diff --git a/core/trunk/core/class/class_core_tools.php b/core/trunk/core/class/class_core_tools.php
index 4da7ca8a5bc32eb93be713ca89c4101dfd350e3b..8de53656d6235cb6cb3636b335253652490c5d9c 100644
--- a/core/trunk/core/class/class_core_tools.php
+++ b/core/trunk/core/class/class_core_tools.php
@@ -482,7 +482,7 @@ class core_tools extends functions
$tmp = htmlentities ( $tmp,ENT_COMPAT, 'UTF-8', true); // Encodes
?>
<li onmouseover="this.className='on';" onmouseout="this.className='';">
- <a href="#" onclick="window.open('<?php echo $tmp;?>', '<?php
+ <a href="#" onclick="window.open('<?php functions::xecho($tmp);?>', '<?php
if(isset($menu[$i]['target']) && $menu[$i]['target'] <> '') {
echo $menu[$i]['target'];
} else {
@@ -1123,7 +1123,7 @@ class core_tools extends functions
}
?>
- <input type="button" name="<?php echo $modules_services[$id_module][$i]['id'];?>" value="<?php echo $tmp;?>" onclick="window.open('<?php echo $_SESSION['config']['businessappurl'].'index.php?display=true&module='.$id_module."&page=".$modules_services[$id_module][$i]['servicepage'];?>', '<?php echo $modules_services[$id_module][$i]['id'];?>','width=<?php echo $modules_services[$id_module][$i]['whereamiused'][$k]['width'];?>,height=<?php echo $modules_services[$id_module][$i]['whereamiused'][$k]['height'];?>,scrollbars=yes,resizable=yes' );" class="button" /><br/>
+ <input type="button" name="<?php functions::xecho($modules_services[$id_module][$i]['id']);?>" value="<?php functions::xecho($tmp);?>" onclick="window.open('<?php echo $_SESSION['config']['businessappurl'].'index.php?display=true&module='.$id_module."&page=".$modules_services[$id_module][$i]['servicepage'];?>', '<?php functions::xecho($modules_services[$id_module][$i]['id']);?>','width=<?php functions::xecho($modules_services[$id_module][$i]['whereamiused'][$k]['width']);?>,height=<?php functions::xecho($modules_services[$id_module][$i]['whereamiused'][$k]['height']);?>,scrollbars=yes,resizable=yes' );" class="button" /><br/>
<?php
break;
} else if ($modules_services[$id_module][$i]['whereamiused'][$k]['nature'] == "include"
@@ -1313,7 +1313,7 @@ class core_tools extends functions
$tmp = constant($tmp);
}
?>
- <input type="button" name="<?php echo $modules_services[$value][$iService]['id'];?>" value="<?php echo $tmp;?>" onclick="window.open('<?php echo $_SESSION['config']['businessappurl'].'index.php?display=true&module='.$iServiced_module."&page=".$modules_services[$iServiced_module][$iService]['servicepage'];?>', '<?php echo $modules_services[$value][$iService]['id'];?>','width=<?php echo $modules_services[$value][$iService]['whereamiused'][$k]['width'];?>,height=<?php echo $modules_services[$value][$iService]['whereamiused'][$k]['height'];?>,scrollbars=yes,resizable=yes' );" class="button" /><br/>
+ <input type="button" name="<?php functions::xecho($modules_services[$value][$iService]['id']);?>" value="<?php functions::xecho($tmp);?>" onclick="window.open('<?php echo $_SESSION['config']['businessappurl'].'index.php?display=true&module='.$iServiced_module."&page=".$modules_services[$iServiced_module][$iService]['servicepage'];?>', '<?php functions::xecho($modules_services[$value][$iService]['id']);?>','width=<?php functions::xecho($modules_services[$value][$iService]['whereamiused'][$k]['width']);?>,height=<?php functions::xecho($modules_services[$value][$iService]['whereamiused'][$k]['height']);?>,scrollbars=yes,resizable=yes' );" class="button" /><br/>
<?php
} else if ( isset($_SESSION['user']['services'][$modules_services[$value][$iService]['id']])
&& $modules_services[$value][$iService]['whereamiused'][$k]['nature'] == "include"
@@ -1346,8 +1346,8 @@ class core_tools extends functions
if ($u == 1) {
?>
<td class="indexingtab">
- <a href="javascript://" onclick="opentab('myframe', '<?php echo $tab_view[$u]['frame_src'];?>');">
- <?php echo $tab_view[$u]['tab_label'];?>
+ <a href="javascript://" onclick="opentab('myframe', '<?php functions::xecho($tab_view[$u]['frame_src']);?>');">
+ <?php functions::xecho($tab_view[$u]['tab_label']);?>
</a>
<?php
$_SESSION['first_tab_to_open'] = $tab_view[$u]['frame_src'];
