diff --git a/interface/web/admin/form/directive_snippets.tform.php b/interface/web/admin/form/directive_snippets.tform.php
index 4d34fefb59c02e15e63e8f8375691d12ad310607..544cb8b85537df42206ea5c861f20d0050bfb69b 100644
--- a/interface/web/admin/form/directive_snippets.tform.php
+++ b/interface/web/admin/form/directive_snippets.tform.php
@@ -71,6 +71,12 @@ $form["tabs"]['directive_snippets'] = array (
1 => array ( 'type' => 'UNIQUE',
'errmsg'=> 'directive_snippets_name_error_unique'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/admin/form/groups.tform.php b/interface/web/admin/form/groups.tform.php
index c7b3f74fdb37c793f321e809317b3a0ae9d7da65..5bcbe6279f7a82a3e5d49c4b08c67f9e313c7266 100644
--- a/interface/web/admin/form/groups.tform.php
+++ b/interface/web/admin/form/groups.tform.php
@@ -81,6 +81,12 @@ $form["tabs"]['groups'] = array (
'name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'regex' => '/^.{1,30}$/',
'errmsg' => 'name_err',
'default' => '',
@@ -94,6 +100,10 @@ $form["tabs"]['groups'] = array (
'description' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'regex' => '',
'errmsg' => '',
'default' => '',
diff --git a/interface/web/admin/form/iptables.tform.php b/interface/web/admin/form/iptables.tform.php
index 7d09ca3f5e1b3bd40875ad3a94754d3530e6ab1c..76d747020d3966a7390d141c7df50c2262687764 100644
--- a/interface/web/admin/form/iptables.tform.php
+++ b/interface/web/admin/form/iptables.tform.php
@@ -52,6 +52,12 @@ $form["tabs"]['iptables'] = array (
'source_ip' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '',
@@ -60,6 +66,12 @@ $form["tabs"]['iptables'] = array (
'destination_ip' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '',
@@ -68,6 +80,12 @@ $form["tabs"]['iptables'] = array (
'singleport' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '',
@@ -76,6 +94,12 @@ $form["tabs"]['iptables'] = array (
'multiport' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '',
@@ -84,6 +108,12 @@ $form["tabs"]['iptables'] = array (
'state' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '',
diff --git a/interface/web/admin/form/server.tform.php b/interface/web/admin/form/server.tform.php
index 1bf079e1b0bb08791cdddb7f70b9797e5720e504..95dca6c33b5cb552b29692b3c0f27f2e76924024 100644
--- a/interface/web/admin/form/server.tform.php
+++ b/interface/web/admin/form/server.tform.php
@@ -61,6 +61,12 @@ $form["tabs"]['services'] = array (
'server_name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/admin/form/server_config.tform.php b/interface/web/admin/form/server_config.tform.php
index 6c9e56772b33a1b6a65f509aa212c8d49bb00b42..70aac48e0787e06835b32a6773012e1cf213ec16 100644
--- a/interface/web/admin/form/server_config.tform.php
+++ b/interface/web/admin/form/server_config.tform.php
@@ -145,6 +145,12 @@ $form["tabs"]['server'] = array(
'validators' => array(0 => array('type' => 'NOTEMPTY',
'errmsg' => 'nameservers_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'value' => '',
'width' => '40',
'maxlength' => '255'
@@ -316,6 +322,12 @@ $form["tabs"]['server'] = array(
'monit_user' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -344,6 +356,12 @@ $form["tabs"]['server'] = array(
'munin_user' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -426,6 +444,12 @@ $form["tabs"]['mail'] = array(
'dkim_path' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '/var/lib/amavis/dkim',
'value' => '',
'width' => '40',
@@ -527,6 +551,12 @@ $form["tabs"]['mail'] = array(
'relayhost' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -535,6 +565,12 @@ $form["tabs"]['mail'] = array(
'relayhost_user' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -719,6 +755,12 @@ $form["tabs"]['web'] = array(
'website_autoalias' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -1135,6 +1177,12 @@ $form["tabs"]['web'] = array(
'validators' => array( 0 => array('type' => 'NOTEMPTY',
'errmsg' => 'htaccess_allow_override_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'value' => '',
'width' => '40',
'maxlength' => '255'
@@ -1161,6 +1209,12 @@ $form["tabs"]['web'] = array(
'validators' => array(0 => array('type' => 'NOTEMPTY',
'errmsg' => 'apps_vhost_port_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'value' => '',
'width' => '40',
'maxlength' => '255'
@@ -1172,6 +1226,12 @@ $form["tabs"]['web'] = array(
'validators' => array(0 => array('type' => 'NOTEMPTY',
'errmsg' => 'apps_vhost_ip_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'value' => '',
'width' => '40',
'maxlength' => '255'
@@ -1179,6 +1239,12 @@ $form["tabs"]['web'] = array(
'apps_vhost_servername' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -1187,6 +1253,12 @@ $form["tabs"]['web'] = array(
'awstats_conf_dir' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -1486,6 +1558,12 @@ $form["tabs"]['xmpp'] = array(
'xmpp_server_admins' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'admin@service.com, superuser@service.com',
'value' => '',
'width' => '15'
@@ -1494,6 +1572,12 @@ $form["tabs"]['xmpp'] = array(
'xmpp_modules_enabled' => array(
'datatype' => 'TEXT',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => "saslauth, tls, dialback, disco, discoitems, version, uptime, time, ping, admin_adhoc, admin_telnet, bosh, posix, announce, offline, webpresence, mam, stream_management, message_carbons",
'value' => '',
'separator' => ","
diff --git a/interface/web/admin/form/server_php.tform.php b/interface/web/admin/form/server_php.tform.php
index d5b0c5ff73781ac56b3da21dc0d8f598c0eac892..c94bb38c015aa50ea9b1626c17f410f34692a62b 100644
--- a/interface/web/admin/form/server_php.tform.php
+++ b/interface/web/admin/form/server_php.tform.php
@@ -112,6 +112,12 @@ $form["tabs"]['php_name'] = array (
'validators' => array(0 => array('type' => 'NOTEMPTY',
'errmsg' => 'server_php_name_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -135,6 +141,12 @@ $form["tabs"]['php_fastcgi'] = array(
'php_fastcgi_binary' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -143,6 +155,12 @@ $form["tabs"]['php_fastcgi'] = array(
'php_fastcgi_ini_dir' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -165,6 +183,12 @@ $form["tabs"]['php_fpm'] = array(
'php_fpm_init_script' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -173,6 +197,12 @@ $form["tabs"]['php_fpm'] = array(
'php_fpm_ini_dir' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -181,6 +211,12 @@ $form["tabs"]['php_fpm'] = array(
'php_fpm_pool_dir' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '40',
diff --git a/interface/web/admin/form/software_package.tform.php b/interface/web/admin/form/software_package.tform.php
