/interface/web/admin/form/groups.tform.php +++ b/interface/web/admin/form/groups.tform.php @@ -81,6 +81,12 @@ $form["tabs"]['groups'] = array ( 'name' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'regex' => '/^.{1,30}$/', 'errmsg' => 'name_err', 'default' => '', @@ -94,6 +100,10 @@ $form["tabs"]['groups'] = array ( 'description' => array ( 'datatype' => 'TEXT', 'formtype' => 'TEXTAREA', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS') + ), 'regex' => '', 'errmsg' => '', 'default' => '', diff --git a/interface/web/admin/form/iptables.tform.php b/interface/web/admin/form/iptables.tform.php index 7d09ca3f5e1b3bd40875ad3a94754d3530e6ab1c..76d747020d3966a7390d141c7df50c2262687764 100644 --- a/interface/web/admin/form/iptables.tform.php +++ b/interface/web/admin/form/iptables.tform.php @@ -52,6 +52,12 @@ $form["tabs"]['iptables'] = array ( 'source_ip' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '', @@ -60,6 +66,12 @@ $form["tabs"]['iptables'] = array ( 'destination_ip' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '', @@ -68,6 +80,12 @@ $form["tabs"]['iptables'] = array ( 'singleport' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '', @@ -76,6 +94,12 @@ $form["tabs"]['iptables'] = array ( 'multiport' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '', @@ -84,6 +108,12 @@ $form["tabs"]['iptables'] = array ( 'state' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '', diff --git a/interface/web/admin/form/server.tform.php b/interface/web/admin/form/server.tform.php index 1bf079e1b0bb08791cdddb7f70b9797e5720e504..95dca6c33b5cb552b29692b3c0f27f2e76924024 100644 --- a/interface/web/admin/form/server.tform.php +++ b/interface/web/admin/form/server.tform.php @@ -61,6 +61,12 @@ $form["tabs"]['services'] = array ( 'server_name' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', diff --git a/interface/web/admin/form/server_config.tform.php b/interface/web/admin/form/server_config.tform.php index 6c9e56772b33a1b6a65f509aa212c8d49bb00b42..70aac48e0787e06835b32a6773012e1cf213ec16 100644 --- a/interface/web/admin/form/server_config.tform.php +++ b/interface/web/admin/form/server_config.tform.php @@ -145,6 +145,12 @@ $form["tabs"]['server'] = array( 'validators' => array(0 => array('type' => 'NOTEMPTY', 'errmsg' => 'nameservers_error_empty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'value' => '', 'width' => '40', 'maxlength' => '255' @@ -316,6 +322,12 @@ $form["tabs"]['server'] = array( 'monit_user' => array( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '40', @@ -344,6 +356,12 @@ $form["tabs"]['server'] = array( 'munin_user' => array( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '40', @@ -426,6 +444,12 @@ $form["tabs"]['mail'] = array( 'dkim_path' => array( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '/var/lib/amavis/dkim', 'value' => '', 'width' => '40', @@ -527,6 +551,12 @@ $form["tabs"]['mail'] = array( 'relayhost' => array( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '40', @@ -535,6 +565,12 @@ $form["tabs"]['mail'] = array( 'relayhost_user' => array( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '40', @@ -719,6 +755,12 @@ $form["tabs"]['web'] = array( 'website_autoalias' => array( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '40', @@ -1135,6 +1177,12 @@ $form["tabs"]['web'] = array( 'validators' => array( 0 => array('type' => 'NOTEMPTY', 'errmsg' => 'htaccess_allow_override_error_empty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'value' => '', 'width' => '40', 'maxlength' => '255' @@ -1161,6 +1209,12 @@ $form["tabs"]['web'] = array( 'validators' => array(0 => array('type' => 'NOTEMPTY', 'errmsg' => 'apps_vhost_port_error_empty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'value' => '', 'width' => '40', 'maxlength' => '255' @@ -1172,6 +1226,12 @@ $form["tabs"]['web'] = array( 'validators' => array(0 => array('type' => 'NOTEMPTY', 'errmsg' => 'apps_vhost_ip_error_empty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'value' => '', 'width' => '40', 'maxlength' => '255' @@ -1179,6 +1239,12 @@ $form["tabs"]['web'] = array( 'apps_vhost_servername' => array( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '40', @@ -1187,6 +1253,12 @@ $form["tabs"]['web'] = array( 'awstats_conf_dir' => array( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '40', @@ -1486,6 +1558,12 @@ $form["tabs"]['xmpp'] = array( 'xmpp_server_admins' => array( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => 'admin@service.com, superuser@service.com', 'value' => '', 'width' => '15' @@ -1494,6 +1572,12 @@ $form["tabs"]['xmpp'] = array( 'xmpp_modules_enabled' => array( 'datatype' => 'TEXT', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => "saslauth, tls, dialback, disco, discoitems, version, uptime, time, ping, admin_adhoc, admin_telnet, bosh, posix, announce, offline, webpresence, mam, stream_management, message_carbons", 'value' => '', 'separator' => "," diff --git a/interface/web/admin/form/server_php.tform.php b/interface/web/admin/form/server_php.tform.php index d5b0c5ff73781ac56b3da21dc0d8f598c0eac892..c94bb38c015aa50ea9b1626c17f410f34692a62b 100644 --- a/interface/web/admin/form/server_php.tform.php +++ b/interface/web/admin/form/server_php.tform.php @@ -112,6 +112,12 @@ $form["tabs"]['php_name'] = array ( 'validators' => array(0 => array('type' => 'NOTEMPTY', 'errmsg' => 'server_php_name_error_empty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -135,6 +141,12 @@ $form["tabs"]['php_fastcgi'] = array( 'php_fastcgi_binary' => array( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '40', @@ -143,6 +155,12 @@ $form["tabs"]['php_fastcgi'] = array( 'php_fastcgi_ini_dir' => array( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '40', @@ -165,6 +183,12 @@ $form["tabs"]['php_fpm'] = array( 'php_fpm_init_script' => array( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '40', @@ -173,6 +197,12 @@ $form["tabs"]['php_fpm'] = array( 'php_fpm_ini_dir' => array( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '40', @@ -181,6 +211,12 @@ $form["tabs"]['php_fpm'] = array( 'php_fpm_pool_dir' => array( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '40', diff --git a/interface/web/admin/form/software_package.tform.php b/interface/web/admin/form/software_package.tform.php index 1db7056acc1b0b779962fbcdc6820fca5257e34d..b8368d545751d19216fac8c69c588dc62b1cad48 100644 --- a/interface/web/admin/form/software_package.tform.php +++ b/interface/web/admin/form/software_package.tform.php @@ -87,6 +87,12 @@ $form["tabs"]['software_package'] = array ( 'package_title' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'validators' => '', 'default' => '', 'value' => '', @@ -99,6 +105,12 @@ $form["tabs"]['software_package'] = array ( 'package_key' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'validators' => '', 'default' => '', 'value' => '', diff --git a/interface/web/admin/form/software_repo.tform.php b/interface/web/admin/form/software_repo.tform.php index 6d1c50f921ea643d7d3f68121c3b46c902acc365..cbf68b3a3588e5e31d2c998e87c3b28b3fe20134 100644 --- a/interface/web/admin/form/software_repo.tform.php +++ b/interface/web/admin/form/software_repo.tform.php @@ -92,6 +92,12 @@ $form["tabs"]['software_repo'] = array ( 1 => array ( 'type' => 'UNIQUE', 'errmsg'=> 'repo_name_unique'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -108,6 +114,12 @@ $form["tabs"]['software_repo'] = array ( 1 => array ( 'type' => 'UNIQUE', 'errmsg'=> 'repo_name_unique'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -119,6 +131,12 @@ $form["tabs"]['software_repo'] = array ( 'repo_username' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', diff --git a/interface/web/admin/form/system_config.tform.php b/interface/web/admin/form/system_config.tform.php index 72618657968a7642d32f8f35ef1607af82877fef..681d166b34c729a824902385c77d8cbfb3795f75 100644 --- a/interface/web/admin/form/system_config.tform.php +++ b/interface/web/admin/form/system_config.tform.php @@ -282,7 +282,11 @@ $form["tabs"]['mail'] = array ( 1 => array( 'event' => 'SHOW', 'type' => 'IDNTOUTF8'), 2 => array( 'event' => 'SAVE', - 'type' => 'TOLOWER') + 'type' => 'TOLOWER'), + 3 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 4 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') ), 'formtype' => 'TEXT', 'default' => '', @@ -293,6 +297,12 @@ $form["tabs"]['mail'] = array ( 'admin_name' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -311,7 +321,11 @@ $form["tabs"]['mail'] = array ( 1 => array( 'event' => 'SHOW', 'type' => 'IDNTOUTF8'), 2 => array( 'event' => 'SAVE', - 'type' => 'TOLOWER') + 'type' => 'TOLOWER'), + 3 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 4 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') ), 'formtype' => 'TEXT', 'default' => '', @@ -322,6 +336,12 @@ $form["tabs"]['mail'] = array ( 'smtp_port' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '25', 'value' => '', 'width' => '30', @@ -330,6 +350,12 @@ $form["tabs"]['mail'] = array ( 'smtp_user' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -419,6 +445,10 @@ $form["tabs"]['domains'] = array ( 'new_domain_html' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS') + ), 'default' => '', 'value' => '' ), @@ -463,12 +493,24 @@ $form["tabs"]['misc'] = array ( 'company_name' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '' ), 'custom_login_text' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '' ), @@ -485,18 +527,36 @@ $form["tabs"]['misc'] = array ( 'dashboard_atom_url_admin' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => 'http://www.ispconfig.org/atom', 'value' => '' ), 'dashboard_atom_url_reseller' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => 'http://www.ispconfig.org/atom', 'value' => '' ), 'dashboard_atom_url_client' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => 'http://www.ispconfig.org/atom', 'value' => '' ), @@ -539,36 +599,72 @@ $form["tabs"]['misc'] = array ( 'admin_dashlets_left' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '' ), 'admin_dashlets_right' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '' ), 'reseller_dashlets_left' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '' ), 'reseller_dashlets_right' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '' ), 'client_dashlets_left' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '' ), 'client_dashlets_right' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '' ), diff --git a/interface/web/admin/form/tpl_default.tform.php b/interface/web/admin/form/tpl_default.tform.php index df52bbec5f3633e64090e2c96557ca0ad2fc4417..baa84d7b309ecb999de03f7098a10c5a17f790be 100644 --- a/interface/web/admin/form/tpl_default.tform.php +++ b/interface/web/admin/form/tpl_default.tform.php @@ -87,6 +87,12 @@ $form["tabs"]['basic'] = array ( 'username' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'validators' => '', 'default' => 'global', 'value' => 'global', @@ -97,6 +103,12 @@ $form["tabs"]['basic'] = array ( 'logo_url' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'validators' => '', 'default' => '', 'value' => '', diff --git a/interface/web/admin/list/directive_snippets.list.php b/interface/web/admin/list/directive_snippets.list.php index c41bcd5786b31cbe15846ea88169f511eae57184..31332e5ecf7232b25e1cc38e12b5a5d129f5fbd0 100644 --- a/interface/web/admin/list/directive_snippets.list.php +++ b/interface/web/admin/list/directive_snippets.list.php @@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "name", @@ -82,7 +82,7 @@ $liste["item"][] = array( 'field' => "customer_viewable", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "master_directive_snippets_id", 'datatype' => "BOOLEAN", diff --git a/interface/web/admin/list/firewall.list.php b/interface/web/admin/list/firewall.list.php index 786b7b848ae756f78a69e987b0af7a98a6cfdfed..884779110a908577ad81747f280b9de288eb4dde 100644 --- a/interface/web/admin/list/firewall.list.php +++ b/interface/web/admin/list/firewall.list.php @@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "server_id", 'datatype' => "VARCHAR", diff --git a/interface/web/admin/list/iptables.list.php b/interface/web/admin/list/iptables.list.php index 3ad78404ea4c195e8d35cdd79f9fec4338fe1f97..beaf1d7e5e2297fb6f0963d59f5284d708988012 100644 --- a/interface/web/admin/list/iptables.list.php +++ b/interface/web/admin/list/iptables.list.php @@ -18,7 +18,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array("y" => "
".$app->lng('yes_txt')."
