diff --git a/ihtml/themes/default/islocked.tpl b/ihtml/themes/default/islocked.tpl
index bf3e83fbba4786c1ce7f2c237d50504b5df34567..a4e937054863f2f67259ebff2c76b879f296132a 100644
--- a/ihtml/themes/default/islocked.tpl
+++ b/ihtml/themes/default/islocked.tpl
@@ -1,5 +1,5 @@
<div style="font-size:20px;">
- <img alt="" src="geticon.php?context=status&icon=object-locked&size=32" style="vertical-align:top;"/> {t}Locking conflict detected{/t}
+ <img alt="" src="geticon.php?context=status&icon=object-locked&size=32" style="vertical-align:top;"/> {t}Locking conflict detected{/t}
</div>
<p>
diff --git a/ihtml/themes/default/login.tpl b/ihtml/themes/default/login.tpl
index 894a497006bb61e6f8778680c9a56a35bcb66423..05d2096d09c45dfa1a7a429de98df73e2343da6b 100644
--- a/ihtml/themes/default/login.tpl
+++ b/ihtml/themes/default/login.tpl
@@ -25,19 +25,19 @@
</div>
<div>
- <label for="username"><img class="center" src="{$personal_img}" alt="{t}Username{/t}" title="{t}Username{/t}"/> </label>
+ <label for="username"><img class="center" src="{$personal_img|escape}" alt="{t}Username{/t}" title="{t}Username{/t}"/> </label>
<input type="text" name="username" id="username" maxlength="40" value="{$username|escape}"
title="{t}Username{/t}" onFocus="nextfield= 'password';" />
<br />
<br />
- <label for="password"><img class="center" src="{$password_img}" alt="{t}Password{/t}" title="{t}Password{/t}" /> </label>
+ <label for="password"><img class="center" src="{$password_img|escape}" alt="{t}Password{/t}" title="{t}Password{/t}" /> </label>
<input type="password" name="password" id="password" maxlength="40" value=""
title="{t}Password{/t}" onFocus="nextfield= 'login';" />
<br />
<a href="recovery.php">{t}I forgot my password{/t}</a>
</div>
<div>
- <img class="center" src="{$directory_img}" alt="{t}Directory{/t}" title="{t}Directory{/t}" />
+ <img class="center" src="{$directory_img|escape}" alt="{t}Directory{/t}" title="{t}Directory{/t}" />
<select name="server" title="{t}Directory{/t}" onchange="javascript:document.mainform.submit();">
{html_options options=$server_options selected=$server_id}
</select>
diff --git a/ihtml/themes/default/msg_dialog.tpl b/ihtml/themes/default/msg_dialog.tpl
index d5deafe6cc3059a550a56d29e129c348275abebe..a10127140680a8124569ef8e4e63e28309590cdf 100644
--- a/ihtml/themes/default/msg_dialog.tpl
+++ b/ihtml/themes/default/msg_dialog.tpl
@@ -35,11 +35,11 @@
<div id="e_layerTitle{$i_ID}" class="msgtitle">
<h2>
{if $i_Type == $smarty.const.ERROR_DIALOG}
- <img src="geticon.php?context=status&icon=dialog-error&size=32" class="center" alt="{t}Error{/t}"/>
+ <img src="geticon.php?context=status&icon=dialog-error&size=32" class="center" alt="{t}Error{/t}"/>
{elseif $i_Type == $smarty.const.WARNING_DIALOG}
- <img src="geticon.php?context=status&icon=dialog-warning&size=32" class="center" alt="{t}Warning{/t}"/>
+ <img src="geticon.php?context=status&icon=dialog-warning&size=32" class="center" alt="{t}Warning{/t}"/>
{elseif $i_Type == $smarty.const.INFO_DIALOG || $i_Type == $smarty.const.CONFIRM_DIALOG}
- <img src="geticon.php?context=status&icon=dialog-information&size=32" class="center" alt="{t}Information{/t}"/>
+ <img src="geticon.php?context=status&icon=dialog-information&size=32" class="center" alt="{t}Information{/t}"/>
{/if}
{$s_Title}
</h2>
diff --git a/ihtml/themes/default/recovery.tpl b/ihtml/themes/default/recovery.tpl
index 85752ef119fb722f47c294362366d5c10c0a1249..089e15ea755335f0436f232e7f17e34f6d4b34c3 100644
--- a/ihtml/themes/default/recovery.tpl
+++ b/ihtml/themes/default/recovery.tpl
@@ -17,7 +17,7 @@
{$msg_dialogs}
<div id="window_titlebar">
<p>
- <img class="center" src="geticon.php?context=status&icon=dialog-password&size=48" alt="{t}Password{/t}" title="{t}Password{/t}"/>
+ <img class="center" src="geticon.php?context=status&icon=dialog-password&size=48" alt="{t}Password{/t}" title="{t}Password{/t}"/>
