Mirrors/sysPass
2
0
Fork 0
mirror of https://github.com/nuxsmin/sysPass.git synced 2026-02-20 01:41:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1826 from nuxsmin/fix/xss

Browse Source 
Fix/xss
This commit is contained in:
RubénD
2022-05-25 08:58:02 +02:00
committed by GitHub
parent 5882699f22 f3ec58510d
commit 3c026f7964
37 changed files with 1536 additions and 792 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/modules/web/themes/material-blue/views/account/account-editpass.inc
View File

@@ -37,7 +37,7 @@ $accountAcl = $_getvar('accountAcl');
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="name" name="name" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $accountData->getName(); ?>"
value="<?php echo htmlspecialchars($accountData->getName(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="name"><?php echo __('Account name'); ?></label>
@@ -50,7 +50,7 @@ $accountAcl = $_getvar('accountAcl');
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="client" name="client" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $accountData->getClientName(); ?>"
value="<?php echo htmlspecialchars($accountData->getClientName(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="client"><?php echo __('Client'); ?></label>
@@ -76,7 +76,7 @@ $accountAcl = $_getvar('accountAcl');
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="login" name="login" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $accountData->getLogin(); ?>"
value="<?php echo htmlspecialchars($accountData->getLogin(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="login"><?php echo __('User'); ?></label>

29
app/modules/web/themes/material-blue/views/account/account-history.inc
View File

@@ -57,7 +57,7 @@ $accountAcl = $_getvar('accountAcl');
required
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="50"
value="<?php echo $accountData->getName() ?>"
value="<?php echo htmlspecialchars($accountData->getName(), ENT_QUOTES); ?>"
tabindex="1" readonly>
<label class="mdl-textfield__label"
for="name"><?php echo __('Account name'); ?></label>
@@ -75,7 +75,10 @@ $accountAcl = $_getvar('accountAcl');
<?php /** @var SelectItem $client */
foreach ($_getvar('clients') as $client): ?>
<option
value="<?php echo $client->getId(); ?>" <?php echo $client->isSelected() ? 'selected' : ''; ?>><?php echo $client->getName(); ?></option>
value="<?php echo $client->getId(); ?>"
<?php echo $client->isSelected() ? 'selected' : ''; ?>>
<?php echo htmlspecialchars($client->getName(), ENT_QUOTES); ?>
</option>
<?php endforeach; ?>
</select>
</td>
@@ -92,7 +95,10 @@ $accountAcl = $_getvar('accountAcl');
<?php /** @var SelectItem $category */
foreach ($_getvar('categories') as $category): ?>
<option
value="<?php echo $category->getId(); ?>" <?php echo $category->isSelected() ? 'selected' : ''; ?>><?php echo $category->getName(); ?></option>
value="<?php echo $category->getId(); ?>"
<?php echo $category->isSelected() ? 'selected' : ''; ?>>
<?php echo htmlspecialchars($category->getName(), ENT_QUOTES); ?>
</option>
<?php endforeach; ?>
</select>
</td>
@@ -118,7 +124,7 @@ $accountAcl = $_getvar('accountAcl');
<input id="login" name="login" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="50" tabindex="5"
value="<?php echo $accountData->getLogin(); ?>"
value="<?php echo htmlspecialchars($accountData->getLogin(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="name"><?php echo __('Access user'); ?></label>
@@ -149,7 +155,8 @@ $accountAcl = $_getvar('accountAcl');
rows="3" id="notes"
name="notes" tabindex="9"
maxlength="5000"
readonly><?php echo $accountData->getNotes(); ?></textarea>
readonly><?php echo htmlspecialchars($accountData->getNotes(), ENT_QUOTES); ?>
</textarea>
<label class="mdl-textfield__label"
for="notes"><?php echo __('Notes about the account'); ?></label>
</div>
@@ -170,7 +177,9 @@ $accountAcl = $_getvar('accountAcl');
foreach ($_getvar('historyData') as $history): ?>
<option
value="<?php echo $history->getId(); ?>"
<?php echo $history->isSelected() ? 'selected' : ''; ?>><?php echo $history->getName(); ?></option>
<?php echo $history->isSelected() ? 'selected' : ''; ?>>
<?php echo htmlspecialchars($history->getName(), ENT_QUOTES); ?>
</option>
<?php endforeach; ?>
</select>
</td>
@@ -179,7 +188,13 @@ $accountAcl = $_getvar('accountAcl');
<tr>
<td class="descField"><?php echo __('Last Modification'); ?></td>
<td class="valField"><?php printf('%s (%s)', $accountData->getDateEdit(), $accountData->getUserEditName() ?: $accountData->getUserEditLogin()); ?></td>
<td class="valField">
<?php printf(
'%s (%s)',
$accountData->getDateEdit(),
htmlspecialchars($accountData->getUserEditName(), ENT_QUOTES)
?: htmlspecialchars($accountData->getUserEditLogin(), ENT_QUOTES)); ?>
</td>
</tr>
</table>

12
app/modules/web/themes/material-blue/views/account/account-link.inc
View File

@@ -30,7 +30,7 @@ $accountData = $_getvar('accountData');
<input id="name" name="name" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="50"
value="<?php echo $accountData->getName(); ?>"
value="<?php echo htmlspecialchars($accountData->getName(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="name"><?php echo __('Account name'); ?></label>
@@ -43,7 +43,7 @@ $accountData = $_getvar('accountData');
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="client" name="client" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $accountData->getClientName(); ?>"
value="<?php echo htmlspecialchars($accountData->getClientName(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="client"><?php echo __('Client'); ?></label>
@@ -56,7 +56,7 @@ $accountData = $_getvar('accountData');
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="category" name="category" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $accountData->getCategoryName(); ?>"
value="<?php echo htmlspecialchars($accountData->getCategoryName(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="category"><?php echo __('Category'); ?></label>
@@ -69,7 +69,7 @@ $accountData = $_getvar('accountData');
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="url" name="url" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $accountData->getUrl(); ?>"
value="<?php echo htmlspecialchars($accountData->getUrl(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="url"><?php echo __('URL / IP'); ?></label>
@@ -82,7 +82,7 @@ $accountData = $_getvar('accountData');
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="login" name="login" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $accountData->getLogin(); ?>"
value="<?php echo htmlspecialchars($accountData->getLogin(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="login"><?php echo __('User'); ?></label>
@@ -98,7 +98,7 @@ $accountData = $_getvar('accountData');
rows="3" id="notes"
name="notes"
maxlength="1000"
readonly><?php echo $accountData->getNotes(); ?></textarea>
readonly><?php echo htmlspecialchars($accountData->getNotes(), ENT_QUOTES); ?></textarea>
<label class="mdl-textfield__label"
for="notes"><?php echo __('Notes about the account'); ?></label>
</div>

20
app/modules/web/themes/material-blue/views/account/account-permissions.inc
View File

