Commit a31c64af authored by Till Brehm's avatar Till Brehm

Merge branch 'stable-3.1' of git.ispconfig.org:ispconfig/ispconfig3 into stable-3.1

parents f45cfd8e 75c2ae38
......@@ -454,6 +454,25 @@ class functions {
$app->log("Failed to create SSH keypair for ".$username, LOGLEVEL_WARN);
}
}
public function htmlentities($value) {
global $conf;
if(is_array($value)) {
$out = array();
foreach($value as $key => $val) {
if(is_array($val)) {
$out[$key] = $this->htmlentities($val);
} else {
$out[$key] = htmlentities($val, ENT_QUOTES, $conf["html_content_encoding"]);
}
}
} else {
$out = htmlentities($value, ENT_QUOTES, $conf["html_content_encoding"]);
}
return $out;
}
}
?>
......@@ -179,6 +179,7 @@ class listform {
&& $k == $_SESSION['search'][$list_name][$search_prefix.$field]
&& $_SESSION['search'][$list_name][$search_prefix.$field] != '')
? ' SELECTED' : '';
$v = $app->functions->htmlentities($v);
$out .= "<option value='$k'$selected>$v</option>\r\n";
}
}
......@@ -610,17 +611,8 @@ class listform {
}
function escapeArrayValues($search_values) {
global $conf;
$out = array();
if(is_array($search_values)) {
foreach($search_values as $key => $val) {
$out[$key] = htmlentities($val, ENT_QUOTES, $conf["html_content_encoding"]);
}
}
return $out;
global $app;
return $app->functions->htmlentities($search_values);
}
}
......
......@@ -180,7 +180,7 @@ class listform_actions {
$rec['_'.$key.'_'] = (strtolower($rec[$key]) == 'y')?'x16/tick_circle.png':'x16/cross_circle.png';
}
//* substitute value for select field
$rec[$key] = @$field['value'][$rec[$key]];
$rec[$key] = $app->functions->htmlentities(@$field['value'][$rec[$key]]);
}
}
}
......
......@@ -243,7 +243,8 @@ class quota_lib {
if(is_array($emails) && !empty($emails)){
for($i=0;$i<sizeof($emails);$i++){
$email = $emails[$i]['email'];
$emails[$i]['name'] = $app->functions->htmlentities($emails[$i]['name']);
$emails[$i]['used'] = isset($monitor_data[$email]['used']) ? $monitor_data[$email]['used'] : array(1 => 0);
if (!is_numeric($emails[$i]['used'])) $emails[$i]['used']=$emails[$i]['used'][1];
......
......@@ -473,8 +473,8 @@ class tform_base {
if(is_array($field['value'])) {
foreach($field['value'] as $k => $v) {
$selected = ($k == $val)?' SELECTED':'';
if(isset($this->wordbook[$v]))
$v = $this->wordbook[$v];
if(isset($this->wordbook[$v])) $v = $this->wordbook[$v];
else $v = $app->functions->htmlentities($v);
$out .= "<option value='$k'$selected>".$this->lng($v)."</option>\r\n";
}
}
......@@ -494,7 +494,7 @@ class tform_base {
foreach($vals as $tvl) {
if(trim($tvl) == trim($k)) $selected = ' SELECTED';
}
$v = $app->functions->htmlentities($v);
$out .= "<option value='$k'$selected>$v</option>\r\n";
}
}
......@@ -577,7 +577,7 @@ class tform_base {
default:
if(isset($record[$key])) {
$new_record[$key] = htmlspecialchars($record[$key]);
$new_record[$key] = $app->functions->htmlentities($record[$key]);
} else {
$new_record[$key] = '';
}
......@@ -608,7 +608,8 @@ class tform_base {
$out = '';
foreach($field['value'] as $k => $v) {
$selected = ($k == $field["default"])?' SELECTED':'';
$out .= "<option value='$k'$selected>".$this->lng($v)."</option>\r\n";
$v = $app->functions->htmlentities($this->lng($v));
$out .= "<option value='$k'$selected>".$v."</option>\r\n";
}
}
if(isset($out)) $new_record[$key] = $out;
......@@ -622,7 +623,7 @@ class tform_base {
// HTML schreiben
$out = '';
foreach($field['value'] as $k => $v) {
$v = $app->functions->htmlentities($v);
$out .= "<option value='$k'>$v</option>\r\n";
}
}
......@@ -693,7 +694,7 @@ class tform_base {
break;
default:
$new_record[$key] = htmlspecialchars($field['default']);
$new_record[$key] = $app->functions->htmlentities($field['default']);
}
}
......@@ -911,6 +912,12 @@ class tform_base {
case 'NOWHITESPACE':
$returnval = preg_replace('/\s+/', '', $returnval);
break;
case 'STRIPTAGS':
$returnval = strip_tags(preg_replace('/<script[^>]*?>.*?<\/script>/is', '', $returnval));
break;
case 'STRIPNL':
$returnval = str_replace(array("\n","\r"),'', $returnval);
break;
default:
$this->errorMessage .= "Unknown Filter: ".$filter['type'];
break;
......