index 1db7056acc1b0b779962fbcdc6820fca5257e34d..b8368d545751d19216fac8c69c588dc62b1cad48 100644
--- a/interface/web/admin/form/software_package.tform.php
+++ b/interface/web/admin/form/software_package.tform.php
@@ -87,6 +87,12 @@ $form["tabs"]['software_package'] = array (
'package_title' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'validators' => '',
'default' => '',
'value' => '',
@@ -99,6 +105,12 @@ $form["tabs"]['software_package'] = array (
'package_key' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'validators' => '',
'default' => '',
'value' => '',
diff --git a/interface/web/admin/form/software_repo.tform.php b/interface/web/admin/form/software_repo.tform.php
index 6d1c50f921ea643d7d3f68121c3b46c902acc365..cbf68b3a3588e5e31d2c998e87c3b28b3fe20134 100644
--- a/interface/web/admin/form/software_repo.tform.php
+++ b/interface/web/admin/form/software_repo.tform.php
@@ -92,6 +92,12 @@ $form["tabs"]['software_repo'] = array (
1 => array ( 'type' => 'UNIQUE',
'errmsg'=> 'repo_name_unique'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -108,6 +114,12 @@ $form["tabs"]['software_repo'] = array (
1 => array ( 'type' => 'UNIQUE',
'errmsg'=> 'repo_name_unique'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -119,6 +131,12 @@ $form["tabs"]['software_repo'] = array (
'repo_username' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
diff --git a/interface/web/admin/form/system_config.tform.php b/interface/web/admin/form/system_config.tform.php
index 72618657968a7642d32f8f35ef1607af82877fef..681d166b34c729a824902385c77d8cbfb3795f75 100644
--- a/interface/web/admin/form/system_config.tform.php
+++ b/interface/web/admin/form/system_config.tform.php
@@ -282,7 +282,11 @@ $form["tabs"]['mail'] = array (
1 => array( 'event' => 'SHOW',
'type' => 'IDNTOUTF8'),
2 => array( 'event' => 'SAVE',
- 'type' => 'TOLOWER')
+ 'type' => 'TOLOWER'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
'formtype' => 'TEXT',
'default' => '',
@@ -293,6 +297,12 @@ $form["tabs"]['mail'] = array (
'admin_name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -311,7 +321,11 @@ $form["tabs"]['mail'] = array (
1 => array( 'event' => 'SHOW',
'type' => 'IDNTOUTF8'),
2 => array( 'event' => 'SAVE',
- 'type' => 'TOLOWER')
+ 'type' => 'TOLOWER'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
'formtype' => 'TEXT',
'default' => '',
@@ -322,6 +336,12 @@ $form["tabs"]['mail'] = array (
'smtp_port' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '25',
'value' => '',
'width' => '30',
@@ -330,6 +350,12 @@ $form["tabs"]['mail'] = array (
'smtp_user' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -419,6 +445,10 @@ $form["tabs"]['domains'] = array (
'new_domain_html' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => ''
),
@@ -463,12 +493,24 @@ $form["tabs"]['misc'] = array (
'company_name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => ''
),
'custom_login_text' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => ''
),
@@ -485,18 +527,36 @@ $form["tabs"]['misc'] = array (
'dashboard_atom_url_admin' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'http://www.ispconfig.org/atom',
'value' => ''
),
'dashboard_atom_url_reseller' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'http://www.ispconfig.org/atom',
'value' => ''
),
'dashboard_atom_url_client' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'http://www.ispconfig.org/atom',
'value' => ''
),
@@ -539,36 +599,72 @@ $form["tabs"]['misc'] = array (
'admin_dashlets_left' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => ''
),
'admin_dashlets_right' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => ''
),
'reseller_dashlets_left' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => ''
),
'reseller_dashlets_right' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => ''
),
'client_dashlets_left' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => ''
),
'client_dashlets_right' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => ''
),
diff --git a/interface/web/admin/form/tpl_default.tform.php b/interface/web/admin/form/tpl_default.tform.php
index df52bbec5f3633e64090e2c96557ca0ad2fc4417..baa84d7b309ecb999de03f7098a10c5a17f790be 100644
--- a/interface/web/admin/form/tpl_default.tform.php
+++ b/interface/web/admin/form/tpl_default.tform.php
@@ -87,6 +87,12 @@ $form["tabs"]['basic'] = array (
'username' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'validators' => '',
'default' => 'global',
'value' => 'global',
@@ -97,6 +103,12 @@ $form["tabs"]['basic'] = array (
'logo_url' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'validators' => '',
'default' => '',
'value' => '',
diff --git a/interface/web/client/client_edit.php b/interface/web/client/client_edit.php
index 10e3f3cadd640efc130e84182de38f32dcbb93d5..8577a1b32d94a5c1e27de0c622495d3f0b4ca2be 100644
--- a/interface/web/client/client_edit.php
+++ b/interface/web/client/client_edit.php
@@ -133,6 +133,7 @@ class page_action extends tform_actions {
$tpls = $app->db->queryAllRecords($sql);
$option = '';
$tpl = array();
+ $tpls = $app->functions->htmlentities($tpls);
foreach($tpls as $item){
$option .= '<option value="' . $item['template_id'] . '|' . $item['template_name'] . '">' . $item['template_name'] . '</option>';
$tpl[$item['template_id']] = $item['template_name'];
@@ -154,7 +155,7 @@ class page_action extends tform_actions {
$tmp->id = $item['assigned_template_id'];
$tmp->data = '';
$app->plugin->raiseEvent('get_client_template_details', $tmp);
- if($tmp->data != '') $text .= '<br /><em>' . $tmp->data . '</em>';
+ if($tmp->data != '') $text .= '<br /><em>' . $app->functions->htmlentities($tmp->data) . '</em>';
$text .= '</li>';
$items[] = $item['assigned_template_id'] . ':' . $item['client_template_id'];
@@ -219,6 +220,7 @@ class page_action extends tform_actions {
// Fill the client select field
$sql = "SELECT client.client_id, sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 AND client.limit_client != 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = "<option value='0'>- ".$app->tform->lng('none_txt')." -</option>";
//$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($clients)) {
diff --git a/interface/web/client/domain_edit.php b/interface/web/client/domain_edit.php
index 67be43e04c829058babcdde95b54928964351d07..8867e295783b6280bd6d26bff8c6f5e22a29b544 100644
--- a/interface/web/client/domain_edit.php
+++ b/interface/web/client/domain_edit.php
@@ -83,6 +83,7 @@ class page_action extends tform_actions {
//$sql = "SELECT groupid, name FROM sys_group WHERE client_id > 0 ORDER BY name";
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = '';
if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
