diff --git a/ihtml/themes/breezy/islocked.tpl b/ihtml/themes/breezy/islocked.tpl
index 1d6cbbc0e2ff58ee4d4b5cb98cf0de6db0f5d675..1f5544c9dab042ef25c3e45c0673d6c88e71a7ab 100644
--- a/ihtml/themes/breezy/islocked.tpl
+++ b/ihtml/themes/breezy/islocked.tpl
@@ -6,7 +6,7 @@
</div>
<div>
<p>
- <b>{t}Warning{/t}:</b> {$message}
+ <b>{t}Warning{/t}:</b> {$message|escape}
<ul>
{foreach from=$locks item=lock}
<li>{t 1=$lock.object 2=$lock.user 3=$lock.timestamp|date_format:"%Y-%m-%d, %H:%M:%S"}"%1" has been locked by "%2" since %3{/t}</li>
@@ -18,7 +18,7 @@
</p>
<p class="plugbottom">
- <input type="submit" name="delete_lock" value="{$action}"/>
+ <input type="submit" name="delete_lock" value="{$action|escape}"/>
{if $allow_readonly}
<input type="submit" name="open_readonly" value="{t}Read only{/t}"/>
@@ -27,7 +27,7 @@
<input type="submit" formnovalidate="formnovalidate" name="cancel_lock" value="{t}Cancel{/t}"/>
</p>
- <input type="hidden" name="dn" value="{$dn}"/>
+ <input type="hidden" name="dn" value="{$dn|escape}"/>
</div>
</div>
diff --git a/ihtml/themes/breezy/login.tpl b/ihtml/themes/breezy/login.tpl
index 25f4d9cf79560c4058566837801453e4a06dbb1f..3b39193d2afb00e38a2c6fa52799ed260d5e69d1 100644
--- a/ihtml/themes/breezy/login.tpl
+++ b/ihtml/themes/breezy/login.tpl
@@ -79,7 +79,7 @@
<script type="text/javascript">
<!--
enable_keyPress = false;
- focus_field("{$focusfield}");
+ focus_field("{$focusfield|escape}");
next_msg_dialog();
-->
</script>
diff --git a/ihtml/themes/breezy/recovery.tpl b/ihtml/themes/breezy/recovery.tpl
index 5d5642498dbf3cc447267e169707b9168e5a3f1e..6e29c287f48ac1fa24e347b06fcd13f626e267d8 100644
--- a/ihtml/themes/breezy/recovery.tpl
+++ b/ihtml/themes/breezy/recovery.tpl
@@ -23,7 +23,7 @@
<span class="warning"> {$ssl} </span>
<!-- Display error message on demand -->
- <span class="warning"> {$message} </span>
+ <span class="warning"> {$message|escape} </span>
{if $step==3}
<p class="infotext">
@@ -93,7 +93,7 @@
<label for="email_address">
<img class="center" src="geticon.php?context=applications&icon=internet-mail&size=48" alt="{t}Email address{/t}" title="{t}Email address{/t}" />
</label>
- <input type="text" name="email_address" id="email_address" value="{$email_address}" title="{t}Email{/t}" onFocus=""/>
+ <input type="text" name="email_address" id="email_address" value="{$email_address|escape}" title="{t}Email{/t}" onFocus=""/>
</div>
{if $show_directory_chooser}
<div>
@@ -117,7 +117,7 @@
{/if}
{else}
<!-- Display error message on demand -->
- <p class="warning"> {$message} </p>
+ <p class="warning"> {$message|escape} </p>
<p>{t}Password recovery is not activated. If you have lost your password, please contact your administrator{/t}</p>
</div>
</div>
diff --git a/ihtml/themes/breezy/restore-confirm.tpl b/ihtml/themes/breezy/restore-confirm.tpl
index 17df7ff41c1790c9f36615bd18933a24fbf917b8..e318892acc4bed80d31b3e26372f7a7cab669295 100644
--- a/ihtml/themes/breezy/restore-confirm.tpl
+++ b/ihtml/themes/breezy/restore-confirm.tpl
@@ -8,8 +8,8 @@
<p>
<ul>
{foreach from=$objects item=object}
- <li style="list-style-image:url('{$object.icon}');" title="{$object.type}">
- {$object.name} (<i>{$object.dn}</i>)
+ <li style="list-style-image:url('{$object.icon|escape}');" title="{$object.type|escape}">
+ {$object.name|escape} (<i>{$object.dn|escape}</i>)
</li>
{/foreach}
</ul>
diff --git a/ihtml/themes/breezy/simple-remove.tpl b/ihtml/themes/breezy/simple-remove.tpl
index 2f40e836219654a0d2837c9617e036e984d1b0c2..68333131063a4c842fdb735dddd36e9bdfe46ac2 100644
--- a/ihtml/themes/breezy/simple-remove.tpl
+++ b/ihtml/themes/breezy/simple-remove.tpl
@@ -8,8 +8,8 @@
<p>
<ul>
{foreach from=$objects item=object}
- <li style="list-style-image:url('{$object.icon}');" title="{$object.type}">
- {$object.name} (<i>{$object.dn}</i>)
