diff --git a/public/include/pages/password/reset.inc.php b/public/include/pages/password/reset.inc.php index f7334fe8..86f91dd9 100644 --- a/public/include/pages/password/reset.inc.php +++ b/public/include/pages/password/reset.inc.php @@ -1,14 +1,13 @@ initResetPassword($_POST['username'], $smarty)) { $_SESSION['POPUP'][] = array('CONTENT' => 'Please check your mail account to finish your password reset'); } else { - $_SESSION['POPUP'][] = array('CONTENT' => $user->getError(), 'TYPE' => 'errormsg'); + $_SESSION['POPUP'][] = array('CONTENT' => htmlentities($user->getError(), ENT_QUOTES), 'TYPE' => 'errormsg'); } // Tempalte specifics, user default template by parent page diff --git a/public/templates/mobile/password/default.tpl b/public/templates/mobile/password/default.tpl index 69943979..b4af5660 100644 --- a/public/templates/mobile/password/default.tpl +++ b/public/templates/mobile/password/default.tpl @@ -2,5 +2,5 @@

If you have an email set for your account, enter your username to get your password reset

-

+

diff --git a/public/templates/mpos/account/invitations/default.tpl b/public/templates/mpos/account/invitations/default.tpl index 1ce19a04..e43b37d0 100644 --- a/public/templates/mpos/account/invitations/default.tpl +++ b/public/templates/mpos/account/invitations/default.tpl @@ -1,6 +1,6 @@
- - + +

Invitation

diff --git a/public/templates/mpos/account/transactions/default.tpl b/public/templates/mpos/account/transactions/default.tpl index 2b936780..89411ced 100644 --- a/public/templates/mpos/account/transactions/default.tpl +++ b/public/templates/mpos/account/transactions/default.tpl @@ -22,22 +22,22 @@

Transaction Filter

- - + + {if $COUNTTRANSACTIONS / $LIMIT > 1}
{if $smarty.request.start|default:"0" > 0} - + {else} {/if} {if $COUNTTRANSACTIONS - $smarty.request.start|default:"0" - $LIMIT > 0} - + {else} {/if} diff --git a/public/templates/mpos/account/workers/default.tpl b/public/templates/mpos/account/workers/default.tpl index 39c61776..defb20cc 100644 --- a/public/templates/mpos/account/workers/default.tpl +++ b/public/templates/mpos/account/workers/default.tpl @@ -1,8 +1,8 @@

Add New Worker

- - + +
@@ -26,8 +26,8 @@

Worker Configuration

- - + + diff --git a/public/templates/mpos/admin/news/default.tpl b/public/templates/mpos/admin/news/default.tpl index dfcdfd36..fdfbc4ab 100644 --- a/public/templates/mpos/admin/news/default.tpl +++ b/public/templates/mpos/admin/news/default.tpl @@ -1,8 +1,8 @@

News Posts

- - + +
@@ -30,8 +30,8 @@
{$NEWS[news].content}
-   - +   +
diff --git a/public/templates/mpos/admin/news_edit/default.tpl b/public/templates/mpos/admin/news_edit/default.tpl index e2c9c61b..241506b4 100644 --- a/public/templates/mpos/admin/news_edit/default.tpl +++ b/public/templates/mpos/admin/news_edit/default.tpl @@ -1,8 +1,8 @@

Edit news entry #{$NEWS.id}

- - + +
diff --git a/public/templates/mpos/admin/reports/earnings_control.tpl b/public/templates/mpos/admin/reports/earnings_control.tpl index 7fd5b8cd..e83269e3 100644 --- a/public/templates/mpos/admin/reports/earnings_control.tpl +++ b/public/templates/mpos/admin/reports/earnings_control.tpl @@ -1,15 +1,15 @@ - - + +

Earnings Information

@@ -17,7 +17,7 @@
- + - +
-
+
{html_options name="id" options=$USERLIST selected=$USERID|default:"0"} @@ -33,7 +33,7 @@
-
+
SHOW EMPTY ROUNDS

diff --git a/public/templates/mpos/admin/settings/default.tpl b/public/templates/mpos/admin/settings/default.tpl index 9bdebf21..a4c4d5c0 100644 --- a/public/templates/mpos/admin/settings/default.tpl +++ b/public/templates/mpos/admin/settings/default.tpl @@ -1,7 +1,7 @@
- - + +

