Merge remote-tracking branch 'svnexport/master'

pull/9/head
David Goodwin 9 years ago
commit a71d0b2fa1

@ -1755,9 +1755,9 @@ function gen_show_status ($show_alias) {
list(/*NULL*/,$stat_domain) = explode('@',$g); list(/*NULL*/,$stat_domain) = explode('@',$g);
$stat_delimiter = ""; $stat_delimiter = "";
if (!empty($CONF['recipient_delimiter'])) { if (!empty($CONF['recipient_delimiter'])) {
$stat_delimiter = "OR address = '" . preg_replace($delimiter_regex, "@", $g) . "'"; $stat_delimiter = "OR address = '" . escape_string(preg_replace($delimiter_regex, "@", $g)) . "'";
} }
$stat_result = db_query ("SELECT address FROM $table_alias WHERE address = '$g' OR address = '@$stat_domain' $stat_delimiter"); $stat_result = db_query ("SELECT address FROM $table_alias WHERE address = '" . escape_string($g) . "' OR address = '@" . escape_string($stat_domain) . "' $stat_delimiter");
if ($stat_result['rows'] == 0) { if ($stat_result['rows'] == 0) {
$stat_ok = 0; $stat_ok = 0;
} }

@ -6,4 +6,6 @@
{assign var="id_field" value=$msg.id_field} {assign var="id_field" value=$msg.id_field}
{assign var="formconf" value=$aliasdomain_data.formconf} {assign var="formconf" value=$aliasdomain_data.formconf}
{assign var="items" value=$tAliasDomains} {assign var="items" value=$tAliasDomains}
{assign var="RAW_items" value=$RAW_tAliasDomains}
{include 'list.tpl'} {include 'list.tpl'}

@ -51,7 +51,8 @@
<td>&nbsp;</td> <td>&nbsp;</td>
</tr> </tr>
{foreach from=$items item=item} {foreach from=$RAW_items item=RAW_item}
{assign "item" $items.{$RAW_item.$id_field|escape:"html"}} {* array keys in $items are html-escaped *}
{#tr_hilightoff#} {#tr_hilightoff#}
{foreach key=key item=field from=$struct} {foreach key=key item=field from=$struct}
@ -77,7 +78,7 @@
*} *}
{elseif $key == 'active'} {elseif $key == 'active'}
{if $item._can_edit} {if $item._can_edit}
<a href="{#url_editactive#}{$table}&amp;id={$item.$id_field|escape:"url"}&amp;active={if ($item.active==0)}1{else}0{/if}&amp;token={$smarty.session.PFA_token|escape:"url"}">{$item._active}</a> <a href="{#url_editactive#}{$table}&amp;id={$RAW_item.$id_field|escape:"url"}&amp;active={if ($item.active==0)}1{else}0{/if}&amp;token={$smarty.session.PFA_token|escape:"url"}">{$item._active}</a>
{else} {else}
{$item._active} {$item._active}
{/if} {/if}
@ -109,7 +110,7 @@
{elseif $field.type == 'txtl'} {elseif $field.type == 'txtl'}
{foreach key=key2 item=field2 from=$item.$key}{$field2}<br> {/foreach} {foreach key=key2 item=field2 from=$item.$key}{$field2}<br> {/foreach}
{elseif $field.type == 'html'} {elseif $field.type == 'html'}
{$RAW_items.{$item.{$msg.id_field}}.$key} {$RAW_item.$key}
{else} {else}
{$linktext} {$linktext}
{/if} {/if}
@ -118,8 +119,8 @@
{/if} {/if}
{/foreach} {/foreach}
<td>{if $item._can_edit}<a href="edit.php?table={$table|escape:"url"}&amp;edit={$item.$id_field|escape:"url"}">{$PALANG.edit}</a>{else}&nbsp;{/if}</td> <td>{if $item._can_edit}<a href="edit.php?table={$table|escape:"url"}&amp;edit={$RAW_item.$id_field|escape:"url"}">{$PALANG.edit}</a>{else}&nbsp;{/if}</td>
<td>{if $item._can_delete}<a href="{#url_delete#}?table={$table}&amp;delete={$item.$id_field|escape:"url"}&amp;token={$smarty.session.PFA_token|escape:"url"}" <td>{if $item._can_delete}<a href="{#url_delete#}?table={$table}&amp;delete={$RAW_item.$id_field|escape:"url"}&amp;token={$smarty.session.PFA_token|escape:"url"}"
onclick="return confirm ('{$PALANG.{$msg.confirm_delete}|replace:'%s':$item.$id_field}')">{$PALANG.del}</a>{else}&nbsp;{/if}</td> onclick="return confirm ('{$PALANG.{$msg.confirm_delete}|replace:'%s':$item.$id_field}')">{$PALANG.del}</a>{else}&nbsp;{/if}</td>
</tr> </tr>
{/foreach} {/foreach}

Loading…
Cancel
Save