[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] CVS: phpgwapi/inc class.contacts_shared.inc.php,1.9.
|
From: |
Ralf Becker <address@hidden> |
|
Subject: |
[Phpgroupware-cvs] CVS: phpgwapi/inc class.contacts_shared.inc.php,1.9.2.2,1.9.2.3 |
|
Date: |
Tue, 01 Jul 2003 20:03:37 -0400 |
Update of /cvsroot/phpgroupware/phpgwapi/inc
In directory subversions:/tmp/cvs-serv22122
Modified Files:
Tag: Version-0_9_14-branch
class.contacts_shared.inc.php
Log Message:
xss fix, running the content of the address-label-function through strip_html
Index: class.contacts_shared.inc.php
===================================================================
RCS file: /cvsroot/phpgroupware/phpgwapi/inc/class.contacts_shared.inc.php,v
retrieving revision 1.9.2.2
retrieving revision 1.9.2.3
diff -C2 -r1.9.2.2 -r1.9.2.3
*** class.contacts_shared.inc.php 21 May 2003 22:06:04 -0000 1.9.2.2
--- class.contacts_shared.inc.php 2 Jul 2003 00:03:35 -0000 1.9.2.3
***************
*** 304,339 ****
);
! $address = $this->read_single_entry($id,$fields);
! if ($address[0]['title'])
{
! $title = $address[0]['title'] . ' ';
}
if ($business)
{
! if ($address[0]['org_name'])
{
! $company = $address[0]['org_name'];
}
else
{
! $company = $title .
$address[0]['n_given'] . ' ' . $address[0]['n_family'];
}
! $street = $address[0]['adr_one_street'];
! $city = $address[0]['adr_one_locality'];
! $zip = $address[0]['adr_one_postalcode'];
! $state = $address[0]['adr_one_region'];
! $country = $address[0]['adr_one_countryname'];
}
else
{
! $company = $title . $address[0]['n_given'] .
' ' . $address[0]['n_family'];
! $street = $address[0]['adr_two_street'];
! $city = $address[0]['adr_two_locality'];
! $zip = $address[0]['adr_two_postalcode'];
! $state = $address[0]['adr_two_region'];
! $country = $address[0]['adr_two_countryname'];
}
--- 304,343 ----
);
! list($address) = $this->read_single_entry($id,$fields);
! foreach($address as $k => $val)
! {
! $address[$k] =
$GLOBALS['phpgw']->strip_html($val);
! }
! if ($address['title'])
{
! $title = $address['title'] . ' ';
}
if ($business)
{
! if ($address['org_name'])
{
! $company = $address['org_name'];
}
else
{
! $company = $title . $address['n_given']
. ' ' . $address['n_family'];
}
! $street = $address['adr_one_street'];
! $city = $address['adr_one_locality'];
! $zip = $address['adr_one_postalcode'];
! $state = $address['adr_one_region'];
! $country = $address['adr_one_countryname'];
}
else
{
! $company = $title . $address['n_given'] .
' ' . $address['n_family'];
! $street = $address['adr_two_street'];
! $city = $address['adr_two_locality'];
! $zip = $address['adr_two_postalcode'];
! $state = $address['adr_two_region'];
! $country = $address['adr_two_countryname'];
}
***************
*** 360,364 ****
$a .= $t->set_var('fontsize',$asize);
$a .= $t->set_var('company',$company);
! $a .= $t->set_var('department',$address[0]['org_unit']);
$a .= $t->set_var('street',$street);
$a .= $t->set_var('city',$city);
--- 364,368 ----
$a .= $t->set_var('fontsize',$asize);
$a .= $t->set_var('company',$company);
! $a .= $t->set_var('department',$address['org_unit']);
$a .= $t->set_var('street',$street);
$a .= $t->set_var('city',$city);
***************
*** 406,445 ****
);
! $address = $this->read_single_entry($id,$fields);
! if ($address[0]['title'])
{
! $title = $address[0]['title'] . ' ';
}
if ($business)
{
! if ($address[0]['org_name'])
{
! $company = $address[0]['org_name'];
}
else
{
! $company = $title .
$address[0]['n_given'] . ' ' . $address[0]['n_family'];
}
! $street = $address[0]['adr_one_street'];
! $city =
$address[0]['adr_one_locality'];
! $zip =
$address[0]['adr_one_postalcode'];
! $state = $address[0]['adr_one_region'];
! $country =
$address[0]['adr_one_countryname'];
! $tel = $address[0]['tel_work'];
! $email = $address[0]['email'];
}
else
{
! $company = $title .
