From 632d9ccfeb062bfbff7b70108850ebf6201194c2 Mon Sep 17 00:00:00 2001
From: Humorhenker <36549980+Humorhenker@users.noreply.github.com>
Date: Fri, 27 Sep 2019 14:41:48 +0200
Subject: [PATCH] Use htmlentities to mitigate potential XSS vulnerabilities

---
 public/admin.php    | 10 +++++-----
 public/settings.php |  2 +-
 public/unsub.php    |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/public/admin.php b/public/admin.php
index 0436b26..e8a4d1c 100644
--- a/public/admin.php
+++ b/public/admin.php
@@ -33,7 +33,7 @@ if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) {
         echo 'Erfolgreich geändert.';
     }
     if (isset($_GET['fehler'])) {
-        echo '<h3>Fehler: ' . $_GET['fehler'] . '</h3>';
+        echo '<h3>Fehler: ' . htmlentities($_GET['fehler']) . '</h3>';
     }
     echo '<a href="settings.php"><p>Normale Einstellungen</p></a><a href="logout.php"><button>Logout</button></a>';
     echo '<h3>Mailadresse aktivieren:</h3>
@@ -42,7 +42,7 @@ if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) {
     $abfrage = "SELECT `id`, `username`, `domain` FROM `accounts` WHERE `enabled` LIKE 0";
     $result = $dbh->query($abfrage);
     while ($emails = $result->fetch()) {
-        echo '<option value="' . $emails['id'] . '">' . $emails['username'] . '@' . $emails['domain'] . '</option>';
+        echo '<option value="' . htmlentities($emails['id']) . '">' . htmlentities($emails['username']) . '@' . htmlentities($emails['domain']) . '</option>';
     }
     echo '</select></label>
 <input type="submit" name="submit" value="aktivieren"/>';
@@ -54,7 +54,7 @@ if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) {
     $abfrage = "SELECT `id`, `username`, `domain` FROM `accounts` WHERE `enabled` LIKE 1";
     $result = $dbh->query($abfrage);
     while ($emails = $result->fetch()) {
-        echo '<option value="' . $emails['id'] . '">' . $emails['username'] . '@' . $emails['domain'] . '</option>';
+        echo '<option value="' . htmlentities($emails['id']) . '">' . htmlentities($emails['username']) . '@' . htmlentities($emails['domain']) . '</option>';
     }
     echo '</select></label>
 <input type="submit" name="submit" value="deaktivieren"/>
@@ -65,7 +65,7 @@ if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) {
     $abfrage = "SELECT `id`, `domain` FROM `domains`";
     $result = $dbh->query($abfrage);
     while ($domains = $result->fetch()) {
-        echo '<option value="' . $domains['id'] . '">' . $domains['domain'] . '</option>';
+        echo '<option value="' . htmlentities($domains['id']) . '">' . htmlentities($domains['domain']) . '</option>';
     }
 echo '</select> (benutze nicht ' .  "'" . ')</label>
 <label>Neues Passwort<input type="password" name="newmailpw"/>(min. 8 Zeichen, benutze nicht ' .  "'" . ')</label>
@@ -78,7 +78,7 @@ echo '</select> (benutze nicht ' .  "'" . ')</label>
     $abfrage = "SELECT `id`, `username`, `domain` FROM `accounts`";
     $result = $dbh->query($abfrage);
     while ($emails = $result->fetch()) {
-        echo '<option value="' . $emails['id'] . '">' . $emails['username'] . '@' . $emails['domain'] . '</option>';
+        echo '<option value="' . htmlentities($emails['id']) . '">' . htmlentities($emails['username']) . '@' . $emails['domain'] . '</option>';
     }
     echo '</select></label>
 <input type="submit" name="submit" value="ENTFERNEN"/>
diff --git a/public/settings.php b/public/settings.php
index cdc757c..5a38737 100644
--- a/public/settings.php
+++ b/public/settings.php
@@ -28,7 +28,7 @@ if ($_SESSION['log'] == 1) {
     <title>Mail Settings</title>
     </head>
     <body>
-    <h1>Mail Settings:</h1><p>Guten Tag, ' . $_SESSION['username'] . '@' . $_SESSION['domain'] . '</p>';
+    <h1>Mail Settings:</h1><p>Guten Tag, ' . htmlentities($_SESSION['username']) . '@' . htmlentities($_SESSION['domain']) . '</p>';
     $randval = rand(0, 99);
     echo '<!-- '. $randval . ' -->';
     if (rand(0,99) == 42) {
diff --git a/public/unsub.php b/public/unsub.php
index 65b2a67..d127483 100644
--- a/public/unsub.php
+++ b/public/unsub.php
@@ -45,7 +45,7 @@ echo '<h2>Mailliste Abmeldung:</h2>
     <form method="POST" action="bin/unsubmaillistpre.php">
     <label>Maillistadresse: <input name="source_adress" type="text"';
     if (isset($_GET['maillist'])) {
-        echo 'value="' . htmlspecialchars($_GET['maillist']) . '" readonly="true"';
+        echo 'value="' . htmlentities($_GET['maillist']) . '" readonly="true"';
     }
     echo '/></label>
     <label>Nutzeradresse: <input name="destination_adress" type="text"/></label>