if($this->id > 0) $tmp_data_record = $app->tform->getDataRecord($this->id); else $tmp_data_record = $this->dataRecord;
@@ -98,11 +99,13 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
-
+ $client = $app->functions->htmlentities($client);
+
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
//die($sql);
$records = $app->db->queryAllRecords($sql, $client['client_id']);
+ $records = $app->functions->htmlentities($records);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
diff --git a/interface/web/client/form/client.tform.php b/interface/web/client/form/client.tform.php
index 3a8d4f2fccfc8c6ed044939233f4088e3efe4772..151c5dc95926373f089135c8fc278ddd8105d821 100644
--- a/interface/web/client/form/client.tform.php
+++ b/interface/web/client/form/client.tform.php
@@ -91,6 +91,12 @@ $form["tabs"]['address'] = array (
'company_name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -119,6 +125,10 @@ $form["tabs"]['address'] = array (
'searchable' => 1,
'filters' => array( 0 => array( 'event' => 'SAVE',
'type' => 'TRIM'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 2 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
),
'contact_name' => array (
@@ -137,6 +147,10 @@ $form["tabs"]['address'] = array (
'searchable' => 1,
'filters' => array( 0 => array( 'event' => 'SAVE',
'type' => 'TRIM'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 2 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
),
'customer_no' => array (
@@ -146,6 +160,12 @@ $form["tabs"]['address'] = array (
'errmsg'=> 'customer_no_error_unique',
'allowempty' => 'y'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -226,6 +246,12 @@ $form["tabs"]['address'] = array (
'street' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -238,6 +264,12 @@ $form["tabs"]['address'] = array (
'zip' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -250,6 +282,12 @@ $form["tabs"]['address'] = array (
'city' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -262,6 +300,12 @@ $form["tabs"]['address'] = array (
'state' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -285,6 +329,12 @@ $form["tabs"]['address'] = array (
'telephone' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -297,6 +347,12 @@ $form["tabs"]['address'] = array (
'mobile' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -309,6 +365,12 @@ $form["tabs"]['address'] = array (
'fax' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -345,6 +407,12 @@ $form["tabs"]['address'] = array (
'internet' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'http://',
'value' => '',
'separator' => '',
@@ -357,6 +425,12 @@ $form["tabs"]['address'] = array (
'icq' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -385,12 +459,22 @@ $form["tabs"]['address'] = array (
1 => array( 'event' => 'SAVE',
'type' => 'TOUPPER'),
2 => array( 'event' => 'SAVE',
- 'type' => 'NOWHITESPACE')
+ 'type' => 'NOWHITESPACE'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
),
'company_id' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -402,6 +486,12 @@ $form["tabs"]['address'] = array (
'bank_account_owner' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -413,6 +503,12 @@ $form["tabs"]['address'] = array (
'bank_account_number' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -424,6 +520,12 @@ $form["tabs"]['address'] = array (
'bank_code' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -435,6 +537,12 @@ $form["tabs"]['address'] = array (
'bank_name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -458,7 +566,11 @@ $form["tabs"]['address'] = array (
1 => array( 'event' => 'SAVE',
'type' => 'TOUPPER'),
2 => array( 'event' => 'SAVE',
- 'type' => 'NOWHITESPACE')
+ 'type' => 'NOWHITESPACE'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
),
'bank_account_swift' => array (
@@ -476,12 +588,20 @@ $form["tabs"]['address'] = array (
1 => array( 'event' => 'SAVE',
'type' => 'TOUPPER'),
2 => array( 'event' => 'SAVE',
- 'type' => 'NOWHITESPACE')
+ 'type' => 'NOWHITESPACE'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
),
'notes' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -538,6 +658,12 @@ $form["tabs"]['address'] = array (
'added_by' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => $_SESSION['s']['user']['username'],
'value' => '',
'separator' => '',
diff --git a/interface/web/client/form/client_circle.tform.php b/interface/web/client/form/client_circle.tform.php
index 91b96b3549d94c773198732b255e69a079acfbeb..64eee542d71bbc22eed2134a5775c74aa9735617 100644
--- a/interface/web/client/form/client_circle.tform.php
+++ b/interface/web/client/form/client_circle.tform.php
@@ -91,6 +91,12 @@ $form["tabs"]['circle'] = array (
'circle_name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -115,6 +121,10 @@ $form["tabs"]['circle'] = array (
'description' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'separator' => '',
diff --git a/interface/web/client/form/client_template.tform.php b/interface/web/client/form/client_template.tform.php
index 13e8cfbcce718d94b8f3518dddb26ed63d45986b..5d9f81de0b80114e81068d23f9b465939d891118 100644
--- a/interface/web/client/form/client_template.tform.php
+++ b/interface/web/client/form/client_template.tform.php
@@ -82,6 +82,12 @@ $form["tabs"]['template'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'error_template_name_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/client/form/message_template.tform.php b/interface/web/client/form/message_template.tform.php
index 14dfea1cd0904ebeec69b27c2bf1b05de435b707..ab2d19134003e949254649bfbe8cb3b219be864e 100644
--- a/interface/web/client/form/message_template.tform.php
+++ b/interface/web/client/form/message_template.tform.php
@@ -67,6 +67,12 @@ $form["tabs"]['template'] = array (
'template_name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -81,6 +87,12 @@ $form["tabs"]['template'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'subject_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
diff --git a/interface/web/client/form/reseller.tform.php b/interface/web/client/form/reseller.tform.php
index 903c8d8c0cd28260bf28d830d8736b0bd3bc5f5c..706219f76afa9f74ed177ba79cb323d0ce37ba4b 100644
--- a/interface/web/client/form/reseller.tform.php
+++ b/interface/web/client/form/reseller.tform.php
@@ -91,6 +91,12 @@ $form["tabs"]['address'] = array (
'company_name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -119,6 +125,10 @@ $form["tabs"]['address'] = array (
'searchable' => 1,
'filters' => array( 0 => array( 'event' => 'SAVE',
'type' => 'TRIM'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 2 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
