From 79d6be9acc40911ec83d723f182b771b75003047 Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Fri, 29 Dec 2017 12:29:16 +0100 Subject: [PATCH] Fixed a typo in htmlentities function and added htmlentities to dashlet output. --- interface/lib/classes/functions.inc.php | 2 +- interface/web/dashboard/dashlets/databasequota.php | 1 + interface/web/dashboard/dashlets/limits.php | 1 + interface/web/dashboard/dashlets/mailquota.php | 2 ++ interface/web/dashboard/dashlets/quota.php | 1 + 5 files changed, 6 insertions(+), 1 deletion(-) diff --git a/interface/lib/classes/functions.inc.php b/interface/lib/classes/functions.inc.php index 136448eef..a646e1be0 100644 --- a/interface/lib/classes/functions.inc.php +++ b/interface/lib/classes/functions.inc.php @@ -460,7 +460,7 @@ class functions { if(is_array($value)) { $out = array(); - foreach($values as $key => $val) { + foreach($value as $key => $val) { if(is_array($val)) { $out[$key] = $this->htmlentities($val); } else { diff --git a/interface/web/dashboard/dashlets/databasequota.php b/interface/web/dashboard/dashlets/databasequota.php index 6880d780a..6439cdee1 100644 --- a/interface/web/dashboard/dashlets/databasequota.php +++ b/interface/web/dashboard/dashlets/databasequota.php @@ -21,6 +21,7 @@ class dashlet_databasequota { $has_databasequota = false; if(is_array($databases) && !empty($databases)){ + $databases = $app->functions->htmlentities($databases); $tpl->setloop('databasequota', $databases); $has_databasequota = isset($databases[0]['used']); } diff --git a/interface/web/dashboard/dashlets/limits.php b/interface/web/dashboard/dashlets/limits.php index 2455da87b..d58c3eb8e 100644 --- a/interface/web/dashboard/dashlets/limits.php +++ b/interface/web/dashboard/dashlets/limits.php @@ -154,6 +154,7 @@ class dashlet_limits { 'percentage' => $percentage); } } + $rows = $app->functions->htmlentities($rows); $tpl->setLoop('rows', $rows); diff --git a/interface/web/dashboard/dashlets/mailquota.php b/interface/web/dashboard/dashlets/mailquota.php index 27b833377..4629d6a46 100644 --- a/interface/web/dashboard/dashlets/mailquota.php +++ b/interface/web/dashboard/dashlets/mailquota.php @@ -21,6 +21,8 @@ class dashlet_mailquota { $has_mailquota = false; if(is_array($emails) && !empty($emails)){ + // email username is quoted in quota.lib already, so no htmlentities here to prevent double encoding + //$emails = $app->functions->htmlentities($emails); $tpl->setloop('mailquota', $emails); $has_mailquota = isset($emails[0]['used']); } diff --git a/interface/web/dashboard/dashlets/quota.php b/interface/web/dashboard/dashlets/quota.php index a72e1fd23..6ff975b62 100644 --- a/interface/web/dashboard/dashlets/quota.php +++ b/interface/web/dashboard/dashlets/quota.php @@ -21,6 +21,7 @@ class dashlet_quota { $has_quota = false; if(is_array($sites) && !empty($sites)){ + $sites = $app->functions->htmlentities($sites); $tpl->setloop('quota', $sites); $has_quota = isset($sites[0]['used']); } -- GitLab