", "n" => "
".$app->lng('no_txt')."
")); + 'value' => array("y" => $app->lng('yes_txt'), "n" => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "server_id", 'datatype' => "INTEGER", diff --git a/interface/web/admin/list/server.list.php b/interface/web/admin/list/server.list.php index 9ca54c07d5d2df744ac530f6898792264a666d25..58779eec9c6a1e84c9c175b78fc3824969b71c42 100644 --- a/interface/web/admin/list/server.list.php +++ b/interface/web/admin/list/server.list.php @@ -63,7 +63,7 @@ $liste['item'][] = array( 'field' => 'mail_server', 'prefix' => '%', 'suffix' => '%', 'width' => '', - 'value' => array('1' => "
".$app->lng('yes_txt')."
", '0' => "
".$app->lng('no_txt')."
")); + 'value' => array('1' => $app->lng('yes_txt'), '0' => $app->lng('no_txt'))); $liste['item'][] = array( 'field' => 'web_server', 'datatype' => 'VARCHAR', @@ -72,7 +72,7 @@ $liste['item'][] = array( 'field' => 'web_server', 'prefix' => '%', 'suffix' => '%', 'width' => '', - 'value' => array('1' => "
".$app->lng('yes_txt')."
", '0' => "
".$app->lng('no_txt')."
")); + 'value' => array('1' => $app->lng('yes_txt'), '0' => $app->lng('no_txt'))); $liste['item'][] = array( 'field' => 'dns_server', 'datatype' => 'VARCHAR', @@ -81,7 +81,7 @@ $liste['item'][] = array( 'field' => 'dns_server', 'prefix' => '%', 'suffix' => '%', 'width' => '', - 'value' => array('1' => "
".$app->lng('yes_txt')."
", '0' => "
".$app->lng('no_txt')."
")); + 'value' => array('1' => $app->lng('yes_txt'), '0' => $app->lng('no_txt'))); $liste['item'][] = array( 'field' => 'file_server', 'datatype' => 'VARCHAR', @@ -90,7 +90,7 @@ $liste['item'][] = array( 'field' => 'file_server', 'prefix' => '%', 'suffix' => '%', 'width' => '', - 'value' => array('1' => "
".$app->lng('yes_txt')."
", '0' => "
".$app->lng('no_txt')."
")); + 'value' => array('1' => $app->lng('yes_txt'), '0' => $app->lng('no_txt'))); $liste['item'][] = array( 'field' => 'db_server', 'datatype' => 'VARCHAR', @@ -99,7 +99,7 @@ $liste['item'][] = array( 'field' => 'db_server', 'prefix' => '%', 'suffix' => '%', 'width' => '', - 'value' => array('1' => "
".$app->lng('yes_txt')."
", '0' => "
".$app->lng('no_txt')."
")); + 'value' => array('1' => $app->lng('yes_txt'), '0' => $app->lng('no_txt'))); $liste['item'][] = array( 'field' => 'vserver_server', 'datatype' => 'VARCHAR', @@ -108,7 +108,7 @@ $liste['item'][] = array( 'field' => 'vserver_server', 'prefix' => '%', 'suffix' => '%', 'width' => '', - 'value' => array('1' => "
".$app->lng('yes_txt')."
", '0' => "
".$app->lng('no_txt')."
")); + 'value' => array('1' => $app->lng('yes_txt'), '0' => $app->lng('no_txt'))); $liste['item'][] = array( 'field' => 'xmpp_server', 'datatype' => 'VARCHAR', @@ -117,6 +117,6 @@ $liste['item'][] = array( 'field' => 'xmpp_server', 'prefix' => '%', 'suffix' => '%', 'width' => '', - 'value' => array('1' => "
".$app->lng('yes_txt')."
", '0' => "
".$app->lng('no_txt')."
")); + 'value' => array('1' => $app->lng('yes_txt'), '0' => $app->lng('no_txt'))); ?> diff --git a/interface/web/admin/list/server_ip.list.php b/interface/web/admin/list/server_ip.list.php index 6340172b0e9ebdb0321a8bfbd81c7f00b840f6bc..1e9bd8f4ecf7a9648d3716b43305715dddc3f207 100644 --- a/interface/web/admin/list/server_ip.list.php +++ b/interface/web/admin/list/server_ip.list.php @@ -95,7 +95,7 @@ $liste["item"][] = array( 'field' => "virtualhost", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste['item'][] = array( 'field' => 'virtualhost_port', diff --git a/interface/web/admin/list/server_ip_map.list.php b/interface/web/admin/list/server_ip_map.list.php index a70a76081bec28293499e40e82bf317b7ff2444a..6f9e60cfe83476bb2cddfdeb5d3331b2b5fbb23d 100644 --- a/interface/web/admin/list/server_ip_map.list.php +++ b/interface/web/admin/list/server_ip_map.list.php @@ -18,7 +18,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste['item'][] = array( 'field' => 'server_id', 'datatype' => 'INTEGER', diff --git a/interface/web/admin/list/software_repo.list.php b/interface/web/admin/list/software_repo.list.php index 824c66d6d9d29f0ae04727cd605535f272573b71..0e172ace99ad7bf2bf53234922d2aa7432a90fb3 100644 --- a/interface/web/admin/list/software_repo.list.php +++ b/interface/web/admin/list/software_repo.list.php @@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "repo_name", 'datatype' => "VARCHAR", diff --git a/interface/web/admin/list/users.list.php b/interface/web/admin/list/users.list.php index 53e3f440a6f6e76f6c79e0eb16610ee0bb45c61c..f241cd8506f281ffd5dc369959f03abbeb697b99 100644 --- a/interface/web/admin/list/users.list.php +++ b/interface/web/admin/list/users.list.php @@ -60,7 +60,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('1' => "
".$app->lng('yes_txt')."
", '0' => "
".$app->lng('no_txt')."
")); + 'value' => array('1' => $app->lng('yes_txt'), '0' => $app->lng('no_txt'))); $liste['item'][] = array( 'field' => 'username', 'datatype' => 'VARCHAR', diff --git a/interface/web/client/client_edit.php b/interface/web/client/client_edit.php index 10e3f3cadd640efc130e84182de38f32dcbb93d5..8577a1b32d94a5c1e27de0c622495d3f0b4ca2be 100644 --- a/interface/web/client/client_edit.php +++ b/interface/web/client/client_edit.php @@ -133,6 +133,7 @@ class page_action extends tform_actions { $tpls = $app->db->queryAllRecords($sql); $option = ''; $tpl = array(); + $tpls = $app->functions->htmlentities($tpls); foreach($tpls as $item){ $option .= ''; $tpl[$item['template_id']] = $item['template_name']; @@ -154,7 +155,7 @@ class page_action extends tform_actions { $tmp->id = $item['assigned_template_id']; $tmp->data = ''; $app->plugin->raiseEvent('get_client_template_details', $tmp); - if($tmp->data != '') $text .= '
' . $tmp->data . ''; + if($tmp->data != '') $text .= '
' . $app->functions->htmlentities($tmp->data) . ''; $text .= ''; $items[] = $item['assigned_template_id'] . ':' . $item['client_template_id']; @@ -219,6 +220,7 @@ class page_action extends tform_actions { // Fill the client select field $sql = "SELECT client.client_id, sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 AND client.limit_client != 0 ORDER BY client.company_name, client.contact_name, sys_group.name"; $clients = $app->db->queryAllRecords($sql); + $clients = $app->functions->htmlentities($clients); $client_select = ""; //$tmp_data_record = $app->tform->getDataRecord($this->id); if(is_array($clients)) { diff --git a/interface/web/client/domain_edit.php b/interface/web/client/domain_edit.php index 67be43e04c829058babcdde95b54928964351d07..8867e295783b6280bd6d26bff8c6f5e22a29b544 100644 --- a/interface/web/client/domain_edit.php +++ b/interface/web/client/domain_edit.php @@ -83,6 +83,7 @@ class page_action extends tform_actions { //$sql = "SELECT groupid, name FROM sys_group WHERE client_id > 0 ORDER BY name"; $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name"; $clients = $app->db->queryAllRecords($sql); + $clients = $app->functions->htmlentities($clients); $client_select = ''; if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= ""; if($this->id > 0) $tmp_data_record = $app->tform->getDataRecord($this->id); else $tmp_data_record = $this->dataRecord; @@ -98,11 +99,13 @@ class page_action extends tform_actions { // Get the limits of the client $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); - + $client = $app->functions->htmlentities($client); + // Fill the client select field $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name"; //die($sql); $records = $app->db->queryAllRecords($sql, $client['client_id']); + $records = $app->functions->htmlentities($records); $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']); $client_select = ''; //$tmp_data_record = $app->tform->getDataRecord($this->id); diff --git a/interface/web/client/form/client.tform.php b/interface/web/client/form/client.tform.php index 3a8d4f2fccfc8c6ed044939233f4088e3efe4772..151c5dc95926373f089135c8fc278ddd8105d821 100644 --- a/interface/web/client/form/client.tform.php +++ b/interface/web/client/form/client.tform.php @@ -91,6 +91,12 @@ $form["tabs"]['address'] = array ( 'company_name' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -119,6 +125,10 @@ $form["tabs"]['address'] = array ( 'searchable' => 1, 'filters' => array( 0 => array( 'event' => 'SAVE', 'type' => 'TRIM'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 2 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') ), ), 'contact_name' => array ( @@ -137,6 +147,10 @@ $form["tabs"]['address'] = array ( 'searchable' => 1, 'filters' => array( 0 => array( 'event' => 'SAVE', 'type' => 'TRIM'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 2 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') ), ), 'customer_no' => array ( @@ -146,6 +160,12 @@ $form["tabs"]['address'] = array ( 'errmsg'=> 'customer_no_error_unique', 'allowempty' => 'y'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -226,6 +246,12 @@ $form["tabs"]['address'] = array ( 'street' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -238,6 +264,12 @@ $form["tabs"]['address'] = array ( 'zip' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -250,6 +282,12 @@ $form["tabs"]['address'] = array ( 'city' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -262,6 +300,12 @@ $form["tabs"]['address'] = array ( 'state' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -285,6 +329,12 @@ $form["tabs"]['address'] = array ( 'telephone' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -297,6 +347,12 @@ $form["tabs"]['address'] = array ( 'mobile' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -309,6 +365,12 @@ $form["tabs"]['address'] = array ( 'fax' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -345,6 +407,12 @@ $form["tabs"]['address'] = array ( 'internet' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => 'http://', 'value' => '', 'separator' => '', @@ -357,6 +425,12 @@ $form["tabs"]['address'] = array ( 'icq' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -385,12 +459,22 @@ $form["tabs"]['address'] = array ( 1 => array( 'event' => 'SAVE', 'type' => 'TOUPPER'), 2 => array( 'event' => 'SAVE', - 'type' => 'NOWHITESPACE') + 'type' => 'NOWHITESPACE'), + 3 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 