steffen: server/kolab-webadmin/kolab-webadmin/php/admin/include form.class.php, 1.21, 1.22 menu.php, 1.13, 1.14
cvs at intevation.de
cvs at intevation.de
Sun Jul 24 23:47:43 CEST 2005
Author: steffen
Update of /kolabrepository/server/kolab-webadmin/kolab-webadmin/php/admin/include
In directory doto:/tmp/cvs-serv27715/kolab-webadmin/kolab-webadmin/php/admin/include
Modified Files:
form.class.php menu.php
Log Message:
Fixed LDAP access bug that showed up after upgrading + a few details in the webgui
Index: form.class.php
===================================================================
RCS file: /kolabrepository/server/kolab-webadmin/kolab-webadmin/php/admin/include/form.class.php,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -d -r1.21 -r1.22
--- form.class.php 5 Jul 2005 10:31:51 -0000 1.21
+++ form.class.php 24 Jul 2005 21:47:41 -0000 1.22
@@ -77,9 +77,11 @@
$str .= '<tr>';
$str .= '<td>'.$value['name'].'</td>';
if( ereg( 'readonly', $value['attrs'] ) ) {
- $str .= '<td><p class="ctrl">'.$value['value'].'</p><input name="'.$key.'" type="hidden" value="'.$value['value'].'" /></td>';
+ $str .= '<td><p class="ctrl">'.htmlentities($value['value']).'</p><input name="'
+ .$key.'" type="hidden" value="'.htmlentities($value['value']).'" /></td>';
} else {
- $str .= '<td><input name="'.$key.'" type="'.$value['type'].'" value="'.$value['value'].'" '.$value['attrs'].' size="'.$size.'" /></td>';
+ $str .= '<td><input name="'.$key.'" type="'.$value['type'].'" value="'.htmlentities($value['value']).'" '
+ .htmlentities($value['attrs']).' size="'.$size.'" /></td>';
}
$str .= '<td>'.$value['comment'].'</td>';
$str .= '</tr>'."\n";
@@ -89,7 +91,7 @@
$str .= '<td>'.$value['name'].'</td>';
list($uname,$domain) = split('@',$value['value']);
if( ereg( 'readonly', $value['attrs'] ) ) {
- $str .= '<td><p class="ctrl">'.$value['value'].'</p><input name="user_'.$key.'" type="hidden" value="'.
+ $str .= '<td><p class="ctrl">'.htmlentities($value['value']).'</p><input name="user_'.$key.'" type="hidden" value="'.
htmlentities($uname).'" /><input name="domain_'.$key.'" type="hidden" value="'.
htmlentities($domain).'" /></td>';
} else {
@@ -125,7 +127,7 @@
if( ereg( 'readonly', $value['attrs'] ) ) {
$str .= '<td><p class="ctrl">'.htmlentities($value['value']).'</p></td>';
} else {
- $str .= '<td><textarea name="'.$key.'" rows="5" cols="'.$size.'" '.$value['attrs'].' onkeypress="javascript:textareakeypress()">'.$value['value'].'</textarea></td>';
+ $str .= '<td><textarea name="'.$key.'" rows="5" cols="'.$size.'" '.$value['attrs'].' onkeypress="javascript:textareakeypress()">'.htmlentities($value['value']).'</textarea></td>';
}
$str .= '<td>'.$value['comment'].'</td>';
$str .= '</tr>'."\n";
@@ -164,7 +166,7 @@
$str .= '<td>'.$value['name'].'</td>';
if( ereg( 'readonly', $value['attrs'] ) ) {
$str .= '<td><p class="ctrl">'.htmlentities($value['options'][$value['value']]).