),
'contact_name' => array (
@@ -137,6 +147,10 @@ $form["tabs"]['address'] = array (
'searchable' => 1,
'filters' => array( 0 => array( 'event' => 'SAVE',
'type' => 'TRIM'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 2 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
),
'customer_no' => array (
@@ -146,6 +160,12 @@ $form["tabs"]['address'] = array (
'errmsg'=> 'customer_no_error_unique',
'allowempty' => 'y'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -226,6 +246,12 @@ $form["tabs"]['address'] = array (
'street' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -238,6 +264,12 @@ $form["tabs"]['address'] = array (
'zip' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -250,6 +282,12 @@ $form["tabs"]['address'] = array (
'city' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -262,6 +300,12 @@ $form["tabs"]['address'] = array (
'state' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -286,6 +330,12 @@ $form["tabs"]['address'] = array (
'telephone' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -298,6 +348,12 @@ $form["tabs"]['address'] = array (
'mobile' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -310,6 +366,12 @@ $form["tabs"]['address'] = array (
'fax' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -343,6 +405,12 @@ $form["tabs"]['address'] = array (
'internet' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'http://',
'value' => '',
'separator' => '',
@@ -355,6 +423,12 @@ $form["tabs"]['address'] = array (
'icq' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -383,12 +457,22 @@ $form["tabs"]['address'] = array (
1 => array( 'event' => 'SAVE',
'type' => 'TOUPPER'),
2 => array( 'event' => 'SAVE',
- 'type' => 'NOWHITESPACE')
+ 'type' => 'NOWHITESPACE'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
),
'company_id' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -400,6 +484,12 @@ $form["tabs"]['address'] = array (
'bank_account_owner' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -411,6 +501,12 @@ $form["tabs"]['address'] = array (
'bank_account_number' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -422,6 +518,12 @@ $form["tabs"]['address'] = array (
'bank_code' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -433,6 +535,12 @@ $form["tabs"]['address'] = array (
'bank_name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -456,7 +564,11 @@ $form["tabs"]['address'] = array (
1 => array( 'event' => 'SAVE',
'type' => 'TOUPPER'),
2 => array( 'event' => 'SAVE',
- 'type' => 'NOWHITESPACE')
+ 'type' => 'NOWHITESPACE'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
),
'bank_account_swift' => array (
@@ -474,12 +586,20 @@ $form["tabs"]['address'] = array (
1 => array( 'event' => 'SAVE',
'type' => 'TOUPPER'),
2 => array( 'event' => 'SAVE',
- 'type' => 'NOWHITESPACE')
+ 'type' => 'NOWHITESPACE'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
),
'notes' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'separator' => '',
@@ -536,6 +656,12 @@ $form["tabs"]['address'] = array (
'added_by' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => $_SESSION['s']['user']['username'],
'value' => '',
'separator' => '',
diff --git a/interface/web/client/reseller_edit.php b/interface/web/client/reseller_edit.php
index 8ab091ef4d03517e9bec09940a07c3aeb18575ee..7a84be525300ccedf01d95ce1f7aacacf8368fe7 100644
--- a/interface/web/client/reseller_edit.php
+++ b/interface/web/client/reseller_edit.php
@@ -127,6 +127,7 @@ class page_action extends tform_actions {
$tpls = $app->db->queryAllRecords($sql);
$option = '';
$tpl = array();
+ $tpls = $app->functions->htmlentities($tpls);
foreach($tpls as $item){
$option .= '<option value="' . $item['template_id'] . '|' . $item['template_name'] . '">' . $item['template_name'] . '</option>';
$tpl[$item['template_id']] = $item['template_name'];
@@ -148,7 +149,7 @@ class page_action extends tform_actions {
$tmp->id = $item['assigned_template_id'];
$tmp->data = '';
$app->plugin->raiseEvent('get_client_template_details', $tmp);
- if($tmp->data != '') $text .= '<br /><em>' . $tmp->data . '</em>';
+ if($tmp->data != '') $text .= '<br /><em>' . $app->functions->htmlentities($tmp->data) . '</em>';
$text .= '</li>';
$items[] = $item['assigned_template_id'] . ':' . $item['client_template_id'];
diff --git a/interface/web/dns/dns_import.php b/interface/web/dns/dns_import.php
index 814db71db852522aa269ccd7d979ccfff1ef8af3..fb66b7b176ae6392add54894cab364f0b3d6fbe1 100644
--- a/interface/web/dns/dns_import.php
+++ b/interface/web/dns/dns_import.php
@@ -102,6 +102,7 @@ if($_SESSION['s']['user']['typ'] == 'admin') {
// load the list of clients
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = '';
if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
if(is_array($clients)) {
@@ -119,11 +120,12 @@ if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSIO
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
-
+ $client = $app->functions->htmlentities($client);
// load the list of clients
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $clients = $app->functions->htmlentities($clients);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
if(is_array($clients)) {
diff --git a/interface/web/dns/dns_slave_edit.php b/interface/web/dns/dns_slave_edit.php
index 44103608eb4cc7754296237dfacef777fbfd9d64..4d588ef8e032ab1e0bfd3ae270aacb6bc8292d85 100644
--- a/interface/web/dns/dns_slave_edit.php
+++ b/interface/web/dns/dns_slave_edit.php
@@ -85,6 +85,7 @@ class page_action extends tform_actions {
// Getting Domains of the user
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = '';
if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
//$tmp_data_record = $app->tform->getDataRecord($this->id);
@@ -100,10 +101,12 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT client.client_id, sys_group.name, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+ $client = $app->functions->htmlentities($client);
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $clients = $app->functions->htmlentities($clients);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
diff --git a/interface/web/dns/dns_soa_edit.php b/interface/web/dns/dns_soa_edit.php
index 8997146bb6a707ab75624a48458ccdf5699ec9eb..6faefac3903ec588d400fa2b8bb48e69a612ac35 100644
--- a/interface/web/dns/dns_soa_edit.php
+++ b/interface/web/dns/dns_soa_edit.php
@@ -107,6 +107,7 @@ class page_action extends tform_actions {
// Getting Domains of the user
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = '';
if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
//$tmp_data_record = $app->tform->getDataRecord($this->id);
