Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #274 from rimas-kudelis/xss-prevention
Use `htmlspecialchars()` to escape user-provided vars before output
  • Loading branch information
rimas-kudelis committed Jan 23, 2022
2 parents dc9dcc9 + af4e84e commit 21c0a60
Show file tree
Hide file tree
Showing 13 changed files with 53 additions and 53 deletions.
2 changes: 1 addition & 1 deletion vexim/adminaliasadd.php
Expand Up @@ -33,7 +33,7 @@
<td><?php echo _('Address'); ?>:</td>
<td>
<input name="localpart" type="text" class="textfield">@
<?php print $_SESSION['domain']; ?>
<?php print htmlspecialchars($_SESSION['domain']); ?>
</td>
</tr>
<tr>
Expand Down
18 changes: 9 additions & 9 deletions vexim/adminaliasdelete.php
Expand Up @@ -44,37 +44,37 @@
<tr>
<td colspan="2">
<?php printf (_('Please confirm deleting alias %s@%s'),
$_GET['localpart'] ,
$_SESSION['domain']);
htmlspecialchars($_GET['localpart']),
htmlspecialchars($_SESSION['domain']));
?>:
</td>
</tr>
<tr>
<td>
<input name='confirm' type='radio' value='cancel' checked>
<b><?php printf (_('Do Not Delete %s@%s'),
$_GET['localpart'],
$_SESSION['domain']);
htmlspecialchars($_GET['localpart']),
htmlspecialchars($_SESSION['domain']));
?></b>
</td>
</tr>
<tr>
<td>
<input name='confirm' type='radio' value='1'>
<b><?php printf (_('Delete %s@%s'),
$_GET['localpart'],
$_SESSION['domain']);
htmlspecialchars($_GET['localpart']),
htmlspecialchars($_SESSION['domain']));
?></b>
</td>
</tr>
<tr>
<td>
<input name='domain' type='hidden'
value='<?php echo $_SESSION['domain']; ?>'>
value='<?php echo htmlspecialchars($_SESSION['domain']); ?>'>
<input name='user_id' type='hidden'
value='<?php echo $_GET['user_id']; ?>'>
value='<?php echo htmlspecialchars($_GET['user_id']); ?>'>
<input name='localpart' type='hidden'
value='<?php echo $_GET['localpart']; ?>'>
value='<?php echo htmlspecialchars($_GET['localpart']); ?>'>
<input name='submit' type='submit'
value='<?php echo _('Continue'); ?>'>
</td>
Expand Down
2 changes: 1 addition & 1 deletion vexim/adminfail.php
Expand Up @@ -48,7 +48,7 @@
. '">'
. $row['localpart']
. '@'
. $_SESSION['domain']
. htmlspecialchars($_SESSION['domain'])
. '</a></td>';
print '</tr>';
}
Expand Down
2 changes: 1 addition & 1 deletion vexim/adminfailadd.php
Expand Up @@ -24,7 +24,7 @@
<td><?php echo _('Address to fail'); ?>:</td>
<td>
<input name="localpart" type="text" class="textfield" autofocus>@
<?php print $_SESSION['domain']; ?>
<?php print htmlspecialchars($_SESSION['domain']); ?>
</td>
</tr>
<tr>
Expand Down
4 changes: 2 additions & 2 deletions vexim/adminfailchange.php
Expand Up @@ -41,11 +41,11 @@
<td>
<input name="localpart" type="text"
value="<?php print $row['localpart']; ?>" class="textfield" autofocus>@
<?php print $_SESSION['domain']; ?>
<?php print htmlspecialchars($_SESSION['domain']); ?>
</td>
<td>
<input name="user_id" type="hidden"
value="<?php print $_GET['user_id']; ?>" class="textfield">
value="<?php print htmlspecialchars($_GET['user_id']); ?>" class="textfield">
</td>
</tr>
<tr>
Expand Down
12 changes: 6 additions & 6 deletions vexim/admingroupchange.php
Expand Up @@ -43,9 +43,9 @@
<td>
<input name="localpart" type="text"
value="<?php echo $row['name']; ?>"class="textfield" autofocus>@
<?php echo $_SESSION['domain']; ?>
<?php echo htmlspecialchars($_SESSION['domain']); ?>
<input name="group_id" type="hidden"
value="<?php echo $_GET['group_id']; ?>" class="textfield">
