Skip to content

Commit

Permalink
Merge pull request #1826 from nuxsmin/fix/xss
Browse files Browse the repository at this point in the history 
Fix/xss
  • Loading branch information
@nuxsmin
nuxsmin authored May 25, 2022
2 parents 5882699 + f3ec585 commit 3c026f7
Show file tree
Hide file tree
Showing 37 changed files with 1,536 additions and 792 deletions.
6 changes: 3 additions & 3 deletions app/modules/web/themes/material-blue/views/account/account-editpass.inc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ $accountAcl = $_getvar('accountAcl');
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="name" name="name" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $accountData->getName(); ?>"
value="<?php echo htmlspecialchars($accountData->getName(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="name"><?php echo __('Account name'); ?></label>
Expand All @@ -50,7 +50,7 @@ $accountAcl = $_getvar('accountAcl');
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="client" name="client" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $accountData->getClientName(); ?>"
value="<?php echo htmlspecialchars($accountData->getClientName(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="client"><?php echo __('Client'); ?></label>
Expand All @@ -76,7 +76,7 @@ $accountAcl = $_getvar('accountAcl');
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="login" name="login" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $accountData->getLogin(); ?>"
value="<?php echo htmlspecialchars($accountData->getLogin(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="login"><?php echo __('User'); ?></label>
Expand Down
29 changes: 22 additions & 7 deletions app/modules/web/themes/material-blue/views/account/account-history.inc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ $accountAcl = $_getvar('accountAcl');
required
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="50"
value="<?php echo $accountData->getName() ?>"
value="<?php echo htmlspecialchars($accountData->getName(), ENT_QUOTES); ?>"
tabindex="1" readonly>
<label class="mdl-textfield__label"
for="name"><?php echo __('Account name'); ?></label>
Expand All @@ -75,7 +75,10 @@ $accountAcl = $_getvar('accountAcl');
<?php /** @var SelectItem $client */
foreach ($_getvar('clients') as $client): ?>
<option
value="<?php echo $client->getId(); ?>" <?php echo $client->isSelected() ? 'selected' : ''; ?>><?php echo $client->getName(); ?></option>
value="<?php echo $client->getId(); ?>"
<?php echo $client->isSelected() ? 'selected' : ''; ?>>
<?php echo htmlspecialchars($client->getName(), ENT_QUOTES); ?>
</option>
<?php endforeach; ?>
</select>
</td>
Expand All @@ -92,7 +95,10 @@ $accountAcl = $_getvar('accountAcl');
<?php /** @var SelectItem $category */
foreach ($_getvar('categories') as $category): ?>
<option
value="<?php echo $category->getId(); ?>" <?php echo $category->isSelected() ? 'selected' : ''; ?>><?php echo $category->getName(); ?></option>
value="<?php echo $category->getId(); ?>"
<?php echo $category->isSelected() ? 'selected' : ''; ?>>
<?php echo htmlspecialchars($category->getName(), ENT_QUOTES); ?>
</option>
<?php endforeach; ?>
</select>
</td>
Expand All @@ -118,7 +124,7 @@ $accountAcl = $_getvar('accountAcl');
<input id="login" name="login" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="50" tabindex="5"
value="<?php echo $accountData->getLogin(); ?>"
value="<?php echo htmlspecialchars($accountData->getLogin(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="name"><?php echo __('Access user'); ?></label>
Expand Down Expand Up @@ -149,7 +155,8 @@ $accountAcl = $_getvar('accountAcl');
rows="3" id="notes"
name="notes" tabindex="9"
maxlength="5000"
readonly><?php echo $accountData->getNotes(); ?></textarea>
readonly><?php echo htmlspecialchars($accountData->getNotes(), ENT_QUOTES); ?>
</textarea>
<label class="mdl-textfield__label"
for="notes"><?php echo __('Notes about the account'); ?></label>
</div>
Expand All @@ -170,7 +177,9 @@ $accountAcl = $_getvar('accountAcl');
foreach ($_getvar('historyData') as $history): ?>
<option
value="<?php echo $history->getId(); ?>"
<?php echo $history->isSelected() ? 'selected' : ''; ?>><?php echo $history->getName(); ?></option>
<?php echo $history->isSelected() ? 'selected' : ''; ?>>
<?php echo htmlspecialchars($history->getName(), ENT_QUOTES); ?>
</option>
<?php endforeach; ?>
</select>
</td>
Expand All @@ -179,7 +188,13 @@ $accountAcl = $_getvar('accountAcl');