4 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') ), ), 'company_id' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -402,6 +486,12 @@ $form["tabs"]['address'] = array ( 'bank_account_owner' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -413,6 +503,12 @@ $form["tabs"]['address'] = array ( 'bank_account_number' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -424,6 +520,12 @@ $form["tabs"]['address'] = array ( 'bank_code' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -435,6 +537,12 @@ $form["tabs"]['address'] = array ( 'bank_name' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -458,7 +566,11 @@ $form["tabs"]['address'] = array ( 1 => array( 'event' => 'SAVE', 'type' => 'TOUPPER'), 2 => array( 'event' => 'SAVE', - 'type' => 'NOWHITESPACE') + 'type' => 'NOWHITESPACE'), + 3 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 4 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') ), ), 'bank_account_swift' => array ( @@ -476,12 +588,20 @@ $form["tabs"]['address'] = array ( 1 => array( 'event' => 'SAVE', 'type' => 'TOUPPER'), 2 => array( 'event' => 'SAVE', - 'type' => 'NOWHITESPACE') + 'type' => 'NOWHITESPACE'), + 3 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 4 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') ), ), 'notes' => array ( 'datatype' => 'TEXT', 'formtype' => 'TEXTAREA', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -538,6 +658,12 @@ $form["tabs"]['address'] = array ( 'added_by' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => $_SESSION['s']['user']['username'], 'value' => '', 'separator' => '', diff --git a/interface/web/client/form/client_circle.tform.php b/interface/web/client/form/client_circle.tform.php index 91b96b3549d94c773198732b255e69a079acfbeb..64eee542d71bbc22eed2134a5775c74aa9735617 100644 --- a/interface/web/client/form/client_circle.tform.php +++ b/interface/web/client/form/client_circle.tform.php @@ -91,6 +91,12 @@ $form["tabs"]['circle'] = array ( 'circle_name' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -115,6 +121,10 @@ $form["tabs"]['circle'] = array ( 'description' => array ( 'datatype' => 'TEXT', 'formtype' => 'TEXTAREA', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS') + ), 'default' => '', 'value' => '', 'separator' => '', diff --git a/interface/web/client/form/client_template.tform.php b/interface/web/client/form/client_template.tform.php index 13e8cfbcce718d94b8f3518dddb26ed63d45986b..5d9f81de0b80114e81068d23f9b465939d891118 100644 --- a/interface/web/client/form/client_template.tform.php +++ b/interface/web/client/form/client_template.tform.php @@ -82,6 +82,12 @@ $form["tabs"]['template'] = array ( 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'error_template_name_empty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', diff --git a/interface/web/client/form/message_template.tform.php b/interface/web/client/form/message_template.tform.php index 14dfea1cd0904ebeec69b27c2bf1b05de435b707..ab2d19134003e949254649bfbe8cb3b219be864e 100644 --- a/interface/web/client/form/message_template.tform.php +++ b/interface/web/client/form/message_template.tform.php @@ -67,6 +67,12 @@ $form["tabs"]['template'] = array ( 'template_name' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -81,6 +87,12 @@ $form["tabs"]['template'] = array ( 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'subject_error_empty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', diff --git a/interface/web/client/form/reseller.tform.php b/interface/web/client/form/reseller.tform.php index 903c8d8c0cd28260bf28d830d8736b0bd3bc5f5c..706219f76afa9f74ed177ba79cb323d0ce37ba4b 100644 --- a/interface/web/client/form/reseller.tform.php +++ b/interface/web/client/form/reseller.tform.php @@ -91,6 +91,12 @@ $form["tabs"]['address'] = array ( 'company_name' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -119,6 +125,10 @@ $form["tabs"]['address'] = array ( 'searchable' => 1, 'filters' => array( 0 => array( 'event' => 'SAVE', 'type' => 'TRIM'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 2 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') ), ), 'contact_name' => array ( @@ -137,6 +147,10 @@ $form["tabs"]['address'] = array ( 'searchable' => 1, 'filters' => array( 0 => array( 'event' => 'SAVE', 'type' => 'TRIM'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 2 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') ), ), 'customer_no' => array ( @@ -146,6 +160,12 @@ $form["tabs"]['address'] = array ( 'errmsg'=> 'customer_no_error_unique', 'allowempty' => 'y'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -226,6 +246,12 @@ $form["tabs"]['address'] = array ( 'street' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -238,6 +264,12 @@ $form["tabs"]['address'] = array ( 'zip' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -250,6 +282,12 @@ $form["tabs"]['address'] = array ( 'city' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -262,6 +300,12 @@ $form["tabs"]['address'] = array ( 'state' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -286,6 +330,12 @@ $form["tabs"]['address'] = array ( 'telephone' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -298,6 +348,12 @@ $form["tabs"]['address'] = array ( 'mobile' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -310,6 +366,12 @@ $form["tabs"]['address'] = array ( 'fax' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -343,6 +405,12 @@ $form["tabs"]['address'] = array ( 'internet' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => 'http://', 'value' => '', 'separator' => '', @@ -355,6 +423,12 @@ $form["tabs"]['address'] = array ( 'icq' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -383,12 +457,22 @@ $form["tabs"]['address'] = array ( 1 => array( 'event' => 'SAVE', 'type' => 'TOUPPER'), 2 => array( 'event' => 'SAVE', - 'type' => 'NOWHITESPACE') + 'type' => 'NOWHITESPACE'), + 3 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 4 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') ), ), 'company_id' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -400,6 +484,12 @@ $form["tabs"]['address'] = array ( 'bank_account_owner' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -411,6 +501,12 @@ $form["tabs"]['address'] = array ( 'bank_account_number' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -422,6 +518,12 @@ $form["tabs"]['address'] = array ( 'bank_code' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -433,6 +535,12 @@ $form["tabs"]['address'] = array ( 'bank_name' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -456,7 +564,11 @@ $form["tabs"]['address'] = array ( 1 => array( 'event' => 'SAVE', 'type' => 'TOUPPER'), 2 => array( 'event' => 'SAVE', - 'type' => 'NOWHITESPACE') + 'type' => 'NOWHITESPACE'), + 3 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 4 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') ), ), 'bank_account_swift' => array ( @@ -474,12 +586,20 @@ $form["tabs"]['address'] = array ( 1 => array( 'event' => 'SAVE', 'type' => 'TOUPPER'), 2 => array( 'event' => 'SAVE', - 'type' => 'NOWHITESPACE') + 'type' => 'NOWHITESPACE'), + 3 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 4 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') ), ), 'notes' => array ( 'datatype' => 'TEXT', 'formtype' => 'TEXTAREA', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS') + ), 'default' => '', 'value' => '', 'separator' => '', @@ -536,6 +656,12 @@ $form["tabs"]['address'] = array ( 'added_by' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => $_SESSION['s']['user']['username'], 'value' => '', 'separator' => '', diff --git a/interface/web/client/list/client_circle.list.php b/interface/web/client/list/client_circle.list.php index 56085c4c366858aff2b2361b9306610cf728b054..292b0d679720c570a5c649f56aa1b2775a7a4af1 100644 --- a/interface/web/client/list/client_circle.list.php +++ b/interface/web/client/list/client_circle.list.php @@ -63,7 +63,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "circle_name", 'datatype' => "VARCHAR", diff --git a/interface/web/client/reseller_edit.php b/interface/web/client/reseller_edit.php index 8ab091ef4d03517e9bec09940a07c3aeb18575ee..7a84be525300ccedf01d95ce1f7aacacf8368fe7 100644 --- a/interface/web/client/reseller_edit.php +++ b/interface/web/client/reseller_edit.php @@ -127,6 +127,7 @@ class page_action extends tform_actions { $tpls = $app->db->queryAllRecords($sql); $option = ''; $tpl = array(); + $tpls = $app->functions->htmlentities($tpls); foreach($tpls as $item){ $option .= ''; $tpl[$item['template_id']] = $item['template_name']; @@ -148,7 +149,7 @@ class page_action extends tform_actions { $tmp->id = $item['assigned_template_id']; $tmp->data = ''; $app->plugin->raiseEvent('get_client_template_details', $tmp); - if($tmp->data != '') $text .= '
' . $tmp->data . ''; + if($tmp->data != '') $text .= '