+ <li style="list-style-image:url('{$object.icon|escape}');" title="{$object.type|escape}">
+ {$object.name|escape} (<i>{$object.dn|escape}</i>)
</li>
{/foreach}
</ul>
diff --git a/ihtml/themes/breezy/simpleplugin.tpl b/ihtml/themes/breezy/simpleplugin.tpl
index c51a181b3e5e15310e292bf4af7c877068ca2180..f5eeedaa2da247dc882e1b76acd0f893a5e986e4 100644
--- a/ihtml/themes/breezy/simpleplugin.tpl
+++ b/ihtml/themes/breezy/simpleplugin.tpl
@@ -6,17 +6,17 @@
{if is_array($hiddenPostedInput)}
{foreach from=$hiddenPostedInput item=hiddenPostedInput_item}
- <input name="{$hiddenPostedInput_item}" value="1" type="hidden"/>
+ <input name="{$hiddenPostedInput_item|escape}" value="1" type="hidden"/>
{/foreach}
{else}
- <input name="{$hiddenPostedInput}" value="1" type="hidden"/>
+ <input name="{$hiddenPostedInput|escape}" value="1" type="hidden"/>
{/if}
{if isset($focusedField)}
<!-- Place cursor -->
<script type="text/javascript">
<!-- // First input field on page
- focus_field('{$focusedField}');
+ focus_field('{$focusedField|escape}');
-->
</script>
{/if}
diff --git a/ihtml/themes/breezy/simpleplugin_section.tpl b/ihtml/themes/breezy/simpleplugin_section.tpl
index 4909f228e95a2e9f95a1b8f983f7f0f8fc5077eb..03834100b07eca671414cb1cc2730d53d390819c 100644
--- a/ihtml/themes/breezy/simpleplugin_section.tpl
+++ b/ihtml/themes/breezy/simpleplugin_section.tpl
@@ -1,5 +1,5 @@
<fieldset id="{$sectionId}" class="plugin-section{$sectionClasses}">
- <legend><span>{$section}</span></legend>
+ <legend><span>{$section|escape}</span></legend>
<div>
<table>
{foreach from=$attributes item=attribute key=id}
diff --git a/include/simpleplugin/class_simpleTabs.inc b/include/simpleplugin/class_simpleTabs.inc
index 83e88d9059df9c94996c79145d04b82858fb14af..cae6e71482e451a701a2770acf87681c4d7fa219 100644
--- a/include/simpleplugin/class_simpleTabs.inc
+++ b/include/simpleplugin/class_simpleTabs.inc
@@ -309,7 +309,7 @@ class simpleTabs
'onclick="return true;" '.
'href="'."javascript:document.mainform.arg.value='$class';document.mainform.submit();".'">';
}
- $display .= $title.'</a></div></td>';
+ $display .= htmlescape($title).'</a></div></td>';
}
$display .= "<td>\n";
diff --git a/plugins/addons/dashboard/groups_stats.tpl b/plugins/addons/dashboard/groups_stats.tpl
index 2955b1f455b588d3101199eb4e3bbe9db72611e0..f4afd84428a1bec8cfb306440b679dcca6f129c3 100644
--- a/plugins/addons/dashboard/groups_stats.tpl
+++ b/plugins/addons/dashboard/groups_stats.tpl
@@ -1,6 +1,6 @@
<div id="{$sectionId}" class="plugin-section">
<span class="legend">
- {$section}
+ {$section|escape}
</span>
<div>
<img src="{$attributes.groups_stats.img|escape}" alt="group icon"/>
diff --git a/plugins/addons/dashboard/main_stats.tpl b/plugins/addons/dashboard/main_stats.tpl
index 336f09534baa692c7e95a51522bd83b63823654f..27ab1e8e9f55528ec970e61df1351e40ee0f7f84 100644
--- a/plugins/addons/dashboard/main_stats.tpl
+++ b/plugins/addons/dashboard/main_stats.tpl
@@ -7,9 +7,9 @@
{foreach from=$attributes.stats item=stat}
<li>
{if isset($stat.href)}
- <a href="{$stat.href}"><img style="vertical-align:middle;" src="{$stat.img|escape}" alt=""/> {$stat.name} : {$stat.nb}</a>
+ <a href="{$stat.href}"><img style="vertical-align:middle;" src="{$stat.img|escape}" alt=""/> {$stat.name|escape} : {$stat.nb|escape}</a>
{else}
- <img style="vertical-align:middle;" src="{$stat.img|escape}" alt=""/> {$stat.name} : {$stat.nb}
+ <img style="vertical-align:middle;" src="{$stat.img|escape}" alt=""/> {$stat.name|escape} : {$stat.nb|escape}
{/if}
</li>
{/foreach}
diff --git a/plugins/addons/dashboard/pwd_stats.tpl b/plugins/addons/dashboard/pwd_stats.tpl
index fa830389da18919a9db2e0ea6adb56c2e0979e6e..a5bc5e843f945d8a49bf4efff1cfddd671fc4c4c 100644
--- a/plugins/addons/dashboard/pwd_stats.tpl
+++ b/plugins/addons/dashboard/pwd_stats.tpl
@@ -1,6 +1,6 @@
<div id="{$sectionId}" class="plugin-section">
<span class="legend">
- {$section}
+ {$section|escape}
</span>
<div>
<img src="{$attributes.pwds_stats.img|escape}" alt="user icon"/>
diff --git a/plugins/addons/dashboard/users_accounts.tpl b/plugins/addons/dashboard/users_accounts.tpl
index 5ae33ace330f994afa6c1cade8e95c9735551d14..8c9463be82600bc81c520e61e2bd1346e12b17bc 100644
--- a/plugins/addons/dashboard/users_accounts.tpl
+++ b/plugins/addons/dashboard/users_accounts.tpl
@@ -1,6 +1,6 @@
<div id="{$sectionId}" class="plugin-section fullwidth">
<span class="legend">
- {$section}
+ {$section|escape}
</span>
<div>
<h1>
@@ -25,10 +25,10 @@
<tr>
{foreach from=$attributes.expired.columns.user item=colname}
- <th>{$colname}</th>
+ <th>{$colname|escape}</th>
{/foreach}
{foreach from=$attributes.expired.columns.manager item=colname}
- <th>{$colname}</th>
+ <th>{$colname|escape}</th>
{/foreach}
</tr>
</thead>
@@ -36,13 +36,13 @@
{foreach from=$attributes.expired.accounts item=account}
<tr>
{foreach from=$attributes.expired.columns.user key=colkey item=colname}
- <td>{$account.$colkey} </td>
+ <td>{$account.$colkey|escape} </td>
{/foreach}
{foreach from=$attributes.expired.columns.manager key=colkey item=colname}
{if $colkey==manager_mail}
- <td><a href="mailto:{$account.$colkey}">{$account.$colkey}</a></td>
+ <td><a href="mailto:{$account.$colkey|escape}">{$account.$colkey|escape}</a></td>
{else}
- <td>{$account.$colkey} </td>
+ <td>{$account.$colkey|escape} </td>
{/if}
{/foreach}
</tr>
@@ -73,10 +73,10 @@
<tr>
{foreach from=$attributes.expired.columns.user item=colname}
- <th>{$colname}</th>
+ <th>{$colname|escape}</th>
{/foreach}
{foreach from=$attributes.expired.columns.manager item=colname}
- <th>{$colname}</th>
+ <th>{$colname|escape}</th>
{/foreach}
</tr>
</thead>
@@ -84,13 +84,13 @@
{foreach from=$attributes.expired.accounts_next_days item=account}
<tr>
{foreach from=$attributes.expired.columns.user key=colkey item=colname}
- <td> {$account.$colkey}</td>
+ <td> {$account.$colkey|escape}</td>
{/foreach}
{foreach from=$attributes.expired.columns.manager key=colkey item=colname}
{if $colkey==manager_mail}
- <td><a href="mailto:{$account.$colkey}">{$account.$colkey}</a></td>
+ <td><a href="mailto:{$account.$colkey|escape}">{$account.$colkey|escape}</a></td>
{else}
- <td> {$account.$colkey}</td>
+ <td> {$account.$colkey|escape}</td>
{/if}
{/foreach}
</tr>
diff --git a/plugins/addons/dashboard/users_stats.tpl b/plugins/addons/dashboard/users_stats.tpl
index f86c17fd143e00bb11873ddabaa18f6ebfbea213..3577f84a802b22b8a7e546cc6378869c03b0b8e6 100644
--- a/plugins/addons/dashboard/users_stats.tpl
+++ b/plugins/addons/dashboard/users_stats.tpl
@@ -1,6 +1,6 @@
<div id="{$sectionId}" class="plugin-section">
<span class="legend">
- {$section}
+ {$section|escape}
</span>
<div>
<img src="{$attributes.users_stats.img|escape}" alt="user icon"/>
diff --git a/plugins/admin/groups/tabs_ogroups.inc b/plugins/admin/groups/tabs_ogroups.inc
index e5d97491e14c33a09fd59f3a0f99d16a095d7c28..8dc6d4fd1d2d31a8e07b9039b0b9dee9edba95be 100644
--- a/plugins/admin/groups/tabs_ogroups.inc
+++ b/plugins/admin/groups/tabs_ogroups.inc
@@ -172,11 +172,6 @@ class ogrouptabs extends simpleTabs_noSpecial
}
}
- function check ($ignore_account = FALSE)
- {
- return parent::check(FALSE);
- }
-
function save ()
{
$errors = parent::save();
diff --git a/plugins/generic/references/contents.tpl b/plugins/generic/references/contents.tpl
index c4fec404ddad08c414f61fa63b98aab07c0fba71..0a4234c790300e5f4209c80f2386e7b69ad270f2 100644
--- a/plugins/generic/references/contents.tpl
+++ b/plugins/generic/references/contents.tpl
@@ -1,6 +1,6 @@
<div id="{$sectionId}" class="plugin-section{$sectionClasses}">
<span class="legend">
- {$section}
+ {$section|escape}
</span>
<div>
{if $attributes.refs}