Skip to content

Commit a31c64a

Browse files
author
Till Brehm
committed
Merge branch 'stable-3.1' of git.ispconfig.org:ispconfig/ispconfig3 into stable-3.1
2 parents f45cfd8 + 75c2ae3 commit a31c64a

File tree

114 files changed

+1146
-116
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

114 files changed

+1146
-116
lines changed

interface/lib/classes/functions.inc.php

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -454,6 +454,25 @@ public function generate_ssh_key($client_id, $username = ''){
454454
$app->log("Failed to create SSH keypair for ".$username, LOGLEVEL_WARN);
455455
}
456456
}
457+
458+
public function htmlentities($value) {
459+
global $conf;
460+
461+
if(is_array($value)) {
462+
$out = array();
463+
foreach($value as $key => $val) {
464+
if(is_array($val)) {
465+
$out[$key] = $this->htmlentities($val);
466+
} else {
467+
$out[$key] = htmlentities($val, ENT_QUOTES, $conf["html_content_encoding"]);
468+
}
469+
}
470+
} else {
471+
$out = htmlentities($value, ENT_QUOTES, $conf["html_content_encoding"]);
472+
}
473+
474+
return $out;
475+
}
457476
}
458477

459478
?>

interface/lib/classes/listform.inc.php

Lines changed: 3 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -179,6 +179,7 @@ public function getSearchSQL($sql_where = '')
179179
&& $k == $_SESSION['search'][$list_name][$search_prefix.$field]
180180
&& $_SESSION['search'][$list_name][$search_prefix.$field] != '')
181181
? ' SELECTED' : '';
182+
$v = $app->functions->htmlentities($v);
182183
$out .= "<option value='$k'$selected>$v</option>\r\n";
183184
}
184185
}
@@ -610,17 +611,8 @@ function lng($msg) {
610611
}
611612

612613
function escapeArrayValues($search_values) {
613-
global $conf;
614-
615-
$out = array();
616-
if(is_array($search_values)) {
617-
foreach($search_values as $key => $val) {
618-
$out[$key] = htmlentities($val, ENT_QUOTES, $conf["html_content_encoding"]);
619-
}
620-
}
621-
622-
return $out;
623-
614+
global $app;
615+
return $app->functions->htmlentities($search_values);
624616
}
625617

626618
}

interface/lib/classes/listform_actions.inc.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -180,7 +180,7 @@ public function prepareDataRow($rec)
180180
$rec['_'.$key.'_'] = (strtolower($rec[$key]) == 'y')?'x16/tick_circle.png':'x16/cross_circle.png';
181181
}
182182
//* substitute value for select field
183-
$rec[$key] = @$field['value'][$rec[$key]];
183+
$rec[$key] = $app->functions->htmlentities(@$field['value'][$rec[$key]]);
184184
}
185185
}
186186
}

interface/lib/classes/quota_lib.inc.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -243,7 +243,8 @@ public function get_mailquota_data($clientid = null, $readable = true) {
243243
if(is_array($emails) && !empty($emails)){
244244
for($i=0;$i<sizeof($emails);$i++){
245245
$email = $emails[$i]['email'];
246-
246+
247+
$emails[$i]['name'] = $app->functions->htmlentities($emails[$i]['name']);
247248
$emails[$i]['used'] = isset($monitor_data[$email]['used']) ? $monitor_data[$email]['used'] : array(1 => 0);
248249

249250
if (!is_numeric($emails[$i]['used'])) $emails[$i]['used']=$emails[$i]['used'][1];

interface/lib/classes/tform_base.inc.php

Lines changed: 14 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -473,8 +473,8 @@ function getHTML($record, $tab, $action = 'NEW') {
473473
if(is_array($field['value'])) {
474474
foreach($field['value'] as $k => $v) {
475475
$selected = ($k == $val)?' SELECTED':'';
476-
if(isset($this->wordbook[$v]))
477-
$v = $this->wordbook[$v];
476+
if(isset($this->wordbook[$v])) $v = $this->wordbook[$v];
477+
else $v = $app->functions->htmlentities($v);
478478
$out .= "<option value='$k'$selected>".$this->lng($v)."</option>\r\n";
479479
}
480480
}
@@ -494,7 +494,7 @@ function getHTML($record, $tab, $action = 'NEW') {
494494
foreach($vals as $tvl) {
495495
if(trim($tvl) == trim($k)) $selected = ' SELECTED';
496496
}
497-
497+
$v = $app->functions->htmlentities($v);
498498
$out .= "<option value='$k'$selected>$v</option>\r\n";
499499
}
500500
}
@@ -577,7 +577,7 @@ function getHTML($record, $tab, $action = 'NEW') {
577577

578578
default:
579579
if(isset($record[$key])) {
580-
$new_record[$key] = htmlspecialchars($record[$key]);
580+
$new_record[$key] = $app->functions->htmlentities($record[$key]);
581581
} else {
582582
$new_record[$key] = '';
583583
}
@@ -608,7 +608,8 @@ function getHTML($record, $tab, $action = 'NEW') {
608608
$out = '';
609609
foreach($field['value'] as $k => $v) {
610610
$selected = ($k == $field["default"])?' SELECTED':'';
611-
$out .= "<option value='$k'$selected>".$this->lng($v)."</option>\r\n";
611+
$v = $app->functions->htmlentities($this->lng($v));
612+
$out .= "<option value='$k'$selected>".$v."</option>\r\n";
612613
}
613614
}
614615
if(isset($out)) $new_record[$key] = $out;
@@ -622,7 +623,7 @@ function getHTML($record, $tab, $action = 'NEW') {
622623
// HTML schreiben
623624
$out = '';
624625
foreach($field['value'] as $k => $v) {
625-
626+
$v = $app->functions->htmlentities($v);
626627
$out .= "<option value='$k'>$v</option>\r\n";
627628
}
628629
}
@@ -693,7 +694,7 @@ function getHTML($record, $tab, $action = 'NEW') {
693694
break;
694695

695696
default:
696-
$new_record[$key] = htmlspecialchars($field['default']);
697+
$new_record[$key] = $app->functions->htmlentities($field['default']);
697698
}
698699
}
699700

@@ -911,6 +912,12 @@ function filterField($field_name, $field_value, $filters, $filter_event) {
911912
case 'NOWHITESPACE':
912913
$returnval = preg_replace('/\s+/', '', $returnval);
913914
break;
915+
case 'STRIPTAGS':
916+
$returnval = strip_tags(preg_replace('/<script[^>]*?>.*?<\/script>/is', '', $returnval));
917+
break;
918+
case 'STRIPNL':
919+
$returnval = str_replace(array("\n","\r"),'', $returnval);
920+
break;
914921
default:
915922
$this->errorMessage .= "Unknown Filter: ".$filter['type'];
916923
break;

interface/web/admin/form/directive_snippets.tform.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,12 @@
7171
1 => array ( 'type' => 'UNIQUE',
7272
'errmsg'=> 'directive_snippets_name_error_unique'),
7373
),
74+
'filters' => array(
75+
0 => array( 'event' => 'SAVE',
76+
'type' => 'STRIPTAGS'),
77+
1 => array( 'event' => 'SAVE',
78+
'type' => 'STRIPNL')
79+
),
7480
'default' => '',
7581
'value' => '',
7682
'width' => '30',

interface/web/admin/form/groups.tform.php

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,12 @@
8181
'name' => array (
8282
'datatype' => 'VARCHAR',
8383
'formtype' => 'TEXT',
84+
'filters' => array(
85+
0 => array( 'event' => 'SAVE',
86+
'type' => 'STRIPTAGS'),
87+
1 => array( 'event' => 'SAVE',
88+
'type' => 'STRIPNL')
89+
),
8490
'regex' => '/^.{1,30}$/',
8591
'errmsg' => 'name_err',
8692
'default' => '',
@@ -94,6 +100,10 @@
94100
'description' => array (
95101
'datatype' => 'TEXT',
96102
'formtype' => 'TEXTAREA',
103+
'filters' => array(
104+
0 => array( 'event' => 'SAVE',
105+
'type' => 'STRIPTAGS')
106+
),
97107
'regex' => '',
98108
'errmsg' => '',
99109
'default' => '',

interface/web/admin/form/iptables.tform.php

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,12 @@
5252
'source_ip' => array (
5353
'datatype' => 'VARCHAR',
5454
'formtype' => 'TEXT',
55+
'filters' => array(
56+
0 => array( 'event' => 'SAVE',
57+
'type' => 'STRIPTAGS'),
58+
1 => array( 'event' => 'SAVE',
59+
'type' => 'STRIPNL')
60+
),
5561
'default' => '',
5662
'value' => '',
5763
'width' => '',
@@ -60,6 +66,12 @@
6066
'destination_ip' => array (
6167
'datatype' => 'VARCHAR',
6268
'formtype' => 'TEXT',
69+
'filters' => array(
70+
0 => array( 'event' => 'SAVE',
71+
'type' => 'STRIPTAGS'),
72+
1 => array( 'event' => 'SAVE',
73+
'type' => 'STRIPNL')
74+
),
6375
'default' => '',
6476
'value' => '',
6577
'width' => '',
@@ -68,6 +80,12 @@
6880
'singleport' => array (
6981
'datatype' => 'VARCHAR',
7082
'formtype' => 'TEXT',
83+
'filters' => array(
84+
0 => array( 'event' => 'SAVE',
85+
'type' => 'STRIPTAGS'),
86+
1 => array( 'event' => 'SAVE',
87+
'type' => 'STRIPNL')
88+
),
7189
'default' => '',
7290
'value' => '',
7391
'width' => '',
@@ -76,6 +94,12 @@
7694
'multiport' => array (
7795
'datatype' => 'VARCHAR',
7896
'formtype' => 'TEXT',
97+
'filters' => array(
98+
0 => array( 'event' => 'SAVE',
99+
'type' => 'STRIPTAGS'),
100+
1 => array( 'event' => 'SAVE',
101+
'type' => 'STRIPNL')
102+
),
79103
'default' => '',
80104
'value' => '',
81105
'width' => '',
@@ -84,6 +108,12 @@
84108
'state' => array (
85109
'datatype' => 'VARCHAR',
86110
'formtype' => 'TEXT',
111+
'filters' => array(
112+
0 => array( 'event' => 'SAVE',
113+
'type' => 'STRIPTAGS'),
114+
1 => array( 'event' => 'SAVE',
115+
'type' => 'STRIPNL')
116+
),
87117
'default' => '',
88118
'value' => '',
89119
'width' => '',

interface/web/admin/form/server.tform.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,12 @@
6161
'server_name' => array (
6262
'datatype' => 'VARCHAR',
6363
'formtype' => 'TEXT',
64+
'filters' => array(
65+
0 => array( 'event' => 'SAVE',
66+
'type' => 'STRIPTAGS'),
67+
1 => array( 'event' => 'SAVE',
68+
'type' => 'STRIPNL')
69+
),
6470
'default' => '',
6571
'value' => '',
6672
'width' => '30',

0 commit comments

Comments
 (0)