' . $app->functions->htmlentities($tmp->data) . ''; $text .= ''; $items[] = $item['assigned_template_id'] . ':' . $item['client_template_id']; diff --git a/interface/web/client/templates/clients_list.htm b/interface/web/client/templates/clients_list.htm index 644c770d34fed953d62bb5b91294f52b879a52c1..25d0dfcaf3554562d5b87103f7e75863b578237c 100644 --- a/interface/web/client/templates/clients_list.htm +++ b/interface/web/client/templates/clients_list.htm @@ -33,7 +33,7 @@ - + diff --git a/interface/web/client/templates/resellers_list.htm b/interface/web/client/templates/resellers_list.htm index 50a9ec239c326d5a8c6dc1a1230cb0b4e4810ff0..8edfa08546d28bf66201ffde13a3311e7acec7cf 100644 --- a/interface/web/client/templates/resellers_list.htm +++ b/interface/web/client/templates/resellers_list.htm @@ -32,7 +32,7 @@ - + diff --git a/interface/web/dashboard/ajax_get_json.php b/interface/web/dashboard/ajax_get_json.php index 30a668a77f01436b2b818a5e2374444c7c24b115..32fc8912e05ee6c2b91f62783efc667e969c2e49 100644 --- a/interface/web/dashboard/ajax_get_json.php +++ b/interface/web/dashboard/ajax_get_json.php @@ -189,6 +189,7 @@ function _search($module, $section, $additional_sql = '', $params = ''){ $sql = "SELECT * FROM ?? WHERE ".$where_clause.$authsql.$order_clause." LIMIT 0,10"; $results = $app->db->queryAllRecords($sql, $db_table); + $results = $app->functions->htmlentities($results); if(is_array($results) && !empty($results)){ $lng_file = '../'.$module.'/lib/lang/'.$_SESSION['s']['language'].'_'.$section.'.lng'; diff --git a/interface/web/dashboard/dashlets/databasequota.php b/interface/web/dashboard/dashlets/databasequota.php index 6880d780a030be3206ba43678b6b9859dfaf9318..6439cdee1269e2c2d2e4db64eb8d3003a1669f81 100644 --- a/interface/web/dashboard/dashlets/databasequota.php +++ b/interface/web/dashboard/dashlets/databasequota.php @@ -21,6 +21,7 @@ class dashlet_databasequota { $has_databasequota = false; if(is_array($databases) && !empty($databases)){ + $databases = $app->functions->htmlentities($databases); $tpl->setloop('databasequota', $databases); $has_databasequota = isset($databases[0]['used']); } diff --git a/interface/web/dashboard/dashlets/limits.php b/interface/web/dashboard/dashlets/limits.php index 2455da87bdeabd7c4d088f3dbbd5b0bf90ba0c1e..d58c3eb8e0dcd8c7c5e5cd362e3a28e35e816fd0 100644 --- a/interface/web/dashboard/dashlets/limits.php +++ b/interface/web/dashboard/dashlets/limits.php @@ -154,6 +154,7 @@ class dashlet_limits { 'percentage' => $percentage); } } + $rows = $app->functions->htmlentities($rows); $tpl->setLoop('rows', $rows); diff --git a/interface/web/dashboard/dashlets/mailquota.php b/interface/web/dashboard/dashlets/mailquota.php index 27b8333775d9989af87f255fed8b7c727e77fb1e..4629d6a4630c23bea7fe6d71a3846ca76667da6d 100644 --- a/interface/web/dashboard/dashlets/mailquota.php +++ b/interface/web/dashboard/dashlets/mailquota.php @@ -21,6 +21,8 @@ class dashlet_mailquota { $has_mailquota = false; if(is_array($emails) && !empty($emails)){ + // email username is quoted in quota.lib already, so no htmlentities here to prevent double encoding + //$emails = $app->functions->htmlentities($emails); $tpl->setloop('mailquota', $emails); $has_mailquota = isset($emails[0]['used']); } diff --git a/interface/web/dashboard/dashlets/quota.php b/interface/web/dashboard/dashlets/quota.php index a72e1fd23772c692923083a45943695094f07955..6ff975b6235f368a14597ac72d5d461ff19d83f2 100644 --- a/interface/web/dashboard/dashlets/quota.php +++ b/interface/web/dashboard/dashlets/quota.php @@ -21,6 +21,7 @@ class dashlet_quota { $has_quota = false; if(is_array($sites) && !empty($sites)){ + $sites = $app->functions->htmlentities($sites); $tpl->setloop('quota', $sites); $has_quota = isset($sites[0]['used']); } diff --git a/interface/web/dns/dns_import.php b/interface/web/dns/dns_import.php index 814db71db852522aa269ccd7d979ccfff1ef8af3..fb66b7b176ae6392add54894cab364f0b3d6fbe1 100644 --- a/interface/web/dns/dns_import.php +++ b/interface/web/dns/dns_import.php @@ -102,6 +102,7 @@ if($_SESSION['s']['user']['typ'] == 'admin') { // load the list of clients $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name"; $clients = $app->db->queryAllRecords($sql); + $clients = $app->functions->htmlentities($clients); $client_select = ''; if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= ""; if(is_array($clients)) { @@ -119,11 +120,12 @@ if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSIO // Get the limits of the client $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); - + $client = $app->functions->htmlentities($client); // load the list of clients $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name"; $clients = $app->db->queryAllRecords($sql, $client['client_id']); + $clients = $app->functions->htmlentities($clients); $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']); $client_select = ''; if(is_array($clients)) { diff --git a/interface/web/dns/dns_slave_edit.php b/interface/web/dns/dns_slave_edit.php index 44103608eb4cc7754296237dfacef777fbfd9d64..4d588ef8e032ab1e0bfd3ae270aacb6bc8292d85 100644 --- a/interface/web/dns/dns_slave_edit.php +++ b/interface/web/dns/dns_slave_edit.php @@ -85,6 +85,7 @@ class page_action extends tform_actions { // Getting Domains of the user $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name"; $clients = $app->db->queryAllRecords($sql); + $clients = $app->functions->htmlentities($clients); $client_select = ''; if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= ""; //$tmp_data_record = $app->tform->getDataRecord($this->id); @@ -100,10 +101,12 @@ class page_action extends tform_actions { // Get the limits of the client $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); $client = $app->db->queryOneRecord("SELECT client.client_id, sys_group.name, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); + $client = $app->functions->htmlentities($client); // Fill the client select field $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name"; $clients = $app->db->queryAllRecords($sql, $client['client_id']); + $clients = $app->functions->htmlentities($clients); $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']); $client_select = ''; //$tmp_data_record = $app->tform->getDataRecord($this->id); diff --git a/interface/web/dns/dns_soa_edit.php b/interface/web/dns/dns_soa_edit.php index 8997146bb6a707ab75624a48458ccdf5699ec9eb..6faefac3903ec588d400fa2b8bb48e69a612ac35 100644 --- a/interface/web/dns/dns_soa_edit.php +++ b/interface/web/dns/dns_soa_edit.php @@ -107,6 +107,7 @@ class page_action extends tform_actions { // Getting Domains of the user $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name"; $clients = $app->db->queryAllRecords($sql); + $clients = $app->functions->htmlentities($clients); $client_select = ''; if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= ""; //$tmp_data_record = $app->tform->getDataRecord($this->id); @@ -122,10 +123,12 @@ class page_action extends tform_actions { // Get the limits of the client $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); - + $client = $app->functions->htmlentities($client); + // Fill the client select field $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name"; $clients = $app->db->queryAllRecords($sql, $client['client_id']); + $clients = $app->functions->htmlentities($clients); $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']); $client_select = ''; //$tmp_data_record = $app->tform->getDataRecord($this->id); diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php index e163e4eeab5d33e68799c5d4720d94f52b747005..0e955bee09044a9a339b90ea74b631b0ff619db3 100644 --- a/interface/web/dns/dns_wizard.php +++ b/interface/web/dns/dns_wizard.php @@ -102,6 +102,7 @@ if($_SESSION['s']['user']['typ'] == 'admin') { // load the list of clients $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name"; $clients = $app->db->queryAllRecords($sql); + $clients = $app->functions->htmlentities($clients); $client_select = ''; if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= ""; if(is_array($clients)) { @@ -120,12 +121,13 @@ if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSIO // Get the limits of the client $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); - + $client = $app->functions->htmlentities($client); if ($domains_settings['use_domain_module'] != 'y') { // load the list of clients $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name"; $clients = $app->db->queryAllRecords($sql, $client['client_id']); + $clients = $app->functions->htmlentities($clients); $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']); $client_select = ''; if(is_array($clients)) { diff --git a/interface/web/dns/form/dns_soa.tform.php b/interface/web/dns/form/dns_soa.tform.php index d76c403447c9224baa6062c561481318a5564786..910b2e6bb304f04ef16ca678f8ae3838ed857ea3 100644 --- a/interface/web/dns/form/dns_soa.tform.php +++ b/interface/web/dns/form/dns_soa.tform.php @@ -253,6 +253,12 @@ $form["tabs"]['dns_soa'] = array ( 'update_acl' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -273,6 +279,10 @@ $form["tabs"]['dns_soa'] = array ( 'dnssec_info' => array ( 'datatype' => 'TEXT', 'formtype' => 'TEXTAREA', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS') + ), 'default' => '', 'value' => '', 'width' => '30', diff --git a/interface/web/dns/list/dns_a.list.php b/interface/web/dns/list/dns_a.list.php index b65fdf677cc5b4559fa0b063ef5874ef7c1b8946..748bc405d82072d25aa4183b2259368c04f58ed2 100644 --- a/interface/web/dns/list/dns_a.list.php +++ b/interface/web/dns/list/dns_a.list.php @@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('Y' => "
".$app->lng('yes_txt')."
", 'N' => "
".$app->lng('no_txt')."
")); + 'value' => array('Y' => $app->lng('yes_txt'), 'N' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "server_id", diff --git a/interface/web/dns/list/dns_slave.list.php b/interface/web/dns/list/dns_slave.list.php index 529a18966283063ff5e6fae67454ee3768ad62f9..de0fd3a211191fc3c7e8f00446d5de7e49e9dc7c 100644 --- a/interface/web/dns/list/dns_slave.list.php +++ b/interface/web/dns/list/dns_slave.list.php @@ -59,7 +59,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('Y' => "
".$app->lng('yes_txt')."
", 'N' => "
".$app->lng('no_txt')."
")); + 'value' => array('Y' => $app->lng('yes_txt'), 'N' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "server_id", diff --git a/interface/web/dns/list/dns_soa.list.php b/interface/web/dns/list/dns_soa.list.php index 2f4233e066ad6b37478095bbd382806029cb50b3..c08a3802cb29a19abab7b61153a303c7790123fe 100644 --- a/interface/web/dns/list/dns_soa.list.php +++ b/interface/web/dns/list/dns_soa.list.php @@ -59,7 +59,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('Y' => "
".$app->lng('yes_txt')."
", 'N' => "
".$app->lng('no_txt')."
")); + 'value' => array('Y' => $app->lng('yes_txt'), 'N' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "server_id", diff --git a/interface/web/dns/list/dns_template.list.php b/interface/web/dns/list/dns_template.list.php index be5d6934160c223e81dda23fec6399cf32cf6205..534f3eb77d44c93dd365399067bc008f1e58997e 100644 --- a/interface/web/dns/list/dns_template.list.php +++ b/interface/web/dns/list/dns_template.list.php @@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "visible", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('Y' => "
".$app->lng('yes_txt')."
", 'N' => "
".$app->lng('no_txt')."
