From afb81d9fb402ac84936c6ba355d2de67e3cb1391 Mon Sep 17 00:00:00 2001 From: Jakob Haufe Date: Mon, 24 Aug 2020 13:39:08 +0200 Subject: [PATCH 1/4] Log which locale failed to load --- lib/SP/Core/Language.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/SP/Core/Language.php b/lib/SP/Core/Language.php index 4b20ea761..6cb338700 100644 --- a/lib/SP/Core/Language.php +++ b/lib/SP/Core/Language.php @@ -191,7 +191,7 @@ public static function setLocales($lang) $locale = setlocale(LC_ALL, $lang); if ($locale === false) { - logger('Could not set locale', 'ERROR'); + logger('Could not set locale to ' . $lang, 'ERROR'); logger('Domain path: ' . LOCALES_PATH); } else { logger('Locale set to: ' . $locale); From ec686eec5dfdcd1fba99693cc915c03a49ecda9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20D?= Date: Tue, 24 May 2022 06:56:44 +0200 Subject: [PATCH 2/4] fix: Prevent XSS on all output variables. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Rubén D --- .../views/account/account-editpass.inc | 6 +- .../views/account/account-history.inc | 29 ++++-- .../views/account/account-link.inc | 12 +-- .../views/account/account-permissions.inc | 20 ++-- .../views/account/account-request.inc | 4 +- .../material-blue/views/account/account.inc | 89 +++++++++++++----- .../material-blue/views/account/details.inc | 8 +- .../views/account/files-list.inc | 4 +- .../views/account/linkedAccounts.inc | 2 +- .../views/account/search-rows.inc | 92 ++++++++++++++----- .../views/account/search-searchbox.inc | 6 +- .../views/common/aux-customfields.inc | 8 +- .../material-blue/views/config/encryption.inc | 2 +- .../views/config/general-auth.inc | 4 +- .../material-blue/views/config/import.inc | 4 +- .../material-blue/views/config/ldap.inc | 7 +- .../views/config/wiki-dokuwiki.inc | 2 +- .../views/itemshow/account_bulkedit.inc | 18 ++-- .../views/itemshow/auth_token.inc | 4 +- .../material-blue/views/itemshow/category.inc | 4 +- .../material-blue/views/itemshow/client.inc | 4 +- .../views/itemshow/custom_field.inc | 2 +- .../material-blue/views/itemshow/file.inc | 2 +- .../views/itemshow/item_preset-password.inc | 2 +- .../views/itemshow/item_preset-permission.inc | 8 +- .../views/itemshow/item_preset.inc | 6 +- .../views/itemshow/public_link.inc | 9 +- .../material-blue/views/itemshow/tag.inc | 2 +- .../material-blue/views/itemshow/user.inc | 22 +++-- .../views/itemshow/user_group.inc | 25 +++-- .../views/itemshow/user_pass.inc | 4 +- .../views/itemshow/user_profile.inc | 2 +- .../views/notification/notification.inc | 29 ++++-- 33 files changed, 291 insertions(+), 151 deletions(-) diff --git a/app/modules/web/themes/material-blue/views/account/account-editpass.inc b/app/modules/web/themes/material-blue/views/account/account-editpass.inc index 18d3c88da..c0fe386b1 100644 --- a/app/modules/web/themes/material-blue/views/account/account-editpass.inc +++ b/app/modules/web/themes/material-blue/views/account/account-editpass.inc @@ -37,7 +37,7 @@ $accountAcl = $_getvar('accountAcl');
@@ -50,7 +50,7 @@ $accountAcl = $_getvar('accountAcl');
@@ -76,7 +76,7 @@ $accountAcl = $_getvar('accountAcl');
diff --git a/app/modules/web/themes/material-blue/views/account/account-history.inc b/app/modules/web/themes/material-blue/views/account/account-history.inc index bee4ec23c..e1f6014c1 100644 --- a/app/modules/web/themes/material-blue/views/account/account-history.inc +++ b/app/modules/web/themes/material-blue/views/account/account-history.inc @@ -57,7 +57,7 @@ $accountAcl = $_getvar('accountAcl'); required class="mdl-textfield__input mdl-color-text--indigo-400" maxlength="50" - value="getName() ?>" + value="getName(), ENT_QUOTES); ?>" tabindex="1" readonly> @@ -75,7 +75,10 @@ $accountAcl = $_getvar('accountAcl'); + value="getId(); ?>" + isSelected() ? 'selected' : ''; ?>> + getName(), ENT_QUOTES); ?> + @@ -92,7 +95,10 @@ $accountAcl = $_getvar('accountAcl'); + value="getId(); ?>" + isSelected() ? 'selected' : ''; ?>> + getName(), ENT_QUOTES); ?> + @@ -118,7 +124,7 @@ $accountAcl = $_getvar('accountAcl'); @@ -149,7 +155,8 @@ $accountAcl = $_getvar('accountAcl'); rows="3" id="notes" name="notes" tabindex="9" maxlength="5000" - readonly>getNotes(); ?> + readonly>getNotes(), ENT_QUOTES); ?> +