@@ -1357,8 +1357,8 @@ class core_tools extends functions
} else {
?>
<td class="indexingtab">
- <a href="javascript://" onclick="opentab('myframe', '<?php echo $tab_view[$u]['frame_src'];?>');">
- <?php echo $tab_view[$u]['tab_label'];?>
+ <a href="javascript://" onclick="opentab('myframe', '<?php functions::xecho($tab_view[$u]['frame_src']);?>');">
+ <?php functions::xecho($tab_view[$u]['tab_label']);?>
</a>
</td>
<?php
@@ -1396,7 +1396,7 @@ class core_tools extends functions
$appServices[$i]['id']
);
?>
- <iframe src='<?php echo $_SESSION['config']['businessappurl'].'index.php?display=true&page='.$appServices[$i]['servicepage'];?>' name="<?php $appServices[$i]['id'];?>" id="<?php $appServices[$i]['id'];?>" width='<?php echo $appServices[$i]['whereamiused'][$k]['width'];?>' height='<?php echo $appServices[$i]['whereamiused'][$k]['height'];?>' frameborder='<?php echo $appServices[$i]['whereamiused'][$k]['border'];?>' scrolling='<?php echo $appServices[$i]['whereamiused'][$k]['scrolling'];?>'></iframe>
+ <iframe src='<?php echo $_SESSION['config']['businessappurl'].'index.php?display=true&page='.$appServices[$i]['servicepage'];?>' name="<?php $appServices[$i]['id'];?>" id="<?php $appServices[$i]['id'];?>" width='<?php functions::xecho($appServices[$i]['whereamiused'][$k]['width']);?>' height='<?php functions::xecho($appServices[$i]['whereamiused'][$k]['height']);?>' frameborder='<?php functions::xecho($appServices[$i]['whereamiused'][$k]['border']);?>' scrolling='<?php functions::xecho($appServices[$i]['whereamiused'][$k]['scrolling']);?>'></iframe>
<?php
} else if ($appServices[$i]['whereamiused'][$k]['nature'] == "popup"
&& $_SESSION['user']['services'][$appServices[$i]['id']]
@@ -1433,7 +1433,7 @@ class core_tools extends functions
$tmp = constant($tmp);
}
?>
- <input type="button" name="<?php echo $appServices[$i]['id'];?>" value="<?php echo $tmp;?>" onclick="window.open('<?php echo $_SESSION['config']['businessappurl'].'index.php?display=true&page='.$appServices[$i]['servicepage'];?>', '<?php echo $appServices[$i]['id'];?>','width=<?php echo $appServices[$i]['whereamiused'][$k]['width'];?>,height=<?php echo $appServices[$i]['whereamiused'][$k]['height'];?>,scrollbars=yes,resizable=yes' );" class="button" /><br/>
+ <input type="button" name="<?php functions::xecho($appServices[$i]['id']);?>" value="<?php functions::xecho($tmp);?>" onclick="window.open('<?php echo $_SESSION['config']['businessappurl'].'index.php?display=true&page='.$appServices[$i]['servicepage'];?>', '<?php functions::xecho($appServices[$i]['id']);?>','width=<?php functions::xecho($appServices[$i]['whereamiused'][$k]['width']);?>,height=<?php functions::xecho($appServices[$i]['whereamiused'][$k]['height']);?>,scrollbars=yes,resizable=yes' );" class="button" /><br/>
<?php
} else if ($appServices[$i]['whereamiused'][$k]['nature'] == "include"
&& isset($_SESSION['user']['services'][$appServices[$i]['id']])
@@ -1488,7 +1488,7 @@ class core_tools extends functions
/*<?xml version="1.0" encoding="UTF-8"?>*/
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo $_SESSION['config']['lang'];?>" lang="<?php echo $_SESSION['config']['lang'];?>">
+ <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php functions::xecho($_SESSION['config']['lang']);?>" lang="<?php functions::xecho($_SESSION['config']['lang']);?>">
<?php
}
@@ -1505,9 +1505,9 @@ class core_tools extends functions
}
?>
<head>
- <title><?php echo $title;?></title>
+ <title><?php functions::xecho($title);?></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
- <meta http-equiv="Content-Language" content="<?php echo $_SESSION['config']['lang'];?>" />
+ <meta http-equiv="Content-Language" content="<?php functions::xecho($_SESSION['config']['lang']);?>" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<link rel="icon" type="image/png" href="<?php echo $_SESSION['config']['businessappurl'];?>static.php?filename=favicon.png"/>
<link href="index.php?display&page=generate_search_xml" title="Maarch <?php
@@ -2249,7 +2249,7 @@ class core_tools extends functions
}
?>
<head>
- <title><?php echo $title;?></title>
+ <title><?php functions::xecho($title);?></title>
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-touch-fullscreen" content="yes">
<link rel="apple-touch-icon" href="img/board.png">
diff --git a/core/trunk/core/class/class_functions.php b/core/trunk/core/class/class_functions.php
index 7e03759b43251c53ab618a8fc0aab1d6dae50051..6140d37fe04ee53c132cae1a29412d47f826d04c 100644
--- a/core/trunk/core/class/class_functions.php
+++ b/core/trunk/core/class/class_functions.php
@@ -517,8 +517,8 @@ class functions
if(bar != null)
{
var link1 = document.createElement("a");
- link1.href='<?php echo $_SESSION['location_bar']['level1']['path'];?>';
- var label1 = document.createTextNode("<?php echo $_SESSION['location_bar']['level1']['label'];?>");
+ link1.href='<?php functions::xecho($_SESSION['location_bar']['level1']['path']);?>';
+ var label1 = document.createTextNode("<?php functions::xecho($_SESSION['location_bar']['level1']['label']);?>");
link1.appendChild(label1);
bar.appendChild(link1);
}
@@ -533,11 +533,11 @@ class functions
if(bar != null)
{
var link1 = document.createElement("a");
- link1.href='<?php echo $_SESSION['location_bar']['level1']['path'];?>';
- var label1 = document.createTextNode("<?php echo $_SESSION['location_bar']['level1']['label'];?>");
+ link1.href='<?php functions::xecho($_SESSION['location_bar']['level1']['path']);?>';
+ var label1 = document.createTextNode("<?php functions::xecho($_SESSION['location_bar']['level1']['label']);?>");
link1.appendChild(label1);
bar.appendChild(link1);
- var text1 = document.createTextNode(" > <?php echo $_SESSION['location_bar']['level2']['label'];?>");
+ var text1 = document.createTextNode(" > <?php functions::xecho($_SESSION['location_bar']['level2']['label']);?>");
bar.appendChild(text1);
}
</script><?php
@@ -552,19 +552,19 @@ class functions
{
var link1 = document.createElement("a");
//link1.href='<?php echo preg_replace("/(&(?!amp;))/", "&",$_SESSION['location_bar']['level1']['path']);?>';
- link1.href='<?php echo $_SESSION['location_bar']['level1']['path'];?>';
- var label1 = document.createTextNode("<?php echo $_SESSION['location_bar']['level1']['label'];?>");
+ link1.href='<?php functions::xecho($_SESSION['location_bar']['level1']['path']);?>';
+ var label1 = document.createTextNode("<?php functions::xecho($_SESSION['location_bar']['level1']['label']);?>");
link1.appendChild(label1);
bar.appendChild(link1);
var text1 = document.createTextNode(" > ");
bar.appendChild(text1);
var link2 = document.createElement("a");
//link2.href='<?php echo preg_replace("/(&(?!amp;))/", "&",$_SESSION['location_bar']['level2']['path']);?>';
- link2.href='<?php echo $_SESSION['location_bar']['level2']['path'];?>';
- var label2 = document.createTextNode("<?php echo $_SESSION['location_bar']['level2']['label'];?>");
+ link2.href='<?php functions::xecho($_SESSION['location_bar']['level2']['path']);?>';
+ var label2 = document.createTextNode("<?php functions::xecho($_SESSION['location_bar']['level2']['label']);?>");
link2.appendChild(label2);
bar.appendChild(link2);
- var text2 = document.createTextNode(" > <?php echo $_SESSION['location_bar']['level3']['label'];?>");
+ var text2 = document.createTextNode(" > <?php functions::xecho($_SESSION['location_bar']['level3']['label']);?>");
bar.appendChild(text2);
}
</script><?php
@@ -577,27 +577,27 @@ class functions
{
var link1 = document.createElement("a");
//link1.href='<?php echo preg_replace("/(&(?!amp;))/", "&",$_SESSION['location_bar']['level1']['path']);?>';
- link1.href='<?php echo $_SESSION['location_bar']['level1']['path'];?>';
- var label1 = document.createTextNode("<?php echo $_SESSION['location_bar']['level1']['label'];?>");
+ link1.href='<?php functions::xecho($_SESSION['location_bar']['level1']['path']);?>';
+ var label1 = document.createTextNode("<?php functions::xecho($_SESSION['location_bar']['level1']['label']);?>");
link1.appendChild(label1);
bar.appendChild(link1);
var text1 = document.createTextNode(" > ");
bar.appendChild(text1);
var link2 = document.createElement("a");
