From b6b166612b1323a36bddaec8b76831b2d4e0730a Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Sat, 30 Dec 2017 09:52:13 +0100 Subject: [PATCH 01/25] Fixed #4898 Reflected XSS issue in DNS module --- interface/lib/classes/tform_base.inc.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/interface/lib/classes/tform_base.inc.php b/interface/lib/classes/tform_base.inc.php index d06072e830..0e839c53d3 100644 --- a/interface/lib/classes/tform_base.inc.php +++ b/interface/lib/classes/tform_base.inc.php @@ -245,7 +245,7 @@ class tform_base { */ function decode($record, $tab) { global $conf, $app; - if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab does not exist or the tab is empty (TAB: $tab)."); + if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab does not exist or the tab is empty (TAB: ".$app->functions->htmlentities($tab).")."); return $this->_decode($record, $tab, false); } @@ -416,7 +416,7 @@ class tform_base { $this->action = $action; if(!is_array($this->formDef)) $app->error("No form definition found."); - if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: $tab)."); + if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: ".$app->functions->htmlentities($tab).")."); /* CSRF PROTECTION */ // generate csrf protection id and key @@ -868,7 +868,7 @@ class tform_base { function encode($record, $tab, $dbencode = true) { global $app; - if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab is empty or does not exist (TAB: $tab)."); + if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab is empty or does not exist (TAB: ".$app->functions->htmlentities($tab).")."); return $this->_encode($record, $tab, $dbencode, false); } @@ -1437,7 +1437,7 @@ class tform_base { } if(!is_array($this->formDef)) $app->error("Form definition not found."); - if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: $tab)."); + if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: ".$app->functions->htmlentities($tab).")."); return $this->_getSQL($record, $tab, $action, $primary_id, $sql_ext_where, false); } -- GitLab From a4945b5b7bb6a256919f84f64b11a1f4125e584a Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Sat, 30 Dec 2017 09:54:58 +0100 Subject: [PATCH 02/25] Filter HTML tags in FAQ questions when admin adds FAQ articles as HTML is required for answers only. --- interface/web/help/form/faq.tform.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/interface/web/help/form/faq.tform.php b/interface/web/help/form/faq.tform.php index e795f3566f..e440de7e6b 100644 --- a/interface/web/help/form/faq.tform.php +++ b/interface/web/help/form/faq.tform.php @@ -79,6 +79,12 @@ $form['tabs']['message'] = array( 'errmsg'=> 'subject_is_empty' ), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', -- GitLab From 96b7d78dcbe8d675c7aeda10cd230ec2610cc620 Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Sat, 30 Dec 2017 09:57:33 +0100 Subject: [PATCH 03/25] Removed HTML comment. --- interface/web/help/templates/help_faq_list.htm | 2 -- 1 file changed, 2 deletions(-) diff --git a/interface/web/help/templates/help_faq_list.htm b/interface/web/help/templates/help_faq_list.htm index e81dae2e0b..28850fe830 100644 --- a/interface/web/help/templates/help_faq_list.htm +++ b/interface/web/help/templates/help_faq_list.htm @@ -12,5 +12,3 @@
- - -- GitLab From 637bab3ec1e610a130fa7dc66ca0c5bdac4cc6d5 Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Sat, 30 Dec 2017 10:00:46 +0100 Subject: [PATCH 04/25] Cleaned up FAQ module files to use global auth function instead of repeating the code in each file. --- interface/web/help/faq_delete.php | 5 +---- interface/web/help/faq_edit.php | 5 +---- interface/web/help/faq_list.php | 7 ++----- interface/web/help/faq_manage_questions_list.php | 2 +- interface/web/help/faq_sections_delete.php | 5 +---- interface/web/help/faq_sections_edit.php | 5 +---- interface/web/help/faq_sections_list.php | 5 +---- 7 files changed, 8 insertions(+), 26 deletions(-) diff --git a/interface/web/help/faq_delete.php b/interface/web/help/faq_delete.php index e8f3627278..c1faed60d9 100644 --- a/interface/web/help/faq_delete.php +++ b/interface/web/help/faq_delete.php @@ -9,10 +9,7 @@ require_once '../../lib/config.inc.php'; require_once '../../lib/app.inc.php'; // Check module permissions -if(!stristr($_SESSION['s']['user']['modules'], 'help')) { - header('Location: ../index.php'); - die; -} +$app->auth->check_module_permissions('admin'); // Load the form $app->uses('tform_actions'); diff --git a/interface/web/help/faq_edit.php b/interface/web/help/faq_edit.php index 629bde88c7..397f5cccf4 100644 --- a/interface/web/help/faq_edit.php +++ b/interface/web/help/faq_edit.php @@ -8,10 +8,7 @@ require_once '../../lib/config.inc.php'; require_once '../../lib/app.inc.php'; // Check the module permissions and redirect if not allowed. -if(!stristr($_SESSION['s']['user']['modules'], 'help')) { - header('Location: ../index.php'); - die; -} +$app->auth->check_module_permissions('admin'); // Load the templating and form classes $app->uses('tpl,tform,tform_actions'); diff --git a/interface/web/help/faq_list.php b/interface/web/help/faq_list.php index 128480dca2..ed5ffa4fab 100644 --- a/interface/web/help/faq_list.php +++ b/interface/web/help/faq_list.php @@ -7,10 +7,7 @@ require_once '../../lib/app.inc.php'; $list_def_file = 'list/faq_list.php'; // Check the module permissions -if(!stristr($_SESSION['s']['user']['modules'], 'help')) { - header('Location: ../index.php'); - die(); -} +$app->auth->check_module_permissions('help'); // Loading the class $app->uses('listform_actions'); @@ -31,7 +28,7 @@ $app->listform_actions->SQLExtWhere = "help_faq.hf_section = $hf_section"; if($hf_section) $res = $app->db->queryOneRecord("SELECT hfs_name FROM help_faq_sections WHERE hfs_id=?", $hf_section); // Start the form rendering and action ahndling -echo "

FAQ: ".$res['hfs_name']."

"; +echo "

FAQ: ".$app->functions->htmlentities($res['hfs_name'])."

"; if($hf_section) $app->listform_actions->onLoad(); ?> diff --git a/interface/web/help/faq_manage_questions_list.php b/interface/web/help/faq_manage_questions_list.php index e728244586..ae29e752fc 100644 --- a/interface/web/help/faq_manage_questions_list.php +++ b/interface/web/help/faq_manage_questions_list.php @@ -6,7 +6,7 @@ require_once '../../lib/app.inc.php'; $list_def_file = "list/faq_manage_questions_list.php"; //* Check permissions for module -$app->auth->check_module_permissions('help'); +$app->auth->check_module_permissions('admin'); //* Loading the class $app->uses('listform_actions'); diff --git a/interface/web/help/faq_sections_delete.php b/interface/web/help/faq_sections_delete.php index adcacf4376..865071ff25 100644 --- a/interface/web/help/faq_sections_delete.php +++ b/interface/web/help/faq_sections_delete.php @@ -9,10 +9,7 @@ require_once '../../lib/config.inc.php'; require_once '../../lib/app.inc.php'; // Check module permissions -if(!stristr($_SESSION['s']['user']['modules'], 'help')) { - header('Location: ../index.php'); - die; -} +$app->auth->check_module_permissions('admin'); // Load the form $app->uses('tform_actions'); diff --git a/interface/web/help/faq_sections_edit.php b/interface/web/help/faq_sections_edit.php index 32f0123466..f146db8605 100644 --- a/interface/web/help/faq_sections_edit.php +++ b/interface/web/help/faq_sections_edit.php @@ -8,10 +8,7 @@ require_once '../../lib/config.inc.php'; require_once '../../lib/app.inc.php'; // Check the module permissions and redirect if not allowed. -if(!stristr($_SESSION['s']['user']['modules'], 'help')) { - header('Location: ../index.php'); - die; -} +$app->auth->check_module_permissions('admin'); // Load the templating and form classes $app->uses('tpl,tform,tform_actions'); diff --git a/interface/web/help/faq_sections_list.php b/interface/web/help/faq_sections_list.php index 4acb4ae20e..7ce9fb0235 100644 --- a/interface/web/help/faq_sections_list.php +++ b/interface/web/help/faq_sections_list.php @@ -7,10 +7,7 @@ require_once '../../lib/app.inc.php'; $list_def_file = 'list/faq_sections_list.php'; // Check the module permissions -if(!stristr($_SESSION['s']['user']['modules'], 'help')) { - header('Location: ../index.php'); - die(); -} +$app->auth->check_module_permissions('admin'); // Loading the class $app->uses('listform_actions'); -- GitLab From 5309338c286e2d148963d6bdbe7c4a40e746a3ce Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Sat, 30 Dec 2017 17:27:42 +0100 Subject: [PATCH 05/25] Added regex check for next_tab variable in form handler. --- interface/lib/classes/tform.inc.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php index 503bd24eb8..b28e503224 100644 --- a/interface/lib/classes/tform.inc.php +++ b/interface/lib/classes/tform.inc.php @@ -115,11 +115,18 @@ class tform extends tform_base { // Show the same tab again in case of an error $active_tab = $_SESSION["s"]["form"]["tab"]; } + + if(!preg_match('/^[a-zA-Z0-9_]{0,50}$/',$active_tab)) { + die('Invalid next tab name.'); + } return $active_tab; } function getCurrentTab() { + if(!preg_match('/^[a-zA-Z0-9_]{0,50}$/',$_SESSION["s"]["form"]["tab"])) { + die('Invalid current tab name.'); + } return $_SESSION["s"]["form"]["tab"]; } -- GitLab From 9a7981e01e0fd9e248e22ccf44c2339c2f9c7077 Mon Sep 17 00:00:00 2001 From: Marius Burkard Date: Mon, 1 Jan 2018 11:35:56 +0100 Subject: [PATCH 06/25] - added htmlentities (XSS protection) to form data passed to template, fixes #4902 --- interface/lib/classes/tform_actions.inc.php | 2 +- interface/lib/classes/tpl.inc.php | 7 ++++++- interface/web/admin/directive_snippets_edit.php | 6 +++--- interface/web/dns/dns_slave_edit.php | 2 +- interface/web/dns/dns_soa_edit.php | 2 +- interface/web/mail/mail_domain_edit.php | 2 +- interface/web/mail/mail_mailinglist_edit.php | 6 +++--- interface/web/mail/mail_user_edit.php | 2 +- interface/web/mail/xmpp_domain_edit.php | 2 +- .../web/mailuser/mail_user_autoresponder_edit.php | 2 +- interface/web/sites/cron_edit.php | 2 +- interface/web/sites/database_edit.php | 10 +++++----- interface/web/sites/database_user_edit.php | 4 ++-- interface/web/sites/ftp_user_edit.php | 4 ++-- interface/web/sites/shell_user_edit.php | 6 +++--- interface/web/sites/web_childdomain_edit.php | 2 +- interface/web/sites/web_vhost_domain_edit.php | 6 +++--- interface/web/sites/webdav_user_edit.php | 6 +++--- interface/web/vm/openvz_vm_edit.php | 4 ++-- 19 files changed, 41 insertions(+), 36 deletions(-) diff --git a/interface/lib/classes/tform_actions.inc.php b/interface/lib/classes/tform_actions.inc.php index e0ff251455..f277c51274 100644 --- a/interface/lib/classes/tform_actions.inc.php +++ b/interface/lib/classes/tform_actions.inc.php @@ -287,7 +287,7 @@ class tform_actions { global $app, $conf; $app->tpl->setVar("error", "
  • ".$app->tform->errorMessage."