value="<?php echo htmlspecialchars($_GET['group_id']); ?>" class="textfield">
</td>
</tr>
<tr>
Expand Down Expand Up @@ -96,7 +96,7 @@ class="textfield">
?>
<tr>
<td class="trash">
<a href="admingroupcontentdeletesubmit.php?group_id=<?php echo $_GET['group_id'];
<a href="admingroupcontentdeletesubmit.php?group_id=<?php echo htmlspecialchars($_GET['group_id']);
?>&member_id=<?php echo $row['member_id'];
?>&localpart=<?php echo $grouplocalpart;
?>">
Expand All @@ -107,7 +107,7 @@ class="textfield">
</a>
</td>
<td><?php echo $row['realname']; ?></td>
<td><?php echo $row['localpart'].'@'.$_SESSION['domain']; ?></td>
<td><?php echo $row['localpart'].'@'.htmlspecialchars($_SESSION['domain']); ?></td>
<td>
<?php
if($row['enabled']='1') {
Expand Down Expand Up @@ -138,7 +138,7 @@ class="textfield">
<td><?php echo _('Add Member'); ?></td>
<td>
<input name="group_id" type="hidden"
value="<?php echo $_GET['group_id']; ?>" class="textfield">
value="<?php echo htmlspecialchars($_GET['group_id']); ?>" class="textfield">
<input name="localpart" type="hidden"
value="<?php echo $grouplocalpart; ?>" class="textfield">
<select name="usertoadd">
Expand All @@ -153,7 +153,7 @@ class="textfield">
?>
<option value="<?php echo $row['user_id'];
?>"><?php echo $row['realname'];
?> (<?php echo $row['localpart'].'@'.$_SESSION['domain']; ?>)</option>
?> (<?php echo $row['localpart'].'@'.htmlspecialchars($_SESSION['domain']); ?>)</option>
<?php
}
?>
Expand Down
18 changes: 9 additions & 9 deletions vexim/admingroupdelete.php
Expand Up @@ -59,37 +59,37 @@
<tr>
<td colspan="2">
<?php printf (_('Please confirm deleting group %s@%s'),
$_GET['localpart'],
$_SESSION['domain']);
htmlspecialchars($_GET['localpart']),
htmlspecialchars($_SESSION['domain']));
?>:
</td>
</tr>
<tr>
<td>
<input name='confirm' type='radio' value='cancel' checked>
<b><?php printf (_('Do Not Delete %s@%s'),
$_GET['localpart'],
$_SESSION['domain']);
htmlspecialchars($_GET['localpart']),
htmlspecialchars($_SESSION['domain']));
?></b>
</td>
</tr>
<tr>
<td>
<input name='confirm' type='radio' value='1'><b>
<?php printf (_('Delete %s@%s'),
$_GET['localpart'],
$_SESSION['domain']);
htmlspecialchars($_GET['localpart']),
htmlspecialchars($_SESSION['domain']));
?></b>
</td>
</tr>
<tr>
<td>
<input name='domain' type='hidden'
value='<?php echo $_SESSION['domain']; ?>'>
value='<?php echo htmlspecialchars($_SESSION['domain']); ?>'>
<input name='group_id' type='hidden'
value='<?php echo $_GET['group_id']; ?>'>
value='<?php echo htmlspecialchars($_GET['group_id']); ?>'>
<input name='localpart' type='hidden'
value='<?php echo $_GET['localpart']; ?>'>
value='<?php echo htmlspecialchars($_GET['localpart']); ?>'>
<input name='submit' type='submit'
value='<?php echo _('Continue'); ?>'>
</td>
Expand Down
4 changes: 2 additions & 2 deletions vexim/adminuser.php
Expand Up @@ -52,7 +52,7 @@
<form name="search" method="post" action="adminuser.php">
<?php echo _('Search'); ?>:
<input type="text" size="20" name="searchfor"
value="<?php echo $_POST['searchfor']; ?>" class="textfield">
value="<?php echo htmlspecialchars($_POST['searchfor']); ?>" class="textfield">
<?php echo _('in'); ?>
<select name="field" class="textfield">
<option value="realname" <?php if ($_POST['field'] == 'realname') {
Expand Down Expand Up @@ -111,7 +111,7 @@
. ' '
. $row['realname']
. '">'
. $row['localpart'] .'@'. $_SESSION['domain']
. $row['localpart'] .'@'. htmlspecialchars($_SESSION['domain'])
. '</a></td>';
print '<td class="check">';
