Commit a324af77 authored by Marius Burkard's avatar Marius Burkard

- fixed further (potential) XSS issues in forms

parent 9979311c
......@@ -57,7 +57,7 @@ class page_action extends tform_actions {
if($this->id ==0) { //* new record
$server_list = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE server_id NOT IN (SELECT server_id FROM firewall) ORDER BY server_name");
if(is_array($server_list)) {
foreach( $server_list as $server) $server_select .= "<option value='$server[server_id]' >$server[server_name]</option>\r\n";
foreach( $server_list as $server) $server_select .= "<option value='$server[server_id]' >" . $app->functions->htmlentities($server['server_name']) . "</option>\r\n";
}
$app->tpl->setVar('server_id', $server_select);
}
......
......@@ -61,7 +61,7 @@ class page_action extends tform_actions {
if(is_array($mirror_servers)) {
foreach( $mirror_servers as $mirror_server) {
$selected = ($mirror_server["server_id"] == $this->dataRecord['mirror_server_id'])?'SELECTED':'';
$mirror_server_select .= "<option value='$mirror_server[server_id]' $selected>$mirror_server[server_name]</option>\r\n";
$mirror_server_select .= "<option value='$mirror_server[server_id]' $selected>" . $app->functions->htmlentities($mirror_server['server_name']) . "</option>\r\n";
}
}
$app->tpl->setVar("mirror_server_id", $mirror_server_select);
......
......@@ -52,7 +52,7 @@ class page_action extends tform_actions {
if(is_array($servers)) {
foreach($servers as $server) {
$selected = ($server['server_id'] == $this->dataRecord['server_id'])?'SELECTED':'';
$server_select .= "<option value='$server[server_id]' $selected>$server[server_name]</option>\r\n";
$server_select .= "<option value='$server[server_id]' $selected>" . $app->functions->htmlentities($server['server_name']) . "</option>\r\n";
}
}
unset($servers);
......@@ -65,7 +65,7 @@ class page_action extends tform_actions {
if(is_array($ips)) {
foreach( $ips as $ip) {
$selected = ($ip['ip_address'] == $this->dataRecord['source_ip'])?'SELECTED':'';
$ip_select .= "<option value='$ip[ip_address]' $selected>$ip[source]</option>\r\n";
$ip_select .= "<option value='" . $app->functions->htmlentities($ip['ip_address']) . "' $selected>" . $app->functions->htmlentities($ip['source']) . "</option>\r\n";
}
}
unset($ips);
......
......@@ -80,7 +80,7 @@ class page_action extends tform_actions {
if($field_name['Field'] == 'gender'){
$message_variables .= '<a href="javascript:void(0);" class="addPlaceholder">{salutation}</a> ';
} else {
$message_variables .= '<a href="javascript:void(0);" class="addPlaceholder">{'.$field_name['Field'].'}</a> ';
$message_variables .= '<a href="javascript:void(0);" class="addPlaceholder">{'.$app->functions->htmlentities($field_name['Field']).'}</a> ';
}
}
}
......
......@@ -76,8 +76,8 @@ class page_action extends tform_actions {
if(isset($sql['domain']) && $sql['domain'] != '') {
if($sql['dkim'] == 'y') {
$public_key=str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$sql['dkim_public']);
$app->tpl->setVar('public_key', $public_key);
$app->tpl->setVar('selector', $sql['dkim_selector']);
$app->tpl->setVar('public_key', $public_key, true);
$app->tpl->setVar('selector', $sql['dkim_selector'], true);
} else {
//TODO: show warning - use mail_domain for dkim and enabled dkim
}
......@@ -85,7 +85,7 @@ class page_action extends tform_actions {
} else {
$app->tpl->setVar('edit_disabled', 0);
}
$app->tpl->setVar('name', $soa['origin']);
$app->tpl->setVar('name', $soa['origin'], true);
}
......
