git subrepo commit (merge) mailcow/src/mailcow-dockerized
subrepo: subdir: "mailcow/src/mailcow-dockerized"
merged: "02ae5285"
upstream: origin: "https://github.com/mailcow/mailcow-dockerized.git"
branch: "master"
commit: "649a5c01"
git-subrepo: version: "0.4.3"
origin: "???"
commit: "???"
Change-Id: I870ad468fba026cc5abf3c5699ed1e12ff28b32b
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/functions.app_passwd.inc.php b/mailcow/src/mailcow-dockerized/data/web/inc/functions.app_passwd.inc.php
index c4b0026..8c8ad18 100644
--- a/mailcow/src/mailcow-dockerized/data/web/inc/functions.app_passwd.inc.php
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/functions.app_passwd.inc.php
@@ -23,9 +23,9 @@
}
switch ($_action) {
case 'add':
- $app_name = trim($_data['app_name']);
- $password = $_data['app_passwd'];
- $password2 = $_data['app_passwd2'];
+ $app_name = htmlspecialchars(trim($_data['app_name']));
+ $password = $_data['app_passwd'];
+ $password2 = $_data['app_passwd2'];
$active = intval($_data['active']);
$domain = mailbox('get', 'mailbox_details', $username)['domain'];
if (empty($domain)) {
@@ -94,7 +94,7 @@
);
continue;
}
- $app_name = trim($app_name);
+ $app_name = htmlspecialchars(trim($app_name));
if (!empty($password) && !empty($password2)) {
if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) {
$_SESSION['return'][] = array(
@@ -198,6 +198,7 @@
$app_passwd_data = array();
return false;
}
+ $app_passwd_data['name'] = htmlspecialchars(trim($app_passwd_data['name']));
return $app_passwd_data;
break;
}