<tr>
<td class="descField"><?php echo __('Last Modification'); ?></td>
<td class="valField"><?php printf('%s (%s)', $accountData->getDateEdit(), $accountData->getUserEditName() ?: $accountData->getUserEditLogin()); ?></td>
<td class="valField">
<?php printf(
'%s (%s)',
$accountData->getDateEdit(),
htmlspecialchars($accountData->getUserEditName(), ENT_QUOTES)
?: htmlspecialchars($accountData->getUserEditLogin(), ENT_QUOTES)); ?>
</td>
</tr>
</table>

Expand Down
12 changes: 6 additions & 6 deletions app/modules/web/themes/material-blue/views/account/account-link.inc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ $accountData = $_getvar('accountData');
<input id="name" name="name" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="50"
value="<?php echo $accountData->getName(); ?>"
value="<?php echo htmlspecialchars($accountData->getName(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="name"><?php echo __('Account name'); ?></label>
Expand All @@ -43,7 +43,7 @@ $accountData = $_getvar('accountData');
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="client" name="client" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $accountData->getClientName(); ?>"
value="<?php echo htmlspecialchars($accountData->getClientName(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="client"><?php echo __('Client'); ?></label>
Expand All @@ -56,7 +56,7 @@ $accountData = $_getvar('accountData');
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="category" name="category" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $accountData->getCategoryName(); ?>"
value="<?php echo htmlspecialchars($accountData->getCategoryName(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="category"><?php echo __('Category'); ?></label>
Expand All @@ -69,7 +69,7 @@ $accountData = $_getvar('accountData');
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="url" name="url" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $accountData->getUrl(); ?>"
value="<?php echo htmlspecialchars($accountData->getUrl(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="url"><?php echo __('URL / IP'); ?></label>
Expand All @@ -82,7 +82,7 @@ $accountData = $_getvar('accountData');
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="login" name="login" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $accountData->getLogin(); ?>"
value="<?php echo htmlspecialchars($accountData->getLogin(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="login"><?php echo __('User'); ?></label>
Expand All @@ -98,7 +98,7 @@ $accountData = $_getvar('accountData');
rows="3" id="notes"
name="notes"
maxlength="1000"
readonly><?php echo $accountData->getNotes(); ?></textarea>
readonly><?php echo htmlspecialchars($accountData->getNotes(), ENT_QUOTES); ?></textarea>
<label class="mdl-textfield__label"
for="notes"><?php echo __('Notes about the account'); ?></label>
</div>
Expand Down
20 changes: 10 additions & 10 deletions app/modules/web/themes/material-blue/views/account/account-permissions.inc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ use SP\Services\Account\AccountAcl;
<?php if ($otherUser->isSkip()): continue; endif; ?>
<option
value="<?php echo $otherUser->getId(); ?>"
<?php echo $otherUser->isSelected() ? 'selected' : '' ?>><?php echo $otherUser->getName(); ?></option>
<?php echo $otherUser->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($otherUser->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
<i class="material-icons select-icon"
Expand All @@ -49,7 +49,7 @@ use SP\Services\Account\AccountAcl;
<?php /** @var SelectItem $otherUser */
foreach ($_getvar('otherUsersView') as $otherUser): ?>
<?php if ($otherUser->isSelected()): ?>
<span class="tag"><?php echo $otherUser->getName(); ?></span>
<span class="tag"><?php echo htmlspecialchars($otherUser->getName(), ENT_QUOTES); ?></span>
<?php endif; ?>
<?php endforeach; ?>
</div>
Expand All @@ -69,7 +69,7 @@ use SP\Services\Account\AccountAcl;
<?php if ($otherUser->isSkip()): continue; endif; ?>
<option
value="<?php echo $otherUser->getId(); ?>"
<?php echo $otherUser->isSelected() ? 'selected' : '' ?>><?php echo $otherUser->getName(); ?></option>