$address[0]['n_given'] . ' ' . $address[0]['n_family'];
! $street = $address[0]['adr_two_street'];
! $city =
$address[0]['adr_two_locality'];
! $zip =
$address[0]['adr_two_postalcode'];
! $state = $address[0]['adr_two_region'];
! $country =
$address[0]['adr_two_countryname'];
! $tel = $address[0]['tel_home'];
! $email = $address[0]['email_home'];
}
--- 410,453 ----
);
! list($address) = $this->read_single_entry($id,$fields);
! foreach($address as $k => $val)
! {
! $address[$k] =
$GLOBALS['phpgw']->strip_html($val);
! }
! if ($address['title'])
{
! $title = $address['title'] . ' ';
}
if ($business)
{
! if ($address['org_name'])
{
! $company = $address['org_name'];
}
else
{
! $company = $title . $address['n_given']
. ' ' . $address['n_family'];
}
! $street = $address['adr_one_street'];
! $city = $address['adr_one_locality'];
! $zip =
$address['adr_one_postalcode'];
! $state = $address['adr_one_region'];
! $country =
$address['adr_one_countryname'];
! $tel = $address['tel_work'];
! $email = $address['email'];
}
else
{
! $company = $title . $address['n_given']
. ' ' . $address['n_family'];
! $street = $address['adr_two_street'];
! $city = $address['adr_two_locality'];
! $zip =
$address['adr_two_postalcode'];
! $state = $address['adr_two_region'];
! $country =
$address['adr_two_countryname'];
! $tel = $address['tel_home'];
! $email = $address['email_home'];
}
***************
*** 470,474 ****
$a .= $t->set_var('lang_fon',lang('phone number'));
$a .= $t->set_var('company',$company);
! $a .= $t->set_var('department',$address[0]['org_unit']);
$a .= $t->set_var('street',$street);
$a .= $t->set_var('city',$city);
--- 478,482 ----
$a .= $t->set_var('lang_fon',lang('phone number'));
$a .= $t->set_var('company',$company);
! $a .= $t->set_var('department',$address['org_unit']);
$a .= $t->set_var('street',$street);
$a .= $t->set_var('city',$city);
***************
*** 477,482 ****
$a .= $t->set_var('email',$email);
$a .= $t->set_var('tel',$tel);
! $a .= $t->set_var('fax',$address[0]['tel_fax']);
! $a .= $t->set_var('url',$address[0]['url']);
if ($country !=
$GLOBALS['phpgw_info']['user']['preferences']['common']['country'])
--- 485,490 ----
$a .= $t->set_var('email',$email);
$a .= $t->set_var('tel',$tel);
! $a .= $t->set_var('fax',$address['tel_fax']);
! $a .= $t->set_var('url',$address['url']);
if ($country !=
$GLOBALS['phpgw_info']['user']['preferences']['common']['country'])
***************
*** 513,548 ****
);
! $address = $this->read_single_entry($id,$fields);
! if ($address[0]['title'])
{
! $title = $address[0]['title'] . ' ';
}
if ($business)
{
! if ($address[0]['org_name'])
{
! $company = $address[0]['org_name'];
}
else
{
! $company = $title .
$address[0]['n_given'] . ' ' . $address[0]['n_family'];
}
! $street = $address[0]['adr_one_street'];
! $city = $address[0]['adr_one_locality'];
! $zip = $address[0]['adr_one_postalcode'];
! $state = $address[0]['adr_one_region'];
! $country = $address[0]['adr_one_countryname'];
}
else
{
! $company = $title . $address[0]['n_given'] .
' ' . $address[0]['n_family'];
! $street = $address[0]['adr_two_street'];
! $city = $address[0]['adr_two_locality'];
! $zip = $address[0]['adr_two_postalcode'];
! $state = $address[0]['adr_two_region'];
! $country = $address[0]['adr_two_countryname'];
}
--- 521,560 ----
);
! list($address) = $this->read_single_entry($id,$fields);
! foreach($address as $k => $val)
! {
! $address[$k] =
$GLOBALS['phpgw']->strip_html($val);
! }
! if ($address['title'])
{
! $title = $address['title'] . ' ';
}
if ($business)
{
! if ($address['org_name'])
{
! $company = $address['org_name'];
}
else
{
! $company = $title . $address['n_given']
. ' ' . $address['n_family'];
}
! $street = $address['adr_one_street'];
! $city = $address['adr_one_locality'];
! $zip = $address['adr_one_postalcode'];
! $state = $address['adr_one_region'];
! $country = $address['adr_one_countryname'];
}
else
{
! $company = $title . $address['n_given'] .
' ' . $address['n_family'];
! $street = $address['adr_two_street'];
! $city = $address['adr_two_locality'];
! $zip = $address['adr_two_postalcode'];
! $state = $address['adr_two_region'];
! $country = $address['adr_two_countryname'];
}
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] CVS: phpgwapi/inc class.contacts_shared.inc.php,1.9.2.2,1.9.2.3,
Ralf Becker <address@hidden> <=