[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] CVS: phpgwapi/inc class.contacts_shared.inc.php,1.9.
From: |
Ralf Becker <address@hidden> |
Subject: |
[Phpgroupware-cvs] CVS: phpgwapi/inc class.contacts_shared.inc.php,1.9.2.1.2.1,1.9.2.1.2.2 |
Date: |
Tue, 01 Jul 2003 19:54:03 -0400 |
Update of /cvsroot/phpgroupware/phpgwapi/inc
In directory subversions:/tmp/cvs-serv21251
Modified Files:
Tag: Version-0_9_16-branch
class.contacts_shared.inc.php
Log Message:
xss fix, running the content of the address-label-function through strip_html
Index: class.contacts_shared.inc.php
===================================================================
RCS file: /cvsroot/phpgroupware/phpgwapi/inc/class.contacts_shared.inc.php,v
retrieving revision 1.9.2.1.2.1
retrieving revision 1.9.2.1.2.2
diff -C2 -r1.9.2.1.2.1 -r1.9.2.1.2.2
*** class.contacts_shared.inc.php 21 May 2003 22:27:43 -0000
1.9.2.1.2.1
--- class.contacts_shared.inc.php 1 Jul 2003 23:54:01 -0000
1.9.2.1.2.2
***************
*** 303,338 ****
);
! $address = $this->read_single_entry($id,$fields);
! if ($address[0]['title'])
{
! $title = $address[0]['title'] . ' ';
}
if ($business)
{
! if ($address[0]['org_name'])
{
! $company = $address[0]['org_name'];
}
else
{
! $company = $title .
$address[0]['n_given'] . ' ' . $address[0]['n_family'];
}
! $street = $address[0]['adr_one_street'];
! $city = $address[0]['adr_one_locality'];
! $zip = $address[0]['adr_one_postalcode'];
! $state = $address[0]['adr_one_region'];
! $country = $address[0]['adr_one_countryname'];
}
else
{
! $company = $title . $address[0]['n_given'] .
' ' . $address[0]['n_family'];
! $street = $address[0]['adr_two_street'];
! $city = $address[0]['adr_two_locality'];
! $zip = $address[0]['adr_two_postalcode'];
! $state = $address[0]['adr_two_region'];
! $country = $address[0]['adr_two_countryname'];
}
--- 303,342 ----
);
! list($address) = $this->read_single_entry($id,$fields);
! foreach($address as $k => $val)
! {
! $address[$k] =
$GLOBALS['phpgw']->strip_html($val);
! }
! if ($address['title'])
{
! $title = $address['title'] . ' ';
}
if ($business)
{
! if ($address['org_name'])
{
! $company = $address['org_name'];
}
else
{
! $company = $title . $address['n_given']
. ' ' . $address['n_family'];
}
! $street = $address['adr_one_street'];
! $city = $address['adr_one_locality'];
! $zip = $address['adr_one_postalcode'];
! $state = $address['adr_one_region'];
! $country = $address['adr_one_countryname'];
}
else
{
! $company = $title . $address['n_given'] .
' ' . $address['n_family'];
! $street = $address['adr_two_street'];
! $city = $address['adr_two_locality'];
! $zip = $address['adr_two_postalcode'];
! $state = $address['adr_two_region'];
! $country = $address['adr_two_countryname'];
}
***************
*** 359,363 ****
$a .= $t->set_var('fontsize',$asize);
$a .= $t->set_var('company',$company);
! $a .= $t->set_var('department',$address[0]['org_unit']);
$a .= $t->set_var('street',$street);
$a .= $t->set_var('city',$city);
--- 363,367 ----
$a .= $t->set_var('fontsize',$asize);
$a .= $t->set_var('company',$company);
! $a .= $t->set_var('department',$address['org_unit']);
$a .= $t->set_var('street',$street);
$a .= $t->set_var('city',$city);
***************
*** 405,444 ****
);
! $address = $this->read_single_entry($id,$fields);
! if ($address[0]['title'])
{
! $title = $address[0]['title'] . ' ';
}
if ($business)
{
! if ($address[0]['org_name'])
{
! $company = $address[0]['org_name'];
}
else
{
! $company = $title .
$address[0]['n_given'] . ' ' . $address[0]['n_family'];
}
! $street = $address[0]['adr_one_street'];
! $city =
$address[0]['adr_one_locality'];
! $zip =
$address[0]['adr_one_postalcode'];
! $state = $address[0]['adr_one_region'];
! $country =
$address[0]['adr_one_countryname'];
! $tel = $address[0]['tel_work'];
! $email = $address[0]['email'];
}
else
{
! $company = $title .