")); + 'value' => array('Y' => $app->lng('yes_txt'), 'N' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "name", diff --git a/interface/web/help/form/faq_sections.tform.php b/interface/web/help/form/faq_sections.tform.php index 1a1076876ee720b2ce11ee564377db65ad96b5ae..86c9520f150464fc3e96845f5bfab287b3a917a0 100644 --- a/interface/web/help/form/faq_sections.tform.php +++ b/interface/web/help/form/faq_sections.tform.php @@ -63,6 +63,12 @@ $form['tabs']['message'] = array( 'errmsg'=> 'subject_is_empty' ), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', diff --git a/interface/web/help/form/support_message.tform.php b/interface/web/help/form/support_message.tform.php index d80cc158157afa3f8aa6b79fc97dddad9b76a546..caf1a010c60b355acf77a6e79eaca63556bd3bc9 100644 --- a/interface/web/help/form/support_message.tform.php +++ b/interface/web/help/form/support_message.tform.php @@ -100,6 +100,12 @@ $form["tabs"]['message'] = array ( 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'subject_is_empty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => $sm_default_subject, 'value' => '', 'width' => '30', @@ -111,6 +117,10 @@ $form["tabs"]['message'] = array ( 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'message_is_empty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS') + ), 'default' => '', 'value' => '', 'cols' => '30', diff --git a/interface/web/mail/backup_stats.php b/interface/web/mail/backup_stats.php index ec32d35f8e3955c137c15974c4a8b71f4344c7db..1317326573491aca4882b27dad7684bf1891ca1a 100644 --- a/interface/web/mail/backup_stats.php +++ b/interface/web/mail/backup_stats.php @@ -22,9 +22,9 @@ class list_action extends listform_actions { $rec = parent::prepareDataRow($rec); - $rec['active'] = "
Yes
"; + $rec['active'] = "Yes"; if ($rec['backup_interval'] === 'none') { - $rec['active'] = "
No
"; + $rec['active'] = "No"; $rec['backup_copies'] = 0; } $recBackup = $app->db->queryOneRecord('SELECT COUNT(backup_id) AS backup_count FROM mail_backup WHERE mailuser_id = ?', $rec['mailuser_id']); diff --git a/interface/web/mail/form/mail_aliasdomain.tform.php b/interface/web/mail/form/mail_aliasdomain.tform.php index 64c5992483e7f78cc514ec9bd7c67f812f3e1e0e..66db01e5aa51c5823670826acae8398372239036 100644 --- a/interface/web/mail/form/mail_aliasdomain.tform.php +++ b/interface/web/mail/form/mail_aliasdomain.tform.php @@ -103,7 +103,11 @@ $form["tabs"]['alias'] = array ( 1 => array( 'event' => 'SHOW', 'type' => 'IDNTOUTF8'), 2 => array( 'event' => 'SAVE', - 'type' => 'TOLOWER') + 'type' => 'TOLOWER'), + 3 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 4 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') ), 'default' => '', 'value' => '', diff --git a/interface/web/mail/form/mail_blacklist.tform.php b/interface/web/mail/form/mail_blacklist.tform.php index f0b35d21cec335be34b0cb205ab7e6bacd428ba2..8b268147fb0a18301d33da51722729f7585187c4 100644 --- a/interface/web/mail/form/mail_blacklist.tform.php +++ b/interface/web/mail/form/mail_blacklist.tform.php @@ -76,6 +76,12 @@ $form["tabs"]['blacklist'] = array ( 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'source_error_notempty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'value' => '', 'width' => '30', 'maxlength' => '255' diff --git a/interface/web/mail/form/mail_forward.tform.php b/interface/web/mail/form/mail_forward.tform.php index 3c891506b9e69a64abb916c9ddd3662bea4b6730..260d953982778b81ccc453b926e398f84b52f3e0 100644 --- a/interface/web/mail/form/mail_forward.tform.php +++ b/interface/web/mail/form/mail_forward.tform.php @@ -98,7 +98,11 @@ $form["tabs"]['forward'] = array ( 1 => array( 'event' => 'SHOW', 'type' => 'IDNTOUTF8'), 2 => array( 'event' => 'SAVE', - 'type' => 'TOLOWER') + 'type' => 'TOLOWER'), + 3 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 4 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') ), 'default' => '', 'value' => '', diff --git a/interface/web/mail/form/mail_get.tform.php b/interface/web/mail/form/mail_get.tform.php index 4521e4002882f1ad6c9902f7740bc029da282149..9f7de76e013273ad615082307b38f2b518c4a09b 100644 --- a/interface/web/mail/form/mail_get.tform.php +++ b/interface/web/mail/form/mail_get.tform.php @@ -109,6 +109,12 @@ $form["tabs"]['mailget'] = array ( 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'source_username_error_isempty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', diff --git a/interface/web/mail/form/mail_mailinglist.tform.php b/interface/web/mail/form/mail_mailinglist.tform.php index 24c4f003c9ef4f9ebff5f3cc1c4269b13dbcfb11..ba877f410cec3f6c57b4dbe571d2691c9f905d46 100644 --- a/interface/web/mail/form/mail_mailinglist.tform.php +++ b/interface/web/mail/form/mail_mailinglist.tform.php @@ -104,6 +104,12 @@ $form["tabs"]['mailinglist'] = array ( 1 => array ( 'type' => 'UNIQUE', 'errmsg'=> 'listname_error_unique'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', diff --git a/interface/web/mail/form/mail_relay_recipient.tform.php b/interface/web/mail/form/mail_relay_recipient.tform.php index 4c5b2b1db1656d4fcad9531f45f216733bf997f7..34c23861e47fbfd5f8b01fded64c9f62f643c4b4 100644 --- a/interface/web/mail/form/mail_relay_recipient.tform.php +++ b/interface/web/mail/form/mail_relay_recipient.tform.php @@ -76,6 +76,12 @@ $form["tabs"]['relay_recipient'] = array ( 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'source_error_notempty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'value' => '', 'width' => '30', 'maxlength' => '255' @@ -83,6 +89,12 @@ $form["tabs"]['relay_recipient'] = array ( 'access' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => 'OK', 'value' => 'OK', 'width' => '30', diff --git a/interface/web/mail/form/mail_spamfilter.tform.php b/interface/web/mail/form/mail_spamfilter.tform.php index fe3f6c0f2695f6f77e3f94105fd10dd60e546a06..fb9a3c311be5679cc1f2d963cf4e16d00da2ceca 100644 --- a/interface/web/mail/form/mail_spamfilter.tform.php +++ b/interface/web/mail/form/mail_spamfilter.tform.php @@ -108,6 +108,12 @@ $form["tabs"]['spamfilter'] = array ( 'spam_rewrite_subject' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '***SPAM***', 'value' => '', 'width' => '30', diff --git a/interface/web/mail/form/mail_transport.tform.php b/interface/web/mail/form/mail_transport.tform.php index 000584246bbd0b8999832707ab5360732ab4cdb9..ee3c52b447d311cf742977a6d558b7754c042a7e 100644 --- a/interface/web/mail/form/mail_transport.tform.php +++ b/interface/web/mail/form/mail_transport.tform.php @@ -82,7 +82,11 @@ $form["tabs"]['transport'] = array ( 1 => array( 'event' => 'SHOW', 'type' => 'IDNTOUTF8'), 2 => array( 'event' => 'SAVE', - 'type' => 'TOLOWER') + 'type' => 'TOLOWER'), + 3 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 4 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') ), 'default' => '', 'value' => '', @@ -93,6 +97,12 @@ $form["tabs"]['transport'] = array ( 'transport' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', diff --git a/interface/web/mail/form/mail_user.tform.php b/interface/web/mail/form/mail_user.tform.php index 7ba56888292636c3e9016a6497ccb22e3ae08ac9..631c507f900be8866843cb02c9d2bb509fcea648 100644 --- a/interface/web/mail/form/mail_user.tform.php +++ b/interface/web/mail/form/mail_user.tform.php @@ -144,6 +144,12 @@ $form["tabs"]['mailuser'] = array( 'name' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -205,6 +211,12 @@ $form["tabs"]['mailuser'] = array( 'maildir' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -213,6 +225,12 @@ $form["tabs"]['mailuser'] = array( 'maildir_format' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -221,6 +239,12 @@ $form["tabs"]['mailuser'] = array( 'homedir' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -304,6 +328,12 @@ if ($global_config['mail']['mailbox_show_autoresponder_tab'] === 'y') { 'autoresponder_subject' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => 'Out of office reply', 'value' => '', 'width' => '30', @@ -312,6 +342,10 @@ if ($global_config['mail']['mailbox_show_autoresponder_tab'] === 'y') { 'autoresponder_text' => array ( 'datatype' => 'TEXT', 'formtype' => 'TEXTAREA', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS') + ), 'default' => '', 'value' => '', 'cols' => '30', diff --git a/interface/web/mail/form/mail_user_filter.tform.php b/interface/web/mail/form/mail_user_filter.tform.php index d5f6a0ab5bd719bf0de027a2f86f297c68c04759..becb09351e869b3e4e3ccfd73ab635a1de40beff 100644 --- a/interface/web/mail/form/mail_user_filter.tform.php +++ b/interface/web/mail/form/mail_user_filter.tform.php @@ -73,6 +73,12 @@ $form["tabs"]['filter'] = array ( 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'rulename_error_empty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -97,6 +103,10 @@ $form["tabs"]['filter'] = array ( 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'searchterm_is_empty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', diff --git a/interface/web/mail/form/mail_whitelist.tform.php b/interface/web/mail/form/mail_whitelist.tform.php index ce8f954e5be9b6510144d7cdff0d578bd258702c..00fc971647ef9c87fea815e4f2fb958d03f182c0 100644 --- a/interface/web/mail/form/mail_whitelist.tform.php +++ b/interface/web/mail/form/mail_whitelist.tform.php @@ -76,6 +76,12 @@ $form["tabs"]['whitelist'] = array ( 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'source_error_notempty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'value' => '', 'width' => '30', 'maxlength' => '255' @@ -83,6 +89,12 @@ $form["tabs"]['whitelist'] = array ( 'access' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => 'OK', 'value' => 'OK', 'width' => '30', diff --git a/interface/web/mail/form/spamfilter_blacklist.tform.php b/interface/web/mail/form/spamfilter_blacklist.tform.php index a6637473eba94f8dee3374506326d1c161858fee..3514eed4344fa049149bc32ec96d9dd40addffb9 100644 --- a/interface/web/mail/form/spamfilter_blacklist.tform.php +++ b/interface/web/mail/form/spamfilter_blacklist.tform.php @@ -72,6 +72,12 @@ $form["tabs"]['blacklist'] = array ( 'wb' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => 'B', 'value' => array('W' => 'blacklist', 'B' => 'Blacklist') ), @@ -90,6 +96,17 @@ $form["tabs"]['blacklist'] = array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', 'default' => '', + 'filters' => array( 0 => array( 'event' => 'SAVE', + 'type' => 'IDNTOASCII'), + 1 => array( 'event' => 'SHOW', + 'type' => 'IDNTOUTF8'), + 2 => array( 'event' => 'SAVE', + 'type' => 'TOLOWER'), + 3 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 4 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'email_error_notempty'), ), diff --git a/interface/web/mail/form/spamfilter_policy.tform.php b/interface/web/mail/form/spamfilter_policy.tform.php index da63732c80a24a3a5e6695980c9fcc767e4bb09b..31e8b8092a0833023f677dc7ea9a6ccef7e40a0a 100644 --- a/interface/web/mail/form/spamfilter_policy.tform.php +++ b/interface/web/mail/form/spamfilter_policy.tform.php @@ -65,6 +65,12 @@ $form["tabs"]['policy'] = array ( 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'policyname_error_notempty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'value' => '', 'width' => '30', 'maxlength' => '255' @@ -129,6 +135,12 @@ $form["tabs"]['quarantine'] = array ( 'virus_quarantine_to' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -137,6 +149,12 @@ $form["tabs"]['quarantine'] = array ( 'spam_quarantine_to' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -145,6 +163,12 @@ $form["tabs"]['quarantine'] = array ( 'banned_quarantine_to' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -153,6 +177,12 @@ $form["tabs"]['quarantine'] = array ( 'bad_header_quarantine_to' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -161,6 +191,12 @@ $form["tabs"]['quarantine'] = array ( 'clean_quarantine_to' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -169,6 +205,12 @@ $form["tabs"]['quarantine'] = array ( 'other_quarantine_to' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -237,6 +279,12 @@ $form["tabs"]['taglevel'] = array ( 'spam_subject_tag' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -245,6 +293,12 @@ $form["tabs"]['taglevel'] = array ( 'spam_subject_tag2' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -268,6 +322,12 @@ $form["tabs"]['other'] = array ( 'addr_extension_virus' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -276,6 +336,12 @@ $form["tabs"]['other'] = array ( 'addr_extension_spam' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -284,6 +350,12 @@ $form["tabs"]['other'] = array ( 'addr_extension_banned' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -292,6 +364,12 @@ $form["tabs"]['other'] = array ( 'addr_extension_bad_header' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -318,6 +396,12 @@ $form["tabs"]['other'] = array ( 'newvirus_admin' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -326,6 +410,12 @@ $form["tabs"]['other'] = array ( 'virus_admin' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -334,6 +424,12 @@ $form["tabs"]['other'] = array ( 'banned_admin' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -342,6 +438,12 @@ $form["tabs"]['other'] = array ( 'bad_header_admin' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -350,6 +452,12 @@ $form["tabs"]['other'] = array ( 'spam_admin' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -367,6 +475,12 @@ $form["tabs"]['other'] = array ( 'banned_rulenames' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', diff --git a/interface/web/mail/form/spamfilter_users.tform.php b/interface/web/mail/form/spamfilter_users.tform.php index 0eba0bbefbcc228b29b4f5102f49122b0bd4eb0a..1ed9e54b0d86c66d34c71dcc9fc5acea9122daf8 100644 --- a/interface/web/mail/form/spamfilter_users.tform.php +++ b/interface/web/mail/form/spamfilter_users.tform.php @@ -91,7 +91,11 @@ $form["tabs"]['users'] = array ( 'formtype' => 'TEXT', 'default' => '', 'filters' => array( 0 => array( 'event' => 'SAVE', - 'type' => 'TOLOWER') + 'type' => 'TOLOWER'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 2 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') ), 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'email_error_notempty'), @@ -107,6 +111,12 @@ $form["tabs"]['users'] = array ( 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'fullname_error_notempty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'value' => '', 'width' => '30', 'maxlength' => '255' diff --git a/interface/web/mail/form/spamfilter_whitelist.tform.php b/interface/web/mail/form/spamfilter_whitelist.tform.php index 5f8a176be715b1e60e14da5d799a6f8fadb7d4e1..f0802fa4912c2e8f298f221e3387470f963bc0f8 100644 --- a/interface/web/mail/form/spamfilter_whitelist.tform.php +++ b/interface/web/mail/form/spamfilter_whitelist.tform.php @@ -72,6 +72,12 @@ $form["tabs"]['whitelist'] = array ( 'wb' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => 'W', 'value' => array('W' => 'Whitelist', 'B' => 'Blacklist') ), @@ -95,7 +101,11 @@ $form["tabs"]['whitelist'] = array ( 1 => array( 'event' => 'SHOW', 'type' => 'IDNTOUTF8'), 2 => array( 'event' => 'SAVE', - 'type' => 'TOLOWER') + 'type' => 'TOLOWER'), + 3 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 4 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') ), 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'email_error_notempty'), diff --git a/interface/web/mail/form/xmpp_domain.tform.php b/interface/web/mail/form/xmpp_domain.tform.php index 095c72fba2317415284885be53849b5fa03f02c8..bbe694f9fd389fe24d741fb02c739e3a1b40362d 100644 --- a/interface/web/mail/form/xmpp_domain.tform.php +++ b/interface/web/mail/form/xmpp_domain.tform.php @@ -139,12 +139,22 @@ $form["tabs"]['domain'] = array ( 'registration_message' => array( 'datatype' => 'TEXT', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS') + ), 'default' => "", 'value' => '' ), 'domain_admins' => array( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '15', diff --git a/interface/web/mail/list/mail_alias.list.php b/interface/web/mail/list/mail_alias.list.php index 044fc84baad24b5db048730d34730f0327cb1091..97716401f12097e3b50292e733e57a5a34dd9a84 100644 --- a/interface/web/mail/list/mail_alias.list.php +++ b/interface/web/mail/list/mail_alias.list.php @@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "source", diff --git a/interface/web/mail/list/mail_aliasdomain.list.php b/interface/web/mail/list/mail_aliasdomain.list.php index b97d265e48345287c2f8ee15138e3dfcf37d30cd..b2cb315394b30b98962ac2030c61d05901b78a77 100644 --- a/interface/web/mail/list/mail_aliasdomain.list.php +++ b/interface/web/mail/list/mail_aliasdomain.list.php @@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "source", diff --git a/interface/web/mail/list/mail_blacklist.list.php b/interface/web/mail/list/mail_blacklist.list.php index 45a3a9987c05d1cd219add6014a9b51fe80776a0..a2f3997fd7aaa5c080c8d1072aca29030c08659f 100644 --- a/interface/web/mail/list/mail_blacklist.list.php +++ b/interface/web/mail/list/mail_blacklist.list.php @@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); diff --git a/interface/web/mail/list/mail_content_filter.list.php b/interface/web/mail/list/mail_content_filter.list.php index c585a1601a0ad602a173b2dc70365a3023cdef4c..53767a153c40911ff5b90fe122ae8492d2d09a68 100644 --- a/interface/web/mail/list/mail_content_filter.list.php +++ b/interface/web/mail/list/mail_content_filter.list.php @@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); diff --git a/interface/web/mail/list/mail_domain.list.php b/interface/web/mail/list/mail_domain.list.php index 7946f4c51ab4fa375c38f4b9f4859567e05f89fe..5304ab622665fee3f185ed303cc033953cafb712 100644 --- a/interface/web/mail/list/mail_domain.list.php +++ b/interface/web/mail/list/mail_domain.list.php @@ -59,7 +59,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); if($_SESSION['s']['user']['typ'] == 'admin') { diff --git a/interface/web/mail/list/mail_domain_catchall.list.php b/interface/web/mail/list/mail_domain_catchall.list.php index e2aa2d63aa28913e1e0b630157e26fa714000c7b..0f179ead7707b4c8ede24ed3b6fddac9295ab748 100644 --- a/interface/web/mail/list/mail_domain_catchall.list.php +++ b/interface/web/mail/list/mail_domain_catchall.list.php @@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "source", diff --git a/interface/web/mail/list/mail_forward.list.php b/interface/web/mail/list/mail_forward.list.php index bd334d74347eaf01b4814a44032a9e33c82c9884..decf14c37eb0ed3525fbf72e87339902c1935160 100644 --- a/interface/web/mail/list/mail_forward.list.php +++ b/interface/web/mail/list/mail_forward.list.php @@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "source", diff --git a/interface/web/mail/list/mail_get.list.php b/interface/web/mail/list/mail_get.list.php index 3163f4e10867ba4040ba51ea7d0d232b248d65a7..0a8c0dcc88332f2631a64b189afc865a18b715de 100644 --- a/interface/web/mail/list/mail_get.list.php +++ b/interface/web/mail/list/mail_get.list.php @@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "server_id", diff --git a/interface/web/mail/list/mail_relay_recipient.list.php b/interface/web/mail/list/mail_relay_recipient.list.php index 3e3fd91012c5235c3faf89148c68f2fddf0e8c0b..af00d7c90c633cdb5d451f2e0a9c6a43b63be485 100644 --- a/interface/web/mail/list/mail_relay_recipient.list.php +++ b/interface/web/mail/list/mail_relay_recipient.list.php @@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "server_id", diff --git a/interface/web/mail/list/mail_spamfilter.list.php b/interface/web/mail/list/mail_spamfilter.list.php index f1f4e612c28576d84c12cb9c4a1411e3c4afb278..09d3292bc73289677011f0d9112f38dbabacdc43 100644 --- a/interface/web/mail/list/mail_spamfilter.list.php +++ b/interface/web/mail/list/mail_spamfilter.list.php @@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('1' => "
".$app->lng('yes_txt')."
", '0' => "
".$app->lng('no_txt')."
")); + 'value' => array('1' => $app->lng('yes_txt'), '0' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "server_id", diff --git a/interface/web/mail/list/mail_transport.list.php b/interface/web/mail/list/mail_transport.list.php index 9124b937fdc7504e676c50d5531c2bf55c7aa3d9..3dd87e17105e129c109dd3562580f38f5ae4ddcb 100644 --- a/interface/web/mail/list/mail_transport.list.php +++ b/interface/web/mail/list/mail_transport.list.php @@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "server_id", diff --git a/interface/web/mail/list/mail_user.list.php b/interface/web/mail/list/mail_user.list.php index 1c56140cb24e0a685472df6fe430d1ad323027c9..4513a516c910cb05cdc6bb7d36388240e7afe818 100644 --- a/interface/web/mail/list/mail_user.list.php +++ b/interface/web/mail/list/mail_user.list.php @@ -87,7 +87,7 @@ $liste["item"][] = array( 'field' => "autoresponder", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "postfix", 'datatype' => "VARCHAR", @@ -96,7 +96,7 @@ $liste["item"][] = array( 'field' => "postfix", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "disablesmtp", 'datatype' => "VARCHAR", @@ -105,7 +105,7 @@ $liste["item"][] = array( 'field' => "disablesmtp", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('n' => "
".$app->lng('yes_txt')."
", 'y' => "
".$app->lng('no_txt')."
")); + 'value' => array('n' => $app->lng('yes_txt'), 'y' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "disableimap", 'datatype' => "VARCHAR", @@ -114,7 +114,7 @@ $liste["item"][] = array( 'field' => "disableimap", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('n' => "
".$app->lng('yes_txt')."
", 'y' => "
".$app->lng('no_txt')."
")); + 'value' => array('n' => $app->lng('yes_txt'), 'y' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "disablepop3", 'datatype' => "VARCHAR", @@ -123,6 +123,6 @@ $liste["item"][] = array( 'field' => "disablepop3", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('n' => "
".$app->lng('yes_txt')."
", 'y' => "
".$app->lng('no_txt')."
")); + 'value' => array('n' => $app->lng('yes_txt'), 'y' => $app->lng('no_txt'))); ?> diff --git a/interface/web/mail/list/mail_whitelist.list.php b/interface/web/mail/list/mail_whitelist.list.php index 321db859926c97488e78759ed44c7ce1ab2bd4f6..e27edad6dabee79f085dc64b67a96eabad31723c 100644 --- a/interface/web/mail/list/mail_whitelist.list.php +++ b/interface/web/mail/list/mail_whitelist.list.php @@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "server_id", diff --git a/interface/web/mail/list/spamfilter_blacklist.list.php b/interface/web/mail/list/spamfilter_blacklist.list.php index b4be804fbe4f15dea44aa13516661f90f0411e76..33e0b433a3e43d9d19964e85dcb92ae85aaaf2b6 100644 --- a/interface/web/mail/list/spamfilter_blacklist.list.php +++ b/interface/web/mail/list/spamfilter_blacklist.list.php @@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "server_id", diff --git a/interface/web/mail/list/spamfilter_policy.list.php b/interface/web/mail/list/spamfilter_policy.list.php index e7e0def6824b13163a662eb6b481cdba70b8caf0..646a45c87044ee700126ff2e07cef8d580886138 100644 --- a/interface/web/mail/list/spamfilter_policy.list.php +++ b/interface/web/mail/list/spamfilter_policy.list.php @@ -65,7 +65,7 @@ $liste["item"][] = array( 'field' => "virus_lover", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('Y' => "
".$app->lng('yes_txt')."
", 'N' => "
".$app->lng('no_txt')."
")); + 'value' => array('Y' => $app->lng('yes_txt'), 'N' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "spam_lover", @@ -75,7 +75,7 @@ $liste["item"][] = array( 'field' => "spam_lover", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('Y' => "
".$app->lng('yes_txt')."
", 'N' => "
".$app->lng('no_txt')."
")); + 'value' => array('Y' => $app->lng('yes_txt'), 'N' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "banned_files_lover", @@ -85,7 +85,7 @@ $liste["item"][] = array( 'field' => "banned_files_lover", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('Y' => "
".$app->lng('yes_txt')."
", 'N' => "
".$app->lng('no_txt')."
")); + 'value' => array('Y' => $app->lng('yes_txt'), 'N' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "bad_header_lover", @@ -95,7 +95,7 @@ $liste["item"][] = array( 'field' => "bad_header_lover", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('Y' => "
".$app->lng('yes_txt')."
", 'N' => "
".$app->lng('no_txt')."
")); + 'value' => array('Y' => $app->lng('yes_txt'), 'N' => $app->lng('no_txt'))); diff --git a/interface/web/mail/list/spamfilter_users.list.php b/interface/web/mail/list/spamfilter_users.list.php index e9d703b94295eba400fded746be7ca93c8493847..d952640283469e8e5aa95459e04c35d4e1a0dd76 100644 --- a/interface/web/mail/list/spamfilter_users.list.php +++ b/interface/web/mail/list/spamfilter_users.list.php @@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "local", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('Y' => "
".$app->lng('yes_txt')."
", 'N' => "
".$app->lng('no_txt')."
