[Weberp-svn] SF.net SVN: weberp:[8494] trunk
Brought to you by:
sotandeka,
tim_schofield
Menu
▾
▴
[Weberp-svn] SF.net SVN: weberp:[8494] trunk
|
From: <tim...@us...> - 2012-02-10 11:41:16
|
Revision: 8494
http://weberp.svn.sourceforge.net/weberp/?rev=8494&view=rev
Author: tim_schofield
Date: 2012-02-10 11:40:59 +0000 (Fri, 10 Feb 2012)
Log Message:
-----------
Filter any html characters passed in the URL
Modified Paths:
--------------
trunk/AccountGroups.php
trunk/AccountSections.php
trunk/AddCustomerContacts.php
trunk/AddCustomerNotes.php
trunk/AddCustomerTypeNotes.php
trunk/AgedDebtors.php
trunk/AgedSuppliers.php
trunk/Areas.php
trunk/AuditTrail.php
trunk/BOMExtendedQty.php
trunk/BOMIndented.php
trunk/BOMIndentedReverse.php
trunk/BOMInquiry.php
trunk/BOMListing.php
trunk/BOMs.php
trunk/BackupDatabase.php
trunk/BankAccounts.php
trunk/BankMatching.php
trunk/BankReconciliation.php
trunk/COGSGLPostings.php
trunk/CompanyPreferences.php
trunk/ConfirmDispatch_Invoice.php
trunk/ContractBOM.php
trunk/ContractCosting.php
trunk/ContractOtherReqts.php
trunk/Contracts.php
trunk/CounterSales.php
trunk/CreditStatus.php
trunk/Credit_Invoice.php
trunk/Currencies.php
trunk/CustEDISetup.php
trunk/CustLoginSetup.php
trunk/CustWhereAlloc.php
trunk/CustomerAllocations.php
trunk/CustomerBranches.php
trunk/CustomerInquiry.php
trunk/CustomerReceipt.php
trunk/CustomerTransInquiry.php
trunk/CustomerTypes.php
trunk/Customers.php
trunk/DailyBankTransactions.php
trunk/DailySalesInquiry.php
trunk/DebtorsAtPeriodEnd.php
trunk/DeliveryDetails.php
trunk/Departments.php
trunk/DiscountCategories.php
trunk/DiscountMatrix.php
trunk/EDIMessageFormat.php
trunk/EmailCustTrans.php
trunk/ExchangeRateTrend.php
trunk/FTP_RadioBeacon.php
trunk/Factors.php
trunk/FixedAssetCategories.php
trunk/FixedAssetDepreciation.php
trunk/FixedAssetItems.php
trunk/FixedAssetLocations.php
trunk/FixedAssetRegister.php
trunk/FixedAssetTransfer.php
trunk/FormDesigner.php
trunk/FreightCosts.php
trunk/GLAccountCSV.php
trunk/GLAccountInquiry.php
trunk/GLAccountReport.php
trunk/GLAccounts.php
trunk/GLBalanceSheet.php
trunk/GLBudgets.php
trunk/GLJournal.php
trunk/GLJournalInquiry.php
trunk/GLProfit_Loss.php
trunk/GLTagProfit_Loss.php
trunk/GLTags.php
trunk/GLTrialBalance.php
trunk/GeocodeSetup.php
trunk/GoodsReceived.php
trunk/InternalStockRequest.php
trunk/InternalStockRequestAuthorisation.php
trunk/InternalStockRequestFulfill.php
trunk/InventoryPlanning.php
trunk/InventoryPlanningPrefSupplier.php
trunk/InventoryQuantities.php
trunk/InventoryValuation.php
trunk/Labels.php
trunk/Locations.php
trunk/MRP.php
trunk/MRPCalendar.php
trunk/MRPCreateDemands.php
trunk/MRPDemandTypes.php
trunk/MRPDemands.php
trunk/MRPPlannedPurchaseOrders.php
trunk/MRPPlannedWorkOrders.php
trunk/MRPReport.php
trunk/MRPReschedules.php
trunk/MRPShortages.php
trunk/Manufacturers.php
trunk/OffersReceived.php
trunk/OutstandingGRNs.php
trunk/PDFBankingSummary.php
trunk/PDFChequeListing.php
trunk/PDFCustTransListing.php
trunk/PDFCustomerList.php
trunk/PDFDIFOT.php
trunk/PDFDeliveryDifferences.php
trunk/PDFLowGP.php
trunk/PDFOrderStatus.php
trunk/PDFOrdersInvoiced.php
trunk/PDFPeriodStockTransListing.php
trunk/PDFPickingList.php
trunk/PDFPriceList.php
trunk/PDFPrintLabel.php
trunk/PDFRemittanceAdvice.php
trunk/PDFStockCheckComparison.php
trunk/PDFStockLocTransfer.php
trunk/PDFStockTransfer.php
trunk/PDFStockTransfer_departments.php
trunk/PDFSuppTransListing.php
trunk/POReport.php
trunk/PO_AuthorisationLevels.php
trunk/PO_AuthoriseMyOrders.php
trunk/PO_Header.php
trunk/PO_Items.php
trunk/PO_PDFPurchOrder.php
trunk/PO_SelectOSPurchOrder.php
trunk/PO_SelectPurchOrder.php
trunk/PageSecurity.php
trunk/PaymentMethods.php
trunk/PaymentTerms.php
trunk/Payments.php
trunk/PcAssignCashToTab.php
trunk/PcAuthorizeExpenses.php
trunk/PcClaimExpensesFromTab.php
trunk/PcExpenses.php
trunk/PcExpensesTypeTab.php
trunk/PcReportTab.php
trunk/PcTabs.php
trunk/PcTypeTabs.php
trunk/Prices.php
trunk/PricesBasedOnMarkUp.php
trunk/PricesByCost.php
trunk/Prices_Customer.php
trunk/PrintCustStatements.php
trunk/PrintCustTrans.php
trunk/PrintCustTransPortrait.php
trunk/PurchData.php
trunk/RecurringSalesOrders.php
trunk/ReorderLevel.php
trunk/ReorderLevelLocation.php
trunk/ReprintGRN.php
trunk/ReverseGRN.php
trunk/SMTPServer.php
trunk/SalesAnalReptCols.php
trunk/SalesAnalRepts.php
trunk/SalesCategories.php
trunk/SalesGLPostings.php
trunk/SalesGraph.php
trunk/SalesInquiry.php
trunk/SalesPeople.php
trunk/SalesTypes.php
trunk/SecurityTokens.php
trunk/SelectCompletedOrder.php
trunk/SelectContract.php
trunk/SelectCreditItems.php
trunk/SelectCustomer.php
trunk/SelectGLAccount.php
trunk/SelectOrderItems.php
trunk/SelectProduct.php
trunk/SelectRecurringSalesOrder.php
trunk/SelectSalesOrder.php
trunk/SelectSupplier.php
trunk/SelectWorkOrder.php
trunk/ShipmentCosting.php
trunk/Shipments.php
trunk/Shippers.php
trunk/Shipt_Select.php
trunk/SpecialOrder.php
trunk/StockAdjustments.php
trunk/StockCategories.php
trunk/StockCheck.php
trunk/StockCostUpdate.php
trunk/StockCounts.php
trunk/StockDispatch.php
trunk/StockLocMovements.php
trunk/StockLocStatus.php
trunk/StockLocTransfer.php
trunk/StockLocTransferReceive.php
trunk/StockMovements.php
trunk/StockQuantityByDate.php
trunk/StockReorderLevel.php
trunk/StockSerialItemResearch.php
trunk/StockStatus.php
trunk/StockTransfers.php
trunk/StockUsage.php
trunk/Stocks.php
trunk/SuppContractChgs.php
trunk/SuppCreditGRNs.php
trunk/SuppFixedAssetChgs.php
trunk/SuppInvGRNs.php
trunk/SuppPaymentRun.php
trunk/SuppPriceList.php
trunk/SuppShiptChgs.php
trunk/SuppTransGLAnalysis.php
trunk/SupplierAllocations.php
trunk/SupplierBalsAtPeriodEnd.php
trunk/SupplierContacts.php
trunk/SupplierCredit.php
trunk/SupplierInquiry.php
trunk/SupplierInvoice.php
trunk/SupplierTenders.php
trunk/SupplierTransInquiry.php
trunk/SupplierTypes.php
