amorfo77/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2026-05-12 15:05:25 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #7220 from mailcow/fix/06052026

Browse Source 
[Web] escape HTML in sieve filter edit view and queue manager
This commit is contained in:
FreddleSpl0it
2026-05-12 08:36:36 +02:00
committed by GitHub
parent 539c32d99c 33547d1d73
commit a8e945f3da
2 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
data/web/js/site/queue.js
+8 -5
View File
@@ -48,13 +48,13 @@ jQuery(function($){
url: "/api/v1/get/mailq/all",
dataSrc: function(data){
$.each(data, function (i, item) {
item.chkbox = '<input type="checkbox" class="form-check-input" data-id="mailqitems" name="multi_select" value="' + item.queue_id + '" />';
item.chkbox = '<input type="checkbox" class="form-check-input" data-id="mailqitems" name="multi_select" value="' + escapeHtml(item.queue_id) + '" />';
rcpts = $.map(item.recipients, function(i) {
return escapeHtml(i);
});
item.recipients = rcpts.join('<hr style="margin:1px!important">');
item.action = '<div class="btn-group">' +
'<a href="#" data-bs-toggle="modal" data-bs-target="#showQueuedMsg" data-queue-id="' + encodeURI(item.queue_id) + '" class="btn btn-xs btn-secondary">' + lang.show_message + '</a>' +
'<a href="#" data-bs-toggle="modal" data-bs-target="#showQueuedMsg" data-queue-id="' + escapeHtml(item.queue_id) + '" class="btn btn-xs btn-secondary">' + lang.show_message + '</a>' +
'</div>';
});
return data;
@@ -79,12 +79,14 @@ jQuery(function($){
{
title: 'QID',
data: 'queue_id',
defaultContent: ''
defaultContent: '',
render: $.fn.dataTable.render.text()
},
{
title: 'Queue',
data: 'queue_name',
defaultContent: ''
defaultContent: '',
render: $.fn.dataTable.render.text()
},
{
title: lang_admin.arrival_time,
@@ -106,7 +108,8 @@ jQuery(function($){
{
title: lang_admin.sender,
data: 'sender',
defaultContent: ''
defaultContent: '',
render: $.fn.dataTable.render.text()
},
{
title: lang_admin.recipients,
data/web/templates/edit/filter.twig
+1 -1
View File
@@ -23,7 +23,7 @@
<div class="row mb-4">
<label class="control-label col-sm-2" for="script_data">Script:</label>
<div class="col-sm-10">
<textarea spellcheck="false" autocorrect="off" autocapitalize="none" class="form-control textarea-code" rows="20" id="script_data" name="script_data" required>{{ result.script_data|raw }}</textarea>
<textarea spellcheck="false" autocorrect="off" autocapitalize="none" class="form-control textarea-code" rows="20" id="script_data" name="script_data" required>{{ result.script_data }}</textarea>
</div>
</div>
<div class="row mb-2">