")); + 'value' => array('Y' => $app->lng('yes_txt'), 'N' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "server_id", diff --git a/interface/web/mail/list/spamfilter_whitelist.list.php b/interface/web/mail/list/spamfilter_whitelist.list.php index 713187e0080c220ca31981df73a46fa9eaa45d59..0cd3333e6963e5b7caf43c9381b40601e53057c5 100644 --- a/interface/web/mail/list/spamfilter_whitelist.list.php +++ b/interface/web/mail/list/spamfilter_whitelist.list.php @@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "server_id", diff --git a/interface/web/mail/list/xmpp_domain.list.php b/interface/web/mail/list/xmpp_domain.list.php index be87ec735ea2387241bbbac6120fa0aed8a135ce..191508db3919a67f8ec480eefc9bda476b068758 100644 --- a/interface/web/mail/list/xmpp_domain.list.php +++ b/interface/web/mail/list/xmpp_domain.list.php @@ -59,7 +59,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); if($_SESSION['s']['user']['typ'] == 'admin') { diff --git a/interface/web/mail/mail_domain_edit.php b/interface/web/mail/mail_domain_edit.php index ad383c474bc7ad45204e48acd7d5592624791a64..7565752bd31c575d38731fe09af55c191ba81c70 100644 --- a/interface/web/mail/mail_domain_edit.php +++ b/interface/web/mail/mail_domain_edit.php @@ -80,6 +80,7 @@ class page_action extends tform_actions { $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name"; $clients = $app->db->queryAllRecords($sql); + $clients = $app->functions->htmlentities($clients); $client_select = ''; if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= ""; //$tmp_data_record = $app->tform->getDataRecord($this->id); @@ -96,6 +97,7 @@ class page_action extends tform_actions { // Get the limits of the client $client_group_id = $_SESSION["s"]["user"]["default_group"]; $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.default_mailserver, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ? order by client.contact_name", $client_group_id); + $client = $app->functions->htmlentities($client); // Set the mailserver to the default server of the client $tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $client['default_mailserver']); @@ -106,6 +108,7 @@ class page_action extends tform_actions { // Fill the client select field $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name"; $clients = $app->db->queryAllRecords($sql, $client['client_id']); + $clients = $app->functions->htmlentities($clients); $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']); $client_select = ''; //$tmp_data_record = $app->tform->getDataRecord($this->id); diff --git a/interface/web/mail/mail_mailinglist_edit.php b/interface/web/mail/mail_mailinglist_edit.php index 5515670734700a4ec1c700085dadd0eb073df24e..1419627529253adf23bba5bdfb5f00ba0de749d5 100644 --- a/interface/web/mail/mail_mailinglist_edit.php +++ b/interface/web/mail/mail_mailinglist_edit.php @@ -74,6 +74,7 @@ class page_action extends tform_actions { // Getting Clients of the user $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name"; $clients = $app->db->queryAllRecords($sql); + $clients = $app->functions->htmlentities($clients); $client_select = ''; if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= ""; $tmp_data_record = $app->tform->getDataRecord($this->id); @@ -90,10 +91,12 @@ class page_action extends tform_actions { // Get the limits of the client $client_group_id = $_SESSION["s"]["user"]["default_group"]; $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.default_mailserver, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ? order by contact_name", $client_group_id); + $client = $app->functions->htmlentities($client); // Fill the client select field $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name"; $clients = $app->db->queryAllRecords($sql, $client['client_id']); + $clients = $app->functions->htmlentities($clients); $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']); $client_select = ''; $tmp_data_record = $app->tform->getDataRecord($this->id); diff --git a/interface/web/mail/xmpp_domain_edit.php b/interface/web/mail/xmpp_domain_edit.php index ec5a5fc11bb67e114f6b77c8ecb65473e1055de3..39132011148a73989d67a73cc7057e234f65bb2d 100644 --- a/interface/web/mail/xmpp_domain_edit.php +++ b/interface/web/mail/xmpp_domain_edit.php @@ -108,6 +108,7 @@ class page_action extends tform_actions { $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name"; $clients = $app->db->queryAllRecords($sql); + $clients = $app->functions->htmlentities($clients); $client_select = ''; if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= ""; //$tmp_data_record = $app->tform->getDataRecord($this->id); @@ -124,11 +125,13 @@ class page_action extends tform_actions { // Get the limits of the client $client_group_id = $_SESSION["s"]["user"]["default_group"]; $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ? order by client.contact_name", $client_group_id); + $client = $app->functions->htmlentities($client); if ($settings['use_domain_module'] != 'y') { // Fill the client select field $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name"; $clients = $app->db->queryAllRecords($sql, $client['client_id']); + $clients = $app->functions->htmlentities($clients); $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']); $client_select = ''; //$tmp_data_record = $app->tform->getDataRecord($this->id); diff --git a/interface/web/mailuser/form/mail_user_autoresponder.tform.php b/interface/web/mailuser/form/mail_user_autoresponder.tform.php index 44ce15cd5c9bc2830c8da3a4305fd6eb617449ad..e642534c13fbf34250aedf51ba88173395857f93 100644 --- a/interface/web/mailuser/form/mail_user_autoresponder.tform.php +++ b/interface/web/mailuser/form/mail_user_autoresponder.tform.php @@ -62,6 +62,12 @@ $form["tabs"]['autoresponder'] = array ( 'autoresponder_subject' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => 'Out of office reply', 'value' => '', 'width' => '30', @@ -70,6 +76,10 @@ $form["tabs"]['autoresponder'] = array ( 'autoresponder_text' => array ( 'datatype' => 'TEXT', 'formtype' => 'TEXTAREA', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS') + ), 'default' => '', 'value' => '', 'cols' => '30', diff --git a/interface/web/sites/backup_stats.php b/interface/web/sites/backup_stats.php index 640b0c17bb925fd5c47c35499739582615826ff6..7a3b81553c79485be472c3c628b88bee35136a2f 100644 --- a/interface/web/sites/backup_stats.php +++ b/interface/web/sites/backup_stats.php @@ -22,9 +22,9 @@ class list_action extends listform_actions { $rec = parent::prepareDataRow($rec); - $rec['active'] = "
Yes
"; + $rec['active'] = "Yes"; if ($rec['backup_interval'] === 'none') { - $rec['active'] = "
No
"; + $rec['active'] = "No"; $rec['backup_copies'] = 0; } diff --git a/interface/web/sites/database_user_edit.php b/interface/web/sites/database_user_edit.php index 5224cc50a8cca00470c69c3800dbbd9b50e61e29..e7bfa611a937be481efde7ae8ba7a8308cbaf01c 100644 --- a/interface/web/sites/database_user_edit.php +++ b/interface/web/sites/database_user_edit.php @@ -87,6 +87,7 @@ class page_action extends tform_actions { // Fill the client select field $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name"; $records = $app->db->queryAllRecords($sql, $client['client_id']); + $records = $app->functions->htmlentities($records); $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']); $client_select = ''; //$tmp_data_record = $app->tform->getDataRecord($this->id); @@ -101,6 +102,7 @@ class page_action extends tform_actions { // Fill the client select field $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name"; $clients = $app->db->queryAllRecords($sql); + $clients = $app->functions->htmlentities($clients); $client_select = ""; //$tmp_data_record = $app->tform->getDataRecord($this->id); if(is_array($clients)) { diff --git a/interface/web/sites/form/web_vhost_domain.tform.php b/interface/web/sites/form/web_vhost_domain.tform.php index 4b709eeda40bd92441e52b167a0bf63201dabb6e..071efbb9a9b18d224d243ee8be78222393a07cf8 100644 --- a/interface/web/sites/form/web_vhost_domain.tform.php +++ b/interface/web/sites/form/web_vhost_domain.tform.php @@ -520,6 +520,12 @@ if($ssl_available) { 'ssl_domain' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -528,6 +534,10 @@ if($ssl_available) { 'ssl_key' => array ( 'datatype' => 'TEXT', 'formtype' => 'TEXTAREA', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS') + ), 'default' => '', 'value' => '', 'cols' => '30', @@ -536,6 +546,10 @@ if($ssl_available) { 'ssl_request' => array ( 'datatype' => 'TEXT', 'formtype' => 'TEXTAREA', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS') + ), 'default' => '', 'value' => '', 'cols' => '30', @@ -544,6 +558,10 @@ if($ssl_available) { 'ssl_cert' => array ( 'datatype' => 'TEXT', 'formtype' => 'TEXTAREA', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS') + ), 'default' => '', 'value' => '', 'cols' => '30', @@ -552,6 +570,10 @@ if($ssl_available) { 'ssl_bundle' => array ( 'datatype' => 'TEXT', 'formtype' => 'TEXTAREA', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS') + ), 'default' => '', 'value' => '', 'cols' => '30', diff --git a/interface/web/sites/form/webdav_user.tform.php b/interface/web/sites/form/webdav_user.tform.php index a1bfd3056d6a7479e20034bbeb913db30849d0a1..8d5c0c561f29b4a33db9da70f05367d5163ec21b 100644 --- a/interface/web/sites/form/webdav_user.tform.php +++ b/interface/web/sites/form/webdav_user.tform.php @@ -130,6 +130,12 @@ $form["tabs"]['webdav'] = array ( 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'directory_error_empty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', diff --git a/interface/web/sites/list/aps_availablepackages.list.php b/interface/web/sites/list/aps_availablepackages.list.php index 812e57fd60782c2392848ae15262430e685c4ad7..9fd19434223308f933b2b6a62171c1964d008aaf 100644 --- a/interface/web/sites/list/aps_availablepackages.list.php +++ b/interface/web/sites/list/aps_availablepackages.list.php @@ -80,7 +80,7 @@ if($_SESSION['s']['user']['typ'] == 'admin') 'prefix' => '', 'suffix' => '', 'width' => '', - 'value' => array(PACKAGE_ENABLED => '
'.$app->lng('Yes').'
', - PACKAGE_LOCKED => '
'.$app->lng('No').'