@@ -36,7 +36,7 @@ use SP\Services\Account\AccountAcl;
<?php if ($otherUser->isSkip()): continue; endif; ?>
<option
value="<?php echo $otherUser->getId(); ?>"
<?php echo $otherUser->isSelected() ? 'selected' : '' ?>><?php echo $otherUser->getName(); ?></option>
<?php echo $otherUser->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($otherUser->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
<i class="material-icons select-icon"
@@ -49,7 +49,7 @@ use SP\Services\Account\AccountAcl;
<?php /** @var SelectItem $otherUser */
foreach ($_getvar('otherUsersView') as $otherUser): ?>
<?php if ($otherUser->isSelected()): ?>
<span class="tag"><?php echo $otherUser->getName(); ?></span>
<span class="tag"><?php echo htmlspecialchars($otherUser->getName(), ENT_QUOTES); ?></span>
<?php endif; ?>
<?php endforeach; ?>
</div>
@@ -69,7 +69,7 @@ use SP\Services\Account\AccountAcl;
<?php if ($otherUser->isSkip()): continue; endif; ?>
<option
value="<?php echo $otherUser->getId(); ?>"
<?php echo $otherUser->isSelected() ? 'selected' : '' ?>><?php echo $otherUser->getName(); ?></option>
<?php echo $otherUser->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($otherUser->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
<i class="material-icons select-icon"
@@ -82,7 +82,7 @@ use SP\Services\Account\AccountAcl;
<?php /** @var SelectItem $otherUser */
foreach ($_getvar('otherUsersEdit') as $otherUser): ?>
<?php if ($otherUser->isSelected()): ?>
<span class="tag"><?php echo $otherUser->getName(); ?></span>
<span class="tag"><?php echo htmlspecialchars($otherUser->getName(), ENT_QUOTES); ?></span>
<?php endif; ?>
<?php endforeach; ?>
</div>
@@ -108,7 +108,7 @@ use SP\Services\Account\AccountAcl;
<?php if ($otherUserGroup->isSkip()): continue; endif; ?>
<option
value="<?php echo $otherUserGroup->getId(); ?>"
<?php echo $otherUserGroup->isSelected() ? 'selected' : '' ?>><?php echo $otherUserGroup->getName(); ?></option>
<?php echo $otherUserGroup->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($otherUserGroup->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
<i class="material-icons select-icon"
@@ -121,7 +121,7 @@ use SP\Services\Account\AccountAcl;
<?php /** @var SelectItem $otherUserGroup */
foreach ($_getvar('otherUserGroupsView') as $otherUserGroup): ?>
<?php if ($otherUserGroup->isSelected()): ?>
<span class="tag"><?php echo $otherUserGroup->getName(); ?></span>
<span class="tag"><?php echo htmlspecialchars($otherUserGroup->getName(), ENT_QUOTES); ?></span>
<?php endif; ?>
<?php endforeach; ?>
</div>
@@ -141,7 +141,7 @@ use SP\Services\Account\AccountAcl;
<?php if ($otherUserGroup->isSkip()): continue; endif; ?>
<option
value="<?php echo $otherUserGroup->getId(); ?>"
<?php echo $otherUserGroup->isSelected() ? 'selected' : '' ?>><?php echo $otherUserGroup->getName(); ?></option>
<?php echo $otherUserGroup->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($otherUserGroup->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
<i class="material-icons select-icon"
@@ -154,7 +154,7 @@ use SP\Services\Account\AccountAcl;
<?php /** @var SelectItem $otherUserGroup */
foreach ($_getvar('otherUserGroupsEdit') as $otherUserGroup): ?>
<?php if ($otherUserGroup->isSelected()): ?>
<span class="tag"><?php echo $otherUserGroup->getName(); ?></span>
<span class="tag"><?php echo htmlspecialchars($otherUserGroup->getName(), ENT_QUOTES); ?></span>
<?php endif; ?>
<?php endforeach; ?>
</div>
@@ -190,7 +190,7 @@ use SP\Services\Account\AccountAcl;
foreach ($_getvar('users') as $user): ?>
<option
value="<?php echo $user->getId(); ?>"
<?php echo $user->isSelected() ? 'selected' : ''; ?>><?php echo $user->getName(); ?></option>
<?php echo $user->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
</td>
@@ -214,7 +214,7 @@ use SP\Services\Account\AccountAcl;
foreach ($_getvar('userGroups') as $userGroup): ?>
<option
value="<?php echo $userGroup->getId(); ?>"
<?php echo $userGroup->isSelected() ? 'selected' : ''; ?>><?php echo $userGroup->getName(); ?></option>
<?php echo $userGroup->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
</td>

4
app/modules/web/themes/material-blue/views/account/account-request.inc
View File

@@ -33,7 +33,7 @@ $accountData = $_getvar('accountData');
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="name" name="name" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $accountData->getName(); ?>"
value="<?php echo htmlspecialchars($accountData->getName(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="name"><?php echo __('Account name'); ?></label>
@@ -46,7 +46,7 @@ $accountData = $_getvar('accountData');
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="client" name="client" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $accountData->getClientName(); ?>"
value="<?php echo htmlspecialchars($accountData->getClientName(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="client"><?php echo __('Client'); ?></label>

89
app/modules/web/themes/material-blue/views/account/account.inc
View File

@@ -82,8 +82,11 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
required
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="100"
value="<?php echo $gotData ? htmlentities($accountData->getName()) : ''; ?>"
<?php echo $_getvar('readonly'); ?>>
value="<?php echo $gotData
? htmlspecialchars($accountData->getName(), ENT_QUOTES)
: ''; ?>"
<?php echo $_getvar('readonly'); ?>
>
<label class="mdl-textfield__label"
for="name"><?php echo __('Account name'); ?></label>
</div>
@@ -101,7 +104,13 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
<?php /** @var SelectItem $client */
foreach ($_getvar('clients') as $client): ?>
<option
value="<?php echo $client->getId(); ?>" <?php echo ($gotData && $client->getId() === $accountData->getClientId()) ? 'selected' : ''; ?>><?php echo $client->getName(); ?></option>
value="<?php echo $client->getId(); ?>"
<?php echo ($gotData && $client->getId() === $accountData->getClientId())
? 'selected'
: ''; ?>
>
<?php echo htmlspecialchars($client->getName(), ENT_QUOTES); ?>
</option>
<?php endforeach; ?>
</select>
<?php if ($_getvar('addClientEnabled')): ?>
@@ -127,7 +136,13 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
<?php /** @var SelectItem $category */
foreach ($_getvar('categories') as $category): ?>
<option
value="<?php echo $category->getId(); ?>" <?php echo ($gotData && $category->getId() === $accountData->getCategoryId()) ? 'selected' : ''; ?>><?php echo $category->getName(); ?></option>
value="<?php echo $category->getId(); ?>"
<?php echo ($gotData && $category->getId() === $accountData->getCategoryId())
? 'selected'
: ''; ?>
>
<?php echo htmlspecialchars($category->getName(), ENT_QUOTES); ?>
</option>
<?php endforeach; ?>
</select>
<?php if ($_getvar('addCategoryEnabled')): ?>
@@ -148,7 +163,11 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
<input id="url" name="url" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="255"
value="<?php echo $gotData ? $accountData->getUrl() : ''; ?>" <?php echo $_getvar('readonly'); ?>>
value="<?php echo $gotData
? $accountData->getUrl()
: ''; ?>"
<?php echo $_getvar('readonly'); ?>
>
<label class="mdl-textfield__label"
for="name"><?php echo __('Access URL or IP'); ?></label>
</div>
@@ -161,7 +180,11 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
<input id="login" name="login" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="50"
value="<?php echo $gotData ? htmlentities($accountData->getLogin()) : ''; ?>" <?php echo $_getvar('readonly'); ?>>
value="<?php echo $gotData
? htmlspecialchars($accountData->getLogin(), ENT_QUOTES)
: ''; ?>"
<?php echo $_getvar('readonly'); ?>
>
<label class="mdl-textfield__label"
for="name"><?php echo __('Access user'); ?></label>
</div>
@@ -206,7 +229,9 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
type="date"
class="mdl-textfield__input mdl-color-text--indigo-400 password-datefield__input"
value="<?php echo $_getvar('accountPassDateChange'); ?>"
data-dst-unix="password_date_expire_unix" <?php echo $_getvar('readonly'); ?>>
data-dst-unix="password_date_expire_unix"
<?php echo $_getvar('readonly'); ?>
>
<input type='hidden'
name='password_date_expire_unix'
value=""/>
@@ -228,7 +253,11 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
class="mdl-textfield__input mdl-color-text--indigo-400"
rows="3" id="notes"
name="notes"
maxlength="5000" <?php echo $_getvar('readonly'); ?>><?php echo $gotData ? htmlspecialchars($accountData->getNotes(), ENT_QUOTES) : ''; ?></textarea>
maxlength="5000" <?php echo $_getvar('readonly'); ?>>
<?php echo $gotData
? htmlspecialchars($accountData->getNotes(), ENT_QUOTES)
: ''; ?>
</textarea>
<label class="mdl-textfield__label"
for="notes"><?php echo __('Notes about the account'); ?></label>
</div>
@@ -245,7 +274,10 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
<option value=""><?php echo __('Select Tags'); ?></option>
<?php /** @var SelectItem $tag */
foreach ($_getvar('tags') as $tag): ?>
<option value="<?php echo $tag->getId(); ?>" <?php echo $tag->isSelected() ? 'selected' : ''; ?>><?php echo $tag->getName(); ?></option>
<option value="<?php echo $tag->getId(); ?>"
<?php echo $tag->isSelected() ? 'selected' : ''; ?>>
<?php echo htmlspecialchars($tag->getName(), ENT_QUOTES); ?>
</option>
<?php endforeach; ?>
</select>
<?php if ($_getvar('addTagEnabled')): ?>
@@ -255,7 +287,9 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
data-item-route="items/tags"
data-item-dst="tags"
data-item-id="0"
data-onclick="appMgmt/show"><?php echo $icons->getIconAdd()->getIcon(); ?></i>
data-onclick="appMgmt/show">
<?php echo $icons->getIconAdd()->getIcon(); ?>
</i>
<?php endif; ?>
<?php if ($_getvar('copyAction')): ?>
<input type="hidden" name="tags_update"
@@ -268,7 +302,7 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
<?php /** @var SelectItem $tag */
foreach ($_getvar('tags') as $tag): ?>
<?php if ($tag->isSelected()): ?>
<span class="tag"><?php echo $tag->getName(); ?></span>
<span class="tag"><?php echo htmlspecialchars($tag->getName(), ENT_QUOTES); ?></span>
<?php endif; ?>
<?php endforeach; ?>
</div>
@@ -312,7 +346,9 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
<?php /** @var SelectItem $history */
foreach ($_getvar('historyData') as $history): ?>
<option
value="<?php echo $history->getId(); ?>"><?php echo $history->getName(); ?></option>
value="<?php echo $history->getId(); ?>">
<?php echo htmlspecialchars($history->getName(), ENT_QUOTES); ?>
</option>
<?php endforeach; ?>
</select>
</td>
@@ -324,7 +360,10 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
&& $accountData->getUserEditName()): ?>
<tr>
<td class="descField"><?php echo __('Last Modification'); ?></td>
<td class="valField"><?php printf('%s (%s)', $accountData->getDateEdit(), $accountData->getUserEditName()); ?></td>
<td class="valField"><?php printf('%s (%s)',
$accountData->getDateEdit(),
htmlspecialchars($accountData->getUserEditName(), ENT_QUOTES)); ?>
</td>
</tr>
<?php endif; ?>
@@ -344,18 +383,20 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
</tr>
<?php endif; ?>
<tr>
<td class="descField"><?php echo __('Direct Link'); ?></td>
<td class="valField">
<div class="lowres-title"><?php echo __('Direct Link'); ?></div>
<?php if ($_getvar('accountId')): ?>
<tr>
<td class="descField"><?php echo __('Direct Link'); ?></td>
<td class="valField">
<div class="lowres-title"><?php echo __('Direct Link'); ?></div>
<a href="<?php echo $_getvar('deepLink'); ?>"
target="_blank"
title="<?php echo __('Direct Link'); ?>">
<i class="material-icons"><?php echo $icons->getIconPublicLink()->getIcon(); ?></i>
</a>
</td>
</tr>
<a href="<?php echo $_getvar('deepLink'); ?>"
target="_blank"
title="<?php echo __('Direct Link'); ?>">
<i class="material-icons"><?php echo $icons->getIconPublicLink()->getIcon(); ?></i>
</a>
</td>
</tr>
<?php endif; ?>
</table>
</div>

8
app/modules/web/themes/material-blue/views/account/details.inc
View File

@@ -39,7 +39,7 @@ use SP\Services\Account\AccountAcl;
<td class="valField">
<div class="lowres-title"><?php echo __('Last Modification'); ?></div>
<?php printf('%s (%s)', $accountData->getDateEdit(), $accountData->getUserEditName()); ?>
<?php printf('%s (%s)', $accountData->getDateEdit(), htmlspecialchars($accountData->getUserEditName(), ENT_QUOTES)); ?>
</td>
</tr>
<?php endif; ?>
@@ -49,7 +49,7 @@ use SP\Services\Account\AccountAcl;
<td class="valField">
<div class="lowres-title"><?php echo __('Owner'); ?></div>
<?php echo $accountData->getUserName() ?: $accountData->getUserLogin(); ?>
<?php echo htmlspecialchars($accountData->getUserName(), ENT_QUOTES) ?: htmlspecialchars($accountData->getUserLogin(), ENT_QUOTES); ?>
</td>
</tr>
<tr>
@@ -57,7 +57,7 @@ use SP\Services\Account\AccountAcl;
<td class="valField">
<div class="lowres-title"><?php echo __('Main Group'); ?></div>
<?php echo $accountData->getUserGroupName(); ?>
<?php echo htmlspecialchars($accountData->getUserGroupName(), ENT_QUOTES); ?>
</td>
</tr>
@@ -75,7 +75,7 @@ use SP\Services\Account\AccountAcl;
<td class="valField">
<div class="lowres-title"><?php echo __('Editor'); ?></div>
<?php echo $accountData->getUserEditName() ?: $accountData->getUserEditLogin(); ?>
<?php echo htmlspecialchars($accountData->getUserEditName(), ENT_QUOTES) ?: htmlspecialchars($accountData->getUserEditLogin(), ENT_QUOTES); ?>
</td>
</tr>
<?php endif; ?>

4
app/modules/web/themes/material-blue/views/account/files-list.inc
View File

@@ -20,14 +20,14 @@ use SP\Html\Html;
?>
<li class="mdl-list__item">
<span class="mdl-list__item-primary-content"
title="<?php echo $file->getName(); ?>">
title="<?php echo htmlspecialchars($file->getName(), ENT_QUOTES); ?>">
<i class="material-icons mdl-list__item-icon">attachment</i>
<span><?php printf('%s (%d KB)', Html::truncate($file->getName(), 50), $file->getSize() / 1024); ?></span>
</span>
<span class="list-actions">
<?php if ($file->getThumb() !== 'no_thumb'): ?>
<span title="<?php echo $file->getName(); ?>"
<span title="<?php echo htmlspecialchars($file->getName(), ENT_QUOTES); ?>"
class="btn-action"
data-item-id="<?php echo $file->getId(); ?>"
data-action-route="<?php echo $_getvar('fileViewRoute'); ?>"

2
app/modules/web/themes/material-blue/views/account/linkedAccounts.inc
View File

@@ -17,7 +17,7 @@ use SP\Core\UI\ThemeIcons;
<li class="mdl-list__item">
<span class="btn-action mdl-list__item-primary-content">
<i class="material-icons mdl-list__item-icon">layers</i>
<?php printf('%s (%s)', $account->name, $account->clientName); ?>
<?php printf('%s (%s)', htmlspecialchars($account->name, ENT_QUOTES), htmlspecialchars($account->clientName, ENT_QUOTES)); ?>
</span>
<span class="list-actions">
<i class="material-icons btn-action mdl-list__item-icon <?php echo $icons->getIconEdit()->getClass(); ?>"

92
app/modules/web/themes/material-blue/views/account/search-rows.inc
View File

@@ -44,17 +44,25 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
title="<?php echo __('Search in Wiki'); ?>">
<span class="mdl-chip mdl-chip--contact">
<span style="background-color: <?php echo $accountSearchItem->getColor(); ?>;"
class="mdl-chip__contact mdl-color-text--white"><?php echo mb_ucfirst($accountSearchData->getClientName()); ?></span>
class="mdl-chip__contact mdl-color-text--white">
<?php echo htmlspecialchars(mb_ucfirst($accountSearchData->getClientName()), ENT_QUOTES); ?>
</span>
<span class="mdl-chip__text"
title="<?php echo $accountSearchData->getClientName(); ?>"><?php echo $accountSearchItem->getShortClientName(); ?></span>
title="<?php echo htmlspecialchars($accountSearchData->getClientName(), ENT_QUOTES); ?>">
<?php echo htmlspecialchars($accountSearchItem->getShortClientName(), ENT_QUOTES); ?>
</span>
</span>
</a>
<?php else: ?>
<span class="mdl-chip mdl-chip--contact">
<span style="background-color: <?php echo $accountSearchItem->getColor(); ?>;"
class="mdl-chip__contact mdl-color-text--white"><?php echo mb_ucfirst($accountSearchData->getClientName()); ?></span>
class="mdl-chip__contact mdl-color-text--white">
<?php echo htmlspecialchars(mb_ucfirst($accountSearchData->getClientName()), ENT_QUOTES); ?>
</span>
<span class="mdl-chip__text"
title="<?php echo $accountSearchData->getClientName(); ?>"><?php echo $accountSearchItem->getShortClientName(); ?></span>
title="<?php echo htmlspecialchars($accountSearchData->getClientName(), ENT_QUOTES); ?>">
<?php echo htmlspecialchars($accountSearchItem->getShortClientName(), ENT_QUOTES); ?>
</span>
</span>
<?php endif; ?>
</div>
@@ -68,23 +76,27 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
class="btn-action"
data-action-route="<?php echo $_getvar('viewAccountRoute'); ?>"
data-item-id="<?php echo $accountSearchData->getId(); ?>"
data-onclick="account/view"><?php echo $accountSearchData->getName(); ?></a>
data-onclick="account/view"><?php echo htmlspecialchars(accountSearchData->getName(), ENT_QUOTES); ?></a>
<?php else: ?>
<div class="field-text">
<?php echo $accountSearchData->getName(); ?>
<?php echo htmlspecialchars($accountSearchData->getName(), ENT_QUOTES); ?>
</div>
<?php endif; ?>
</div>
<div class="field-category field-text label-field">
<div class="field-name"><?php echo __('Category'); ?></div>
<div class="field-text"><?php echo $accountSearchData->getCategoryName(); ?></div>
<div class="field-text">
<?php echo htmlspecialchars($accountSearchData->getCategoryName(), ENT_QUOTES); ?>
</div>
</div>
<?php if ($accountSearchItem->isShow()): ?>
<div class="field-user field-text label-field">
<div class="field-name"><?php echo __('User'); ?></div>
<div class="field-text"><?php echo $accountSearchItem->getShortLogin(); ?></div>
<div class="field-text">
<?php echo htmlspecialchars($accountSearchItem->getShortLogin(), ENT_QUOTES); ?>
</div>
</div>
<div class="field-url field-text label-field">
@@ -92,7 +104,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
<?php if ($accountSearchItem->isUrlIslink()): ?>
<a href="<?php echo $accountSearchData->getUrl(); ?>"
target="_blank"
title="<?php printf(__('Open link to: %s'), $accountSearchData->getUrl()); ?>"><?php echo $accountSearchItem->getShortUrl(); ?></a>
title="<?php printf(__('Open link to: %s'), $accountSearchData->getUrl()); ?>">
<?php echo $accountSearchItem->getShortUrl(); ?>
</a>
<?php else: ?>
<div class="field-text"><?php echo $accountSearchItem->getShortUrl(); ?></div>
<?php endif; ?>
@@ -106,7 +120,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
<div class="tags-box">
<?php foreach ($accountSearchItem->getTags() as $tag): ?>
<span class="tag"
data-tag-id="<?php echo $tag->id; ?>"><?php echo $tag->name; ?></span>
data-tag-id="<?php echo $tag->id; ?>">
<?php echo htmlspecialchars($tag->name, ENT_QUOTES); ?>
</span>
<?php endforeach; ?>
</div>
</div>
@@ -120,7 +136,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
<?php echo $icons->getIconWarning()->getIcon(); ?></i>
<span
for="icon-expired-<?php echo $accountSearchData->getId(); ?>"
class="mdl-tooltip mdl-tooltip--top"><?php echo __('Password Expired'); ?></span>
class="mdl-tooltip mdl-tooltip--top">
<?php echo __('Password Expired'); ?>
</span>
<?php endif; ?>
<?php if ($accountSearchData->getIsPrivate() === 1): ?>
@@ -128,13 +146,17 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
class="material-icons">lock</i>
<span
for="icon-private-<?php echo $accountSearchData->getId(); ?>"
class="mdl-tooltip mdl-tooltip--top"><?php echo __('Private Account'); ?></span>
class="mdl-tooltip mdl-tooltip--top">
<?php echo __('Private Account'); ?>
</span>
<?php elseif ($accountSearchData->getIsPrivateGroup() === 1): ?>
<i id="icon-private-<?php echo $accountSearchData->getId(); ?>"
class="material-icons">lock_open</i>
<span
for="icon-private-<?php echo $accountSearchData->getId(); ?>"
class="mdl-tooltip mdl-tooltip--top"><?php echo __('Private Account (Group)'); ?></span>
class="mdl-tooltip mdl-tooltip--top">
<?php echo __('Private Account (Group)'); ?>
</span>
<?php else: ?>
<i id="accesses-<?php echo $accountSearchData->getId(); ?>"
class="material-icons">face</i>
@@ -159,7 +181,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
data-status="<?php echo 'on'; ?>">star</i>
<span
for="btn-favorite-<?php echo $accountSearchData->getId(); ?>"
class="mdl-tooltip mdl-tooltip--top"><?php echo __('Delete Favorite'); ?></span>
class="mdl-tooltip mdl-tooltip--top">
<?php echo __('Delete Favorite'); ?>
</span>
<?php else: ?>
<i id="btn-favorite-<?php echo $accountSearchData->getId(); ?>"
class="material-icons icon-favorite"
@@ -169,7 +193,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
data-status="<?php echo 'off'; ?>">star_border</i>
<span
for="btn-favorite-<?php echo $accountSearchData->getId(); ?>"
class="mdl-tooltip mdl-tooltip--top"><?php echo __('Mark as Favorite'); ?></span>
class="mdl-tooltip mdl-tooltip--top">
<?php echo __('Mark as Favorite'); ?>
</span>
<?php endif; ?>
<?php if ($accountSearchData->getNotes() !== ''): ?>
@@ -192,7 +218,11 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
<div class="mdl-tooltip mdl-tooltip--top"
for="attachments-<?php echo $accountSearchData->getId(); ?>">
<div class="tooltip-text">
<?php printf('%s: %d', __('Attachments'), $accountSearchItem->getNumFiles()); ?>
<?php printf(
'%s: %d',
__('Attachments'),
$accountSearchItem->getNumFiles()
); ?>
</div>
</div>
<?php endif; ?>
@@ -205,9 +235,17 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
<div class="tooltip-text">
<p class="tooltip-header"><?php echo __('Public Link'); ?></p>
<p>
<?php printf('%s: %s', __('Expiry Date'), DateUtil::getDateFromUnix($accountSearchData->getPublicLinkDateExpire())); ?>
<?php printf(
'%s: %s',
__('Expiry Date'),
DateUtil::getDateFromUnix($accountSearchData->getPublicLinkDateExpire())
); ?>
<br>
<?php printf('%s: %s', __('Visits'), $accountSearchData->getPublicLinkTotalCountViews()); ?>
<?php printf(
'%s: %s',
__('Visits'),
$accountSearchData->getPublicLinkTotalCountViews()
); ?>
</p>
</div>
</div>
@@ -216,7 +254,7 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
<?php if ($wikiFilter
&& $accountSearchItem->isWikiMatch($wikiFilter)): ?>
<?php if (AccountSearchItem::$dokuWikiEnabled): ?>
<a href="<?php echo $_getvar('wikiPageUrl'), $accountSearchData->getName(); ?>"
<a href="<?php echo $_getvar('wikiPageUrl'), urldecode($accountSearchData->getName()); ?>"
target="_blank">
<i class="material-icons"
title="<?php echo __('Link to Wiki'); ?>">library_books</i>
@@ -224,10 +262,10 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
<i class="btn-action material-icons fg-green100"
title="<?php echo __('View at Wiki'); ?>"
data-action-route="<?php echo ActionsInterface::WIKI_VIEW; ?>"
data-pagename="<?php echo $accountSearchData->getName(); ?>"
data-pagename="<?php echo htmlspecialchars($accountSearchData->getName(), ENT_QUOTES); ?>"
data-onclick="wiki/show">library_books</i>
<?php else: ?>
<a href="<?php echo $_getvar('wikiPageUrl'), $accountSearchData->getName(); ?>"
<a href="<?php echo $_getvar('wikiPageUrl'), urlencode($accountSearchData->getName()); ?>"
target="_blank">
<i class="material-icons"
title="<?php echo __('Link to Wiki'); ?>">library_books</i>
@@ -248,7 +286,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
class="btn-action material-icons <?php echo $action->getClassesAsString(), ' ', $action->getIcon()->getClass(); ?>"
data-item-id="<?php echo $accountSearchData->getId(); ?>"
data-parent-id="<?php echo $accountSearchData->getParentId(); ?>"
<?php foreach ($action->getData() as $dataName => $dataValue): printf('data-%s="%s"', $dataName, $dataValue); endforeach; ?>>
<?php foreach ($action->getData() as $dataName => $dataValue):
printf('data-%s="%s"', $dataName, $dataValue);
endforeach; ?>>
<?php echo $action->getIcon()->getIcon(); ?></i>
<span
for="<?php echo $actionUid; ?>"
@@ -271,9 +311,13 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
<li class="btn-action mdl-menu__item <?php echo $actionMenu->getClassesAsString(); ?>"
data-item-id="<?php echo $accountSearchData->getId(); ?>"
data-parent-id="<?php echo $accountSearchData->getParentId(); ?>"
<?php foreach ($actionMenu->getData() as $dataName => $dataValue): printf('data-%s="%s"', $dataName, $dataValue); endforeach; ?>>
<?php foreach ($actionMenu->getData() as $dataName => $dataValue):
printf('data-%s="%s"', $dataName, $dataValue);
endforeach; ?>>
<i class="material-icons <?php echo $actionMenu->getIcon()->getClass(); ?>"
title="<?php echo $actionMenu->getTitle(); ?>"><?php echo $actionMenu->getIcon()->getIcon(); ?></i>
title="<?php echo $actionMenu->getTitle(); ?>">
<?php echo $actionMenu->getIcon()->getIcon(); ?>
</i>
<?php echo $actionMenu->getName(); ?>
</li>
<?php endforeach; ?>

6
app/modules/web/themes/material-blue/views/account/search-searchbox.inc
View File

@@ -44,7 +44,7 @@ $pager = $data->getPager();
<?php /** @var SelectItem $client */
foreach ($_getvar('clients') as $client): ?>
<option
value="<?php echo $client->getId(); ?>" <?php echo $client->isSelected() ? 'selected' : ''; ?>><?php echo $client->getName(); ?></option>
value="<?php echo $client->getId(); ?>" <?php echo $client->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($client->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
@@ -54,7 +54,7 @@ $pager = $data->getPager();
<?php /** @var SelectItem $category */
foreach ($_getvar('categories') as $category): ?>
<option
value="<?php echo $category->getId(); ?>" <?php echo $category->isSelected() ? 'selected' : ''; ?>><?php echo $category->getName(); ?></option>
value="<?php echo $category->getId(); ?>" <?php echo $category->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($category->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
</div>
@@ -135,7 +135,7 @@ $pager = $data->getPager();
<?php /** @var SelectItem $tag */
foreach ($_getvar('tags') as $tag): ?>
<option
value="<?php echo $tag->getId(); ?>" <?php echo $tag->isSelected() ? 'selected' : ''; ?>><?php echo $tag->getName(); ?></option>
value="<?php echo $tag->getId(); ?>" <?php echo $tag->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($tag->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
</div>

8
app/modules/web/themes/material-blue/views/common/aux-customfields.inc
View File

@@ -15,7 +15,7 @@ $customFields = $_getvar('customFields');
foreach ($customFields as $index => $field):?>
<tr>
<td class="descField">
<?php echo $field->definitionName; ?>
<?php echo htmlspecialchars($field->definitionName, ENT_QUOTES); ?>
<?php if ($field->isEncrypted && $field->isValueEncrypted === true): ?>
<i class="icon material-icons mdl-color-text--teal-500"
title="<?php echo __('Encrypted'); ?>">
@@ -58,7 +58,7 @@ foreach ($customFields as $index => $field):?>
maxlength="500"
value="<?php echo !$_getvar('showViewCustomPass') && !empty($field->value) ? '***' : htmlspecialchars($field->value, ENT_QUOTES); ?>" <?php echo $field->required ? 'required' : ''; ?> <?php echo $_getvar('readonly'); ?>>
<label class="mdl-textfield__label"
for="<?php echo $field->formId; ?>"><?php echo $field->definitionName; ?></label>
for="<?php echo $field->formId; ?>"><?php echo htmlspecialchars($field->definitionName, ENT_QUOTES); ?></label>
</div>
<?php elseif ($field->typeName === 'textarea'): ?>
<div class="mdl-textfield mdl-js-textfield">
@@ -68,7 +68,7 @@ foreach ($customFields as $index => $field):?>
name="customfield[<?php echo $field->definitionId; ?>]"
id="<?php echo $field->formId; ?>" <?php echo $_getvar('readonly'); ?>><?php echo htmlspecialchars($field->value, ENT_QUOTES); ?></textarea>
<label class="mdl-textfield__label"
for="<?php echo $field->formId; ?>"><?php echo $field->definitionName; ?></label>
for="<?php echo $field->formId; ?>"><?php echo htmlspecialchars($field->definitionName, ENT_QUOTES); ?></label>
</div>
<?php else: ?>
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
@@ -79,7 +79,7 @@ foreach ($customFields as $index => $field):?>
maxlength="500"
value="<?php echo htmlspecialchars($field->value, ENT_QUOTES); ?>" <?php echo $field->required ? 'required' : ''; ?> <?php echo $_getvar('readonly'); ?>>
<label class="mdl-textfield__label"
for="<?php echo $field->formId; ?>"><?php echo $field->definitionName; ?></label>
for="<?php echo $field->formId; ?>"><?php echo htmlspecialchars($field->definitionName, ENT_QUOTES); ?></label>
</div>
<?php endif; ?>
</td>

2
app/modules/web/themes/material-blue/views/config/encryption.inc
View File

@@ -307,7 +307,7 @@ $disabled = $configData->isMaintenance() ? '' : 'disabled';
<?php /** @var SelectItem $userGroup */
foreach ($_getvar('userGroups') as $userGroup): ?>
<option
value="<?php echo $userGroup->getId(); ?>"><?php echo $userGroup->getName(); ?></option>
value="<?php echo $userGroup->getId(); ?>"><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
</td>

4
app/modules/web/themes/material-blue/views/config/general-auth.inc
View File

@@ -101,7 +101,7 @@ use SP\Mvc\View\Template;
<?php /** @var SelectItem $userGroup */
foreach ($_getvar('userGroups') as $userGroup): ?>
<option
value="<?php echo $userGroup->getId(); ?>" <?php echo $userGroup->getId() === $configData->getSsoDefaultGroup() ? 'selected' : ''; ?>><?php echo $userGroup->getName(); ?></option>
value="<?php echo $userGroup->getId(); ?>" <?php echo $userGroup->getId() === $configData->getSsoDefaultGroup() ? 'selected' : ''; ?>><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
</td>
@@ -127,7 +127,7 @@ use SP\Mvc\View\Template;
<?php /** @var SelectItem $userProfile */
foreach ($_getvar('userProfiles') as $userProfile): ?>
<option
value="<?php echo $userProfile->getId(); ?>" <?php echo ($userProfile->getId() === $configData->getSsoDefaultProfile()) ? 'selected' : ''; ?>><?php echo $userProfile->getName(); ?></option>
value="<?php echo $userProfile->getId(); ?>" <?php echo ($userProfile->getId() === $configData->getSsoDefaultProfile()) ? 'selected' : ''; ?>><?php echo htmlspecialchars($userProfile->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
</td>

4
app/modules/web/themes/material-blue/views/config/import.inc
View File

@@ -41,7 +41,7 @@ use SP\Mvc\View\Template;
foreach ($_getvar('users') as $user): ?>
<option
value="<?php echo $user->getId(); ?>" <?php echo $user->isSelected() ? 'selected' : ''; ?>>
<?php echo $user->getName(); ?>
<?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?>
</option>
<?php endforeach; ?>
</select>
@@ -69,7 +69,7 @@ use SP\Mvc\View\Template;
foreach ($_getvar('userGroups') as $userGroup): ?>
<option
value="<?php echo $userGroup->getId(); ?>" <?php echo $userGroup->isSelected() ? 'selected' : ''; ?>>
<?php echo $userGroup->getName(); ?>
<?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?>
</option>
<?php endforeach; ?>
</select>

7
app/modules/web/themes/material-blue/views/config/ldap.inc
View File

@@ -286,7 +286,10 @@ use SP\Mvc\View\Template;
<?php /** @var SelectItem $userGroup */
foreach ($_getvar('userGroups') as $userGroup): ?>
<option
value="<?php echo $userGroup->getId(); ?>" <?php echo $userGroup->getId() === $configData->getLdapDefaultGroup() ? 'selected' : ''; ?>><?php echo $userGroup->getName(); ?></option>
value="<?php echo $userGroup->getId(); ?>"
<?php echo $userGroup->getId() === $configData->getLdapDefaultGroup() ? 'selected' : ''; ?>>
<?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?>
</option>
<?php endforeach; ?>
</select>
</td>
@@ -312,7 +315,7 @@ use SP\Mvc\View\Template;
<?php /** @var SelectItem $userProfile */
foreach ($_getvar('userProfiles') as $userProfile): ?>
<option
value="<?php echo $userProfile->getId(); ?>" <?php echo ($userProfile->getId() === $configData->getLdapDefaultProfile()) ? 'selected' : ''; ?>><?php echo $userProfile->getName(); ?></option>
value="<?php echo $userProfile->getId(); ?>" <?php echo ($userProfile->getId() === $configData->getLdapDefaultProfile()) ? 'selected' : ''; ?>><?php echo htmlspecialchars($userProfile->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
</td>

2
app/modules/web/themes/material-blue/views/config/wiki-dokuwiki.inc
View File

@@ -181,7 +181,7 @@ use SP\Mvc\View\Template;
type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="128"
value="<?php echo $configData->getDokuwikiNamespace(); ?>"/>
value="<?php echo htmlspecialchars($configData->getDokuwikiNamespace(), ENT_QUOTES); ?>"/>
<label class="mdl-textfield__label"
for="dokuwiki_namespace"><?php echo __('Namespace'); ?></label>
</div>

18
app/modules/web/themes/material-blue/views/itemshow/account_bulkedit.inc
View File

