Daten für Autoresponder bei der Ausgabe Filtern, nicht bei der Eingabe (2442fd9)

Daten für Autoresponder bei der Ausgabe Filtern, nicht bei der Eingabe

schokokeks.org web services commited on 2013-09-14 18:18:01
Zeige 2 geänderte Dateien mit 6 Einfügungen und 6 Löschungen.

modules/email/edit.php 9a1615e..9e1dbc8
modules/email/save.php 206303e..e1ca4d4

modules/email/edit.php

Zeige Datei @ 2442fd9

@@ -252,7 +252,7 @@ $form .= "<p><input type=\"radio\" name=\"ar_valid_until\" value=\"infinity\" id
   html_datepicker("ar_valid_until", strtotime($enddate))."</p>";
 
 
-$subject = $ar['subject'];
+$subject = filter_input_general($ar['subject']);
 if ($subject == NULL)
   $subject = '';
 $ar_subject_default_checked = ($subject == NULL) ? ' checked="checked"' : '';
@@ -263,7 +263,7 @@ $form .= "<h4>Betreffzeile der automatischen Antwort</h4>".
   "<input type=\"radio\" name=\"ar_subject\" value=\"custom\" id=\"ar_subject_custom\"{$ar_subject_custom_checked} /> ".
   "<label for=\"ar_subject_custom\">Anderer Betreff:</label> <input type=\"text\" name=\"ar_subject_value\" id=\"ar_subject_value\" value=\"{$subject}\"/></p>";
 
-$message = $ar['message'];
+$message = filter_input_general($ar['message']);
 $form .= "<h4>Inhalt der automatischen Antwort</h4>".
   "<p><textarea cols=\"80\" rows=\"10\" name=\"ar_message\" id=\"ar_message\">".$ar['message']."</textarea></p>";
 $quote = $ar['quote'];
@@ -277,7 +277,7 @@ $form .= "<p><label for=\"ar_quote\">Originalnachricht des Absenders </label>".
 
 $ar_from_default_checked = ($ar['fromname'] == NULL) ? ' checked="checked"' : '';
 $ar_from_custom_checked = ($ar['fromname'] != NULL) ? ' checked="checked"' : '';
-$fromname = $ar['fromname'];
+$fromname = filter_input_general($ar['fromname']);
 $form .= "<h4>Absender der automatischen Antwort</h4>".
   "<p><input type=\"radio\" name=\"ar_from\" value=\"default\" id=\"ar_from_default\"{$ar_from_default_checked} /> <label for=\"ar_from_default\">Nur E-Mail-Adresse</label><br />".
   "<input type=\"radio\" name=\"ar_from\" value=\"custom\" id=\"ar_from_custom\"{$ar_from_custom_checked} /> <label for=\"ar_from_custom\">Mit Name: </label> ".

modules/email/save.php

Zeige Datei @ 2442fd9

@@ -128,11 +128,11 @@ if ($_GET['action'] == 'edit')
   }
 
   if (isset($_POST['ar_subject']) && $_POST['ar_subject'] == 'custom' && isset($_POST['ar_subject_value']) && chop($_POST['ar_subject_value']) != '') {
-    $ar['subject'] = filter_input_general( chop($_POST['ar_subject_value']) );
+    $ar['subject'] = chop($_POST['ar_subject_value']);
   }
 
   if (isset($_POST['ar_message'])) {
-    $ar['message'] = filter_input_general( $_POST['ar_message'] );
+    $ar['message'] = $_POST['ar_message'];
   }
 
   if (isset($_POST['ar_quote'])) {
@@ -145,7 +145,7 @@ if ($_GET['action'] == 'edit')
   }
 
   if (isset($_POST['ar_from']) && $_POST['ar_from'] == 'custom' && isset($_POST['ar_fromname'])) {
-    $ar['fromname'] = filter_input_general( $_POST['ar_fromname']);
+    $ar['fromname'] = $_POST['ar_fromname'];
   }
     
