Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use htmlspecialchars() to escape user-provided vars before output #274

Merged
merged 1 commit into from
Jan 23, 2022
Merged

Use htmlspecialchars() to escape user-provided vars before output #274

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion vexim/adminaliasadd.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
<td><?php echo _('Address'); ?>:</td>
<td>
<input name="localpart" type="text" class="textfield">@
<?php print $_SESSION['domain']; ?>
<?php print htmlspecialchars($_SESSION['domain']); ?>
</td>
</tr>
<tr>
Expand Down
18 changes: 9 additions & 9 deletions vexim/adminaliasdelete.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,37 +44,37 @@
<tr>
<td colspan="2">
<?php printf (_('Please confirm deleting alias %s@%s'),
$_GET['localpart'] ,
$_SESSION['domain']);
htmlspecialchars($_GET['localpart']),
htmlspecialchars($_SESSION['domain']));
?>:
</td>
</tr>
<tr>
<td>
<input name='confirm' type='radio' value='cancel' checked>
<b><?php printf (_('Do Not Delete %s@%s'),
$_GET['localpart'],
$_SESSION['domain']);
htmlspecialchars($_GET['localpart']),
htmlspecialchars($_SESSION['domain']));
?></b>
</td>
</tr>
<tr>
<td>
<input name='confirm' type='radio' value='1'>
<b><?php printf (_('Delete %s@%s'),
$_GET['localpart'],
$_SESSION['domain']);
htmlspecialchars($_GET['localpart']),
htmlspecialchars($_SESSION['domain']));
?></b>
</td>
</tr>
<tr>
<td>
<input name='domain' type='hidden'
value='<?php echo $_SESSION['domain']; ?>'>
value='<?php echo htmlspecialchars($_SESSION['domain']); ?>'>
<input name='user_id' type='hidden'
value='<?php echo $_GET['user_id']; ?>'>
value='<?php echo htmlspecialchars($_GET['user_id']); ?>'>
<input name='localpart' type='hidden'
value='<?php echo $_GET['localpart']; ?>'>
value='<?php echo htmlspecialchars($_GET['localpart']); ?>'>
<input name='submit' type='submit'
value='<?php echo _('Continue'); ?>'>
</td>
Expand Down
2 changes: 1 addition & 1 deletion vexim/adminfail.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@
. '">'
. $row['localpart']
. '@'
. $_SESSION['domain']
. htmlspecialchars($_SESSION['domain'])
. '</a></td>';
print '</tr>';
}
Expand Down
2 changes: 1 addition & 1 deletion vexim/adminfailadd.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
<td><?php echo _('Address to fail'); ?>:</td>
<td>
<input name="localpart" type="text" class="textfield" autofocus>@
<?php print $_SESSION['domain']; ?>
<?php print htmlspecialchars($_SESSION['domain']); ?>
</td>
</tr>
<tr>
Expand Down
4 changes: 2 additions & 2 deletions vexim/adminfailchange.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,11 @@
<td>
<input name="localpart" type="text"
value="<?php print $row['localpart']; ?>" class="textfield" autofocus>@
<?php print $_SESSION['domain']; ?>
<?php print htmlspecialchars($_SESSION['domain']); ?>
</td>
<td>
<input name="user_id" type="hidden"
value="<?php print $_GET['user_id']; ?>" class="textfield">
value="<?php print htmlspecialchars($_GET['user_id']); ?>" class="textfield">
</td>
</tr>
<tr>
Expand Down
12 changes: 6 additions & 6 deletions vexim/admingroupchange.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,9 +43,9 @@
<td>
<input name="localpart" type="text"
value="<?php echo $row['name']; ?>"class="textfield" autofocus>@
<?php echo $_SESSION['domain']; ?>
<?php echo htmlspecialchars($_SESSION['domain']); ?>
<input name="group_id" type="hidden"
value="<?php echo $_GET['group_id']; ?>" class="textfield">
