Mirrors
/
postfixadmin
mirror of https://github.com/postfixadmin/postfixadmin.git
3
0
Fork 0
Code Releases Activity
PostfixAdmin - web based virtual user administration interface for Postfix mail servers https://postfixadmin.github.io/postfixadmin/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
815 Commits
12 Branches
66 Tags
21 MiB
Tree: 62eee67aee
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '62eee67aee'
${ noResults }
postfixadmin/smarty.inc.php

94 lines
3.4 KiB
Raw Normal View History

- add <?php tags. git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@760 a1433add-5e2c-0410-b055-b7f2511e0802
16 years ago
- big merge of Postfixadmin smarty into trunk git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@757 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago
extend the Smarty class so when assigning data to it, it is automatically escaped (unless specified otherwise with a 3rd parameter (false) in the assign function call). This will probably cause some breakage esp where translations have html embedded within them - however i would rather this were the case than the application be vulnerable to XSS git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@782 a1433add-5e2c-0410-b055-b7f2511e0802
16 years ago
remove strict standards issue with redefinition of smarty::assign() with different parameters than parent class; ideally I should not put the __get/__set/__call methods in here as living without them would reduce our dependency on smarty, but meh (PFASmarty should stil appear and BEHAVE like a Smarty object, it just technically is not one - it is just using one git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@949 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
smarty.inc.php: interface cleanup etc. - move initialisation of $smarty->template_dir, compile_dir and config_dir into __construct() of PFASmarty class - remove usage of /tmp/postfixadmin_templates_c/ to avoid security risks (symlink attacks etc.) - remove __set, __get and __call from PFASmarty class to ensure we have a clearly documented interface to the template layer - whitespace changes (mostly in select_options()) - added vim: line See also the discussion about the r949 commit in postfixadmin-devel for details. git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@957 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
smarty.inc.php: - use correct variable name instead of $smarty in __construct() - everything else in this commit: whitespace changes git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@964 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
smarty.inc.php: interface cleanup etc. - move initialisation of $smarty->template_dir, compile_dir and config_dir into __construct() of PFASmarty class - remove usage of /tmp/postfixadmin_templates_c/ to avoid security risks (symlink attacks etc.) - remove __set, __get and __call from PFASmarty class to ensure we have a clearly documented interface to the template layer - whitespace changes (mostly in select_options()) - added vim: line See also the discussion about the r949 commit in postfixadmin-devel for details. git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@957 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
smarty.inc.php: - use correct variable name instead of $smarty in __construct() - everything else in this commit: whitespace changes git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@964 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
smarty.inc.php: - set $this->template->allow_php_tag = true instead of editing smarty/libs/Smarty.class.php after every smarty upgrade added smarty/smarty_version with: - a note about the current smarty version - a note about additional files not part of the smarty package git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@973 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
remove strict standards issue with redefinition of smarty::assign() with different parameters than parent class; ideally I should not put the __get/__set/__call methods in here as living without them would reduce our dependency on smarty, but meh (PFASmarty should stil appear and BEHAVE like a Smarty object, it just technically is not one - it is just using one git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@949 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
extend the Smarty class so when assigning data to it, it is automatically escaped (unless specified otherwise with a 3rd parameter (false) in the assign function call). This will probably cause some breakage esp where translations have html embedded within them - however i would rather this were the case than the application be vulnerable to XSS git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@782 a1433add-5e2c-0410-b055-b7f2511e0802
16 years ago
remove strict standards issue with redefinition of smarty::assign() with different parameters than parent class; ideally I should not put the __get/__set/__call methods in here as living without them would reduce our dependency on smarty, but meh (PFASmarty should stil appear and BEHAVE like a Smarty object, it just technically is not one - it is just using one git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@949 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
extend the Smarty class so when assigning data to it, it is automatically escaped (unless specified otherwise with a 3rd parameter (false) in the assign function call). This will probably cause some breakage esp where translations have html embedded within them - however i would rather this were the case than the application be vulnerable to XSS git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@782 a1433add-5e2c-0410-b055-b7f2511e0802
16 years ago
remove strict standards issue with redefinition of smarty::assign() with different parameters than parent class; ideally I should not put the __get/__set/__call methods in here as living without them would reduce our dependency on smarty, but meh (PFASmarty should stil appear and BEHAVE like a Smarty object, it just technically is not one - it is just using one git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@949 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
extend the Smarty class so when assigning data to it, it is automatically escaped (unless specified otherwise with a 3rd parameter (false) in the assign function call). This will probably cause some breakage esp where translations have html embedded within them - however i would rather this were the case than the application be vulnerable to XSS git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@782 a1433add-5e2c-0410-b055-b7f2511e0802