......@@ -93,7 +93,7 @@ class page_action extends tform_actions {
if ( isset($rec) && !empty($rec) ) {
$this->id = 1;
$old_data = strtolower($rec['data']);
$app->tpl->setVar("data", $old_data);
$app->tpl->setVar("data", $old_data, true);
if ($rec['active'] == 'Y') $app->tpl->setVar("active", "CHECKED"); else $app->tpl->setVar("active", "UNCHECKED");
$dmarc_rua = '';
$dmarc_ruf = '';
......@@ -123,7 +123,7 @@ class page_action extends tform_actions {
}
//set html-values
$app->tpl->setVar('domain', $domain_name);
$app->tpl->setVar('domain', $domain_name, true);
//create dmarc-policy-list
$dmarc_policy_value = array(
......@@ -138,9 +138,9 @@ class page_action extends tform_actions {
}
$app->tpl->setVar('dmarc_policy', $dmarc_policy_list);
if (!empty($dmarc_rua)) $app->tpl->setVar("dmarc_rua", $dmarc_rua);
if (!empty($dmarc_rua)) $app->tpl->setVar("dmarc_rua", $dmarc_rua, true);
if (!empty($dmarc_ruf)) $app->tpl->setVar("dmarc_ruf", $dmarc_ruf);
if (!empty($dmarc_ruf)) $app->tpl->setVar("dmarc_ruf", $dmarc_ruf, true);
//set dmarc-fo-options
if (isset($dmarc_fo)) {
......@@ -178,9 +178,9 @@ class page_action extends tform_actions {
if ( strpos($dmarc_rf, 'afrf') !== false ) $app->tpl->setVar("dmarc_rf_afrf", 'CHECKED');
if ( strpos($dmarc_rf, 'iodef') !== false ) $app->tpl->setVar("dmarc_rf_iodef", 'CHECKED');
$app->tpl->setVar("dmarc_pct", $dmarc_pct);
$app->tpl->setVar("dmarc_pct", $dmarc_pct, true);
$app->tpl->setVar("dmarc_ri", $dmarc_ri);
$app->tpl->setVar("dmarc_ri", $dmarc_ri, true);
//create dmarc-sp-list
$dmarc_sp_value = array(
......
......@@ -132,7 +132,7 @@ class page_action extends tform_actions {
if ($domain['domain'].'.' == $this->dataRecord["origin"]) {
$domain_select .= " selected";
}
$domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . ".</option>\r\n";
$domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . ".</option>\r\n";
}
}
else {
......
......@@ -179,7 +179,7 @@ class page_action extends tform_actions {
$options_dns_servers = "";
foreach ($dns_servers as $dns_server) {
$options_dns_servers .= '<option value="'.$dns_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $dns_server['server_id'] ? ' selected="selected"' : '').'>'.$dns_server['server_name'].'</option>';
$options_dns_servers .= '<option value="'.$dns_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $dns_server['server_id'] ? ' selected="selected"' : '').'>'.$app->functions->htmlentities($dns_server['server_name']).'</option>';
}
$app->tpl->setVar("client_server_id", $options_dns_servers);
......@@ -200,7 +200,7 @@ class page_action extends tform_actions {
if ($domain['domain'].'.' == $this->dataRecord["origin"]) {
$domain_select .= " selected";
}
$domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . ".</option>\r\n";
$domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . ".</option>\r\n";
}
}
else {
......@@ -222,7 +222,7 @@ class page_action extends tform_actions {
$datalog = $app->db->queryOneRecord("SELECT sys_datalog.error, sys_log.tstamp FROM sys_datalog, sys_log WHERE sys_datalog.dbtable = 'dns_soa' AND sys_datalog.dbidx = ? AND sys_datalog.datalog_id = sys_log.datalog_id AND sys_log.message = CONCAT('Processed datalog_id ',sys_log.datalog_id) ORDER BY sys_datalog.tstamp DESC", 'id:' . $this->id);
if(is_array($datalog) && !empty($datalog)){
if(trim($datalog['error']) != ''){
$app->tpl->setVar("config_error_msg", nl2br(htmlentities($datalog['error'])));
$app->tpl->setVar("config_error_msg", nl2br($app->functions->htmlentities($datalog['error'])));
$app->tpl->setVar("config_error_tstamp", date($app->lng('conf_format_datetime'), $datalog['tstamp']));
}
}
......