{t}Lost password{/t}
</p>
</div>
@@ -100,7 +100,7 @@
<div style="clear:both"></div>
{elseif $changed}
<div class="success">
- <img class="center" src="geticon.php?context=status&icon=task-complete&size=16" alt="{t}Success{/t}" title="{t}Success{/t}"> <b>{t}Your password has been changed successfully.{/t}</b><br/>
+ <img class="center" src="geticon.php?context=status&icon=task-complete&size=16" alt="{t}Success{/t}" title="{t}Success{/t}"> <b>{t}Your password has been changed successfully.{/t}</b><br/>
<br/><a href="./">Return to login screen</a>
</div>
{else}
diff --git a/ihtml/themes/default/remove.tpl b/ihtml/themes/default/remove.tpl
index a73f16b55fce9b0a2ce39b0891829bf2acbc6de6..4bcb2e86dc7507f4216f01e2e10fb7fb16f27f3d 100644
--- a/ihtml/themes/default/remove.tpl
+++ b/ihtml/themes/default/remove.tpl
@@ -1,5 +1,5 @@
<div style="font-size:18px;">
- <img alt="" src="geticon.php?context=status&icon=dialog-warning&size=32"/> {t}Warning{/t}
+ <img alt="" src="geticon.php?context=status&icon=dialog-warning&size=32"/> {t}Warning{/t}
</div>
<p>
{$intro}
diff --git a/include/class_CopyPasteHandler.inc b/include/class_CopyPasteHandler.inc
index c9c6e4a46e986f41433fbf08f507317470f43d75..d1de17bb05a3201641d8c8c50c257e42a15a2309 100644
--- a/include/class_CopyPasteHandler.inc
+++ b/include/class_CopyPasteHandler.inc
@@ -367,9 +367,9 @@ class CopyPasteHandler
$Copy_Paste = " <img class='center' src='images/lists/seperator.png' alt='' height='16' width='1'> ";
if ($this->entries_queued()) {
$Copy_Paste .= "<input type='image' name='editPaste' class='center'
- src='geticon.php?context=actions&icon=edit-paste&size=16' alt='"._("Paste")."'> ";
+ src='geticon.php?context=actions&icon=edit-paste&size=16' alt='"._("Paste")."'> ";
} else {
- $Copy_Paste .= "<img class='center' src='geticon.php?context=actions&icon=edit-paste&size=16&disabled=1' alt=\""._("Cannot paste")."\"> ";
+ $Copy_Paste .= "<img class='center' src='geticon.php?context=actions&icon=edit-paste&size=16&disabled=1' alt=\""._("Cannot paste")."\"> ";
}
return $Copy_Paste;
}
diff --git a/include/class_SnapShotDialog.inc b/include/class_SnapShotDialog.inc
index ee523f3586e83f0e11fac93e92d8b77e17a181b2..630d8001871199052cc3712136f80a3d5d36e918 100644
--- a/include/class_SnapShotDialog.inc
+++ b/include/class_SnapShotDialog.inc
@@ -175,9 +175,9 @@ class SnapShotDialog extends plugin
/* Add Elements to divselectbox */
$this->last_list = array_values($list_of_elements);
foreach ($this->last_list as $key => $entry) {
- $actions = "<input type='image' src='geticon.php?context=actions&icon=document-restore&size=16' name='RestoreSnapshot_$key'
+ $actions = "<input type='image' src='geticon.php?context=actions&icon=document-restore&size=16' name='RestoreSnapshot_$key'
class='center' title='"._("Restore snapshot")."'> ";
- $actions .= "<input type='image' src='geticon.php?context=actions&icon=edit-delete&size=16' name='RemoveSnapshot_$key'
+ $actions .= "<input type='image' src='geticon.php?context=actions&icon=edit-delete&size=16' name='RemoveSnapshot_$key'
class='center' title='"._("Remove snapshot")."'> ";
$time_stamp = date(_("Y-m-d, H:i:s"), preg_replace("/\-.*$/", "", $entry['gosaSnapshotTimestamp'][0]));
diff --git a/include/class_baseSelector.inc b/include/class_baseSelector.inc
index c2e8ed3e8033945d802fbf5c9a28ffe1aca872bb..cd27d3bf519072fb12a956fd3fd93de392f8cf7a 100644
--- a/include/class_baseSelector.inc
+++ b/include/class_baseSelector.inc
@@ -254,7 +254,7 @@ class baseSelector {
// Draw submitter if required
if ($this->submitButton) {
- $this->tree .= " <input class='center' type='image' src='geticon.php?context=actions&icon=submit&size=16' title='"._("Submit")."' name='submit_base_".$this->pid."' id='submit_base_".$this->pid."' alt='"._("Submit")."'>";
