foreach($channels as $channel)
{
echo "<tr>";
- echo "<td>".$channel->name."</td>";
+ echo "<td>".htmlspecialchars($channel->name)."</td>";
echo "<td>".$channel->num_users."</td>";
$modes = (isset($channel->modes)) ? "+" . $channel->modes : "<none>";
- echo "<td>".$modes."</td>";
- $topic = (isset($channel->topic)) ? $channel->topic : "";
+ echo "<td>".htmlspecialchars($modes)."</td>";
+ $topic = (isset($channel->topic)) ? htmlspecialchars($channel->topic) : "";
echo "<td>".$topic."</td>";
echo "<td>".$channel->creation_time."</td>";
echo "</tr>";
$tooltip = "Installed from GitHub";
$display_string = $tok[0]."-".$tok[1];
}
+ $tooltip = htmlspecialchars($tooltip);
+ $display_string = htmlspecialchars($display_string);
}
$return = "<span data-toggle=\"tooltip\" data-placement=\"bottom\" title=\"$tooltip\"><code>" . $display_string . "</code> <div class=\"badge rounded-pill badge-dark\">$badge</div></a>";
}
<tbody>
<tr>
<th>Name</th>
- <td colspan="2"><code><?php echo $server->name; ?></code></td>
+ <td colspan="2"><code><?php echo htmlspecialchars($server->name); ?></code></td>
</tr><tr>
<th>Server ID (SID)</th>
- <td colspan="2"><code><?php echo $server->id; ?></code></td>
+ <td colspan="2"><code><?php echo htmlspecialchars($server->id); ?></code></td>
</tr><tr>
<th>Info</th>
- <td colspan="2"><code><?php echo $server->server->info; ?></code></td>
+ <td colspan="2"><code><?php echo htmlspecialchars($server->server->info); ?></code></td>
</tr><tr>
<th>Uplink</th>
<?php $serverlkup = (isset($server->server->uplink)) ? $rpc->server()->get($server->server->uplink) : "<span class=\"badge rounded-pill badge-info\">None</span>"; ?>
- <td colspan="2"><code><?php echo "<a href=\"".BASE_URL."servers/details.php?server=".$serverlkup->id."\">".$server->server->uplink."</a>"; ?></code></td>
+ <td colspan="2"><code><?php echo "<a href=\"".BASE_URL."servers/details.php?server=".htmlspecialchars($serverlkup->id)."\">".htmlspecialchars($server->server->uplink)."</a>"; ?></code></td>
</tr><tr>
<th>User count</th>
- <td colspan="2"><code><?php echo $server->server->num_users; ?></code></td>
+ <td colspan="2"><code><?php echo htmlspecialchars($server->server->num_users); ?></code></td>
</tr><tr>
<th>Version</th>
<td colspan="2"><?php echo sinfo_conv_version_string($server); ?></td>
<?php
foreach ($modules->list as $module) {
echo "<tr>\n";
- echo "<td><code>$module->name</code></td>";
+ echo "<td><code>".htmlspecialchars($module->name)."</code></td>";
$desc = $module->description;
$short_desc = substr($desc, 0, 70); // truncate to 80 chars
if (strlen($desc) > strlen($short_desc))
$short_desc .= "...";
- echo "<td><span href='#' data-toggle='tooltip' title=\"$desc\">$short_desc</span></td>";
+ echo "<td><span href='#' data-toggle='tooltip' title=\"".htmlspecialchars($desc)."\">".htmlspecialchars($short_desc)."</span></td>";
$source = (!$module->third_party) ? "<div class=\"badge rounded-pill badge-success\">Official</div>" : "<div class=\"badge rounded-pill badge-info\">Third-Party</div>";
- echo "<td>$source</td>";
- echo "<td>$module->author</td>";
- echo "<td>$module->version</td>";
+ echo "<td>".htmlspecialchars($source)."</td>";
+ echo "<td>".htmlspecialchars($module->author)."</td>";
+ echo "<td>".htmlspecialchars($module->version)."</td>";
}
}
?>
<tbody>
<tr>
<th>Nick</th>
- <td colspan="2"><code><?php echo $user->name; ?></code></td>
+ <td colspan="2"><code><?php echo htmlspecialchars($user->name); ?></code></td>
</tr><tr>
<th>User ID (UID)</th>
- <td colspan="2"><code><?php echo $user->id; ?></code></td>
