banananetwork
/
postfixadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
postfixadmin_3.2
master
feature-php-crypt-prefix
gh-pages
postfixadmin-2.3
release-2020-05-22-11-27
postfixadmin-1.3.7
postfixadmin-1.4.0
postfixadmin-1.5.0
postfixadmin-1.5.1
postfixadmin-1.5.2
postfixadmin-1.5.3
postfixadmin-1.5.4
postfixadmin-2.0.0
postfixadmin-2.0.1
postfixadmin-2.0.2
postfixadmin-2.0.3
postfixadmin-2.0.4
postfixadmin-2.0.5
postfixadmin-2.1.0
postfixadmin-2.2.0
postfixadmin-2.2.1
postfixadmin-2.2.1.1
postfixadmin-2.3.3
postfixadmin-2.3.4
postfixadmin-2.3.5
postfixadmin-2.3.6
postfixadmin-2.3.7
postfixadmin-2.3beta
postfixadmin-2.3rc1
postfixadmin-2.3rc2
postfixadmin-2.3rc3
postfixadmin-2.3rc4
postfixadmin-2.3rc5
postfixadmin-2.3rc6
postfixadmin-2.3rc7
postfixadmin-2.91
postfixadmin-3.0.2
postfixadmin-3.1
postfixadmin-3.2
postfixadmin-3.2.1
postfixadmin-3.2.2
postfixadmin-3.2.3
postfixadmin-3.2.4
push
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0f4f202371'
${ noResults }
postfixadmin/smarty.inc.php

90 lines
2.8 KiB
PHTML
Raw Normal View History Unescape Escape

- add <?php tags. git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@760 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
<?php
- big merge of Postfixadmin smarty into trunk git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@757 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
require_once ("$incpath/smarty/libs/Smarty.class.php");
extend the Smarty class so when assigning data to it, it is automatically escaped (unless specified otherwise with a 3rd parameter (false) in the assign function call). This will probably cause some breakage esp where translations have html embedded within them - however i would rather this were the case than the application be vulnerable to XSS git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@782 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
/**
* Turn on sanitisation of all data by default so it's not possible for XSS flaws to occur in PFA
*/
class PFASmarty extends Smarty {
public function assign($key, $value, $sanitise = true) {
if($sanitise == false) {
return parent::assign($key, $value);
}
$clean = $this->sanitise($value);
/* we won't run the key through sanitise() here... some might argue we should */
return parent::assign($key, $clean);
}
/**
* Recursive cleaning of data, using htmlentities - this assumes we only ever output to HTML and we're outputting in UTF-8 charset
*
* @param mixed $data - array or primitive type; objects not supported.
* @return mixed $data
* */
public function sanitise($data) {
if(!is_array($data)) {
list-virtual.php: - hand over $search to smarty templates templates/list-virtual_alias.tpl, templates/list-virtual_alias_domain.tpl: - add search result highlighting templates/list-virtual_mailbox.tpl: - add search result highlighting - move output of "Mailbox" / "Forward only" outside the foreach loop (was displayed once per mailbox alias target) css/default.css: - add style for ".searchresult" git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@868 a1433add-5e2c-0410-b055-b7f2511e0802
14 years ago
return htmlentities($data, ENT_QUOTES, 'UTF-8', false);
extend the Smarty class so when assigning data to it, it is automatically escaped (unless specified otherwise with a 3rd parameter (false) in the assign function call). This will probably cause some breakage esp where translations have html embedded within them - however i would rather this were the case than the application be vulnerable to XSS git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@782 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
}
if(is_array($data)) {
$clean = array();
foreach($data as $key => $value) {
/* as this is a nested data structure it's more likely we'll output the key too (at least in my opinion, so we'll sanitise it too */
$clean[$this->sanitise($key)] = $this->sanitise($value);
}
return $clean;
}
}
}
$smarty = new PFASmarty();
- big merge of Postfixadmin smarty into trunk git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@757 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
//$smarty->debugging = true;
- small fix to smarty.inc.php. Really use our compile and templates directory - Fix in menu.tpl to honor "show fetchmail tab" git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@768 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
$smarty->template_dir = $incpath.'/templates';
$smarty->compile_dir = $incpath.'/templates_c';
$smarty->config_dir = $incpath.'/'.$smarty->config_dir;
- big merge of Postfixadmin smarty into trunk git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@757 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
$CONF['theme_css'] = $CONF['postfix_admin_url'].'/'.htmlentities($CONF['theme_css']);
$CONF['theme_logo'] = $CONF['postfix_admin_url'].'/'.htmlentities($CONF['theme_logo']);
$smarty->assign ('CONF', $CONF);
$smarty->assign ('PALANG', $PALANG);
//*** footer.tpl
$smarty->assign ('version', $version);
//*** menu.tpl
$smarty->assign ('boolconf_alias_domain', boolconf('alias_domain'));
$smarty->assign ('authentication_has_role', array ('global_admin' => authentication_has_role ('global-admin'), 'admin' => authentication_has_role ('admin'), 'user' => authentication_has_role ('user')));
if (authentication_has_role('global-admin'))
{
$motd_file = "motd-admin.txt";
}
else
{
$motd_file = "motd.txt";
}
extend the Smarty class so when assigning data to it, it is automatically escaped (unless specified otherwise with a 3rd parameter (false) in the assign function call). This will probably cause some breakage esp where translations have html embedded within them - however i would rather this were the case than the application be vulnerable to XSS git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@782 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
if (file_exists ($CONF ['postfix_admin_path'].'/templates/'.$motd_file)) {
$smarty->assign ('motd_file', $motd_file);
}
- small fix to smarty.inc.php. Really use our compile and templates directory - Fix in menu.tpl to honor "show fetchmail tab" git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@768 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
extend the Smarty class so when assigning data to it, it is automatically escaped (unless specified otherwise with a 3rd parameter (false) in the assign function call). This will probably cause some breakage esp where translations have html embedded within them - however i would rather this were the case than the application be vulnerable to XSS git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@782 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
function select_options($aValues, $aSelected)
- big merge of Postfixadmin smarty into trunk git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@757 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
{
$ret_val = '';
foreach ($aValues as $val)
{
$ret_val .= '<option value="'.$val.'"';
if (in_array ($val, $aSelected))
$ret_val .= ' selected="selected"';
$ret_val .= '>'.$val.'</option>';
}
return $ret_val;
}
function eval_size ($aSize)
{
if ($aSize == 0) {$ret_val = $GLOBALS ['PALANG']['pOverview_unlimited']; }
elseif ($aSize < 0) {$ret_val = $GLOBALS ['PALANG']['pOverview_disabled']; }
else {$ret_val = $aSize; }
return $ret_val;
}
- small fix to smarty.inc.php. Really use our compile and templates directory - Fix in menu.tpl to honor "show fetchmail tab" git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@768 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
?>