16 years ago
remove strict standards issue with redefinition of smarty::assign() with different parameters than parent class; ideally I should not put the __get/__set/__call methods in here as living without them would reduce our dependency on smarty, but meh (PFASmarty should stil appear and BEHAVE like a Smarty object, it just technically is not one - it is just using one git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@949 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
extend the Smarty class so when assigning data to it, it is automatically escaped (unless specified otherwise with a 3rd parameter (false) in the assign function call). This will probably cause some breakage esp where translations have html embedded within them - however i would rather this were the case than the application be vulnerable to XSS git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@782 a1433add-5e2c-0410-b055-b7f2511e0802
16 years ago
list-virtual.php: - hand over $search to smarty templates templates/list-virtual_alias.tpl, templates/list-virtual_alias_domain.tpl: - add search result highlighting templates/list-virtual_mailbox.tpl: - add search result highlighting - move output of "Mailbox" / "Forward only" outside the foreach loop (was displayed once per mailbox alias target) css/default.css: - add style for ".searchresult" git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@868 a1433add-5e2c-0410-b055-b7f2511e0802
16 years ago
extend the Smarty class so when assigning data to it, it is automatically escaped (unless specified otherwise with a 3rd parameter (false) in the assign function call). This will probably cause some breakage esp where translations have html embedded within them - however i would rather this were the case than the application be vulnerable to XSS git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@782 a1433add-5e2c-0410-b055-b7f2511e0802
16 years ago
- big merge of Postfixadmin smarty into trunk git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@757 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago
smarty.inc.php: interface cleanup etc. - move initialisation of $smarty->template_dir, compile_dir and config_dir into __construct() of PFASmarty class - remove usage of /tmp/postfixadmin_templates_c/ to avoid security risks (symlink attacks etc.) - remove __set, __get and __call from PFASmarty class to ensure we have a clearly documented interface to the template layer - whitespace changes (mostly in select_options()) - added vim: line See also the discussion about the r949 commit in postfixadmin-devel for details. git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@957 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
- big merge of Postfixadmin smarty into trunk git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@757 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago
remove strict standards issue with redefinition of smarty::assign() with different parameters than parent class; ideally I should not put the __get/__set/__call methods in here as living without them would reduce our dependency on smarty, but meh (PFASmarty should stil appear and BEHAVE like a Smarty object, it just technically is not one - it is just using one git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@949 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
- big merge of Postfixadmin smarty into trunk git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@757 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago
smarty.inc.php: - use correct variable name instead of $smarty in __construct() - everything else in this commit: whitespace changes git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@964 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
smarty.inc.php: interface cleanup etc. - move initialisation of $smarty->template_dir, compile_dir and config_dir into __construct() of PFASmarty class - remove usage of /tmp/postfixadmin_templates_c/ to avoid security risks (symlink attacks etc.) - remove __set, __get and __call from PFASmarty class to ensure we have a clearly documented interface to the template layer - whitespace changes (mostly in select_options()) - added vim: line See also the discussion about the r949 commit in postfixadmin-devel for details. git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@957 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
smarty.inc.php: - use correct variable name instead of $smarty in __construct() - everything else in this commit: whitespace changes git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@964 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
smarty.inc.php: interface cleanup etc. - move initialisation of $smarty->template_dir, compile_dir and config_dir into __construct() of PFASmarty class - remove usage of /tmp/postfixadmin_templates_c/ to avoid security risks (symlink attacks etc.) - remove __set, __get and __call from PFASmarty class to ensure we have a clearly documented interface to the template layer - whitespace changes (mostly in select_options()) - added vim: line See also the discussion about the r949 commit in postfixadmin-devel for details. git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@957 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
- big merge of Postfixadmin smarty into trunk git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@757 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago
remove strict standards issue with redefinition of smarty::assign() with different parameters than parent class; ideally I should not put the __get/__set/__call methods in here as living without them would reduce our dependency on smarty, but meh (PFASmarty should stil appear and BEHAVE like a Smarty object, it just technically is not one - it is just using one git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@949 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
extend the Smarty class so when assigning data to it, it is automatically escaped (unless specified otherwise with a 3rd parameter (false) in the assign function call). This will probably cause some breakage esp where translations have html embedded within them - however i would rather this were the case than the application be vulnerable to XSS git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@782 a1433add-5e2c-0410-b055-b7f2511e0802
16 years ago
- small fix to smarty.inc.php. Really use our compile and templates directory - Fix in menu.tpl to honor "show fetchmail tab" git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@768 a1433add-5e2c-0410-b055-b7f2511e0802
16 years ago
