lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-15 09:04:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

system: protect all JS with html_safe(); closes #1285

Browse Source
This commit is contained in:
Franco Fichtner 2016-11-30 16:01:39 +01:00
parent 235049b9ce
commit 85e4bef09a
1 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/www/system_usermanager.php
View File

@ -387,14 +387,14 @@ $( document ).ready(function() {
event.preventDefault();
BootstrapDialog.show({
type:BootstrapDialog.TYPE_DANGER,
title: "<?= gettext("Certificate");?>",
message: "<?=gettext("Do you really want to remove this certificate association?") .'\n'. gettext("(Certificate will not be deleted)");?>",
title: "<?= html_safe(gettext('Certificate')) ?>",
message: "<?= html_safe(gettext('Do you really want to remove this certificate association?')) .'\n'. html_safe(gettext('(Certificate will not be deleted)')) ?>",
buttons: [{
label: "<?= gettext("No");?>",
label: "<?= html_safe(gettext('No')) ?>",
action: function(dialogRef) {
dialogRef.close();
}}, {
label: "<?= gettext("Yes");?>",
label: "<?= html_safe(gettext('Yes')) ?>",
action: function(dialogRef) {
$("#certid").val(certid);
$("#act").val("delcert");
@ -411,14 +411,14 @@ $( document ).ready(function() {
event.preventDefault();
BootstrapDialog.show({
type:BootstrapDialog.TYPE_DANGER,
title: "<?= gettext("User");?>",
message: "<?=html_safe(gettext('Do you really want to delete this user?'));?>" + "<br/>("+username+")",
title: "<?= html_safe(gettext('User')) ?>",
message: "<?= html_safe(gettext('Do you really want to delete this user?')) ?>" + "<br/>("+username+")",
buttons: [{
label: "<?= gettext("No");?>",
label: "<?= html_safe(gettext('No')) ?>",
action: function(dialogRef) {
dialogRef.close();
}}, {
label: "<?= gettext("Yes");?>",
label: "<?= html_safe(gettext('Yes')) ?>",
action: function(dialogRef) {
$("#userid").val(userid);
$("#act2").val("deluser");
@ -438,7 +438,7 @@ $( document ).ready(function() {
url="system_usermanager_import_ldap.php";
var oWin = window.open(url,"OPNsense","width=620,height=400,top=150,left=150,scrollbars=yes");
if (oWin==null || typeof(oWin)=="undefined") {
alert("<?=gettext('Popup blocker detected. Action aborted.');?>");
alert("<?= html_safe(gettext('Popup blocker detected. Action aborted.')) ?>");
}
});
@ -472,14 +472,14 @@ $( document ).ready(function() {
var apiKey = $(this).data('key');
BootstrapDialog.show({
type:BootstrapDialog.TYPE_DANGER,
title: "<?= gettext("User");?>",
message: '<?=gettext("Do you really want to delete this API key?");?>' + '<br/><small>('+apiKey.substring(0,40)+"...)</small>",
title: "<?= html_safe(gettext('User')) ?>",
message: '<?= html_safe(gettext('Do you really want to delete this API key?')) ?>' + '<br/><small>('+apiKey.substring(0,40)+"...)</small>",
buttons: [{
label: "<?= gettext("No");?>",
label: "<?= html_safe(gettext('No')) ?>",
action: function(dialogRef) {
dialogRef.close();
}}, {
label: "<?= gettext("Yes");?>",
label: "<?= html_safe(gettext('Yes')) ?>",
action: function(dialogRef) {
$("#act").val("delApiKey");
$("#api_delete").val(apiKey);