......@@ -71,6 +71,12 @@ $form["tabs"]['directive_snippets'] = array (
1 => array ( 'type' => 'UNIQUE',
'errmsg'=> 'directive_snippets_name_error_unique'),
),
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'width' => '30',
......
......@@ -81,6 +81,12 @@ $form["tabs"]['groups'] = array (
'name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'regex' => '/^.{1,30}$/',
'errmsg' => 'name_err',
'default' => '',
......@@ -94,6 +100,10 @@ $form["tabs"]['groups'] = array (
'description' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS')
),
'regex' => '',
'errmsg' => '',
'default' => '',
......
......@@ -52,6 +52,12 @@ $form["tabs"]['iptables'] = array (
'source_ip' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'width' => '',
......@@ -60,6 +66,12 @@ $form["tabs"]['iptables'] = array (
'destination_ip' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'width' => '',
......@@ -68,6 +80,12 @@ $form["tabs"]['iptables'] = array (
'singleport' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'width' => '',
......@@ -76,6 +94,12 @@ $form["tabs"]['iptables'] = array (
'multiport' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'width' => '',
......@@ -84,6 +108,12 @@ $form["tabs"]['iptables'] = array (
'state' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'width' => '',
......
......@@ -61,6 +61,12 @@ $form["tabs"]['services'] = array (
'server_name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'width' => '30',
......
......@@ -145,6 +145,12 @@ $form["tabs"]['server'] = array(
'validators' => array(0 => array('type' => 'NOTEMPTY',
'errmsg' => 'nameservers_error_empty'),
),
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'value' => '',
'width' => '40',
'maxlength' => '255'
......@@ -316,6 +322,12 @@ $form["tabs"]['server'] = array(
'monit_user' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'width' => '40',
......@@ -344,6 +356,12 @@ $form["tabs"]['server'] = array(
'munin_user' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'width' => '40',
......@@ -426,6 +444,12 @@ $form["tabs"]['mail'] = array(
'dkim_path' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '/var/lib/amavis/dkim',
'value' => '',
'width' => '40',
......@@ -527,6 +551,12 @@ $form["tabs"]['mail'] = array(
'relayhost' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'width' => '40',
......@@ -535,6 +565,12 @@ $form["tabs"]['mail'] = array(
'relayhost_user' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'width' => '40',
......@@ -719,6 +755,12 @@ $form["tabs"]['web'] = array(
'website_autoalias' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'width' => '40',
......@@ -1135,6 +1177,12 @@ $form["tabs"]['web'] = array(
'validators' => array( 0 => array('type' => 'NOTEMPTY',
'errmsg' => 'htaccess_allow_override_error_empty'),
),
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'value' => '',
'width' => '40',
'maxlength' => '255'
......@@ -1161,6 +1209,12 @@ $form["tabs"]['web'] = array(
'validators' => array(0 => array('type' => 'NOTEMPTY',
'errmsg' => 'apps_vhost_port_error_empty'),
),
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'value' => '',
'width' => '40',
'maxlength' => '255'
......@@ -1172,6 +1226,12 @@ $form["tabs"]['web'] = array(
'validators' => array(0 => array('type' => 'NOTEMPTY',
'errmsg' => 'apps_vhost_ip_error_empty'),
),
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'value' => '',
'width' => '40',
'maxlength' => '255'
......@@ -1179,6 +1239,12 @@ $form["tabs"]['web'] = array(
'apps_vhost_servername' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'width' => '40',
......@@ -1187,6 +1253,12 @@ $form["tabs"]['web'] = array(
'awstats_conf_dir' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'width' => '40',
......@@ -1486,6 +1558,12 @@ $form["tabs"]['xmpp'] = array(
'xmpp_server_admins' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => 'admin@service.com, superuser@service.com',
'value' => '',
'width' => '15'
......@@ -1494,6 +1572,12 @@ $form["tabs"]['xmpp'] = array(
'xmpp_modules_enabled' => array(
'datatype' => 'TEXT',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => "saslauth, tls, dialback, disco, discoitems, version, uptime, time, ping, admin_adhoc, admin_telnet, bosh, posix, announce, offline, webpresence, mam, stream_management, message_carbons",
'value' => '',
'separator' => ","
......
