evolix/evoadmin-mail
22
0
Fork 0
Code Issues 6 Pull requests Releases Activity

Remove call to Html class

Browse source
This commit is contained in:
Victor LABORIE 2017-12-17 21:44:10 +01:00
parent 116cf60655
commit b5254b8c5f
7 changed files with 22 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
htdocs/admin.php
View file

@ -17,7 +17,7 @@ include("inc/haut.php");
include("inc/debut.php");
if (!empty($_POST['account'])) {
$account = Html::clean($_POST['account']);
$account = htmlentities(strip_tags($_POST['account']),ENT_NOQUOTES);
print '<div class="container"><form name="del "method="post" action="admin.php?domain='.$domain->getName().'">';
print '<div class="alert alert-warning" role="alert">Voulez vous vraiment supprimer le compte '.$account.' ?</div>';
@ -26,7 +26,7 @@ if (!empty($_POST['account'])) {
}
if (!empty($_POST['alias'])) {
$alias = Html::clean($_POST['alias']);
$alias = htmlentities(strip_tags($_POST['alias']),ENT_NOQUOTES);
print '<div class="container"><form name="del "method="post" action="admin.php?domain='.$domain->getName().'&viewonly=2">';
print '<div class="alert alert-warning" role="alert">Voulez vous vraiment supprimer l\'alias '.$alias.' ?</div>';
@ -35,7 +35,7 @@ if (!empty($_POST['alias'])) {
}
if (!empty($_POST['delete'])) {
$account = Html::clean($_POST['delete']);
$account = htmlentities(strip_tags($_POST['delete']),ENT_NOQUOTES);
print '<div class="container">';
print '<div class="alert alert-warning" role="alert">Suppression du compte '.$account.' ...</div>';
try {
@ -48,7 +48,7 @@ if (!empty($_POST['delete'])) {
}
if (!empty($_POST['delalias'])) {
$alias = Html::clean($_POST['delalias']);
$alias = htmlentities(strip_tags($_POST['delalias']),ENT_NOQUOTES);
print '<div class="container">';
print '<div class="alert alert-warning" role="alert">Suppression de l\'alias '.$alias.' ...</div>';
try {

2
htdocs/alias.php
View file

@ -12,7 +12,7 @@ include('inc/haut.php');
include('inc/debut.php');
if (!empty($_POST['cn'])) {
$cn = (!empty($_GET['alias'])) ? $alias->getName() : Html::clean(Html::purgeaccents(utf8_decode($_POST['cn'])));
$cn = (!empty($_GET['alias'])) ? $alias->getName() : htmlentities(strip_tags($_POST['cn']),ENT_NOQUOTES);
$actif = (!empty($_POST['isactive'])) ? true : false;
$mailaccept = array_filter($_POST['mailaccept'], function($value) {
if (!empty($value)) {

6
htdocs/auth.php
View file

@ -17,8 +17,10 @@ if (isset($_SESSION['login'])) {
if (!empty($_POST['login'])) {
try {
$server = new LdapServer(Html::clean($_POST['login']), LDAP_BASE, LDAP_ADMIN_DN, LDAP_ADMIN_PASS, LDAP_URI);
$server->login(Html::clean($_POST['password']));
$login = htmlentities(strip_tags($_POST['login']),ENT_NOQUOTES);
$password = htmlentities(strip_tags($_POST['password']),ENT_NOQUOTES);
$server = new LdapServer($login, LDAP_BASE, LDAP_ADMIN_DN, LDAP_ADMIN_PASS, LDAP_URI);
$server->login($password);
$_SESSION['login'] = $server->getLogin();
header("location: superadmin.php\n\n");
exit(0);

4
htdocs/compte.php
View file

@ -20,8 +20,8 @@ if (!empty($_POST['cn'])) {
print "<div class='container'>";
$uid = (!empty($_GET['account'])) ? $account->getUid() : Html::clean($_POST['uid']);
$cn = Html::justclean(Html::purgeaccents(utf8_decode($_POST['cn'])));
$uid = (!empty($_GET['account'])) ? $account->getUid() : htmlentities(strip_tags($_POST['uid']),ENT_NOQUOTES);
$cn = htmlentities(strip_tags($_POST['cn']),ENT_NOQUOTES);
$password = (!empty($_POST['pass1'])) ? $_POST['pass1'] : NULL;
$actif = (!empty($_POST['isactive'])) ? true : false;
$admin = (!empty($_POST['isadmin'])) ? true : false;

4
htdocs/domaine.php
View file

@ -20,14 +20,14 @@ if (!$server->isSuperAdmin()) {
// Ajouter un domaine
if (!empty($_POST['domain'])) {
$domain = Html::clean($_POST['domain']);
$domain = htmlentities(strip_tags($_POST['domain']),ENT_NOQUOTES);
print "<div class='container'>";
print "<div class=\"alert alert-warning\" role=\"alert\">Ajout en cours du domaine ".$domain." ...</div>";
try {
$active = (!empty($_POST['isactive'])) ? true : false;
$server->addDomain(Html::clean($_POST['domain']), $active);
$server->addDomain($domain), $active);
domain_add($domain);
print '<div class="alert alert-success" role="alert">Ajout effectu&eacute;.</div>';
#EvoLog::log("Add domain ".$domain);

9
htdocs/lib/auth.php
View file

@ -10,12 +10,15 @@ if (empty($_SESSION['login'])) {
try {
$server = new LdapServer($_SESSION['login'], LDAP_BASE, LDAP_ADMIN_DN, LDAP_ADMIN_PASS, LDAP_URI);
if (!empty($_GET['domain'])) {
$domain = new LdapDomain($server, Html::clean($_GET['domain']));
$domain = htmlentities(strip_tags($_GET['domain']),ENT_NOQUOTES);
$domain = new LdapDomain($server, $domain);
if (!empty($_GET['account'])) {
$account = new LdapAccount($domain, Html::clean($_GET['account']));
$account = htmlentities(strip_tags($_GET['account']),ENT_NOQUOTES);
$account = new LdapAccount($domain, $account);
}
if (!empty($_GET['alias'])) {
$alias = new LdapAlias($domain, Html::clean($_GET['alias']));
$alias = htmlentities(strip_tags($_GET['alias']),ENT_NOQUOTES);
$alias = new LdapAlias($domain, $alias);
}
}
} catch (Exception $e) {

6
htdocs/superadmin.php
View file

@ -11,7 +11,7 @@ include('inc/debut.php');
if (!empty($_POST['domain'])) {
$domain = Html::clean($_POST['domain']);
$domain = htmlentities(strip_tags($_POST['domain']),ENT_NOQUOTES);
print '<div class="container"><form name="del "method="post" action="superadmin.php">';
print '<div class="alert alert-warning" role="alert">Voulez vous vraiment supprimer le domaine '.$domain.' ?</div>';
@ -20,11 +20,11 @@ if (!empty($_POST['domain'])) {
}
if (!empty($_POST['delete'])) {
$domain = Html::clean($_POST['delete']);
$domain = htmlentities(strip_tags($_POST['delete']),ENT_NOQUOTES);
print '<div class="container">';
print '<div class="alert alert-warning" role="alert">Suppression du domaine '.$domain.' ...</div>';
try {
$server->delDomain(Html::clean($_POST['delete']));
$server->delDomain($domain);
print '<div class="alert alert-success" role="alert">Suppression effectu&eacute;.</div>';
} catch (Exception $e_ad) {
print '<div class="alert alert-danger" role="alert">'.$e_ad->getMessage().'</div>';