diff --git a/public/admin.php b/public/admin.php index 0436b26..e8a4d1c 100644 --- a/public/admin.php +++ b/public/admin.php @@ -33,7 +33,7 @@ if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) { echo 'Erfolgreich geƤndert.'; } if (isset($_GET['fehler'])) { - echo '

Fehler: ' . $_GET['fehler'] . '

'; + echo '

Fehler: ' . htmlentities($_GET['fehler']) . '

'; } echo '

Normale Einstellungen

'; echo '

Mailadresse aktivieren:

@@ -42,7 +42,7 @@ if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) { $abfrage = "SELECT `id`, `username`, `domain` FROM `accounts` WHERE `enabled` LIKE 0"; $result = $dbh->query($abfrage); while ($emails = $result->fetch()) { - echo ''; + echo ''; } echo ' '; @@ -54,7 +54,7 @@ if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) { $abfrage = "SELECT `id`, `username`, `domain` FROM `accounts` WHERE `enabled` LIKE 1"; $result = $dbh->query($abfrage); while ($emails = $result->fetch()) { - echo ''; + echo ''; } echo ' @@ -65,7 +65,7 @@ if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) { $abfrage = "SELECT `id`, `domain` FROM `domains`"; $result = $dbh->query($abfrage); while ($domains = $result->fetch()) { - echo ''; + echo ''; } echo ' (benutze nicht ' . "'" . ') @@ -78,7 +78,7 @@ echo ' (benutze nicht ' . "'" . ') $abfrage = "SELECT `id`, `username`, `domain` FROM `accounts`"; $result = $dbh->query($abfrage); while ($emails = $result->fetch()) { - echo ''; + echo ''; } echo ' diff --git a/public/settings.php b/public/settings.php index cdc757c..5a38737 100644 --- a/public/settings.php +++ b/public/settings.php @@ -28,7 +28,7 @@ if ($_SESSION['log'] == 1) { Mail Settings -

Mail Settings:

Guten Tag, ' . $_SESSION['username'] . '@' . $_SESSION['domain'] . '

'; +

Mail Settings:

Guten Tag, ' . htmlentities($_SESSION['username']) . '@' . htmlentities($_SESSION['domain']) . '

'; $randval = rand(0, 99); echo ''; if (rand(0,99) == 42) { diff --git a/public/unsub.php b/public/unsub.php index 65b2a67..d127483 100644 --- a/public/unsub.php +++ b/public/unsub.php @@ -45,7 +45,7 @@ echo '

Mailliste Abmeldung: