Seulement dans cur-maia-1.0.1/php: config.php
diff -ur maia-1.0.1/php/settings.php cur-maia-1.0.1/php/settings.php
|
old
|
new
|
|
| 121 | 121 | |
| 122 | 122 | // Pressed the "Update This Address' Settings" button or the |
| 123 | 123 | // "Update ALL Addresses' Settings" button |
| 124 | | if ($button == $lang['button_update_address'] || |
| 125 | | $button == $lang['button_update_all_addresses']) { |
| | 124 | if (htmlentities($button) == $lang['button_update_address'] || |
| | 125 | htmlentities($button) == $lang['button_update_all_addresses']) { |
| 126 | 126 | |
| 127 | 127 | if (isset($_POST["policy"])) { // actually, I think we prefer not to use this, in favor of what's in the |
| 128 | 128 | $policy_id = trim($_POST["policy"]); // users.policy_id |
| … |
… |
|
| 310 | 310 | "spam_kill_level = ? " . |
| 311 | 311 | "WHERE id = ?"; |
| 312 | 312 | |
| 313 | | if ($button == $lang['button_update_all_addresses']) { |
| | 313 | if (htmlentities($button) == $lang['button_update_all_addresses']) { |
| 314 | 314 | $select = "SELECT policy_id FROM users WHERE maia_user_id = ? "; |
| 315 | 315 | $sth = $dbh->query($select, array($euid)); |
| 316 | 316 | while ($row = $sth->fetchrow()) { |
| … |
… |
|
| 356 | 356 | $message = $lang['text_settings_updated']; |
| 357 | 357 | |
| 358 | 358 | // Pressed the "Update Miscellaneous Settings" button |
| 359 | | } elseif ($button == $lang['button_update_misc']) { |
| | 359 | } elseif (htmlentities($button) == $lang['button_update_misc']) { |
| 360 | 360 | |
| 361 | 361 | if (isset($_POST["reminder"])) { |
| 362 | 362 | $reminder = (trim($_POST["reminder"]) == "yes" ? "Y" : "N"); |
| … |
… |
|
| 429 | 429 | |
| 430 | 430 | |
| 431 | 431 | // Pressed the "Add E-Mail Address" button |
| 432 | | } elseif ($button == $lang['button_add_email_address']) { |
| | 432 | } elseif (htmlentities($button) == $lang['button_add_email_address']) { |
| 433 | 433 | |
| 434 | 434 | if (isset($_POST["login"])) { |
| 435 | 435 | $login = trim($_POST["login"]); |
| … |
… |
|
| 477 | 477 | } |
| 478 | 478 | |
| 479 | 479 | // Pressed the "Update Login Credentials" button |
| 480 | | } elseif ($button == $lang['button_change_login_info'] && $auth_method == "internal") { |
| | 480 | } elseif (htmlentities($button) == $lang['button_change_login_info'] && $auth_method == "internal") { |
| 481 | 481 | |
| 482 | 482 | if (isset($_POST["new_login_name"])) { |
| 483 | 483 | $new_login = trim($_POST["new_login_name"]); |
diff -ur maia-1.0.1/php/wblist.php cur-maia-1.0.1/php/wblist.php
|
old
|
new
|
|
| 112 | 112 | |
| 113 | 113 | // User pressed the "Add to List" button to add an address to the |
| 114 | 114 | // whitelist or blacklist. |
| 115 | | if ($addaddress == $lang['button_add_to_list']) |
| | 115 | if (htmlentities($addaddress) == $lang['button_add_to_list']) |
| 116 | 116 | { |
| 117 | 117 | if ($newaddr != "") { |
| 118 | 118 | $list = trim($_POST["list"]); |
| … |
… |
|
| 122 | 122 | |
| 123 | 123 | // User pressed the "Update" button to modify the whitelist/blacklist |
| 124 | 124 | // settings. |
| 125 | | elseif ($addchange == $lang['button_update']) |
| | 125 | elseif (htmlentities($addchange) == $lang['button_update']) |
| 126 | 126 | { |
| 127 | 127 | $message = $lang['text_lists_updated']; |
| 128 | 128 | foreach($_POST as $varname => $value) |
diff -ur maia-1.0.1/php/welcome.php cur-maia-1.0.1/php/welcome.php
|
old
|
new
|
|
| 107 | 107 | $maxitemid = 0; |
| 108 | 108 | } |
| 109 | 109 | |
| 110 | | if ($button == $lang['button_delete_all_items']) |
| | 110 | if (htmlentities($button) == $lang['button_delete_all_items']) |
| 111 | 111 | { |
| 112 | 112 | $select = "SELECT mail_id FROM maia_mail_recipients " . |
| 113 | 113 | "WHERE (type = 'S' " . |
| … |
… |
|
| 128 | 128 | } |
| 129 | 129 | |
| 130 | 130 | |
| 131 | | if ($button == $lang['button_change_protection'] && isset($_POST['protection_level'])) { |
| | 131 | if (htmlentities($button) == $lang['button_change_protection'] && isset($_POST['protection_level'])) { |
| 132 | 132 | $select = "SELECT policy_id FROM users WHERE maia_user_id = ?"; |
| 133 | 133 | $sth = $dbh->query($select, $euid); |
| 134 | 134 | |
diff -ur maia-1.0.1/php/xdomainsettings.php cur-maia-1.0.1/php/xdomainsettings.php
|
old
|
new
|
|
| 87 | 87 | require_once ("./locale/$display_language/domainsettings.php"); // shared with domainsettings.php |
| 88 | 88 | |
| 89 | 89 | require_once ("smarty.php"); |
| 90 | | |
| | 90 | |
| 91 | 91 | if (isset($_POST["domain_id"])) { |
| 92 | 92 | $domain_id = trim($_POST["domain_id"]); |
| 93 | 93 | } else { |
| … |
… |
|
| 113 | 113 | } |
| 114 | 114 | |
| 115 | 115 | // Pressed the "Update This Domain's Settings" button |
| 116 | | if ($button == $lang['button_update_domain']) { |
| | 116 | if ( htmlentities($button) == $lang['button_update_domain']) { |
| 117 | 117 | |
| 118 | 118 | $select = "SELECT enable_charts, reminder_threshold_count, " . |
| 119 | 119 | "enable_spamtraps " . |
| … |
… |
|
| 335 | 335 | |
| 336 | 336 | $message = $lang['text_settings_updated']; |
| 337 | 337 | // Pressed the "Revoke Administrator Privileges" button |
| 338 | | } elseif ($super && ($button == $lang['button_revoke'])) { |
| | 338 | } elseif ($super && (htmlentities($button) == $lang['button_revoke'])) { |
| 339 | 339 | |
| 340 | 340 | // Register the full set of POST variables. |
| 341 | 341 | foreach($_POST as $varname => $value) |
| … |
… |
|
| 379 | 379 | $message = $lang['text_admins_revoked']; |
| 380 | 380 | |
| 381 | 381 | // Pressed the "Grant Administrator Privileges" button |
| 382 | | } elseif ($super && ($button == $lang['button_grant'])) { |
| | 382 | } elseif ($super && (htmlentities($button) == $lang['button_grant'])) { |
| 383 | 383 | |
| 384 | 384 | // Note that $admins is an array |
| 385 | 385 | if (isset($_POST["administrators"])) { |