+ $this->tree .= " <input class='center' type='image' src='geticon.php?context=actions&icon=submit&size=16' title='"._("Submit")."' name='submit_base_".$this->pid."' id='submit_base_".$this->pid."' alt='"._("Submit")."'>";
}
$this->tree .= "<input type='submit' style='display:none' name='submit_tree_base_".$this->pid."' id='submit_tree_base_".$this->pid."'>";
$this->tree .= "<input type='hidden' name='bs_rebase_".$this->pid."' id='bs_rebase_".$this->pid."'>";
diff --git a/include/class_listing.inc b/include/class_listing.inc
index 02f73c9549a59742e9ea441197f1f8f46d44b45b..add9c4a2d59b17ad6ad972ffc610ea5ccc9cc394 100644
--- a/include/class_listing.inc
+++ b/include/class_listing.inc
@@ -303,7 +303,7 @@ class listing {
isset($config['sortType'])) {
$this->sortAttribute = $config['sortAttribute'];
$this->sortType = $config['sortType'];
- $sorter = " <img class='center' title='".($this->sortDirection[$index]?_("Up"):_("Down"))."' src='geticon.php?context=actions&size=16&icon=view-sort-".($this->sortDirection[$index]?"descending":"ascending")."' alt='".($this->sortDirection[$index]?_('Sort up'):_('Sort down'))."'>";
+ $sorter = " <img class='center' title='".($this->sortDirection[$index]?_("Up"):_("Down"))."' src='geticon.php?context=actions&size=16&icon=view-sort-".($this->sortDirection[$index]?"descending":"ascending")."' alt='".($this->sortDirection[$index]?_('Sort up'):_('Sort down'))."'>";
}
$sortable = (isset($config['sortAttribute']));
@@ -472,7 +472,7 @@ class listing {
foreach ($this->objectTypes as $objectType) {
if (isset($this->objectTypeCount[$objectType['label']])) {
$label = _($objectType['label']);
- $result .= "<img class='center' src='".$objectType['image']."' title='$label' alt='$label'> ".$this->objectTypeCount[$objectType['label']]." ";
+ $result .= "<img class='center' src='".htmlentities($objectType['image'], ENT_COMPAT, 'UTF-8')."' title='$label' alt='$label'> ".$this->objectTypeCount[$objectType['label']]." ";
}
}
@@ -950,7 +950,7 @@ class listing {
}
if ($type) {
$this->objectDnMapping[$dn] = $type;
- $result = "<img class='center' title='".LDAP::fix($dn)."' src='".$this->objectTypes[$type]["image"]."' alt='$type'/>";
+ $result = "<img class='center' title='".LDAP::fix($dn)."' src='".htmlentities($this->objectTypes[$type]['image'], ENT_COMPAT, 'UTF-8')."' alt='$type'/>";
if (!isset($this->objectTypeCount[$this->objectTypes[$type]['label']])) {
$this->objectTypeCount[$this->objectTypes[$type]['label']] = 0;
}
@@ -1030,7 +1030,7 @@ class listing {
if ($action['type'] == "entry") {
$label = $this->processElementFilter($action['label'], $this->entries[$row], $row);
$image = $this->processElementFilter($action['image'], $this->entries[$row], $row);
- $result .= "<input class='center' type='image' src='$image' title='$label' alt='$label' ".
+ $result .= "<input class='center' type='image' src='".htmlentities($image, ENT_COMPAT, 'UTF-8')."' title='$label' alt='$label' ".
"name='listing_".$action['name']."_$row' style='padding:1px'>";
}
@@ -1142,30 +1142,30 @@ class listing {
/* Draw root button */
if ($enableRoot) {
- $result["ROOT"] = "<input class='center' type='image' src='geticon.php?context=actions&icon=go-first&size=16' ".
+ $result["ROOT"] = "<input class='center' type='image' src='geticon.php?context=actions&icon=go-first&size=16' ".
"title='"._("Go to root department")."' name='ROOT' alt='"._("Root")."'>";
} else {
- $result["ROOT"] = "<img src='geticon.php?context=actions&icon=go-first&size=16&disabled=1' class='center' alt='"._("Root")."'>";
+ $result["ROOT"] = "<img src='geticon.php?context=actions&icon=go-first&size=16&disabled=1' class='center' alt='"._("Root")."'>";
}
/* Draw back button */
if ($enableBack) {
- $result["BACK"] = "<input class='center' type='image' src='geticon.php?context=actions&icon=go-up&size=16' ".
+ $result["BACK"] = "<input class='center' type='image' src='geticon.php?context=actions&icon=go-up&size=16' ".