    • "); - $app->tpl->setVar($this->dataRecord); + $app->tpl->setVar($this->dataRecord, null, true); $this->onShow(); } diff --git a/interface/lib/classes/tpl.inc.php b/interface/lib/classes/tpl.inc.php index 2104cf61a5..37814cd0c6 100644 --- a/interface/lib/classes/tpl.inc.php +++ b/interface/lib/classes/tpl.inc.php @@ -226,21 +226,26 @@ if (!defined('vlibTemplateClassLoaded')) { * using the keys as variable names and the values as variable values. * @param mixed $k key to define variable name * @param mixed $v variable to assign to $k + * @param bool $encode if set to true use htmlentities on values * @return boolean true/false * @access public */ - public function setVar($k, $v = null) + public function setVar($k, $v = null, $encode = false) { + global $app; + if (is_array($k)) { foreach($k as $key => $value){ $key = ($this->OPTIONS['CASELESS']) ? strtolower(trim($key)) : trim($key); if (preg_match('/^[A-Za-z_]+[A-Za-z0-9_]*$/', $key) && $value !== null ) { + if($encode == true) $value = $app->functions->htmlentities($value); $this->_vars[$key] = $value; } } } else { if (preg_match('/^[A-Za-z_]+[A-Za-z0-9_]*$/', $k) && $v !== null) { if ($this->OPTIONS['CASELESS']) $k = strtolower($k); + if($encode == true) $value = $app->functions->htmlentities($); $this->_vars[trim($k)] = $v; } else { return false; diff --git a/interface/web/admin/directive_snippets_edit.php b/interface/web/admin/directive_snippets_edit.php index de803581e0..b12da0a79b 100644 --- a/interface/web/admin/directive_snippets_edit.php +++ b/interface/web/admin/directive_snippets_edit.php @@ -70,9 +70,9 @@ class page_action extends tform_actions { if($this->id > 0){ if($this->dataRecord['master_directive_snippets_id'] > 0){ $is_master = true; - $app->tpl->setVar("name", $this->dataRecord['name']); - $app->tpl->setVar("type", $this->dataRecord['type']); - $app->tpl->setVar("snippet", $this->dataRecord['snippet']); + $app->tpl->setVar("name", $this->dataRecord['name'], true); + $app->tpl->setVar("type", $this->dataRecord['type'], true); + $app->tpl->setVar("snippet", $this->dataRecord['snippet'], true); } } $app->tpl->setVar("is_master", $is_master); diff --git a/interface/web/dns/dns_slave_edit.php b/interface/web/dns/dns_slave_edit.php index 4d588ef8e0..289ef2ab38 100644 --- a/interface/web/dns/dns_slave_edit.php +++ b/interface/web/dns/dns_slave_edit.php @@ -149,7 +149,7 @@ class page_action extends tform_actions { if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/dns/dns_soa_edit.php b/interface/web/dns/dns_soa_edit.php index 6faefac390..8764301c1d 100644 --- a/interface/web/dns/dns_soa_edit.php +++ b/interface/web/dns/dns_soa_edit.php @@ -217,7 +217,7 @@ class page_action extends tform_actions { if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true); $datalog = $app->db->queryOneRecord("SELECT sys_datalog.error, sys_log.tstamp FROM sys_datalog, sys_log WHERE sys_datalog.dbtable = 'dns_soa' AND sys_datalog.dbidx = ? AND sys_datalog.datalog_id = sys_log.datalog_id AND sys_log.message = CONCAT('Processed datalog_id ',sys_log.datalog_id) ORDER BY sys_datalog.tstamp DESC", 'id:' . $this->id); if(is_array($datalog) && !empty($datalog)){ diff --git a/interface/web/mail/mail_domain_edit.php b/interface/web/mail/mail_domain_edit.php index 7565752bd3..e648b94c3b 100644 --- a/interface/web/mail/mail_domain_edit.php +++ b/interface/web/mail/mail_domain_edit.php @@ -204,7 +204,7 @@ class page_action extends tform_actions { if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/mail/mail_mailinglist_edit.php b/interface/web/mail/mail_mailinglist_edit.php index 1419627529..a0c9e02173 100644 --- a/interface/web/mail/mail_mailinglist_edit.php +++ b/interface/web/mail/mail_mailinglist_edit.php @@ -124,9 +124,9 @@ class page_action extends tform_actions { if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("listname_value", $this->dataRecord["listname"]); - $app->tpl->setVar("domain_value", $this->dataRecord["domain"]); - $app->tpl->setVar("email_value", $this->dataRecord["email"]); + $app->tpl->setVar("listname_value", $this->dataRecord["listname"], true); + $app->tpl->setVar("domain_value", $this->dataRecord["domain"], true); + $app->tpl->setVar("email_value", $this->dataRecord["email"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/mail/mail_user_edit.php b/interface/web/mail/mail_user_edit.php index 87d3be66bb..b6e84bf33f 100644 --- a/interface/web/mail/mail_user_edit.php +++ b/interface/web/mail/mail_user_edit.php @@ -121,7 +121,7 @@ class page_action extends tform_actions { if($this->dataRecord['autoresponder_subject'] == '') { $app->tpl->setVar('autoresponder_subject', $app->tform->lng('autoresponder_subject')); } else { - $app->tpl->setVar('autoresponder_subject', $this->dataRecord['autoresponder_subject']); + $app->tpl->setVar('autoresponder_subject', $this->dataRecord['autoresponder_subject'], true); } $app->uses('getconf'); diff --git a/interface/web/mail/xmpp_domain_edit.php b/interface/web/mail/xmpp_domain_edit.php index 3913201114..499882454c 100644 --- a/interface/web/mail/xmpp_domain_edit.php +++ b/interface/web/mail/xmpp_domain_edit.php @@ -211,7 +211,7 @@ class page_action extends tform_actions { if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/mailuser/mail_user_autoresponder_edit.php b/interface/web/mailuser/mail_user_autoresponder_edit.php index 8007c0fd81..d93151bf24 100644 --- a/interface/web/mailuser/mail_user_autoresponder_edit.php +++ b/interface/web/mailuser/mail_user_autoresponder_edit.php @@ -84,7 +84,7 @@ class page_action extends tform_actions { if($this->dataRecord['autoresponder_subject'] == '') { $app->tpl->setVar('autoresponder_subject', $app->tform->lng('autoresponder_subject')); } else { - $app->tpl->setVar('autoresponder_subject', $this->dataRecord['autoresponder_subject']); + $app->tpl->setVar('autoresponder_subject', $this->dataRecord['autoresponder_subject'], true); } parent::onShowEnd(); diff --git a/interface/web/sites/cron_edit.php b/interface/web/sites/cron_edit.php index a8326493ca..62f338f33f 100644 --- a/interface/web/sites/cron_edit.php +++ b/interface/web/sites/cron_edit.php @@ -73,7 +73,7 @@ class page_action extends tform_actions { if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"]); + $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/sites/database_edit.php b/interface/web/sites/database_edit.php index 213063ae89..7af4b4351f 100644 --- a/interface/web/sites/database_edit.php +++ b/interface/web/sites/database_edit.php @@ -143,22 +143,22 @@ class page_action extends tform_actions { if ($this->dataRecord['database_name'] != ""){ /* REMOVE the restriction */ - $app->tpl->setVar("database_name", $app->tools_sites->removePrefix($this->dataRecord['database_name'], $this->dataRecord['database_name_prefix'], $dbname_prefix)); + $app->tpl->setVar("database_name", $app->tools_sites->removePrefix($this->dataRecord['database_name'], $this->dataRecord['database_name_prefix'], $dbname_prefix), true); } if($this->dataRecord['database_name'] == "") { $app->tpl->setVar("database_name_prefix", $dbname_prefix); } else { - $app->tpl->setVar("database_name_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_name_prefix'], $dbname_prefix, $global_config['dbname_prefix'])); + $app->tpl->setVar("database_name_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_name_prefix'], $dbname_prefix, $global_config['dbname_prefix']), true); } if($this->id > 0) { //* we are editing a existing record $edit_disabled = @($_SESSION["s"]["user"]["typ"] == 'admin')? 0 : 1; //* admin can change the database-name $app->tpl->setVar("edit_disabled", $edit_disabled); - $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); - $app->tpl->setVar("database_charset_value", $this->dataRecord["database_charset"]); - $app->tpl->setVar("limit_database_quota", $this->dataRecord["database_quota"]); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true); + $app->tpl->setVar("database_charset_value", $this->dataRecord["database_charset"], true); + $app->tpl->setVar("limit_database_quota", $this->dataRecord["database_quota"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/sites/database_user_edit.php b/interface/web/sites/database_user_edit.php index e7bfa611a9..6f6e887cca 100644 --- a/interface/web/sites/database_user_edit.php +++ b/interface/web/sites/database_user_edit.php @@ -118,13 +118,13 @@ class page_action extends tform_actions { if ($this->dataRecord['database_user'] != ""){ /* REMOVE the restriction */ - $app->tpl->setVar("database_user", $app->tools_sites->removePrefix($this->dataRecord['database_user'], $this->dataRecord['database_user_prefix'], $dbuser_prefix)); + $app->tpl->setVar("database_user", $app->tools_sites->removePrefix($this->dataRecord['database_user'], $this->dataRecord['database_user_prefix'], $dbuser_prefix), true); } if($this->dataRecord['database_user'] == "") { $app->tpl->setVar("database_user_prefix", $dbuser_prefix); } else { - $app->tpl->setVar("database_user_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_user_prefix'], $dbuser_prefix, $global_config['dbuser_prefix'])); + $app->tpl->setVar("database_user_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_user_prefix'], $dbuser_prefix, $global_config['dbuser_prefix']), true); } parent::onShowEnd(); diff --git a/interface/web/sites/ftp_user_edit.php b/interface/web/sites/ftp_user_edit.php index 9de400ce03..a98e447796 100644 --- a/interface/web/sites/ftp_user_edit.php +++ b/interface/web/sites/ftp_user_edit.php @@ -79,13 +79,13 @@ class page_action extends tform_actions { if ($this->dataRecord['username'] != ""){ /* REMOVE the restriction */ - $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $ftpuser_prefix)); + $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $ftpuser_prefix), true); } if($this->dataRecord['username'] == "") { $app->tpl->setVar("username_prefix", $ftpuser_prefix); } else { - $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $ftpuser_prefix, $global_config['ftpuser_prefix'])); + $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $ftpuser_prefix, $global_config['ftpuser_prefix']), true); } parent::onShowEnd(); diff --git a/interface/web/sites/shell_user_edit.php b/interface/web/sites/shell_user_edit.php index 77c4509b44..2f0a029890 100644 --- a/interface/web/sites/shell_user_edit.php +++ b/interface/web/sites/shell_user_edit.php @@ -79,19 +79,19 @@ class page_action extends tform_actions { if ($this->dataRecord['username'] != ""){ /* REMOVE the restriction */ - $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $shelluser_prefix)); + $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $shelluser_prefix), true); } if($this->dataRecord['username'] == "") { $app->tpl->setVar("username_prefix", $shelluser_prefix); } else { - $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $shelluser_prefix, $global_config['shelluser_prefix'])); + $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $shelluser_prefix, $global_config['shelluser_prefix']), true); } if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"]); + $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/sites/web_childdomain_edit.php b/interface/web/sites/web_childdomain_edit.php index 6ef98f901f..622d0d0790 100644 --- a/interface/web/sites/web_childdomain_edit.php +++ b/interface/web/sites/web_childdomain_edit.php @@ -144,7 +144,7 @@ class page_action extends tform_actions { $this->dataRecord["domain"] = str_replace('.'.$parent_domain["domain"], '', $this->dataRecord["domain"]); } } - if($this->_childdomain_type == 'subdomain') $app->tpl->setVar("domain", $this->dataRecord["domain"]); + if($this->_childdomain_type == 'subdomain') $app->tpl->setVar("domain", $this->dataRecord["domain"], true); $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) { diff --git a/interface/web/sites/web_vhost_domain_edit.php b/interface/web/sites/web_vhost_domain_edit.php index 023f8db0c5..f04dc019e3 100644 --- a/interface/web/sites/web_vhost_domain_edit.php +++ b/interface/web/sites/web_vhost_domain_edit.php @@ -761,8 +761,8 @@ class page_action extends tform_actions { $app->tpl->setVar("edit_disabled", 1); $app->tpl->setVar('fixed_folder', 'y'); if($this->_vhostdomain_type == 'domain') { - $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); - $app->tpl->setVar("document_root", $this->dataRecord["document_root"]); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true); + $app->tpl->setVar("document_root", $this->dataRecord["document_root"], true); } else $app->tpl->setVar('server_id_value', $parent_domain['server_id']); } else { @@ -820,7 +820,7 @@ class page_action extends tform_actions { if($this->dataRecord["type"] == 'vhostsubdomain') $this->dataRecord["domain"] = str_replace('.'.$parent_domain["domain"], '', $this->dataRecord["domain"]); } - if($this->_vhostdomain_type != 'domain') $app->tpl->setVar("domain", $this->dataRecord["domain"]); + if($this->_vhostdomain_type != 'domain') $app->tpl->setVar("domain", $this->dataRecord["domain"], true); // check for configuration errors in sys_datalog if($this->id > 0) { diff --git a/interface/web/sites/webdav_user_edit.php b/interface/web/sites/webdav_user_edit.php index 73e47eb7a9..e94625fd9d 100644 --- a/interface/web/sites/webdav_user_edit.php +++ b/interface/web/sites/webdav_user_edit.php @@ -78,19 +78,19 @@ class page_action extends tform_actions { if ($this->dataRecord['username'] != "") { /* REMOVE the restriction */ - $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $webdavuser_prefix)); + $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $webdavuser_prefix), true); } if($this->dataRecord['username'] == "") { $app->tpl->setVar("username_prefix", $webdavuser_prefix); } else { - $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $webdavuser_prefix, $global_config['webdavuser_prefix'])); + $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $webdavuser_prefix, $global_config['webdavuser_prefix']), true); } if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"]); + $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/vm/openvz_vm_edit.php b/interface/web/vm/openvz_vm_edit.php index 2a5b12f3d7..8109859ece 100644 --- a/interface/web/vm/openvz_vm_edit.php +++ b/interface/web/vm/openvz_vm_edit.php @@ -198,8 +198,8 @@ class page_action extends tform_actions { if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); - $app->tpl->setVar("ostemplate_id_value", $this->dataRecord["ostemplate_id"]); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true); + $app->tpl->setVar("ostemplate_id_value", $this->dataRecord["ostemplate_id"], true); } else { $app->tpl->setVar("edit_disabled", 0); } -- GitLab From e42cd413b66c6f10fb1c8f55d7ea7ae17fbf71df Mon Sep 17 00:00:00 2001 From: Marius Burkard Date: Mon, 1 Jan 2018 12:21:37 +0100 Subject: [PATCH 07/25] - fixed two typos for previous commit --- interface/lib/classes/tpl.