@@ -122,10 +123,12 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
-
+ $client = $app->functions->htmlentities($client);
+
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $clients = $app->functions->htmlentities($clients);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php
index e163e4eeab5d33e68799c5d4720d94f52b747005..0e955bee09044a9a339b90ea74b631b0ff619db3 100644
--- a/interface/web/dns/dns_wizard.php
+++ b/interface/web/dns/dns_wizard.php
@@ -102,6 +102,7 @@ if($_SESSION['s']['user']['typ'] == 'admin') {
// load the list of clients
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = '';
if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
if(is_array($clients)) {
@@ -120,12 +121,13 @@ if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSIO
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
-
+ $client = $app->functions->htmlentities($client);
if ($domains_settings['use_domain_module'] != 'y') {
// load the list of clients
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $clients = $app->functions->htmlentities($clients);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
if(is_array($clients)) {
diff --git a/interface/web/dns/form/dns_soa.tform.php b/interface/web/dns/form/dns_soa.tform.php
index d76c403447c9224baa6062c561481318a5564786..910b2e6bb304f04ef16ca678f8ae3838ed857ea3 100644
--- a/interface/web/dns/form/dns_soa.tform.php
+++ b/interface/web/dns/form/dns_soa.tform.php
@@ -253,6 +253,12 @@ $form["tabs"]['dns_soa'] = array (
'update_acl' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -273,6 +279,10 @@ $form["tabs"]['dns_soa'] = array (
'dnssec_info' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/help/form/faq_sections.tform.php b/interface/web/help/form/faq_sections.tform.php
index 1a1076876ee720b2ce11ee564377db65ad96b5ae..86c9520f150464fc3e96845f5bfab287b3a917a0 100644
--- a/interface/web/help/form/faq_sections.tform.php
+++ b/interface/web/help/form/faq_sections.tform.php
@@ -63,6 +63,12 @@ $form['tabs']['message'] = array(
'errmsg'=> 'subject_is_empty'
),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/help/form/support_message.tform.php b/interface/web/help/form/support_message.tform.php
index d80cc158157afa3f8aa6b79fc97dddad9b76a546..caf1a010c60b355acf77a6e79eaca63556bd3bc9 100644
--- a/interface/web/help/form/support_message.tform.php
+++ b/interface/web/help/form/support_message.tform.php
@@ -100,6 +100,12 @@ $form["tabs"]['message'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'subject_is_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => $sm_default_subject,
'value' => '',
'width' => '30',
@@ -111,6 +117,10 @@ $form["tabs"]['message'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'message_is_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'cols' => '30',
diff --git a/interface/web/mail/form/mail_aliasdomain.tform.php b/interface/web/mail/form/mail_aliasdomain.tform.php
index 64c5992483e7f78cc514ec9bd7c67f812f3e1e0e..66db01e5aa51c5823670826acae8398372239036 100644
--- a/interface/web/mail/form/mail_aliasdomain.tform.php
+++ b/interface/web/mail/form/mail_aliasdomain.tform.php
@@ -103,7 +103,11 @@ $form["tabs"]['alias'] = array (
1 => array( 'event' => 'SHOW',
'type' => 'IDNTOUTF8'),
2 => array( 'event' => 'SAVE',
- 'type' => 'TOLOWER')
+ 'type' => 'TOLOWER'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
diff --git a/interface/web/mail/form/mail_blacklist.tform.php b/interface/web/mail/form/mail_blacklist.tform.php
index f0b35d21cec335be34b0cb205ab7e6bacd428ba2..8b268147fb0a18301d33da51722729f7585187c4 100644
--- a/interface/web/mail/form/mail_blacklist.tform.php
+++ b/interface/web/mail/form/mail_blacklist.tform.php
@@ -76,6 +76,12 @@ $form["tabs"]['blacklist'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'source_error_notempty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'value' => '',
'width' => '30',
'maxlength' => '255'
diff --git a/interface/web/mail/form/mail_forward.tform.php b/interface/web/mail/form/mail_forward.tform.php
index 3c891506b9e69a64abb916c9ddd3662bea4b6730..260d953982778b81ccc453b926e398f84b52f3e0 100644
--- a/interface/web/mail/form/mail_forward.tform.php
+++ b/interface/web/mail/form/mail_forward.tform.php
@@ -98,7 +98,11 @@ $form["tabs"]['forward'] = array (
1 => array( 'event' => 'SHOW',
'type' => 'IDNTOUTF8'),
2 => array( 'event' => 'SAVE',
- 'type' => 'TOLOWER')
+ 'type' => 'TOLOWER'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
diff --git a/interface/web/mail/form/mail_get.tform.php b/interface/web/mail/form/mail_get.tform.php
index 4521e4002882f1ad6c9902f7740bc029da282149..9f7de76e013273ad615082307b38f2b518c4a09b 100644
--- a/interface/web/mail/form/mail_get.tform.php
+++ b/interface/web/mail/form/mail_get.tform.php
@@ -109,6 +109,12 @@ $form["tabs"]['mailget'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'source_username_error_isempty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/mail/form/mail_mailinglist.tform.php b/interface/web/mail/form/mail_mailinglist.tform.php
index 24c4f003c9ef4f9ebff5f3cc1c4269b13dbcfb11..ba877f410cec3f6c57b4dbe571d2691c9f905d46 100644
--- a/interface/web/mail/form/mail_mailinglist.tform.php
+++ b/interface/web/mail/form/mail_mailinglist.tform.php
@@ -104,6 +104,12 @@ $form["tabs"]['mailinglist'] = array (
1 => array ( 'type' => 'UNIQUE',
'errmsg'=> 'listname_error_unique'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/mail/form/mail_relay_recipient.tform.php b/interface/web/mail/form/mail_relay_recipient.tform.php
index 4c5b2b1db1656d4fcad9531f45f216733bf997f7..34c23861e47fbfd5f8b01fded64c9f62f643c4b4 100644
--- a/interface/web/mail/form/mail_relay_recipient.tform.php
+++ b/interface/web/mail/form/mail_relay_recipient.tform.php
@@ -76,6 +76,12 @@ $form["tabs"]['relay_recipient'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'source_error_notempty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'value' => '',
'width' => '30',
'maxlength' => '255'
@@ -83,6 +89,12 @@ $form["tabs"]['relay_recipient'] = array (
'access' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'OK',
'value' => 'OK',
'width' => '30',
diff --git a/interface/web/mail/form/mail_spamfilter.tform.php b/interface/web/mail/form/mail_spamfilter.tform.php
index fe3f6c0f2695f6f77e3f94105fd10dd60e546a06..fb9a3c311be5679cc1f2d963cf4e16d00da2ceca 100644
--- a/interface/web/mail/form/mail_spamfilter.tform.php
+++ b/interface/web/mail/form/mail_spamfilter.tform.php
@@ -108,6 +108,12 @@ $form["tabs"]['spamfilter'] = array (
'spam_rewrite_subject' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '***SPAM***',
'value' => '',
'width' => '30',