@@ -51,7 +51,7 @@ use SP\Mvc\View\Template;
<option value=""><?php echo __('Select Client'); ?></option>
<?php foreach ($_getvar('clients') as $client): ?>
<option
value="<?php echo $client->getId(); ?>"><?php echo $client->getName(); ?></option>
value="<?php echo $client->getId(); ?>"><?php echo htmlspecialchars($client->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
</td>
@@ -67,7 +67,7 @@ use SP\Mvc\View\Template;
<option value=""><?php echo __('Select Category'); ?></option>
<?php foreach ($_getvar('categories') as $category): ?>
<option
value="<?php echo $category->getId(); ?>"><?php echo $category->getName(); ?></option>
value="<?php echo $category->getId(); ?>"><?php echo htmlspecialchars($category->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
</td>
@@ -83,7 +83,7 @@ use SP\Mvc\View\Template;
<option value=""><?php echo __('Select User'); ?></option>
<?php foreach ($_getvar('users') as $user): ?>
<option
value="<?php echo $user->getId(); ?>"><?php echo $user->getName(); ?></option>
value="<?php echo $user->getId(); ?>"><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
</td>
@@ -99,7 +99,7 @@ use SP\Mvc\View\Template;
<option value=""><?php echo __('Select Group'); ?></option>
<?php foreach ($_getvar('userGroups') as $group): ?>
<option
value="<?php echo $group->getId(); ?>"><?php echo $group->getName(); ?></option>
value="<?php echo $group->getId(); ?>"><?php echo htmlspecialchars($group->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
</td>
@@ -112,7 +112,7 @@ use SP\Mvc\View\Template;
class="select-box-tags">
<option value=""><?php echo __('Select Tags'); ?></option>
<?php foreach ($_getvar('tags') as $tag): ?>
<option value="<?php echo $tag->getId(); ?>"><?php echo $tag->getName(); ?></option>
<option value="<?php echo $tag->getId(); ?>"><?php echo htmlspecialchars($tag->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
</td>
@@ -136,7 +136,7 @@ use SP\Mvc\View\Template;
<option value=""><?php echo __('Select Users'); ?></option>
<?php foreach ($_getvar('users') as $user): ?>
<option
value="<?php echo $user->getId(); ?>"><?php echo $user->getName(); ?></option>
value="<?php echo $user->getId(); ?>"><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
@@ -161,7 +161,7 @@ use SP\Mvc\View\Template;
<option value=""><?php echo __('Select Users'); ?></option>
<?php foreach ($_getvar('users') as $user): ?>
<option
value="<?php echo $user->getId(); ?>"><?php echo $user->getName(); ?></option>
value="<?php echo $user->getId(); ?>"><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
@@ -193,7 +193,7 @@ use SP\Mvc\View\Template;
<option value=""><?php echo __('Select Groups'); ?></option>
<?php foreach ($_getvar('userGroups') as $userGroup): ?>
<option
value="<?php echo $userGroup->getId(); ?>"><?php echo $userGroup->getName(); ?></option>
value="<?php echo $userGroup->getId(); ?>"><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
@@ -218,7 +218,7 @@ use SP\Mvc\View\Template;
<option value=""><?php echo __('Select Groups'); ?></option>
<?php foreach ($_getvar('userGroups') as $userGroup): ?>
<option
value="<?php echo $userGroup->getId(); ?>"><?php echo $userGroup->getName(); ?></option>
value="<?php echo $userGroup->getId(); ?>"><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>

4
app/modules/web/themes/material-blue/views/itemshow/auth_token.inc
View File

@@ -35,7 +35,7 @@ $authToken = $_getvar('authToken');
<option value=""><?php echo __('Select User'); ?></option>
<?php /** @var SelectItem $user */
foreach ($_getvar('users') as $user): ?>
<option value="<?php echo $user->getId(); ?>" <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php printf('%s (%s)', $user->getName(), $user->getItemProperty('login')); ?></option>
<option value="<?php echo $user->getId(); ?>" <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php printf('%s (%s)', htmlspecialchars($user->getName(), ENT_QUOTES), htmlspecialchars($user->getItemProperty('login'), ENT_QUOTES)); ?></option>
<?php endforeach; ?>
</select>
</td>
@@ -51,7 +51,7 @@ $authToken = $_getvar('authToken');
<option value=""><?php echo __('Select Action'); ?></option>
<?php /** @var SelectItem $action */
foreach ($_getvar('actions') as $action): ?>
<option value="<?php echo $action->getId(); ?>" <?php echo $action->isSelected() ? 'selected' : ''; ?>><?php echo $action->getName(); ?></option>
<option value="<?php echo $action->getId(); ?>" <?php echo $action->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($action->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
</td>

4
app/modules/web/themes/material-blue/views/itemshow/category.inc
View File

@@ -32,7 +32,7 @@ $category = $_getvar('category');
<input id="name" name="name" type="text" required
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="50"
value="<?php echo $category->getName(); ?>">
value="<?php echo htmlspecialchars($category->getName(), ENT_QUOTES); ?>">
<label class="mdl-textfield__label"
for="name"><?php echo __('Category name'); ?></label>
</div>
@@ -45,7 +45,7 @@ $category = $_getvar('category');
<input id="description" name="description" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="50"
value="<?php echo $category->getDescription(); ?>">
value="<?php echo htmlspecialchars($category->getDescription(), ENT_QUOTES); ?>">
<label class="mdl-textfield__label"
for="description"><?php echo __('Category description'); ?></label>
</div>

4
app/modules/web/themes/material-blue/views/itemshow/client.inc
View File

@@ -32,7 +32,7 @@ $client = $_getvar('client');
<input id="name" name="name" type="text" required
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="50"
value="<?php echo $client->getName(); ?>">
value="<?php echo htmlspecialchars($client->getName(), ENT_QUOTES); ?>">
<label class="mdl-textfield__label"
for="name"><?php echo __('Client name'); ?></label>
</div>
@@ -46,7 +46,7 @@ $client = $_getvar('client');
<input id="description" name="description" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="50"
value="<?php echo $client->getDescription(); ?>">
value="<?php echo htmlspecialchars($client->getDescription(), ENT_QUOTES); ?>">
<label class="mdl-textfield__label"
for="description"><?php echo __('Client description'); ?></label>
</div>

2
app/modules/web/themes/material-blue/views/itemshow/custom_field.inc
View File

@@ -34,7 +34,7 @@ $field = $_getvar('field');
<input id="name" name="name" type="text" required
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="50"
value="<?php echo $field->getName(); ?>">
value="<?php echo htmlspecialchars($field->getName(), ENT_QUOTES); ?>">
<label class="mdl-textfield__label"
for="name"><?php echo __('Field name'); ?></label>
</div>

2
app/modules/web/themes/material-blue/views/itemshow/file.inc
View File

@@ -18,7 +18,7 @@ $fileData = $_getvar('fileData');
<?php if ($_getvar('isImage')): ?>
<img src="data:'<?php echo $fileData->getType(); ?>;base64, <?php echo $_getvar('data'); ?>"
border="0"/>
<div class="title"><?php echo $fileData->getName(); ?></div>
<div class="title"><?php echo htmlspecialchars($fileData->getName(), ENT_QUOTES); ?></div>
<?php else: ?>
<pre><?php echo $_getvar('data'); ?></pre>
<?php endif; ?>

2
app/modules/web/themes/material-blue/views/itemshow/item_preset-password.inc
View File

@@ -66,7 +66,7 @@ $password = $_getvar('password');
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="regex" name="regex" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo htmlentities($password->getRegex()); ?>"/>
value="<?php echo htmlspecialchars($password->getRegex(), ENT_QUOTES); ?>"/>
<label class="mdl-textfield__label"
for="regex"><?php echo __('Regular Expression'); ?></label>
</div>

8
app/modules/web/themes/material-blue/views/itemshow/item_preset-permission.inc
View File

@@ -28,7 +28,7 @@ use SP\Mvc\View\Template;
<?php if ($user->isSkip()): continue; endif; ?>
<option
value="<?php echo $user->getId(); ?>"
<?php echo $user->isSelected() ? 'selected' : '' ?>><?php echo $user->getName(); ?></option>
<?php echo $user->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
@@ -46,7 +46,7 @@ use SP\Mvc\View\Template;
<?php if ($user->isSkip()): continue; endif; ?>
<option
value="<?php echo $user->getId(); ?>"
<?php echo $user->isSelected() ? 'selected' : '' ?>><?php echo $user->getName(); ?></option>
<?php echo $user->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
@@ -71,7 +71,7 @@ use SP\Mvc\View\Template;
<?php if ($userGroup->isSkip()): continue; endif; ?>
<option
value="<?php echo $userGroup->getId(); ?>"
<?php echo $userGroup->isSelected() ? 'selected' : '' ?>><?php echo $userGroup->getName(); ?></option>
<?php echo $userGroup->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
@@ -89,7 +89,7 @@ use SP\Mvc\View\Template;
<?php if ($userGroup->isSkip()): continue; endif; ?>
<option
value="<?php echo $userGroup->getId(); ?>"
<?php echo $userGroup->isSelected() ? 'selected' : '' ?>><?php echo $userGroup->getName(); ?></option>
<?php echo $userGroup->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>