<?php echo $otherUser->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($otherUser->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
<i class="material-icons select-icon"
Expand All @@ -82,7 +82,7 @@ use SP\Services\Account\AccountAcl;
<?php /** @var SelectItem $otherUser */
foreach ($_getvar('otherUsersEdit') as $otherUser): ?>
<?php if ($otherUser->isSelected()): ?>
<span class="tag"><?php echo $otherUser->getName(); ?></span>
<span class="tag"><?php echo htmlspecialchars($otherUser->getName(), ENT_QUOTES); ?></span>
<?php endif; ?>
<?php endforeach; ?>
</div>
Expand All @@ -108,7 +108,7 @@ use SP\Services\Account\AccountAcl;
<?php if ($otherUserGroup->isSkip()): continue; endif; ?>
<option
value="<?php echo $otherUserGroup->getId(); ?>"
<?php echo $otherUserGroup->isSelected() ? 'selected' : '' ?>><?php echo $otherUserGroup->getName(); ?></option>
<?php echo $otherUserGroup->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($otherUserGroup->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
<i class="material-icons select-icon"
Expand All @@ -121,7 +121,7 @@ use SP\Services\Account\AccountAcl;
<?php /** @var SelectItem $otherUserGroup */
foreach ($_getvar('otherUserGroupsView') as $otherUserGroup): ?>
<?php if ($otherUserGroup->isSelected()): ?>
<span class="tag"><?php echo $otherUserGroup->getName(); ?></span>
<span class="tag"><?php echo htmlspecialchars($otherUserGroup->getName(), ENT_QUOTES); ?></span>
<?php endif; ?>
<?php endforeach; ?>
</div>
Expand All @@ -141,7 +141,7 @@ use SP\Services\Account\AccountAcl;
<?php if ($otherUserGroup->isSkip()): continue; endif; ?>
<option
value="<?php echo $otherUserGroup->getId(); ?>"
<?php echo $otherUserGroup->isSelected() ? 'selected' : '' ?>><?php echo $otherUserGroup->getName(); ?></option>
<?php echo $otherUserGroup->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($otherUserGroup->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
<i class="material-icons select-icon"
Expand All @@ -154,7 +154,7 @@ use SP\Services\Account\AccountAcl;
<?php /** @var SelectItem $otherUserGroup */
foreach ($_getvar('otherUserGroupsEdit') as $otherUserGroup): ?>
<?php if ($otherUserGroup->isSelected()): ?>
<span class="tag"><?php echo $otherUserGroup->getName(); ?></span>
<span class="tag"><?php echo htmlspecialchars($otherUserGroup->getName(), ENT_QUOTES); ?></span>
<?php endif; ?>
<?php endforeach; ?>
</div>
Expand Down Expand Up @@ -190,7 +190,7 @@ use SP\Services\Account\AccountAcl;
foreach ($_getvar('users') as $user): ?>
<option
value="<?php echo $user->getId(); ?>"
<?php echo $user->isSelected() ? 'selected' : ''; ?>><?php echo $user->getName(); ?></option>
<?php echo $user->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
</td>
Expand All @@ -214,7 +214,7 @@ use SP\Services\Account\AccountAcl;
foreach ($_getvar('userGroups') as $userGroup): ?>
<option
value="<?php echo $userGroup->getId(); ?>"
<?php echo $userGroup->isSelected() ? 'selected' : ''; ?>><?php echo $userGroup->getName(); ?></option>
<?php echo $userGroup->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
</td>
Expand Down
4 changes: 2 additions & 2 deletions app/modules/web/themes/material-blue/views/account/account-request.inc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ $accountData = $_getvar('accountData');
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="name" name="name" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $accountData->getName(); ?>"
value="<?php echo htmlspecialchars($accountData->getName(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="name"><?php echo __('Account name'); ?></label>
Expand All @@ -46,7 +46,7 @@ $accountData = $_getvar('accountData');
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="client" name="client" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $accountData->getClientName(); ?>"
value="<?php echo htmlspecialchars($accountData->getClientName(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="client"><?php echo __('Client'); ?></label>
Expand Down
Loading

0 comments on commit 3c026f7

Please sign in to comment.