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interface/lib/classes/tpl.inc.php b/interface/lib/classes/tpl.inc.php index 37814cd0c6..efaf4c072a 100644 --- a/interface/lib/classes/tpl.inc.php +++ b/interface/lib/classes/tpl.inc.php @@ -245,7 +245,7 @@ if (!defined('vlibTemplateClassLoaded')) { } else { if (preg_match('/^[A-Za-z_]+[A-Za-z0-9_]*$/', $k) && $v !== null) { if ($this->OPTIONS['CASELESS']) $k = strtolower($k); - if($encode == true) $value = $app->functions->htmlentities($); + if($encode == true) $v = $app->functions->htmlentities($v); $this->_vars[trim($k)] = $v; } else { return false; -- GitLab From 5008d8cefe3ffc9000cc10472ca61bf29c2d42f7 Mon Sep 17 00:00:00 2001 From: Marius Burkard Date: Mon, 1 Jan 2018 16:30:59 +0100 Subject: [PATCH 08/25] - further XSS fixes for #4902 (reflected XSS) --- interface/lib/app.inc.php | 8 ++++---- interface/lib/classes/plugin_listview.inc.php | 8 ++++---- interface/web/client/client_message.php | 6 +++--- interface/web/dns/dns_wizard.php | 2 +- interface/web/index.php | 4 ++-- interface/web/login/index.php | 2 +- interface/web/login/password_reset.php | 2 +- interface/web/sites/web_childdomain_list.php | 2 +- interface/web/sites/web_vhost_domain_list.php | 2 +- interface/web/tools/dns_import_tupa.php | 8 ++++---- interface/web/tools/import_ispconfig.php | 6 +++--- interface/web/tools/import_vpopmail.php | 10 +++++----- 12 files changed, 30 insertions(+), 30 deletions(-) diff --git a/interface/lib/app.inc.php b/interface/lib/app.inc.php index edbba27c7c..f5c2c18862 100755 --- a/interface/lib/app.inc.php +++ b/interface/lib/app.inc.php @@ -298,14 +298,14 @@ class app { $this->tpl->setVar('phpsessid', session_id()); - $this->tpl->setVar('theme', $_SESSION['s']['theme']); + $this->tpl->setVar('theme', $_SESSION['s']['theme'], true); $this->tpl->setVar('html_content_encoding', $this->_conf['html_content_encoding']); $this->tpl->setVar('delete_confirmation', $this->lng('delete_confirmation')); //print_r($_SESSION); if(isset($_SESSION['s']['module']['name'])) { - $this->tpl->setVar('app_module', $_SESSION['s']['module']['name']); - $this->tpl->setVar('session_module', $_SESSION['s']['module']['name']); + $this->tpl->setVar('app_module', $_SESSION['s']['module']['name'], true); + $this->tpl->setVar('session_module', $_SESSION['s']['module']['name'], true); } if(isset($_SESSION['s']['user']) && $_SESSION['s']['user']['typ'] == 'admin') { $this->tpl->setVar('is_admin', 1); @@ -315,7 +315,7 @@ class app { } /* Show username */ if(isset($_SESSION['s']['user'])) { - $this->tpl->setVar('cpuser', $_SESSION['s']['user']['username']); + $this->tpl->setVar('cpuser', $_SESSION['s']['user']['username'], true); $this->tpl->setVar('logout_txt', $this->lng('logout_txt')); /* Show search field only for normal users, not mail users */ if(stristr($_SESSION['s']['user']['username'], '@')){ diff --git a/interface/lib/classes/plugin_listview.inc.php b/interface/lib/classes/plugin_listview.inc.php index bc764caefe..c9d8340e02 100644 --- a/interface/lib/classes/plugin_listview.inc.php +++ b/interface/lib/classes/plugin_listview.inc.php @@ -56,7 +56,7 @@ class plugin_listview extends plugin_base { // $app->listform->listDef["page_params"] = "&id=".$app->tform_actions->id."&next_tab=".$_SESSION["s"]["form"]["tab"]; $app->listform->listDef["page_params"] = "&id=".$this->form->id."&next_tab=".$_SESSION["s"]["form"]["tab"]; $listTpl->setVar('parent_id', $this->form->id); - $listTpl->setVar('theme', $_SESSION['s']['theme']); + $listTpl->setVar('theme', $_SESSION['s']['theme'], true); // Generate the SQL for searching $sql_where = ""; @@ -193,13 +193,13 @@ class plugin_listview extends plugin_base { $listTpl->setVar('phpsessid', session_id()); - $listTpl->setVar('theme', $_SESSION['s']['theme']); + $listTpl->setVar('theme', $_SESSION['s']['theme'], true); $listTpl->setVar('html_content_encoding', $app->_conf['html_content_encoding']); $listTpl->setVar('delete_confirmation', $app->lng('delete_confirmation')); //print_r($_SESSION); if(isset($_SESSION['s']['module']['name'])) { - $listTpl->setVar('app_module', $_SESSION['s']['module']['name']); + $listTpl->setVar('app_module', $_SESSION['s']['module']['name'], true); } if(isset($_SESSION['s']['user']) && $_SESSION['s']['user']['typ'] == 'admin') { $listTpl->setVar('is_admin', 1); @@ -209,7 +209,7 @@ class plugin_listview extends plugin_base { } /* Show username */ if(isset($_SESSION['s']['user'])) { - $listTpl->setVar('cpuser', $_SESSION['s']['user']['username']); + $listTpl->setVar('cpuser', $_SESSION['s']['user']['username'], true); $listTpl->setVar('logout_txt', $app->lng('logout_txt')); /* Show search field only for normal users, not mail users */ if(stristr($_SESSION['s']['user']['username'], '@')){ diff --git a/interface/web/client/client_message.php b/interface/web/client/client_message.php index eb8bcdbae2..b4638bd215 100644 --- a/interface/web/client/client_message.php +++ b/interface/web/client/client_message.php @@ -114,9 +114,9 @@ if(isset($_POST) && count($_POST) > 1) { } } else { - $app->tpl->setVar('sender', $_POST['sender']); - $app->tpl->setVar('subject', $_POST['subject']); - $app->tpl->setVar('message', $_POST['message']); + $app->tpl->setVar('sender', $_POST['sender'], true); + $app->tpl->setVar('subject', $_POST['subject'], true); + $app->tpl->setVar('message', $_POST['message'], true); } } else { // pre-fill Sender field with reseller's email address diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php index 0e955bee09..32112560a4 100644 --- a/interface/web/dns/dns_wizard.php +++ b/interface/web/dns/dns_wizard.php @@ -183,7 +183,7 @@ if(is_array($fields)) { } else { $app->tpl->setVar($field."_VISIBLE", 1); $field = strtolower($field); - $app->tpl->setVar($field, $_POST[$field]); + $app->tpl->setVar($field, $_POST[$field], true); } } } diff --git a/interface/web/index.php b/interface/web/index.php index 4a21032081..1bccb1ebe1 100644 --- a/interface/web/index.php +++ b/interface/web/index.php @@ -41,7 +41,7 @@ if(!isset($_SESSION['s']['module']['name'])) $_SESSION['s']['module']['name'] = $app->uses('tpl'); $app->tpl->newTemplate('main.tpl.htm'); -$app->tpl->setVar('startpage', isset($_SESSION['s']['module']['startpage']) ? $_SESSION['s']['module']['startpage'] : ''); +$app->tpl->setVar('startpage', isset($_SESSION['s']['module']['startpage']) ? $_SESSION['s']['module']['startpage'] : '', true); $app->tpl->setVar('logged_in', ($_SESSION['s']['user']['active'] != 1 ? 'n' : 'y')); // tab change warning? @@ -93,7 +93,7 @@ if(@is_dir($js_d)) { if (!empty($js_d_files)) $app->tpl->setLoop('js_d_includes', $js_d_files); unset($js_d_files); -$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default'); +$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default', true); // Logo $logo = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1"); diff --git a/interface/web/login/index.php b/interface/web/login/index.php index bccf4330af..441de353ca 100644 --- a/interface/web/login/index.php +++ b/interface/web/login/index.php @@ -340,7 +340,7 @@ $app->tpl->setVar('login_button_txt', $app->lng('login_button_txt')); $app->tpl->setVar('session_timeout', $server_config_array['session_timeout']); $app->tpl->setVar('session_allow_endless', $server_config_array['session_allow_endless']); //$app->tpl->setInclude('content_tpl', 'login/templates/index.htm'); -$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default'); +$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default', true); //die(isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default'); // Logo diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php index c0d454cd32..e6976bff73 100644 --- a/interface/web/login/password_reset.php +++ b/interface/web/login/password_reset.php @@ -156,7 +156,7 @@ if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != ' if(isset($_POST) && count($_POST) > 0) $app->tpl->setVar("msg", $wb['pw_error_noinput']); } -$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default'); +$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default', true); // Logo $logo = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1"); diff --git a/interface/web/sites/web_childdomain_list.php b/interface/web/sites/web_childdomain_list.php index a4e953c07e..f445c4b50b 100644 --- a/interface/web/sites/web_childdomain_list.php +++ b/interface/web/sites/web_childdomain_list.php @@ -56,7 +56,7 @@ $_SESSION['s']['var']['childdomain_type'] = $show_type; class list_action extends listform_actions { function onShow() { global $app; - $app->tpl->setVar('childdomain_type', $_SESSION['s']['var']['childdomain_type']); + $app->tpl->setVar('childdomain_type', $_SESSION['s']['var']['childdomain_type'], true); parent::onShow(); } diff --git a/interface/web/sites/web_vhost_domain_list.php b/interface/web/sites/web_vhost_domain_list.php index 378eeaaf6a..b74fd644f7 100644 --- a/interface/web/sites/web_vhost_domain_list.php +++ b/interface/web/sites/web_vhost_domain_list.php @@ -68,7 +68,7 @@ $_SESSION['s']['var']['vhostdomain_type'] = $show_type; class list_action extends listform_actions { function onShow() { global $app; - $app->tpl->setVar('vhostdomain_type', $_SESSION['s']['var']['vhostdomain_type']); + $app->tpl->setVar('vhostdomain_type', $_SESSION['s']['var']['vhostdomain_type'], true); parent::onShow(); } diff --git a/interface/web/tools/dns_import_tupa.php b/interface/web/tools/dns_import_tupa.php index 849a097680..12bd035296 100644 --- a/interface/web/tools/dns_import_tupa.php +++ b/interface/web/tools/dns_import_tupa.php @@ -50,10 +50,10 @@ if(isset($_POST['start']) && $_POST['start'] == 1) { $app->auth->csrf_token_check(); //* Set variable sin template - $app->tpl->setVar('dbhost', $_POST['dbhost']); - $app->tpl->setVar('dbname', $_POST['dbname']); - $app->tpl->setVar('dbuser', $_POST['dbuser']); - $app->tpl->setVar('dbpassword', $_POST['dbpassword']); + $app->tpl->setVar('dbhost', $_POST['dbhost'], true); + $app->tpl->setVar('dbname', $_POST['dbname'], true); + $app->tpl->setVar('dbuser', $_POST['dbuser'], true); + $app->tpl->setVar('dbpassword', $_POST['dbpassword'], true); //* Establish connection to external database $msg .= 'Connecting to external database...
    '; diff --git a/interface/web/tools/import_ispconfig.php b/interface/web/tools/import_ispconfig.php index c43b15b7eb..0e7763dd98 100644 --- a/interface/web/tools/import_ispconfig.php +++ b/interface/web/tools/import_ispconfig.php @@ -142,9 +142,9 @@ if(isset($_POST['connected'])) { } -$app->tpl->setVar('remote_server', $_POST['remote_server']); -$app->tpl->setVar('remote_user', $_POST['remote_user']); -$app->tpl->setVar('remote_password', $_POST['remote_password']); +$app->tpl->setVar('remote_server', $_POST['remote_server'], true); +$app->tpl->setVar('remote_user', $_POST['remote_user'], true); +$app->tpl->setVar('remote_password', $_POST['remote_password'], true); $app->tpl->setVar('connected', $connected); $app->tpl->setVar('remote_session_id', $remote_session_id); $app->tpl->setVar('msg', $msg); diff --git a/interface/web/tools/import_vpopmail.php b/interface/web/tools/import_vpopmail.php index 9e560cdf30..3ef87710e5 100644 --- a/interface/web/tools/import_vpopmail.php +++ b/interface/web/tools/import_vpopmail.php @@ -84,11 +84,11 @@ if(isset($_POST['db_hostname']) && $_POST['db_hostname'] != '') { $_POST['local_server_id'] = 1; } -$app->tpl->setVar('db_hostname', $_POST['db_hostname']); -$app->tpl->setVar('db_user', $_POST['db_user']); -$app->tpl->setVar('db_password', $_POST['db_password']); -$app->tpl->setVar('db_name', $_POST['db_name']); -$app->tpl->setVar('local_server_id', $_POST['local_server_id']); +$app->tpl->setVar('db_hostname', $_POST['db_hostname'], true); +$app->tpl->setVar('db_user', $_POST['db_user'], true); +$app->tpl->setVar('db_password', $_POST['db_password'], true); +$app->tpl->setVar('db_name', $_POST['db_name'], true); +$app->tpl->setVar('local_server_id', $_POST['local_server_id'], true); $app->tpl->setVar('msg', $msg); $app->tpl->setVar('error', $error); -- GitLab From e637b7591ef810137014e7bdc89f10c661fa475d Mon Sep 17 00:00:00 2001 From: Fabian Patrik Date: Mon, 1 Jan 2018 17:54:50 +0100 Subject: [PATCH 09/25] Fix stored xss when user import from zone file or dns template editor --- interface/web/dns/dns_srv_edit.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/interface/web/dns/dns_srv_edit.php b/interface/web/dns/dns_srv_edit.php index e2b290ab9f..16c1086db3 100644 --- a/interface/web/dns/dns_srv_edit.php +++ b/interface/web/dns/dns_srv_edit.php @@ -51,9 +51,9 @@ class page_action extends dns_page_action { // Split the 3 parts of the SRV Record apart $split = explode(' ', $this->dataRecord['data']); - $app->tpl->setVar('weight', $split[0]); - $app->tpl->setVar('port', $split[1]); - $app->tpl->setVar('target', $split[2]); + $app->tpl->setVar('weight', $split[0], true); + $app->tpl->setVar('port', $split[1], true); + $app->tpl->setVar('target', $split[2], true); parent::onShowEnd(); } -- GitLab From 68b8730c64b3a80f811fe37c8dff4bb30607ee4f Mon Sep 17 00:00:00 2001 From: Marius Burkard Date: Mon, 1 Jan 2018 18:03:25 +0100 Subject: [PATCH 10/25] - fixed reflection XSS in dns spf form --- interface/web/dns/dns_spf_edit.