diff --git a/interface/lib/classes/tform_actions.inc.php b/interface/lib/classes/tform_actions.inc.php index e0ff25145575407e09e062b40f57e462e99c5c2d..f277c51274f3e8e4f9c5f03814f07367c7a8fcf2 100644 --- a/interface/lib/classes/tform_actions.inc.php +++ b/interface/lib/classes/tform_actions.inc.php @@ -287,7 +287,7 @@ class tform_actions { global $app, $conf; $app->tpl->setVar("error", "
  • ".$app->tform->errorMessage."
    • "); - $app->tpl->setVar($this->dataRecord); + $app->tpl->setVar($this->dataRecord, null, true); $this->onShow(); } diff --git a/interface/lib/classes/tpl.inc.php b/interface/lib/classes/tpl.inc.php index 2104cf61a5f50ea4dbd3e2bd52eb19c496158496..37814cd0c61a114ad6e4b9ccf3c91db7349608ee 100644 --- a/interface/lib/classes/tpl.inc.php +++ b/interface/lib/classes/tpl.inc.php @@ -226,21 +226,26 @@ if (!defined('vlibTemplateClassLoaded')) { * using the keys as variable names and the values as variable values. * @param mixed $k key to define variable name * @param mixed $v variable to assign to $k + * @param bool $encode if set to true use htmlentities on values * @return boolean true/false * @access public */ - public function setVar($k, $v = null) + public function setVar($k, $v = null, $encode = false) { + global $app; + if (is_array($k)) { foreach($k as $key => $value){ $key = ($this->OPTIONS['CASELESS']) ? strtolower(trim($key)) : trim($key); if (preg_match('/^[A-Za-z_]+[A-Za-z0-9_]*$/', $key) && $value !== null ) { + if($encode == true) $value = $app->functions->htmlentities($value); $this->_vars[$key] = $value; } } } else { if (preg_match('/^[A-Za-z_]+[A-Za-z0-9_]*$/', $k) && $v !== null) { if ($this->OPTIONS['CASELESS']) $k = strtolower($k); + if($encode == true) $value = $app->functions->htmlentities($); $this->_vars[trim($k)] = $v; } else { return false; diff --git a/interface/web/admin/directive_snippets_edit.php b/interface/web/admin/directive_snippets_edit.php index de803581e07d373a23bfce05e490772d041788b4..b12da0a79bf28f000b0c11103db13482557608ad 100644 --- a/interface/web/admin/directive_snippets_edit.php +++ b/interface/web/admin/directive_snippets_edit.php @@ -70,9 +70,9 @@ class page_action extends tform_actions { if($this->id > 0){ if($this->dataRecord['master_directive_snippets_id'] > 0){ $is_master = true; - $app->tpl->setVar("name", $this->dataRecord['name']); - $app->tpl->setVar("type", $this->dataRecord['type']); - $app->tpl->setVar("snippet", $this->dataRecord['snippet']); + $app->tpl->setVar("name", $this->dataRecord['name'], true); + $app->tpl->setVar("type", $this->dataRecord['type'], true); + $app->tpl->setVar("snippet", $this->dataRecord['snippet'], true); } } $app->tpl->setVar("is_master", $is_master); diff --git a/interface/web/dns/dns_slave_edit.php b/interface/web/dns/dns_slave_edit.php index 4d588ef8e032ab1e0bfd3ae270aacb6bc8292d85..289ef2ab3833389e32bd5fac131d76a2b9b91433 100644 --- a/interface/web/dns/dns_slave_edit.php +++ b/interface/web/dns/dns_slave_edit.php @@ -149,7 +149,7 @@ class page_action extends tform_actions { if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/dns/dns_soa_edit.php b/interface/web/dns/dns_soa_edit.php index 6faefac3903ec588d400fa2b8bb48e69a612ac35..8764301c1dcd291c6655226e2abd32a7aae203c5 100644 --- a/interface/web/dns/dns_soa_edit.php +++ b/interface/web/dns/dns_soa_edit.php @@ -217,7 +217,7 @@ class page_action extends tform_actions { if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true); $datalog = $app->db->queryOneRecord("SELECT sys_datalog.error, sys_log.tstamp FROM sys_datalog, sys_log WHERE sys_datalog.dbtable = 'dns_soa' AND sys_datalog.dbidx = ? AND sys_datalog.datalog_id = sys_log.datalog_id AND sys_log.message = CONCAT('Processed datalog_id ',sys_log.datalog_id) ORDER BY sys_datalog.tstamp DESC", 'id:' . $this->id); if(is_array($datalog) && !empty($datalog)){ diff --git a/interface/web/mail/mail_domain_edit.php b/interface/web/mail/mail_domain_edit.php index 7565752bd31c575d38731fe09af55c191ba81c70..e648b94c3bf1d39104dde3bcb45aba7242c930bb 100644 --- a/interface/web/mail/mail_domain_edit.php +++ b/interface/web/mail/mail_domain_edit.php @@ -204,7 +204,7 @@ class page_action extends tform_actions { if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/mail/mail_mailinglist_edit.php b/interface/web/mail/mail_mailinglist_edit.php index 1419627529253adf23bba5bdfb5f00ba0de749d5..a0c9e021739ce66fb4df63d907fa44070ae3227d 100644 --- a/interface/web/mail/mail_mailinglist_edit.php +++ b/interface/web/mail/mail_mailinglist_edit.php @@ -124,9 +124,9 @@ class page_action extends tform_actions { if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("listname_value", $this->dataRecord["listname"]); - $app->tpl->setVar("domain_value", $this->dataRecord["domain"]); - $app->tpl->setVar("email_value", $this->dataRecord["email"]); + $app->tpl->setVar("listname_value", $this->dataRecord["listname"], true); + $app->tpl->setVar("domain_value", $this->dataRecord["domain"], true); + $app->tpl->setVar("email_value", $this->dataRecord["email"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/mail/mail_user_edit.php b/interface/web/mail/mail_user_edit.php index 87d3be66bbf2f4a21b0dbf12d7de76f5ab3cf34d..b6e84bf33f0e083ef467a3c755b1b33666925b1f 100644 --- a/interface/web/mail/mail_user_edit.php +++ b/interface/web/mail/mail_user_edit.php @@ -121,7 +121,7 @@ class page_action extends tform_actions { if($this->dataRecord['autoresponder_subject'] == '') { $app->tpl->setVar('autoresponder_subject', $app->tform->lng('autoresponder_subject')); } else { - $app->tpl->setVar('autoresponder_subject', $this->dataRecord['autoresponder_subject']); + $app->tpl->setVar('autoresponder_subject', $this->dataRecord['autoresponder_subject'], true); } $app->uses('getconf'); diff --git a/interface/web/mail/xmpp_domain_edit.php b/interface/web/mail/xmpp_domain_edit.php index 39132011148a73989d67a73cc7057e234f65bb2d..499882454cea5efb25f2bbe7ad509a49e1be5834 100644 --- a/interface/web/mail/xmpp_domain_edit.php +++ b/interface/web/mail/xmpp_domain_edit.php @@ -211,7 +211,7 @@ class page_action extends tform_actions { if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/mailuser/mail_user_autoresponder_edit.php b/interface/web/mailuser/mail_user_autoresponder_edit.php index 8007c0fd814ee934db7d7b08f43d18321fcffc41..d93151bf24094f72829e2da89dcfb5321b6ee413 100644 --- a/interface/web/mailuser/mail_user_autoresponder_edit.php +++ b/interface/web/mailuser/mail_user_autoresponder_edit.php @@ -84,7 +84,7 @@ class page_action extends tform_actions { if($this->dataRecord['autoresponder_subject'] == '') { $app->tpl->setVar('autoresponder_subject', $app->tform->lng('autoresponder_subject')); } else { - $app->tpl->setVar('autoresponder_subject', $this->dataRecord['autoresponder_subject']); + $app->tpl->setVar('autoresponder_subject', $this->dataRecord['autoresponder_subject'], true); } parent::onShowEnd(); diff --git a/interface/web/sites/cron_edit.php b/interface/web/sites/cron_edit.php index a8326493cad61e5537b3ed134fab4a737c3d8cdd..62f338f33f30f6e60502cd9e02398fb2f7e961e8 100644 --- a/interface/web/sites/cron_edit.php +++ b/interface/web/sites/cron_edit.php @@ -73,7 +73,7 @@ class page_action extends tform_actions { if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"]); + $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/sites/database_edit.php b/interface/web/sites/database_edit.php index 213063ae89bdb70c495e630a345caa52e73987cc..7af4b4351fcf7bda8dab5899e25147c4047ab072 100644 --- a/interface/web/sites/database_edit.php +++ b/interface/web/sites/database_edit.php @@ -143,22 +143,22 @@ class page_action extends tform_actions { if ($this->dataRecord['database_name'] != ""){ /* REMOVE the restriction */ - $app->tpl->setVar("database_name", $app->tools_sites->removePrefix($this->dataRecord['database_name'], $this->dataRecord['database_name_prefix'], $dbname_prefix)); + $app->tpl->setVar("database_name", $app->tools_sites->removePrefix($this->dataRecord['database_name'], $this->dataRecord['database_name_prefix'], $dbname_prefix), true); } if($this->dataRecord['database_name'] == "") { $app->tpl->setVar("database_name_prefix", $dbname_prefix); } else { - $app->tpl->setVar("database_name_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_name_prefix'], $dbname_prefix, $global_config['dbname_prefix'])); + $app->tpl->setVar("database_name_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_name_prefix'], $dbname_prefix, $global_config['dbname_prefix']), true); } if($this->id > 0) { //* we are editing a existing record $edit_disabled = @($_SESSION["s"]["user"]["typ"] == 'admin')? 0 : 1; //* admin can change the database-name $app->tpl->setVar("edit_disabled", $edit_disabled); - $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); - $app->tpl->setVar("database_charset_value", $this->dataRecord["database_charset"]); - $app->tpl->setVar("limit_database_quota", $this->dataRecord["database_quota"]); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true); + $app->tpl->setVar("database_charset_value", $this->dataRecord["database_charset"], true); + $app->tpl->setVar("limit_database_quota", $this->dataRecord["database_quota"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/sites/database_user_edit.php b/interface/web/sites/database_user_edit.php index e7bfa611a937be481efde7ae8ba7a8308cbaf01c..6f6e887ccaca234c7c40f2cf5951fa8629fdd5ff 100644 --- a/interface/web/sites/database_user_edit.php +++ b/interface/web/sites/database_user_edit.php @@ -118,13 +118,13 @@ class page_action extends tform_actions { if ($this->dataRecord['database_user'] != ""){ /* REMOVE the restriction */ - $app->tpl->setVar("database_user", $app->tools_sites->removePrefix($this->dataRecord['database_user'], $this->dataRecord['database_user_prefix'], $dbuser_prefix)); + $app->tpl->setVar("database_user", $app->tools_sites->removePrefix($this->dataRecord['database_user'], $this->dataRecord['database_user_prefix'], $dbuser_prefix), true); } if($this->dataRecord['database_user'] == "") { $app->tpl->setVar("database_user_prefix", $dbuser_prefix); } else { - $app->tpl->setVar("database_user_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_user_prefix'], $dbuser_prefix, $global_config['dbuser_prefix'])); + $app->tpl->setVar("database_user_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_user_prefix'], $dbuser_prefix, $global_config['dbuser_prefix']), true); } parent::onShowEnd(); diff --git a/interface/web/sites/ftp_user_edit.php b/interface/web/sites/ftp_user_edit.php index 9de400ce0392fcff585fe6450621d8c15b6d3d14..a98e447796d91a9a2c0f27e362b537e080cc1b4d 100644 --- a/interface/web/sites/ftp_user_edit.php +++ b/interface/web/sites/ftp_user_edit.php @@ -79,13 +79,13 @@ class page_action extends tform_actions { if ($this->dataRecord['username'] != ""){ /* REMOVE the restriction */ - $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $ftpuser_prefix)); + $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $ftpuser_prefix), true); } if($this->dataRecord['username'] == "") { $app->tpl->setVar("username_prefix", $ftpuser_prefix); } else { - $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $ftpuser_prefix, $global_config['ftpuser_prefix'])); + $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $ftpuser_prefix, $global_config['ftpuser_prefix']), true); } parent::onShowEnd(); diff --git a/interface/web/sites/shell_user_edit.php b/interface/web/sites/shell_user_edit.php index 77c4509b44e7e2c56c5ca72d80e16d3d30b2198e..2f0a029890b1f373e4572585fbe7ea861ead560c 100644 --- a/interface/web/sites/shell_user_edit.php +++ b/interface/web/sites/shell_user_edit.php @@ -79,19 +79,19 @@ class page_action extends tform_actions { if ($this->dataRecord['username'] != ""){ /* REMOVE the restriction */ - $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $shelluser_prefix)); + $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $shelluser_prefix), true); } if($this->dataRecord['username'] == "") { $app->tpl->setVar("username_prefix", $shelluser_prefix); } else { - $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $shelluser_prefix, $global_config['shelluser_prefix'])); + $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $shelluser_prefix, $global_config['shelluser_prefix']), true); } if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"]); + $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/sites/web_childdomain_edit.php b/interface/web/sites/web_childdomain_edit.php index 6ef98f901fb864083d41b9feb64bd102edab4f67..622d0d0790cae9ef8d48e4d8efb9eb1cce3e3574 100644 --- a/interface/web/sites/web_childdomain_edit.php +++ b/interface/web/sites/web_childdomain_edit.php @@ -144,7 +144,7 @@ class page_action extends tform_actions { $this->dataRecord["domain"] = str_replace('.'.$parent_domain["domain"], '', $this->dataRecord["domain"]); } } - if($this->_childdomain_type == 'subdomain') $app->tpl->setVar("domain", $this->dataRecord["domain"]); + if($this->_childdomain_type == 'subdomain') $app->tpl->setVar("domain", $this->dataRecord["domain"], true); $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) { diff --git a/interface/web/sites/web_vhost_domain_edit.php b/interface/web/sites/web_vhost_domain_edit.php index 023f8db0c52938f467b5c3eb5c8ba6d61e9420c5..f04dc019e31232be5ae5d858f39df2d138c4de49 100644 --- a/interface/web/sites/web_vhost_domain_edit.php +++ b/interface/web/sites/web_vhost_domain_edit.php @@ -761,8 +761,8 @@ class page_action extends tform_actions { $app->tpl->setVar("edit_disabled", 1); $app->tpl->setVar('fixed_folder', 'y'); if($this->_vhostdomain_type == 'domain') { - $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); - $app->tpl->setVar("document_root", $this->dataRecord["document_root"]); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true); + $app->tpl->setVar("document_root", $this->dataRecord["document_root"], true); } else $app->tpl->setVar('server_id_value', $parent_domain['server_id']); } else { @@ -820,7 +820,7 @@ class page_action extends tform_actions { if($this->dataRecord["type"] == 'vhostsubdomain') $this->dataRecord["domain"] = str_replace('.'.$parent_domain["domain"], '', $this->dataRecord["domain"]); } - if($this->_vhostdomain_type != 'domain') $app->tpl->setVar("domain", $this->dataRecord["domain"]); + if($this->_vhostdomain_type != 'domain') $app->tpl->setVar("domain", $this->dataRecord["domain"], true); // check for configuration errors in sys_datalog if($this->id > 0) { diff --git a/interface/web/sites/webdav_user_edit.php b/interface/web/sites/webdav_user_edit.php index 73e47eb7a98d5ef6e847614384eb9df1d11aea38..e94625fd9d0122a253b4b151e7119e3aa09645ae 100644 --- a/interface/web/sites/webdav_user_edit.php +++ b/interface/web/sites/webdav_user_edit.php @@ -78,19 +78,19 @@ class page_action extends tform_actions { if ($this->dataRecord['username'] != "") { /* REMOVE the restriction */ - $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $webdavuser_prefix)); + $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $webdavuser_prefix), true); } if($this->dataRecord['username'] == "") { $app->tpl->setVar("username_prefix", $webdavuser_prefix); } else { - $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $webdavuser_prefix, $global_config['webdavuser_prefix'])); + $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $webdavuser_prefix, $global_config['webdavuser_prefix']), true); } if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"]); + $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/vm/openvz_vm_edit.php b/interface/web/vm/openvz_vm_edit.php index 2a5b12f3d712886143a05b65acdfbed536afcad1..8109859ecef09107cded1d5b976ccec92fa789f6 100644 --- a/interface/web/vm/openvz_vm_edit.php +++ b/interface/web/vm/openvz_vm_edit.php @@ -198,8 +198,8 @@ class page_action extends tform_actions { if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); - $app->tpl->setVar("ostemplate_id_value", $this->dataRecord["ostemplate_id"]); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true); + $app->tpl->setVar("ostemplate_id_value", $this->dataRecord["ostemplate_id"], true); } else { $app->tpl->setVar("edit_disabled", 0); }