value="<?php echo htmlspecialchars($_GET['group_id']); ?>" class="textfield">
</td>
</tr>
<tr>
Expand Down Expand Up @@ -96,7 +96,7 @@ class="textfield">
?>
<tr>
<td class="trash">
<a href="admingroupcontentdeletesubmit.php?group_id=<?php echo $_GET['group_id'];
<a href="admingroupcontentdeletesubmit.php?group_id=<?php echo htmlspecialchars($_GET['group_id']);
?>&member_id=<?php echo $row['member_id'];
?>&localpart=<?php echo $grouplocalpart;
?>">
Expand All @@ -107,7 +107,7 @@ class="textfield">
</a>
</td>
<td><?php echo $row['realname']; ?></td>
<td><?php echo $row['localpart'].'@'.$_SESSION['domain']; ?></td>
<td><?php echo $row['localpart'].'@'.htmlspecialchars($_SESSION['domain']); ?></td>
<td>
<?php
if($row['enabled']='1') {
Expand Down Expand Up @@ -138,7 +138,7 @@ class="textfield">
<td><?php echo _('Add Member'); ?></td>
<td>
<input name="group_id" type="hidden"
value="<?php echo $_GET['group_id']; ?>" class="textfield">
value="<?php echo htmlspecialchars($_GET['group_id']); ?>" class="textfield">
<input name="localpart" type="hidden"
value="<?php echo $grouplocalpart; ?>" class="textfield">
<select name="usertoadd">
Expand All @@ -153,7 +153,7 @@ class="textfield">
?>
<option value="<?php echo $row['user_id'];
?>"><?php echo $row['realname'];
?> (<?php echo $row['localpart'].'@'.$_SESSION['domain']; ?>)</option>
?> (<?php echo $row['localpart'].'@'.htmlspecialchars($_SESSION['domain']); ?>)</option>
<?php
}
?>
Expand Down
18 changes: 9 additions & 9 deletions vexim/admingroupdelete.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,37 +59,37 @@
<tr>
<td colspan="2">
<?php printf (_('Please confirm deleting group %s@%s'),
$_GET['localpart'],
$_SESSION['domain']);
htmlspecialchars($_GET['localpart']),
htmlspecialchars($_SESSION['domain']));
?>:
</td>
</tr>
<tr>
<td>
<input name='confirm' type='radio' value='cancel' checked>
<b><?php printf (_('Do Not Delete %s@%s'),
$_GET['localpart'],
$_SESSION['domain']);
htmlspecialchars($_GET['localpart']),
htmlspecialchars($_SESSION['domain']));
?></b>
</td>
</tr>
<tr>
<td>
<input name='confirm' type='radio' value='1'><b>
<?php printf (_('Delete %s@%s'),
$_GET['localpart'],
$_SESSION['domain']);
htmlspecialchars($_GET['localpart']),
htmlspecialchars($_SESSION['domain']));
?></b>
</td>
</tr>
<tr>
<td>
<input name='domain' type='hidden'
value='<?php echo $_SESSION['domain']; ?>'>
value='<?php echo htmlspecialchars($_SESSION['domain']); ?>'>
<input name='group_id' type='hidden'
value='<?php echo $_GET['group_id']; ?>'>
value='<?php echo htmlspecialchars($_GET['group_id']); ?>'>
<input name='localpart' type='hidden'
value='<?php echo $_GET['localpart']; ?>'>
value='<?php echo htmlspecialchars($_GET['localpart']); ?>'>
<input name='submit' type='submit'
value='<?php echo _('Continue'); ?>'>
</td>
Expand Down
4 changes: 2 additions & 2 deletions vexim/adminuser.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@
<form name="search" method="post" action="adminuser.php">
<?php echo _('Search'); ?>:
<input type="text" size="20" name="searchfor"
value="<?php echo $_POST['searchfor']; ?>" class="textfield">
value="<?php echo htmlspecialchars($_POST['searchfor']); ?>" class="textfield">
<?php echo _('in'); ?>
<select name="field" class="textfield">
<option value="realname" <?php if ($_POST['field'] == 'realname') {
Expand Down Expand Up @@ -111,7 +111,7 @@
. ' '
. $row['realname']
. '">'
. $row['localpart'] .'@'. $_SESSION['domain']
. $row['localpart'] .'@'. htmlspecialchars($_SESSION['domain'])
. '</a></td>';