trunk/Suppliers.php
trunk/SystemParameters.php
trunk/Tax.php
trunk/TaxAuthorities.php
trunk/TaxAuthorityRates.php
trunk/TaxCategories.php
trunk/TaxGroups.php
trunk/TaxProvinces.php
trunk/TopItems.php
trunk/UnitsOfMeasure.php
trunk/UpgradeDatabase.php
trunk/UserSettings.php
trunk/WOSerialNos.php
trunk/WWW_Access.php
trunk/WWW_Users.php
trunk/WhereUsedInquiry.php
trunk/WorkCentres.php
trunk/WorkOrderCosting.php
trunk/WorkOrderEntry.php
trunk/WorkOrderIssue.php
trunk/WorkOrderReceive.php
trunk/Z_BottomUpCosts.php
trunk/Z_ChangeBranchCode.php
trunk/Z_ChangeCustomerCode.php
trunk/Z_ChangeStockCategory.php
trunk/Z_ChangeStockCode.php
trunk/Z_ChangeSupplierCode.php
trunk/Z_CheckDebtorsControl.php
trunk/Z_CreateCompanyTemplateFile.php
trunk/Z_DataExport.php
trunk/Z_DeleteSalesTransActions.php
trunk/Z_ImportChartOfAccounts.php
trunk/Z_ImportGLAccountGroups.php
trunk/Z_ImportGLAccountSections.php
trunk/Z_ImportPartCodes.php
trunk/Z_MakeNewCompany.php
trunk/Z_ReApplyCostToSA.php
trunk/Z_RePostGLFromPeriod.php
trunk/Z_ReverseSuppPaymentRun.php
trunk/Z_UpdateChartDetailsBFwd.php
trunk/Z_Upgrade3.10.php
trunk/Z_UpgradeDatabase.php
trunk/Z_Upgrade_3.04-3.05.php
trunk/Z_Upgrade_3.05-3.06.php
trunk/Z_Upgrade_3.07-3.08.php
trunk/Z_Upgrade_3.08-3.09.php
trunk/Z_Upgrade_3.09-3.10.php
trunk/Z_Upgrade_3.10-3.11.php
trunk/Z_Upgrade_3.11-4.00.php
trunk/Z_poAddLanguage.php
trunk/Z_poEditLangHeader.php
trunk/Z_poEditLangModule.php
trunk/Z_poEditLangRemaining.php
trunk/Z_poRebuildDefault.php
trunk/api/api_session.inc
trunk/config.distrib.php
trunk/doc/Manual/ManualContents.php
trunk/doc/Manual/ManualGettingStarted.html
trunk/includes/InputSerialItems.php
trunk/includes/InputSerialItemsExisting.php
trunk/includes/InputSerialItemsKeyed.php
trunk/includes/InputSerialItemsSequential.php
trunk/includes/Login.php
trunk/includes/OutputSerialItems.php
trunk/includes/session.inc
trunk/includes/tcpdf/config/tcpdf_config.php
trunk/includes/tcpdf/config/tcpdf_config_alt.php
trunk/index.php
trunk/install/save.php
trunk/locale/de_DE.utf8/Manual/ManualContents.php
trunk/locale/de_DE.utf8/Manual/ManualGettingStarted.html
trunk/locale/zh_CN.utf8/Manual/ManualContents.php
trunk/locale/zh_CN.utf8/Manual/ManualGettingStarted.html
trunk/locale/zh_HK.utf8/Manual/ManualContents.php
trunk/locale/zh_HK.utf8/Manual/ManualGettingStarted.html
Modified: trunk/AccountGroups.php
===================================================================
--- trunk/AccountGroups.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/AccountGroups.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -262,8 +262,8 @@
<td>' . $myrow[2] . '</td>
<td>' . $PandLText . '</td>
<td>' . $myrow[4] . '</td>';
- echo '<td><a href="' . $_SERVER['PHP_SELF'] . '?SelectedAccountGroup=' . htmlentities($myrow[0], ENT_QUOTES,'UTF-8') . '">' . _('Edit') . '</a></td>';
- echo '<td><a href="' . $_SERVER['PHP_SELF'] . '?SelectedAccountGroup=' . htmlentities($myrow[0], ENT_QUOTES,'UTF-8') . '&delete=1">' . _('Delete') .'</a></td></tr>';
+ echo '<td><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?SelectedAccountGroup=' . htmlentities($myrow[0], ENT_QUOTES,'UTF-8') . '">' . _('Edit') . '</a></td>';
+ echo '<td><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?SelectedAccountGroup=' . htmlentities($myrow[0], ENT_QUOTES,'UTF-8') . '&delete=1">' . _('Delete') .'</a></td></tr>';
} //END WHILE LIST LOOP
echo '</table>';
@@ -271,12 +271,12 @@
if (isset($_POST['SelectedAccountGroup']) OR isset($_GET['SelectedAccountGroup'])) {
- echo '<br /><div class="centre"><a href="' . $_SERVER['PHP_SELF'] . '">' . _('Review Account Groups') . '</a></div>';
+ echo '<br /><div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">' . _('Review Account Groups') . '</a></div>';
}
if (! isset($_GET['delete'])) {
- echo '<br /><form method="post" id="AccountGroups" action="' . $_SERVER['PHP_SELF'] . '">';
+ echo '<br /><form method="post" id="AccountGroups" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
Modified: trunk/AccountSections.php
===================================================================
--- trunk/AccountSections.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/AccountSections.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -192,11 +192,11 @@
}
echo '<td>' . $myrow[0] . '</td><td>' . $myrow[1] . '</td>';
- echo '<td><a href="' . $_SERVER['PHP_SELF'] . '?SelectedSectionID=' . $myrow[0] . '">' . _('Edit') . '</a></td>';
+ echo '<td><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?SelectedSectionID=' . $myrow[0] . '">' . _('Edit') . '</a></td>';
if ( $myrow[0] == '1' or $myrow[0] == '2' ) {
echo '<td><b>'._('Restricted').'</b></td>';
} else {
- echo '<td><a href="' . $_SERVER['PHP_SELF'] . '?SelectedSectionID=' . $myrow[0] . '&delete=1">' . _('Delete') .'</a></td>';
+ echo '<td><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?SelectedSectionID=' . $myrow[0] . '&delete=1">' . _('Delete') .'</a></td>';
}
echo '</tr>';
} //END WHILE LIST LOOP
@@ -205,12 +205,12 @@
if (isset($_POST['SelectedSectionID']) or isset($_GET['SelectedSectionID'])) {
- echo '<div class="centre"><a href="' . $_SERVER['PHP_SELF'] . '">' . _('Review Account Sections') . '</a></div>';
+ echo '<div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">' . _('Review Account Sections') . '</a></div>';
}
if (! isset($_GET['delete'])) {
- echo '<form method="post" name="AccountSections" action="' . $_SERVER['PHP_SELF'] . '">';
+ echo '<form method="post" name="AccountSections" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($_GET['SelectedSectionID'])) {
Modified: trunk/AddCustomerContacts.php
===================================================================
--- trunk/AddCustomerContacts.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/AddCustomerContacts.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -142,10 +142,10 @@