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/interface/web/dns/dns_spf_edit.php b/interface/web/dns/dns_spf_edit.php index ca109272d8..6fb11a3021 100644 --- a/interface/web/dns/dns_spf_edit.php +++ b/interface/web/dns/dns_spf_edit.php @@ -108,9 +108,9 @@ class page_action extends tform_actions { } //set html-values - $app->tpl->setVar("spf_ip", $spf_ip); - $app->tpl->setVar("spf_hostname", $spf_hostname); - $app->tpl->setVar("spf_domain", $spf_domain); + $app->tpl->setVar("spf_ip", $spf_ip, true); + $app->tpl->setVar("spf_hostname", $spf_hostname, true); + $app->tpl->setVar("spf_domain", $spf_domain, true); //create spf-mechanism-list $spf_mechanism_value = array( '+' => 'spf_mechanism_pass_txt', -- GitLab From a324af77eac68259b7ab05db61546b4a2db2730e Mon Sep 17 00:00:00 2001 From: Marius Burkard Date: Mon, 1 Jan 2018 18:47:47 +0100 Subject: [PATCH 11/25] - fixed further (potential) XSS issues in forms --- interface/web/admin/firewall_edit.php | 2 +- interface/web/admin/server_edit.php | 2 +- interface/web/admin/server_ip_map_edit.php | 4 +- .../web/client/message_template_edit.php | 2 +- interface/web/dns/dns_dkim_edit.php | 6 +- interface/web/dns/dns_dmarc_edit.php | 12 ++-- interface/web/dns/dns_slave_edit.php | 2 +- interface/web/dns/dns_soa_edit.php | 6 +- interface/web/dns/dns_spf_edit.php | 2 +- interface/web/mail/mail_alias_edit.php | 2 +- interface/web/mail/mail_aliasdomain_edit.php | 4 +- .../web/mail/mail_domain_catchall_edit.php | 2 +- interface/web/mail/mail_domain_edit.php | 16 ++--- interface/web/mail/mail_forward_edit.php | 2 +- interface/web/mail/mail_mailinglist_edit.php | 2 +- interface/web/mail/mail_spamfilter_edit.php | 2 +- interface/web/mail/mail_transport_edit.php | 3 +- interface/web/mail/mail_user_edit.php | 4 +- interface/web/mail/xmpp_domain_edit.php | 4 +- interface/web/mail/xmpp_user_edit.php | 2 +- interface/web/mailuser/mail_user_cc_edit.php | 2 +- .../web/mailuser/mail_user_password_edit.php | 2 +- .../mailuser/mail_user_spamfilter_edit.php | 4 +- interface/web/sites/database_edit.php | 6 +- interface/web/sites/database_user_edit.php | 2 +- interface/web/sites/ftp_user_edit.php | 2 +- interface/web/sites/shell_user_edit.php | 2 +- interface/web/sites/web_childdomain_edit.php | 8 +-- interface/web/sites/web_vhost_domain_edit.php | 66 +++++++++---------- interface/web/sites/webdav_user_edit.php | 2 +- interface/web/vm/openvz_vm_edit.php | 14 ++-- 31 files changed, 96 insertions(+), 95 deletions(-) diff --git a/interface/web/admin/firewall_edit.php b/interface/web/admin/firewall_edit.php index 4ee72aa954..01cad2b815 100644 --- a/interface/web/admin/firewall_edit.php +++ b/interface/web/admin/firewall_edit.php @@ -57,7 +57,7 @@ class page_action extends tform_actions { if($this->id ==0) { //* new record $server_list = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE server_id NOT IN (SELECT server_id FROM firewall) ORDER BY server_name"); if(is_array($server_list)) { - foreach( $server_list as $server) $server_select .= "\r\n"; + foreach( $server_list as $server) $server_select .= "\r\n"; } $app->tpl->setVar('server_id', $server_select); } diff --git a/interface/web/admin/server_edit.php b/interface/web/admin/server_edit.php index 5b446c0494..b146d8f295 100644 --- a/interface/web/admin/server_edit.php +++ b/interface/web/admin/server_edit.php @@ -61,7 +61,7 @@ class page_action extends tform_actions { if(is_array($mirror_servers)) { foreach( $mirror_servers as $mirror_server) { $selected = ($mirror_server["server_id"] == $this->dataRecord['mirror_server_id'])?'SELECTED':''; - $mirror_server_select .= "\r\n"; + $mirror_server_select .= "\r\n"; } } $app->tpl->setVar("mirror_server_id", $mirror_server_select); diff --git a/interface/web/admin/server_ip_map_edit.php b/interface/web/admin/server_ip_map_edit.php index 4442287132..b518867309 100644 --- a/interface/web/admin/server_ip_map_edit.php +++ b/interface/web/admin/server_ip_map_edit.php @@ -52,7 +52,7 @@ class page_action extends tform_actions { if(is_array($servers)) { foreach($servers as $server) { $selected = ($server['server_id'] == $this->dataRecord['server_id'])?'SELECTED':''; - $server_select .= "\r\n"; + $server_select .= "\r\n"; } } unset($servers); @@ -65,7 +65,7 @@ class page_action extends tform_actions { if(is_array($ips)) { foreach( $ips as $ip) { $selected = ($ip['ip_address'] == $this->dataRecord['source_ip'])?'SELECTED':''; - $ip_select .= "\r\n"; + $ip_select .= "\r\n"; } } unset($ips); diff --git a/interface/web/client/message_template_edit.php b/interface/web/client/message_template_edit.php index 7d285ac7ef..1c11ff8957 100644 --- a/interface/web/client/message_template_edit.php +++ b/interface/web/client/message_template_edit.php @@ -80,7 +80,7 @@ class page_action extends tform_actions { if($field_name['Field'] == 'gender'){ $message_variables .= '{salutation} '; } else { - $message_variables .= '{'.$field_name['Field'].'} '; + $message_variables .= '{'.$app->functions->htmlentities($field_name['Field']).'} '; } } } diff --git a/interface/web/dns/dns_dkim_edit.php b/interface/web/dns/dns_dkim_edit.php index 7f7e6856db..35bac0d0c6 100644 --- a/interface/web/dns/dns_dkim_edit.php +++ b/interface/web/dns/dns_dkim_edit.php @@ -76,8 +76,8 @@ class page_action extends tform_actions { if(isset($sql['domain']) && $sql['domain'] != '') { if($sql['dkim'] == 'y') { $public_key=str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$sql['dkim_public']); - $app->tpl->setVar('public_key', $public_key); - $app->tpl->setVar('selector', $sql['dkim_selector']); + $app->tpl->setVar('public_key', $public_key, true); + $app->tpl->setVar('selector', $sql['dkim_selector'], true); } else { //TODO: show warning - use mail_domain for dkim and enabled dkim } @@ -85,7 +85,7 @@ class page_action extends tform_actions { } else { $app->tpl->setVar('edit_disabled', 0); } - $app->tpl->setVar('name', $soa['origin']); + $app->tpl->setVar('name', $soa['origin'], true); } diff --git a/interface/web/dns/dns_dmarc_edit.php b/interface/web/dns/dns_dmarc_edit.php index c806c7c20e..7f915074d7 100644 --- a/interface/web/dns/dns_dmarc_edit.php +++ b/interface/web/dns/dns_dmarc_edit.php @@ -93,7 +93,7 @@ class page_action extends tform_actions { if ( isset($rec) && !empty($rec) ) { $this->id = 1; $old_data = strtolower($rec['data']); - $app->tpl->setVar("data", $old_data); + $app->tpl->setVar("data", $old_data, true); if ($rec['active'] == 'Y') $app->tpl->setVar("active", "CHECKED"); else $app->tpl->setVar("active", "UNCHECKED"); $dmarc_rua = ''; $dmarc_ruf = ''; @@ -123,7 +123,7 @@ class page_action extends tform_actions { } //set html-values - $app->tpl->setVar('domain', $domain_name); + $app->tpl->setVar('domain', $domain_name, true); //create dmarc-policy-list $dmarc_policy_value = array( @@ -138,9 +138,9 @@ class page_action extends tform_actions { } $app->tpl->setVar('dmarc_policy', $dmarc_policy_list); - if (!empty($dmarc_rua)) $app->tpl->setVar("dmarc_rua", $dmarc_rua); + if (!empty($dmarc_rua)) $app->tpl->setVar("dmarc_rua", $dmarc_rua, true); - if (!empty($dmarc_ruf)) $app->tpl->setVar("dmarc_ruf", $dmarc_ruf); + if (!empty($dmarc_ruf)) $app->tpl->setVar("dmarc_ruf", $dmarc_ruf, true); //set dmarc-fo-options if (isset($dmarc_fo)) { @@ -178,9 +178,9 @@ class page_action extends tform_actions { if ( strpos($dmarc_rf, 'afrf') !== false ) $app->tpl->setVar("dmarc_rf_afrf", 'CHECKED'); if ( strpos($dmarc_rf, 'iodef') !== false ) $app->tpl->setVar("dmarc_rf_iodef", 'CHECKED'); - $app->tpl->setVar("dmarc_pct", $dmarc_pct); + $app->tpl->setVar("dmarc_pct", $dmarc_pct, true); - $app->tpl->setVar("dmarc_ri", $dmarc_ri); + $app->tpl->setVar("dmarc_ri", $dmarc_ri, true); //create dmarc-sp-list $dmarc_sp_value = array( diff --git a/interface/web/dns/dns_slave_edit.php b/interface/web/dns/dns_slave_edit.php index 289ef2ab38..117b101b87 100644 --- a/interface/web/dns/dns_slave_edit.php +++ b/interface/web/dns/dns_slave_edit.php @@ -132,7 +132,7 @@ class page_action extends tform_actions { if ($domain['domain'].'.' == $this->dataRecord["origin"]) { $domain_select .= " selected"; } - $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . ".\r\n"; + $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . ".\r\n"; } } else { diff --git a/interface/web/dns/dns_soa_edit.php b/interface/web/dns/dns_soa_edit.php index 8764301c1d..9b36daee15 100644 --- a/interface/web/dns/dns_soa_edit.php +++ b/interface/web/dns/dns_soa_edit.php @@ -179,7 +179,7 @@ class page_action extends tform_actions { $options_dns_servers = ""; foreach ($dns_servers as $dns_server) { - $options_dns_servers .= ''; + $options_dns_servers .= ''; } $app->tpl->setVar("client_server_id", $options_dns_servers); @@ -200,7 +200,7 @@ class page_action extends tform_actions { if ($domain['domain'].'.' == $this->dataRecord["origin"]) { $domain_select .= " selected"; } - $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . ".\r\n"; + $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . ".\r\n"; } } else { @@ -222,7 +222,7 @@ class page_action extends tform_actions { $datalog = $app->db->queryOneRecord("SELECT sys_datalog.error, sys_log.tstamp FROM sys_datalog, sys_log WHERE sys_datalog.dbtable = 'dns_soa' AND sys_datalog.dbidx = ? AND sys_datalog.datalog_id = sys_log.datalog_id AND sys_log.message = CONCAT('Processed datalog_id ',sys_log.datalog_id) ORDER BY sys_datalog.tstamp DESC", 'id:' . $this->id); if(is_array($datalog) && !empty($datalog)){ if(trim($datalog['error']) != ''){ - $app->tpl->setVar("config_error_msg", nl2br(htmlentities($datalog['error']))); + $app->tpl->setVar("config_error_msg", nl2br($app->functions->htmlentities($datalog['error']))); $app->tpl->setVar("config_error_tstamp", date($app->lng('conf_format_datetime'), $datalog['tstamp'])); } } diff --git a/interface/web/dns/dns_spf_edit.php b/interface/web/dns/dns_spf_edit.php index 6fb11a3021..94096662a1 100644 --- a/interface/web/dns/dns_spf_edit.php +++ b/interface/web/dns/dns_spf_edit.php @@ -83,7 +83,7 @@ class page_action extends tform_actions { $this->id = 1; $old_data = strtolower($rec['data']); - $app->tpl->setVar("data", $old_data); + $app->tpl->setVar("data", $old_data, true); if ($rec['active'] == 'Y') $app->tpl->setVar("active", "CHECKED"); else $app->tpl->setVar("active", "UNCHECKED"); $spf_hostname = ''; diff --git a/interface/web/mail/mail_alias_edit.php b/interface/web/mail/mail_alias_edit.php index 4292f8f4c2..eb7ff4b4d6 100644 --- a/interface/web/mail/mail_alias_edit.php +++ b/interface/web/mail/mail_alias_edit.php @@ -83,7 +83,7 @@ class page_action extends tform_actions { foreach( $domains as $domain) { $domain['domain'] = $app->functions->idn_decode($domain['domain']); $selected = ($domain["domain"] == @$email_parts[1])?'SELECTED':''; - $domain_select .= "\r\n"; + $domain_select .= "\r\n"; } } $app->tpl->setVar("email_domain", $domain_select); diff --git a/interface/web/mail/mail_aliasdomain_edit.php b/interface/web/mail/mail_aliasdomain_edit.php index 918a5f3a05..ef3b16275c 100644 --- a/interface/web/mail/mail_aliasdomain_edit.php +++ b/interface/web/mail/mail_aliasdomain_edit.php @@ -82,9 +82,9 @@ class page_action extends tform_actions { foreach( $domains as $domain) { $domain['domain'] = $app->functions->idn_decode($domain['domain']); $selected = ($domain["domain"] == @$source_domain)?'SELECTED':''; - $source_select .= "\r\n"; + $source_select .= "\r\n"; $selected = ($domain["domain"] == @$destination_domain)?'SELECTED':''; - $destination_select .= "\r\n"; + $destination_select .= "\r\n"; } } $app->tpl->setVar("source_domain", $source_select); diff --git a/interface/web/mail/mail_domain_catchall_edit.php b/interface/web/mail/mail_domain_catchall_edit.php index 60da619e14..4ef18d45e7 100644 --- a/interface/web/mail/mail_domain_catchall_edit.php +++ b/interface/web/mail/mail_domain_catchall_edit.php @@ -82,7 +82,7 @@ class page_action extends tform_actions { foreach( $domains as $domain) { $domain['domain'] = $app->functions->idn_decode($domain['domain']); $selected = (isset($email_parts[1]) && $domain["domain"] == $email_parts[1])?'SELECTED':''; - $domain_select .= "\r\n"; + $domain_select .= "\r\n"; } } $app->tpl->setVar("email_domain", $domain_select); diff --git a/interface/web/mail/mail_domain_edit.php b/interface/web/mail/mail_domain_edit.php index e648b94c3b..d7d6ea4c68 100644 --- a/interface/web/mail/mail_domain_edit.php +++ b/interface/web/mail/mail_domain_edit.php @@ -101,7 +101,7 @@ class page_action extends tform_actions { // Set the mailserver to the default server of the client $tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $client['default_mailserver']); - $app->tpl->setVar("server_id", ""); + $app->tpl->setVar("server_id", ""); unset($tmp); if ($settings['use_domain_module'] != 'y') { @@ -142,7 +142,7 @@ class page_action extends tform_actions { $options_mail_servers = ""; foreach ($mail_servers as $mail_server) { - $options_mail_servers .= ''; + $options_mail_servers .= ''; } $app->tpl->setVar("client_server_id", $options_mail_servers); @@ -167,7 +167,7 @@ class page_action extends tform_actions { if ($domain['domain'] == $this->dataRecord["domain"]) { $domain_select .= " selected"; } - $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . "\r\n"; + $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . "\r\n"; } } else { @@ -193,7 +193,7 @@ class page_action extends tform_actions { if(is_array($policys)) { foreach( $policys as $p) { $selected = ($p["id"] == $tmp_user["policy_id"])?'SELECTED':''; - $policy_select .= "\r\n"; + $policy_select .= "\r\n"; } } $app->tpl->setVar("policy", $policy_select); @@ -214,10 +214,10 @@ class page_action extends tform_actions { $rec = $app->db->queryOneRecord($sql, $app->functions->intval($_GET['id'])); $dns_key = str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$rec['dkim_public']); $dns_record = $rec['dkim_selector'] . '._domainkey.' . $rec['domain'] . '. 3600 TXT v=DKIM1; t=s; p=' . $dns_key; - $app->tpl->setVar('dkim_selector', $rec['dkim_selector']); - $app->tpl->setVar('dkim_private', $rec['dkim_private']); - $app->tpl->setVar('dkim_public', $rec['dkim_public']); - if (!empty($rec['dkim_public'])) $app->tpl->setVar('dns_record', $dns_record); + $app->tpl->setVar('dkim_selector', $rec['dkim_selector'], true); + $app->tpl->setVar('dkim_private', $rec['dkim_private'], true); + $app->tpl->setVar('dkim_public', $rec['dkim_public'], true); + if (!empty($rec['dkim_public'])) $app->tpl->setVar('dns_record', $dns_record, true); parent::onShowEnd(); } diff --git a/interface/web/mail/mail_forward_edit.php b/interface/web/mail/mail_forward_edit.php index 17ce213cb2..ee8c5f2997 100644 --- a/interface/web/mail/mail_forward_edit.php +++ b/interface/web/mail/mail_forward_edit.php @@ -82,7 +82,7 @@ class page_action extends tform_actions { foreach( $domains as $domain) { $domain['domain'] = $app->functions->idn_decode($domain['domain']); $selected = (isset($email_parts[1]) && $domain["domain"] == $email_parts[1])?'SELECTED':''; - $domain_select .