......@@ -83,7 +83,7 @@ class page_action extends tform_actions {
$this->id = 1;
$old_data = strtolower($rec['data']);
$app->tpl->setVar("data", $old_data);
$app->tpl->setVar("data", $old_data, true);
if ($rec['active'] == 'Y') $app->tpl->setVar("active", "CHECKED"); else $app->tpl->setVar("active", "UNCHECKED");
$spf_hostname = '';
......
......@@ -83,7 +83,7 @@ class page_action extends tform_actions {
foreach( $domains as $domain) {
$domain['domain'] = $app->functions->idn_decode($domain['domain']);
$selected = ($domain["domain"] == @$email_parts[1])?'SELECTED':'';
$domain_select .= "<option value='$domain[domain]' $selected>$domain[domain]</option>\r\n";
$domain_select .= "<option value='" . $app->functions->htmlentities($domain['domain']) . "' $selected>" . $app->functions->htmlentities($domain['domain']) . "</option>\r\n";
}
}
$app->tpl->setVar("email_domain", $domain_select);
......
......@@ -82,9 +82,9 @@ class page_action extends tform_actions {
foreach( $domains as $domain) {
$domain['domain'] = $app->functions->idn_decode($domain['domain']);
$selected = ($domain["domain"] == @$source_domain)?'SELECTED':'';
$source_select .= "<option value='$domain[domain]' $selected>$domain[domain]</option>\r\n";
$source_select .= "<option value='" . $app->functions->htmlentities($domain['domain']) . "' $selected>" . $app->functions->htmlentities($domain['domain']) . "</option>\r\n";
$selected = ($domain["domain"] == @$destination_domain)?'SELECTED':'';
$destination_select .= "<option value='$domain[domain]' $selected>$domain[domain]</option>\r\n";
$destination_select .= "<option value='" . $app->functions->htmlentities($domain['domain']) . "' $selected>" . $app->functions->htmlentities($domain['domain']) . "</option>\r\n";
}
}
$app->tpl->setVar("source_domain", $source_select);
......
......@@ -82,7 +82,7 @@ class page_action extends tform_actions {
foreach( $domains as $domain) {
$domain['domain'] = $app->functions->idn_decode($domain['domain']);
$selected = (isset($email_parts[1]) && $domain["domain"] == $email_parts[1])?'SELECTED':'';
$domain_select .= "<option value='$domain[domain]' $selected>$domain[domain]</option>\r\n";
$domain_select .= "<option value='" . $app->functions->htmlentities($domain['domain']) . "' $selected>" . $app->functions->htmlentities($domain['domain']) . "</option>\r\n";
}
}
$app->tpl->setVar("email_domain", $domain_select);
......
......@@ -101,7 +101,7 @@ class page_action extends tform_actions {
// Set the mailserver to the default server of the client
$tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $client['default_mailserver']);
$app->tpl->setVar("server_id", "<option value='$client[default_mailserver]'>$tmp[server_name]</option>");
$app->tpl->setVar("server_id", "<option value='$client[default_mailserver]'>" . $app->functions->htmlentities($tmp['server_name']) . "</option>");
unset($tmp);
if ($settings['use_domain_module'] != 'y') {
......@@ -142,7 +142,7 @@ class page_action extends tform_actions {
$options_mail_servers = "";
foreach ($mail_servers as $mail_server) {
$options_mail_servers .= '<option value="'.$mail_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $mail_server['server_id'] ? ' selected="selected"' : '').'>'.$mail_server['server_name'].'</option>';
$options_mail_servers .= '<option value="'.$mail_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $mail_server['server_id'] ? ' selected="selected"' : '').'>'.$app->functions->htmlentities($mail_server['server_name']).'</option>';
}
$app->tpl->setVar("client_server_id", $options_mail_servers);
......@@ -167,7 +167,7 @@ class page_action extends tform_actions {
if ($domain['domain'] == $this->dataRecord["domain"]) {
$domain_select .= " selected";