- '<input type="hidden" name="'.$key.'" value="'.$value['value'].'" /></p></td>';
+ '<input type="hidden" name="'.$key.'" value="'.htmlentities($value['value']).'" /></p></td>';
} else {
$str .= '<td><select name="'.$key.'" '.$value['attrs'].' >'."\n";
@@ -185,7 +187,8 @@
if( ereg( 'readonly', $value['attrs'] ) ) {
if( $value['user'] ) $str .= '<td><span class="ctrl">'.htmlentities($value['user']).'</span> <span class="ctrl">'.$value['perm'].'</span></td>';
} else {
- $str .= '<td><input name="user_'.$key.'" type="'.$value['type'].'" size="'.($size-15).'" value="'.$value['user'].'" '.$value['attrs'].' />';
+ $str .= '<td><input name="user_'.$key.'" type="'.$value['type'].'" size="'.($size-15).'" value="'
+ .htmlentities($value['user']).'" '.$value['attrs'].' />';
$str .= '<select name="perm_'.$key.'">'."\n";
if( $value['perm'] ) $selected_perm = $value['perm'];
else $selected_perm = 'all';
@@ -233,14 +236,14 @@
$str .= '<tr><td>';
if( $user == 'anyone' ) $str .= '<p class="ctrl">'._('Anyone').'</p>';
else $str .= '<p class="ctrl">'.htmlentities($user).'</p>';
- $str .= '</td><td><p class="ctrl">'.$policies[$pol].'</p></td></tr>'."\n";
+ $str .= '</td><td><p class="ctrl">'.htmlentities($policies[$pol]).'</p></td></tr>'."\n";
} else {
$str .= '<tr><td>';
if( $user == 'anyone' ) {
- $str .= _('Anyone').'<input type="hidden" name="user_'.$key.'_'.$i.'" value="'.$user.'" '.$value['attrs'].' />';
+ $str .= _('Anyone').'<input type="hidden" name="user_'.$key.'_'.$i.'" value="'.htmlentities($user).'" '.$value['attrs'].' />';
} else {
$str .= '<input name="user_'.$key.'_'.$i.'" type="text" size="'.($size-20)
- .'" value="'.$user.'" '.$value['attrs'].' />';
+ .'" value="'.htmlentities($user).'" '.$value['attrs'].' />';
}
$str .= '</td><td><select name="policy_'.$key.'_'.$i.'">'."\n";
$j = 0;
@@ -269,7 +272,7 @@
if( !isset( $value['comment'] ) ) $value['comment'] = '';
if( !isset( $value['attrs'] ) ) $value['attrs'] = '';
if( $value['type'] == 'hidden' ) {
- $str .= '<input name="'.$key.'" type="hidden" value="'.$value['value'].'" '.$value['attrs'].' />';
+ $str .= '<input name="'.$key.'" type="hidden" value="'.htmlentities($value['value']).'" '.$value['attrs'].' />';
}
}
$str .= '</form>';
Index: menu.php
===================================================================
RCS file: /kolabrepository/server/kolab-webadmin/kolab-webadmin/php/admin/include/menu.php,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- menu.php 5 Jul 2005 10:31:51 -0000 1.13
+++ menu.php 24 Jul 2005 21:47:41 -0000 1.14
@@ -75,7 +75,7 @@
'title' => _('Manage Domain Maintainers'),
'submenu' => array(
array( 'name' => _('Create New Domain Maintainer'),
- 'url' => 'maintainer.php?action=create' ) ) );
+ 'url' => 'domainmaintainer.php?action=create' ) ) );
}
if( $auth->group() == 'admin' ) {
$menuitems['maintainer'] = array( 'name' => _('Maintainers'),
@@ -83,7 +83,7 @@
'title' => _('Manage Maintainers'),
'submenu' => array(
array( 'name' => _('Create New Maintainer'),
- 'url' => 'domainmaintainer.php?action=create' ) ) );
+ 'url' => 'maintainer.php?action=create' ) ) );
} else if( $auth->group() == 'maintainer' ) {
$mdn = $auth->dn();
$menuitems['maintainer'] = array( 'name' => _('Maintainers'),
More information about the commits
mailing list