diff --git a/interface/web/mail/form/mail_transport.tform.php b/interface/web/mail/form/mail_transport.tform.php
index 000584246bbd0b8999832707ab5360732ab4cdb9..ee3c52b447d311cf742977a6d558b7754c042a7e 100644
--- a/interface/web/mail/form/mail_transport.tform.php
+++ b/interface/web/mail/form/mail_transport.tform.php
@@ -82,7 +82,11 @@ $form["tabs"]['transport'] = array (
1 => array( 'event' => 'SHOW',
'type' => 'IDNTOUTF8'),
2 => array( 'event' => 'SAVE',
- 'type' => 'TOLOWER')
+ 'type' => 'TOLOWER'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
@@ -93,6 +97,12 @@ $form["tabs"]['transport'] = array (
'transport' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/mail/form/mail_user.tform.php b/interface/web/mail/form/mail_user.tform.php
index 3d2b66daac0e56cedcc605db22a30261bc067938..631c507f900be8866843cb02c9d2bb509fcea648 100644
--- a/interface/web/mail/form/mail_user.tform.php
+++ b/interface/web/mail/form/mail_user.tform.php
@@ -211,6 +211,12 @@ $form["tabs"]['mailuser'] = array(
'maildir' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -219,6 +225,12 @@ $form["tabs"]['mailuser'] = array(
'maildir_format' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -227,6 +239,12 @@ $form["tabs"]['mailuser'] = array(
'homedir' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -310,6 +328,12 @@ if ($global_config['mail']['mailbox_show_autoresponder_tab'] === 'y') {
'autoresponder_subject' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'Out of office reply',
'value' => '',
'width' => '30',
@@ -318,6 +342,10 @@ if ($global_config['mail']['mailbox_show_autoresponder_tab'] === 'y') {
'autoresponder_text' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'cols' => '30',
diff --git a/interface/web/mail/form/mail_user_filter.tform.php b/interface/web/mail/form/mail_user_filter.tform.php
index d5f6a0ab5bd719bf0de027a2f86f297c68c04759..becb09351e869b3e4e3ccfd73ab635a1de40beff 100644
--- a/interface/web/mail/form/mail_user_filter.tform.php
+++ b/interface/web/mail/form/mail_user_filter.tform.php
@@ -73,6 +73,12 @@ $form["tabs"]['filter'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'rulename_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -97,6 +103,10 @@ $form["tabs"]['filter'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'searchterm_is_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/mail/form/mail_whitelist.tform.php b/interface/web/mail/form/mail_whitelist.tform.php
index ce8f954e5be9b6510144d7cdff0d578bd258702c..00fc971647ef9c87fea815e4f2fb958d03f182c0 100644
--- a/interface/web/mail/form/mail_whitelist.tform.php
+++ b/interface/web/mail/form/mail_whitelist.tform.php
@@ -76,6 +76,12 @@ $form["tabs"]['whitelist'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'source_error_notempty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'value' => '',
'width' => '30',
'maxlength' => '255'
@@ -83,6 +89,12 @@ $form["tabs"]['whitelist'] = array (
'access' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'OK',
'value' => 'OK',
'width' => '30',
diff --git a/interface/web/mail/form/spamfilter_blacklist.tform.php b/interface/web/mail/form/spamfilter_blacklist.tform.php
index a6637473eba94f8dee3374506326d1c161858fee..3514eed4344fa049149bc32ec96d9dd40addffb9 100644
--- a/interface/web/mail/form/spamfilter_blacklist.tform.php
+++ b/interface/web/mail/form/spamfilter_blacklist.tform.php
@@ -72,6 +72,12 @@ $form["tabs"]['blacklist'] = array (
'wb' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'B',
'value' => array('W' => 'blacklist', 'B' => 'Blacklist')
),
@@ -90,6 +96,17 @@ $form["tabs"]['blacklist'] = array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
+ 'filters' => array( 0 => array( 'event' => 'SAVE',
+ 'type' => 'IDNTOASCII'),
+ 1 => array( 'event' => 'SHOW',
+ 'type' => 'IDNTOUTF8'),
+ 2 => array( 'event' => 'SAVE',
+ 'type' => 'TOLOWER'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'email_error_notempty'),
),
diff --git a/interface/web/mail/form/spamfilter_policy.tform.php b/interface/web/mail/form/spamfilter_policy.tform.php
index da63732c80a24a3a5e6695980c9fcc767e4bb09b..31e8b8092a0833023f677dc7ea9a6ccef7e40a0a 100644
--- a/interface/web/mail/form/spamfilter_policy.tform.php
+++ b/interface/web/mail/form/spamfilter_policy.tform.php
@@ -65,6 +65,12 @@ $form["tabs"]['policy'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'policyname_error_notempty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'value' => '',
'width' => '30',
'maxlength' => '255'
@@ -129,6 +135,12 @@ $form["tabs"]['quarantine'] = array (
'virus_quarantine_to' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -137,6 +149,12 @@ $form["tabs"]['quarantine'] = array (
'spam_quarantine_to' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -145,6 +163,12 @@ $form["tabs"]['quarantine'] = array (
'banned_quarantine_to' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -153,6 +177,12 @@ $form["tabs"]['quarantine'] = array (
'bad_header_quarantine_to' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -161,6 +191,12 @@ $form["tabs"]['quarantine'] = array (
'clean_quarantine_to' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -169,6 +205,12 @@ $form["tabs"]['quarantine'] = array (
'other_quarantine_to' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -237,6 +279,12 @@ $form["tabs"]['taglevel'] = array (
'spam_subject_tag' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -245,6 +293,12 @@ $form["tabs"]['taglevel'] = array (
'spam_subject_tag2' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -268,6 +322,12 @@ $form["tabs"]['other'] = array (
'addr_extension_virus' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -276,6 +336,12 @@ $form["tabs"]['other'] = array (
'addr_extension_spam' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -284,6 +350,12 @@ $form["tabs"]['other'] = array (
'addr_extension_banned' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -292,6 +364,12 @@ $form["tabs"]['other'] = array (
'addr_extension_bad_header' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -318,6 +396,12 @@ $form["tabs"]['other'] = array (
'newvirus_admin' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -326,6 +410,12 @@ $form["tabs"]['other'] = array (
'virus_admin' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -334,6 +424,12 @@ $form["tabs"]['other'] = array (
'banned_admin' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -342,6 +438,12 @@ $form["tabs"]['other'] = array (
'bad_header_admin' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -350,6 +452,12 @@ $form["tabs"]['other'] = array (
'spam_admin' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -367,6 +475,12 @@ $form["tabs"]['other'] = array (
'banned_rulenames' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/mail/form/spamfilter_users.tform.php b/interface/web/mail/form/spamfilter_users.tform.php
index 0eba0bbefbcc228b29b4f5102f49122b0bd4eb0a..1ed9e54b0d86c66d34c71dcc9fc5acea9122daf8 100644
--- a/interface/web/mail/form/spamfilter_users.tform.php
+++ b/interface/web/mail/form/spamfilter_users.tform.php
@@ -91,7 +91,11 @@ $form["tabs"]['users'] = array (
'formtype' => 'TEXT',
'default' => '',
'filters' => array( 0 => array( 'event' => 'SAVE',
- 'type' => 'TOLOWER')
+ 'type' => 'TOLOWER'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 2 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'email_error_notempty'),
@@ -107,6 +111,12 @@ $form["tabs"]['users'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'fullname_error_notempty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'value' => '',
'width' => '30',
'maxlength' => '255'
diff --git a/interface/web/mail/form/spamfilter_whitelist.tform.php b/interface/web/mail/form/spamfilter_whitelist.tform.php
index 5f8a176be715b1e60e14da5d799a6f8fadb7d4e1..f0802fa4912c2e8f298f221e3387470f963bc0f8 100644
--- a/interface/web/mail/form/spamfilter_whitelist.tform.php
+++ b/interface/web/mail/form/spamfilter_whitelist.tform.php
@@ -72,6 +72,12 @@ $form["tabs"]['whitelist'] = array (
'wb' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'W',
'value' => array('W' => 'Whitelist', 'B' => 'Blacklist')
),
@@ -95,7 +101,11 @@ $form["tabs"]['whitelist'] = array (
1 => array( 'event' => 'SHOW',
'type' => 'IDNTOUTF8'),
2 => array( 'event' => 'SAVE',
- 'type' => 'TOLOWER')
+ 'type' => 'TOLOWER'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'email_error_notempty'),
diff --git a/interface/web/mail/form/xmpp_domain.tform.php b/interface/web/mail/form/xmpp_domain.tform.php
index 095c72fba2317415284885be53849b5fa03f02c8..bbe694f9fd389fe24d741fb02c739e3a1b40362d 100644
--- a/interface/web/mail/form/xmpp_domain.tform.php
+++ b/interface/web/mail/form/xmpp_domain.tform.php
@@ -139,12 +139,22 @@ $form["tabs"]['domain'] = array (
'registration_message' => array(
'datatype' => 'TEXT',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => "",
'value' => ''
),
'domain_admins' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '15',
diff --git a/interface/web/mail/mail_domain_edit.php b/interface/web/mail/mail_domain_edit.php
index ad383c474bc7ad45204e48acd7d5592624791a64..7565752bd31c575d38731fe09af55c191ba81c70 100644
--- a/interface/web/mail/mail_domain_edit.php
+++ b/interface/web/mail/mail_domain_edit.php
@@ -80,6 +80,7 @@ class page_action extends tform_actions {
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = '';
if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
//$tmp_data_record = $app->tform->getDataRecord($this->id);
@@ -96,6 +97,7 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.default_mailserver, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ? order by client.contact_name", $client_group_id);
+ $client = $app->functions->htmlentities($client);
// Set the mailserver to the default server of the client
$tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $client['default_mailserver']);
@@ -106,6 +108,7 @@ class page_action extends tform_actions {
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $clients = $app->functions->htmlentities($clients);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
diff --git a/interface/web/mail/mail_mailinglist_edit.php b/interface/web/mail/mail_mailinglist_edit.php
index 5515670734700a4ec1c700085dadd0eb073df24e..1419627529253adf23bba5bdfb5f00ba0de749d5 100644
--- a/interface/web/mail/mail_mailinglist_edit.php
+++ b/interface/web/mail/mail_mailinglist_edit.php
@@ -74,6 +74,7 @@ class page_action extends tform_actions {
// Getting Clients of the user
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = '';
if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
$tmp_data_record = $app->tform->getDataRecord($this->id);
@@ -90,10 +91,12 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.default_mailserver, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ? order by contact_name", $client_group_id);
+ $client = $app->functions->htmlentities($client);
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $clients = $app->functions->htmlentities($clients);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
$tmp_data_record = $app->tform->getDataRecord($this->id);
diff --git a/interface/web/mail/xmpp_domain_edit.php b/interface/web/mail/xmpp_domain_edit.php
index ec5a5fc11bb67e114f6b77c8ecb65473e1055de3..39132011148a73989d67a73cc7057e234f65bb2d 100644
--- a/interface/web/mail/xmpp_domain_edit.php
+++ b/interface/web/mail/xmpp_domain_edit.php
@@ -108,6 +108,7 @@ class page_action extends tform_actions {
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = '';
if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
//$tmp_data_record = $app->tform->getDataRecord($this->id);
@@ -124,11 +125,13 @@ class page_action extends tform_actions {
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ? order by client.contact_name", $client_group_id);
+ $client = $app->functions->htmlentities($client);
if ($settings['use_domain_module'] != 'y') {
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $clients = $app->functions->htmlentities($clients);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
diff --git a/interface/web/mailuser/form/mail_user_autoresponder.tform.php b/interface/web/mailuser/form/mail_user_autoresponder.tform.php
index 44ce15cd5c9bc2830c8da3a4305fd6eb617449ad..e642534c13fbf34250aedf51ba88173395857f93 100644
--- a/interface/web/mailuser/form/mail_user_autoresponder.tform.php
+++ b/interface/web/mailuser/form/mail_user_autoresponder.tform.php
@@ -62,6 +62,12 @@ $form["tabs"]['autoresponder'] = array (
'autoresponder_subject' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => 'Out of office reply',
'value' => '',
'width' => '30',
@@ -70,6 +76,10 @@ $form["tabs"]['autoresponder'] = array (
'autoresponder_text' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'cols' => '30',
diff --git a/interface/web/sites/database_user_edit.php b/interface/web/sites/database_user_edit.php
index 5224cc50a8cca00470c69c3800dbbd9b50e61e29..e7bfa611a937be481efde7ae8ba7a8308cbaf01c 100644
--- a/interface/web/sites/database_user_edit.php
+++ b/interface/web/sites/database_user_edit.php
@@ -87,6 +87,7 @@ class page_action extends tform_actions {
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$records = $app->db->queryAllRecords($sql, $client['client_id']);