}
$domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . "</option>\r\n";
$domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . "</option>\r\n";
}
}
else {
......@@ -193,7 +193,7 @@ class page_action extends tform_actions {
if(is_array($policys)) {
foreach( $policys as $p) {
$selected = ($p["id"] == $tmp_user["policy_id"])?'SELECTED':'';
$policy_select .= "<option value='$p[id]' $selected>$p[policy_name]</option>\r\n";
$policy_select .= "<option value='$p[id]' $selected>" . $app->functions->htmlentities($p['policy_name']) . "</option>\r\n";
}
}
$app->tpl->setVar("policy", $policy_select);
......@@ -214,10 +214,10 @@ class page_action extends tform_actions {
$rec = $app->db->queryOneRecord($sql, $app->functions->intval($_GET['id']));
$dns_key = str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$rec['dkim_public']);
$dns_record = $rec['dkim_selector'] . '._domainkey.' . $rec['domain'] . '. 3600 TXT v=DKIM1; t=s; p=' . $dns_key;
$app->tpl->setVar('dkim_selector', $rec['dkim_selector']);
$app->tpl->setVar('dkim_private', $rec['dkim_private']);
$app->tpl->setVar('dkim_public', $rec['dkim_public']);
if (!empty($rec['dkim_public'])) $app->tpl->setVar('dns_record', $dns_record);
$app->tpl->setVar('dkim_selector', $rec['dkim_selector'], true);
$app->tpl->setVar('dkim_private', $rec['dkim_private'], true);
$app->tpl->setVar('dkim_public', $rec['dkim_public'], true);
if (!empty($rec['dkim_public'])) $app->tpl->setVar('dns_record', $dns_record, true);
parent::onShowEnd();
}
......
......@@ -82,7 +82,7 @@ class page_action extends tform_actions {
foreach( $domains as $domain) {
$domain['domain'] = $app->functions->idn_decode($domain['domain']);
$selected = (isset($email_parts[1]) && $domain["domain"] == $email_parts[1])?'SELECTED':'';
$domain_select .= "<option value='$domain[domain]' $selected>$domain[domain]</option>\r\n";
$domain_select .= "<option value='" . $app->functions->htmlentities($domain['domain']) . "' $selected>" . $app->functions->htmlentities($domain['domain']) . "</option>\r\n";
}
$app->tpl->setVar("email_domain", $domain_select);
......
......@@ -116,7 +116,7 @@ class page_action extends tform_actions {
if(is_array($domains)) {
foreach( $domains as $domain) {
$selected = ($domain["domain"] == $this->dataRecord["domain"])?'SELECTED':'';
$domain_select .= "<option value='$domain[domain]' $selected>$domain[domain]</option>\r\n";
$domain_select .= "<option value='" . $app->functions->htmlentities($domain['domain']) . "' $selected>" . $app->functions->htmlentities($domain['domain']) . "</option>\r\n";
}
}
$app->tpl->setVar("domain_option", $domain_select);
......
......@@ -67,7 +67,7 @@ class page_action extends tform_actions {
$domain_select = '';
foreach( $domains as $domain) {
$selected = ($domain["domain"] == $email_parts[1])?'SELECTED':'';
$domain_select .= "<option value='$domain[domain]' $selected>$domain[domain]</option>\r\n";
$domain_select .= "<option value='" . $app->functions->htmlentities($domain['domain']) . "' $selected>" . $app->functions->htmlentities($domain['domain']) . "</option>\r\n";
}
$app->tpl->setVar("email_domain", $domain_select);
......
......@@ -70,6 +70,7 @@ class page_action extends tform_actions {
function onShowEnd() {
global $app, $conf;
$rec = array();
$types = array('smtp' => 'smtp', 'uucp' => 'uucp', 'slow' => 'slow', 'error' => 'error', 'custom' => 'custom', '' => 'null');
$tmp_parts = explode(":", $this->dataRecord["transport"]);
if(!empty($this->id) && !stristr($this->dataRecord["transport"], ':')) {
......@@ -106,7 +107,7 @@ class page_action extends tform_actions {
}
}
$rec["type"] = $type_select;
$app->tpl->setVar($rec);
$app->tpl->setVar($rec, null, true);
unset($type);
unset($types);
......