if ($row['admin'] == 1) {
Expand Down
12 changes: 6 additions & 6 deletions vexim/adminuserchange.php
Expand Up @@ -56,7 +56,7 @@
<input type="text" size="25" name="realname"
value="<?php print $row['realname']; ?>" class="textfield" autofocus>
<input name="user_id" type="hidden"
value="<?php print $_GET['user_id']; ?>">
value="<?php print htmlspecialchars($_GET['user_id']); ?>">
</td>
</tr>
<tr>
Expand Down Expand Up @@ -300,7 +300,7 @@
print " checked ";
} ?>>
<input name="user_id" type="hidden"
value="<?php print $_GET['user_id']; ?>">
value="<?php print htmlspecialchars($_GET['user_id']); ?>">
<input name="localpart" type="hidden"
value="<?php print $row['localpart']; ?>">
</td>
Expand Down Expand Up @@ -373,9 +373,9 @@
<td>
<input name="blockval" type="text" size="25" class="textfield">
<input name="user_id" type="hidden"
value="<?php print $_GET['user_id']; ?>">
value="<?php print htmlspecialchars($_GET['user_id']); ?>">
<input name="localpart" type="hidden"
value="<?php print $_GET['localpart']; ?>">
value="<?php print htmlspecialchars($_GET['localpart']); ?>">
<input name="color" type="hidden" value="black">
</td>
</tr>
Expand All @@ -400,11 +400,11 @@
<tr>
<td>
<a href="adminuserblocksubmit.php?action=delete&user_id=<?php
print $_GET['user_id']
print htmlspecialchars($_GET['user_id'])
. '&block_id='
. $blockrow['block_id']
.'&localpart='
. $_GET['localpart'];?>">
. htmlspecialchars($_GET['localpart']);?>">
<img class="trash" title="Delete" src="images/trashcan.gif"
alt="trashcan">
</a>
Expand Down
2 changes: 1 addition & 1 deletion vexim/siteadd.php
Expand Up @@ -193,7 +193,7 @@ class="textfield">
</td>
<td colspan="2">
<input name="type" type="hidden"
value="<?php print $_GET['type']; ?>">
value="<?php print htmlspecialchars($_GET['type']); ?>">
<input name="admin" type="hidden" value="1">
<input name="submit" type="submit"
value="<?php echo _('Submit'); ?>">
Expand Down
14 changes: 7 additions & 7 deletions vexim/sitechange.php
Expand Up @@ -48,8 +48,8 @@
?>
</td>
<td>
<input name="domain_id" type="hidden" value="<?php print $_GET['domain_id']; ?>">
<input name="domain" type="hidden" value="<?php print $_GET['domain']; ?>">
<input name="domain_id" type="hidden" value="<?php print htmlspecialchars($_GET['domain_id']); ?>">
<input name="domain" type="hidden" value="<?php print htmlspecialchars($_GET['domain']); ?>">
</td>
</tr>
<tr>
Expand Down Expand Up @@ -116,8 +116,8 @@
<td><?php echo _("Enabled"); ?>:</td>
<td><input type="checkbox" name="enabled" <?php if ($row['enabled'] == 1) {print "checked";} ?>></td>
<td>
<input name="domain_id" type="hidden" value="<?php print $_GET['domain_id']; ?>">
<input name="domain" type="hidden" value="<?php print $_GET['domain']; ?>">
<input name="domain_id" type="hidden" value="<?php print htmlspecialchars($_GET['domain_id']); ?>">
<input name="domain" type="hidden" value="<?php print htmlspecialchars($_GET['domain']); ?>">
</td>
</tr>
<tr>
Expand All @@ -128,9 +128,9 @@
</table>
</form><br>
<form name="allusers" method="post" action="sitechangesubmit.php">
<input name="allusers" type="hidden" value="<?php print $_GET['domain_id']; ?>">
<input name="domain_id" type="hidden" value="<?php print $_GET['domain_id']; ?>">
<input name="domain" type="hidden" value="<?php print $_GET['domain']; ?>">
<input name="allusers" type="hidden" value="<?php print htmlspecialchars($_GET['domain_id']); ?>">
<input name="domain_id" type="hidden" value="<?php print htmlspecialchars($_GET['domain_id']); ?>">
