From ae69e622d3bae420246fd5ac11a1f95545e74a9c Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Sat, 22 Nov 2008 17:00:48 +0000
Subject: [PATCH] Improved listform class.
---
interface/lib/classes/listform.inc.php | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/interface/lib/classes/listform.inc.php b/interface/lib/classes/listform.inc.php
index 33ec36ef1..2c1ef021b 100644
--- a/interface/lib/classes/listform.inc.php
+++ b/interface/lib/classes/listform.inc.php
@@ -166,7 +166,7 @@ class listform {
$this->searchValues[$search_prefix.$field] = $out;
} else {
if(isset($_SESSION['search'][$list_name][$search_prefix.$field])){
- $this->searchValues[$search_prefix.$field] = $_SESSION['search'][$list_name][$search_prefix.$field];
+ $this->searchValues[$search_prefix.$field] = htmlspecialchars($_SESSION['search'][$list_name][$search_prefix.$field]);
}
}
}
@@ -283,7 +283,7 @@ class listform {
switch ($field['datatype']){
case 'VARCHAR':
case 'TEXT':
- $record[$key] = stripslashes($record[$key]);
+ $record[$key] = htmlentities(stripslashes($record[$key]));
break;
case 'DATE':
@@ -295,7 +295,7 @@ class listform {
break;
case 'DOUBLE':
- $record[$key] = $record[$key];
+ $record[$key] = htmlentities($record[$key]);
break;
case 'CURRENCY':
@@ -303,7 +303,7 @@ class listform {
break;
default:
- $record[$key] = stripslashes($record[$key]);
+ $record[$key] = htmlentities(stripslashes($record[$key]));
}
}
}
@@ -360,6 +360,19 @@ class listform {
return $app->lng($msg);
}
}
+
+ function escapeArrayValues($search_values) {
+
+ $out = array();
+ if(is_array($search_values)) {
+ foreach($search_values as $key => $val) {
+ $out[$key] = htmlentities($val,ENT_QUOTES);
+ }
+ }
+
+ return $out;
+
+ }
}
--
GitLab