......@@ -84,7 +84,7 @@ class page_action extends tform_actions {
foreach( $domains as $domain) {
$domain['domain'] = $app->functions->idn_decode($domain['domain']);
$selected = ($domain["domain"] == @$email_parts[1])?'SELECTED':'';
$domain_select .= "<option value='$domain[domain]' $selected>$domain[domain]</option>\r\n";
$domain_select .= "<option value='" . $app->functions->htmlentities($domain['domain']) . "' $selected>" . $app->functions->htmlentities($domain['domain']) . "</option>\r\n";
}
}
$app->tpl->setVar("email_domain", $domain_select);
......@@ -100,7 +100,7 @@ class page_action extends tform_actions {
if(is_array($policys)) {
foreach( $policys as $p) {
$selected = ($p["id"] == $tmp_user["policy_id"])?'SELECTED':'';
$policy_select .= "<option value='$p[id]' $selected>$p[policy_name]</option>\r\n";
$policy_select .= "<option value='$p[id]' $selected>" . $app->functions->htmlentities(($p['policy_name']) . "</option>\r\n";
}
}
$app->tpl->setVar("policy", $policy_select);
......
......@@ -165,7 +165,7 @@ class page_action extends tform_actions {
$options_xmpp_servers = "";
foreach ($xmpp_servers as $xmpp_server) {
$options_xmpp_servers .= "<option value='$xmpp_server[server_id]'>$xmpp_server[server_name]</option>";
$options_xmpp_servers .= "<option value='$xmpp_server[server_id]'>" . $app->functions->htmlentities($xmpp_server['server_name']) . "</option>";
}
$app->tpl->setVar("client_server_id", $options_xmpp_servers);
......@@ -190,7 +190,7 @@ class page_action extends tform_actions {
if ($domain['domain'] == $this->dataRecord["domain"]) {
$domain_select .= " selected";
}
$domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . "</option>\r\n";
$domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . "</option>\r\n";
}
}
else {
......
......@@ -83,7 +83,7 @@ class page_action extends tform_actions {
foreach( $domains as $domain) {
$domain['domain'] = $app->functions->idn_decode($domain['domain']);
$selected = ($domain["domain"] == @$jid_parts[1])?'SELECTED':'';
$domain_select .= "<option value='$domain[domain]' $selected>$domain[domain]</option>\r\n";
$domain_select .= "<option value='" . $app->functions->htmlentities($domain['domain']) . "' $selected>" . $app->functions->htmlentities($domain['domain']) . "</option>\r\n";
}
}
$app->tpl->setVar("jid_domain", $domain_select);
......
......@@ -75,7 +75,7 @@ class page_action extends tform_actions {
global $app, $conf;
$rec = $app->tform->getDataRecord($this->id);
$app->tpl->setVar("email", $rec['email']);
$app->tpl->setVar("email", $rec['email'], true);
parent::onShowEnd();
}
......
......@@ -63,7 +63,7 @@ class page_action extends tform_actions {
global $app, $conf;
$rec = $app->tform->getDataRecord($_SESSION['s']['user']['mailuser_id']);
$app->tpl->setVar("email", $rec['email']);
$app->tpl->setVar("email", $rec['email'], true);
parent::onShowEnd();
}
......
......@@ -112,7 +112,7 @@ class page_action extends tform_actions {
global $app, $conf;
$rec = $app->tform->getDataRecord($this->id);
$app->tpl->setVar("email", $rec['email']);
$app->tpl->setVar("email", $rec['email'], true);
// Get the spamfilter policys for the user
$tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = ?", $rec['email']);
......@@ -122,7 +122,7 @@ class page_action extends tform_actions {
if(is_array($policys)) {
foreach( $policys as $p) {
$selected = ($p["id"] == $tmp_user["policy_id"])?'SELECTED':'';
$policy_select .= "<option value='$p[id]' $selected>$p[policy_name]</option>\r\n";
$policy_select .= "<option value='$p[id]' $selected>" . $app->functions->htmlentities($p['policy_name']) . "</option>\r\n";
}
}
$app->tpl->setVar("policy", $policy_select);
......