smarty.inc.php: - use correct variable name instead of $smarty in __construct() - everything else in this commit: whitespace changes git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@964 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
smarty.inc.php: interface cleanup etc. - move initialisation of $smarty->template_dir, compile_dir and config_dir into __construct() of PFASmarty class - remove usage of /tmp/postfixadmin_templates_c/ to avoid security risks (symlink attacks etc.) - remove __set, __get and __call from PFASmarty class to ensure we have a clearly documented interface to the template layer - whitespace changes (mostly in select_options()) - added vim: line See also the discussion about the r949 commit in postfixadmin-devel for details. git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@957 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
smarty.inc.php: - use correct variable name instead of $smarty in __construct() - everything else in this commit: whitespace changes git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@964 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
smarty.inc.php: interface cleanup etc. - move initialisation of $smarty->template_dir, compile_dir and config_dir into __construct() of PFASmarty class - remove usage of /tmp/postfixadmin_templates_c/ to avoid security risks (symlink attacks etc.) - remove __set, __get and __call from PFASmarty class to ensure we have a clearly documented interface to the template layer - whitespace changes (mostly in select_options()) - added vim: line See also the discussion about the r949 commit in postfixadmin-devel for details. git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@957 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
- big merge of Postfixadmin smarty into trunk git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@757 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago
smarty.inc.php: - use correct variable name instead of $smarty in __construct() - everything else in this commit: whitespace changes git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@964 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
- big merge of Postfixadmin smarty into trunk git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@757 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago
smarty.inc.php: interface cleanup etc. - move initialisation of $smarty->template_dir, compile_dir and config_dir into __construct() of PFASmarty class - remove usage of /tmp/postfixadmin_templates_c/ to avoid security risks (symlink attacks etc.) - remove __set, __get and __call from PFASmarty class to ensure we have a clearly documented interface to the template layer - whitespace changes (mostly in select_options()) - added vim: line See also the discussion about the r949 commit in postfixadmin-devel for details. git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@957 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
- small fix to smarty.inc.php. Really use our compile and templates directory - Fix in menu.tpl to honor "show fetchmail tab" git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@768 a1433add-5e2c-0410-b055-b7f2511e0802
16 years ago
  1. <?php
  2. require_once ("$incpath/smarty/libs/Smarty.class.php");
  4. /**
  5. * Turn on sanitisation of all data by default so it's not possible for XSS flaws to occur in PFA
  6. */
  7. class PFASmarty {
  8. protected $template = null;
  9. public function __construct() {
  10. $this->template = new Smarty();
  12. //$this->template->debugging = true;
  13. $incpath = dirname(__FILE__);
  14. $this->template->template_dir = $incpath.'/templates';
  15. $this->template->compile_dir = $incpath.'/templates_c';
  16. $this->template->config_dir = $incpath.'/'.$this->template->config_dir;
  17. $this->template->allow_php_tag = true;
  18. }
  20. public function assign($key, $value, $sanitise = true) {
  21. if($sanitise == false) {
  22. return $this->template->assign($key, $value);
  23. }
  24. $clean = $this->sanitise($value);
  25. /* we won't run the key through sanitise() here... some might argue we should */
  26. return $this->template->assign($key, $clean);
  27. }
  29. public function display($template) {
  30. $this->template->display($template);
  31. }
  32. /**
  33. * Recursive cleaning of data, using htmlentities - this assumes we only ever output to HTML and we're outputting in UTF-8 charset
  34. *
  35. * @param mixed $data - array or primitive type; objects not supported.
  36. * @return mixed $data
  37. * */
  38. public function sanitise($data) {
  39. if(!is_array($data)) {
  40. return htmlentities($data, ENT_QUOTES, 'UTF-8', false);
  41. }
  42. if(is_array($data)) {
  43. $clean = array();
  44. foreach($data as $key => $value) {
  45. /* as this is a nested data structure it's more likely we'll output the key too (at least in my opinion, so we'll sanitise it too */
  46. $clean[$this->sanitise($key)] = $this->sanitise($value);
  47. }
  48. return $clean;
  49. }
  50. }
  51. }
  52. $smarty = new PFASmarty();
  54. $CONF['theme_css'] = $CONF['postfix_admin_url'].'/'.htmlentities($CONF['theme_css']);
  55. $CONF['theme_logo'] = $CONF['postfix_admin_url'].'/'.htmlentities($CONF['theme_logo']);
  57. $smarty->assign ('CONF', $CONF);
  58. $smarty->assign ('PALANG', $PALANG);
  59. $smarty->assign('url_domain', '');
  60. //*** footer.tpl
  61. $smarty->assign ('version', $version);
  63. //*** menu.tpl
  64. $smarty->assign ('boolconf_alias_domain', boolconf('alias_domain'));
  65. $smarty->assign ('authentication_has_role', array ('global_admin' => authentication_has_role ('global-admin'), 'admin' => authentication_has_role ('admin'), 'user' => authentication_has_role ('user')));
  67. if (authentication_has_role('global-admin')) {
  68. $motd_file = "motd-admin.txt";
  69. } else {
  70. $motd_file = "motd.txt";
  71. }
  72. $smarty->assign('motd_file', '');
  73. if (file_exists ($CONF ['postfix_admin_path'].'/templates/'.$motd_file)) {
  74. $smarty->assign ('motd_file', $motd_file);
  75. }
  77. function select_options($aValues, $aSelected) {
  78. $ret_val = '';
  79. foreach ($aValues as $val) {
  80. $ret_val .= '<option value="'.$val.'"';
  81. if (in_array ($val, $aSelected))
  82. $ret_val .= ' selected="selected"';
  83. $ret_val .= '>'.$val.'</option>';
  84. }
  85. return $ret_val;
  86. }
  87. function eval_size ($aSize) {
  88. if ($aSize == 0) {$ret_val = $GLOBALS ['PALANG']['pOverview_unlimited']; }
  89. elseif ($aSize < 0) {$ret_val = $GLOBALS ['PALANG']['pOverview_disabled']; }
  90. else {$ret_val = $aSize; }
  91. return $ret_val;
  92. }
  93. /* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
  94. ?>