print '<td class="check">';
if ($row['admin'] == 1) {
Expand Down
12 changes: 6 additions & 6 deletions vexim/adminuserchange.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@
<input type="text" size="25" name="realname"
value="<?php print $row['realname']; ?>" class="textfield" autofocus>
<input name="user_id" type="hidden"
value="<?php print $_GET['user_id']; ?>">
value="<?php print htmlspecialchars($_GET['user_id']); ?>">
</td>
</tr>
<tr>
Expand Down Expand Up @@ -300,7 +300,7 @@
print " checked ";
} ?>>
<input name="user_id" type="hidden"
value="<?php print $_GET['user_id']; ?>">
value="<?php print htmlspecialchars($_GET['user_id']); ?>">
<input name="localpart" type="hidden"
value="<?php print $row['localpart']; ?>">
</td>
Expand Down Expand Up @@ -373,9 +373,9 @@
<td>
<input name="blockval" type="text" size="25" class="textfield">
<input name="user_id" type="hidden"
value="<?php print $_GET['user_id']; ?>">
value="<?php print htmlspecialchars($_GET['user_id']); ?>">
<input name="localpart" type="hidden"
value="<?php print $_GET['localpart']; ?>">
value="<?php print htmlspecialchars($_GET['localpart']); ?>">
<input name="color" type="hidden" value="black">
</td>
</tr>
Expand All @@ -400,11 +400,11 @@
<tr>
<td>
<a href="adminuserblocksubmit.php?action=delete&user_id=<?php
print $_GET['user_id']
print htmlspecialchars($_GET['user_id'])
. '&block_id='
. $blockrow['block_id']
.'&localpart='
. $_GET['localpart'];?>">
. htmlspecialchars($_GET['localpart']);?>">
<img class="trash" title="Delete" src="images/trashcan.gif"
alt="trashcan">
</a>
Expand Down
2 changes: 1 addition & 1 deletion vexim/siteadd.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,7 @@ class="textfield">
</td>
<td colspan="2">
<input name="type" type="hidden"
value="<?php print $_GET['type']; ?>">
value="<?php print htmlspecialchars($_GET['type']); ?>">
<input name="admin" type="hidden" value="1">
<input name="submit" type="submit"
value="<?php echo _('Submit'); ?>">
Expand Down
14 changes: 7 additions & 7 deletions vexim/sitechange.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,8 @@
?>
</td>
<td>
<input name="domain_id" type="hidden" value="<?php print $_GET['domain_id']; ?>">
<input name="domain" type="hidden" value="<?php print $_GET['domain']; ?>">
<input name="domain_id" type="hidden" value="<?php print htmlspecialchars($_GET['domain_id']); ?>">
<input name="domain" type="hidden" value="<?php print htmlspecialchars($_GET['domain']); ?>">
</td>
</tr>
<tr>
Expand Down Expand Up @@ -116,8 +116,8 @@
<td><?php echo _("Enabled"); ?>:</td>
<td><input type="checkbox" name="enabled" <?php if ($row['enabled'] == 1) {print "checked";} ?>></td>
<td>
<input name="domain_id" type="hidden" value="<?php print $_GET['domain_id']; ?>">
<input name="domain" type="hidden" value="<?php print $_GET['domain']; ?>">
<input name="domain_id" type="hidden" value="<?php print htmlspecialchars($_GET['domain_id']); ?>">
<input name="domain" type="hidden" value="<?php print htmlspecialchars($_GET['domain']); ?>">
</td>
</tr>
<tr>
Expand All @@ -128,9 +128,9 @@
</table>
</form><br>
<form name="allusers" method="post" action="sitechangesubmit.php">
<input name="allusers" type="hidden" value="<?php print $_GET['domain_id']; ?>">
<input name="domain_id" type="hidden" value="<?php print $_GET['domain_id']; ?>">
<input name="domain" type="hidden" value="<?php print $_GET['domain']; ?>">
<input name="allusers" type="hidden" value="<?php print htmlspecialchars($_GET['domain_id']); ?>">