@@ -170,7 +177,9 @@ $accountAcl = $_getvar('accountAcl'); foreach ($_getvar('historyData') as $history): ?> + isSelected() ? 'selected' : ''; ?>> + getName(), ENT_QUOTES); ?> + @@ -179,7 +188,13 @@ $accountAcl = $_getvar('accountAcl'); - getDateEdit(), $accountData->getUserEditName() ?: $accountData->getUserEditLogin()); ?> + + getDateEdit(), + htmlspecialchars($accountData->getUserEditName(), ENT_QUOTES) + ?: htmlspecialchars($accountData->getUserEditLogin(), ENT_QUOTES)); ?> + diff --git a/app/modules/web/themes/material-blue/views/account/account-link.inc b/app/modules/web/themes/material-blue/views/account/account-link.inc index a8a3eefc4..45feabb53 100644 --- a/app/modules/web/themes/material-blue/views/account/account-link.inc +++ b/app/modules/web/themes/material-blue/views/account/account-link.inc @@ -30,7 +30,7 @@ $accountData = $_getvar('accountData'); @@ -43,7 +43,7 @@ $accountData = $_getvar('accountData');
@@ -56,7 +56,7 @@ $accountData = $_getvar('accountData');
@@ -69,7 +69,7 @@ $accountData = $_getvar('accountData');
@@ -82,7 +82,7 @@ $accountData = $_getvar('accountData');
@@ -98,7 +98,7 @@ $accountData = $_getvar('accountData'); rows="3" id="notes" name="notes" maxlength="1000" - readonly>getNotes(); ?> + readonly>getNotes(), ENT_QUOTES); ?>
diff --git a/app/modules/web/themes/material-blue/views/account/account-permissions.inc b/app/modules/web/themes/material-blue/views/account/account-permissions.inc index 8711308f6..e29f2710d 100644 --- a/app/modules/web/themes/material-blue/views/account/account-permissions.inc +++ b/app/modules/web/themes/material-blue/views/account/account-permissions.inc @@ -36,7 +36,7 @@ use SP\Services\Account\AccountAcl; isSkip()): continue; endif; ?> + isSelected() ? 'selected' : '' ?>>getName(), ENT_QUOTES); ?> isSelected()): ?> - getName(); ?> + getName(), ENT_QUOTES); ?>
@@ -69,7 +69,7 @@ use SP\Services\Account\AccountAcl; isSkip()): continue; endif; ?> + isSelected() ? 'selected' : '' ?>>getName(), ENT_QUOTES); ?> isSelected()): ?> - getName(); ?> + getName(), ENT_QUOTES); ?>
@@ -108,7 +108,7 @@ use SP\Services\Account\AccountAcl; isSkip()): continue; endif; ?> + isSelected() ? 'selected' : '' ?>>getName(), ENT_QUOTES); ?> isSelected()): ?> - getName(); ?> + getName(), ENT_QUOTES); ?>
@@ -141,7 +141,7 @@ use SP\Services\Account\AccountAcl; isSkip()): continue; endif; ?> + isSelected() ? 'selected' : '' ?>>getName(), ENT_QUOTES); ?> isSelected()): ?> - getName(); ?> + getName(), ENT_QUOTES); ?>
@@ -190,7 +190,7 @@ use SP\Services\Account\AccountAcl; foreach ($_getvar('users') as $user): ?> + isSelected() ? 'selected' : ''; ?>>getName(), ENT_QUOTES); ?> @@ -214,7 +214,7 @@ use SP\Services\Account\AccountAcl; foreach ($_getvar('userGroups') as $userGroup): ?> + isSelected() ? 'selected' : ''; ?>>getName(), ENT_QUOTES); ?> diff --git a/app/modules/web/themes/material-blue/views/account/account-request.inc b/app/modules/web/themes/material-blue/views/account/account-request.inc index ce2cd94fe..4882b0d60 100644 --- a/app/modules/web/themes/material-blue/views/account/account-request.inc +++ b/app/modules/web/themes/material-blue/views/account/account-request.inc @@ -33,7 +33,7 @@ $accountData = $_getvar('accountData');
@@ -46,7 +46,7 @@ $accountData = $_getvar('accountData');