$myrow['role'],
$myrow['phoneno'],
$myrow['notes'],
- $_SERVER['PHP_SELF'] . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?',
$myrow['contid'],
$myrow['debtorno'],
- $_SERVER['PHP_SELF'] . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?',
$myrow['contid'],
$myrow['debtorno']);
@@ -154,14 +154,14 @@
echo '</table>';
}
if (isset($Id)) { ?>
- <div class="centre"><a href="<?php echo $_SERVER['PHP_SELF'] . '?DebtorNo='.$DebtorNo;?>"><?=_('Review all contacts for this Customer')?></a></div>
+ <div class="centre"><a href="<?php echo htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?DebtorNo='.$DebtorNo;?>"><?=_('Review all contacts for this Customer')?></a></div>
<?php } ?>
<br />
<?php
if (!isset($_GET['delete'])) {
- echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . 'DebtorNo='.$DebtorNo.'">';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . 'DebtorNo='.$DebtorNo.'">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($Id)) {
Modified: trunk/AddCustomerNotes.php
===================================================================
--- trunk/AddCustomerNotes.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/AddCustomerNotes.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -136,10 +136,10 @@
$myrow['note'],
$myrow['href'],
$myrow['priority'],
- $_SERVER['PHP_SELF'] . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?',
$myrow['noteid'],
$myrow['debtorno'],
- $_SERVER['PHP_SELF'] . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?',
$myrow['noteid'],
$myrow['debtorno']);
@@ -148,13 +148,13 @@
echo '</table>';
}
if (isset($Id)) {
- echo '<div class="centre"><a href="'.$_SERVER['PHP_SELF'] . '?DebtorNo='.$DebtorNo.'"><?='._('Review all notes for this Customer').'</a></div>';
+ echo '<div class="centre"><a href="'.htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?DebtorNo='.$DebtorNo.'"><?='._('Review all notes for this Customer').'</a></div>';
}
echo '<br />';
if (!isset($_GET['delete'])) {
- echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '?DebtorNo='.$DebtorNo.'">';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?DebtorNo='.$DebtorNo.'">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($Id)) {
Modified: trunk/AddCustomerTypeNotes.php
===================================================================
--- trunk/AddCustomerTypeNotes.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/AddCustomerTypeNotes.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -132,10 +132,10 @@
$myrow['note'],
$myrow['href'],
$myrow['priority'],
- $_SERVER['PHP_SELF'] . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?',
$myrow['noteid'],
$myrow['typeid'],
- $_SERVER['PHP_SELF'] . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?',
$myrow['noteid'],
$myrow['typeid']);
@@ -144,14 +144,14 @@
echo '</table>';
}
if (isset($Id)) { ?>
- <div class="cantre"><a href="<?php echo $_SERVER['PHP_SELF'] . '?DebtorType='.$DebtorType;?>"><?=_('Review all notes for this Customer Type')?></a></div>
+ <div class="cantre"><a href="<?php echo htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?DebtorType='.$DebtorType;?>"><?=_('Review all notes for this Customer Type')?></a></div>
<?php } ?>
<br />
<?php
if (!isset($_GET['delete'])) {
- echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '?DebtorType='.$DebtorType.'">';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?DebtorType='.$DebtorType.'">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($Id)) {
Modified: trunk/AgedDebtors.php
===================================================================
--- trunk/AgedDebtors.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/AgedDebtors.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -469,7 +469,7 @@
/*if $FromCriteria is not set then show a form to allow input */
- echo '<form action=' . $_SERVER['PHP_SELF'] . ' method="post"><table>';
+ echo '<form action=' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . ' method="post"><table>';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<tr><td>' . _('From Customer Code') . ':' . '</font></td><td><input tabindex="1" type="text" maxlength="6" size="7" name="FromCriteria" value="0" /></td></tr>';
Modified: trunk/AgedSuppliers.php
===================================================================
--- trunk/AgedSuppliers.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/AgedSuppliers.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -278,7 +278,7 @@
/*if $FromCriteria is not set then show a form to allow input */
- echo '<form sction="' . $_SERVER['PHP_SELF'] . '" method="post">';
+ echo '<form sction="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<table><tr><td>' . _('From Supplier Code') . ':</font></td>
Modified: trunk/Areas.php
===================================================================
--- trunk/Areas.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/Areas.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -162,8 +162,8 @@
}
echo '<td>' . $myrow['areacode'] . '</td>
<td>' . $myrow['areadescription'] . '</td>';
- echo '<td><a href="' . $_SERVER['PHP_SELF'] . '?SelectedArea=' . $myrow['areacode'] . '">' . _('Edit') . '</a></td>';
- echo '<td><a href="' . $_SERVER['PHP_SELF'] . '?SelectedArea=' . $myrow['areacode'] . '&delete=yes">' . _('Delete') . '</a></td>';
+ echo '<td><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?SelectedArea=' . $myrow['areacode'] . '">' . _('Edit') . '</a></td>';
+ echo '<td><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?SelectedArea=' . $myrow['areacode'] . '&delete=yes">' . _('Delete') . '</a></td>';
echo '<td><a href="SelectCustomer.php?Area=' . $myrow['areacode'] . '">' . _('View Customers from this Area') . '</a></td>';
}
//END WHILE LIST LOOP
@@ -173,13 +173,13 @@
//end of ifs and buts!