+ $records = $app->functions->htmlentities($records);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contact_name'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
@@ -101,6 +102,7 @@ class page_action extends tform_actions {
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = "<option value='0'></option>";
//$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($clients)) {
diff --git a/interface/web/sites/form/web_vhost_domain.tform.php b/interface/web/sites/form/web_vhost_domain.tform.php
index 4b709eeda40bd92441e52b167a0bf63201dabb6e..071efbb9a9b18d224d243ee8be78222393a07cf8 100644
--- a/interface/web/sites/form/web_vhost_domain.tform.php
+++ b/interface/web/sites/form/web_vhost_domain.tform.php
@@ -520,6 +520,12 @@ if($ssl_available) {
'ssl_domain' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -528,6 +534,10 @@ if($ssl_available) {
'ssl_key' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'cols' => '30',
@@ -536,6 +546,10 @@ if($ssl_available) {
'ssl_request' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'cols' => '30',
@@ -544,6 +558,10 @@ if($ssl_available) {
'ssl_cert' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'cols' => '30',
@@ -552,6 +570,10 @@ if($ssl_available) {
'ssl_bundle' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'cols' => '30',
diff --git a/interface/web/sites/form/webdav_user.tform.php b/interface/web/sites/form/webdav_user.tform.php
index a1bfd3056d6a7479e20034bbeb913db30849d0a1..8d5c0c561f29b4a33db9da70f05367d5163ec21b 100644
--- a/interface/web/sites/form/webdav_user.tform.php
+++ b/interface/web/sites/form/webdav_user.tform.php
@@ -130,6 +130,12 @@ $form["tabs"]['webdav'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'directory_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/sites/web_vhost_domain_edit.php b/interface/web/sites/web_vhost_domain_edit.php
index 82cf226a374ce4858f6f251ac227bd53aad7f085..023f8db0c52938f467b5c3eb5c8ba6d61e9420c5 100644
--- a/interface/web/sites/web_vhost_domain_edit.php
+++ b/interface/web/sites/web_vhost_domain_edit.php
@@ -290,6 +290,7 @@ class page_action extends tform_actions {
} elseif($this->_vhostdomain_type == 'aliasdomain') {
$client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_aliasdomain, client.web_servers, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
}
+ $client = $app->functions->htmlentities($client);
$client['web_servers_ids'] = explode(',', $client['web_servers']);
$only_one_server = count($client['web_servers_ids']) === 1;
@@ -326,6 +327,7 @@ class page_action extends tform_actions {
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$records = $app->db->queryAllRecords($sql, $client['client_id']);
+ $records = $app->functions->htmlentities($records);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
@@ -585,6 +587,7 @@ class page_action extends tform_actions {
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = "<option value='0'></option>";
//$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($clients)) {
diff --git a/interface/web/vm/form/openvz_ostemplate.tform.php b/interface/web/vm/form/openvz_ostemplate.tform.php
index 07eeafef0f8d349e1e951d2efe702963d078f33a..a28bbc6adeaf9ea3d28318f1d6d63945b5230db3 100644
--- a/interface/web/vm/form/openvz_ostemplate.tform.php
+++ b/interface/web/vm/form/openvz_ostemplate.tform.php
@@ -69,6 +69,12 @@ $form["tabs"]['main'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'template_name_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -81,6 +87,12 @@ $form["tabs"]['main'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'template_file_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -113,6 +125,10 @@ $form["tabs"]['main'] = array (
'description' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'separator' => '',
diff --git a/interface/web/vm/form/openvz_template.tform.php b/interface/web/vm/form/openvz_template.tform.php
index 8279ce085c8566a0b41096b2800f1b5013d0d919..1a069361cbdeb6d74ff5b792aab36f1a0dcc6efa 100644
--- a/interface/web/vm/form/openvz_template.tform.php
+++ b/interface/web/vm/form/openvz_template.tform.php
@@ -69,6 +69,12 @@ $form["tabs"]['main'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'template_name_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -155,6 +161,12 @@ $form["tabs"]['main'] = array (
'hostname' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
@@ -172,6 +184,12 @@ $form["tabs"]['main'] = array (
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'template_nameserver_error_empty'),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '8.8.8.8 8.8.4.4',
'value' => '',
'width' => '30',
@@ -187,6 +205,10 @@ $form["tabs"]['main'] = array (
'description' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'separator' => '',
diff --git a/interface/web/vm/form/openvz_vm.tform.php b/interface/web/vm/form/openvz_vm.tform.php
index 44f20dc6ec496da791cf5106a4def0cd222431cf..fe61e27c453e2957d5c8066ba50bccc6d98e258a 100644
--- a/interface/web/vm/form/openvz_vm.tform.php
+++ b/interface/web/vm/form/openvz_vm.tform.php
@@ -122,7 +122,11 @@ $form["tabs"]['main'] = array (
1 => array( 'event' => 'SHOW',
'type' => 'IDNTOUTF8'),
2 => array( 'event' => 'SAVE',
- 'type' => 'TOLOWER')
+ 'type' => 'TOLOWER'),
+ 3 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 4 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
),
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'hostname_error_empty'),
@@ -178,6 +182,10 @@ $form["tabs"]['main'] = array (
'description' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS')
+ ),
'default' => '',
'value' => '',
'separator' => '',
diff --git a/interface/web/vm/openvz_vm_edit.php b/interface/web/vm/openvz_vm_edit.php
index 69265885cd9e3d0e6a104cabf09066847068f09c..2a5b12f3d712886143a05b65acdfbed536afcad1 100644
--- a/interface/web/vm/openvz_vm_edit.php
+++ b/interface/web/vm/openvz_vm_edit.php
@@ -97,11 +97,12 @@ class page_action extends tform_actions {
//* Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.limit_openvz_vm_template_id, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
-
+ $client = $app->functions->htmlentities($client);
//* Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$records = $app->db->queryAllRecords($sql, $client['client_id']);
+ $records = $app->functions->htmlentities($records);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
@@ -134,6 +135,7 @@ class page_action extends tform_actions {
//* Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
+ $clients = $app->functions->htmlentities($clients);
$client_select = "<option value='0'></option>";
//$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($clients)) {