mailto urlencode

simonLeary42 · simonLeary42 · commit 6b9a38984a6d · 2025-12-22T18:39:10.000-05:00
diff --git a/webroot/admin/ajax/get_group_members.php b/webroot/admin/ajax/get_group_members.php
@@ -28,11 +28,12 @@
     }
     $uid_escaped = htmlspecialchars($uid);
     $fullname = htmlspecialchars($attributes["gecos"][0]);
-    $mail = htmlspecialchars($attributes["mail"][0]);
+    $mail_link = "mailto:" . urlencode($attributes["mail"][0]);
+    $mail_display = htmlspecialchars($attributes["mail"][0]);
     $gid_escaped = htmlspecialchars($group->gid);
     echo "<td>$fullname</td>";
     echo "<td>$uid_escaped</td>";
-    echo "<td><a href='mailto:$mail'>$mail</a></td>";
+    echo "<td><a href='$mail_link'>$mail_display</a></td>";
     echo "<td>";
     $CSRFTokenHiddenFormInput = UnityHTTPD::getCSRFTokenHiddenFormInput();
     echo "
@@ -63,11 +64,12 @@
     }
     $name = htmlspecialchars($user->getFullName());
     $uid_escaped = htmlspecialchars($user->uid);
-    $email = htmlspecialchars($user->getMail());
+    $mail_link = "mailto:" . urlencode($user->getMail());
+    $mail_display = htmlspecialchars($user->getMail());
     $gid_escaped = htmlspecialchars($group->gid);
     echo "<td>$name</td>";
     echo "<td>$uid_escaped</td>";
-    echo "<td><a href='mailto:$email'>$email</a></td>";
+    echo "<td><a href='$mail_link'>$mail_display</a></td>";
     echo "<td>";
     $CSRFTokenHiddenFormInput = UnityHTTPD::getCSRFTokenHiddenFormInput();
     echo
diff --git a/webroot/admin/pi-mgmt.php b/webroot/admin/pi-mgmt.php
@@ -72,11 +72,12 @@
         $request_user = new UnityUser($request["uid"], $LDAP, $SQL, $MAILER, $WEBHOOK);
         $uid = htmlspecialchars($request["uid"]);
         $gecos = htmlspecialchars($request_user->getFullname());
-        $mail = htmlspecialchars($request_user->getMail());
+        $mail_link = "mailto:" . urlencode($request_user->getMail());
+        $mail_display = htmlspecialchars($request_user->getMail());
         echo "<tr>";
         echo "<td>$gecos</td>";
         echo "<td>$uid</td>";
-        echo "<td><a href='mailto:$mail'>$mail</a></td>";
+        echo "<td><a href='$mail_link'>$mail_display</a></td>";
         echo "<td>" . date("jS F, Y", strtotime($request['timestamp'])) . "</td>";
         echo "<td>";
         $CSRFTokenHiddenFormInput = UnityHTTPD::getCSRFTokenHiddenFormInput();
@@ -125,11 +126,12 @@ class="filterSearch"
     foreach ($owner_attributes as $attributes) {
         $gecos = htmlspecialchars($attributes["gecos"][0]);
         $gid = htmlspecialchars(UnityGroup::OwnerUID2GID($attributes["uid"][0]));
-        $mail = htmlspecialchars($attributes["mail"][0]);
+        $mail_link = "mailto:" . urlencode($attributes["mail"][0]);
+        $mail_display = htmlspecialchars($attributes["mail"][0]);
         echo "<tr class='expandable'>";
         echo "<td><button class='btnExpand'>&#9654;</button>$gecos</td>";
         echo "<td>$gid</td>";
-        echo "<td><a href='mailto:$mail'>$mail</a></td>";
+        echo "<td><a href='$mail_link'>$mail_display</a></td>";
         echo "</tr>";
     }
     ?>
diff --git a/webroot/admin/user-mgmt.php b/webroot/admin/user-mgmt.php
@@ -59,7 +59,8 @@ class="filterSearch"
         $uid = htmlspecialchars($attributes["uid"][0]);
         $gecos = htmlspecialchars($attributes["gecos"][0]);
         $org = htmlspecialchars($attributes["o"][0]);
-        $mail = htmlspecialchars($attributes["mail"][0]);
+        $mail_link = "mailto:" . urlencode($attributes["mail"][0]);
+        $mail_display = htmlspecialchars($attributes["mail"][0]);
         if ($SQL->accDeletionRequestExists($uid)) {
             echo "<tr style='color:grey; font-style: italic'>";
         } else {
@@ -68,7 +69,7 @@ class="filterSearch"
         echo "<td>$gecos</td>";
         echo "<td>$uid</td>";
         echo "<td>$org</td>";
-        echo "<td><a href='mailto:$mail'>$mail</a></td>";
+        echo "<td><a href='$mail_link'>$mail_display</a></td>";
         echo "<td>";
         if (count($UID2PIGIDs[$uid]) > 0) {
             echo "<table>";
diff --git a/webroot/panel/ajax/get_group_members.php b/webroot/panel/ajax/get_group_members.php
@@ -23,12 +23,14 @@
     } else {
         echo "<tr class='expanded $i'>";
     }
-    $fullname = $attributes["gecos"][0];
-    $mail = $attributes["mail"][0];
-    echo "<td>$fullname</td>";
-    echo "<td>$uid</td>";
-    echo "<td><a href='mailto:$mail'>$mail</a></td>";
-    echo "<td><input type='hidden' name='uid' value='$uid'></td>";
+    $uid_escaped = htmlspecialchars($uid);
