From 0e6d0529d5f9b1d139ff66d0f70312fdfa21d4c0 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Mon, 6 Aug 2018 15:36:02 +0200
Subject: [PATCH] Some improvements for Commit a39f3677

---
 interface/web/admin/form/server_config.tform.php | 8 ++++++++
 interface/web/sites/web_vhost_domain_edit.php    | 6 +++---
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/interface/web/admin/form/server_config.tform.php b/interface/web/admin/form/server_config.tform.php
index a39cc3b993..a127430494 100644
--- a/interface/web/admin/form/server_config.tform.php
+++ b/interface/web/admin/form/server_config.tform.php
@@ -1101,6 +1101,14 @@ $form["tabs"]['web'] = array(
 			'validators' => array(	0 => array('type' => 'NOTEMPTY',
 										'errmsg' => 'php_default_name_error_empty'),
 			),
+			'filters'   => array(
+					0 => array( 'event' => 'SAVE',
+					'type' => 'TRIM'),
+					1 => array( 'event' => 'SAVE',
+					'type' => 'STRIPTAGS'),
+					2 => array( 'event' => 'SAVE',
+					'type' => 'STRIPNL')
+			),
 			'width' => '40',
 			'maxlength' => '255'
 		),
diff --git a/interface/web/sites/web_vhost_domain_edit.php b/interface/web/sites/web_vhost_domain_edit.php
index 029df1cbef..19e4c4c23b 100644
--- a/interface/web/sites/web_vhost_domain_edit.php
+++ b/interface/web/sites/web_vhost_domain_edit.php
@@ -257,7 +257,7 @@ class page_action extends tform_actions {
 					$php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ? AND (client_id = 0 OR client_id=?) AND active = 'y'", $parent_domain['server_id'], $_SESSION['s']['user']['client_id']);
 				}
 			}
-			$php_select = "<option value=''>".$web_config['php_default_name']."</option>";
+			$php_select = "<option value=''>".$app->functions->htmlentities($web_config['php_default_name'])."</option>";
 			if(is_array($php_records) && !empty($php_records)) {
 				foreach( $php_records as $php_record) {
 					if($this->dataRecord['php'] == 'php-fpm' || ($this->dataRecord['php'] == 'hhvm' && $server_type == 'nginx')){
@@ -404,7 +404,7 @@ class page_action extends tform_actions {
 					$php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ? AND (client_id = 0 OR client_id=?) AND active = 'y'", $parent_domain['server_id'], $_SESSION['s']['user']['client_id']);
 				}
 			}
-			$php_select = "<option value=''>".$web_config['php_default_name']."</option>";
+			$php_select = "<option value=''>".$app->functions->htmlentities($web_config['php_default_name'])."</option>";
 			if(is_array($php_records) && !empty($php_records)) {
 				foreach( $php_records as $php_record) {
 					if($this->dataRecord['php'] == 'php-fpm' || ($this->dataRecord['php'] == 'hhvm' && $server_type == 'nginx')){
@@ -624,7 +624,7 @@ class page_action extends tform_actions {
 					$php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ? AND active = 'y'", $parent_domain['server_id']);
 				}
 			}
-			$php_select = "<option value=''>".$web_config['php_default_name']."</option>";
+			$php_select = "<option value=''>".$app->functions->htmlentities($web_config['php_default_name'])."</option>";
 			if(is_array($php_records) && !empty($php_records)) {
 				foreach( $php_records as $php_record) {
 					if($this->dataRecord['php'] == 'php-fpm' || ($this->dataRecord['php'] == 'hhvm' && $server_type == 'nginx')){
-- 
GitLab