Sanitize user input

This commit is contained in:
Lukas Reschke 2012-06-11 00:14:28 +02:00
parent 9f276729c2
commit 27d1c1bb94

View file

@ -16,7 +16,7 @@
<?php $_['mounts'] = array_merge($_['mounts'], array('' => array())); ?> <?php $_['mounts'] = array_merge($_['mounts'], array('' => array())); ?>
<?php foreach ($_['mounts'] as $mountPoint => $mount): ?> <?php foreach ($_['mounts'] as $mountPoint => $mount): ?>
<tr <?php if ($mountPoint == '') echo 'id="addMountPoint"'; ?>> <tr <?php if ($mountPoint == '') echo 'id="addMountPoint"'; ?>>
<td class="mountPoint"><input type="text" name="mountPoint" value="<?php echo $mountPoint; ?>" placeholder="<?php echo $l->t('Mount point'); ?>" /></td> <td class="mountPoint"><input type="text" name="mountPoint" value="<?php echo htmlentities($mountPoint); ?>" placeholder="<?php echo $l->t('Mount point'); ?>" /></td>
<?php if ($mountPoint == ''): ?> <?php if ($mountPoint == ''): ?>
<td class="backend"> <td class="backend">
<select id="selectBackend" data-configurations='<?php echo json_encode($_['backends']); ?>'> <select id="selectBackend" data-configurations='<?php echo json_encode($_['backends']); ?>'>
@ -35,13 +35,13 @@
<?php if (isset($_['backends'][$mount['class']]['configuration'][$parameter])): ?> <?php if (isset($_['backends'][$mount['class']]['configuration'][$parameter])): ?>
<?php $placeholder = $_['backends'][$mount['class']]['configuration'][$parameter]; ?> <?php $placeholder = $_['backends'][$mount['class']]['configuration'][$parameter]; ?>
<?php if (strpos($placeholder, '*') !== false): ?> <?php if (strpos($placeholder, '*') !== false): ?>
<input type="password" data-parameter="<?php echo $parameter; ?>" value="<?php echo $value; ?>" placeholder="<?php echo substr($placeholder, 1); ?>" /> <input type="password" data-parameter="<?php echo $parameter; ?>" value="<?php echo htmlentities($value); ?>" placeholder="<?php echo substr($placeholder, 1); ?>" />
<?php elseif(strpos($placeholder, '!') !== false): ?> <?php elseif(strpos($placeholder, '!') !== false): ?>
<label><input type="checkbox" data-parameter="<?php echo $parameter; ?>" <?php if ($value == 'true') echo ' checked="checked"'; ?> /><?php echo substr($placeholder, 1); ?></label> <label><input type="checkbox" data-parameter="<?php echo $parameter; ?>" <?php if ($value == 'true') echo ' checked="checked"'; ?> /><?php echo substr($placeholder, 1); ?></label>
<?php elseif (strpos($placeholder, '&') !== false): ?> <?php elseif (strpos($placeholder, '&') !== false): ?>
<input type="text" class="optional" data-parameter="<?php echo $parameter; ?>" value="<?php echo $value; ?>" placeholder="<?php echo substr($placeholder, 1); ?>" /> <input type="text" class="optional" data-parameter="<?php echo $parameter; ?>" value="<?php echo htmlentities($value); ?>" placeholder="<?php echo substr($placeholder, 1); ?>" />
<?php else: ?> <?php else: ?>
<input type="text" data-parameter="<?php echo $parameter; ?>" value="<?php echo $value; ?>" placeholder="<?php echo $placeholder; ?>" /> <input type="text" data-parameter="<?php echo $parameter; ?>" value="<?php echo htmlentities($value); ?>" placeholder="<?php echo $placeholder; ?>" />
<?php endif; ?> <?php endif; ?>
<?php endif; ?> <?php endif; ?>
<?php endforeach; ?> <?php endforeach; ?>