if (isset($SelectedArea)) {
- echo '<div class="centre"><a href="' . $_SERVER['PHP_SELF'] . '">' . _('Review Areas Defined') . '</a></div>';
+ echo '<div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">' . _('Review Areas Defined') . '</a></div>';
}
if (!isset($_GET['delete'])) {
- echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '"><br />';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '"><br />';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($SelectedArea)) {
Modified: trunk/AuditTrail.php
===================================================================
--- trunk/AuditTrail.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/AuditTrail.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -34,7 +34,7 @@
// Get list of users
$UserResult = DB_query("SELECT userid FROM www_users",$db);
-echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="post">';
+echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<table class="selection">';
Modified: trunk/BOMExtendedQty.php
===================================================================
--- trunk/BOMExtendedQty.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/BOMExtendedQty.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -271,7 +271,7 @@
include('includes/header.inc');
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/maintenance.png" title="' . _('Search') . '" alt="" />' . ' ' . $title.'</p><br />';
- echo '<br /><br /><form action=' . $_SERVER['PHP_SELF'] . ' method="post"><table class="selection">';
+ echo '<br /><br /><form action=' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . ' method="post"><table class="selection">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<tr><td>' . _('Part') . ':</td><td><input type ="text" name="Part" size="20" />';
echo '<tr><td>' . _('Quantity') . ':</td><td><input type="text" class="number" name="Quantity" size="4" />';
Modified: trunk/BOMIndented.php
===================================================================
--- trunk/BOMIndented.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/BOMIndented.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -252,7 +252,7 @@
include('includes/header.inc');
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/maintenance.png" title="' . _('Search') . '" alt="" />' . ' ' . $title.'</p><br />';
- echo '<br /><br /><form action=' . $_SERVER['PHP_SELF'] . ' method="post"><table class="selection">';
+ echo '<br /><br /><form action=' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . ' method="post"><table class="selection">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<tr><td>' . _('Part') . ':</td>';
echo '<td><input type ="text" name="Part" size="20" />';
Modified: trunk/BOMIndentedReverse.php
===================================================================
--- trunk/BOMIndentedReverse.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/BOMIndentedReverse.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -246,7 +246,7 @@
include('includes/header.inc');
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/maintenance.png" title="' . _('Search') . '" alt="" />' . ' ' . $title.'</p><br />';
- echo '<br /><br /><form action=' . $_SERVER['PHP_SELF'] . ' method="post"><table class="selection">';
+ echo '<br /><br /><form action=' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . ' method="post"><table class="selection">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<tr><td>' . _('Part') . ':</td>';
echo '<td><input type ="text" name="Part" size="20" />';
Modified: trunk/BOMInquiry.php
===================================================================
--- trunk/BOMInquiry.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/BOMInquiry.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -13,7 +13,7 @@
}
if (!isset($_POST['StockID'])) {
- echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="post">
+ echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '" method="post">
<div class="page_help_text">'. _('Select a manufactured part') . ' (' . _('or Assembly or Kit part') . ') ' .
_('to view the costed bill of materials') . '.' . '<br /><font size="1">' .
_('Parts must be defined in the stock item entry') . '/' . _('modification screen as manufactured') .
Modified: trunk/BOMListing.php
===================================================================
--- trunk/BOMListing.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/BOMListing.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -114,7 +114,7 @@
/*if $FromCriteria is not set then show a form to allow input */
- echo '<form action=' . $_SERVER['PHP_SELF'] . ' method="post">';
+ echo '<form action=' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . ' method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<table class="selection">
Modified: trunk/BOMs.php
===================================================================
--- trunk/BOMs.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/BOMs.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -117,7 +117,7 @@
$DrillID='';
} else {
$DrillText = '<a href="%s&Select=%s">' . _('Drill Down');
- $DrillLink = $_SERVER['PHP_SELF'] . '?';
+ $DrillLink = htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?';
$DrillID=$myrow[0];
}
if ($ParentMBflag!='M' AND $ParentMBflag!='G'){
@@ -159,12 +159,12 @@
ConvertSQLDate($myrow[6]),
$AutoIssue,
$QuantityOnHand,
- $_SERVER['PHP_SELF'] . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?',
$Parent,
$myrow[0],
$DrillLink,
$DrillID,
- $_SERVER['PHP_SELF'] . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?',
$Parent,
$myrow[0],
$UltimateParent);
@@ -413,7 +413,7 @@
break;
}
- echo '<br /><div class="centre"><a href="' . $_SERVER['PHP_SELF'] . '">' . _('Select a Different BOM') . '</a></div><br />';
+ echo '<br /><div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">' . _('Select a Different BOM') . '</a></div><br />';
echo '<table class="selection">';
// Display Manufatured Parent Items
$sql = "SELECT bom.parent,
@@ -432,7 +432,7 @@
if( DB_num_rows($result) > 0 ) {
echo '<tr><td><div class="centre">'._('Manufactured parent items').' : ';
while ($myrow = DB_fetch_array($result)){
- echo (($ix)?', ':'').'<a href="'.$_SERVER['PHP_SELF'] . '?Select='.$myrow['parent'].'">'.
+ echo (($ix)?', ':'').'<a href="'.htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?Select='.$myrow['parent'].'">'.