diff --git a/app/modules/web/themes/material-blue/views/account/account.inc b/app/modules/web/themes/material-blue/views/account/account.inc index 683232660..f3d69b103 100644 --- a/app/modules/web/themes/material-blue/views/account/account.inc +++ b/app/modules/web/themes/material-blue/views/account/account.inc @@ -82,8 +82,11 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0; required class="mdl-textfield__input mdl-color-text--indigo-400" maxlength="100" - value="getName()) : ''; ?>" - > + value="getName(), ENT_QUOTES) + : ''; ?>" + + >
@@ -101,7 +104,13 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0; + value="getId(); ?>" + getId() === $accountData->getClientId()) + ? 'selected' + : ''; ?> + > + getName(), ENT_QUOTES); ?> + @@ -127,7 +136,13 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0; + value="getId(); ?>" + getId() === $accountData->getCategoryId()) + ? 'selected' + : ''; ?> + > + getName(), ENT_QUOTES); ?> + @@ -148,7 +163,11 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0; > + value="getUrl() + : ''; ?>" + + >
@@ -161,7 +180,11 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0; > + value="getLogin(), ENT_QUOTES) + : ''; ?>" + + >
@@ -206,7 +229,9 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0; type="date" class="mdl-textfield__input mdl-color-text--indigo-400 password-datefield__input" value="" - data-dst-unix="password_date_expire_unix" > + data-dst-unix="password_date_expire_unix" + + > @@ -228,7 +253,11 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0; class="mdl-textfield__input mdl-color-text--indigo-400" rows="3" id="notes" name="notes" - maxlength="5000" >getNotes(), ENT_QUOTES) : ''; ?> + maxlength="5000" > + getNotes(), ENT_QUOTES) + : ''; ?> + @@ -245,7 +274,10 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0; - + @@ -255,7 +287,9 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0; data-item-route="items/tags" data-item-dst="tags" data-item-id="0" - data-onclick="appMgmt/show">getIconAdd()->getIcon(); ?> + data-onclick="appMgmt/show"> + getIconAdd()->getIcon(); ?> + 0; isSelected()): ?> - getName(); ?> + getName(), ENT_QUOTES); ?> @@ -312,7 +346,9 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0; + value="getId(); ?>"> + getName(), ENT_QUOTES); ?> + @@ -324,7 +360,10 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0; && $accountData->getUserEditName()): ?> - getDateEdit(), $accountData->getUserEditName()); ?> + getDateEdit(), + htmlspecialchars($accountData->getUserEditName(), ENT_QUOTES)); ?> + @@ -344,18 +383,20 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0; - - - -
+ + + + +
- - getIconPublicLink()->getIcon(); ?> - - - + + getIconPublicLink()->getIcon(); ?> + + + + diff --git a/app/modules/web/themes/material-blue/views/account/details.inc b/app/modules/web/themes/material-blue/views/account/details.inc index f2e3a0c55..e4e99ae3c 100644 --- a/app/modules/web/themes/material-blue/views/account/details.inc +++ b/app/modules/web/themes/material-blue/views/account/details.inc @@ -39,7 +39,7 @@ use SP\Services\Account\AccountAcl;
- getDateEdit(), $accountData->getUserEditName()); ?> + getDateEdit(), htmlspecialchars($accountData->getUserEditName(), ENT_QUOTES)); ?> @@ -49,7 +49,7 @@ use SP\Services\Account\AccountAcl;
- getUserName() ?: $accountData->getUserLogin(); ?> + getUserName(), ENT_QUOTES) ?: htmlspecialchars($accountData->getUserLogin(), ENT_QUOTES); ?> @@ -57,7 +57,7 @@ use SP\Services\Account\AccountAcl;
- getUserGroupName(); ?> + getUserGroupName(), ENT_QUOTES); ?> @@ -75,7 +75,7 @@ use SP\Services\Account\AccountAcl;
- getUserEditName() ?: $accountData->getUserEditLogin(); ?> + getUserEditName(), ENT_QUOTES) ?: htmlspecialchars($accountData->getUserEditLogin(), ENT_QUOTES); ?> diff --git a/app/modules/web/themes/material-blue/views/account/files-list.inc b/app/modules/web/themes/material-blue/views/account/files-list.inc index 2c1e16ddd..400b445c0 100644 --- a/app/modules/web/themes/material-blue/views/account/files-list.inc +++ b/app/modules/web/themes/material-blue/views/account/files-list.inc @@ -20,14 +20,14 @@ use SP\Html\Html; ?>