= "\r\n"; + $domain_select .= "\r\n"; } $app->tpl->setVar("email_domain", $domain_select); diff --git a/interface/web/mail/mail_mailinglist_edit.php b/interface/web/mail/mail_mailinglist_edit.php index a0c9e02173..57d9c77f2e 100644 --- a/interface/web/mail/mail_mailinglist_edit.php +++ b/interface/web/mail/mail_mailinglist_edit.php @@ -116,7 +116,7 @@ class page_action extends tform_actions { if(is_array($domains)) { foreach( $domains as $domain) { $selected = ($domain["domain"] == $this->dataRecord["domain"])?'SELECTED':''; - $domain_select .= "\r\n"; + $domain_select .= "\r\n"; } } $app->tpl->setVar("domain_option", $domain_select); diff --git a/interface/web/mail/mail_spamfilter_edit.php b/interface/web/mail/mail_spamfilter_edit.php index 6282a38b0f..c47ec8b41a 100644 --- a/interface/web/mail/mail_spamfilter_edit.php +++ b/interface/web/mail/mail_spamfilter_edit.php @@ -67,7 +67,7 @@ class page_action extends tform_actions { $domain_select = ''; foreach( $domains as $domain) { $selected = ($domain["domain"] == $email_parts[1])?'SELECTED':''; - $domain_select .= "\r\n"; + $domain_select .= "\r\n"; } $app->tpl->setVar("email_domain", $domain_select); diff --git a/interface/web/mail/mail_transport_edit.php b/interface/web/mail/mail_transport_edit.php index 9707d2fce0..65667726ad 100644 --- a/interface/web/mail/mail_transport_edit.php +++ b/interface/web/mail/mail_transport_edit.php @@ -70,6 +70,7 @@ class page_action extends tform_actions { function onShowEnd() { global $app, $conf; + $rec = array(); $types = array('smtp' => 'smtp', 'uucp' => 'uucp', 'slow' => 'slow', 'error' => 'error', 'custom' => 'custom', '' => 'null'); $tmp_parts = explode(":", $this->dataRecord["transport"]); if(!empty($this->id) && !stristr($this->dataRecord["transport"], ':')) { @@ -106,7 +107,7 @@ class page_action extends tform_actions { } } $rec["type"] = $type_select; - $app->tpl->setVar($rec); + $app->tpl->setVar($rec, null, true); unset($type); unset($types); diff --git a/interface/web/mail/mail_user_edit.php b/interface/web/mail/mail_user_edit.php index b6e84bf33f..dd2c46799d 100644 --- a/interface/web/mail/mail_user_edit.php +++ b/interface/web/mail/mail_user_edit.php @@ -84,7 +84,7 @@ class page_action extends tform_actions { foreach( $domains as $domain) { $domain['domain'] = $app->functions->idn_decode($domain['domain']); $selected = ($domain["domain"] == @$email_parts[1])?'SELECTED':''; - $domain_select .= "\r\n"; + $domain_select .= "\r\n"; } } $app->tpl->setVar("email_domain", $domain_select); @@ -100,7 +100,7 @@ class page_action extends tform_actions { if(is_array($policys)) { foreach( $policys as $p) { $selected = ($p["id"] == $tmp_user["policy_id"])?'SELECTED':''; - $policy_select .= "\r\n"; + $policy_select .= "\r\n"; } } $app->tpl->setVar("policy", $policy_select); diff --git a/interface/web/mail/xmpp_domain_edit.php b/interface/web/mail/xmpp_domain_edit.php index 499882454c..a89d27c452 100644 --- a/interface/web/mail/xmpp_domain_edit.php +++ b/interface/web/mail/xmpp_domain_edit.php @@ -165,7 +165,7 @@ class page_action extends tform_actions { $options_xmpp_servers = ""; foreach ($xmpp_servers as $xmpp_server) { - $options_xmpp_servers .= ""; + $options_xmpp_servers .= ""; } $app->tpl->setVar("client_server_id", $options_xmpp_servers); @@ -190,7 +190,7 @@ class page_action extends tform_actions { if ($domain['domain'] == $this->dataRecord["domain"]) { $domain_select .= " selected"; } - $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . "\r\n"; + $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . "\r\n"; } } else { diff --git a/interface/web/mail/xmpp_user_edit.php b/interface/web/mail/xmpp_user_edit.php index 16d440a9f1..188de01ae2 100644 --- a/interface/web/mail/xmpp_user_edit.php +++ b/interface/web/mail/xmpp_user_edit.php @@ -83,7 +83,7 @@ class page_action extends tform_actions { foreach( $domains as $domain) { $domain['domain'] = $app->functions->idn_decode($domain['domain']); $selected = ($domain["domain"] == @$jid_parts[1])?'SELECTED':''; - $domain_select .= "\r\n"; + $domain_select .= "\r\n"; } } $app->tpl->setVar("jid_domain", $domain_select); diff --git a/interface/web/mailuser/mail_user_cc_edit.php b/interface/web/mailuser/mail_user_cc_edit.php index 39e5bdf6f9..778be781ec 100644 --- a/interface/web/mailuser/mail_user_cc_edit.php +++ b/interface/web/mailuser/mail_user_cc_edit.php @@ -75,7 +75,7 @@ class page_action extends tform_actions { global $app, $conf; $rec = $app->tform->getDataRecord($this->id); - $app->tpl->setVar("email", $rec['email']); + $app->tpl->setVar("email", $rec['email'], true); parent::onShowEnd(); } diff --git a/interface/web/mailuser/mail_user_password_edit.php b/interface/web/mailuser/mail_user_password_edit.php index 07a19259ea..5c5706177a 100644 --- a/interface/web/mailuser/mail_user_password_edit.php +++ b/interface/web/mailuser/mail_user_password_edit.php @@ -63,7 +63,7 @@ class page_action extends tform_actions { global $app, $conf; $rec = $app->tform->getDataRecord($_SESSION['s']['user']['mailuser_id']); - $app->tpl->setVar("email", $rec['email']); + $app->tpl->setVar("email", $rec['email'], true); parent::onShowEnd(); } diff --git a/interface/web/mailuser/mail_user_spamfilter_edit.php b/interface/web/mailuser/mail_user_spamfilter_edit.php index 9d37356721..abbea21937 100644 --- a/interface/web/mailuser/mail_user_spamfilter_edit.php +++ b/interface/web/mailuser/mail_user_spamfilter_edit.php @@ -112,7 +112,7 @@ class page_action extends tform_actions { global $app, $conf; $rec = $app->tform->getDataRecord($this->id); - $app->tpl->setVar("email", $rec['email']); + $app->tpl->setVar("email", $rec['email'], true); // Get the spamfilter policys for the user $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = ?", $rec['email']); @@ -122,7 +122,7 @@ class page_action extends tform_actions { if(is_array($policys)) { foreach( $policys as $p) { $selected = ($p["id"] == $tmp_user["policy_id"])?'SELECTED':''; - $policy_select .= "\r\n"; + $policy_select .= "\r\n"; } } $app->tpl->setVar("policy", $policy_select); diff --git a/interface/web/sites/database_edit.php b/interface/web/sites/database_edit.php index 7af4b4351f..71e5acaf27 100644 --- a/interface/web/sites/database_edit.php +++ b/interface/web/sites/database_edit.php @@ -89,7 +89,7 @@ class page_action extends tform_actions { } foreach ($tmp as $db_server) { - $options_db_servers .= ''; + $options_db_servers .= ''; } $app->tpl->setVar("server_id", $options_db_servers); @@ -112,7 +112,7 @@ class page_action extends tform_actions { } foreach ($tmp as $db_server) { - $options_db_servers .= ''; + $options_db_servers .= ''; } $app->tpl->setVar("server_id", $options_db_servers); @@ -147,7 +147,7 @@ class page_action extends tform_actions { } if($this->dataRecord['database_name'] == "") { - $app->tpl->setVar("database_name_prefix", $dbname_prefix); + $app->tpl->setVar("database_name_prefix", $dbname_prefix, true); } else { $app->tpl->setVar("database_name_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_name_prefix'], $dbname_prefix, $global_config['dbname_prefix']), true); } diff --git a/interface/web/sites/database_user_edit.php b/interface/web/sites/database_user_edit.php index 6f6e887cca..07fa1315f0 100644 --- a/interface/web/sites/database_user_edit.php +++ b/interface/web/sites/database_user_edit.php @@ -122,7 +122,7 @@ class page_action extends tform_actions { } if($this->dataRecord['database_user'] == "") { - $app->tpl->setVar("database_user_prefix", $dbuser_prefix); + $app->tpl->setVar("database_user_prefix", $dbuser_prefix, true); } else { $app->tpl->setVar("database_user_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_user_prefix'], $dbuser_prefix, $global_config['dbuser_prefix']), true); } diff --git a/interface/web/sites/ftp_user_edit.php b/interface/web/sites/ftp_user_edit.php index a98e447796..7fab1e2273 100644 --- a/interface/web/sites/ftp_user_edit.php +++ b/interface/web/sites/ftp_user_edit.php @@ -83,7 +83,7 @@ class page_action extends tform_actions { } if($this->dataRecord['username'] == "") { - $app->tpl->setVar("username_prefix", $ftpuser_prefix); + $app->tpl->setVar("username_prefix", $ftpuser_prefix, true); } else { $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $ftpuser_prefix, $global_config['ftpuser_prefix']), true); } diff --git a/interface/web/sites/shell_user_edit.php b/interface/web/sites/shell_user_edit.php index 2f0a029890..7f74d893fc 100644 --- a/interface/web/sites/shell_user_edit.php +++ b/interface/web/sites/shell_user_edit.php @@ -83,7 +83,7 @@ class page_action extends tform_actions { } if($this->dataRecord['username'] == "") { - $app->tpl->setVar("username_prefix", $shelluser_prefix); + $app->tpl->setVar("username_prefix", $shelluser_prefix, true); } else { $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $shelluser_prefix, $global_config['shelluser_prefix']), true); } diff --git a/interface/web/sites/web_childdomain_edit.php b/interface/web/sites/web_childdomain_edit.php index 622d0d0790..2da58a4661 100644 --- a/interface/web/sites/web_childdomain_edit.php +++ b/interface/web/sites/web_childdomain_edit.php @@ -87,7 +87,7 @@ class page_action extends tform_actions { } } - $app->tpl->setVar('childdomain_type', $this->_childdomain_type); + $app->tpl->setVar('childdomain_type', $this->_childdomain_type, true); parent::onShowNew(); } @@ -118,7 +118,7 @@ class page_action extends tform_actions { } elseif($this->_childdomain_type == 'aliasdomain' && $domain['domain'] == $this->dataRecord["domain"]) { $domain_select .= " selected"; } - $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . "\r\n"; + $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . "\r\n"; } } else { @@ -159,7 +159,7 @@ class page_action extends tform_actions { $proxy_directive_snippets_txt = ''; if(is_array($proxy_directive_snippets) && !empty($proxy_directive_snippets)){ foreach($proxy_directive_snippets as $proxy_directive_snippet){ - $proxy_directive_snippets_txt .= '['.$proxy_directive_snippet['name'].'] '; + $proxy_directive_snippets_txt .= '['.$app->functions->htmlentities($proxy_directive_snippet['name']).'] '; } } if($proxy_directive_snippets_txt == '') $proxy_directive_snippets_txt = '------'; @@ -167,7 +167,7 @@ class page_action extends tform_actions { $app->tpl->setVar('limit_ssl_letsencrypt', 'y'); } - $app->tpl->setVar('childdomain_type', $this->_childdomain_type); + $app->tpl->setVar('childdomain_type', $this->_childdomain_type, true); parent::onShowEnd(); diff --git a/interface/web/sites/web_vhost_domain_edit.php b/interface/web/sites/web_vhost_domain_edit.php index f04dc019e3..52771819c3 100644 --- a/interface/web/sites/web_vhost_domain_edit.php +++ b/interface/web/sites/web_vhost_domain_edit.php @@ -115,7 +115,7 @@ class page_action extends tform_actions { $client = $app->db->queryOneRecord("SELECT client.web_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); $web_servers = explode(',', $client['web_servers']); $server_id = $web_servers[0]; - $app->tpl->setVar("server_id_value", $server_id); + $app->tpl->setVar("server_id_value", $server_id, true); unset($web_servers); } else { $settings = $app->getconf->get_global_config('sites'); @@ -130,7 +130,7 @@ class page_action extends tform_actions { $app->tform->formDef['tabs']['domain']['fields']['php']['default'] = $web_config['php_handler']; $app->tform->formDef['tabs']['domain']['readonly'] = false; - $app->tpl->setVar('vhostdomain_type', $this->_vhostdomain_type); + $app->tpl->setVar('vhostdomain_type', $this->_vhostdomain_type, true); parent::onShowNew(); } @@ -179,7 +179,7 @@ class page_action extends tform_actions { $options_web_servers = ""; foreach ($web_servers as $web_server) { - $options_web_servers .= ''; + $options_web_servers .= ''; } $app->tpl->setVar("server_id", $options_web_servers); @@ -214,7 +214,7 @@ class page_action extends tform_actions { if(is_array($ips)) { foreach( $ips as $ip) { $selected = ($ip["ip_address"] == $this->dataRecord["ip_address"])?'SELECTED':''; - $ip_select .= "\r\n"; + $ip_select .= "\r\n"; } } $app->tpl->setVar("ip_address", $ip_select); @@ -230,7 +230,7 @@ class page_action extends tform_actions { if(is_array($ips)) { foreach( $ips as $ip) { $selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':''; - $ip_select .= "\r\n"; + $ip_select .= "\r\n"; } } $app->tpl->setVar("ipv6_address", $ip_select); @@ -266,7 +266,7 @@ class page_action extends tform_actions { $php_version = $php_record['name'].':'.$php_record['php_fastcgi_binary'].':'.$php_record['php_fastcgi_ini_dir']; } $selected = ($php_version == $this->dataRecord["fastcgi_php_version"])?'SELECTED':''; - $php_select .= "\r\n"; + $php_select .= "\r\n"; } } $app->tpl->setVar("fastcgi_php_version", $php_select); @@ -306,7 +306,7 @@ class page_action extends tform_actions { $options_web_servers = ""; foreach ($web_servers as $web_server) { - $options_web_servers .= ''; + $options_web_servers .= ''; } $app->tpl->setVar("server_id", $options_web_servers); @@ -361,7 +361,7 @@ class page_action extends tform_actions { if(is_array($ips)) { foreach( $ips as $ip) { $selected = ($ip["ip_address"] == $this->dataRecord["ip_address"])?'SELECTED':''; - $ip_select .= "\r\n"; + $ip_select .= "\r\n"; } } $app->tpl->setVar("ip_address", $ip_select); @@ -376,7 +376,7 @@ class page_action extends tform_actions { if(is_array($ips)) { foreach( $ips as $ip) { $selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':''; - $ip_select .= "\r\n"; + $ip_select .= "\r\n"; } } $app->tpl->setVar("ipv6_address", $ip_select); @@ -413,7 +413,7 @@ class page_action extends tform_actions { $php_version = $php_record['name'].':'.$php_record['php_fastcgi_binary'].':'.$php_record['php_fastcgi_ini_dir']; } $selected = ($php_version == $this->dataRecord["fastcgi_php_version"])?'SELECTED':''; - $php_select .= "\r\n"; + $php_select .= "\r\n"; } } $app->tpl->setVar("fastcgi_php_version", $php_select); @@ -441,7 +441,7 @@ class page_action extends tform_actions { $php_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
