AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Sanitize From Name and From Email Output in bulk mail as its not sanitized when the vars are grabbed from get_settings.php

This commit is contained in:
johnnyq 2024-02-26 15:58:28 -05:00
parent 015ef13c55
commit be5bf1853e
2 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
admin_bulk_mail.php
View File

@ -39,14 +39,14 @@ $sql = mysqli_query($mysqli, "SELECT * FROM contacts
<div class="form-group">
<select type="text" class="form-control select2" name="mail_from">
<option value="<?php echo $config_mail_from_email; ?>">
<?php echo "$config_mail_from_name - $config_mail_from_email"; ?></option>
<option value="<?php echo $config_invoice_from_email; ?>">
<?php echo "$config_invoice_from_name - $config_invoice_from_email"; ?></option>
<option value="<?php echo $config_quote_from_email; ?>">
<?php echo "$config_quote_from_name - $config_quote_from_email"; ?></option>
<option value="<?php echo $config_ticket_from_email; ?>">
<?php echo "$config_ticket_from_name - $config_ticket_from_email"; ?></option>
<option value="<?php echo nullable_htmlentities($config_mail_from_email); ?>">
<?php echo nullable_htmlentities("$config_mail_from_name - $config_mail_from_email"); ?></option>
<option value="<?php echo nullable_htmlentities($config_invoice_from_email); ?>">
<?php echo nullable_htmlentities("$config_invoice_from_name - $config_invoice_from_email"); ?></option>
<option value="<?php echo nullable_htmlentities($config_quote_from_email); ?>">
<?php echo nullable_htmlentities("$config_quote_from_name - $config_quote_from_email"); ?></option>
<option value="<?php echo nullable_htmlentities($config_ticket_from_email); ?>">
<?php echo nullable_htmlentities("$config_ticket_from_name - $config_ticket_from_email"); ?></option>
</select>
</div>

16
client_bulk_mail.php
View File

@ -34,14 +34,14 @@ $sql = mysqli_query($mysqli, "SELECT * FROM contacts
<div class="form-group">
<select type="text" class="form-control select2" name="mail_from">
<option value="<?php echo $config_mail_from_email; ?>">
<?php echo "$config_mail_from_name - $config_mail_from_email"; ?></option>
<option value="<?php echo $config_invoice_from_email; ?>">
<?php echo "$config_invoice_from_name - $config_invoice_from_email"; ?></option>
<option value="<?php echo $config_quote_from_email; ?>">
<?php echo "$config_quote_from_name - $config_quote_from_email"; ?></option>
<option value="<?php echo $config_ticket_from_email; ?>">
<?php echo "$config_ticket_from_name - $config_ticket_from_email"; ?></option>
<option value="<?php echo nullable_htmlentities($config_mail_from_email); ?>">
<?php echo nullable_htmlentities("$config_mail_from_name - $config_mail_from_email"); ?></option>
<option value="<?php echo nullable_htmlentities($config_invoice_from_email); ?>">
<?php echo nullable_htmlentities("$config_invoice_from_name - $config_invoice_from_email"); ?></option>
<option value="<?php echo nullable_htmlentities($config_quote_from_email); ?>">
<?php echo nullable_htmlentities("$config_quote_from_name - $config_quote_from_email"); ?></option>
<option value="<?php echo nullable_htmlentities($config_ticket_from_email); ?>">
<?php echo nullable_htmlentities("$config_ticket_from_name - $config_ticket_from_email"); ?></option>
</select>
</div>