<input name="domain" type="hidden" value="<?php print htmlspecialchars($_GET['domain']); ?>">
<table align="center">
<tr>
<td colspan="2"><h4><?php echo _("Modify SpamAssassin/Antivirus for all users").":"; ?></h4></td>
Expand Down
14 changes: 7 additions & 7 deletions vexim/sitedelete.php
Expand Up @@ -87,18 +87,18 @@
<div id='Content'>
<form name='domaindelete' method='post' action='sitedelete.php'>
<table align="center">
<tr><td colspan='2'><?php printf (_("Please confirm deleting domain %s."), $_GET['domain']); ?>:</td></tr>
<tr><td colspan='2'><?php printf (_("Please confirm deleting domain %s."), htmlspecialchars($_GET['domain'])); ?>:</td></tr>
<?php if (($_GET['type'] != "relay") && ($_GET['type'] != "alias")) {
print "<tr><td colspan='2'>";
printf (ngettext("There is currently <b>%1\$d</b> account in domain %2\$s", "There are currently <b>%1\$d</b> accounts in domain %2\$s", $row['count']), $row['count'], $_GET['domain']);
printf (ngettext("There is currently <b>%1\$d</b> account in domain %2\$s", "There are currently <b>%1\$d</b> accounts in domain %2\$s", $row['count']), $row['count'], htmlspecialchars($_GET['domain']));
print "</td></tr>";
}
?>
<tr><td><input name='confirm' type='radio' value='cancel' checked><b> <?php printf (_("Do Not Delete %s"), $_GET['domain']); ?></b></td></tr>
<tr><td><input name='confirm' type='radio' value='1'><b> <?php printf (_("Delete %s"), $_GET['domain']); ?></b></td></tr>
<tr><td><input name='domain_id' type='hidden' value='<?php print $_GET['domain_id']; ?>'>
<input name='domain' type='hidden' value='<?php print $_GET['domain']; ?>'>
<input name='type' type='hidden' value='<?php print $_GET['type']; ?>'>
<tr><td><input name='confirm' type='radio' value='cancel' checked><b> <?php printf (_("Do Not Delete %s"), htmlspecialchars($_GET['domain'])); ?></b></td></tr>
<tr><td><input name='confirm' type='radio' value='1'><b> <?php printf (_("Delete %s"), htmlspecialchars($_GET['domain'])); ?></b></td></tr>
<tr><td><input name='domain_id' type='hidden' value='<?php print htmlspecialchars($_GET['domain_id']); ?>'>
<input name='domain' type='hidden' value='<?php print htmlspecialchars($_GET['domain']); ?>'>
<input name='type' type='hidden' value='<?php print htmlspecialchars($_GET['type']); ?>'>
<input name='submit' type='submit' value='<?php echo _("Continue"); ?>'></td></tr>
</table>
</form>
Expand Down
2 changes: 1 addition & 1 deletion vexim/userchange.php
Expand Up @@ -34,7 +34,7 @@
<form name="userchange" method="post" action="userchangesubmit.php">
<table align="center">
<tr><td><?php echo _("Name"); ?>:</td><td><input name="realname" type="text" value="<?php print $row['realname']; ?>" class="textfield" autofocus></td></tr>
<tr><td><?php echo _("Email Address"); ?>:</td><td><?php print $row['localpart']."@".$_SESSION['domain']; ?></td>
<tr><td><?php echo _("Email Address"); ?>:</td><td><?php print $row['localpart']."@".htmlspecialchars($_SESSION['domain']); ?></td>
<tr><td><?php echo _("Password"); ?>:</td><td><input name="clear" type="password" class="textfield"></td></tr>
<tr><td class="padafter"><?php echo _("Verify Password"); ?>:</td><td><input name="vclear" type="password" class="textfield"></td></tr>
<tr><td colspan="2"><b><?php echo _("Note:"); ?></b> <?php echo _("Attempting to set blank passwords does not work!"); ?><td></tr>
Expand Down

0 comments on commit 21c0a60

Please sign in to comment.