')); + 'value' => array(PACKAGE_ENABLED => $app->lng('Yes'), + PACKAGE_LOCKED => $app->lng('No'))); } ?> diff --git a/interface/web/sites/list/cron.list.php b/interface/web/sites/list/cron.list.php index 7679a2e1c18c1ae42403242c582ad7472484bc8c..fc8c9691a63181094f68e4b8742eb0725a8c247c 100644 --- a/interface/web/sites/list/cron.list.php +++ b/interface/web/sites/list/cron.list.php @@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "server_id", diff --git a/interface/web/sites/list/database.list.php b/interface/web/sites/list/database.list.php index b4d1196b59067c759fcbbda88bc23b082d8c1733..25e1b8de7f3811e6ef3a7bc51a1d459c445b572e 100644 --- a/interface/web/sites/list/database.list.php +++ b/interface/web/sites/list/database.list.php @@ -59,7 +59,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "remote_access", 'datatype' => "VARCHAR", @@ -68,7 +68,7 @@ $liste["item"][] = array( 'field' => "remote_access", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "type", 'datatype' => "VARCHAR", diff --git a/interface/web/sites/list/ftp_user.list.php b/interface/web/sites/list/ftp_user.list.php index 765740638287838efcb710225aec2c999657104c..20a8a327acb60feaf76877a4da1a085a7ab44267 100644 --- a/interface/web/sites/list/ftp_user.list.php +++ b/interface/web/sites/list/ftp_user.list.php @@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "server_id", diff --git a/interface/web/sites/list/shell_user.list.php b/interface/web/sites/list/shell_user.list.php index 9ea244ed0b2071ccd47cfb29b4b4d55d84fd409d..3f51082d6e99b5446568a084d4a05a2a6f613865 100644 --- a/interface/web/sites/list/shell_user.list.php +++ b/interface/web/sites/list/shell_user.list.php @@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "server_id", diff --git a/interface/web/sites/list/web_childdomain.list.php b/interface/web/sites/list/web_childdomain.list.php index 1e38b24a4152f564031320843db558f8a427f00e..202744e8de522feb60f5a1d23771c3549f27b7a3 100644 --- a/interface/web/sites/list/web_childdomain.list.php +++ b/interface/web/sites/list/web_childdomain.list.php @@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "server_id", diff --git a/interface/web/sites/list/web_folder.list.php b/interface/web/sites/list/web_folder.list.php index fce8cfd1efef57f5d482ef0066514f94c9aa3150..dc2fb0418acddfb631520d186cab114f63d9fac3 100644 --- a/interface/web/sites/list/web_folder.list.php +++ b/interface/web/sites/list/web_folder.list.php @@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "server_id", diff --git a/interface/web/sites/list/web_folder_user.list.php b/interface/web/sites/list/web_folder_user.list.php index c8f078a4be9738581accb3e9d90434379a9f991c..f0a1cd8ad29481f819d212986e09c252da5084b9 100644 --- a/interface/web/sites/list/web_folder_user.list.php +++ b/interface/web/sites/list/web_folder_user.list.php @@ -57,7 +57,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "web_folder_id", diff --git a/interface/web/sites/list/web_vhost_domain.list.php b/interface/web/sites/list/web_vhost_domain.list.php index 1d167a77bc67674a1d2e1e07f406e8c3e99aba8e..e6b0cd25193a601e1e866b88fbc111e49d0ed6d8 100644 --- a/interface/web/sites/list/web_vhost_domain.list.php +++ b/interface/web/sites/list/web_vhost_domain.list.php @@ -78,7 +78,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); if($_SESSION['s']['user']['typ'] == 'admin' && $vhostdomain_type == 'domain') { $liste["item"][] = array( 'field' => "sys_groupid", diff --git a/interface/web/sites/list/webdav_user.list.php b/interface/web/sites/list/webdav_user.list.php index 5d1aeec94a9f82e6857639475d91ecf000904ea6..04b772d15683448d4654fc5cfa18602a19f854b3 100644 --- a/interface/web/sites/list/webdav_user.list.php +++ b/interface/web/sites/list/webdav_user.list.php @@ -55,7 +55,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "server_id", diff --git a/interface/web/sites/templates/web_vhost_domain_list.htm b/interface/web/sites/templates/web_vhost_domain_list.htm index 1ece7aca9ae8837766e0f9b3ca2717425321f4cd..b784f159652e7d51a6a8231c10f4630c7bf3af7f 100644 --- a/interface/web/sites/templates/web_vhost_domain_list.htm +++ b/interface/web/sites/templates/web_vhost_domain_list.htm @@ -41,7 +41,7 @@ - + diff --git a/interface/web/sites/web_vhost_domain_edit.php b/interface/web/sites/web_vhost_domain_edit.php index 82cf226a374ce4858f6f251ac227bd53aad7f085..023f8db0c52938f467b5c3eb5c8ba6d61e9420c5 100644 --- a/interface/web/sites/web_vhost_domain_edit.php +++ b/interface/web/sites/web_vhost_domain_edit.php @@ -290,6 +290,7 @@ class page_action extends tform_actions { } elseif($this->_vhostdomain_type == 'aliasdomain') { $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_aliasdomain, client.web_servers, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); } + $client = $app->functions->htmlentities($client); $client['web_servers_ids'] = explode(',', $client['web_servers']); $only_one_server = count($client['web_servers_ids']) === 1; @@ -326,6 +327,7 @@ class page_action extends tform_actions { // Fill the client select field $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name"; $records = $app->db->queryAllRecords($sql, $client['client_id']); + $records = $app->functions->htmlentities($records); $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']); $client_select = ''; //$tmp_data_record = $app->tform->getDataRecord($this->id); @@ -585,6 +587,7 @@ class page_action extends tform_actions { // Fill the client select field $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name"; $clients = $app->db->queryAllRecords($sql); + $clients = $app->functions->htmlentities($clients); $client_select = ""; //$tmp_data_record = $app->tform->getDataRecord($this->id); if(is_array($clients)) { diff --git a/interface/web/themes/default/assets/javascripts/ispconfig.js b/interface/web/themes/default/assets/javascripts/ispconfig.js index fcd5167a885847119270013db5294bc6b95ec71f..5f797af3286f8b0a7902f8bcebe4f48bcdf70c46 100644 --- a/interface/web/themes/default/assets/javascripts/ispconfig.js +++ b/interface/web/themes/default/assets/javascripts/ispconfig.js @@ -103,13 +103,15 @@ var ISPConfig = { width: 'element', selectOnBlur: true, allowClear: true, - formatResult: function(o) { - if(o.id && $(o.element).parent().hasClass('flags')) return '' + o.text + ''; - else return o.text; + formatResult: function(o, cont, qry, escapeMarkup) { + if(o.id && $(o.element).parent().hasClass('flags')) return '' + escapeMarkup(o.text) + ''; + else if(o.id && $(o.element).parent().hasClass('active-switch')) return '' + escapeMarkup(o.text) + ''; + else return escapeMarkup(o.text); }, - formatSelection: function(o) { - if(o.id && $(o.element).parent().hasClass('flags')) return '' + o.text + ''; - else return o.text; + formatSelection: function(o, cont, escapeMarkup) { + if(o.id && $(o.element).parent().hasClass('flags')) return '' + escapeMarkup(o.text) + ''; + else if(o.id && $(o.element).parent().hasClass('active-switch')) return '' + escapeMarkup(o.text) + ''; + else return escapeMarkup(o.text); } }).on('change', function(e) { if ($("#pageForm .table #Filter").length > 0) { diff --git a/interface/web/vm/form/openvz_ostemplate.tform.php b/interface/web/vm/form/openvz_ostemplate.tform.php index 07eeafef0f8d349e1e951d2efe702963d078f33a..a28bbc6adeaf9ea3d28318f1d6d63945b5230db3 100644 --- a/interface/web/vm/form/openvz_ostemplate.tform.php +++ b/interface/web/vm/form/openvz_ostemplate.tform.php @@ -69,6 +69,12 @@ $form["tabs"]['main'] = array ( 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'template_name_error_empty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -81,6 +87,12 @@ $form["tabs"]['main'] = array ( 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'template_file_error_empty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -113,6 +125,10 @@ $form["tabs"]['main'] = array ( 'description' => array ( 'datatype' => 'TEXT', 'formtype' => 'TEXTAREA', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS') + ), 'default' => '', 'value' => '', 'separator' => '', diff --git a/interface/web/vm/form/openvz_template.tform.php b/interface/web/vm/form/openvz_template.tform.php index 8279ce085c8566a0b41096b2800f1b5013d0d919..1a069361cbdeb6d74ff5b792aab36f1a0dcc6efa 100644 --- a/interface/web/vm/form/openvz_template.tform.php +++ b/interface/web/vm/form/openvz_template.tform.php @@ -69,6 +69,12 @@ $form["tabs"]['main'] = array ( 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'template_name_error_empty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -155,6 +161,12 @@ $form["tabs"]['main'] = array ( 'hostname' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', @@ -172,6 +184,12 @@ $form["tabs"]['main'] = array ( 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'template_nameserver_error_empty'), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '8.8.8.8 8.8.4.4', 'value' => '', 'width' => '30', @@ -187,6 +205,10 @@ $form["tabs"]['main'] = array ( 'description' => array ( 'datatype' => 'TEXT', 'formtype' => 'TEXTAREA', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS') + ), 'default' => '', 'value' => '', 'separator' => '', diff --git a/interface/web/vm/form/openvz_vm.tform.php b/interface/web/vm/form/openvz_vm.tform.php index 44f20dc6ec496da791cf5106a4def0cd222431cf..fe61e27c453e2957d5c8066ba50bccc6d98e258a 100644 --- a/interface/web/vm/form/openvz_vm.tform.php +++ b/interface/web/vm/form/openvz_vm.tform.php @@ -122,7 +122,11 @@ $form["tabs"]['main'] = array ( 1 => array( 'event' => 'SHOW', 'type' => 'IDNTOUTF8'), 2 => array( 'event' => 'SAVE', - 'type' => 'TOLOWER') + 'type' => 'TOLOWER'), + 3 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 4 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') ), 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'hostname_error_empty'), @@ -178,6 +182,10 @@ $form["tabs"]['main'] = array ( 'description' => array ( 'datatype' => 'TEXT', 'formtype' => 'TEXTAREA', + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS') + ), 'default' => '', 'value' => '', 'separator' => '', diff --git a/interface/web/vm/list/openvz_ip.list.php b/interface/web/vm/list/openvz_ip.list.php index 77a52dbcf956eb04d5d60f82910f92c5193a8742..80869918ad4dfc0b1275bde69a358d25ae433881 100644 --- a/interface/web/vm/list/openvz_ip.list.php +++ b/interface/web/vm/list/openvz_ip.list.php @@ -91,7 +91,7 @@ $liste["item"][] = array( 'field' => "reserved", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); diff --git a/interface/web/vm/list/openvz_ostemplate.list.php b/interface/web/vm/list/openvz_ostemplate.list.php index ca6132d827726321b6ebde6ef5e9c14db776dfa4..c2df7eb3867924ce031b0275b9dbb08ca859fdd4 100644 --- a/interface/web/vm/list/openvz_ostemplate.list.php +++ b/interface/web/vm/list/openvz_ostemplate.list.php @@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "ostemplate_id", 'datatype' => "INTEGER", @@ -96,7 +96,7 @@ $liste["item"][] = array( 'field' => "allservers", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); diff --git a/interface/web/vm/list/openvz_template.list.php b/interface/web/vm/list/openvz_template.list.php index e87314e98e4efac02b3e96ab664995872cbedfff..2d92f7baf4bf1aef12d19b7a5edb38938e7e0fb3 100644 --- a/interface/web/vm/list/openvz_template.list.php +++ b/interface/web/vm/list/openvz_template.list.php @@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "template_name", diff --git a/interface/web/vm/list/openvz_vm.list.php b/interface/web/vm/list/openvz_vm.list.php index 51e23b3ab2b0deaaf2d7604c3e392603db55397b..261427491bf1a3e6130bfca9be4a5fbf40d2b557 100644 --- a/interface/web/vm/list/openvz_vm.list.php +++ b/interface/web/vm/list/openvz_vm.list.php @@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
".$app->lng('yes_txt')."
", 'n' => "
".$app->lng('no_txt')."
")); + 'value' => array('y' => $app->lng('yes_txt'), 'n' => $app->lng('no_txt'))); $liste["item"][] = array( 'field' => "veid", 'datatype' => "VARCHAR", diff --git a/interface/web/vm/openvz_vm_edit.php b/interface/web/vm/openvz_vm_edit.php index 69265885cd9e3d0e6a104cabf09066847068f09c..2a5b12f3d712886143a05b65acdfbed536afcad1 100644 --- a/interface/web/vm/openvz_vm_edit.php +++ b/interface/web/vm/openvz_vm_edit.php @@ -97,11 +97,12 @@ class page_action extends tform_actions { //* Get the limits of the client $client_group_id = $_SESSION["s"]["user"]["default_group"]; $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.limit_openvz_vm_template_id, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); - + $client = $app->functions->htmlentities($client); //* Fill the client select field $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name"; $records = $app->db->queryAllRecords($sql, $client['client_id']); + $records = $app->functions->htmlentities($records); $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']); $client_select = ''; //$tmp_data_record = $app->tform->getDataRecord($this->id); @@ -134,6 +135,7 @@ class page_action extends tform_actions { //* Fill the client select field $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name"; $clients = $app->db->queryAllRecords($sql); + $clients = $app->functions->htmlentities($clients); $client_select = ""; //$tmp_data_record = $app->tform->getDataRecord($this->id); if(is_array($clients)) {