  • + title="getName(), ENT_QUOTES); ?>"> attachment getName(), 50), $file->getSize() / 1024); ?> getThumb() !== 'no_thumb'): ?> - layers - name, $account->clientName); ?> + name, ENT_QUOTES), htmlspecialchars($account->clientName, ENT_QUOTES)); ?> getClientName()); ?> + class="mdl-chip__contact mdl-color-text--white"> + getClientName()), ENT_QUOTES); ?> + getShortClientName(); ?> + title="getClientName(), ENT_QUOTES); ?>"> + getShortClientName(), ENT_QUOTES); ?> + getClientName()); ?> + class="mdl-chip__contact mdl-color-text--white"> + getClientName()), ENT_QUOTES); ?> + getShortClientName(); ?> + title="getClientName(), ENT_QUOTES); ?>"> + getShortClientName(), ENT_QUOTES); ?> + @@ -68,23 +76,27 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff'); class="btn-action" data-action-route="" data-item-id="getId(); ?>" - data-onclick="account/view">getName(); ?> + data-onclick="account/view">getName(), ENT_QUOTES); ?>
    - getName(); ?> + getName(), ENT_QUOTES); ?>
    -
    getCategoryName(); ?>
    +
    + getCategoryName(), ENT_QUOTES); ?> +
    isShow()): ?>
    -
    getShortLogin(); ?>
    +
    + getShortLogin(), ENT_QUOTES); ?> +
    @@ -92,7 +104,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff'); isUrlIslink()): ?> getShortUrl(); ?> + title="getUrl()); ?>"> + getShortUrl(); ?> +
    getShortUrl(); ?>
    @@ -106,7 +120,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
    getTags() as $tag): ?> name; ?> + data-tag-id="id; ?>"> + name, ENT_QUOTES); ?> +
    @@ -120,7 +136,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff'); getIconWarning()->getIcon(); ?>     + class="mdl-tooltip mdl-tooltip--top"> + + getIsPrivate() === 1): ?> @@ -128,13 +146,17 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff'); class="material-icons">lock     + class="mdl-tooltip mdl-tooltip--top"> + + getIsPrivateGroup() === 1): ?> lock_open + class="mdl-tooltip mdl-tooltip--top"> + + face @@ -159,7 +181,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff'); data-status="">star     + class="mdl-tooltip mdl-tooltip--top"> + + star_border + class="mdl-tooltip mdl-tooltip--top"> + + getNotes() !== ''): ?> @@ -192,7 +218,11 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
    - getNumFiles()); ?> + getNumFiles() + ); ?>
    @@ -205,9 +235,17 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');

    - getPublicLinkDateExpire())); ?> + getPublicLinkDateExpire()) + ); ?>
    - getPublicLinkTotalCountViews()); ?> + getPublicLinkTotalCountViews() + ); ?>

    @@ -216,7 +254,7 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff'); isWikiMatch($wikiFilter)): ?> - library_books @@ -224,10 +262,10 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff'); library_books - library_books @@ -248,7 +286,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff'); class="btn-action material-icons getClassesAsString(), ' ', $action->getIcon()->getClass(); ?>" data-item-id="getId(); ?>" data-parent-id="getParentId(); ?>" - getData() as $dataName => $dataValue): printf('data-%s="%s"', $dataName, $dataValue); endforeach; ?>> + getData() as $dataName => $dataValue): + printf('data-%s="%s"', $dataName, $dataValue); + endforeach; ?>> getIcon()->getIcon(); ?> getData() as $dataName => $dataValue): printf('data-%s="%s"', $dataName, $dataValue); endforeach; ?>> + getData() as $dataName => $dataValue): + printf('data-%s="%s"', $dataName, $dataValue); + endforeach; ?>> getIcon()->getIcon(); ?> + title="getTitle(); ?>"> + getIcon()->getIcon(); ?> + getName(); ?>