    '; foreach($php_directive_snippets as $php_directive_snippet){ $php_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $php_directive_snippet['snippet'] . PHP_EOL; - $php_directive_snippets_txt .= '['.$php_directive_snippet['name'].']     '; + $php_directive_snippets_txt .= '['.$app->functions->htmlentities($php_directive_snippet['name']).']     '; } } if($php_directive_snippets_txt == '') $php_directive_snippets_txt = '------'; @@ -464,7 +464,7 @@ class page_action extends tform_actions { $apache_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
    '; foreach($apache_directive_snippets as $apache_directive_snippet){ $apache_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $apache_directive_snippet['snippet'] . PHP_EOL; - $apache_directive_snippets_txt .= '['.$apache_directive_snippet['name'].']     '; + $apache_directive_snippets_txt .= '['.$app->functions->htmlentities($apache_directive_snippet['name']).']     '; } } if($apache_directive_snippets_txt == '') $apache_directive_snippets_txt = '------'; @@ -478,7 +478,7 @@ class page_action extends tform_actions { $nginx_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'
    '; foreach($nginx_directive_snippets as $nginx_directive_snippet){ $nginx_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $nginx_directive_snippet['snippet'] . PHP_EOL; - $nginx_directive_snippets_txt .= '['.$nginx_directive_snippet['name'].']     '; + $nginx_directive_snippets_txt .= '['.$app->functions->htmlentities($nginx_directive_snippet['name']).']     '; } $nginx_directive_snippets_txt .= '

    '; } @@ -488,7 +488,7 @@ class page_action extends tform_actions { $nginx_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
    '; foreach($nginx_directive_snippets as $nginx_directive_snippet){ $nginx_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $nginx_directive_snippet['snippet'] . PHP_EOL; - $nginx_directive_snippets_txt .= '['.$nginx_directive_snippet['name'].']     '; + $nginx_directive_snippets_txt .= '['.$app->functions->htmlentities($nginx_directive_snippet['name']).']     '; } } if($nginx_directive_snippets_txt == '') $nginx_directive_snippets_txt = '------'; @@ -501,7 +501,7 @@ class page_action extends tform_actions { $proxy_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'
    '; foreach($proxy_directive_snippets as $proxy_directive_snippet){ $proxy_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $proxy_directive_snippet['snippet'] . PHP_EOL; - $proxy_directive_snippets_txt .= '['.$proxy_directive_snippet['name'].']     '; + $proxy_directive_snippets_txt .= '['.$app->functions->htmlentities($proxy_directive_snippet['name']).']     '; } $proxy_directive_snippets_txt .= '

    '; } @@ -511,7 +511,7 @@ class page_action extends tform_actions { $proxy_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
    '; foreach($proxy_directive_snippets as $proxy_directive_snippet){ $proxy_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $proxy_directive_snippet['snippet'] . PHP_EOL; - $proxy_directive_snippets_txt .= '['.$proxy_directive_snippet['name'].']     '; + $proxy_directive_snippets_txt .= '['.$app->functions->htmlentities($proxy_directive_snippet['name']).']     '; } } if($proxy_directive_snippets_txt == '') $proxy_directive_snippets_txt = '------'; @@ -557,7 +557,7 @@ class page_action extends tform_actions { if(is_array($ips)) { foreach( $ips as $ip) { $selected = ($ip["ip_address"] == $this->dataRecord["ip_address"])?'SELECTED':''; - $ip_select .= "\r\n"; + $ip_select .= "\r\n"; } } $app->tpl->setVar("ip_address", $ip_select); @@ -572,7 +572,7 @@ class page_action extends tform_actions { if(is_array($ips)) { foreach( $ips as $ip) { $selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':''; - $ip_select .= "\r\n"; + $ip_select .= "\r\n"; } } $app->tpl->setVar("ipv6_address", $ip_select); @@ -633,7 +633,7 @@ class page_action extends tform_actions { $php_version = $php_record['name'].':'.$php_record['php_fastcgi_binary'].':'.$php_record['php_fastcgi_ini_dir']; } $selected = ($php_version == $this->dataRecord["fastcgi_php_version"])?'SELECTED':''; - $php_select .= "\r\n"; + $php_select .= "\r\n"; } } $app->tpl->setVar("fastcgi_php_version", $php_select); @@ -648,7 +648,7 @@ class page_action extends tform_actions { $php_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'
    '; foreach($php_directive_snippets as $php_directive_snippet){ $php_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $php_directive_snippet['snippet'] . PHP_EOL; - $php_directive_snippets_txt .= '['.$php_directive_snippet['name'].']     '; + $php_directive_snippets_txt .= '['.$app->functions->htmlentities($php_directive_snippet['name']).']     '; } $php_directive_snippets_txt .= '

    '; } @@ -658,7 +658,7 @@ class page_action extends tform_actions { $php_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
    '; foreach($php_directive_snippets as $php_directive_snippet){ $php_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $php_directive_snippet['snippet'] . PHP_EOL; - $php_directive_snippets_txt .= '['.$php_directive_snippet['name'].']     '; + $php_directive_snippets_txt .= '['.$app->functions->htmlentities($php_directive_snippet['name']).']     '; } } if($php_directive_snippets_txt == '') $php_directive_snippets_txt = '------'; @@ -671,7 +671,7 @@ class page_action extends tform_actions { $apache_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'
    '; foreach($apache_directive_snippets as $apache_directive_snippet){ $apache_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $apache_directive_snippet['snippet'] . PHP_EOL; - $apache_directive_snippets_txt .= '['.$apache_directive_snippet['name'].']     '; + $apache_directive_snippets_txt .= '['.$app->functions->htmlentities($apache_directive_snippet['name']).']     '; } $apache_directive_snippets_txt .= '

    '; } @@ -681,7 +681,7 @@ class page_action extends tform_actions { $apache_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
    '; foreach($apache_directive_snippets as $apache_directive_snippet){ $apache_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $apache_directive_snippet['snippet'] . PHP_EOL; - $apache_directive_snippets_txt .= '['.$apache_directive_snippet['name'].']     '; + $apache_directive_snippets_txt .= '['.$app->functions->htmlentities($apache_directive_snippet['name']).']     '; } } if($apache_directive_snippets_txt == '') $apache_directive_snippets_txt = '------'; @@ -695,7 +695,7 @@ class page_action extends tform_actions { $nginx_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'
    '; foreach($nginx_directive_snippets as $nginx_directive_snippet){ $nginx_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $nginx_directive_snippet['snippet'] . PHP_EOL; - $nginx_directive_snippets_txt .= '['.$nginx_directive_snippet['name'].']     '; + $nginx_directive_snippets_txt .= '['.$app->functions->htmlentities($nginx_directive_snippet['name']).']     '; } $nginx_directive_snippets_txt .= '

    '; } @@ -705,7 +705,7 @@ class page_action extends tform_actions { $nginx_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
    '; foreach($nginx_directive_snippets as $nginx_directive_snippet){ $nginx_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $nginx_directive_snippet['snippet'] . PHP_EOL; - $nginx_directive_snippets_txt .= '['.$nginx_directive_snippet['name'].']     '; + $nginx_directive_snippets_txt .= '['.$app->functions->htmlentities($nginx_directive_snippet['name']).']     '; } } if($nginx_directive_snippets_txt == '') $nginx_directive_snippets_txt = '------'; @@ -718,7 +718,7 @@ class page_action extends tform_actions { $proxy_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'
    '; foreach($proxy_directive_snippets as $proxy_directive_snippet){ $proxy_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $proxy_directive_snippet['snippet'] . PHP_EOL; - $proxy_directive_snippets_txt .= '['.$proxy_directive_snippet['name'].']     '; + $proxy_directive_snippets_txt .= '['.$app->functions->htmlentities($proxy_directive_snippet['name']).']     '; } $proxy_directive_snippets_txt .= '

    '; } @@ -728,7 +728,7 @@ class page_action extends tform_actions { $proxy_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
    '; foreach($proxy_directive_snippets as $proxy_directive_snippet){ $proxy_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $proxy_directive_snippet['snippet'] . PHP_EOL; - $proxy_directive_snippets_txt .= '['.$proxy_directive_snippet['name'].']     '; + $proxy_directive_snippets_txt .= '['.$app->functions->htmlentities($proxy_directive_snippet['name']).']     '; } } if($proxy_directive_snippets_txt == '') $proxy_directive_snippets_txt = '------'; @@ -748,7 +748,7 @@ class page_action extends tform_actions { if(is_array($ssl_domains)) { foreach( $ssl_domains as $ssl_domain) { $selected = ($ssl_domain == $this->dataRecord['ssl_domain'])?'SELECTED':''; - $ssl_domain_select .= "\r\n"; + $ssl_domain_select .= "\r\n"; } } $app->tpl->setVar("ssl_domain", $ssl_domain_select); @@ -798,7 +798,7 @@ class page_action extends tform_actions { } elseif($this->_vhostdomain_type == 'domain' && $domain['domain'] == $this->dataRecord["domain"]) { $domain_select .= " selected"; } - $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . "\r\n"; + $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . "\r\n"; } } else { @@ -827,13 +827,13 @@ class page_action extends tform_actions { $datalog = $app->db->queryOneRecord("SELECT sys_datalog.error, sys_log.tstamp FROM sys_datalog, sys_log WHERE sys_datalog.dbtable = 'web_domain' AND sys_datalog.dbidx = ? AND sys_datalog.datalog_id = sys_log.datalog_id AND sys_log.message = CONCAT('Processed datalog_id ',sys_log.datalog_id) ORDER BY sys_datalog.tstamp DESC", 'domain_id:' . $this->id); if(is_array($datalog) && !empty($datalog)){ if(trim($datalog['error']) != ''){ - $app->tpl->setVar("config_error_msg", nl2br(htmlentities($datalog['error']))); + $app->tpl->setVar("config_error_msg", nl2br($app->functions->htmlentities($datalog['error']))); $app->tpl->setVar("config_error_tstamp", date($app->lng('conf_format_datetime'), $datalog['tstamp'])); } } } - $app->tpl->setVar('vhostdomain_type', $this->_vhostdomain_type); + $app->tpl->setVar('vhostdomain_type', $this->_vhostdomain_type, true); $app->tpl->setVar('is_spdy_enabled', ($web_config['enable_spdy'] === 'y')); $app->tpl->setVar("is_admin", $is_admin); @@ -859,7 +859,7 @@ class page_action extends tform_actions { if(is_array($m_directive_snippets) && !empty($m_directive_snippets)){ $directive_snippets_id_select .= ''; foreach($m_directive_snippets as $m_directive_snippet){ - $directive_snippets_id_select .= ''; + $directive_snippets_id_select .= ''; } $directive_snippets_id_select .= ''; } @@ -868,7 +868,7 @@ class page_action extends tform_actions { if(is_array($directive_snippets) && !empty($directive_snippets)){ $directive_snippets_id_select .= ''; foreach($directive_snippets as $directive_snippet){ - $directive_snippets_id_select .= ''; + $directive_snippets_id_select .= ''; } $directive_snippets_id_select .= ''; } diff --git a/interface/web/sites/webdav_user_edit.php b/interface/web/sites/webdav_user_edit.php index e94625fd9d..e02e0bdaff 100644 --- a/interface/web/sites/webdav_user_edit.php +++ b/interface/web/sites/webdav_user_edit.php @@ -82,7 +82,7 @@ class page_action extends tform_actions { } if($this->dataRecord['username'] == "") { - $app->tpl->setVar("username_prefix", $webdavuser_prefix); + $app->tpl->setVar("username_prefix", $webdavuser_prefix, true); } else { $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $webdavuser_prefix, $global_config['webdavuser_prefix']), true); } diff --git a/interface/web/vm/openvz_vm_edit.php b/interface/web/vm/openvz_vm_edit.php index 8109859ece..4dd1a551de 100644 --- a/interface/web/vm/openvz_vm_edit.php +++ b/interface/web/vm/openvz_vm_edit.php @@ -86,7 +86,7 @@ class page_action extends tform_actions { if(is_array($records)) { foreach( $records as $rec) { $selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':''; - $template_id_select .= "\r\n"; + $template_id_select .= "\r\n"; } } $app->tpl->setVar("template_id_select", $template_id_select); @@ -109,7 +109,7 @@ class page_action extends tform_actions { if(is_array($records)) { foreach( $records as $rec) { $selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':''; - $client_select .= "\r\n"; + $client_select .= "\r\n"; } } $app->tpl->setVar("client_group_id", $client_select); @@ -124,7 +124,7 @@ class page_action extends tform_actions { if(is_array($records)) { foreach( $records as $rec) { $selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':''; - $template_id_select .= "\r\n"; + $template_id_select .= "\r\n"; } } $app->tpl->setVar("template_id_select", $template_id_select); @@ -141,7 +141,7 @@ class page_action extends tform_actions { if(is_array($clients)) { foreach( $clients as $client) { $selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':''; - $client_select .= "\r\n"; + $client_select .= "\r\n"; } } $app->tpl->setVar("client_group_id", $client_select); @@ -153,7 +153,7 @@ class page_action extends tform_actions { $template_id_select=''; foreach( $records as $rec) { $selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':''; - $template_id_select .= "\r\n"; + $template_id_select .= "\r\n"; } } $app->tpl->setVar("template_id_select", $template_id_select); @@ -175,7 +175,7 @@ class page_action extends tform_actions { if(is_array($ips)) { foreach( $ips as $ip) { $selected = ($ip["ip_address"] == $this->dataRecord["ip_address"])?'SELECTED':''; - $ip_select .= "\r\n"; + $ip_select .= "\r\n"; } } $app->tpl->setVar("ip_address", $ip_select); @@ -188,7 +188,7 @@ class page_action extends tform_actions { foreach ($additional_ips as $idx => $rec) { $temp .= ""; $used = @($rec['additional']=='y')?'CHECKED':''; - $temp .= " ".$rec['ip_address']."