"title='"._("Go up one department")."' alt='"._("Up")."' name='BACK'>";
} else {
- $result["BACK"] = "<img src='geticon.php?context=actions&icon=go-up&size=16&disabled=1' class='center' alt='"._("Up")."'>";
+ $result["BACK"] = "<img src='geticon.php?context=actions&icon=go-up&size=16&disabled=1' class='center' alt='"._("Up")."'>";
}
/* Draw home button */
if ($enableHome) {
- $result["HOME"] = '<input class="center" type="image" src="geticon.php?context=actions&icon=go-home&size=16"'.
+ $result["HOME"] = '<input class="center" type="image" src="geticon.php?context=actions&icon=go-home&size=16"'.
' title="'._("Go to user's department").'" alt="'._('Home').'" name="HOME"/>';
} else {
- $result["HOME"] = "<img src='geticon.php?context=actions&icon=go-home&size=16&disabled=1' class='center' alt='"._("Home")."'>";
+ $result["HOME"] = "<img src='geticon.php?context=actions&icon=go-home&size=16&disabled=1' class='center' alt='"._("Home")."'>";
}
/* Draw reload button, this button is enabled everytime */
- $result["RELOAD"] = "<input class='center optional' type='image' src='geticon.php?context=actions&icon=view-refresh&size=16' ".
+ $result["RELOAD"] = "<input class='center optional' type='image' src='geticon.php?context=actions&icon=view-refresh&size=16' ".
"title='"._("Reload list")."' name='REFRESH' alt='"._("Submit")."'>";
return $result;
@@ -1296,7 +1296,7 @@ class listing {
.'<a href="#" onClick="'
."document.getElementById('actionmenu').value='$action';document.getElementById('exec_act').click();"
.'">'
- .'<img src="'.$icon.'" alt="'.$action.'" class="center"> '.$name.'</a>'
+ .'<img src="'.htmlentities($icon, ENT_COMPAT, 'UTF-8').'" alt="'.$action.'" class="center"> '.$name.'</a>'
.'</li>';
}
@@ -1335,7 +1335,7 @@ class listing {
if (isset($action['label'])) {
$img = "";
if (isset($action['image'])) {
- $img = "<img class='center' src='".$action['image']."' alt='".$action['label']."'/> ";
+ $img = "<img class='center' src='".htmlentities($action['image'], ENT_COMPAT, 'UTF-8')."' alt='".$action['label']."'/> ";
}
$result .= "<li id='actionmenu_".strtolower($action['label'])."'$separator><a href='#'>$img"._($action['label'])." <img src='images/forward-arrow.png' alt='forward arrow'/></a>";
}
@@ -1599,7 +1599,7 @@ class listing {
if ($this->copyPasteHandler->entries_queued()) {
$result .= $this->renderActionMenuActionLink($separator, 'paste', _('Paste'), 'geticon.php?context=actions&icon=edit-paste&size=16');
} else {
- $result .= "<li$separator><a href='#'><img src='geticon.php?context=actions&icon=edit-paste&size=16&disabled=1' alt='paste' class='center'> "._("Paste")."</a></li>";
+ $result .= "<li$separator><a href='#'><img src='geticon.php?context=actions&icon=edit-paste&size=16&disabled=1' alt='paste' class='center'> "._("Paste")."</a></li>";
}
}
@@ -1624,7 +1624,7 @@ class listing {
if ($cut) {
if ($ui->is_cutable($dn, $category, $class)) {
$result .= '<input class="center" type="image"'.
- ' src="geticon.php?context=actions&icon=edit-cut&size=16"'.
+ ' src="geticon.php?context=actions&icon=edit-cut&size=16"'.
' alt="'._('Cut').'" name="listing_cut_'.$row.'" title="'._('Cut this entry').'"'.
' style="padding:1px">';
} else {
@@ -1636,7 +1636,7 @@ class listing {
if ($copy) {
if ($ui->is_copyable($dn, $category, $class)) {
$result .= '<input class="center" type="image"'.
- ' src="geticon.php?context=actions&icon=edit-copy&size=16"'.
+ ' src="geticon.php?context=actions&icon=edit-copy&size=16"'.
' alt="'._('Copy').'" name="listing_copy_'.$row.'" title="'._('Copy this entry').'"'.