$myrow['description'].' ('.$myrow['parent'].')</a>';
$ix++;
} //end while loop
@@ -453,7 +453,7 @@
echo (($reqnl)?'<br />':'').'<tr><td><div class="centre">'._('Assembly parent items').' : ';
$ix = 0;
while ($myrow = DB_fetch_array($result)){
- echo (($ix)?', ':'').'<a href="'.$_SERVER['PHP_SELF'] . '?Select='.$myrow['parent'].'">'.
+ echo (($ix)?', ':'').'<a href="'.htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?Select='.$myrow['parent'].'">'.
$myrow['description'].' ('.$myrow['parent'].')</a>';
$ix++;
} //end while loop
@@ -473,7 +473,7 @@
echo (($reqnl)?'<br />':'').'<tr><td><div class="centre">'._('Kit sets').' : ';
$ix = 0;
while ($myrow = DB_fetch_array($result)){
- echo (($ix)?', ':'').'<a href="'.$_SERVER['PHP_SELF'] . '?Select='.$myrow['parent'].'">'.
+ echo (($ix)?', ':'').'<a href="'.htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?Select='.$myrow['parent'].'">'.
$myrow['description'].' ('.$myrow['parent'].')</a>';
$ix++;
} //end while loop
@@ -493,7 +493,7 @@
echo (($reqnl)?'<br />':'').'<tr><td><div class="centre">'._('Phantom').' : ';
$ix = 0;
while ($myrow = DB_fetch_array($result)){
- echo (($ix)?', ':'').'<a href="'.$_SERVER['PHP_SELF'] . '?Select='.$myrow['parent'].'">'.
+ echo (($ix)?', ':'').'<a href="'.htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?Select='.$myrow['parent'].'">'.
$myrow['description'].' ('.$myrow['parent'].')</a>';
$ix++;
} //end while loop
@@ -548,7 +548,7 @@
if (! isset($_GET['delete'])) {
- echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '?Select=' . $SelectedParent .'">';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?Select=' . $SelectedParent .'">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($_GET['SelectedComponent']) and $InputError !=1) {
@@ -783,7 +783,7 @@
if (!isset($SelectedParent)) {
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/magnifier.png" title="' . _('Search') . '" alt="" />' . ' ' . $title . '</p>';
- echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="post">' .
+ echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '" method="post">' .
'<div class="page_help_text">'. _('Select a manufactured part') . ' (' . _('or Assembly or Kit part') . ') ' .
_('to maintain the bill of material for using the options below') . '.' . '<br /><font size="1">' .
_('Parts must be defined in the stock item entry') . '/' . _('modification screen as manufactured') .
Modified: trunk/BackupDatabase.php
===================================================================
--- trunk/BackupDatabase.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/BackupDatabase.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -42,7 +42,7 @@
prnMsg(_('Once you have downloaded the database backup file to your local machine you should use the link below to delete it - backup files can consume a lot of space on your hosting account and will accumulate if not deleted - they also contain sensitive information which would otherwise be available for others to download!'),'info');
echo '<br />
<br />
- <div class="centre"><a href="'. $_SERVER['PHP_SELF'] . '?BackupFile=' .$BackupFile .'">' . _('Delete the backup file off the server') . '</a></div>';
+ <div class="centre"><a href="'. htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?BackupFile=' .$BackupFile .'">' . _('Delete the backup file off the server') . '</a></div>';
} else {
prnMsg(_('There was some problem producing a backup using mysqldump. Normally this relates to a permissions issue - the web-server user must have permission to write to the companies directory'),'error');
}
Modified: trunk/BankAccounts.php
===================================================================
--- trunk/BankAccounts.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/BankAccounts.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -232,9 +232,9 @@
$myrow[5],
$myrow[6],
$defacc,
- $_SERVER['PHP_SELF'],
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'),
$myrow[0],
- $_SERVER['PHP_SELF'],
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'),
$myrow[0]);
}
@@ -246,11 +246,11 @@
if (isset($SelectedBankAccount)) {
echo '<br />';
- echo '<div class="centre"><p><a href="' . $_SERVER['PHP_SELF'] . '">' . _('Show All Bank Accounts Defined') . '</a></p></div>';
+ echo '<div class="centre"><p><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">' . _('Show All Bank Accounts Defined') . '</a></p></div>';
echo '<br />';
}
-echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">';
+echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($SelectedBankAccount) AND !isset($_GET['delete'])) {
Modified: trunk/BankMatching.php
===================================================================
--- trunk/BankMatching.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/BankMatching.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -78,7 +78,7 @@
echo '<div class="page_help_text">' . _('Use this screen to match webERP Receipts and Payments to your Bank Statement. Check your bank statement and click the check-box when you find the matching transaction.') . '</div><br />';
-echo '<form action="'. $_SERVER['PHP_SELF'] . '" method="post">';
+echo '<form action="'. htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<input type="hidden" name="Type" value="' . $Type . '" />';
Modified: trunk/BankReconciliation.php
===================================================================
--- trunk/BankReconciliation.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/BankReconciliation.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -8,7 +8,7 @@
include('includes/header.inc');
-echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">';
+echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/money_add.png" title="' . _('Search') . '" alt="" />' . ' ' . $title.'</p><br />';
Modified: trunk/COGSGLPostings.php
===================================================================
--- trunk/COGSGLPostings.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/COGSGLPostings.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -113,9 +113,9 @@
$myrow[2],
$myrow[3],
$myrow[4],
- $_SERVER['PHP_SELF'] . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?',
$myrow[0],
- $_SERVER['PHP_SELF'] . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?',
$myrow[0]);
}//end while
echo '</table>';
@@ -217,9 +217,9 @@
$myrow[2],
$myrow[3],
$myrow[4],
- $_SERVER['PHP_SELF'] . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?',
$myrow[0],
- $_SERVER['PHP_SELF'] . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?',
$myrow[0]);
}//END WHILE LIST LOOP
@@ -229,12 +229,12 @@
//end of ifs and buts!
