Browse code

bisschen XSS-Schutz

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@501 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on16/06/2007 14:17:05
Showing2 changed files
... ...
@@ -5,6 +5,8 @@ require_once('session/start.php');
5 5
 require_once('domains.php');
6 6
 require_once('jabberaccounts.php');
7 7
 
8
+require_once('inc/security.php');
9
+
8 10
 require_role(ROLE_CUSTOMER);
9 11
 
10 12
 DEBUG("GET: ".htmlentities(print_r($_GET, true))." / POST: ".htmlentities(print_r($_POST, true)));
... ...
@@ -19,8 +21,9 @@ output("<h3>Jabber-Accounts</h3>
19 21
 
20 22
 foreach ($jabberaccounts as $acc)
21 23
 {
22
-  $domain = get_domain_name($acc['domain']);
23
-  output("<tr><td>{$acc['local']}@$domain</td><td>".internal_link('chpass.php', 'Passwort ändern', 'account='.$acc['id'])."&nbsp;&nbsp;&nbsp;".internal_link('save.php', 'Löschen', 'action=delete&account='.$acc['id']).'</td></tr>');
24
+  $local = filter_input_general($acc['local']);
25
+  $domain = filter_input_general( get_domain_name($acc['domain']) );
26
+  output("<tr><td>{$local}@$domain</td><td>".internal_link('chpass.php', 'Passwort ändern', 'account='.$acc['id'])."&nbsp;&nbsp;&nbsp;".internal_link('save.php', 'Löschen', 'action=delete&account='.$acc['id']).'</td></tr>');
24 27
 }
25 28
 
26 29
 output('</table>
... ...
@@ -5,6 +5,9 @@ require_once('session/start.php');
5 5
 require_once('domains.php');
6 6
 require_once('jabberaccounts.php');
7 7
 
8
+require_once('inc/security.php');
9
+
10
+
8 11
 require_role(ROLE_CUSTOMER);
9 12
 
10 13
 require_once("inc/debug.php");
... ...
@@ -47,7 +50,7 @@ elseif ($_GET['action'] == 'chpass')
47 50
 elseif ($_GET['action'] == 'delete')
48 51
 {
49 52
   $account = get_jabberaccount_details($_GET['account']);
50
-  $account_string = $account['local'].'@'.$account['domain'];
53
+  $account_string = filter_input_general( $account['local'].'@'.$account['domain'] );
51 54
   $sure = user_is_sure();
52 55
   if ($sure === NULL)
53 56
   {