+    $gecos = htmlspecialchars($attributes["gecos"][0]);
+    $mail_link = "mailto:" . urlencode($attributes["mail"][0]);
+    $mail_display = htmlspecialchars($attributes["mail"][0]);
+    echo "<td>$gecos</td>";
+    echo "<td>$uid_escaped</td>";
+    echo "<td><a href='$mail_link'>$mail_display</a></td>";
+    echo "<td><input type='hidden' name='uid' value='$uid_escaped'></td>";
     echo "</tr>";
     $i++;
 }
diff --git a/webroot/panel/groups.php b/webroot/panel/groups.php
@@ -99,11 +99,12 @@
         );
         $requested_owner = $requested_account->getOwner();
         $full_name = $requested_owner->getFirstname() . " " . $requested_owner->getLastname();
-        $mail = $requested_owner->getMail();
+        $mail_link = "mailto:" . urlencode($requested_owner->getMail());
+        $mail_display = htmlspecialchars($requested_owner->getMail());
         echo "<tr class='pending_request'>";
         echo "<td>$full_name</td>";
         echo "<td>" . $requested_account->gid . "</td>";
-        echo "<td><a href='mailto:$mail'>$mail</a></td>";
+        echo "<td><a href='$mail_link'>$mail_display</a></td>";
         echo "<td>" . date("jS F, Y", strtotime($request['timestamp'])) . "</td>";
         echo "<td>";
         $CSRFTokenHiddenFormInput = UnityHTTPD::getCSRFTokenHiddenFormInput();
@@ -146,23 +147,25 @@
 foreach ($PIGroupGIDs as $gid) {
     $group = new UnityGroup($gid, $LDAP, $SQL, $MAILER, $WEBHOOK);
     $owner = $group->getOwner();
-    $full_name = $owner->getFirstname() . " " . $owner->getLastname();
     if ($USER->uid == $owner->uid) {
         continue;
     }
-
+    $gecos = htmlspecialchars($owner->getFullname());
+    $gid = htmlspecialchars($group->gid);
+    $mail_link = "mailto:" . urlencode($owner->getMail());
+    $mail_display = htmlspecialchars($owner->getMail());
     echo "<tr class='expandable'>";
-    echo "<td><button class='btnExpand'>&#9654;</button>$full_name</td>";
-    echo "<td>" . $group->gid . "</td>";
-    echo "<td><a href='mailto:" . $owner->getMail() . "'>" . $owner->getMail() . "</a></td>";
+    echo "<td><button class='btnExpand'>&#9654;</button>$gecos</td>";
+    echo "<td>$gid</td>";
+    echo "<td><a href='$mail_link'>$mail_display</a></td>";
     $CSRFTokenHiddenFormInput = UnityHTTPD::getCSRFTokenHiddenFormInput();
     echo
         "<td>
     <form action='' method='POST'
-    onsubmit='return confirm(\"Are you sure you want to leave the PI group " . $group->gid . "?\")'>
+    onsubmit='return confirm(\"Are you sure you want to leave the PI group " . $gid . "?\")'>
     $CSRFTokenHiddenFormInput
     <input type='hidden' name='form_type' value='removePIForm'>
-    <input type='hidden' name='pi' value='" . $group->gid . "'>
+    <input type='hidden' name='pi' value='" . $gid . "'>
     <input type='submit' value='Leave Group'>
     </form>
     </td>";
diff --git a/webroot/panel/pi.php b/webroot/panel/pi.php
@@ -58,13 +58,14 @@
 
     foreach ($requests as [$user, $timestamp]) {
         $uid = htmlspecialchars($user->uid);
-        $name = htmlspecialchars($user->getFullName());
-        $email = htmlspecialchars($user->getMail());
+        $gecos = htmlspecialchars($user->getFullName());
+        $mail_link = "mailto:" . urlencode($user->getMail());
+        $mail_display = htmlspecialchars($user->getMail());
         $date = date("jS F, Y", strtotime($timestamp));
         echo "<tr>";
-        echo "<td>$name</td>";
+        echo "<td>$gecos</td>";
         echo "<td>$uid</td>";
-        echo "<td><a href='mailto:$email'>$email</a></td>";
+        echo "<td><a href='$mail_link'>$mail_display</a></td>";
         echo "<td>$date</td>";
         echo "<td>";
         $CSRFTokenHiddenFormInput = UnityHTTPD::getCSRFTokenHiddenFormInput();
@@ -96,7 +97,10 @@
     if ($assoc->uid == $USER->uid) {
         continue;
     }
-
+    $uid = htmlspecialchars($assoc->uid);
+    $gecos = htmlspecialchars($assoc->getFullName());
+    $mail_link = "mailto:" . urlencode($assoc->getMail());
+    $mail_display = htmlspecialchars($assoc->getMail());
     echo "<tr>";
     echo "<td>";
     $CSRFTokenHiddenFormInput = UnityHTTPD::getCSRFTokenHiddenFormInput();
@@ -114,9 +118,9 @@
     >
     </form>";
     echo "</td>";
-    echo "<td>" . $assoc->getFirstname() . " " . $assoc->getLastname() . "</td>";
-    echo "<td>" . $assoc->uid . "</td>";
-    echo "<td><a href='mailto:" . $assoc->getMail() . "'>" . $assoc->getMail() . "</a></td>";
+    echo "<td>$gecos</td>";
+    echo "<td>$uid</td>";
+    echo "<td><a href='$mail_link'>$mail_display</a></td>";
     echo "</tr>";
 }
 