$address[0]['n_given'] . ' ' . $address[0]['n_family'];
! $street = $address[0]['adr_two_street'];
! $city =
$address[0]['adr_two_locality'];
! $zip =
$address[0]['adr_two_postalcode'];
! $state = $address[0]['adr_two_region'];
! $country =
$address[0]['adr_two_countryname'];
! $tel = $address[0]['tel_home'];
! $email = $address[0]['email_home'];
}
--- 409,452 ----
);
! list($address) = $this->read_single_entry($id,$fields);
! foreach($address as $k => $val)
! {
! $address[$k] =
$GLOBALS['phpgw']->strip_html($val);
! }
! if ($address['title'])
{
! $title = $address['title'] . ' ';
}
if ($business)
{
! if ($address['org_name'])
{
! $company = $address['org_name'];
}
else
{
! $company = $title . $address['n_given']
. ' ' . $address['n_family'];
}
! $street = $address['adr_one_street'];
! $city = $address['adr_one_locality'];
! $zip =
$address['adr_one_postalcode'];
! $state = $address['adr_one_region'];
! $country =
$address['adr_one_countryname'];
! $tel = $address['tel_work'];
! $email = $address['email'];
}
else
{
! $company = $title . $address['n_given']
. ' ' . $address['n_family'];
! $street = $address['adr_two_street'];
! $city = $address['adr_two_locality'];
! $zip =
$address['adr_two_postalcode'];
! $state = $address['adr_two_region'];
! $country =
$address['adr_two_countryname'];
! $tel = $address['tel_home'];
! $email = $address['email_home'];
}
***************
*** 469,473 ****
$a .= $t->set_var('lang_fon',lang('phone number'));
$a .= $t->set_var('company',$company);
! $a .= $t->set_var('department',$address[0]['org_unit']);
$a .= $t->set_var('street',$street);
$a .= $t->set_var('city',$city);
--- 477,481 ----
$a .= $t->set_var('lang_fon',lang('phone number'));
$a .= $t->set_var('company',$company);
! $a .= $t->set_var('department',$address['org_unit']);
$a .= $t->set_var('street',$street);
$a .= $t->set_var('city',$city);
***************
*** 476,481 ****
$a .= $t->set_var('email',$email);
$a .= $t->set_var('tel',$tel);
! $a .= $t->set_var('fax',$address[0]['tel_fax']);
! $a .= $t->set_var('url',$address[0]['url']);
if ($country !=
$GLOBALS['phpgw_info']['user']['preferences']['common']['country'])
--- 484,489 ----
$a .= $t->set_var('email',$email);
$a .= $t->set_var('tel',$tel);
! $a .= $t->set_var('fax',$address['tel_fax']);
! $a .= $t->set_var('url',$address['url']);
if ($country !=
$GLOBALS['phpgw_info']['user']['preferences']['common']['country'])
***************
*** 512,547 ****
);
! $address = $this->read_single_entry($id,$fields);
! if ($address[0]['title'])
{
! $title = $address[0]['title'] . ' ';
}
if ($business)
{
! if ($address[0]['org_name'])
{
! $company = $address[0]['org_name'];
}
else
{
! $company = $title .
$address[0]['n_given'] . ' ' . $address[0]['n_family'];
}
! $street = $address[0]['adr_one_street'];
! $city = $address[0]['adr_one_locality'];
! $zip = $address[0]['adr_one_postalcode'];
! $state = $address[0]['adr_one_region'];
! $country = $address[0]['adr_one_countryname'];
}
else
{
! $company = $title . $address[0]['n_given'] .
' ' . $address[0]['n_family'];
! $street = $address[0]['adr_two_street'];
! $city = $address[0]['adr_two_locality'];
! $zip = $address[0]['adr_two_postalcode'];
! $state = $address[0]['adr_two_region'];
! $country = $address[0]['adr_two_countryname'];
}
--- 520,559 ----
);
! list($address) = $this->read_single_entry($id,$fields);
! foreach($address as $k => $val)
! {
! $address[$k] =
$GLOBALS['phpgw']->strip_html($val);
! }
! if ($address['title'])
{
! $title = $address['title'] . ' ';
}
if ($business)
{
! if ($address['org_name'])
{
! $company = $address['org_name'];
}
else
{
! $company = $title . $address['n_given']
. ' ' . $address['n_family'];
}
! $street = $address['adr_one_street'];
! $city = $address['adr_one_locality'];
! $zip = $address['adr_one_postalcode'];
! $state = $address['adr_one_region'];
! $country = $address['adr_one_countryname'];
}
else
{
! $company = $title . $address['n_given'] .
' ' . $address['n_family'];
! $street = $address['adr_two_street'];
! $city = $address['adr_two_locality'];
! $zip = $address['adr_two_postalcode'];
! $state = $address['adr_two_region'];
! $country = $address['adr_two_countryname'];
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] CVS: phpgwapi/inc class.contacts_shared.inc.php,1.9.2.1.2.1,1.9.2.1.2.2,
Ralf Becker <address@hidden> <=