zu viel Input-Filterung entfernt (9c21832) - webinterface.git

@@ -41,25 +41,25 @@ output('<table><tr><th>Hostname</th><th>Typ</th><th>IP-Adresse/Inhalt</th><th>TT
 foreach ($records AS $rec)
 {
   $editable = true;
-  $data = ( $rec['ip'] ? $rec['ip'] : $rec['data'] );
+  $data = filter_input_general( $rec['ip'] ? $rec['ip'] : $rec['data'] );
   if ($rec['dyndns'])
   {
     if ($domain->fqdn == config('masterdomain'))
     { 
-      $data = '<em>DynDNS #'.$rec['dyndns'].'</em>';
+      $data = '<em>DynDNS #'.(int) $rec['dyndns'].'</em>';
       $editable = false;
     } else {
       $dyndns = get_dyndns_account($rec['dyndns']);
-      $data = internal_link('dyndns_edit', '<em>DynDNS #'.$rec['dyndns'].' ('.$dyndns['handle'].')</em>', 'id='.$rec['dyndns']);
+      $data = internal_link('dyndns_edit', '<em>DynDNS #'.(int) $rec['dyndns'].' ('.filter_input_general($dyndns['handle']).')</em>', 'id='.(int) $rec['dyndns']);
     }
   }
   if ($rec['type'] == 'mx')
   {
-    $data .= ' ('.$rec['spec'].')';
+    $data .= ' ('.(int) $rec['spec'].')';
   }
   if ($rec['type'] == 'sshfp')
   {
-    $data = $rec['spec'] . ' 1 ' . $data;
+    $data = (int) $rec['spec'] . ' 1 ' . $data;
   }
   $ttl = ($rec['ttl'] ? $rec['ttl'] : 3600);
   $link = $rec['fqdn'];
@@ -69,11 +69,11 @@ foreach ($records AS $rec)
   if ($editable) {
       $link = internal_link('dns_record_edit', $rec['fqdn'], "id={$rec['id']}");
   }
-  output("<tr><td>{$link}</td><td>".strtoupper($rec['type'])."</td><td>".filter_input_general($data)."</td><td>{$ttl} Sek.</td><td>".internal_link('dns_record_save', '<img src="'.$prefix.'images/delete.png" width="16" height="16" alt="löschen" title="Record löschen" />', "id={$rec['id']}&action=delete")."</td></tr>\n");
+  output("<tr><td>{$link}</td><td>".strtoupper($rec['type'])."</td><td>".$data."</td><td>{$ttl} Sek.</td><td>".internal_link('dns_record_save', '<img src="'.$prefix.'images/delete.png" width="16" height="16" alt="löschen" title="Record löschen" />', "id={$rec['id']}&action=delete")."</td></tr>\n");
 }  
 foreach ($auto_records AS $rec)
 {
-  $data = ( $rec['ip'] ? $rec['ip'] : $rec['data'] );
+  $data = filter_input_general( $rec['ip'] ? $rec['ip'] : $rec['data'] );
   $ttl = ($rec['ttl'] ? $rec['ttl'] : 3600);
   output("<tr><td><em>{$rec['fqdn']}</em></td><td>".strtoupper($rec['type'])."</td><td>$data</td><td>{$ttl} Sek.</td><td>&#160;</td></tr>\n");
   


...	...	@@ -41,25 +41,25 @@ output('<table><tr><th>Hostname</th><th>Typ</th><th>IP-Adresse/Inhalt</th><th>TT
41	41	foreach ($records AS $rec)
42	42	{
43	43	$editable = true;
44		- $data = ( $rec['ip'] ? $rec['ip'] : $rec['data'] );
	44	+ $data = filter_input_general( $rec['ip'] ? $rec['ip'] : $rec['data'] );
45	45	if ($rec['dyndns'])
46	46	{
47	47	if ($domain->fqdn == config('masterdomain'))
48	48	{
49		- $data = '<em>DynDNS #'.$rec['dyndns'].'</em>';
	49	+ $data = '<em>DynDNS #'.(int) $rec['dyndns'].'</em>';
50	50	$editable = false;
51	51	} else {
52	52	$dyndns = get_dyndns_account($rec['dyndns']);
53		- $data = internal_link('dyndns_edit', '<em>DynDNS #'.$rec['dyndns'].' ('.$dyndns['handle'].')</em>', 'id='.$rec['dyndns']);
	53	+ $data = internal_link('dyndns_edit', '<em>DynDNS #'.(int) $rec['dyndns'].' ('.filter_input_general($dyndns['handle']).')</em>', 'id='.(int) $rec['dyndns']);
54	54	}
55	55	}
56	56	if ($rec['type'] == 'mx')
57	57	{
58		- $data .= ' ('.$rec['spec'].')';
	58	+ $data .= ' ('.(int) $rec['spec'].')';
59	59	}
60	60	if ($rec['type'] == 'sshfp')
61	61	{
62		- $data = $rec['spec'] . ' 1 ' . $data;
	62	+ $data = (int) $rec['spec'] . ' 1 ' . $data;
63	63	}
64	64	$ttl = ($rec['ttl'] ? $rec['ttl'] : 3600);
65	65	$link = $rec['fqdn'];
...	...	@@ -69,11 +69,11 @@ foreach ($records AS $rec)
69	69	if ($editable) {
70	70	$link = internal_link('dns_record_edit', $rec['fqdn'], "id={$rec['id']}");
71	71	}
72		- output("<tr><td>{$link}</td><td>".strtoupper($rec['type'])."</td><td>".filter_input_general($data)."</td><td>{$ttl} Sek.</td><td>".internal_link('dns_record_save', '<img src="'.$prefix.'images/delete.png" width="16" height="16" alt="löschen" title="Record löschen" />', "id={$rec['id']}&action=delete")."</td></tr>\n");
	72	+ output("<tr><td>{$link}</td><td>".strtoupper($rec['type'])."</td><td>".$data."</td><td>{$ttl} Sek.</td><td>".internal_link('dns_record_save', '<img src="'.$prefix.'images/delete.png" width="16" height="16" alt="löschen" title="Record löschen" />', "id={$rec['id']}&action=delete")."</td></tr>\n");
73	73	}
74	74	foreach ($auto_records AS $rec)
75	75	{
76		- $data = ( $rec['ip'] ? $rec['ip'] : $rec['data'] );
	76	+ $data = filter_input_general( $rec['ip'] ? $rec['ip'] : $rec['data'] );
77	77	$ttl = ($rec['ttl'] ? $rec['ttl'] : 3600);
78	78	output("<tr><td><em>{$rec['fqdn']}</em></td><td>".strtoupper($rec['type'])."</td><td>$data</td><td>{$ttl} Sek.</td><td> </td></tr>\n");
79	79
80	80