if (isset($SelectedCOGSPostingID)) {
- echo '<div class="centre"><a href="' . $_SERVER['PHP_SELF'] .'">' . _('Show all cost of sales posting records') . '</a></div>';
+ echo '<div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') .'">' . _('Show all cost of sales posting records') . '</a></div>';
}
echo '<br />';
-echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">';
+echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($SelectedCOGSPostingID)) {
Modified: trunk/CompanyPreferences.php
===================================================================
--- trunk/CompanyPreferences.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/CompanyPreferences.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -155,7 +155,7 @@
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/maintenance.png" title="' . _('Search') . '" alt="" />' . ' ' . $title.'</p><br />';
-echo '<form method="post" action=' . $_SERVER['PHP_SELF'] . '>';
+echo '<form method="post" action=' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '>';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<table class="selection">';
Modified: trunk/ConfirmDispatch_Invoice.php
===================================================================
--- trunk/ConfirmDispatch_Invoice.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/ConfirmDispatch_Invoice.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -263,7 +263,7 @@
</table>
<br />';
-echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="post">';
+echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
/***************************************************************
Modified: trunk/ContractBOM.php
===================================================================
--- trunk/ContractBOM.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/ContractBOM.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -223,7 +223,7 @@
/* This is where the order as selected should be displayed reflecting any deletions or insertions*/
-echo '<form name="ContractBOMForm" action="' . $_SERVER['PHP_SELF'] . '?identifier='.$identifier. '" method="post">';
+echo '<form name="ContractBOMForm" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?identifier='.$identifier. '" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (count($_SESSION['Contract'.$identifier]->ContractBOM)>0){
@@ -268,7 +268,7 @@
<td>' . $ContractComponent->UOM . '</td>
<td class="number">' . locale_number_format($ContractComponent->ItemCost,4) . '</td>
<td class="number">' . $DisplayLineTotal . '</td>
- <td><a href="' . $_SERVER['PHP_SELF'] . '?identifier='.$identifier. '&Delete=' . $ContractComponent->ComponentID . '">' . _('Delete') . '</a></td></tr>';
+ <td><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?identifier='.$identifier. '&Delete=' . $ContractComponent->ComponentID . '">' . _('Delete') . '</a></td></tr>';
$TotalCost += $LineTotal;
}
Modified: trunk/ContractCosting.php
===================================================================
--- trunk/ContractCosting.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/ContractCosting.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -406,7 +406,7 @@
if ($_SESSION['Contract'.$identifier]->Status ==2){//the contract is an order being processed now
- echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '?SelectedContract=' . $_SESSION['Contract'.$identifier]->ContractRef . '&identifier=' . $identifier . '">';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?SelectedContract=' . $_SESSION['Contract'.$identifier]->ContractRef . '&identifier=' . $identifier . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<br /><div class="centre"><input type="submit" name="CloseContract" value="' . _('Close Contract') . '" onclick="return confirm(\'' . _('Closing the contract will prevent further stock being issued to it and charges being made against it. Variances will be taken to the profit and loss account. Are You Sure?') . '\');" /></div>';
echo '</form>';
Modified: trunk/ContractOtherReqts.php
===================================================================
--- trunk/ContractOtherReqts.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/ContractOtherReqts.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -75,7 +75,7 @@
/* This is where the other requirement as entered/modified should be displayed reflecting any deletions or insertions*/
-echo '<form name="ContractReqtsForm" action="' . $_SERVER['PHP_SELF'] . '?identifier='.$identifier. '" method="post">';
+echo '<form name="ContractReqtsForm" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?identifier='.$identifier. '" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/contract.png" title="' ._('Contract Other Requirements') . '" alt="" /> ' .
_('Contract Other Requirements') . ' - ' . $_SESSION['Contract'.$identifier]->CustomerName.'</p>';
@@ -116,7 +116,7 @@
<td><input type="text" class="number" name="Qty' . $ContractReqtID . '" size="11" value="' . locale_number_format($ContractComponent->Quantity,2) . '" /></td>
<td><input type="text" class="number" name="CostPerUnit' . $ContractReqtID . '" size="11" value="' . locale_money_format($ContractComponent->CostPerUnit,$_SESSION['Contract'.$identifier]->CurrCode) . '" /></td>
<td class="number">' . $DisplayLineTotal . '</td>
- <td><a href="' . $_SERVER['PHP_SELF'] . '?identifier='.$identifier. '&Delete=' . $ContractReqtID . '">' . _('Delete') . '</a></td></tr>';
+ <td><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?identifier='.$identifier. '&Delete=' . $ContractReqtID . '">' . _('Delete') . '</a></td></tr>';
$TotalCost += $LineTotal;
}
Modified: trunk/Contracts.php
===================================================================
--- trunk/Contracts.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/Contracts.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -742,7 +742,7 @@
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/contract.png" title="' . _('Contract') . '" alt="" />' .
' ' . _('Contract: Select Customer') . '</p>';
- echo '<form action="' . $_SERVER['PHP_SELF'] . '?identifier=' . $identifier .'" name="CustomerSelection" method="post">';
+ echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?identifier=' . $identifier .'" name="CustomerSelection" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<table cellpadding="3" colspan="4" class="selection">
@@ -810,7 +810,7 @@
//end if RequireCustomerSelection
} else { /*A customer is already selected so get into the contract setup proper */
- echo '<form name="ContractEntry" enctype="multipart/form-data" action="' . $_SERVER['PHP_SELF'] . '?identifier=' . $identifier . '" method="post">';
+ echo '<form name="ContractEntry" enctype="multipart/form-data" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?identifier=' . $identifier . '" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<p class="page_title_text">
Modified: trunk/CounterSales.php
===================================================================
--- trunk/CounterSales.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/CounterSales.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -246,7 +246,7 @@
echo '<br /><br />';
prnMsg(_('This sale has been cancelled as requested'),'success');
- echo '<br /><br /><a href="' .$_SERVER['PHP_SELF'] . '">' . _('Start a new Counter Sale') . '</a>';
+ echo '<br /><br /><a href="' .htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">' . _('Start a new Counter Sale') . '</a>';
include('includes/footer.inc');
exit;
@@ -396,7 +396,7 @@
/* Always do the stuff below */
-echo '<form action="' . $_SERVER['PHP_SELF'] . '?identifier='.$identifier . '" name="SelectParts" method="post">';
+echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?identifier='.$identifier . '" name="SelectParts" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
//Get The exchange rate used for GPPercent calculations on adding or amending items
@@ -843,7 +843,7 @@
$_SESSION['Items'.$identifier]->TaxGLCodes=$TaxGLCodes;
echo '<td class="number">' . locale_money_format($TaxLineTotal ,$_SESSION['Items'.$identifier]->DefaultCurrency) . '</td>';
echo '<td class="number">' . locale_money_format($SubTotal + $TaxLineTotal ,$_SESSION['Items'.$identifier]->DefaultCurrency) . '</td>';
- echo '<td><a href="' . $_SERVER['PHP_SELF'] . '?identifier='.$identifier . '&Delete=' . $OrderLine->LineNumber . '" onclick="return confirm(\'' . _('Are You Sure?') . '\');">' . _('Delete') . '</a></td></tr>';
+ echo '<td><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?identifier='.$identifier . '&Delete=' . $OrderLine->LineNumber . '" onclick="return confirm(\'' . _('Are You Sure?') . '\');">' . _('Delete') . '</a></td></tr>';
if ($_SESSION['AllowOrderLineItemNarrative'] == 1){
