webapp/postfixadmin
1
0
Fork 0
mirror of https://github.com/postfixadmin/postfixadmin.git synced 2025-12-05 11:22:03 +03:00
Code Activity
Files
93676dd7fc495594e43f597f155fdfa72d9cee63
postfixadmin/smarty.inc.php
Christian Boltz 484e7a74f0 smarty.inc.php: 
- prefix $CONF['theme_custom_css'] with $CONF['postfix_admin_url']
  - difference to Dale's patch: only do this if $CONF[theme_custom_css]
    is not empty

This commit is part of the huge cleanup patch by Dale Blount (lnxus@SF),
https://sourceforge.net/tracker/?func=detail&atid=937966&aid=3370510&group_id=191583


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1097 a1433add-5e2c-0410-b055-b7f2511e0802
2011-07-19 22:22:23 +00:00

97 lines
3.5 KiB
PHP
Raw Blame History

<?php
require_once ("$incpath/smarty/libs/Smarty.class.php");
/**
* Turn on sanitisation of all data by default so it's not possible for XSS flaws to occur in PFA
*/
class PFASmarty {
protected $template = null;
public function __construct() {
$this->template = new Smarty();
//$this->template->debugging = true;
$incpath = dirname(__FILE__);
$this->template->template_dir = $incpath.'/templates';
$this->template->compile_dir = $incpath.'/templates_c';
$this->template->config_dir = $incpath.'/'.$this->template->config_dir;
$this->template->allow_php_tag = true;
}
public function assign($key, $value, $sanitise = true) {
if($sanitise == false) {
return $this->template->assign($key, $value);
}
$clean = $this->sanitise($value);
/* we won't run the key through sanitise() here... some might argue we should */
return $this->template->assign($key, $clean);
}
public function display($template) {
$this->template->display($template);
unset($_SESSION['flash']); # cleanup flash messages
}
/**
* Recursive cleaning of data, using htmlentities - this assumes we only ever output to HTML and we're outputting in UTF-8 charset
*
* @param mixed $data - array or primitive type; objects not supported.
* @return mixed $data
* */
public function sanitise($data) {
if(!is_array($data)) {
return htmlentities($data, ENT_QUOTES, 'UTF-8', false);
}
if(is_array($data)) {
$clean = array();
foreach($data as $key => $value) {
/* as this is a nested data structure it's more likely we'll output the key too (at least in my opinion, so we'll sanitise it too */
$clean[$this->sanitise($key)] = $this->sanitise($value);
}
return $clean;
}
}
}
$smarty = new PFASmarty();
$CONF['theme_css'] = $CONF['postfix_admin_url'].'/'.htmlentities($CONF['theme_css']);
if ($CONF['theme_custom_css'] != "") $CONF['theme_custom_css'] = $CONF['postfix_admin_url'].'/'.htmlentities($CONF['theme_custom_css']);
$CONF['theme_logo'] = $CONF['postfix_admin_url'].'/'.htmlentities($CONF['theme_logo']);
$smarty->assign ('CONF', $CONF);
$smarty->assign ('PALANG', $PALANG);
$smarty->assign('url_domain', '');
//*** footer.tpl
$smarty->assign ('version', $version);
//*** menu.tpl
$smarty->assign ('boolconf_alias_domain', boolconf('alias_domain'));
$smarty->assign ('authentication_has_role', array ('global_admin' => authentication_has_role ('global-admin'), 'admin' => authentication_has_role ('admin'), 'user' => authentication_has_role ('user')));
if (authentication_has_role('global-admin')) {
$motd_file = "motd-admin.txt";
} else {
$motd_file = "motd.txt";
}
$smarty->assign('motd_file', '');
if (file_exists ($incpath.'/templates/'.$motd_file)) {
$smarty->assign ('motd_file', $motd_file);
}
function select_options($aValues, $aSelected) {
$ret_val = '';
foreach ($aValues as $val) {
$ret_val .= '<option value="'.$val.'"';
if (in_array ($val, $aSelected))
$ret_val .= ' selected="selected"';
$ret_val .= '>'.$val.'</option>';
}
return $ret_val;
}
function eval_size ($aSize) {
if ($aSize == 0) {$ret_val = $GLOBALS ['PALANG']['pOverview_unlimited']; }
elseif ($aSize < 0) {$ret_val = $GLOBALS ['PALANG']['pOverview_disabled']; }
else {$ret_val = $aSize; }
return $ret_val;
}
/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
?>
View Git Blame Copy Permalink