    "; + $temp .= " ".$app->functions->htmlentities($rec['ip_address'])."
    "; } $app->tpl->setVar("additional_ip", $temp); unset($used); -- GitLab From f93c9548477b00552d5ff9728dafc687a4229231 Mon Sep 17 00:00:00 2001 From: Marius Burkard Date: Mon, 1 Jan 2018 18:50:18 +0100 Subject: [PATCH 12/25] - fixed typo from previous commit --- interface/web/mail/mail_user_edit.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interface/web/mail/mail_user_edit.php b/interface/web/mail/mail_user_edit.php index dd2c46799d..6cf9b34e36 100644 --- a/interface/web/mail/mail_user_edit.php +++ b/interface/web/mail/mail_user_edit.php @@ -100,7 +100,7 @@ class page_action extends tform_actions { if(is_array($policys)) { foreach( $policys as $p) { $selected = ($p["id"] == $tmp_user["policy_id"])?'SELECTED':''; - $policy_select .= "\r\n"; + $policy_select .= "\r\n"; } } $app->tpl->setVar("policy", $policy_select); -- GitLab From bb0a65898bf93d59f8ef7e0a4d57198d71122fc8 Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Wed, 3 Jan 2018 09:06:55 +0100 Subject: [PATCH 13/25] Implemented #4903 Extend IDS system to allow different settings for clients and admin --- interface/lib/classes/ids.inc.php | 24 +++++++++++++++++++++--- security/security_settings.ini | 16 ++++++++++++---- 2 files changed, 33 insertions(+), 7 deletions(-) diff --git a/interface/lib/classes/ids.inc.php b/interface/lib/classes/ids.inc.php index ac5cb19128..abdf32b302 100644 --- a/interface/lib/classes/ids.inc.php +++ b/interface/lib/classes/ids.inc.php @@ -118,7 +118,25 @@ class ids { $impact = $ids_result->getImpact(); - if($impact >= $security_config['ids_log_level']) { + // Choose level from security config + if($app->auth->is_admin()) { + // User is admin + $ids_log_level = $security_config['ids_admin_log_level']; + $ids_warn_level = $security_config['ids_admin_warn_level']; + $ids_block_level = $security_config['ids_admin_block_level']; + } elseif(is_array($_SESSION['s']['user']) && $_SESSION['s']['user']['userid'] > 0) { + // User is Client or Reseller + $ids_log_level = $security_config['ids_user_log_level']; + $ids_warn_level = $security_config['ids_user_warn_level']; + $ids_block_level = $security_config['ids_user_block_level']; + } else { + // Not logged in + $ids_log_level = $security_config['ids_anon_log_level']; + $ids_warn_level = $security_config['ids_anon_warn_level']; + $ids_block_level = $security_config['ids_anon_block_level']; + } + + if($impact >= $ids_log_level) { $ids_log = ISPC_ROOT_PATH.'/temp/ids.log'; if(!is_file($ids_log)) touch($ids_log); @@ -132,11 +150,11 @@ class ids { } - if($impact >= $security_config['ids_warn_level']) { + if($impact >= $ids_warn_level) { $app->log("PHP IDS Alert.".$ids_result, 2); } - if($impact >= $security_config['ids_block_level']) { + if($impact >= $ids_block_level) { $app->error("Possible attack detected. This action has been logged.",'', true, 2); } diff --git a/security/security_settings.ini b/security/security_settings.ini index eb78e24d53..e705b3574e 100644 --- a/security/security_settings.ini +++ b/security/security_settings.ini @@ -19,10 +19,18 @@ password_reset_allowed=yes session_regenerate_id=yes [ids] -ids_enabled=no -ids_log_level=1 -ids_warn_level=5 -ids_block_level=100 +ids_anon_enabled=yes +ids_anon_log_level=1 +ids_anon_warn_level=5 +ids_anon_block_level=10 +ids_user_enabled=yes +ids_user_log_level=1 +ids_user_warn_level=10 +ids_user_block_level=50 +ids_admin_enabled=no +ids_admin_log_level=1 +ids_admin_warn_level=5 +ids_admin_block_level=100 sql_scan_enabled=yes sql_scan_action=warn apache_directives_scan_enabled=yes -- GitLab From 888f4dea28f6f20633aeb53d76abf94194f2df74 Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Wed, 3 Jan 2018 09:07:40 +0100 Subject: [PATCH 14/25] Added some validators to DNS import script. --- interface/web/dns/dns_import.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/interface/web/dns/dns_import.php b/interface/web/dns/dns_import.php index fb66b7b176..405e437838 100644 --- a/interface/web/dns/dns_import.php +++ b/interface/web/dns/dns_import.php @@ -587,6 +587,15 @@ if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name' if($dns_rr[$r]['type'] == 'NS' && $dns_rr[$r]['name'] == $soa['name']){ unset($dns_rr[$r]); } + + $valid = true; + $dns_rr[$r]['ttl'] = $app->functions->intval($dns_rr[$r]['ttl']); + $dns_rr[$r]['aux'] = $app->functions->intval($dns_rr[$r]['aux']); + $dns_rr[$r]['data'] = strip_tags($dns_rr[$r]['data']); + if(!preg_match('/^[a-zA-Z0-9\.\-\*]{0,64}$/',$dns_rr[$r]['name'])) $valid == false; + if(!in_array(strtoupper($dns_rr[$r]['type']),array('A','AAAA','ALIAS','CNAME','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY'))) $valid == false; + if($valid == false) unset($dns_rr[$r]); + $r++; } $i++; -- GitLab From 6fd82d99070d1500d003e15865f43d5d71fb4eb1 Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Wed, 3 Jan 2018 09:56:40 +0100 Subject: [PATCH 15/25] Enabled IDS and adjusted IDS scores. --- interface/lib/app.inc.php | 2 +- security/security_settings.ini | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/interface/lib/app.inc.php b/interface/lib/app.inc.php index f5c2c18862..1cc96e9c2e 100755 --- a/interface/lib/app.inc.php +++ b/interface/lib/app.inc.php @@ -342,7 +342,7 @@ $app = new app(); // load and enable PHP Intrusion Detection System (PHPIDS) $ids_security_config = $app->getconf->get_security_config('ids'); -if(is_dir(ISPC_CLASS_PATH.'/IDS') && $ids_security_config['ids_enabled'] == 'yes') { +if(is_dir(ISPC_CLASS_PATH.'/IDS') && ($ids_security_config['ids_anon_enabled'] == 'yes' || $ids_security_config['ids_user_enabled'] == 'yes' || $ids_security_config['ids_admin_enabled'] == 'yes')) { $app->uses('ids'); $app->ids->start(); } diff --git a/security/security_settings.ini b/security/security_settings.ini index e705b3574e..d7b65ba48e 100644 --- a/security/security_settings.ini +++ b/security/security_settings.ini @@ -22,11 +22,11 @@ session_regenerate_id=yes ids_anon_enabled=yes ids_anon_log_level=1 ids_anon_warn_level=5 -ids_anon_block_level=10 +ids_anon_block_level=20 ids_user_enabled=yes ids_user_log_level=1 ids_user_warn_level=10 -ids_user_block_level=50 +ids_user_block_level=25 ids_admin_enabled=no ids_admin_log_level=1 ids_admin_warn_level=5 -- GitLab From 14a1204e60c1c0bd222f885dc2a9a142287f8545 Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Mon, 8 Jan 2018 13:06:01 +0100 Subject: [PATCH 16/25] Fixed #4904 issue on email foward form after commit which add filter on form --- interface/web/mail/form/mail_forward.tform.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/interface/web/mail/form/mail_forward.tform.php b/interface/web/mail/form/mail_forward.tform.php index 260d953982..3c902b4221 100644 --- a/interface/web/mail/form/mail_forward.tform.php +++ b/interface/web/mail/form/mail_forward.tform.php @@ -100,9 +100,7 @@ $form["tabs"]['forward'] = array ( 2 => array( 'event' => 'SAVE', 'type' => 'TOLOWER'), 3 => array( 'event' => 'SAVE', - 'type' => 'STRIPTAGS'), - 4 => array( 'event' => 'SAVE', - 'type' => 'STRIPNL') + 'type' => 'STRIPTAGS') ), 'default' => '', 'value' => '', -- GitLab From 4f5967a4a542f74f18a33d1ed31e8780c3380552 Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Mon, 8 Jan 2018 16:47:14 +0100 Subject: [PATCH 17/25] Fixed #4721 Wrong permissions when renaming shell user --- .../shelluser_base_plugin.inc.php | 20 ++++++++++++++++--- .../shelluser_jailkit_plugin.inc.php | 15 ++++++++++++-- 2 files changed, 30 insertions(+), 5 deletions(-) diff --git a/server/plugins-available/shelluser_base_plugin.inc.php b/server/plugins-available/shelluser_base_plugin.inc.php index 74c6fa364f..9c4568901d 100755 --- a/server/plugins-available/shelluser_base_plugin.inc.php +++ b/server/plugins-available/shelluser_base_plugin.inc.php @@ -226,6 +226,9 @@ class shelluser_base_plugin { $homedir_old = $data['old']['dir'].'/home/'.$data['old']['username']; } + $app->log("Homedir New: ".$homedir, LOGLEVEL_DEBUG); + $app->log("Homedir Old: ".$homedir_old, LOGLEVEL_DEBUG); + // Check if the user that we want to update exists, if not, we insert it if($app->system->is_user($data['old']['username'])) { //* Remove webfolder protection @@ -246,16 +249,27 @@ class shelluser_base_plugin { $app->log("Executed command: $command ",LOGLEVEL_DEBUG); */ //$groupinfo = $app->system->posix_getgrnam($data['new']['pgroup']); - if($homedir != $homedir_old && !is_dir($homedir)){ + if($homedir != $homedir_old){ $app->system->web_folder_protection($web['document_root'], false); - if(!is_dir($data['new']['dir'].'/home')){ + // Rename dir, in case the new directory exists already. + if(is_dir($homedir)) { + $app->log("New Homedir exists, renaming it to ".$homedir.'_bak', LOGLEVEL_DEBUG); + $app->system->rename(escapeshellcmd($homedir),escapeshellcmd($homedir.'_bak')); + } + /*if(!is_dir($data['new']['dir'].'/home')){ $app->file->mkdirs(escapeshellcmd($data['new']['dir'].'/home'), '0750'); $app->system->chown(escapeshellcmd($data['new']['dir'].'/home'),escapeshellcmd($data['new']['puser'])); $app->system->chgrp(escapeshellcmd($data['new']['dir'].'/home'),escapeshellcmd($data['new']['pgroup'])); } $app->file->mkdirs(escapeshellcmd($homedir), '0755'); $app->system->chown(escapeshellcmd($homedir),'root'); - $app->system->chgrp(escapeshellcmd($homedir),'root'); + $app->system->chgrp(escapeshellcmd($homedir),'root');*/ + + // Move old directory to new path + $app->system->rename(escapeshellcmd($homedir_old),escapeshellcmd($homedir)); + $app->file->mkdirs(escapeshellcmd($homedir), '0750'); + $app->system->chown(escapeshellcmd($homedir),escapeshellcmd($data['new']['puser'])); + $app->system->chgrp(escapeshellcmd($homedir),escapeshellcmd($data['new']['pgroup'])); $app->system->web_folder_protection($web['document_root'], true); } else { if(!is_dir($homedir)){ diff --git a/server/plugins-available/shelluser_jailkit_plugin.inc.php b/server/plugins-available/shelluser_jailkit_plugin.inc.php index 69a041c037..295112d423 100755 --- a/server/plugins-available/shelluser_jailkit_plugin.inc.php +++ b/server/plugins-available/shelluser_jailkit_plugin.inc.php @@ -350,6 +350,11 @@ class shelluser_jailkit_plugin { //add the user to the chroot $jailkit_chroot_userhome = $this->_get_home_dir($this->data['new']['username']); + if(isset($this->data['old']['username'])) { + $jailkit_chroot_userhome_old = $this->_get_home_dir($this->data['old']['username']); + } else { + $jailkit_chroot_userhome_old = ''; + } $jailkit_chroot_puserhome = $this->_get_home_dir($this->data['new']['puser']); if(!is_dir($this->data['new']['dir'].'/etc')) mkdir($this->data['new']['dir'].'/etc', 0755); @@ -398,13 +403,19 @@ class shelluser_jailkit_plugin { $this->app->log("Added jailkit user to chroot with command: ".$command, LOGLEVEL_DEBUG); - if(!is_dir($this->data['new']['dir'].$jailkit_chroot_userhome)) mkdir(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome), 0755, true); + if(!is_dir($this->data['new']['dir'].$jailkit_chroot_userhome)) { + if(is_dir($this->data['old']['dir'].$jailkit_chroot_userhome_old)) { + $app->system->rename(escapeshellcmd($this->data['old']['dir'].$jailkit_chroot_userhome_old),escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome)); + } else { + mkdir(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome), 0750, true); + } + } $app->system->chown(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome), $this->data['new']['username']); $app->system->chgrp(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome), $this->data['new']['pgroup']); $this->app->log("Added created jailkit user home in : ".$this->data['new']['dir'].$jailkit_chroot_userhome, LOGLEVEL_DEBUG); - if(!is_dir($this->data['new']['dir'].$jailkit_chroot_puserhome)) mkdir(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), 0755, true); + if(!is_dir($this->data['new']['dir'].