    • diff --git a/app/modules/web/themes/material-blue/views/account/search-searchbox.inc b/app/modules/web/themes/material-blue/views/account/search-searchbox.inc index 0e3524d96..f1d106301 100644 --- a/app/modules/web/themes/material-blue/views/account/search-searchbox.inc +++ b/app/modules/web/themes/material-blue/views/account/search-searchbox.inc @@ -44,7 +44,7 @@ $pager = $data->getPager(); + value="getId(); ?>" isSelected() ? 'selected' : ''; ?>>getName(), ENT_QUOTES); ?> @@ -54,7 +54,7 @@ $pager = $data->getPager(); + value="getId(); ?>" isSelected() ? 'selected' : ''; ?>>getName(), ENT_QUOTES); ?> @@ -135,7 +135,7 @@ $pager = $data->getPager(); + value="getId(); ?>" isSelected() ? 'selected' : ''; ?>>getName(), ENT_QUOTES); ?> diff --git a/app/modules/web/themes/material-blue/views/common/aux-customfields.inc b/app/modules/web/themes/material-blue/views/common/aux-customfields.inc index 98c2b51cb..5b45f7ab7 100644 --- a/app/modules/web/themes/material-blue/views/common/aux-customfields.inc +++ b/app/modules/web/themes/material-blue/views/common/aux-customfields.inc @@ -15,7 +15,7 @@ $customFields = $_getvar('customFields'); foreach ($customFields as $index => $field):?> - definitionName; ?> + definitionName, ENT_QUOTES); ?> isEncrypted && $field->isValueEncrypted === true): ?> @@ -58,7 +58,7 @@ foreach ($customFields as $index => $field):?> maxlength="500" value="value) ? '***' : htmlspecialchars($field->value, ENT_QUOTES); ?>" required ? 'required' : ''; ?> > + for="formId; ?>">definitionName, ENT_QUOTES); ?> typeName === 'textarea'): ?>
    @@ -68,7 +68,7 @@ foreach ($customFields as $index => $field):?> name="customfield[definitionId; ?>]" id="formId; ?>" >value, ENT_QUOTES); ?> + for="formId; ?>">definitionName, ENT_QUOTES); ?>
    @@ -79,7 +79,7 @@ foreach ($customFields as $index => $field):?> maxlength="500" value="value, ENT_QUOTES); ?>" required ? 'required' : ''; ?> > + for="formId; ?>">definitionName, ENT_QUOTES); ?>
    diff --git a/app/modules/web/themes/material-blue/views/config/encryption.inc b/app/modules/web/themes/material-blue/views/config/encryption.inc index 9d172a63d..98e3ae4d8 100644 --- a/app/modules/web/themes/material-blue/views/config/encryption.inc +++ b/app/modules/web/themes/material-blue/views/config/encryption.inc @@ -307,7 +307,7 @@ $disabled = $configData->isMaintenance() ? '' : 'disabled'; + value="getId(); ?>">getName(), ENT_QUOTES); ?> diff --git a/app/modules/web/themes/material-blue/views/config/general-auth.inc b/app/modules/web/themes/material-blue/views/config/general-auth.inc index b212f0a63..a9c01e2ad 100644 --- a/app/modules/web/themes/material-blue/views/config/general-auth.inc +++ b/app/modules/web/themes/material-blue/views/config/general-auth.inc @@ -101,7 +101,7 @@ use SP\Mvc\View\Template; + value="getId(); ?>" getId() === $configData->getSsoDefaultGroup() ? 'selected' : ''; ?>>getName(), ENT_QUOTES); ?> @@ -127,7 +127,7 @@ use SP\Mvc\View\Template; + value="getId(); ?>" getId() === $configData->getSsoDefaultProfile()) ? 'selected' : ''; ?>>getName(), ENT_QUOTES); ?> diff --git a/app/modules/web/themes/material-blue/views/config/import.inc b/app/modules/web/themes/material-blue/views/config/import.inc index ad5d04feb..6a1f87481 100644 --- a/app/modules/web/themes/material-blue/views/config/import.inc +++ b/app/modules/web/themes/material-blue/views/config/import.inc @@ -41,7 +41,7 @@ use SP\Mvc\View\Template; foreach ($_getvar('users') as $user): ?> @@ -69,7 +69,7 @@ use SP\Mvc\View\Template; foreach ($_getvar('userGroups') as $userGroup): ?> diff --git a/app/modules/web/themes/material-blue/views/config/ldap.inc b/app/modules/web/themes/material-blue/views/config/ldap.inc index 80e1f2343..ed31b130d 100644 --- a/app/modules/web/themes/material-blue/views/config/ldap.inc +++ b/app/modules/web/themes/material-blue/views/config/ldap.inc @@ -286,7 +286,10 @@ use SP\Mvc\View\Template; + value="getId(); ?>" + getId() === $configData->getLdapDefaultGroup() ? 'selected' : ''; ?>> + getName(), ENT_QUOTES); ?> + @@ -312,7 +315,7 @@ use SP\Mvc\View\Template; + value="getId(); ?>" getId() === $configData->getLdapDefaultProfile()) ? 'selected' : ''; ?>>getName(), ENT_QUOTES); ?> diff --git a/app/modules/web/themes/material-blue/views/config/wiki-dokuwiki.inc b/app/modules/web/themes/material-blue/views/config/wiki-dokuwiki.inc index fb815e563..077ce8a7c 100644 --- a/app/modules/web/themes/material-blue/views/config/wiki-dokuwiki.inc +++ b/app/modules/web/themes/material-blue/views/config/wiki-dokuwiki.inc @@ -181,7 +181,7 @@ use SP\Mvc\View\Template; type="text" class="mdl-textfield__input mdl-color-text--indigo-400" maxlength="128" - value="getDokuwikiNamespace(); ?>"/> + value="getDokuwikiNamespace(), ENT_QUOTES); ?>"/> diff --git a/app/modules/web/themes/material-blue/views/itemshow/account_bulkedit.inc b/app/modules/web/themes/material-blue/views/itemshow/account_bulkedit.inc index 0b5ce7136..0a0857baf 100644 --- a/app/modules/web/themes/material-blue/views/itemshow/account_bulkedit.inc +++ b/app/modules/web/themes/material-blue/views/itemshow/account_bulkedit.inc @@ -51,7 +51,7 @@ use SP\Mvc\View\Template; + value="getId(); ?>">getName(), ENT_QUOTES); ?> @@ -67,7 +67,7 @@ use SP\Mvc\View\Template; + value="getId(); ?>">getName(), ENT_QUOTES); ?> @@ -83,7 +83,7 @@ use SP\Mvc\View\Template; + value="getId(); ?>">getName(), ENT_QUOTES); ?> @@ -99,7 +99,7 @@ use SP\Mvc\View\Template; + value="getId(); ?>">getName(), ENT_QUOTES); ?> @@ -112,7 +112,7 @@ use SP\Mvc\View\Template; class="select-box-tags"> - + @@ -136,7 +136,7 @@ use SP\Mvc\View\Template; + value="getId(); ?>">getName(), ENT_QUOTES); ?> @@ -161,7 +161,7 @@ use SP\Mvc\View\Template; + value="getId(); ?>">getName(), ENT_QUOTES); ?> @@ -193,7 +193,7 @@ use SP\Mvc\View\Template; + value="getId(); ?>">getName(), ENT_QUOTES); ?> @@ -218,7 +218,7 @@ use SP\Mvc\View\Template; + value="getId(); ?>">getName(), ENT_QUOTES); ?> diff --git a/app/modules/web/themes/material-blue/views/itemshow/auth_token.inc b/app/modules/web/themes/material-blue/views/itemshow/auth_token.inc index baebb8ee4..ca9f554d2 100644 --- a/app/modules/web/themes/material-blue/views/itemshow/auth_token.inc +++ b/app/modules/web/themes/material-blue/views/itemshow/auth_token.inc @@ -35,7 +35,7 @@ $authToken = $_getvar('authToken'); - + @@ -51,7 +51,7 @@ $authToken = $_getvar('authToken'); - + diff --git a/app/modules/web/themes/material-blue/views/itemshow/category.inc b/app/modules/web/themes/material-blue/views/itemshow/category.inc index 5b6485b69..021341d4d 100644 --- a/app/modules/web/themes/material-blue/views/itemshow/category.inc +++ b/app/modules/web/themes/material-blue/views/itemshow/category.inc @@ -32,7 +32,7 @@ $category = $_getvar('category'); + value="getName(), ENT_QUOTES); ?>"> @@ -45,7 +45,7 @@ $category = $_getvar('category'); + value="getDescription(), ENT_QUOTES); ?>"> diff --git a/app/modules/web/themes/material-blue/views/itemshow/client.inc b/app/modules/web/themes/material-blue/views/itemshow/client.inc index e994fb321..ef1974a95 100644 --- a/app/modules/web/themes/material-blue/views/itemshow/client.inc +++ b/app/modules/web/themes/material-blue/views/itemshow/client.inc @@ -32,7 +32,7 @@ $client = $_getvar('client'); + value="getName(), ENT_QUOTES); ?>"> @@ -46,7 +46,7 @@ $client = $_getvar('client'); + value="getDescription(), ENT_QUOTES); ?>"> diff --git a/app/modules/web/themes/material-blue/views/itemshow/custom_field.inc b/app/modules/web/themes/material-blue/views/itemshow/custom_field.inc index a857f6d1c..40913ab22 100644 --- a/app/modules/web/themes/material-blue/views/itemshow/custom_field.inc +++ b/app/modules/web/themes/material-blue/views/itemshow/custom_field.inc @@ -34,7 +34,7 @@ $field = $_getvar('field'); + value="getName(), ENT_QUOTES); ?>"> diff --git a/app/modules/web/themes/material-blue/views/itemshow/file.inc b/app/modules/web/themes/material-blue/views/itemshow/file.inc index 5e7bcb59a..dd27674b1 100644 --- a/app/modules/web/themes/material-blue/views/itemshow/file.inc +++ b/app/modules/web/themes/material-blue/views/itemshow/file.inc @@ -18,7 +18,7 @@ $fileData = $_getvar('fileData'); -