' style="padding:1px">';
} else {
@@ -1672,7 +1672,7 @@ class listing {
if ($restore) {
$result .= $this->renderActionMenuActionLink($separator, 'restore', _('Restore snapshots'), 'geticon.php?context=actions&icon=document-restore&size=16');
} else {
- $result .= "<li$separator><a href='#'><img src='geticon.php?context=actions&icon=document-restore&size=16&disabled=1' alt='restore' class='center'> "._("Restore snapshots")."</a></li>";
+ $result .= "<li$separator><a href='#'><img src='geticon.php?context=actions&icon=document-restore&size=16&disabled=1' alt='restore' class='center'> "._("Restore snapshots")."</a></li>";
}
}
@@ -1686,7 +1686,7 @@ class listing {
$result = "";
// Draw entries
- $result .= "<li$separator id='actionmenu_exportList'><a href='#'><img class='center' src='geticon.php?context=actions&icon=document-export&size=16' alt='export'> "._("Export list")." <img src='images/forward-arrow.png' alt='arrow'></a><ul class='level3'>";
+ $result .= "<li$separator id='actionmenu_exportList'><a href='#'><img class='center' src='geticon.php?context=actions&icon=document-export&size=16' alt='export'> "._("Export list")." <img src='images/forward-arrow.png' alt='arrow'></a><ul class='level3'>";
// Export CVS as build in exporter
foreach ($this->exporter as $action => $exporter) {
@@ -1720,17 +1720,17 @@ class listing {
// Do we have snapshots for this dn?
if ($this->snapshotHandler->hasSnapshots($dn)) {
- $result .= "<input class='center' type='image' src='geticon.php?context=actions&icon=document-restore&size=16' ".
+ $result .= "<input class='center' type='image' src='geticon.php?context=actions&icon=document-restore&size=16' ".
"alt='"._("Restore snapshot")."' name='listing_restore_$row' title='".
_("Restore snapshot")."' style='padding:1px'>";
} else {
- $result .= "<img src='geticon.php?context=actions&icon=document-restore&size=16&disabled=1' alt='restore' class='center' style='padding:1px'>";
+ $result .= "<img src='geticon.php?context=actions&icon=document-restore&size=16&disabled=1' alt='restore' class='center' style='padding:1px'>";
}
}
// Draw snapshot button
if ($ui->allow_snapshot_create($dn, $category)) {
- $result .= "<input class='center' type='image' src='geticon.php?context=actions&icon=snapshot&size=16' ".
+ $result .= "<input class='center' type='image' src='geticon.php?context=actions&icon=snapshot&size=16' ".
"alt='"._("Create snapshot")."' name='listing_snapshot_$row' title='".
_("Create a new snapshot from this object")."' style='padding:1px'>";
} else {
diff --git a/include/class_msg_dialog.inc b/include/class_msg_dialog.inc
index cf8a23f9291290a7184e788d005c90348cdb1f67..45a6f9151cfce239da786d6e832589430385da16 100644
--- a/include/class_msg_dialog.inc
+++ b/include/class_msg_dialog.inc
@@ -161,7 +161,7 @@ class msg_dialog
$display .=
"<table style='width:100%; border:2px solid red;'>
<tr><td style='vertical-align:top;padding:10px'>
- <img src='geticon.php?context=status&icon=dialog-error&size=32' alt='{t}Error{/t}'/>
+ <img src='geticon.php?context=status&icon=dialog-error&size=32' alt='{t}Error{/t}'/>
</td><td style='width:100%'>
<b>".$this->s_Title."</b><br>
".$this->s_Message."<br><br>
diff --git a/include/class_objects.inc b/include/class_objects.inc
index 734889087267284debf81c5dc88c5a0e807f4172..fa052caf895049cfaf9cf405f37d7960c0288c2d 100644
--- a/include/class_objects.inc
+++ b/include/class_objects.inc
@@ -195,7 +195,7 @@ class objects
}
if ($icon && isset($infos['icon'])) {
- $text = '<img alt="'.$infos['name'].'" title="'.$dn.'" src="'.$infos['icon'].'" class="center"/> '.$text;
+ $text = '<img alt="'.$infos['name'].'" title="'.$dn.'" src="'.htmlentities($infos['icon'], ENT_COMPAT, 'UTF-8').'" class="center"/> '.$text;
}
return '<a href="'.$href.'">'.$text.'</a>';
diff --git a/include/functions.inc b/include/functions.inc
index 75d7d58c2dcb5f25f049912676813a792c2683f0..6a5125647c93645b6bb9fe943ad9b63be3e523ba 100644
--- a/include/functions.inc
+++ b/include/functions.inc
@@ -243,7 +243,7 @@ function DEBUG($level, $line, $function, $file, $data, $info = "")
if (session::global_get('DEBUGLEVEL') & $level) {
if ($first) {
echo '<div id="debug_handling" class="notice">'.
- '<img src="geticon.php?context=status&icon=dialog-information&size=22" alt="info icon" style="vertical-align:middle;margin-right:.2em;"/>'.
+ '<img src="geticon.php?context=status&icon=dialog-information&size=22" alt="info icon" style="vertical-align:middle;margin-right:.2em;"/>'.
'There is some debug output '.
'<button onClick="javascript:$$(\'div.debug_div\').each(function (a) { a.toggle(); });">Toggle</button>'.