Settings

diff --git a/public/templates/mpos/admin/transactions/default.tpl b/public/templates/mpos/admin/transactions/default.tpl index 364fa511..75e615b8 100644 --- a/public/templates/mpos/admin/transactions/default.tpl +++ b/public/templates/mpos/admin/transactions/default.tpl @@ -22,22 +22,22 @@

Transaction Filter

- - + + {if $COUNTTRANSACTIONS / $LIMIT > 1} diff --git a/public/templates/mpos/statistics/graphs/default.tpl b/public/templates/mpos/statistics/graphs/default.tpl index 64c7abe4..0b10a60a 100644 --- a/public/templates/mpos/statistics/graphs/default.tpl +++ b/public/templates/mpos/statistics/graphs/default.tpl @@ -8,8 +8,8 @@
-{include file="{$smarty.request.page}/{$smarty.request.action}/mine.tpl"} -{include file="{$smarty.request.page}/{$smarty.request.action}/pool.tpl"} -{include file="{$smarty.request.page}/{$smarty.request.action}/both.tpl"} +{include file="{$smarty.request.page|escape}/{$smarty.request.action|escape}/mine.tpl"} +{include file="{$smarty.request.page|escape}/{$smarty.request.action|escape}/pool.tpl"} +{include file="{$smarty.request.page|escape}/{$smarty.request.action|escape}/both.tpl"}
diff --git a/public/templates/mpos/statistics/round/pplns_block_stats.tpl b/public/templates/mpos/statistics/round/pplns_block_stats.tpl index 63b6e5ae..5e99fcc1 100644 --- a/public/templates/mpos/statistics/round/pplns_block_stats.tpl +++ b/public/templates/mpos/statistics/round/pplns_block_stats.tpl @@ -4,10 +4,10 @@ diff --git a/public/templates/mpos/statistics/round/pplns_block_stats_small.tpl b/public/templates/mpos/statistics/round/pplns_block_stats_small.tpl index 07fa4c73..06a70bba 100644 --- a/public/templates/mpos/statistics/round/pplns_block_stats_small.tpl +++ b/public/templates/mpos/statistics/round/pplns_block_stats_small.tpl @@ -4,10 +4,10 @@
{if $smarty.request.start|default:"0" > 0} - + {else} {/if} {if $COUNTTRANSACTIONS - $smarty.request.start|default:"0" - $LIMIT > 0} - + {else} {/if} diff --git a/public/templates/mpos/admin/user/default.tpl b/public/templates/mpos/admin/user/default.tpl index 4a632696..370fbbe8 100644 --- a/public/templates/mpos/admin/user/default.tpl +++ b/public/templates/mpos/admin/user/default.tpl @@ -3,21 +3,21 @@ $.ajax({ type: "POST", url: "{$smarty.server.PHP_SELF}", - data: "page={$smarty.request.page}&action={$smarty.request.action}&do=fee&account_id=" + id, + data: "page={$smarty.request.page|escape}&action={$smarty.request.action|escape}&do=fee&account_id=" + id, }); } function storeLock(id) { $.ajax({ type: "POST", url: "{$smarty.server.PHP_SELF}", - data: "page={$smarty.request.page}&action={$smarty.request.action}&do=lock&account_id=" + id, + data: "page={$smarty.request.page|escape}&action={$smarty.request.action|escape}&do=lock&account_id=" + id, }); } function storeAdmin(id) { $.ajax({ type: "POST", url: "{$smarty.server.PHP_SELF}", - data: "page={$smarty.request.page}&action={$smarty.request.action}&do=admin&account_id=" + id, + data: "page={$smarty.request.page|escape}&action={$smarty.request.action|escape}&do=admin&account_id=" + id, }); } diff --git a/public/templates/mpos/password/default.tpl b/public/templates/mpos/password/default.tpl index 9115932c..78f124cf 100644 --- a/public/templates/mpos/password/default.tpl +++ b/public/templates/mpos/password/default.tpl @@ -7,7 +7,7 @@

If you have an email set for your account, enter your username to get your password reset

- +
diff --git a/public/templates/mpos/statistics/blocks/block_shares_graph.tpl b/public/templates/mpos/statistics/blocks/block_shares_graph.tpl index cacbc2cf..6a4fcb62 100644 --- a/public/templates/mpos/statistics/blocks/block_shares_graph.tpl +++ b/public/templates/mpos/statistics/blocks/block_shares_graph.tpl @@ -40,10 +40,10 @@
- + - +
- + - +
- + - +