    getName(); ?>
    +
    getName(), ENT_QUOTES); ?>
    \ No newline at end of file diff --git a/app/modules/web/themes/material-blue/views/itemshow/item_preset-password.inc b/app/modules/web/themes/material-blue/views/itemshow/item_preset-password.inc index c0ae6302b..e3f51fa46 100644 --- a/app/modules/web/themes/material-blue/views/itemshow/item_preset-password.inc +++ b/app/modules/web/themes/material-blue/views/itemshow/item_preset-password.inc @@ -66,7 +66,7 @@ $password = $_getvar('password');
    + value="getRegex(), ENT_QUOTES); ?>"/>
    diff --git a/app/modules/web/themes/material-blue/views/itemshow/item_preset-permission.inc b/app/modules/web/themes/material-blue/views/itemshow/item_preset-permission.inc index 7a796a55c..69e94fa8a 100644 --- a/app/modules/web/themes/material-blue/views/itemshow/item_preset-permission.inc +++ b/app/modules/web/themes/material-blue/views/itemshow/item_preset-permission.inc @@ -28,7 +28,7 @@ use SP\Mvc\View\Template; isSkip()): continue; endif; ?> + isSelected() ? 'selected' : '' ?>>getName(), ENT_QUOTES); ?> @@ -46,7 +46,7 @@ use SP\Mvc\View\Template; isSkip()): continue; endif; ?> + isSelected() ? 'selected' : '' ?>>getName(), ENT_QUOTES); ?> @@ -71,7 +71,7 @@ use SP\Mvc\View\Template; isSkip()): continue; endif; ?> + isSelected() ? 'selected' : '' ?>>getName(), ENT_QUOTES); ?> @@ -89,7 +89,7 @@ use SP\Mvc\View\Template; isSkip()): continue; endif; ?> + isSelected() ? 'selected' : '' ?>>getName(), ENT_QUOTES); ?> diff --git a/app/modules/web/themes/material-blue/views/itemshow/item_preset.inc b/app/modules/web/themes/material-blue/views/itemshow/item_preset.inc index f952107bf..1f6e6137a 100644 --- a/app/modules/web/themes/material-blue/views/itemshow/item_preset.inc +++ b/app/modules/web/themes/material-blue/views/itemshow/item_preset.inc @@ -49,7 +49,7 @@ $preset = $_getvar('preset'); + value="getId(); ?>" isSelected() ? 'selected' : ''; ?>>getName(), ENT_QUOTES); ?> @@ -67,7 +67,7 @@ $preset = $_getvar('preset'); + value="getId(); ?>" isSelected() ? 'selected' : ''; ?>>getName(), ENT_QUOTES); ?> @@ -85,7 +85,7 @@ $preset = $_getvar('preset'); + value="getId(); ?>" isSelected() ? 'selected' : ''; ?>>getName(), ENT_QUOTES); ?> diff --git a/app/modules/web/themes/material-blue/views/itemshow/public_link.inc b/app/modules/web/themes/material-blue/views/itemshow/public_link.inc index c9ace8145..fa4fdb14c 100644 --- a/app/modules/web/themes/material-blue/views/itemshow/public_link.inc +++ b/app/modules/web/themes/material-blue/views/itemshow/public_link.inc @@ -36,7 +36,14 @@ $publicLink = $_getvar('publicLink'); + value="getId(); ?>" + isSelected() ? 'selected' : ''; ?>> + getName(), ENT_QUOTES), + htmlspecialchars($account->getItemProperty('clientName'), ENT_QUOTES) + ); ?> + diff --git a/app/modules/web/themes/material-blue/views/itemshow/tag.inc b/app/modules/web/themes/material-blue/views/itemshow/tag.inc index 36da664ec..952431ade 100644 --- a/app/modules/web/themes/material-blue/views/itemshow/tag.inc +++ b/app/modules/web/themes/material-blue/views/itemshow/tag.inc @@ -31,7 +31,7 @@ $tag = $_getvar('tag'); + value="getName(), ENT_QUOTES); ?>"> diff --git a/app/modules/web/themes/material-blue/views/itemshow/user.inc b/app/modules/web/themes/material-blue/views/itemshow/user.inc index 3ce26a59b..262d623b6 100644 --- a/app/modules/web/themes/material-blue/views/itemshow/user.inc +++ b/app/modules/web/themes/material-blue/views/itemshow/user.inc @@ -49,7 +49,7 @@ $user = $_getvar('user'); > @@ -64,7 +64,7 @@ $user = $_getvar('user'); isLdap() ? 'readonly' : $_getvar('readonly'); ?>> @@ -84,7 +84,7 @@ $user = $_getvar('user'); > @@ -100,7 +100,7 @@ $user = $_getvar('user'); > @@ -154,7 +154,7 @@ $user = $_getvar('user'); + value="getId(); ?>" getId() === $user->getUserProfileId()) ? 'selected' : ''; ?>>getName(), ENT_QUOTES); ?> @@ -172,7 +172,7 @@ $user = $_getvar('user'); + value="getId(); ?>" getId() === $user->getUserGroupId()) ? 'selected' : ''; ?>>getName(), ENT_QUOTES); ?> @@ -184,7 +184,9 @@ $user = $_getvar('user');
