extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-07 16:44:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

missing quoting in editing users and groups

Browse Source
This commit is contained in:
Ralf Becker 2014-02-04 08:40:42 +00:00
parent 3a618c23d9
commit 141ff78bbc
1 changed files with 15 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
admin/inc/class.uiaccounts.inc.php
View File

@ -942,9 +942,9 @@
accounts::cache_invalidate((int)$_GET['account_id']);
$userData = $GLOBALS['egw']->accounts->read((int)$_GET['account_id'],'u');
$var['account_lid'] = $userData['account_lid'];
$var['account_firstname'] = $userData['firstname'];
$var['account_lastname'] = $userData['lastname'];
$var['account_lid'] = html::htmlspecialchars($userData['account_lid']);
$var['account_firstname'] = html::htmlspecialchars($userData['firstname']);
$var['account_lastname'] = html::htmlspecialchars($userData['lastname']);
$acl =& CreateObject('phpgwapi.acl',(int)$_GET['account_id']);
$var['anonymous'] = $acl->check('anonymous',1,'phpgwapi') ? '  X' : ' ';
@ -1007,7 +1007,7 @@
{
while (list(,$group) = each($usergroups))
{
$group_names[] = $group['account_name'];
$group_names[] = html::htmlspecialchars($group['account_name']);
}
$var['groups_select'] = implode(', ',$group_names);
}
@ -1130,7 +1130,7 @@
'form_action' => $GLOBALS['egw']->link('/index.php','menuaction=admin.uiaccounts.'.($group_info['account_id']?'edit':'add').'_group'),
'hidden_vars' => '<input type="hidden" name="account_id" value="' . $group_info['account_id'] . '">',
'lang_group_name' => lang('group name'),
'group_name_value' => $group_info['account_name'],
'group_name_value' => html::htmlspecialchars($group_info['account_name']),
'lang_include_user' => lang('Select users for inclusion'),
'error' => (!$_errors?'':'<center>'.common::error_list($_errors).'</center>'),
'lang_permissions' => lang('Permissions this group has')
@ -1376,9 +1376,10 @@
{
$lang_homedir = lang('home directory');
$lang_shell = lang('login shell');
$homedirectory = '<input name="homedirectory" id="homedirectory" value="'. ($_account_id?$userData['homedirectory']:$GLOBALS['egw_info']['server']['ldap_account_home'].$account_lid).'">';
$homedirectory = '<input name="homedirectory" id="homedirectory" value="'.
html::htmlspecialchars($_account_id?$userData['homedirectory']:$GLOBALS['egw_info']['server']['ldap_account_home'].$account_lid).'">';
$loginshell = '<input name="loginshell" value="'
. ($_account_id?$userData['loginshell']:$GLOBALS['egw_info']['server']['ldap_account_shell'])
. html::htmlspecialchars($_account_id?$userData['loginshell']:$GLOBALS['egw_info']['server']['ldap_account_shell'])
. '">';
}
else
@ -1439,9 +1440,12 @@
'changepassword' => '<input type="checkbox" name="changepassword" value="1"'.($userData['changepassword'] ? ' checked' : '').'>',
'mustchangepassword' => '<input type="checkbox" name="mustchangepassword" value="1"'.($userData['mustchangepassword'] ? ' checked' : '').'>',
'account_status' => '<input type="checkbox" name="account_status" value="A"'.($userData['account_status']?' checked':'').'>',
'account_firstname' => '<input id="firstname" onchange="check_account_email(this.id);" name="account_firstname" maxlength="50" value="' . $userData['account_firstname'] . '">',
'account_lastname' => '<input id="lastname" onchange="check_account_email(this.id);" name="account_lastname" maxlength="50" value="' . $userData['account_lastname'] . '">',
'account_email' => '<input id="email" onchange="email_set=0; check_account_email(this.id);" name="account_email" size="32" maxlength="100" value="' . $userData['account_email'] . '">',
'account_firstname' => '<input id="firstname" onchange="check_account_email(this.id);" name="account_firstname" maxlength="50" value="' .
html::htmlspecialchars($userData['account_firstname']) . '">',
'account_lastname' => '<input id="lastname" onchange="check_account_email(this.id);" name="account_lastname" maxlength="50" value="' .
html::htmlspecialchars($userData['account_lastname']) . '">',
'account_email' => '<input id="email" onchange="email_set=0; check_account_email(this.id);" name="account_email" size="32" maxlength="100" value="' .
html::htmlspecialchars($userData['account_email']) . '">',
'account_passwd' => $userData['account_passwd'],
'account_passwd_2' => $userData['account_passwd_2'],
'account_file_space' => $account_file_space,
@ -1486,7 +1490,7 @@
{
$primary_group_select .= ' selected="1"';
}
$primary_group_select .= '>' . $value['account_lid'] . '</option>'."\n";
$primary_group_select .= '>' . html::htmlspecialchars($value['account_lid']) . '</option>'."\n";
}
//prepare the userGroups Array for use with the checkbox-multiselect use -> selarray
$selarray=array();