......@@ -89,7 +89,7 @@ class page_action extends tform_actions {
}
foreach ($tmp as $db_server) {
$options_db_servers .= '<option value="'.$db_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $db_server['server_id'] ? ' selected="selected"' : '').'>'.$db_server['server_name'].'</option>';
$options_db_servers .= '<option value="'.$db_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $db_server['server_id'] ? ' selected="selected"' : '').'>'.$app->functions->htmlentities($db_server['server_name']).'</option>';
}
$app->tpl->setVar("server_id", $options_db_servers);
......@@ -112,7 +112,7 @@ class page_action extends tform_actions {
}
foreach ($tmp as $db_server) {
$options_db_servers .= '<option value="'.$db_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $db_server['server_id'] ? ' selected="selected"' : '').'>'.$db_server['server_name'].'</option>';
$options_db_servers .= '<option value="'.$db_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $db_server['server_id'] ? ' selected="selected"' : '').'>'.$app->functions->htmlentities($db_server['server_name']).'</option>';
}
$app->tpl->setVar("server_id", $options_db_servers);
......@@ -147,7 +147,7 @@ class page_action extends tform_actions {
}
if($this->dataRecord['database_name'] == "") {
$app->tpl->setVar("database_name_prefix", $dbname_prefix);
$app->tpl->setVar("database_name_prefix", $dbname_prefix, true);
} else {
$app->tpl->setVar("database_name_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_name_prefix'], $dbname_prefix, $global_config['dbname_prefix']), true);
}
......
......@@ -122,7 +122,7 @@ class page_action extends tform_actions {
}
if($this->dataRecord['database_user'] == "") {
$app->tpl->setVar("database_user_prefix", $dbuser_prefix);
$app->tpl->setVar("database_user_prefix", $dbuser_prefix, true);
} else {
$app->tpl->setVar("database_user_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_user_prefix'], $dbuser_prefix, $global_config['dbuser_prefix']), true);
}
......
......@@ -83,7 +83,7 @@ class page_action extends tform_actions {
}
if($this->dataRecord['username'] == "") {
$app->tpl->setVar("username_prefix", $ftpuser_prefix);
$app->tpl->setVar("username_prefix", $ftpuser_prefix, true);
} else {
$app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $ftpuser_prefix, $global_config['ftpuser_prefix']), true);
}
......
......@@ -83,7 +83,7 @@ class page_action extends tform_actions {
}
if($this->dataRecord['username'] == "") {
$app->tpl->setVar("username_prefix", $shelluser_prefix);
$app->tpl->setVar("username_prefix", $shelluser_prefix, true);
} else {
$app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $shelluser_prefix, $global_config['shelluser_prefix']), true);
}
......
......@@ -87,7 +87,7 @@ class page_action extends tform_actions {
}
}
$app->tpl->setVar('childdomain_type', $this->_childdomain_type);
$app->tpl->setVar('childdomain_type', $this->_childdomain_type, true);
parent::onShowNew();
}
......@@ -118,7 +118,7 @@ class page_action extends tform_actions {
} elseif($this->_childdomain_type == 'aliasdomain' && $domain['domain'] == $this->dataRecord["domain"]) {
$domain_select .= " selected";
}
$domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . "</option>\r\n";
$domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . "</option>\r\n";
}
}
else {
......@@ -159,7 +159,7 @@ class page_action extends tform_actions {
$proxy_directive_snippets_txt = '';
if(is_array($proxy_directive_snippets) && !empty($proxy_directive_snippets)){
foreach($proxy_directive_snippets as $proxy_directive_snippet){
$proxy_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$proxy_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.$proxy_directive_snippet['snippet'].'</pre></a> ';
$proxy_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$app->functions->htmlentities($proxy_directive_snippet['name']).']<pre class="addPlaceholderContent" style="display:none;">'.$app->functions->htmlentities($proxy_directive_snippet['snippet']).'</pre></a> ';
}
}
if($proxy_directive_snippets_txt == '') $proxy_directive_snippets_txt = '------';
......@@ -167,7 +167,7 @@ class page_action extends tform_actions {
$app->tpl->setVar('limit_ssl_letsencrypt', 'y');
}
$app->tpl->setVar('childdomain_type', $this->_childdomain_type);
$app->tpl->setVar('childdomain_type', $this->_childdomain_type, true);
parent::onShowEnd();
......
