diff --git a/htdocs/admin.php b/htdocs/admin.php index a9041fe..7ef3ab3 100644 --- a/htdocs/admin.php +++ b/htdocs/admin.php @@ -17,7 +17,7 @@ include("inc/haut.php"); include("inc/debut.php"); if (!empty($_POST['account'])) { - $account = Html::clean($_POST['account']); + $account = htmlentities(strip_tags($_POST['account']),ENT_NOQUOTES); print '
'; print ''; @@ -26,7 +26,7 @@ if (!empty($_POST['account'])) { } if (!empty($_POST['alias'])) { - $alias = Html::clean($_POST['alias']); + $alias = htmlentities(strip_tags($_POST['alias']),ENT_NOQUOTES); print '
'; print ''; @@ -35,7 +35,7 @@ if (!empty($_POST['alias'])) { } if (!empty($_POST['delete'])) { - $account = Html::clean($_POST['delete']); + $account = htmlentities(strip_tags($_POST['delete']),ENT_NOQUOTES); print '
'; print ''; try { @@ -48,7 +48,7 @@ if (!empty($_POST['delete'])) { } if (!empty($_POST['delalias'])) { - $alias = Html::clean($_POST['delalias']); + $alias = htmlentities(strip_tags($_POST['delalias']),ENT_NOQUOTES); print '
'; print ''; try { diff --git a/htdocs/alias.php b/htdocs/alias.php index 6bcbfd2..466590d 100644 --- a/htdocs/alias.php +++ b/htdocs/alias.php @@ -12,7 +12,7 @@ include('inc/haut.php'); include('inc/debut.php'); if (!empty($_POST['cn'])) { - $cn = (!empty($_GET['alias'])) ? $alias->getName() : Html::clean(Html::purgeaccents(utf8_decode($_POST['cn']))); + $cn = (!empty($_GET['alias'])) ? $alias->getName() : htmlentities(strip_tags($_POST['cn']),ENT_NOQUOTES); $actif = (!empty($_POST['isactive'])) ? true : false; $mailaccept = array_filter($_POST['mailaccept'], function($value) { if (!empty($value)) { diff --git a/htdocs/auth.php b/htdocs/auth.php index 22cf0f3..104f5a2 100644 --- a/htdocs/auth.php +++ b/htdocs/auth.php @@ -17,8 +17,10 @@ if (isset($_SESSION['login'])) { if (!empty($_POST['login'])) { try { - $server = new LdapServer(Html::clean($_POST['login']), LDAP_BASE, LDAP_ADMIN_DN, LDAP_ADMIN_PASS, LDAP_URI); - $server->login(Html::clean($_POST['password'])); + $login = htmlentities(strip_tags($_POST['login']),ENT_NOQUOTES); + $password = htmlentities(strip_tags($_POST['password']),ENT_NOQUOTES); + $server = new LdapServer($login, LDAP_BASE, LDAP_ADMIN_DN, LDAP_ADMIN_PASS, LDAP_URI); + $server->login($password); $_SESSION['login'] = $server->getLogin(); header("location: superadmin.php\n\n"); exit(0); diff --git a/htdocs/compte.php b/htdocs/compte.php index 574ca89..387f8b5 100644 --- a/htdocs/compte.php +++ b/htdocs/compte.php @@ -20,8 +20,8 @@ if (!empty($_POST['cn'])) { print "
"; - $uid = (!empty($_GET['account'])) ? $account->getUid() : Html::clean($_POST['uid']); - $cn = Html::justclean(Html::purgeaccents(utf8_decode($_POST['cn']))); + $uid = (!empty($_GET['account'])) ? $account->getUid() : htmlentities(strip_tags($_POST['uid']),ENT_NOQUOTES); + $cn = htmlentities(strip_tags($_POST['cn']),ENT_NOQUOTES); $password = (!empty($_POST['pass1'])) ? $_POST['pass1'] : NULL; $actif = (!empty($_POST['isactive'])) ? true : false; $admin = (!empty($_POST['isadmin'])) ? true : false; diff --git a/htdocs/domaine.php b/htdocs/domaine.php index 7f07c75..62b171a 100644 --- a/htdocs/domaine.php +++ b/htdocs/domaine.php @@ -20,14 +20,14 @@ if (!$server->isSuperAdmin()) { // Ajouter un domaine if (!empty($_POST['domain'])) { - $domain = Html::clean($_POST['domain']); + $domain = htmlentities(strip_tags($_POST['domain']),ENT_NOQUOTES); print "
"; print "
Ajout en cours du domaine ".$domain." ...
"; try { $active = (!empty($_POST['isactive'])) ? true : false; - $server->addDomain(Html::clean($_POST['domain']), $active); + $server->addDomain($domain), $active); domain_add($domain); print ''; #EvoLog::log("Add domain ".$domain); diff --git a/htdocs/lib/auth.php b/htdocs/lib/auth.php index c9aefd2..569a076 100644 --- a/htdocs/lib/auth.php +++ b/htdocs/lib/auth.php @@ -10,12 +10,15 @@ if (empty($_SESSION['login'])) { try { $server = new LdapServer($_SESSION['login'], LDAP_BASE, LDAP_ADMIN_DN, LDAP_ADMIN_PASS, LDAP_URI); if (!empty($_GET['domain'])) { - $domain = new LdapDomain($server, Html::clean($_GET['domain'])); + $domain = htmlentities(strip_tags($_GET['domain']),ENT_NOQUOTES); + $domain = new LdapDomain($server, $domain); if (!empty($_GET['account'])) { - $account = new LdapAccount($domain, Html::clean($_GET['account'])); + $account = htmlentities(strip_tags($_GET['account']),ENT_NOQUOTES); + $account = new LdapAccount($domain, $account); } if (!empty($_GET['alias'])) { - $alias = new LdapAlias($domain, Html::clean($_GET['alias'])); + $alias = htmlentities(strip_tags($_GET['alias']),ENT_NOQUOTES); + $alias = new LdapAlias($domain, $alias); } } } catch (Exception $e) { diff --git a/htdocs/superadmin.php b/htdocs/superadmin.php index 99b0c78..8b1ea08 100644 --- a/htdocs/superadmin.php +++ b/htdocs/superadmin.php @@ -11,7 +11,7 @@ include('inc/debut.php'); if (!empty($_POST['domain'])) { - $domain = Html::clean($_POST['domain']); + $domain = htmlentities(strip_tags($_POST['domain']),ENT_NOQUOTES); print '
'; print ''; @@ -20,11 +20,11 @@ if (!empty($_POST['domain'])) { } if (!empty($_POST['delete'])) { - $domain = Html::clean($_POST['delete']); + $domain = htmlentities(strip_tags($_POST['delete']),ENT_NOQUOTES); print '
'; print ''; try { - $server->delDomain(Html::clean($_POST['delete'])); + $server->delDomain($domain); print ''; } catch (Exception $e_ad) { print '';