+ <td colspan="2"><code><?php echo htmlspecialchars($user->id); ?></code></td>
</tr><tr>
<th>Real Host</th>
- <td colspan="2"><code><?php echo $user->hostname; ?></code></td>
+ <td colspan="2"><code><?php echo htmlspecialchars($user->hostname); ?></code></td>
</tr><tr>
<th>IP</th>
- <td colspan="2"><code><?php echo $user->ip." </code> ";
+ <td colspan="2"><code><?php echo htmlspecialchars($user->ip)." </code> ";
if ($cc = (isset($user->geoip->country_code)) ? strtolower($user->geoip->country_code) : "")
{
- ?> <img src="https://flagcdn.com/48x36/<?php echo $cc; ?>.png"
+ ?> <img src="https://flagcdn.com/48x36/<?php echo htmlspecialchars($cc); ?>.png"
width="20"
height="15">
<?php } ?>
</td>
</tr><tr>
<th>Ident</th>
- <td colspan="2"><code><?php echo $user->user->username; ?></code></td>
+ <td colspan="2"><code><?php echo htmlspecialchars($user->user->username); ?></code></td>
</tr><tr>
<th>GECOS / Real Name</th>
- <td colspan="2"><code><?php echo $user->user->realname; ?></code></td>
+ <td colspan="2"><code><?php echo htmlspecialchars($user->user->realname); ?></code></td>
</tr><tr>
<th>Virtual Host</th>
- <td colspan="2"><code><?php echo (isset($user->user->vhost)) ? $user->user->vhost : ""; ?></code></td>
+ <td colspan="2"><code><?php echo (isset($user->user->vhost)) ? htmlspecialchars($user->user->vhost) : ""; ?></code></td>
</tr><tr>
<th>Connected to</th>
<?php $serverlkup = $rpc->server()->get($user->user->servername); ?>
- <td colspan="2"><a href="<?php echo BASE_URL."servers/details.php?server=$serverlkup->id"; ?>"><code><?php echo $user->user->servername; ?></code></td>
+ <td colspan="2"><a href="<?php echo BASE_URL."servers/details.php?server=$serverlkup->id"; ?>"><code><?php echo htmlspecialchars($user->user->servername); ?></code></td>
</tr>
<tr>
<th>Logged in as</th>
- <td colspan="2"><code><?php echo (isset($user->user->account)) ? "<a href=\"".BASE_URL."users/?account=".$user->user->account."\">".$user->user->account."</a>" : ""; ?></code></td>
+ <td colspan="2"><code><?php echo (isset($user->user->account)) ? "<a href=\"".BASE_URL."users/?account=".htmlspecialchars($user->user->account)."\">".htmlspecialchars($user->user->account)."</a>" : ""; ?></code></td>
</tr>
<table class="table-sm table-responsive caption-top table-hover">
<tr>
<td>Oper Login</td>
- <td><code><?php echo $user->user->operlogin; ?></code></td>
+ <td><code><?php echo htmlspecialchars($user->user->operlogin); ?></code></td>
</tr>
<tr>
<td>Oper Class</td>
- <td><?php echo (isset($user->user->operclass)) ? "<span class=\"rounded-pill badge badge-info\">".$user->user->operclass."</span>" : "<span class=\"rounded-pill badge badge-info\">None</span>"; ?></td>
+ <td><?php echo (isset($user->user->operclass)) ? "<span class=\"rounded-pill badge badge-info\">".htmlspecialchars($user->user->operclass)."</span>" : "<span class=\"rounded-pill badge badge-info\">None</span>"; ?></td>
</tr>
</table>
</td>
<table class="table-sm table-responsive caption-top table-hover">
<tr>
<td>Cipher</td>
- <td><code><?php echo $user->tls->cipher; ?></code></td>
+ <td><code><?php echo htmlspecialchars($user->tls->cipher); ?></code></td>
</tr>
<tr>
<td>Cert Fingerprint</td>
- <td><?php echo (isset($user->tls->certfp)) ? "<code>".$user->tls->certfp."</code>" : "<span class=\"rounded-pill badge badge-info\">None</span>"; ?></td>
+ <td><?php echo (isset($user->tls->certfp)) ? "<code>".htmlspecialchars($user->tls->certfp)."</code>" : "<span class=\"rounded-pill badge badge-info\">None</span>"; ?></td>
</tr>
</table>
</td>
</table>
<?php
-}
\ No newline at end of file
+}