Commit 5008d8ce authored by Marius Burkard's avatar Marius Burkard

- further XSS fixes for #4902 (reflected XSS)

parent e42cd413
......@@ -298,14 +298,14 @@ class app {
$this->tpl->setVar('phpsessid', session_id());
$this->tpl->setVar('theme', $_SESSION['s']['theme']);
$this->tpl->setVar('theme', $_SESSION['s']['theme'], true);
$this->tpl->setVar('html_content_encoding', $this->_conf['html_content_encoding']);
$this->tpl->setVar('delete_confirmation', $this->lng('delete_confirmation'));
//print_r($_SESSION);
if(isset($_SESSION['s']['module']['name'])) {
$this->tpl->setVar('app_module', $_SESSION['s']['module']['name']);
$this->tpl->setVar('session_module', $_SESSION['s']['module']['name']);
$this->tpl->setVar('app_module', $_SESSION['s']['module']['name'], true);
$this->tpl->setVar('session_module', $_SESSION['s']['module']['name'], true);
}
if(isset($_SESSION['s']['user']) && $_SESSION['s']['user']['typ'] == 'admin') {
$this->tpl->setVar('is_admin', 1);
......@@ -315,7 +315,7 @@ class app {
}
/* Show username */
if(isset($_SESSION['s']['user'])) {
$this->tpl->setVar('cpuser', $_SESSION['s']['user']['username']);
$this->tpl->setVar('cpuser', $_SESSION['s']['user']['username'], true);
$this->tpl->setVar('logout_txt', $this->lng('logout_txt'));
/* Show search field only for normal users, not mail users */
if(stristr($_SESSION['s']['user']['username'], '@')){
......
......@@ -56,7 +56,7 @@ class plugin_listview extends plugin_base {
// $app->listform->listDef["page_params"] = "&id=".$app->tform_actions->id."&next_tab=".$_SESSION["s"]["form"]["tab"];
$app->listform->listDef["page_params"] = "&id=".$this->form->id."&next_tab=".$_SESSION["s"]["form"]["tab"];
$listTpl->setVar('parent_id', $this->form->id);
$listTpl->setVar('theme', $_SESSION['s']['theme']);
$listTpl->setVar('theme', $_SESSION['s']['theme'], true);
// Generate the SQL for searching
$sql_where = "";
......@@ -193,13 +193,13 @@ class plugin_listview extends plugin_base {
$listTpl->setVar('phpsessid', session_id());
$listTpl->setVar('theme', $_SESSION['s']['theme']);
$listTpl->setVar('theme', $_SESSION['s']['theme'], true);
$listTpl->setVar('html_content_encoding', $app->_conf['html_content_encoding']);
$listTpl->setVar('delete_confirmation', $app->lng('delete_confirmation'));
//print_r($_SESSION);
if(isset($_SESSION['s']['module']['name'])) {
$listTpl->setVar('app_module', $_SESSION['s']['module']['name']);
$listTpl->setVar('app_module', $_SESSION['s']['module']['name'], true);
}
if(isset($_SESSION['s']['user']) && $_SESSION['s']['user']['typ'] == 'admin') {
$listTpl->setVar('is_admin', 1);
......@@ -209,7 +209,7 @@ class plugin_listview extends plugin_base {
}
/* Show username */
if(isset($_SESSION['s']['user'])) {
$listTpl->setVar('cpuser', $_SESSION['s']['user']['username']);
$listTpl->setVar('cpuser', $_SESSION['s']['user']['username'], true);
$listTpl->setVar('logout_txt', $app->lng('logout_txt'));
/* Show search field only for normal users, not mail users */
if(stristr($_SESSION['s']['user']['username'], '@')){
......
......@@ -114,9 +114,9 @@ if(isset($_POST) && count($_POST) > 1) {
}
} else {
$app->tpl->setVar('sender', $_POST['sender']);
$app->tpl->setVar('subject', $_POST['subject']);
$app->tpl->setVar('message', $_POST['message']);
$app->tpl->setVar('sender', $_POST['sender'], true);
$app->tpl->setVar('subject', $_POST['subject'], true);
$app->tpl->setVar('message', $_POST['message'], true);
}
} else {
// pre-fill Sender field with reseller's email address
......
......@@ -183,7 +183,7 @@ if(is_array($fields)) {
} else {
$app->tpl->setVar($field."_VISIBLE", 1);
$field = strtolower($field);
$app->tpl->setVar($field, $_POST[$field]);
$app->tpl->setVar($field, $_POST[$field], true);
}
}
}
......
