From cbda30058c0f61ae2afbd9085afcf841f32751a5 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 27 Jan 2009 11:50:52 -0500
Subject: [PATCH] Fixed: FS#431 - jailkit users cannot login
---
interface/lib/classes/listform.inc.php | 35 +++++++++++++++++++++--------------
1 files changed, 21 insertions(+), 14 deletions(-)
diff --git a/interface/lib/classes/listform.inc.php b/interface/lib/classes/listform.inc.php
index 33ec36e..a3946eb 100644
--- a/interface/lib/classes/listform.inc.php
+++ b/interface/lib/classes/listform.inc.php
@@ -28,14 +28,6 @@
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/**
-* Listenbehandlung
-*
-* @package listform
-* @author Till Brehm
-* @version 1.1
-*/
-
class listform {
private $debug = 0;
@@ -46,7 +38,7 @@
private $pagingValues;
private $searchChanged = 0;
private $module;
- private $dateformat = 'd.m.Y';
+ private $dateformat = 'Y-m-d H:i';
public $wordbook;
public function loadListDef($file, $module = '')
@@ -123,7 +115,7 @@
$record = array();
$values = $app->$datasource_class->$datasource_function($field, $record);
} else {
- $this->errorMessage .= "Custom datasource class or function is empty<br>\r\n";
+ $this->errorMessage .= "Custom datasource class or function is empty<br />\r\n";
}
}
return $values;
@@ -166,7 +158,7 @@
$this->searchValues[$search_prefix.$field] = $out;
} else {
if(isset($_SESSION['search'][$list_name][$search_prefix.$field])){
- $this->searchValues[$search_prefix.$field] = $_SESSION['search'][$list_name][$search_prefix.$field];
+ $this->searchValues[$search_prefix.$field] = htmlspecialchars($_SESSION['search'][$list_name][$search_prefix.$field]);
}
}
}
@@ -276,6 +268,7 @@
public function decode($record)
{
+ global $conf;
if(is_array($record)) {
foreach($this->listDef['item'] as $field){
$key = $field['field'];
@@ -283,7 +276,7 @@
switch ($field['datatype']){
case 'VARCHAR':
case 'TEXT':
- $record[$key] = stripslashes($record[$key]);
+ $record[$key] = htmlentities(stripslashes($record[$key]),ENT_QUOTES,$conf["html_content_encoding"]);
break;
case 'DATE':
@@ -295,7 +288,7 @@
break;
case 'DOUBLE':
- $record[$key] = $record[$key];
+ $record[$key] = htmlentities($record[$key],ENT_QUOTES,$conf["html_content_encoding"]);
break;
case 'CURRENCY':
@@ -303,7 +296,7 @@
break;
default:
- $record[$key] = stripslashes($record[$key]);
+ $record[$key] = htmlentities(stripslashes($record[$key]),ENT_QUOTES,$conf["html_content_encoding"]);
}
}
}
@@ -360,6 +353,20 @@
return $app->lng($msg);
}
}
+
+ function escapeArrayValues($search_values) {
+ global $conf;
+
+ $out = array();
+ if(is_array($search_values)) {
+ foreach($search_values as $key => $val) {
+ $out[$key] = htmlentities($val,ENT_QUOTES,$conf["html_content_encoding"]);
+ }
+ }
+
+ return $out;
+
+ }
}
--
Gitblit v1.9.1