$jailkit_chroot_puserhome)) mkdir(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), 0750, true); $app->system->chown(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), $this->data['new']['puser']); $app->system->chgrp(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), $this->data['new']['pgroup']); -- GitLab From 0ce3c7b93ab7700ca8f3de113c71a9ae3799bbe4 Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Mon, 8 Jan 2018 21:22:39 +0100 Subject: [PATCH 18/25] Replaced the deprecated nobootwait option with nofail option in bind mount lines in /etc/fstab --- server/plugins-available/apache2_plugin.inc.php | 4 ++-- server/plugins-available/nginx_plugin.inc.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php index 1a802bcf96..949c4f8d75 100644 --- a/server/plugins-available/apache2_plugin.inc.php +++ b/server/plugins-available/apache2_plugin.inc.php @@ -681,10 +681,10 @@ class apache2_plugin { $fstab_line_old = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$old_log_folder.' none bind'; if($web_config['network_filesystem'] == 'y') { - $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nobootwait,_netdev 0 0'; + $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nofail,_netdev 0 0'; $app->system->replaceLine('/etc/fstab', $fstab_line_old, $fstab_line, 0, 1); } else { - $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nobootwait 0 0'; + $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nofail 0 0'; $app->system->replaceLine('/etc/fstab', $fstab_line_old, $fstab_line, 0, 1); } diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php index daf953e265..e1d2afd6ac 100644 --- a/server/plugins-available/nginx_plugin.inc.php +++ b/server/plugins-available/nginx_plugin.inc.php @@ -528,10 +528,10 @@ class nginx_plugin { $fstab_line_old = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$old_log_folder.' none bind'; if($web_config['network_filesystem'] == 'y') { - $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nobootwait,_netdev 0 0'; + $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nofail,_netdev 0 0'; $app->system->replaceLine('/etc/fstab', $fstab_line_old, $fstab_line, 0, 1); } else { - $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nobootwait 0 0'; + $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nofail 0 0'; $app->system->replaceLine('/etc/fstab', $fstab_line_old, $fstab_line, 0, 1); } -- GitLab From ded71be4e1c245a5470ec0788198c1cfc0746eb0 Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Tue, 9 Jan 2018 12:33:51 +0100 Subject: [PATCH 19/25] Changed LOGLEVEL_INFO to LOGLEVEL_DEBUG in db_mysql.inc.php --- interface/lib/classes/db_mysql.inc.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/interface/lib/classes/db_mysql.inc.php b/interface/lib/classes/db_mysql.inc.php index e0c003abca..948d4e81ff 100644 --- a/interface/lib/classes/db_mysql.inc.php +++ b/interface/lib/classes/db_mysql.inc.php @@ -472,7 +472,7 @@ class db { public function escape($sString) { global $app; if(!is_string($sString) && !is_numeric($sString)) { - $app->log('NON-String given in escape function! (' . gettype($sString) . ')', LOGLEVEL_INFO); + $app->log('NON-String given in escape function! (' . gettype($sString) . ')', LOGLEVEL_DEBUG); //$sAddMsg = getDebugBacktrace(); $app->log($sAddMsg, LOGLEVEL_DEBUG); $sString = ''; @@ -481,7 +481,7 @@ class db { $cur_encoding = mb_detect_encoding($sString); if($cur_encoding != "UTF-8") { if($cur_encoding != 'ASCII') { - if(is_object($app) && method_exists($app, 'log')) $app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_INFO); + if(is_object($app) && method_exists($app, 'log')) $app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_DEBUG); if($cur_encoding) $sString = mb_convert_encoding($sString, 'UTF-8', $cur_encoding); else $sString = mb_convert_encoding($sString, 'UTF-8'); } -- GitLab From 63b4da4b66067375ab1f486c7f286b687a65bc02 Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Tue, 9 Jan 2018 14:44:48 +0100 Subject: [PATCH 20/25] Fixed #4855 Modifying certificates affects to the same domain-named sites on all servers. --- server/plugins-available/apache2_plugin.inc.php | 8 ++++---- server/plugins-available/nginx_plugin.inc.php | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php index 949c4f8d75..37b903daf0 100644 --- a/server/plugins-available/apache2_plugin.inc.php +++ b/server/plugins-available/apache2_plugin.inc.php @@ -457,11 +457,11 @@ class apache2_plugin { $app->system->unlink($crt_file); $app->system->unlink($bundle_file); /* Update the DB of the (local) Server */ - $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ?", $data['new']['domain']); - $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']); + $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']); + $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']); /* Update also the master-DB of the Server-Farm */ - $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ?", $data['new']['domain']); - $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']); + $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']); + $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']); $app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG); } diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php index e1d2afd6ac..8335ce2e3f 100644 --- a/server/plugins-available/nginx_plugin.inc.php +++ b/server/plugins-available/nginx_plugin.inc.php @@ -289,11 +289,11 @@ class nginx_plugin { $app->system->unlink($csr_file); $app->system->unlink($crt_file); /* Update the DB of the (local) Server */ - $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ?", $data['new']['domain']); - $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']); + $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']); + $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']); /* Update also the master-DB of the Server-Farm */ - $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ?", $data['new']['domain']); - $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']); + $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']); + $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']); $app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG); } -- GitLab From 3c5f55d76b02f4418767591b316c0d6d95ac4cef Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Tue, 9 Jan 2018 15:36:52 +0100 Subject: [PATCH 21/25] Delete client asstes in reverse creation order. --- interface/web/client/client_del.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interface/web/client/client_del.php b/interface/web/client/client_del.php index 1540bfbfd7..3e3b972c31 100644 --- a/interface/web/client/client_del.php +++ b/interface/web/client/client_del.php @@ -134,7 +134,6 @@ class page_action extends tform_actions { if($client_group_id > 1) { foreach($tables_array as $table) { if($table != '') { - $records = $app->db->queryAllRecords("SELECT * FROM ?? WHERE sys_groupid = ?", $table, $client_group_id); //* find the primary ID of the table $table_info = $app->db->tableInfo($table); $index_field = ''; @@ -143,6 +142,7 @@ class page_action extends tform_actions { } //* Delete the records if($index_field != '') { + $records = $app->db->queryAllRecords("SELECT * FROM ?? WHERE sys_groupid = ? ORDER BY ? DESC", $table, $client_group_id, $index_field); if(is_array($records)) { foreach($records as $rec) { $app->db->datalogDelete($table, $index_field, $rec[$index_field]); -- GitLab From af9b2099fb656e8b34d098ae4832acccc31e7ca1 Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Tue, 9 Jan 2018 15:40:21 +0100 Subject: [PATCH 22/25] Fixed typo in SQL query. --- interface/web/client/client_del.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interface/web/client/client_del.php b/interface/web/client/client_del.php index 3e3b972c31..6d7db6f97f 100644 --- a/interface/web/client/client_del.php +++ b/interface/web/client/client_del.php @@ -142,7 +142,7 @@ class page_action extends tform_actions { } //* Delete the records if($index_field != '') { - $records = $app->db->queryAllRecords("SELECT * FROM ?? WHERE sys_groupid = ? ORDER BY ? DESC", $table, $client_group_id, $index_field); + $records = $app->db->queryAllRecords("SELECT * FROM ?? WHERE sys_groupid = ? ORDER BY ?? DESC", $table, $client_group_id, $index_field); if(is_array($records)) { foreach($records as $rec) { $app->db->datalogDelete($table, $index_field, $rec[$index_field]); -- GitLab From 3dcad763177fec593a0d1d25d06d16f0ec8465cf Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Tue, 9 Jan 2018 16:02:41 +0100 Subject: [PATCH 23/25] Fixed #4879 spamfilter_wblist - Entrys remain in DB after Customer Delete --- interface/web/client/client_del.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interface/web/client/client_del.php b/interface/web/client/client_del.php index 6d7db6f97f..8bef6e9d63 100644 --- a/interface/web/client/client_del.php +++ b/interface/web/client/client_del.php @@ -128,7 +128,7 @@ class page_action extends tform_actions { $app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id); // Delete all records (sub-clients, mail, web, etc....) of this client. - $tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_folder,web_folder_user,domain,mail_mailinglist'; + $tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_folder,web_folder_user,domain,mail_mailinglist,spamfilter_wblist'; $tables_array = explode(',', $tables); $client_group_id = $app->functions->intval($client_group['groupid']); if($client_group_id > 1) { -- GitLab From 3a8ee9e48976216d3a421bac1b72a63053b8accb Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Tue, 9 Jan 2018 16:08:57 +0100 Subject: [PATCH 24/25] Fixed #4864 Wrong/incomplete config for Python-enabled sites --- server/conf/vhost.conf.master | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/server/conf/vhost.conf.master b/server/conf/vhost.conf.master index 063b5c7e33..6a026d447a 100644 --- a/server/conf/vhost.conf.master +++ b/server/conf/vhost.conf.master @@ -182,6 +182,13 @@ + + + SetHandler mod_python + + PythonHandler mod_python.publisher + PythonDebug On + SetHandler mod_python -- GitLab From 371590ef62ce0bb1a7176ceec732f0ad674764ec Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Tue, 9 Jan 2018 16:51:27 +0100 Subject: [PATCH 25/25] Fixed #4863 URL Redirect doesn't accept #anchors --- interface/web/sites/form/web_childdomain.tform.php | 2 +- interface/web/sites/form/web_vhost_domain.tform.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/interface/web/sites/form/web_childdomain.tform.php b/interface/web/sites/form/web_childdomain.tform.php index 02480db428..6cfaa38c2a 100644 --- a/interface/web/sites/form/web_childdomain.tform.php +++ b/interface/web/sites/form/web_childdomain.tform.php @@ -125,7 +125,7 @@ $form["tabs"]['domain'] = array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', 'validators' => array ( 0 => array ( 'type' => 'REGEX', - 'regex' => '@^(([\.]{0})|((ftp|https?)://([-\w\.]+)+(:\d+)?(/([\w/_\.\-\,\+\?\~!:%]*(\?\S+)?)?)?)|(\[scheme\]://([-\w\.]+)+(:\d+)?(/([\w/_\.\-\,\+\?\~!:%]*(\?\S+)?)?)?)|(/(?!.*\.\.)[\w/_\.\-]{1,255}/))$@', + 'regex' => '@^(([\.]{0})|((ftp|https?|\[scheme\])://([-\w\.]+)+(:\d+)?(/([\w/_\.\,\-\+\?\~!:%]*(\?\S+)?)?)?)(?:#\S*)?|(/(?!.*\.\.)[\w/_\.\-]{1,255}/))$@', 'errmsg'=> 'redirect_error_regex'), ), 'default' => '', diff --git a/interface/web/sites/form/web_vhost_domain.tform.php b/interface/web/sites/form/web_vhost_domain.tform.php index 98b006eacf..11132f5469 100644 --- a/interface/web/sites/form/web_vhost_domain.tform.php +++ b/interface/web/sites/form/web_vhost_domain.tform.php @@ -396,7 +396,7 @@ $form["tabs"]['redirect'] = array ( 'redirect_path' => array ( 'datatype' => 'VARCHAR', 'validators' => array ( 0 => array ( 'type' => 'REGEX', - 'regex' => '@^(([\.]{0})|((ftp|https?)://([-\w\.]+)+(:\d+)?(/([\w/_\.\,\-\+\?\~!:%]*(\?\S+)?)?)?)|(\[scheme\]://([-\w\.]+)+(:\d+)?(/([\w/_\.\-\,\+\?\~!:%]*(\?\S+)?)?)?)|(/(?!.*\.\.)[\w/_\.\-]{1,255}/))$@', + 'regex' => '@^(([\.]{0})|((ftp|https?|\[scheme\])://([-\w\.]+)+(:\d+)?(/([\w/_\.\,\-\+\?\~!:%]*(\?\S+)?)?)?)(?:#\S*)?|(/(?!.*\.\.)[\w/_\.\-]{1,255}/))$@', 'errmsg'=> 'redirect_error_regex'), ), 'formtype' => 'TEXT', -- GitLab