'</div>';
@@ -1861,7 +1861,7 @@ function range_selector($dcnt, $start, $range = 25, $post_var = FALSE)
if ($start > 0 ) {
$output .= " <a href= \"main.php?plug=".validate($_GET['plug'])."&start=".
($start - $range)."\">".
- '<img class="center" alt="back" src="geticon.php?context=actions&icon=previous&size=16"/></a>';
+ '<img class="center" alt="back" src="geticon.php?context=actions&icon=previous&size=16"/></a>';
}
/* Draw pages */
@@ -1880,7 +1880,7 @@ function range_selector($dcnt, $start, $range = 25, $post_var = FALSE)
if ($start < ($dcnt - $range)) {
$output .= " <a href= \"main.php?plug=".validate($_GET['plug'])."&start=".
($start + $range)."\">".
- '<img class="center" alt="forward" src="geticon.php?context=actions&icon=next&size=16"/></a>';
+ '<img class="center" alt="forward" src="geticon.php?context=actions&icon=next&size=16"/></a>';
}
if ($post_var && $numpages) {
diff --git a/include/php_setup.inc b/include/php_setup.inc
index 6f8c5af247892e37ab9e03dfa686c604704a0283..9755c4af3b0cb356ce9ea4caa18a87146273f405 100644
--- a/include/php_setup.inc
+++ b/include/php_setup.inc
@@ -196,14 +196,14 @@ function gosaRaiseError($errno, $errstr, $errfile, $errline)
<table width="100%">
<tr>
<td>
- <img src="geticon.php?context=status&icon=dialog-warning&size=16" alt="" class="center"/>
+ <img src="geticon.php?context=status&icon=dialog-warning&size=16" alt="" class="center"/>
<strong style="font-size:14px">'.
_("Generating this page caused the PHP interpreter to raise some errors!").'
</strong>
</td>
<td align=right>
<a href="mailto:bugs@fusiondirectory.org?subject=FusionDirectory%20bugreport&body=%BUGBODY%">
- <img src="geticon.php?context=applications&icon=internet-mail&size=16" title="'._("Send bug report to the FusionDirectory Team").
+ <img src="geticon.php?context=applications&icon=internet-mail&size=16" title="'._("Send bug report to the FusionDirectory Team").
'" class="center" alt="'.("Mail icon").'"> '._("Send bugreport").'
</a>
</td>
diff --git a/include/select/groupSelect/group-filter.tpl b/include/select/groupSelect/group-filter.tpl
index 3b17067c9f5c174ce1ba4aab7908eb341dcb743d..110159fe52cf6513de68f1c93511c705577b9737 100644
--- a/include/select/groupSelect/group-filter.tpl
+++ b/include/select/groupSelect/group-filter.tpl
@@ -16,7 +16,7 @@
<tr>
<td>
<label for="NAME">
- <img src="geticon.php?context=actions&icon=system-search&size=16" align=middle> {t}Name{/t}
+ <img src="geticon.php?context=actions&icon=system-search&size=16" align=middle> {t}Name{/t}
</label>
</td>
<td>
diff --git a/plugins/addons/dashboard/groups_stats.tpl b/plugins/addons/dashboard/groups_stats.tpl
index 766a87f1bd033078e365770aa5225554a7c95074..2869668ac6ddbdf1124e434c118c5a8ef7cadd53 100644
--- a/plugins/addons/dashboard/groups_stats.tpl
+++ b/plugins/addons/dashboard/groups_stats.tpl
@@ -3,7 +3,7 @@
{$section}
</span>
<div>
- <img src="{$attributes.groups_stats.img}" alt="group icon"/>
+ <img src="{$attributes.groups_stats.img|escape}" alt="group icon"/>
{t count=$attributes.groups_stats.nb 1=$attributes.groups_stats.nb plural="There are %1 groups:"}There is 1 group:{/t}
<ul>
{foreach from=$attributes.groups_stats.groups item=g}
diff --git a/plugins/addons/dashboard/main_stats.tpl b/plugins/addons/dashboard/main_stats.tpl
index c738b0413d79714c598f195a54bd0643405eff45..9b34b12c1755d62db406aa57f2c843b5bca60aa3 100644
--- a/plugins/addons/dashboard/main_stats.tpl
+++ b/plugins/addons/dashboard/main_stats.tpl
@@ -7,9 +7,9 @@
{foreach from=$attributes.stats item=stat}
<li>
{if isset($stat.href)}
- <a href="{$stat.href}"><img style="vertical-align:middle;" src="{$stat.img}" alt=""/> {$stat.name} : {$stat.nb}</a>
+ <a href="{$stat.href}"><img style="vertical-align:middle;" src="{$stat.img|escape}" alt=""/> {$stat.name} : {$stat.nb}</a>
{else}
- <img style="vertical-align:middle;" src="{$stat.img}" alt=""/> {$stat.name} : {$stat.nb}