......@@ -112,6 +112,12 @@ $form["tabs"]['php_name'] = array (
'validators' => array(0 => array('type' => 'NOTEMPTY',
'errmsg' => 'server_php_name_error_empty'),
),
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'separator' => '',
......@@ -135,6 +141,12 @@ $form["tabs"]['php_fastcgi'] = array(
'php_fastcgi_binary' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'width' => '40',
......@@ -143,6 +155,12 @@ $form["tabs"]['php_fastcgi'] = array(
'php_fastcgi_ini_dir' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'width' => '40',
......@@ -165,6 +183,12 @@ $form["tabs"]['php_fpm'] = array(
'php_fpm_init_script' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'width' => '40',
......@@ -173,6 +197,12 @@ $form["tabs"]['php_fpm'] = array(
'php_fpm_ini_dir' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'width' => '40',
......@@ -181,6 +211,12 @@ $form["tabs"]['php_fpm'] = array(
'php_fpm_pool_dir' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'width' => '40',
......
......@@ -87,6 +87,12 @@ $form["tabs"]['software_package'] = array (
'package_title' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'validators' => '',
'default' => '',
'value' => '',
......@@ -99,6 +105,12 @@ $form["tabs"]['software_package'] = array (
'package_key' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'validators' => '',
'default' => '',
'value' => '',
......
......@@ -92,6 +92,12 @@ $form["tabs"]['software_repo'] = array (
1 => array ( 'type' => 'UNIQUE',
'errmsg'=> 'repo_name_unique'),
),
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'separator' => '',
......@@ -108,6 +114,12 @@ $form["tabs"]['software_repo'] = array (
1 => array ( 'type' => 'UNIQUE',
'errmsg'=> 'repo_name_unique'),
),
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'separator' => '',
......@@ -119,6 +131,12 @@ $form["tabs"]['software_repo'] = array (
'repo_username' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'separator' => '',
......
......@@ -282,7 +282,11 @@ $form["tabs"]['mail'] = array (
1 => array( 'event' => 'SHOW',
'type' => 'IDNTOUTF8'),
2 => array( 'event' => 'SAVE',
'type' => 'TOLOWER')
'type' => 'TOLOWER'),
3 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
4 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'formtype' => 'TEXT',
'default' => '',
......@@ -293,6 +297,12 @@ $form["tabs"]['mail'] = array (
'admin_name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'width' => '30',
......@@ -311,7 +321,11 @@ $form["tabs"]['mail'] = array (
1 => array( 'event' => 'SHOW',
'type' => 'IDNTOUTF8'),
2 => array( 'event' => 'SAVE',
'type' => 'TOLOWER')
'type' => 'TOLOWER'),
3 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
4 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'formtype' => 'TEXT',
'default' => '',
......@@ -322,6 +336,12 @@ $form["tabs"]['mail'] = array (
'smtp_port' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '25',