Commit Graph

3 Commits (a0d07df3db5cc73f0ea7d05cfcd63bbc4a7226b6)

Author SHA1 Message Date
Christian Boltz e3b242e4d8 flash_error.tpl:
- html-escape flash_info() / flash_error() messages to fix XSS if the
  message contains user-supplied input
  (thanks to Filippo Cavallarin for the report)

Note: This will cause ugly output for some german error messages which
contain ü etc., and the warning message in backup.php (with some
HTML tags included) will also look totally ugly.
Nevertheless, that's still better than XSS attacks ;-)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1331 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
David Goodwin 25675e9377 use isset to check existance of a variable
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1238 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 27ce979678 header.tpl, index.tpl, flash_error.tpl:
- move flash_error and flash_info output from header.tpl to separate 
  flash_error.tpl file
- some HTML whitespace fixing in header.tpl

This commit is part of the huge cleanup patch by Dale Blount (lnxus@SF),
https://sourceforge.net/tracker/?func=detail&atid=937966&aid=3370510&group_id=191583


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1077 a1433add-5e2c-0410-b055-b7f2511e0802
14 years ago