    + maxlength="1000" > + getNotes(), ENT_QUOTES); ?> +
    @@ -339,7 +341,11 @@ $user = $_getvar('user'); title="ref; ?>"> icon; ?> - ref, $item->name ?: $item->id); ?> + ref, + htmlspecialchars($item->name, ENT_QUOTES) ?: $item->id + ); ?> diff --git a/app/modules/web/themes/material-blue/views/itemshow/user_group.inc b/app/modules/web/themes/material-blue/views/itemshow/user_group.inc index 427bc44b4..2f467c263 100644 --- a/app/modules/web/themes/material-blue/views/itemshow/user_group.inc +++ b/app/modules/web/themes/material-blue/views/itemshow/user_group.inc @@ -35,7 +35,7 @@ $group = $_getvar('group'); + value="getName(), ENT_QUOTES); ?>"> @@ -49,7 +49,7 @@ $group = $_getvar('group'); + value="getDescription(), ENT_QUOTES); ?>"> @@ -69,7 +69,10 @@ $group = $_getvar('group'); + value="getId(); ?>" + isSelected() ? 'selected' : ''; ?>> + getName(), ENT_QUOTES); ?> + @@ -79,7 +82,9 @@ $group = $_getvar('group'); isSelected()): ?> - getName(); ?> + + getName(), ENT_QUOTES); ?> + @@ -107,9 +112,17 @@ $group = $_getvar('group'); person ref === 'UserGroup'): ?> - name, $user->login); ?> + name, ENT_QUOTES), + htmlspecialchars($user->login, ENT_QUOTES) + ); ?> - name, $user->login); ?> + name, ENT_QUOTES), + htmlspecialchars($user->login, ENT_QUOTES) + ); ?> diff --git a/app/modules/web/themes/material-blue/views/itemshow/user_pass.inc b/app/modules/web/themes/material-blue/views/itemshow/user_pass.inc index 4650104a5..d6d32cf68 100644 --- a/app/modules/web/themes/material-blue/views/itemshow/user_pass.inc +++ b/app/modules/web/themes/material-blue/views/itemshow/user_pass.inc @@ -30,7 +30,7 @@ $user = $_getvar('user');
    @@ -42,7 +42,7 @@ $user = $_getvar('user');
    diff --git a/app/modules/web/themes/material-blue/views/itemshow/user_profile.inc b/app/modules/web/themes/material-blue/views/itemshow/user_profile.inc index aee7f2f9b..1d1a8eebc 100644 --- a/app/modules/web/themes/material-blue/views/itemshow/user_profile.inc +++ b/app/modules/web/themes/material-blue/views/itemshow/user_profile.inc @@ -579,7 +579,7 @@ $profileData = $_getvar('profileData'); > diff --git a/app/modules/web/themes/material-blue/views/notification/notification.inc b/app/modules/web/themes/material-blue/views/notification/notification.inc index 78552b330..3baa8b60c 100644 --- a/app/modules/web/themes/material-blue/views/notification/notification.inc +++ b/app/modules/web/themes/material-blue/views/notification/notification.inc @@ -61,7 +61,8 @@ $notification = $_getvar('notification'); > + value="getDate()); ?>" + > @@ -77,13 +78,15 @@ $notification = $_getvar('notification'); class="mdl-textfield__input mdl-color-text--indigo-400" type="text" rows="3" id="notification_description" - name="notification_description" >getDescription(); ?> + name="notification_description" > + getDescription(), ENT_QUOTES); ?> +
    - getDescription(); ?> + getDescription(), ENT_QUOTES); ?>
    @@ -100,8 +103,10 @@ $notification = $_getvar('notification'); - + @@ -115,7 +120,8 @@ $notification = $_getvar('notification'); title=""> isSticky() ? 'checked' : ' '; ?> /> + name="notification_sticky" isSticky() ? 'checked' + : ' '; ?> /> @@ -124,7 +130,9 @@ $notification = $_getvar('notification'); title=""> isOnlyAdmin() ? 'checked' : ' '; ?> /> + name="notification_onlyadmin" + isOnlyAdmin() ? 'checked' : ' '; ?> + /> @@ -133,7 +141,9 @@ $notification = $_getvar('notification'); title=""> isChecked() ? 'checked' : ' '; ?> /> + name="notification_checkout" + isChecked() ? 'checked' : ' '; ?> + /> @@ -146,7 +156,8 @@ $notification = $_getvar('notification');