// link2.href='<?php echo preg_replace("/(&(?!amp;))/", "&",$_SESSION['location_bar']['level2']['path']);?>';
- link2.href='<?php echo $_SESSION['location_bar']['level2']['path'];?>';
- var label2 = document.createTextNode("<?php echo $_SESSION['location_bar']['level2']['label'];?>");
+ link2.href='<?php functions::xecho($_SESSION['location_bar']['level2']['path']);?>';
+ var label2 = document.createTextNode("<?php functions::xecho($_SESSION['location_bar']['level2']['label']);?>");
link2.appendChild(label2);
bar.appendChild(link2);
var text2 = document.createTextNode(" > ");
bar.appendChild(text2);
var link3 = document.createElement("a");
//link3.href='<?php echo preg_replace("/(&(?!amp;))/", "&",$_SESSION['location_bar']['level3']['path']);?>';
- link3.href='<?php echo $_SESSION['location_bar']['level3']['path'];?>';
- var label3 = document.createTextNode("<?php echo $_SESSION['location_bar']['level3']['label'];?>");
+ link3.href='<?php functions::xecho($_SESSION['location_bar']['level3']['path']);?>';
+ var label3 = document.createTextNode("<?php functions::xecho($_SESSION['location_bar']['level3']['label']);?>");
link3.appendChild(label3);
bar.appendChild(link3);
- var text3 = document.createTextNode(" > <?php echo $_SESSION['location_bar']['level4']['label'];?>");
+ var text3 = document.createTextNode(" > <?php functions::xecho($_SESSION['location_bar']['level4']['label']);?>");
bar.appendChild(text3);
}
</script><?php
@@ -714,7 +714,7 @@ class functions
<p> </p>
<p> </p>
<p> </p>
- <?php echo $message;
+ <?php functions::xecho($message);
if ($type <> '')
{
echo '</div>';
@@ -1322,8 +1322,15 @@ class functions
*/
static function xssafe($data, $encoding='UTF-8')
{
- if (!is_array($data)) {
+ if (
+ !is_array($data)
+ && !strstr($data, 'index.php')
+ && !strstr($data, 'static.php')
+ && !strstr($data, 'http')
+ ) {
return htmlspecialchars($data, ENT_QUOTES | ENT_HTML401, $encoding);
+ } else {
+ return $data;
}
}
diff --git a/core/trunk/install/view/error_view.php b/core/trunk/install/view/error_view.php
index 34421854ec036313854dad373993707678935082..819ee75cd6787f6dfc4100d3720e8d703fe3700d 100755
--- a/core/trunk/install/view/error_view.php
+++ b/core/trunk/install/view/error_view.php
@@ -36,7 +36,7 @@
</div>
<div class="contentBlock" id="infosError">
<p>
- <?php echo $infosError;?>
+ <?php functions::xecho($infosError);?>
</p>
</div>
</div>
diff --git a/core/trunk/install/view/includes/header.php b/core/trunk/install/view/includes/header.php
index 50c6d0322016ab85ef65505aa82a2a037ac24bc5..59dd7b0212219db3f64274b5aafb29e840aaa3ea 100755
--- a/core/trunk/install/view/includes/header.php
+++ b/core/trunk/install/view/includes/header.php
@@ -30,7 +30,7 @@
?>
<div class="headerName">
<h2>
- <?php echo $shortTitle;?>
+ <?php functions::xecho($shortTitle);?>
</h2>
</div>
<div class="logo">
diff --git a/core/trunk/install/view/licence_view.php b/core/trunk/install/view/licence_view.php
index ae36096a9dfc6257eb1d2c3bc5a603f54fc4092f..574e72f9111be6722a3263afcfc97d654a7e3476 100755
--- a/core/trunk/install/view/licence_view.php
+++ b/core/trunk/install/view/licence_view.php
@@ -39,7 +39,7 @@
<div align="center">
<div id="licenceOverflow" style="min-height: 131px; width: 880px; overflow: auto; background-color: rgba(255, 255, 255, 0.6);">
<br />
- <?php echo $txtLicence;?>
+ <?php functions::xecho($txtLicence);?>
<br />
</div>
</div>
diff --git a/core/trunk/install/view/principal_view.php b/core/trunk/install/view/principal_view.php
index 35005310f4f7b519e37d3bdee21aac2bba22d353..ae63ba2e2724e9c3e07a3d358bfe37068c8e826e 100755
--- a/core/trunk/install/view/principal_view.php
+++ b/core/trunk/install/view/principal_view.php
@@ -32,8 +32,8 @@
<html>
<head>
<meta charset="UTF-8">
- <meta http-equiv="Content-Language" content="<?php echo $Class_Install->getActualLang();?>" />
- <title>Maarch > <?php echo $longTitle;?></title>
+ <meta http-equiv="Content-Language" content="<?php functions::xecho($Class_Install->getActualLang());?>" />
+ <title>Maarch > <?php functions::xecho($longTitle);?></title>
<link rel="stylesheet" href="css/merged_css.css" />
<script src="js/merged_js.js"></script>
</head>