6
app/modules/web/themes/material-blue/views/itemshow/item_preset.inc
View File

@@ -49,7 +49,7 @@ $preset = $_getvar('preset');
<?php /** @var SelectItem $user */
foreach ($_getvar('users') as $user): ?>
<option
value="<?php echo $user->getId(); ?>" <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php echo $user->getName(); ?></option>
value="<?php echo $user->getId(); ?>" <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
</td>
@@ -67,7 +67,7 @@ $preset = $_getvar('preset');
<?php /** @var SelectItem $userGroup */
foreach ($_getvar('userGroups') as $userGroup): ?>
<option
value="<?php echo $userGroup->getId(); ?>" <?php echo $userGroup->isSelected() ? 'selected' : ''; ?>><?php echo $userGroup->getName(); ?></option>
value="<?php echo $userGroup->getId(); ?>" <?php echo $userGroup->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
</td>
@@ -85,7 +85,7 @@ $preset = $_getvar('preset');
<?php /** @var SelectItem $userProfile */
foreach ($_getvar('userProfiles') as $userProfile): ?>
<option
value="<?php echo $userProfile->getId(); ?>" <?php echo $userProfile->isSelected() ? 'selected' : ''; ?>><?php echo $userProfile->getName(); ?></option>
value="<?php echo $userProfile->getId(); ?>" <?php echo $userProfile->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($userProfile->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
</td>

9
app/modules/web/themes/material-blue/views/itemshow/public_link.inc
View File

@@ -36,7 +36,14 @@ $publicLink = $_getvar('publicLink');
<?php /** @var SelectItem $account */
foreach ($_getvar('accounts') as $account): ?>
<option
value="<?php echo $account->getId(); ?>" <?php echo $account->isSelected() ? 'selected' : ''; ?>><?php printf('%s (%s)', $account->getName(), $account->getItemProperty('clientName')); ?></option>
value="<?php echo $account->getId(); ?>"
<?php echo $account->isSelected() ? 'selected' : ''; ?>>
<?php printf(
'%s (%s)',
htmlspecialchars($account->getName(), ENT_QUOTES),
htmlspecialchars($account->getItemProperty('clientName'), ENT_QUOTES)
); ?>
</option>
<?php endforeach; ?>
</select>
</td>

2
app/modules/web/themes/material-blue/views/itemshow/tag.inc
View File

@@ -31,7 +31,7 @@ $tag = $_getvar('tag');
<input id="name" name="name" type="text" required
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="50"
value="<?php echo $tag->getName(); ?>">
value="<?php echo htmlspecialchars($tag->getName(), ENT_QUOTES); ?>">
<label class="mdl-textfield__label"
for="name"><?php echo __('Tag name'); ?></label>
</div>

22
app/modules/web/themes/material-blue/views/itemshow/user.inc
View File

@@ -49,7 +49,7 @@ $user = $_getvar('user');
<input id="name" name="name" type="text"
required
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $user->getName(); ?>"
value="<?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?>"
maxlength="80" <?php echo $_getvar('readonly'); ?>>
<label class="mdl-textfield__label"
for="name"><?php echo __('Full username'); ?></label>
@@ -64,7 +64,7 @@ $user = $_getvar('user');
<input id="login" name="login" type="text"
required
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $user->getLogin(); ?>"
value="<?php echo htmlspecialchars($user->getLogin(), ENT_QUOTES); ?>"
maxlength="80" <?php echo $user->isLdap() ? 'readonly' : $_getvar('readonly'); ?>>
<label class="mdl-textfield__label"
for="login"><?php echo __('Session login'); ?></label>
@@ -84,7 +84,7 @@ $user = $_getvar('user');
<input id="login_sso" name="login_sso"
type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $user->getSsoLogin(); ?>"
value="<?php echo htmlspecialchars($user->getSsoLogin(), ENT_QUOTES); ?>"
maxlength="100" <?php echo $_getvar('readonly'); ?>>
<label class="mdl-textfield__label"
for="login_sso"><?php echo __('Session login with SSO'); ?></label>
@@ -100,7 +100,7 @@ $user = $_getvar('user');
<input id="email" name="email" type="email"
required
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $user->getEmail(); ?>"
value="<?php echo htmlspecialchars($user->getEmail(), ENT_QUOTES); ?>"
maxlength="50" <?php echo $_getvar('readonly'); ?>>
<label class="mdl-textfield__label"
for="email"><?php echo __('Email address'); ?></label>
@@ -154,7 +154,7 @@ $user = $_getvar('user');
<?php /** @var SelectItem $profile */
foreach ($_getvar('profiles') as $profile): ?>
<option
value="<?php echo $profile->getId(); ?>" <?php echo ($profile->getId() === $user->getUserProfileId()) ? 'selected' : ''; ?>><?php echo $profile->getName(); ?></option>
value="<?php echo $profile->getId(); ?>" <?php echo ($profile->getId() === $user->getUserProfileId()) ? 'selected' : ''; ?>><?php echo htmlspecialchars($profile->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
</td>
@@ -172,7 +172,7 @@ $user = $_getvar('user');
<?php /** @var SelectItem $group */
foreach ($_getvar('groups') as $group): ?>
<option
value="<?php echo $group->getId(); ?>" <?php echo ($group->getId() === $user->getUserGroupId()) ? 'selected' : ''; ?>><?php echo $group->getName(); ?></option>
value="<?php echo $group->getId(); ?>" <?php echo ($group->getId() === $user->getUserGroupId()) ? 'selected' : ''; ?>><?php echo htmlspecialchars($group->getName(), ENT_QUOTES); ?></option>
<?php endforeach; ?>
</select>
</td>
@@ -184,7 +184,9 @@ $user = $_getvar('user');
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<textarea class="mdl-textfield__input" rows="3"
id="notes" name="notes"
maxlength="1000" <?php echo $_getvar('readonly'); ?>><?php echo htmlspecialchars($user->getNotes(), ENT_QUOTES); ?></textarea>
maxlength="1000" <?php echo $_getvar('readonly'); ?>>
<?php echo htmlspecialchars($user->getNotes(), ENT_QUOTES); ?>
</textarea>
<label class="mdl-textfield__label"
for="notes"><?php echo __('Notes'); ?></label>
</div>
@@ -339,7 +341,11 @@ $user = $_getvar('user');
title="<?php echo $item->ref; ?>">
<span class="mdl-list__item-primary-content">
<i class="material-icons mdl-list__item-icon"><?php echo $item->icon; ?></i>
<?php printf('%s: %s', $item->ref, $item->name ?: $item->id); ?>
<?php printf(
'%s: %s',
$item->ref,
htmlspecialchars($item->name, ENT_QUOTES) ?: $item->id
); ?>
</span>
</li>
<?php endforeach; ?>

25
app/modules/web/themes/material-blue/views/itemshow/user_group.inc
View File

@@ -35,7 +35,7 @@ $group = $_getvar('group');
<input id="name" name="name" type="text" required
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="50"
value="<?php echo $group->getName(); ?>">
value="<?php echo htmlspecialchars($group->getName(), ENT_QUOTES); ?>">
<label class="mdl-textfield__label"
for="name"><?php echo __('Group name'); ?></label>
</div>
@@ -49,7 +49,7 @@ $group = $_getvar('group');
<input id="description" name="description" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="50"
value="<?php echo $group->getDescription(); ?>">
value="<?php echo htmlspecialchars($group->getDescription(), ENT_QUOTES); ?>">
<label class="mdl-textfield__label"
for="description"><?php echo __('Group description'); ?></label>
</div>
@@ -69,7 +69,10 @@ $group = $_getvar('group');
<?php /** @var SelectItem $user */
foreach ($_getvar('users') as $user): ?>
<option
value="<?php echo $user->getId(); ?>" <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php echo $user->getName(); ?></option>
value="<?php echo $user->getId(); ?>"
<?php echo $user->isSelected() ? 'selected' : ''; ?>>
<?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?>
</option>
<?php endforeach; ?>
</select>
<?php else: ?>
@@ -79,7 +82,9 @@ $group = $_getvar('group');
<?php /** @var SelectItem $user */
foreach ($_getvar('users') as $user): ?>
<?php if ($user->isSelected()): ?>
<span class="tag"><?php echo $user->getName(); ?></span>
<span class="tag">
<?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?>
</span>
<?php endif; ?>
<?php endforeach; ?>
</div>
@@ -107,9 +112,17 @@ $group = $_getvar('group');
<i class="material-icons mdl-list__item-icon"
title="<?php echo __('User'); ?>">person</i>
<?php if ($user->ref === 'UserGroup'): ?>
<?php printf('%s (%s)*', $user->name, $user->login); ?>
<?php printf(
'%s (%s)*',
htmlspecialchars($user->name, ENT_QUOTES),
htmlspecialchars($user->login, ENT_QUOTES)
); ?>
<?php else: ?>
<?php printf('%s (%s)', $user->name, $user->login); ?>
<?php printf(
'%s (%s)',
htmlspecialchars($user->name, ENT_QUOTES),
htmlspecialchars($user->login, ENT_QUOTES)
); ?>
<?php endif; ?>
</span>
</li>