+ <img style="vertical-align:middle;" src="{$stat.img|escape}" alt=""/> {$stat.name} : {$stat.nb}
{/if}
</li>
{/foreach}
diff --git a/plugins/addons/dashboard/users_stats.tpl b/plugins/addons/dashboard/users_stats.tpl
index 4e79862ecafd854f0c00bf2d5c52db461d131639..9ad688bb7e6d4eeeac5439f179260bb7e60b78f9 100644
--- a/plugins/addons/dashboard/users_stats.tpl
+++ b/plugins/addons/dashboard/users_stats.tpl
@@ -3,7 +3,7 @@
{$section}
</span>
<div>
- <img src="{$attributes.users_stats.img}" alt="user icon"/>
+ <img src="{$attributes.users_stats.img|escape}" alt="user icon"/>
{t count=$attributes.users_stats.nb 1=$attributes.users_stats.nb plural="There are %1 users:"}There is 1 user:{/t}
<ul>
{foreach from=$attributes.users_stats.accounts item=acc}
diff --git a/plugins/admin/acl/remove.tpl b/plugins/admin/acl/remove.tpl
index f3240919182a5a8e1539aa29f81d40b8bece3ff9..46696d286b3e55ee1acc6cd954afb8ef1e98190a 100644
--- a/plugins/admin/acl/remove.tpl
+++ b/plugins/admin/acl/remove.tpl
@@ -1,6 +1,6 @@
<div style="padding:5px;">
<div style="font-size:18px;">
- <img alt="" src="geticon.php?context=status&icon=dialog-warning&size=48" class="center"/> {t}Warning{/t}
+ <img alt="" src="geticon.php?context=status&icon=dialog-warning&size=48" class="center"/> {t}Warning{/t}
</div>
<p>
<ul>
diff --git a/plugins/admin/aclrole/class_aclRole.inc b/plugins/admin/aclrole/class_aclRole.inc
index 1e604538303b295f9f65059aeb9b9468085672d4..b1e3d643f58cf55418b0237274f3f0b2ade2a96c 100644
--- a/plugins/admin/aclrole/class_aclRole.inc
+++ b/plugins/admin/aclrole/class_aclRole.inc
@@ -312,11 +312,11 @@ class acl_createedit extends acl
$action = "";
if ($this->acl_is_readable("gosaAclEntry")) {
- $action .= "<input class='center' type='image' src='geticon.php?context=actions&icon=document-edit&size=16'
+ $action .= "<input class='center' type='image' src='geticon.php?context=actions&icon=document-edit&size=16'
alt='"._("Edit")."' name='cat_edit_$section' title='"._("Edit category ACL")."'>";
}
if ($this->acl_is_writeable("gosaAclEntry")) {
- $action .= "<input class='center' type='image' src='geticon.php?context=actions&icon=edit-delete&size=16'
+ $action .= "<input class='center' type='image' src='geticon.php?context=actions&icon=edit-delete&size=16'
alt='"._("Delete")."' name='cat_del_$section' title='"._("Reset category ACL")."'>";
}
diff --git a/plugins/admin/groups/class_groupManagement.inc b/plugins/admin/groups/class_groupManagement.inc
index 3ddf55ba3f04dd60f999cf0bba0347ba4f4f7835..48ca294a573f81a7c78d408164f20355fc79f41e 100644
--- a/plugins/admin/groups/class_groupManagement.inc
+++ b/plugins/admin/groups/class_groupManagement.inc
@@ -71,12 +71,12 @@ class groupManagement extends simpleManagement
// Load information if needed
$ldap = $config->get_ldap_link();
$ldap->cat($dn);
- $result = "<input class='center' type='image' src='geticon.php?context=types&icon=user-group&size=16' ".
+ $result = "<input class='center' type='image' src='geticon.php?context=types&icon=user-group&size=16' ".
"alt='"._('Posix')."' title='"._('Edit posix properties')."' ".
"name='listing_edit_tab_group_$row' style='padding:1px'/>";
if ($attrs = $ldap->fetch()) {
if (!objects::isOfType($attrs, 'group')) {
- return '<input class="center" type="image" src="geticon.php?context=types&icon=role&size=16" '.
+ return '<input class="center" type="image" src="geticon.php?context=types&icon=role&size=16" '.
'alt="'._('Role').'" title="'._('Edit role properties').'" '.
'name="listing_edit_'.$row.'" style="padding:1px"/>';
}
@@ -84,7 +84,7 @@ class groupManagement extends simpleManagement
if ($grouptab->is_this_account($attrs)) {
$infos = pluglist::pluginInfos($class);
if (isset($infos['plSmallIcon'])) {
- $result .= "<input class='center' type='image' src='".$infos['plSmallIcon']."' ".
