ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Escape output of WEB_TITLE, HOME_URL, HOME_CONTENT, & WEB_CONSOLE_BANNER. Fixes #2468

pull/2518/head
Matthew Noorenberghe 2019-02-09 18:06:21 -08:00
parent 9ce05a9a09
commit 6af2c4ad0e
5 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
web/skins/classic/includes/functions.php
View File

@ -57,7 +57,7 @@ function xhtmlHeaders( $file, $title ) {
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo ZM_WEB_TITLE_PREFIX ?> - <?php echo validHtmlStr($title) ?></title>
<title><?php echo validHtmlStr(ZM_WEB_TITLE_PREFIX); ?> - <?php echo validHtmlStr($title) ?></title>
<?php
if ( file_exists( "skins/$skin/css/$css/graphics/favicon.ico" ) ) {
echo "
@ -207,7 +207,7 @@ function getBodyTopHTML() {
<body>
<noscript>
<div style="background-color:red;color:white;font-size:x-large;">
'. ZM_WEB_TITLE .' requires Javascript. Please enable Javascript in your browser for this site.
'. validHtmlStr(ZM_WEB_TITLE) .' requires Javascript. Please enable Javascript in your browser for this site.
</div>
</noscript>
@ -254,7 +254,7 @@ function getNavBarHTML($reload = null) {
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<div class="navbar-brand"><a href="<?php echo ZM_HOME_URL?>" target="<?php echo ZM_WEB_TITLE ?>"><?php echo ZM_HOME_CONTENT ?></a></div>
<div class="navbar-brand"><a href="<?php echo validHtmlStr(ZM_HOME_URL); ?>" target="<?php echo validHtmlStr(ZM_WEB_TITLE); ?>"><?php echo validHtmlStr(ZM_HOME_CONTENT); ?></a></div>
</div>
<div class="collapse navbar-collapse" id="main-header-nav">
@ -383,7 +383,7 @@ if ($reload == 'reload') ob_start();
?></li>
</ul>
<?php if ( defined('ZM_WEB_CONSOLE_BANNER') and ZM_WEB_CONSOLE_BANNER != '' ) { ?>
<h3 id="development"><?php echo ZM_WEB_CONSOLE_BANNER ?></h3>
<h3 id="development"><?php echo validHtmlStr(ZM_WEB_CONSOLE_BANNER); ?></h3>
<?php } ?>
<!-- End .footer/reload --></div>
<?php

2
web/skins/classic/views/login.php
View File

@ -16,7 +16,7 @@ xhtmlHeaders(__FILE__, translate('Login') );
<div id="loginform">
<h1><i class="material-icons md-36">account_circle</i> <?php echo ZM_WEB_TITLE . ' ' . translate('Login') ?></h1>
<h1><i class="material-icons md-36">account_circle</i> <?php echo validHtmlStr(ZM_WEB_TITLE) . ' ' . translate('Login') ?></h1>
<label for="inputUsername" class="sr-only"><?php echo translate('Username') ?></label>
<input type="text" id="inputUsername" name="username" class="form-control" placeholder="Username" required autofocus />

2
web/skins/classic/views/logout.php
View File

@ -25,7 +25,7 @@ xhtmlHeaders(__FILE__, translate('Logout') );
<body>
<div id="page">
<div id="header">
<h1><?php echo ZM_WEB_TITLE . ' ' . translate('Logout') ?></h1>
<h1><?php echo validHtmlStr(ZM_WEB_TITLE) . ' ' . translate('Logout') ?></h1>
</div>
<div id="content">
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">

2
web/skins/classic/views/none.php
View File

@ -25,7 +25,7 @@ $skinJsFile = getSkinFile('js/skin.js');
<html lang="en">
<head>
<meta charset="utf-8">
<title><?php echo ZM_WEB_TITLE_PREFIX ?></title>
<title><?php echo validHtmlStr(ZM_WEB_TITLE_PREFIX); ?></title>
<script nonce="<?php echo $cspNonce ?>">
<?php
require_once($skinJsPhpFile);

2
web/skins/classic/views/postlogin.php
View File

@ -23,7 +23,7 @@ xhtmlHeaders(__FILE__, translate('LoggingIn') );
<body>
<div id="page">
<div id="header">
<h1><?php echo ZM_WEB_TITLE . ' ' . translate('Login') ?></h1>
<h1><?php echo validHtmlStr(ZM_WEB_TITLE) . ' ' . translate('Login') ?></h1>
</div>
<div id="content">
<h2><?php echo translate('LoggingIn') ?></h2>