github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-14 18:49:21 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix some XSS.

Browse source
This commit is contained in:
Sergio 2019-04-21 02:18:24 +02:00
commit 7226a8991f
4 changed files with 9 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

4
web/templates/user/list_mail_acc.html
View file

@ -88,11 +88,11 @@ sort-star="<? if($_SESSION['favourites']['MAIL_ACC'][$key."@".$_GET['domain']] =
<!-- l-unit-toolbar__col -->
<div class="l-unit-toolbar__col l-unit-toolbar__col--right noselect">
<div class="actions-panel clearfix">
<div class="actions-panel__col actions-panel__edit shortcut-enter" key-action="href"><a href="/edit/mail/?domain=<?=$_GET['domain']?>&account=<?=$key?>"><?=__('edit')?> <i></i></a><span class="shortcut enter">&nbsp;&#8629;</span></div>
<div class="actions-panel__col actions-panel__edit shortcut-enter" key-action="href"><a href="/edit/mail/?domain=<?=htmlspecialchars($_GET['domain'])?>&account=<?=$key?>"><?=__('edit')?> <i></i></a><span class="shortcut enter">&nbsp;&#8629;</span></div>
<div class="actions-panel__col actions-panel__delete shortcut-delete" key-action="js">
<a id="delete_link_<?=$i?>" class="data-controls do_delete">
<?=__('delete')?> <i class="do_delete"></i>
<input type="hidden" name="delete_url" value="/delete/mail/?domain=<?=$_GET['domain']?>&account=<?=$key?>&token=<?=$_SESSION['token']?>" />
<input type="hidden" name="delete_url" value="/delete/mail/?domain=<?=htmlspecialchars($_GET['domain'])?>&account=<?=$key?>&token=<?=$_SESSION['token']?>" />
<div id="delete_dialog_<?=$i?>" class="confirmation-text-delete hidden" title="<?=__('Confirmation')?>">
<p class="confirmation"><?=__('DELETE_MAIL_ACCOUNT_CONFIRMATION',$key)?></p>
</div>