+ $result .= "<input class='center' type='image' src='".htmlentities($infos['plSmallIcon'], ENT_COMPAT, 'UTF-8')."' ".
"alt='".$infos['plShortName']."' title='".$infos['plShortName']."' ".
"name='listing_edit_tab_".$class."_$row' style='padding:1px'/>";
} else {
@@ -108,7 +108,7 @@ class groupManagement extends simpleManagement
continue;
}
$info = objects::infos(ogroup::$objectTypes[$types[$i]]);
- $result .= '<img class="center" src="'.$info['icon'].'" '.
+ $result .= '<img class="center" src="'.htmlentities($info['icon'], ENT_COMPAT, 'UTF-8').'" '.
'alt="'.$info['name'].'" title="'.$info['name'].'" style="padding:1px"/>';
}
if ($result == "") {
diff --git a/plugins/admin/users/class_userManagement.inc b/plugins/admin/users/class_userManagement.inc
index 2f1ef0595badef0558760bbfd85ea0a57d249d8c..89132d28af920b200e47ba340d05b76d48da3faa 100644
--- a/plugins/admin/users/class_userManagement.inc
+++ b/plugins/admin/users/class_userManagement.inc
@@ -220,7 +220,7 @@ class userManagement extends simpleManagement
// Load information if needed
$ldap = $config->get_ldap_link();
$ldap->cat($dn);
- $result = '<input class="center" type="image" src="geticon.php?context=applications&icon=user-info&size=16" '.
+ $result = '<input class="center" type="image" src="geticon.php?context=applications&icon=user-info&size=16" '.
'alt="'._('User account').'" title="'._('User account information').'" '.
'name="listing_edit_tab_user_'.$row.'"/>';
if ($attrs = $ldap->fetch()) {
@@ -231,7 +231,7 @@ class userManagement extends simpleManagement
if ($usertab->is_this_account($attrs)) {
$infos = pluglist::pluginInfos($class);
if (isset($infos['plSmallIcon'])) {
- $result .= '<input class="center" type="image" src="'.$infos['plSmallIcon'].'" '.
+ $result .= '<input class="center" type="image" src="'.htmlentities($infos['plSmallIcon'], ENT_COMPAT, 'UTF-8').'" '.
'alt="'.$infos['plShortName'].'" title="'.$infos['plShortName'].'" '.
'name="listing_edit_tab_'.$class.'_'.$row.'"/>';
} else {
diff --git a/plugins/admin/users/user-filter.tpl b/plugins/admin/users/user-filter.tpl
index 172871e1446e6eea5a7933d676375b4f583c1431..fc45aa675e09f8022663c7573eb2874980898ea2 100644
--- a/plugins/admin/users/user-filter.tpl
+++ b/plugins/admin/users/user-filter.tpl
@@ -21,7 +21,7 @@
<tr>
<td>
<label for="NAME">
- <img src="geticon.php?context=actions&icon=system-search&size=16" alt='search'/> {t}Name{/t}
+ <img src="geticon.php?context=actions&icon=system-search&size=16" alt='search'/> {t}Name{/t}
</label>
</td>
<td>
diff --git a/plugins/personal/generic/paste_generic.tpl b/plugins/personal/generic/paste_generic.tpl
index 6cec3d324f9266b05676e37ec0bff4148d0caed1..9f92489ac81e64b424ad5c583de6288f515eb348 100644
--- a/plugins/personal/generic/paste_generic.tpl
+++ b/plugins/personal/generic/paste_generic.tpl
@@ -34,7 +34,7 @@
<table>
<tr>
<td width="147" height="200" bgcolor="gray">
- <img align="middle" border="0" width="100%" src="getbin.php?rand={$rand}" alt="{t}Personal picture{/t}">
+ <img align="middle" border="0" width="100%" src="getbin.php?rand={$rand|escape}" alt="{t}Personal picture{/t}">
</td>
</tr>
</table>
diff --git a/setup/class_setup.inc b/setup/class_setup.inc
index b791ab585563547edf3f441d0f39b29fdf3483d4..679e99fa9e94eb771bafbae22ef861f12da301ad 100644
--- a/setup/class_setup.inc
+++ b/setup/class_setup.inc
@@ -207,7 +207,7 @@ class setup
$b_completed = $step->is_completed();
if ($b_completed) {
- $s = '<img src="geticon.php?context=status&icon=task-complete&size=16" alt="'._('Completed').'" class="center optional"/> ';
+ $s = '<img src="geticon.php?context=status&icon=task-complete&size=16" alt="'._('Completed').'" class="center optional"/> ';
} else {
$s = '<img src="images/empty.png" alt=" " class="center optional"/> ';
}