diff --git a/app/admin/api/edit.php b/app/admin/api/edit.php index 67958997ba6e1644e101047f8795670ae72c3b55..f7bd1b7544c6710797721583bfb187b139d6c0ad 100755 --- a/app/admin/api/edit.php +++ b/app/admin/api/edit.php @@ -36,7 +36,16 @@ if($_POST['action']!="add") { } else { # generate new code $api = new StdClass; + $api->id = null; + $api->app_id = null; $api->app_code = $User->Crypto->generate_html_safe_token(32); + $api->app_permissions = 1; + $api->app_security = "ssl_code"; + $api->app_lock = null; + $api->app_nest_custom_fields = null; + $api->app_show_links = null; + $api->app_lock_wait = null; + $api->app_comment = null; # title $title = _('Add new api key'); } @@ -56,8 +65,8 @@ if($_POST['action']!="add") { <tr> <td><?php print _('App id'); ?></td> <td> - <input type="text" name="app_id" class="form-control input-sm" value="<?php print $Admin->strip_xss(@$api->app_id); ?>" <?php if($_POST['action'] == "delete") print "readonly"; ?>> - <input type="hidden" name="id" value="<?php print $api->id; ?>"> + <input type="text" name="app_id" class="form-control input-sm" value="<?php print escape_input($api->app_id); ?>" <?php if($_POST['action'] == "delete") print "readonly"; ?>> + <input type="hidden" name="id" value="<?php print escape_input($api->id); ?>"> <input type="hidden" name="action" value="<?php print escape_input($_POST['action']); ?>"> <input type="hidden" name="csrf_cookie" value="<?php print $csrf; ?>"> </td> @@ -67,7 +76,7 @@ if($_POST['action']!="add") { <!-- code --> <tr> <td><?php print _('App code'); ?></td> - <td><input type="text" id="appcode" name="app_code" class="form-control input-sm" value="<?php print $Admin->strip_xss(@$api->app_code); ?>" maxlength='32' <?php if($_POST['action'] == "delete") print "readonly"; ?>></td> + <td><input type="text" id="appcode" name="app_code" class="form-control input-sm" value="<?php print escape_input($api->app_code); ?>" maxlength='32' <?php if($_POST['action'] == "delete") print "readonly"; ?>></td> <td class="info2"><?php print _('Application code'); ?> <button class="btn btn-xs btn-default" id="regApiKey"><i class="fa fa-random"></i> <?php print _('Regenerate'); ?></button></td> </tr> @@ -127,7 +136,7 @@ if($_POST['action']!="add") { <tr> <td><?php print _('Lock timeout'); ?></td> <td> - <input name="app_lock_wait" class="form-control input-sm input-w-auto" value="<?php print $Admin->strip_xss(@$api->app_lock_wait); ?>"> + <input name="app_lock_wait" class="form-control input-sm input-w-auto" value="<?php print escape_input($api->app_lock_wait); ?>"> </td> <td class="info2"><?php print _('Seconds to wait for transaction lock to clear'); ?></td> </tr> @@ -170,7 +179,7 @@ if($_POST['action']!="add") { <tr> <td><?php print _('Description'); ?></td> <td> - <input type="text" name="app_comment" class="form-control input-sm" value="<?php print $Admin->strip_xss(@$api->app_comment); ?>" <?php if($_POST['action'] == "delete") print "readonly"; ?>> + <input type="text" name="app_comment" class="form-control input-sm" value="<?php print escape_input($api->app_comment); ?>" <?php if($_POST['action'] == "delete") print "readonly"; ?>> </td> <td class="info2"><?php print _('Enter description'); ?></td> </tr> diff --git a/functions/classes/class.Admin.php b/functions/classes/class.Admin.php index e38be3bf296e333f121f0470cb572bab9cea15d7..f5fa9cef679946af5bc382f68b6a56de3e5aee9c 100644 --- a/functions/classes/class.Admin.php +++ b/functions/classes/class.Admin.php @@ -435,7 +435,7 @@ class Admin extends Common_functions { * * @access public * @param mixed $group_id - * @return void + * @return array */ public function group_fetch_missing_users ($group_id) { $out = array (); @@ -679,7 +679,7 @@ class Admin extends Common_functions { $field['fieldDefault'] = is_blank($field['fieldDefault']) ? NULL : $field['fieldDefault']; # character set if needed - if($field['fieldType']=="varchar" || $field['fieldType']=="text" || $field['fieldType']=="set" || $field['fieldType']=="enum") { $charset = "CHARACTER SET utf8"; } + if($field['fieldType']=="varchar" || $field['fieldType']=="text" || $field['fieldType']=="set" || $field['fieldType']=="enum") { $charset = "CHARACTER SET utf8mb4"; } else { $charset = ""; } # escape fields diff --git a/functions/classes/class.FirewallZones.php b/functions/classes/class.FirewallZones.php index 831a8ca7f6450110472c3e16607f824026183b02..275ac31055b46c4fe65434b0f91a5c5b6dbffafb 100644 --- a/functions/classes/class.FirewallZones.php +++ b/functions/classes/class.FirewallZones.php @@ -442,7 +442,7 @@ class FirewallZones extends Common_functions { * Fetches all zones from database * * @access public - * @return void + * @return array|false */ public function get_zones () { # try to fetch all zones diff --git a/functions/classes/class.PDO.php b/functions/classes/class.PDO.php index 7a2af79356a6a2d36427d5838ceb89e97fa03078..fe2af1e7d7a5268be7736384464420b3184bc426 100644 --- a/functions/classes/class.PDO.php +++ b/functions/classes/class.PDO.php @@ -31,7 +31,7 @@ abstract class DB { /** * charset * - * (default value: 'utf8') + * (default value: 'utf8mb4') * * @var string * @access protected diff --git a/functions/classes/class.PowerDNS.php b/functions/classes/class.PowerDNS.php index e6fcd0c01ebc671cefdff775ebbd3578d15ef5b2..ff559054a495957e6948534452bbafdc9bf6c1c1 100644 --- a/functions/classes/class.PowerDNS.php +++ b/functions/classes/class.PowerDNS.php @@ -77,7 +77,7 @@ class PowerDNS extends Common_functions { /** * ttl value * - * @var int|string + * @var object * @access public */ public $ttl;