......@@ -41,7 +41,7 @@ if(!isset($_SESSION['s']['module']['name'])) $_SESSION['s']['module']['name'] =
$app->uses('tpl');
$app->tpl->newTemplate('main.tpl.htm');
$app->tpl->setVar('startpage', isset($_SESSION['s']['module']['startpage']) ? $_SESSION['s']['module']['startpage'] : '');
$app->tpl->setVar('startpage', isset($_SESSION['s']['module']['startpage']) ? $_SESSION['s']['module']['startpage'] : '', true);
$app->tpl->setVar('logged_in', ($_SESSION['s']['user']['active'] != 1 ? 'n' : 'y'));
// tab change warning?
......@@ -93,7 +93,7 @@ if(@is_dir($js_d)) {
if (!empty($js_d_files)) $app->tpl->setLoop('js_d_includes', $js_d_files);
unset($js_d_files);
$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default');
$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default', true);
// Logo
$logo = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1");
......
......@@ -340,7 +340,7 @@ $app->tpl->setVar('login_button_txt', $app->lng('login_button_txt'));
$app->tpl->setVar('session_timeout', $server_config_array['session_timeout']);
$app->tpl->setVar('session_allow_endless', $server_config_array['session_allow_endless']);
//$app->tpl->setInclude('content_tpl', 'login/templates/index.htm');
$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default');
$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default', true);
//die(isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default');
// Logo
......
......@@ -156,7 +156,7 @@ if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '
if(isset($_POST) && count($_POST) > 0) $app->tpl->setVar("msg", $wb['pw_error_noinput']);
}
$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default');
$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default', true);
// Logo
$logo = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1");
......
......@@ -56,7 +56,7 @@ $_SESSION['s']['var']['childdomain_type'] = $show_type;
class list_action extends listform_actions {
function onShow() {
global $app;
$app->tpl->setVar('childdomain_type', $_SESSION['s']['var']['childdomain_type']);
$app->tpl->setVar('childdomain_type', $_SESSION['s']['var']['childdomain_type'], true);
parent::onShow();
}
......
......@@ -68,7 +68,7 @@ $_SESSION['s']['var']['vhostdomain_type'] = $show_type;
class list_action extends listform_actions {
function onShow() {
global $app;
$app->tpl->setVar('vhostdomain_type', $_SESSION['s']['var']['vhostdomain_type']);
$app->tpl->setVar('vhostdomain_type', $_SESSION['s']['var']['vhostdomain_type'], true);
parent::onShow();
}
......
......@@ -50,10 +50,10 @@ if(isset($_POST['start']) && $_POST['start'] == 1) {
$app->auth->csrf_token_check();
//* Set variable sin template
$app->tpl->setVar('dbhost', $_POST['dbhost']);
$app->tpl->setVar('dbname', $_POST['dbname']);
$app->tpl->setVar('dbuser', $_POST['dbuser']);
$app->tpl->setVar('dbpassword', $_POST['dbpassword']);
$app->tpl->setVar('dbhost', $_POST['dbhost'], true);
$app->tpl->setVar('dbname', $_POST['dbname'], true);
$app->tpl->setVar('dbuser', $_POST['dbuser'], true);
$app->tpl->setVar('dbpassword', $_POST['dbpassword'], true);
//* Establish connection to external database
$msg .= 'Connecting to external database...<br />';
......
......@@ -142,9 +142,9 @@ if(isset($_POST['connected'])) {
}
$app->tpl->setVar('remote_server', $_POST['remote_server']);
$app->tpl->setVar('remote_user', $_POST['remote_user']);
$app->tpl->setVar('remote_password', $_POST['remote_password']);
$app->tpl->setVar('remote_server', $_POST['remote_server'], true);
$app->tpl->setVar('remote_user', $_POST['remote_user'], true);
$app->tpl->setVar('remote_password', $_POST['remote_password'], true);
$app->tpl->setVar('connected', $connected);
$app->tpl->setVar('remote_session_id', $remote_session_id);
$app->tpl->setVar('msg', $msg);
......
......@@ -84,11 +84,11 @@ if(isset($_POST['db_hostname']) && $_POST['db_hostname'] != '') {
$_POST['local_server_id'] = 1;
}
$app->tpl->setVar('db_hostname', $_POST['db_hostname']);
$app->tpl->setVar('db_user', $_POST['db_user']);
$app->tpl->setVar('db_password', $_POST['db_password']);
$app->tpl->setVar('db_name', $_POST['db_name']);
$app->tpl->setVar('local_server_id', $_POST['local_server_id']);
$app->tpl->setVar('db_hostname', $_POST['db_hostname'], true);
$app->tpl->setVar('db_user', $_POST['db_user'], true);
$app->tpl->setVar('db_password', $_POST['db_password'], true);
$app->tpl->setVar('db_name', $_POST['db_name'], true);
$app->tpl->setVar('local_server_id', $_POST['local_server_id'], true);
$app->tpl->setVar('msg', $msg);
$app->tpl->setVar('error', $error);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment