";
- $uid = (!empty($_GET['account'])) ? $account->getUid() : Html::clean($_POST['uid']);
- $cn = Html::justclean(Html::purgeaccents(utf8_decode($_POST['cn'])));
+ $uid = (!empty($_GET['account'])) ? $account->getUid() : htmlentities(strip_tags($_POST['uid']),ENT_NOQUOTES);
+ $cn = htmlentities(strip_tags($_POST['cn']),ENT_NOQUOTES);
$password = (!empty($_POST['pass1'])) ? $_POST['pass1'] : NULL;
$actif = (!empty($_POST['isactive'])) ? true : false;
$admin = (!empty($_POST['isadmin'])) ? true : false;
diff --git a/htdocs/domaine.php b/htdocs/domaine.php
index 7f07c75..62b171a 100644
--- a/htdocs/domaine.php
+++ b/htdocs/domaine.php
@@ -20,14 +20,14 @@ if (!$server->isSuperAdmin()) {
// Ajouter un domaine
if (!empty($_POST['domain'])) {
- $domain = Html::clean($_POST['domain']);
+ $domain = htmlentities(strip_tags($_POST['domain']),ENT_NOQUOTES);
print "
";
print "
Ajout en cours du domaine ".$domain." ...
";
try {
$active = (!empty($_POST['isactive'])) ? true : false;
- $server->addDomain(Html::clean($_POST['domain']), $active);
+ $server->addDomain($domain), $active);
domain_add($domain);
print '
Ajout effectué.
';
#EvoLog::log("Add domain ".$domain);
diff --git a/htdocs/lib/auth.php b/htdocs/lib/auth.php
index c9aefd2..569a076 100644
--- a/htdocs/lib/auth.php
+++ b/htdocs/lib/auth.php
@@ -10,12 +10,15 @@ if (empty($_SESSION['login'])) {
try {
$server = new LdapServer($_SESSION['login'], LDAP_BASE, LDAP_ADMIN_DN, LDAP_ADMIN_PASS, LDAP_URI);
if (!empty($_GET['domain'])) {
- $domain = new LdapDomain($server, Html::clean($_GET['domain']));
+ $domain = htmlentities(strip_tags($_GET['domain']),ENT_NOQUOTES);
+ $domain = new LdapDomain($server, $domain);
if (!empty($_GET['account'])) {
- $account = new LdapAccount($domain, Html::clean($_GET['account']));
+ $account = htmlentities(strip_tags($_GET['account']),ENT_NOQUOTES);
+ $account = new LdapAccount($domain, $account);
}
if (!empty($_GET['alias'])) {
- $alias = new LdapAlias($domain, Html::clean($_GET['alias']));
+ $alias = htmlentities(strip_tags($_GET['alias']),ENT_NOQUOTES);
+ $alias = new LdapAlias($domain, $alias);
}
}
} catch (Exception $e) {
diff --git a/htdocs/superadmin.php b/htdocs/superadmin.php
index 99b0c78..8b1ea08 100644
--- a/htdocs/superadmin.php
+++ b/htdocs/superadmin.php
@@ -11,7 +11,7 @@ include('inc/debut.php');
if (!empty($_POST['domain'])) {
- $domain = Html::clean($_POST['domain']);
+ $domain = htmlentities(strip_tags($_POST['domain']),ENT_NOQUOTES);
print '