......@@ -82,7 +82,7 @@ class page_action extends tform_actions {
}
if($this->dataRecord['username'] == "") {
$app->tpl->setVar("username_prefix", $webdavuser_prefix);
$app->tpl->setVar("username_prefix", $webdavuser_prefix, true);
} else {
$app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $webdavuser_prefix, $global_config['webdavuser_prefix']), true);
}
......
......@@ -86,7 +86,7 @@ class page_action extends tform_actions {
if(is_array($records)) {
foreach( $records as $rec) {
$selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':'';
$template_id_select .= "<option value='$rec[template_id]' $selected>$rec[template_name]</option>\r\n";
$template_id_select .= "<option value='$rec[template_id]' $selected>" . $app->functions->htmlentities($rec['template_name']) . "</option>\r\n";
}
}
$app->tpl->setVar("template_id_select", $template_id_select);
......@@ -109,7 +109,7 @@ class page_action extends tform_actions {
if(is_array($records)) {
foreach( $records as $rec) {
$selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
$client_select .= "<option value='$rec[groupid]' $selected>$rec[contactname]</option>\r\n";
$client_select .= "<option value='$rec[groupid]' $selected>" . $app->functions->htmlentities($rec['contactname']) . "</option>\r\n";
}
}
$app->tpl->setVar("client_group_id", $client_select);
......@@ -124,7 +124,7 @@ class page_action extends tform_actions {
if(is_array($records)) {
foreach( $records as $rec) {
$selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':'';
$template_id_select .= "<option value='$rec[template_id]' $selected>$rec[template_name]</option>\r\n";
$template_id_select .= "<option value='$rec[template_id]' $selected>" . $app->functions->htmlentities($rec['template_name']) . "</option>\r\n";
}
}
$app->tpl->setVar("template_id_select", $template_id_select);
......@@ -141,7 +141,7 @@ class page_action extends tform_actions {
if(is_array($clients)) {
foreach( $clients as $client) {
$selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
$client_select .= "<option value='$client[groupid]' $selected>$client[contactname]</option>\r\n";
$client_select .= "<option value='$client[groupid]' $selected>" . $app->functions->htmlentities($client['contactname']) . "</option>\r\n";
}
}
$app->tpl->setVar("client_group_id", $client_select);
......@@ -153,7 +153,7 @@ class page_action extends tform_actions {
$template_id_select='';
foreach( $records as $rec) {
$selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':'';
$template_id_select .= "<option value='$rec[template_id]' $selected>$rec[template_name]</option>\r\n";
$template_id_select .= "<option value='$rec[template_id]' $selected>" . $app->functions->htmlentities($rec['template_name']) . "</option>\r\n";
}
}
$app->tpl->setVar("template_id_select", $template_id_select);
......@@ -175,7 +175,7 @@ class page_action extends tform_actions {
if(is_array($ips)) {
foreach( $ips as $ip) {
$selected = ($ip["ip_address"] == $this->dataRecord["ip_address"])?'SELECTED':'';
$ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
$ip_select .= "<option value='$ip[ip_address]' $selected>" . $app->functions->htmlentities($ip['ip_address']) . "</option>\r\n";
}
}
$app->tpl->setVar("ip_address", $ip_select);
......@@ -188,7 +188,7 @@ class page_action extends tform_actions {
foreach ($additional_ips as $idx => $rec) {
$temp .= "<input type='hidden' id='id".$idx."' name='additional_ip[".$idx."]' name='additional_ip[".$idx."]' value='0'>";
$used = @($rec['additional']=='y')?'CHECKED':'';
$temp .= "<input type='checkbox' value='".$rec['ip_address']."' id='id".$idx."' name='additional_ip[".$idx."]' ".$used."> ".$rec['ip_address']."<br>";
$temp .= "<input type='checkbox' value='".$app->functions->htmlentities($rec['ip_address'])."' id='id".$idx."' name='additional_ip[".$idx."]' ".$used."> ".$app->functions->htmlentities($rec['ip_address'])."<br>";
}
$app->tpl->setVar("additional_ip", $temp);
unset($used);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment