@@ -80,6 +80,7 @@ function onShowEnd() {
8080 $ sql"SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name " ;
8181
8282 $ clients$ appdb ->queryAllRecords ($ sql
83+ $ clients$ appfunctions ->htmlentities ($ clients
8384 $ client_select'' ;
8485 if ($ _SESSION "s " ]["user " ]["typ " ] == 'admin ' ) $ client_select"<option value='0'></option> " ;
8586 //$tmp_data_record = $app->tform->getDataRecord($this->id);
@@ -96,16 +97,18 @@ function onShowEnd() {
9697 // Get the limits of the client
9798 $ client_group_id$ _SESSION "s " ]["user " ]["default_group " ];
9899 $ client$ appdb ->queryOneRecord ("SELECT client.client_id, client.contact_name, client.default_mailserver, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ? order by client.contact_name " , $ client_group_id
100+ $ client$ appfunctions ->htmlentities ($ client
99101
100102 // Set the mailserver to the default server of the client
101103 $ tmp$ appdb ->queryOneRecord ("SELECT server_name FROM server WHERE server_id = ? " , $ client'default_mailserver ' ]);
102- $ apptpl ->setVar ("server_id " , "<option value=' $ client'> $ tmp] </option> " );
104+ $ apptpl ->setVar ("server_id " , "<option value=' $ client'> " . $ app -> functions -> htmlentities ( $ tmp' server_name ' ]) . " </option> "
103105 unset($ tmp
104106
105107 if ($ settings'use_domain_module ' ] != 'y ' ) {
106108 // Fill the client select field
107109 $ sql"SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name " ;
108110 $ clients$ appdb ->queryAllRecords ($ sql$ client'client_id ' ]);
111+ $ clients$ appfunctions ->htmlentities ($ clients
109112 $ tmp$ appdb ->queryOneRecord ("SELECT groupid FROM sys_group WHERE client_id = ? " , $ client'client_id ' ]);
110113 $ client_select'<option value=" ' .$ tmp'groupid ' ].'"> ' .$ client'contactname ' ].'</option> ' ;
111114 //$tmp_data_record = $app->tform->getDataRecord($this->id);
@@ -139,7 +142,7 @@ function onShowEnd() {
139142 $ options_mail_servers"" ;
140143
141144 foreach ($ mail_serversas $ mail_server
142- $ options_mail_servers'<option value=" ' .$ mail_server'server_id ' ].'" ' .($ this id > 0 && $ this dataRecord ["server_id " ] == $ mail_server'server_id ' ] ? ' selected="selected" ' : '' ).'> ' .$ mail_server'server_name ' ].'</option> ' ;
145+ $ options_mail_servers'<option value=" ' .$ mail_server'server_id ' ].'" ' .($ this id > 0 && $ this dataRecord ["server_id " ] == $ mail_server'server_id ' ] ? ' selected="selected" ' : '' ).'> ' .$ app -> functions -> htmlentities ( $ mail_server'server_name ' ]) .'</option> ' ;
143146 }
144147
145148 $ apptpl ->setVar ("client_server_id " , $ options_mail_servers
@@ -164,7 +167,7 @@ function onShowEnd() {
164167 if ($ domain'domain ' ] == $ this dataRecord ["domain " ]) {
165168 $ domain_select" selected " ;
166169 }
167- $ domain_select"> " . $ appfunctions ->idn_decode ($ domain'domain ' ]) . "</option> \r\n" ;
170+ $ domain_select"> " . $ appfunctions ->htmlentities ( $ app -> functions -> idn_decode ($ domain'domain ' ]) ) . "</option> \r\n" ;
168171 }
169172 }
170173 else {
@@ -190,7 +193,7 @@ function onShowEnd() {
190193 if (is_array ($ policys
191194 foreach ( $ policysas $ p
192195 $ selected$ p"id " ] == $ tmp_user"policy_id " ])?'SELECTED ' :'' ;
193- $ policy_select"<option value=' $ p' $ selected> $ p [ policy_name] </option> \r\n" ;
196+ $ policy_select"<option value=' $ p' $ selected> " . $ app -> functions -> htmlentities ( $ p [ ' policy_name ' ]) . " </option> \r\n"
194197 }
195198 }
196199 $ apptpl ->setVar ("policy " , $ policy_select
@@ -201,7 +204,7 @@ function onShowEnd() {
201204 if ($ this id > 0 ) {
202205 //* we are editing a existing record
203206 $ apptpl ->setVar ("edit_disabled " , 1 );
204- $ apptpl ->setVar ("server_id_value " , $ this dataRecord ["server_id " ]);
207+ $ apptpl ->setVar ("server_id_value " , $ this dataRecord ["server_id " ], true );
205208 } else {
206209 $ apptpl ->setVar ("edit_disabled " , 0 );
207210 }
@@ -211,10 +214,10 @@ function onShowEnd() {
211214 $ rec$ appdb ->queryOneRecord ($ sql$ appfunctions ->intval ($ _GET 'id ' ]));
212215 $ dns_keystr_replace (array ('-----BEGIN PUBLIC KEY----- ' ,'-----END PUBLIC KEY----- ' ,"\r" ,"\n" ),'' ,$ rec'dkim_public ' ]);
213216 $ dns_record$ rec'dkim_selector ' ] . '._domainkey. ' . $ rec'domain ' ] . '. 3600 TXT v=DKIM1; t=s; p= ' . $ dns_key
214- $ apptpl ->setVar ('dkim_selector ' , $ rec'dkim_selector ' ]);
215- $ apptpl ->setVar ('dkim_private ' , $ rec'dkim_private ' ]);
216- $ apptpl ->setVar ('dkim_public ' , $ rec'dkim_public ' ]);
217- if (!empty ($ rec'dkim_public ' ])) $ apptpl ->setVar ('dns_record ' , $ dns_record
217+ $ apptpl ->setVar ('dkim_selector ' , $ rec'dkim_selector ' ], true );
218+ $ apptpl ->setVar ('dkim_private ' , $ rec'dkim_private ' ], true );
219+ $ apptpl ->setVar ('dkim_public ' , $ rec'dkim_public ' ], true );
220+ if (!empty ($ rec'dkim_public ' ])) $ apptpl ->setVar ('dns_record ' , $ dns_record, true );
218221
219222 parent ::onShowEnd ();
220223 }
0 commit comments