diff --git a/admin_templates.php b/admin_templates.php index e437c751..6c03ad94 100644 --- a/admin_templates.php +++ b/admin_templates.php @@ -214,7 +214,7 @@ if ($action == '') { && $_POST['prepare'] == 'prepare' ) { //email templates - $language = validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'); + $language = htmlentities(validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect')); $template = validate($_POST['template'], 'template'); $lng_bak = $lng; @@ -244,7 +244,7 @@ if ($action == '') { && $_POST['send'] == 'send' ) { //email templates - $language = validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'); + $language = htmlentities(validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect')); $template = validate($_POST['template'], 'template'); $subject = validate($_POST['subject'], 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate'); $mailbody = validate($_POST['mailbody'], 'mailbody', '/^[^\0]+$/', 'nomailbodycreate'); @@ -452,6 +452,8 @@ if ($action == '') { $template_name = str_replace('_mailbody', '', $result['varname']); + // don't escape the already escaped language-string so save up before htmlentities() + $language = $result['language']; $result = htmlentities_array($result); $mailbody = $result['value']; diff --git a/install/froxlor.sql b/install/froxlor.sql index aa4d0d3a..2bdd3612 100644 --- a/install/froxlor.sql +++ b/install/froxlor.sql @@ -233,7 +233,7 @@ CREATE TABLE `panel_domains` ( `dkim_privkey` text, `dkim_pubkey` text, `wwwserveralias` tinyint(1) NOT NULL default '1', - `parentdomainid` int(11) unsigned NOT NULL default '0', + `parentdomainid` int(11) NOT NULL default '0', `openbasedir` tinyint(1) NOT NULL default '0', `openbasedir_path` tinyint(1) NOT NULL default '0', `speciallogfile` tinyint(1) NOT NULL default '0', @@ -538,7 +538,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('panel', 'password_numeric', '0'), ('panel', 'password_special_char_required', '0'), ('panel', 'password_special_char', '!?<>ยง$%+#=@'), - ('panel', 'version', '0.9.33'); + ('panel', 'version', '0.9.34-dev1'); DROP TABLE IF EXISTS `panel_tasks`; diff --git a/install/updates/froxlor/0.9/update_0.9.inc.php b/install/updates/froxlor/0.9/update_0.9.inc.php index 562929b3..0c4df2d8 100644 --- a/install/updates/froxlor/0.9/update_0.9.inc.php +++ b/install/updates/froxlor/0.9/update_0.9.inc.php @@ -2892,3 +2892,31 @@ if (isFroxlorVersion('0.9.33-rc3')) { updateToVersion('0.9.33'); } + +if (isFroxlorVersion('0.9.33')) { + + showUpdateStep("Updating from 0.9.33 to 0.9.34-dev1"); + + showUpdateStep("Updating table structure of domains"); + Database::query("ALTER TABLE `".TABLE_PANEL_DOMAINS."` MODIFY `parentdomainid` int(11) NOT NULL default '0'"); + lastStepStatus(0); + + showUpdateStep("Updating stored email-templates"); + $chk_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_TEMPLATES."` WHERE `templategroup` = 'mails'"); + Database::pexecute($chk_stmt); + // do we have any? + if ($chk_stmt->rowCount() > 0) { + // prepare update-statement + $upd_stmt = Database::prepare("UPDATE `".TABLE_PANEL_TEMPLATES."` SET `language` = :lang WHERE `id` = :id"); + // get each row + while ($row = $chk_stmt->fetch()) { + // let htmlentities run over the language name and update the entry + Database::pexecute($upd_stmt, array('lang' => htmlentities($row['language'])), false); + } + lastStepStatus(0); + } else { + lastStepStatus(1, "not needed"); + } + + updateToVersion('0.9.34-dev1'); +} diff --git a/lib/tables.inc.php b/lib/tables.inc.php index ee572f00..2b4ace00 100644 --- a/lib/tables.inc.php +++ b/lib/tables.inc.php @@ -51,6 +51,6 @@ define('TABLE_PANEL_DOMAIN_SSL_SETTINGS', 'domain_ssl_settings'); define('TABLE_DOMAINTOIP', 'panel_domaintoip'); // VERSION INFO -$version = '0.9.33'; +$version = '0.9.34-dev1'; $dbversion = '2'; $branding = '';