From 7226a8991f7908825c869f78231107370cb05b21 Mon Sep 17 00:00:00 2001
From: Sergio <nadalcastalla@gmail.com>
Date: Sun, 21 Apr 2019 02:18:24 +0200
Subject: [PATCH] Fix some XSS.

---
 web/list/directory/index.php           | 4 ++--
 web/templates/admin/list_dns_rec.html  | 4 ++--
 web/templates/admin/list_mail_acc.html | 6 +++---
 web/templates/user/list_mail_acc.html  | 4 ++--
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/web/list/directory/index.php b/web/list/directory/index.php
index 737e19db..12919b14 100644
--- a/web/list/directory/index.php
+++ b/web/list/directory/index.php
@@ -24,8 +24,8 @@ if (empty($panel)) {
     $panel = json_decode(implode('', $output), true);
 }
 
-$path_a = !empty($_REQUEST['dir_a']) ? $_REQUEST['dir_a'] : '';
-$path_b = !empty($_REQUEST['dir_b']) ? $_REQUEST['dir_b'] : '';
+$path_a = !empty($_REQUEST['dir_a']) ? htmlentities($_REQUEST['dir_a']) : '';
+$path_b = !empty($_REQUEST['dir_b']) ? htmlentities($_REQUEST['dir_b']) : '';
 $GLOBAL_JS  = '<script type="text/javascript">GLOBAL.START_DIR_A = "' . $path_a . '";</script>';
 $GLOBAL_JS .= '<script type="text/javascript">GLOBAL.START_DIR_B = "' . $path_b . '";</script>';
 $GLOBAL_JS .= '<script type="text/javascript">GLOBAL.ROOT_DIR = "' . $panel[$user]['HOME'] . '";</script>';
diff --git a/web/templates/admin/list_dns_rec.html b/web/templates/admin/list_dns_rec.html
index a74b8574..24f28103 100644
--- a/web/templates/admin/list_dns_rec.html
+++ b/web/templates/admin/list_dns_rec.html
@@ -74,11 +74,11 @@ v_unit_id="<?=$key?>" v_section="dns_rec">
           <!-- l-unit-toolbar__col -->
           <div class="l-unit-toolbar__col l-unit-toolbar__col--right noselect">
             <div class="actions-panel clearfix">
-              <div class="actions-panel__col actions-panel__edit shortcut-enter" key-action="href"><a href="/edit/dns/?domain=<?=$_GET['domain']?>&record_id=<?=$data[$key]['ID']?>"><?=__('edit')?> <i></i></a><span class="shortcut enter">&nbsp;&#8629;</span></div>
+              <div class="actions-panel__col actions-panel__edit shortcut-enter" key-action="href"><a href="/edit/dns/?domain=<?=htmlspecialchars($_GET['domain'])?>&record_id=<?=$data[$key]['ID']?>"><?=__('edit')?> <i></i></a><span class="shortcut enter">&nbsp;&#8629;</span></div>
               <div class="actions-panel__col actions-panel__delete shortcut-delete" key-action="js">
                 <a id="delete_link_<?=$i?>" class="data-controls do_delete">
                   <?=__('delete')?> <i class="do_delete"></i>
-                  <input type="hidden" name="delete_url" value="/delete/dns/?domain=<?=$_GET['domain']?>&record_id=<?=$data[$key]['ID']?>&token=<?=$_SESSION['token']?>" />
+                  <input type="hidden" name="delete_url" value="/delete/dns/?domain=<?=htmlspecialchars($_GET['domain'])?>&record_id=<?=$data[$key]['ID']?>&token=<?=$_SESSION['token']?>" />
                   <div id="delete_dialog_<?=$i?>" class="confirmation-text-delete hidden" title="<?=__('Confirmation')?>">
                     <p class="confirmation"><?=__('DELETE_RECORD_CONFIRMATION',$data[$key]['RECORD'])?></p>
                   </div>
diff --git a/web/templates/admin/list_mail_acc.html b/web/templates/admin/list_mail_acc.html
index 5433d732..13495ff6 100644
--- a/web/templates/admin/list_mail_acc.html
+++ b/web/templates/admin/list_mail_acc.html
@@ -90,11 +90,11 @@ sort-star="<? if($_SESSION['favourites']['MAIL_ACC'][$key."@".$_GET['domain']] =
           <!-- l-unit-toolbar__col -->
           <div class="l-unit-toolbar__col l-unit-toolbar__col--right noselect">
             <div class="actions-panel clearfix">
-              <div class="actions-panel__col actions-panel__edit shortcut-enter" key-action="href"><a href="/edit/mail/?domain=<?=$_GET['domain']?>&account=<?=$key?>"><?=__('edit')?> <i></i></a><span class="shortcut enter">&nbsp;&#8629;</span></div>
