WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

additional checks

This commit is contained in:
Roland Gruber 2012-03-20 20:44:24 +00:00
parent 08ce109c6b
commit 1c0aeb0e9f
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lam/templates/pdfedit/pdfmain.php
View File

@ -64,7 +64,7 @@ if (!$_SESSION['ldap'] || !$_SESSION['ldap']->server()) {
// check if new template should be created // check if new template should be created
if(isset($_POST['createNewTemplate'])) { if(isset($_POST['createNewTemplate'])) {
metaRefresh('pdfpage.php?type=' . $_POST['scope']); metaRefresh('pdfpage.php?type=' . htmlspecialchars($_POST['scope']));
exit(); exit();
} }
@ -110,7 +110,7 @@ for ($i = 0; $i < sizeof($templateClasses); $i++) {
// check if a template should be edited // check if a template should be edited
for ($i = 0; $i < sizeof($templateClasses); $i++) { for ($i = 0; $i < sizeof($templateClasses); $i++) {
if (isset($_POST['editTemplate_' . $templateClasses[$i]['scope']]) || isset($_POST['editTemplate_' . $templateClasses[$i]['scope'] . '_x'])) { if (isset($_POST['editTemplate_' . $templateClasses[$i]['scope']]) || isset($_POST['editTemplate_' . $templateClasses[$i]['scope'] . '_x'])) {
metaRefresh('pdfpage.php?type=' . $templateClasses[$i]['scope'] . '&edit=' . $_POST['template_' . $templateClasses[$i]['scope']]); metaRefresh('pdfpage.php?type=' . htmlspecialchars($templateClasses[$i]['scope']) . '&edit=' . htmlspecialchars($_POST['template_' . $templateClasses[$i]['scope']]));
exit; exit;
} }
} }

6
lam/templates/profedit/profilemain.php
View File

@ -69,14 +69,14 @@ if (!$_SESSION['ldap'] || !$_SESSION['ldap']->server()) {
// check if new profile should be created // check if new profile should be created
elseif (isset($_POST['createProfileButton'])) { elseif (isset($_POST['createProfileButton'])) {
metaRefresh("profilepage.php?type=" . $_POST['createProfile']); metaRefresh("profilepage.php?type=" . htmlspecialchars($_POST['createProfile']));
exit; exit;
} }
// check if a profile should be edited // check if a profile should be edited
for ($i = 0; $i < sizeof($profileClasses); $i++) { for ($i = 0; $i < sizeof($profileClasses); $i++) {
if (isset($_POST['editProfile_' . $profileClasses[$i]['scope']]) || isset($_POST['editProfile_' . $profileClasses[$i]['scope'] . '_x'])) { if (isset($_POST['editProfile_' . $profileClasses[$i]['scope']]) || isset($_POST['editProfile_' . $profileClasses[$i]['scope'] . '_x'])) {
metaRefresh("profilepage.php?type=" . $profileClasses[$i]['scope'] . metaRefresh("profilepage.php?type=" . htmlspecialchars($profileClasses[$i]['scope']) .
"&amp;edit=" . $_POST['profile_' . $profileClasses[$i]['scope']]); "&amp;edit=" . htmlspecialchars($_POST['profile_' . $profileClasses[$i]['scope']]));
exit; exit;
} }
} }