   $account['autoresponder'] = $ar;


...	...	@@ -252,7 +252,7 @@ $form .= "<p><input type=\"radio\" name=\"ar_valid_until\" value=\"infinity\" id
252	252	html_datepicker("ar_valid_until", strtotime($enddate))."</p>";
253	253
254	254
255		-$subject = $ar['subject'];
	255	+$subject = filter_input_general($ar['subject']);
256	256	if ($subject == NULL)
257	257	$subject = '';
258	258	$ar_subject_default_checked = ($subject == NULL) ? ' checked="checked"' : '';
...	...	@@ -263,7 +263,7 @@ $form .= "<h4>Betreffzeile der automatischen Antwort</h4>".
263	263	"<input type=\"radio\" name=\"ar_subject\" value=\"custom\" id=\"ar_subject_custom\"{$ar_subject_custom_checked} /> ".
264	264	"<label for=\"ar_subject_custom\">Anderer Betreff:</label> <input type=\"text\" name=\"ar_subject_value\" id=\"ar_subject_value\" value=\"{$subject}\"/></p>";
265	265
266		-$message = $ar['message'];
	266	+$message = filter_input_general($ar['message']);
267	267	$form .= "<h4>Inhalt der automatischen Antwort</h4>".
268	268	"<p><textarea cols=\"80\" rows=\"10\" name=\"ar_message\" id=\"ar_message\">".$ar['message']."</textarea></p>";
269	269	$quote = $ar['quote'];
...	...	@@ -277,7 +277,7 @@ $form .= "<p><label for=\"ar_quote\">Originalnachricht des Absenders </label>".
277	277
278	278	$ar_from_default_checked = ($ar['fromname'] == NULL) ? ' checked="checked"' : '';
279	279	$ar_from_custom_checked = ($ar['fromname'] != NULL) ? ' checked="checked"' : '';
280		-$fromname = $ar['fromname'];
	280	+$fromname = filter_input_general($ar['fromname']);
281	281	$form .= "<h4>Absender der automatischen Antwort</h4>".
282	282	"<p><input type=\"radio\" name=\"ar_from\" value=\"default\" id=\"ar_from_default\"{$ar_from_default_checked} /> <label for=\"ar_from_default\">Nur E-Mail-Adresse</label><br />".
283	283	"<input type=\"radio\" name=\"ar_from\" value=\"custom\" id=\"ar_from_custom\"{$ar_from_custom_checked} /> <label for=\"ar_from_custom\">Mit Name: </label> ".

...	...	@@ -128,11 +128,11 @@ if ($_GET['action'] == 'edit')
128	128	}
129	129
130	130	if (isset($_POST['ar_subject']) && $_POST['ar_subject'] == 'custom' && isset($_POST['ar_subject_value']) && chop($_POST['ar_subject_value']) != '') {
131		- $ar['subject'] = filter_input_general( chop($_POST['ar_subject_value']) );
	131	+ $ar['subject'] = chop($_POST['ar_subject_value']);
132	132	}
133	133
134	134	if (isset($_POST['ar_message'])) {
135		- $ar['message'] = filter_input_general( $_POST['ar_message'] );
	135	+ $ar['message'] = $_POST['ar_message'];
136	136	}
137	137
138	138	if (isset($_POST['ar_quote'])) {
...	...	@@ -145,7 +145,7 @@ if ($_GET['action'] == 'edit')
145	145	}
146	146
147	147	if (isset($_POST['ar_from']) && $_POST['ar_from'] == 'custom' && isset($_POST['ar_fromname'])) {
148		- $ar['fromname'] = filter_input_general( $_POST['ar_fromname']);
	148	+ $ar['fromname'] = $_POST['ar_fromname'];
149	149	}
150	150
151	151	$account['autoresponder'] = $ar;
152	152

webinterface.git