+              <div class="actions-panel__col actions-panel__edit shortcut-enter" key-action="href"><a href="/edit/mail/?domain=<?=htmlspecialchars($_GET['domain'])?>&account=<?=$key?>"><?=__('edit')?> <i></i></a><span class="shortcut enter">&nbsp;&#8629;</span></div>
               <div class="actions-panel__col actions-panel__suspend shortcut-s" key-action="js">
                 <a id="<?=$spnd_action ?>_link_<?=$i?>" class="data-controls do_<?=$spnd_action?>">
                   <?=__($spnd_action)?> <i class="do_<?=$spnd_action?>"></i>
-                  <input type="hidden" name="<?=$spnd_action?>_url" value="/<?=$spnd_action?>/mail/?domain=<?=$_GET['domain']?>&account=<?php echo $key ?>&token=<?=$_SESSION['token']?>" />
+                  <input type="hidden" name="<?=$spnd_action?>_url" value="/<?=$spnd_action?>/mail/?domain=<?=htmlspecialchars($_GET['domain'])?>&account=<?php echo $key ?>&token=<?=$_SESSION['token']?>" />
                   <div id="<?=$spnd_action?>_dialog_<?=$i?>" class="confirmation-text-suspention hidden" title="<?=__('Confirmation')?>">
                     <p class="confirmation"><?=__($spnd_confirmation,$key)?></p>
                   </div>
@@ -104,7 +104,7 @@ sort-star="<? if($_SESSION['favourites']['MAIL_ACC'][$key."@".$_GET['domain']] =
               <div class="actions-panel__col actions-panel__delete shortcut-delete" key-action="js">
                 <a id="delete_link_<?=$i?>" class="data-controls do_delete">
                   <?=__('delete')?> <i class="do_delete"></i>
-                  <input type="hidden" name="delete_url" value="/delete/mail/?domain=<?=$_GET['domain']?>&account=<?=$key?>&token=<?=$_SESSION['token']?>" />
+                  <input type="hidden" name="delete_url" value="/delete/mail/?domain=<?=htmlspecialchars($_GET['domain'])?>&account=<?=$key?>&token=<?=$_SESSION['token']?>" />
                   <div id="delete_dialog_<?=$i?>" class="confirmation-text-delete hidden" title="<?=__('Confirmation')?>">
                     <p class="confirmation"><?=__('DELETE_MAIL_ACCOUNT_CONFIRMATION',$key)?></p>
                   </div>
diff --git a/web/templates/user/list_mail_acc.html b/web/templates/user/list_mail_acc.html
index c7334fa1..8c5ef567 100644
--- a/web/templates/user/list_mail_acc.html
+++ b/web/templates/user/list_mail_acc.html
@@ -88,11 +88,11 @@ sort-star="<? if($_SESSION['favourites']['MAIL_ACC'][$key."@".$_GET['domain']] =
           <!-- l-unit-toolbar__col -->
           <div class="l-unit-toolbar__col l-unit-toolbar__col--right noselect">
             <div class="actions-panel clearfix">
-              <div class="actions-panel__col actions-panel__edit shortcut-enter" key-action="href"><a href="/edit/mail/?domain=<?=$_GET['domain']?>&account=<?=$key?>"><?=__('edit')?> <i></i></a><span class="shortcut enter">&nbsp;&#8629;</span></div>
+              <div class="actions-panel__col actions-panel__edit shortcut-enter" key-action="href"><a href="/edit/mail/?domain=<?=htmlspecialchars($_GET['domain'])?>&account=<?=$key?>"><?=__('edit')?> <i></i></a><span class="shortcut enter">&nbsp;&#8629;</span></div>
               <div class="actions-panel__col actions-panel__delete shortcut-delete" key-action="js">
                 <a id="delete_link_<?=$i?>" class="data-controls do_delete">
                   <?=__('delete')?> <i class="do_delete"></i>
-                  <input type="hidden" name="delete_url" value="/delete/mail/?domain=<?=$_GET['domain']?>&account=<?=$key?>&token=<?=$_SESSION['token']?>" />
+                  <input type="hidden" name="delete_url" value="/delete/mail/?domain=<?=htmlspecialchars($_GET['domain'])?>&account=<?=$key?>&token=<?=$_SESSION['token']?>" />
                   <div id="delete_dialog_<?=$i?>" class="confirmation-text-delete hidden" title="<?=__('Confirmation')?>">
                     <p class="confirmation"><?=__('DELETE_MAIL_ACCOUNT_CONFIRMATION',$key)?></p>
                   </div>