4
app/modules/web/themes/material-blue/views/itemshow/user_pass.inc
View File

@@ -30,7 +30,7 @@ $user = $_getvar('user');
<div class="mdl-textfield mdl-js-textfield">
<input id="name" name="name" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $user->getName(); ?>" readonly
value="<?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?>" readonly
disabled/>
</div>
</td>
@@ -42,7 +42,7 @@ $user = $_getvar('user');
<div class="mdl-textfield mdl-js-textfield">
<input id="login" name="login" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $user->getLogin(); ?>"
value="<?php echo htmlspecialchars($user->getLogin(), ENT_QUOTES); ?>"
readonly disabled/>
</div>
</td>

2
app/modules/web/themes/material-blue/views/itemshow/user_profile.inc
View File

@@ -579,7 +579,7 @@ $profileData = $_getvar('profileData');
<input id="profile_name" name="profile_name" type="text"
required
class="mdl-textfield__input"
value="<?php echo $profile->getName(); ?>"
value="<?php echo htmlspecialchars($profile->getName(), ENT_QUOTES); ?>"
maxlength="50" <?php echo $_getvar('readonly'); ?>>
<label class="mdl-textfield__label"
for="profile_name"><?php echo __('Profile name'); ?></label>

29
app/modules/web/themes/material-blue/views/notification/notification.inc
View File

@@ -61,7 +61,8 @@ $notification = $_getvar('notification');
<input id="notification_date"
name="notification_date" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo DateUtil::getDateFromUnix($notification->getDate()); ?>" <?php echo $_getvar('disabled'); ?>>
value="<?php echo DateUtil::getDateFromUnix($notification->getDate()); ?>"
<?php echo $_getvar('disabled'); ?>>
<label class="mdl-textfield__label"
for="notification_date"><?php echo __('Date'); ?></label>
</div>
@@ -77,13 +78,15 @@ $notification = $_getvar('notification');
class="mdl-textfield__input mdl-color-text--indigo-400"
type="text" rows="3"
id="notification_description"
name="notification_description" <?php echo $_getvar('readonly'); ?>><?php echo $notification->getDescription(); ?></textarea>
name="notification_description" <?php echo $_getvar('readonly'); ?>>
<?php echo htmlspecialchars($notification->getDescription(), ENT_QUOTES); ?>
</textarea>
<label class="mdl-textfield__label"
for="notification_description"><?php echo __('Description'); ?></label>
</div>
<?php else: ?>
<div class="notification-description">
<?php echo $notification->getDescription(); ?>
<?php echo htmlspecialchars($notification->getDescription(), ENT_QUOTES); ?>
</div>
<?php endif; ?>
</td>
@@ -100,8 +103,10 @@ $notification = $_getvar('notification');
<option value=""><?php echo __('Select User'); ?></option>
<?php /** @var SelectItem $user */
foreach ($_getvar('users') as $user): ?>
<option
value="<?php echo $user->getId(); ?>" <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php echo $user->getName(); ?></option>
<option value="<?php echo $user->getId(); ?>"
<?php echo $user->isSelected() ? 'selected' : ''; ?>>
<?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?>
</option>
<?php endforeach; ?>
</select>
</td>
@@ -115,7 +120,8 @@ $notification = $_getvar('notification');
title="<?php echo __('Global notification'); ?>">
<input type="checkbox" id="notification_sticky"
class="mdl-switch__input mdl-color-text--indigo-400"
name="notification_sticky" <?php echo $notification->isSticky() ? 'checked' : ' '; ?> <?php echo $_getvar('disabled'); ?>/>
name="notification_sticky" <?php echo $notification->isSticky() ? 'checked'
: ' '; ?> <?php echo $_getvar('disabled'); ?>/>
<span class="mdl-switch__label"><?php echo __('Global'); ?></span>
</label>
@@ -124,7 +130,9 @@ $notification = $_getvar('notification');
title="<?php echo __('Only for application administrators'); ?>">
<input type="checkbox" id="notification_onlyadmin"
class="mdl-switch__input mdl-color-text--indigo-400"
name="notification_onlyadmin" <?php echo $notification->isOnlyAdmin() ? 'checked' : ' '; ?> <?php echo $_getvar('disabled'); ?>/>
name="notification_onlyadmin"
<?php echo $notification->isOnlyAdmin() ? 'checked' : ' '; ?>
<?php echo $_getvar('disabled'); ?>/>
<span class="mdl-switch__label"><?php echo __('Only Admins'); ?></span>
</label>
@@ -133,7 +141,9 @@ $notification = $_getvar('notification');
title="<?php echo __('Read'); ?>">
<input type="checkbox" id="notification_checkout"
class="mdl-switch__input mdl-color-text--indigo-400"
name="notification_checkout" <?php echo $notification->isChecked() ? 'checked' : ' '; ?> <?php echo $_getvar('disabled'); ?>/>
name="notification_checkout"
<?php echo $notification->isChecked() ? 'checked' : ' '; ?>
<?php echo $_getvar('disabled'); ?>/>
<span class="mdl-switch__label"><?php echo __('Read'); ?></span>
</label>
</td>
@@ -146,7 +156,8 @@ $notification = $_getvar('notification');
<?php if (!$_getvar('isView')): ?>
<div class="action-in-box">
<button
class="mdl-button mdl-js-button mdl-button--fab mdl-button--mini-fab mdl-button--colored <?php echo $icons->getIconSave()->getClassButton(); ?>"
class="mdl-button mdl-js-button mdl-button--fab mdl-button--mini-fab mdl-button--colored <?php echo $icons->getIconSave(
)->getClassButton(); ?>"
form="frmNotices"
title="<?php echo $icons->getIconSave()->getTitle(); ?>">
<i class="material-icons"><?php echo $icons->getIconSave()->getIcon(); ?></i>

22
composer.json
View File

@@ -19,14 +19,14 @@
},
"require": {
"roave/security-advisories": "dev-master",
"php": "~7.3 || ~7.4",
"defuse/php-encryption": "~2.1",
"phpmailer/phpmailer": "~6.0",
"php": "~7.4",
"defuse/php-encryption": "^2.1",
"phpmailer/phpmailer": "^6.0",
"ademarre/binary-to-text-php": "dev-master",
"phpseclib/phpseclib": "~2.0.25",
"klein/klein": "~2.1.2",
"php-di/php-di": "~6.0.11",
"doctrine/common": "~v2.7.3",
"phpseclib/phpseclib": "^2.0",
"klein/klein": "^2.1",
"php-di/php-di": "^6.0",
"doctrine/common": "^v2.7",
"guzzlehttp/guzzle": "^6.3",
"monolog/monolog": "^1.23",
"symfony/debug" : "^v3.4",
@@ -50,7 +50,7 @@
"php-mock/php-mock-phpunit": "^2.6"
},
"suggest": {
"syspass/plugin-authenticator": "^2.1",
"syspass/plugin-authenticator": "^v2.2",
"ext-ldap": "*",
"ext-curl": "*",
"ext-xdebug": "*"
@@ -64,6 +64,10 @@
}
},
"config": {
"classmap-authoritative": false
"classmap-authoritative": false,
"platform-check": false,
"platform": {
"php": "7.4"
}
}
}

1858
composer.lock generated
View File

File diff suppressed because it is too large Load Diff

2
lib/SP/Core/Language.php
View File

@@ -192,7 +192,7 @@ final class Language
$locale = setlocale(LC_ALL, $lang);
if ($locale === false) {
logger('Could not set locale', 'ERROR');
logger('Could not set locale to ' . $lang, 'ERROR');
logger('Domain path: ' . LOCALES_PATH);
} else {
logger('Locale set to: ' . $locale);

4
lib/SP/Services/Install/Installer.php
View File

@@ -60,9 +60,9 @@ final class Installer extends Service
/**
* sysPass' version and build number
*/
const VERSION = [3, 2, 2];
const VERSION = [3, 2, 3];
const VERSION_TEXT = '3.2';
const BUILD = 21031301;
const BUILD = 22052501;
/**
* @var DatabaseSetupInterface