maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

escape passwords for email content (new email-account, new ftp-account and new database); fixes #905

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2021-03-03 11:25:58 +01:00
parent 53e8ccbccb
commit 49db4e60cb
3 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/Froxlor/Api/Commands/EmailAccounts.php
View File

@@ -192,7 +192,7 @@ class EmailAccounts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Reso
$replace_arr = array( $replace_arr = array(
'EMAIL' => $email_full, 'EMAIL' => $email_full,
'USERNAME' => $username, 'USERNAME' => $username,
'PASSWORD' => $password, 'PASSWORD' => htmlentities(htmlentities($password)),
'SALUTATION' => \Froxlor\User::getCorrectUserSalutation($customer), 'SALUTATION' => \Froxlor\User::getCorrectUserSalutation($customer),
'NAME' => $customer['name'], 'NAME' => $customer['name'],
'FIRSTNAME' => $customer['firstname'], 'FIRSTNAME' => $customer['firstname'],

2
lib/Froxlor/Api/Commands/Ftps.php
View File

@@ -245,7 +245,7 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit
'COMPANY' => $customer['company'], 'COMPANY' => $customer['company'],
'CUSTOMER_NO' => $customer['customernumber'], 'CUSTOMER_NO' => $customer['customernumber'],
'USR_NAME' => $username, 'USR_NAME' => $username,
'USR_PASS' => $password, 'USR_PASS' => htmlentities(htmlentities($password)),
'USR_PATH' => \Froxlor\FileDir::makeCorrectDir(str_replace($customer['documentroot'], "/", $path)) 'USR_PATH' => \Froxlor\FileDir::makeCorrectDir(str_replace($customer['documentroot'], "/", $path))
); );
// get template for mail subject // get template for mail subject

16
lib/Froxlor/Api/Commands/Mysqls.php
View File

@@ -88,13 +88,13 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
// add database info to froxlor // add database info to froxlor
$stmt = Database::prepare(" $stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_DATABASES . "` INSERT INTO `" . TABLE_PANEL_DATABASES . "`
SET SET
`customerid` = :customerid, `customerid` = :customerid,
`databasename` = :databasename, `databasename` = :databasename,
`description` = :description, `description` = :description,
`dbserver` = :dbserver `dbserver` = :dbserver
"); ");
$params = array( $params = array(
"customerid" => $customer['customerid'], "customerid" => $customer['customerid'],
"databasename" => $username, "databasename" => $username,
@@ -130,7 +130,7 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
'COMPANY' => $userinfo['company'], 'COMPANY' => $userinfo['company'],
'CUSTOMER_NO' => $userinfo['customernumber'], 'CUSTOMER_NO' => $userinfo['customernumber'],
'DB_NAME' => $username, 'DB_NAME' => $username,
'DB_PASS' => $password, 'DB_PASS' => htmlentities(htmlentities($password)),
'DB_DESC' => $databasedescription, 'DB_DESC' => $databasedescription,
'DB_SRV' => $sql_root['host'], 'DB_SRV' => $sql_root['host'],
'PMA_URI' => $pma 'PMA_URI' => $pma