<input name="domain_id" type="hidden" value="<?php print htmlspecialchars($_GET['domain_id']); ?>">
<input name="domain" type="hidden" value="<?php print htmlspecialchars($_GET['domain']); ?>">
<table align="center">
<tr>
<td colspan="2"><h4><?php echo _("Modify SpamAssassin/Antivirus for all users").":"; ?></h4></td>
Expand Down
14 changes: 7 additions & 7 deletions vexim/sitedelete.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,18 +87,18 @@
<div id='Content'>
<form name='domaindelete' method='post' action='sitedelete.php'>
<table align="center">
<tr><td colspan='2'><?php printf (_("Please confirm deleting domain %s."), $_GET['domain']); ?>:</td></tr>
<tr><td colspan='2'><?php printf (_("Please confirm deleting domain %s."), htmlspecialchars($_GET['domain'])); ?>:</td></tr>
<?php if (($_GET['type'] != "relay") && ($_GET['type'] != "alias")) {
print "<tr><td colspan='2'>";
printf (ngettext("There is currently <b>%1\$d</b> account in domain %2\$s", "There are currently <b>%1\$d</b> accounts in domain %2\$s", $row['count']), $row['count'], $_GET['domain']);
printf (ngettext("There is currently <b>%1\$d</b> account in domain %2\$s", "There are currently <b>%1\$d</b> accounts in domain %2\$s", $row['count']), $row['count'], htmlspecialchars($_GET['domain']));
print "</td></tr>";
}
?>
<tr><td><input name='confirm' type='radio' value='cancel' checked><b> <?php printf (_("Do Not Delete %s"), $_GET['domain']); ?></b></td></tr>
<tr><td><input name='confirm' type='radio' value='1'><b> <?php printf (_("Delete %s"), $_GET['domain']); ?></b></td></tr>
<tr><td><input name='domain_id' type='hidden' value='<?php print $_GET['domain_id']; ?>'>
<input name='domain' type='hidden' value='<?php print $_GET['domain']; ?>'>
<input name='type' type='hidden' value='<?php print $_GET['type']; ?>'>
<tr><td><input name='confirm' type='radio' value='cancel' checked><b> <?php printf (_("Do Not Delete %s"), htmlspecialchars($_GET['domain'])); ?></b></td></tr>
<tr><td><input name='confirm' type='radio' value='1'><b> <?php printf (_("Delete %s"), htmlspecialchars($_GET['domain'])); ?></b></td></tr>
<tr><td><input name='domain_id' type='hidden' value='<?php print htmlspecialchars($_GET['domain_id']); ?>'>
<input name='domain' type='hidden' value='<?php print htmlspecialchars($_GET['domain']); ?>'>
<input name='type' type='hidden' value='<?php print htmlspecialchars($_GET['type']); ?>'>
<input name='submit' type='submit' value='<?php echo _("Continue"); ?>'></td></tr>
</table>
</form>
Expand Down
2 changes: 1 addition & 1 deletion vexim/userchange.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
<form name="userchange" method="post" action="userchangesubmit.php">
<table align="center">
<tr><td><?php echo _("Name"); ?>:</td><td><input name="realname" type="text" value="<?php print $row['realname']; ?>" class="textfield" autofocus></td></tr>
<tr><td><?php echo _("Email Address"); ?>:</td><td><?php print $row['localpart']."@".$_SESSION['domain']; ?></td>
<tr><td><?php echo _("Email Address"); ?>:</td><td><?php print $row['localpart']."@".htmlspecialchars($_SESSION['domain']); ?></td>
<tr><td><?php echo _("Password"); ?>:</td><td><input name="clear" type="password" class="textfield"></td></tr>
<tr><td class="padafter"><?php echo _("Verify Password"); ?>:</td><td><input name="vclear" type="password" class="textfield"></td></tr>
<tr><td colspan="2"><b><?php echo _("Note:"); ?></b> <?php echo _("Attempting to set blank passwords does not work!"); ?><td></tr>
Expand Down