echo $RowStarter;
@@ -2037,7 +2037,7 @@
} else {
echo '<img src="'.$rootpath.'/css/'.$theme.'/images/printer.png" title="' . _('Print') . '" alt="" />' . ' ' . '<a target="_blank" href="'.$rootpath.'/PrintCustTransPortrait.php?FromTransNo='.$InvoiceNo.'&InvOrCredit=Invoice&PrintPDF=True">'. _('Print this invoice'). ' (' . _('Portrait') . ')</a><br /><br />';
}
- echo '<br /><br /><a href="' .$_SERVER['PHP_SELF'] . '">' . _('Start a new Counter Sale') . '</a></div>';
+ echo '<br /><br /><a href="' .htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">' . _('Start a new Counter Sale') . '</a></div>';
}
// There were input errors so don't process nuffin
@@ -2256,7 +2256,7 @@
if (isset($SearchResult)) {
$j = 1;
- echo '<form action="' . $_SERVER['PHP_SELF'] . '?identifier='.$identifier . '" method="post" name="orderform">';
+ echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?identifier='.$identifier . '" method="post" name="orderform">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<table class="selection">';
echo '<tr><td><input type="hidden" name="previous" value="'.locale_number_format($Offset-1,0).'" />
Modified: trunk/CreditStatus.php
===================================================================
--- trunk/CreditStatus.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/CreditStatus.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -177,9 +177,9 @@
$myrow[0],
$myrow[1],
$DissallowText,
- $_SERVER['PHP_SELF'],
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'),
$myrow[0],
- $_SERVER['PHP_SELF'],
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'),
$myrow[0]);
} //END WHILE LIST LOOP
@@ -188,12 +188,12 @@
} //end of ifs and buts!
if (isset($SelectedReason)) {
- echo '<div class="centre"><a href="' . $_SERVER['PHP_SELF'] . '">' . _('Show Defined Credit Status Codes') . '</a></div>';
+ echo '<div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">' . _('Show Defined Credit Status Codes') . '</a></div>';
}
if (!isset($_GET['delete'])) {
- echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($SelectedReason) and ($InputError!=1)) {
Modified: trunk/Credit_Invoice.php
===================================================================
--- trunk/Credit_Invoice.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/Credit_Invoice.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -261,7 +261,7 @@
if (!isset($_POST['ProcessCredit'])) {
- echo '<form action="' . $_SERVER['PHP_SELF'] .'" method="post">';
+ echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') .'" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
@@ -382,7 +382,7 @@
echo '<td class="number">' . $DisplayTaxAmount . '</td>
<td class="number">' . $DisplayGrossLineTotal . '</td>
- <td><a href="'. $_SERVER['PHP_SELF'] . '?Delete=' . $LnItm->LineNumber . '">' . _('Delete') . '</a></td></tr>';
+ <td><a href="'. htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?Delete=' . $LnItm->LineNumber . '">' . _('Delete') . '</a></td></tr>';
echo '<tr'.$RowStarter . '><td colspan="12"><textarea tabindex="'.$j.'" name="Narrative_' . $LnItm->LineNumber . '" cols=100% rows=1>' . $LnItm->Narrative . '</textarea><br /><hr></td></tr>';
$j++;
Modified: trunk/Currencies.php
===================================================================
--- trunk/Currencies.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/Currencies.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -248,10 +248,10 @@
locale_number_format($myrow['decimalplaces'],0),
locale_number_format($myrow['rate'],5),
locale_number_format(GetCurrencyRate($myrow['currabrev'],$CurrencyRatesArray),5),
- $_SERVER['PHP_SELF'] . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?',
$myrow['currabrev'],
_('Edit'),
- $_SERVER['PHP_SELF'] . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?',
$myrow['currabrev'],
_('Delete'),
$rootpath,
@@ -282,14 +282,14 @@
if (isset($SelectedCurrency)) {
- echo '<div class="centre"><a href="' .$_SERVER['PHP_SELF'] . '">'._('Show all currency definitions').'</a></div>';
+ echo '<div class="centre"><a href="' .htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">'._('Show all currency definitions').'</a></div>';
}
echo '<br />';
if (!isset($_GET['delete'])) {
- echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($SelectedCurrency) AND $SelectedCurrency!='') {
Modified: trunk/CustEDISetup.php
===================================================================
--- trunk/CustEDISetup.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/CustEDISetup.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -69,7 +69,7 @@
}
}
-echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">';
+echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<br /><table class="selection">';
Modified: trunk/CustLoginSetup.php
===================================================================
--- trunk/CustLoginSetup.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/CustLoginSetup.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -300,9 +300,9 @@
$myrow[8],
$myrow[9],
$myrow[10],
- $_SERVER['PHP_SELF'] . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?',
$myrow[0],
- $_SERVER['PHP_SELF'] . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?',
$myrow[0]);
} //END WHILE LIST LOOP
@@ -311,10 +311,10 @@
if (isset($SelectedUser)) {
- echo '<div class="centre"><a href="' . $_SERVER['PHP_SELF'] .'">' . _('Review Existing Users') . '</a></div><br />';
+ echo '<div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') .'">' . _('Review Existing Users') . '</a></div><br />';
}
-echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">';
+echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($SelectedUser)) {
Modified: trunk/CustWhereAlloc.php
===================================================================
--- trunk/CustWhereAlloc.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/CustWhereAlloc.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -6,7 +6,7 @@
$title = _('Customer How Paid Inquiry');
include('includes/header.inc');
-echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="post">';
+echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/money_add.png" title="' . _('Customer Where Allocated'). '" alt="" />' . $title . '</p>';
Modified: trunk/CustomerAllocations.php
===================================================================
--- trunk/CustomerAllocations.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/CustomerAllocations.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -341,7 +341,7 @@
if (isset($_POST['AllocTrans'])) {
// Page called with trans number
- echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="post">';
+ echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<input type="hidden" name="AllocTrans" value="' . $_POST['AllocTrans'] . '" />';
@@ -480,7 +480,7 @@
<td>' . ConvertSQLDate($myrow['trandate']) . '</td>
<td class="number">' . locale_money_format($myrow['total'],$myrow['currcode']) . '</td>
<td class="number">' . locale_money_format($myrow['total']-$myrow['alloc'],$myrow['currcode']) . '</td>';
- echo '<td><a href=' . $_SERVER['PHP_SELF']. '?AllocTrans=' . $myrow['id'] . '>' . _('Allocate') . '</a></td></tr>';
+ echo '<td><a href=' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'). '?AllocTrans=' . $myrow['id'] . '>' . _('Allocate') . '</a></td></tr>';
}
DB_free_result($result);
echo '</table><br />';
@@ -519,7 +519,7 @@
$k=0;
while ($myrow = DB_fetch_array($result)) {
- $allocate = '<a href=' . $_SERVER['PHP_SELF']. '?AllocTrans=' . $myrow['id'] . '>' . _('Allocate') . '</a>';
+ $allocate = '<a href=' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'). '?AllocTrans=' . $myrow['id'] . '>' . _('Allocate') . '</a>';
if ( $curDebtor != $myrow['debtorno'] ) {
if ( $curTrans > 1 ) {
Modified: trunk/CustomerBranches.php
===================================================================
--- trunk/CustomerBranches.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/CustomerBranches.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -422,11 +422,11 @@
$myrow[8],
$myrow[9],
($myrow[11]?_('No'):_('Yes')),
- $_SERVER['PHP_SELF'],
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'),
$DebtorNo,
urlencode($myrow[1]),
_('Edit'),
- $_SERVER['PHP_SELF'],
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'),
$DebtorNo,
urlencode($myrow[1]),
_('Delete Branch'));
@@ -466,7 +466,7 @@
}
if (!isset($_GET['delete'])) {
- echo '<form method="post" action="' . $_SERVER['PHP_SELF'] .'">';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') .'">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($SelectedBranch)) {
@@ -542,7 +542,7 @@
echo '<p Class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/customer.png" title="' . _('Customer') . '" alt="" />' .
' ' . _('Change Details for Branch'). ' '. $SelectedBranch . '</p>';
if (isset($SelectedBranch)) {
- echo '<div class="centre"><a href="' . $_SERVER['PHP_SELF'] . '?DebtorNo=' . $DebtorNo. '">' . _('Show all branches defined for'). ' '. $DebtorNo . '</a></div>';
+ echo '<div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?DebtorNo=' . $DebtorNo. '">' . _('Show all branches defined for'). ' '. $DebtorNo . '</a></div>';
}
echo '<br /><table class="selection">';
echo '<tr><th colspan="2"><div class="centre"><b>'._('Change Branch').'</b></th></tr>';
Modified: trunk/CustomerInquiry.php
===================================================================
--- trunk/CustomerInquiry.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/CustomerInquiry.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -145,7 +145,7 @@
</tr>
</table>';
-echo '<br /><div class="centre"><form action="' . $_SERVER['PHP_SELF'] . '" method="post">';
+echo '<br /><div class="centre"><form action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo _('Show all transactions after') . ': <input tabindex="1" type="text" class="date" alt="'.$_SESSION['DefaultDateFormat'].'" id="datepicker" name="TransAfterDate" value="' . $_POST['TransAfterDate'] . '" maxlength="10" size="12" />' .
' <input tabindex="2" type="submit" name="Refresh Inquiry" value="' . _('Refresh Inquiry') . '" /></div></form><br />';
Modified: trunk/CustomerReceipt.php
===================================================================
--- trunk/CustomerReceipt.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/CustomerReceipt.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -704,7 +704,7 @@
/*set up the form whatever */
-echo '<form action="' . $_SERVER['PHP_SELF'] . '?Type='.$_GET['Type'] . '" method="post" name="form1">';
+echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?Type='.$_GET['Type'] . '" method="post" name="form1">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
/*show the batch header details and the entries in the batch so far */
@@ -864,7 +864,7 @@
<td>' . stripslashes($ReceiptItem->CustomerName) . '</td>
<td>'.$ReceiptItem->GLCode.' - '.$myrow['accountname'].'</td>
<td>'.$ReceiptItem->Narrative . '</td>
- <td><a href="' . $_SERVER['PHP_SELF'] . '?Delete=' . $ReceiptItem->ID . '&Type='.$_GET['Type'].'">' . _('Delete') . '</a></td>
+ <td><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?Delete=' . $ReceiptItem->ID . '&Type='.$_GET['Type'].'">' . _('Delete') . '</a></td>
</tr>';
$BatchTotal= $BatchTotal + $ReceiptItem->Amount;
}
Modified: trunk/CustomerTransInquiry.php
===================================================================
--- trunk/CustomerTransInquiry.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/CustomerTransInquiry.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -11,7 +11,7 @@
' ' . _('Transaction Inquiry') . '</p>';
echo '<div class="page_help_text">' . _('Choose which type of transaction to report on.') . '</div><br />';
-echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="post">';
+echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<table cellpadding="2" class="selection"><tr>';
Modified: trunk/CustomerTypes.php
===================================================================
--- trunk/CustomerTypes.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/CustomerTypes.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -204,9 +204,9 @@
</tr>',
$myrow[0],
$myrow[1],
- $_SERVER['PHP_SELF'] . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?',
$myrow[0],
- $_SERVER['PHP_SELF'] . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?',
$myrow[0]);
}
//END WHILE LIST LOOP
@@ -216,11 +216,11 @@
//end of ifs and buts!
if (isset($SelectedType)) {
- echo '<div class="centre"><p><a href="' . $_SERVER['PHP_SELF'] . '">' . _('Show All Types Defined') . '</a></p></div>';
+ echo '<div class="centre"><p><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">' . _('Show All Types Defined') . '</a></p></div>';
}
if (! isset($_GET['delete'])) {
- echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<br /><table class="selection">'; //Main table
Modified: trunk/Customers.php
===================================================================
--- trunk/Customers.php 2012-02-06 12:57:23 UTC (rev 8493)
+++ trunk/Customers.php 2012-02-10 11:40:59 UTC (rev 8494)
@@ -437,12 +437,12 @@
}
if ($SetupErrors>0) {
- echo '<br /><div class="centre"><a href="'.$_SERVER['PHP_SELF'] .'" >'._('Click here to continue').'</a></div>';
+ echo '<br /><div class="centre"><a href="'.htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') .'" >'._('Click here to continue').'</a></div>';
include('includes/footer.inc');
exit;
}
- echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<input type="hidden" name="New" value="Yes" />';
@@ -602,7 +602,7 @@
//DebtorNo exists - either p...
[truncated message content] |
