From 2ad687caf2e3ba269a328006d6aff179f4d5773c Mon Sep 17 00:00:00 2001
From: Benjamin Sonntag <benjamin@alternc.org>
Date: Wed, 2 Jun 2010 22:20:39 +0000
Subject: [PATCH] replacing echoes and urlencode by ehe() in VALUES of forms
 text input fields (prevent UTF/ISO and ENTITIES hacking)

---
 bureau/admin/adm_add.php                     | 10 +++----
 bureau/admin/adm_defquotas.php               |  2 +-
 bureau/admin/adm_donosu.php                  |  4 ++-
 bureau/admin/adm_dosu.php                    |  4 ++-
 bureau/admin/adm_edit.php                    | 13 +++++----
 bureau/admin/adm_list.php                    |  2 ++
 bureau/admin/adm_mxaccount.php               |  4 +--
 bureau/admin/adm_panel.php                   |  2 ++
 bureau/admin/adm_quotaedit.php               |  2 ++
 bureau/admin/adm_slaveaccount.php            |  4 +--
 bureau/admin/adm_slaveip.php                 |  2 +-
 bureau/admin/adm_tldadd.php                  |  2 +-
 bureau/admin/adm_variables.php               |  2 +-
 bureau/admin/bro_main.php                    |  2 +-
 bureau/admin/browseforfolder.php             |  2 +-
 bureau/admin/ftp_add.php                     |  8 +++---
 bureau/admin/ftp_edit.php                    |  4 +--
 bureau/admin/hta_add.php                     |  2 +-
 bureau/admin/hta_adduser.php                 |  4 +--
 bureau/admin/hta_doadd.php                   |  5 ++++
 bureau/admin/mem_cm.php                      |  2 +-
 bureau/admin/mem_param.php                   | 28 ++++++++++----------
 bureau/admin/quota_show.php                  |  4 ++-
 bureau/admin/quotas_users.php                | 22 ++++++++-------
 bureau/admin/sql_add.php                     |  2 +-
 bureau/admin/sql_bck.php                     |  2 +-
 bureau/admin/sta2_add_raw.php                |  2 +-
 bureau/admin/sta2_edit_raw.php               |  2 +-
 bureau/locales/fr_FR/LC_MESSAGES/messages.po | 16 +++++++++--
 29 files changed, 97 insertions(+), 63 deletions(-)

diff --git a/bureau/admin/adm_add.php b/bureau/admin/adm_add.php
index d235ebec..b920198d 100644
--- a/bureau/admin/adm_add.php
+++ b/bureau/admin/adm_add.php
@@ -54,15 +54,15 @@ if ($error) {
 <form method="post" action="adm_doadd.php" id="main" name="main">
 <table class="tedit">
 <tr><th><label for="login"><?php __("Username"); ?></label></th><td>
-	<input type="text" class="int" name="login" id="login" value="<?php echo $login; ?>" size="20" maxlength="16" />
+	<input type="text" class="int" name="login" id="login" value="<?php ehe($login); ?>" size="20" maxlength="16" />
 </td></tr>
 <tr>
 	<th><label for="pass"><?php __("Initial password"); ?></label></th>
-	<td><input type="password" id="pass" name="pass" class="int" value="<?php echo $pass; ?>" size="20" maxlength="64" /></td>
+	<td><input type="password" id="pass" name="pass" class="int" value="<?php ehe($pass); ?>" size="20" maxlength="64" /></td>
 </tr>
 <tr>
 	<th><label for="passconf"><?php __("Confirm password"); ?></label></th>
-	<td><input type="password" id="passconf" name="passconf" class="int" value="<?php echo $passconf; ?>" size="20" maxlength="64" /></td>
+	<td><input type="password" id="passconf" name="passconf" class="int" value="<?php ehe($passconf); ?>" size="20" maxlength="64" /></td>
 </tr>
 <tr>
 	<th><label for="canpass"><?php __("Can he change its password"); ?></label></th>
@@ -77,11 +77,11 @@ if ($error) {
 </tr>
 <tr>
         	<th><label for="nom"><?php echo _("Surname")."</label> / <label for=\"prenom\">"._("First Name"); ?></label></th>
-	<td><input class="int" type="text" id="nom" name="nom" value="<?php echo $nom; ?>" size="20" maxlength="128" />&nbsp;/&nbsp;<input type="text" name="prenom" id="prenom" value="<?php echo $prenom; ?>" class="int" size="20" maxlength="128" /></td>
+	<td><input class="int" type="text" id="nom" name="nom" value="<?php ehe($nom); ?>" size="20" maxlength="128" />&nbsp;/&nbsp;<input type="text" name="prenom" id="prenom" value="<?php ehe($prenom); ?>" class="int" size="20" maxlength="128" /></td>
 </tr>
 <tr>
 	<th><label for="nmail"><?php __("Email address"); ?></label></th>
-	<td><input type="text" name="nmail" id="nmail" class="int" value="<?php echo $nmail; ?>" size="30" maxlength="128" /></td>
+	<td><input type="text" name="nmail" id="nmail" class="int" value="<?php ehe($nmail); ?>" size="30" maxlength="128" /></td>
 </tr>
 <tr>
 	<th><label for="type"><?php __("Account type"); ?></label></th>
diff --git a/bureau/admin/adm_defquotas.php b/bureau/admin/adm_defquotas.php
index cd4c3f0f..5e9a0bbe 100644
--- a/bureau/admin/adm_defquotas.php
+++ b/bureau/admin/adm_defquotas.php
@@ -95,7 +95,7 @@ foreach($q as $name => $value) {
 
 <tr class="lst<?php echo $col; ?>">
 <td><label for="<?php echo $key; ?>"><?php echo $qarray[$name]; ?></label></td>
-<td><input type="text" class="int" size="16" maxlength="16" name="<?php echo $key; ?>" id="<?php echo $name; ?>" value="<?php echo $value; ?>" /></td></tr>
+<td><input type="text" class="int" size="16" maxlength="16" name="<?php echo $key; ?>" id="<?php echo $name; ?>" value="<?php ehe($value); ?>" /></td></tr>
 <?php
   }
 ?>
diff --git a/bureau/admin/adm_donosu.php b/bureau/admin/adm_donosu.php
index 7a8d09ad..5c7b8791 100644
--- a/bureau/admin/adm_donosu.php
+++ b/bureau/admin/adm_donosu.php
@@ -41,7 +41,9 @@ getFields($fields);
 
 if (!$admin->su2normal($uid)) {
 	$error=$err->errstr();
-}
+ } else {
+  $error=_("This account is now a normal account");
+ }
 
 include("adm_edit.php");
 
diff --git a/bureau/admin/adm_dosu.php b/bureau/admin/adm_dosu.php
index 7f2ee54c..2357c685 100644
--- a/bureau/admin/adm_dosu.php
+++ b/bureau/admin/adm_dosu.php
@@ -41,7 +41,9 @@ getFields($fields);
 
 if (!$admin->normal2su($uid)) {
 	$error=$err->errstr();
-}
+ } else {
+  $error=_("This account is now an administrator account");
+ }
 
 include("adm_edit.php");
 
diff --git a/bureau/admin/adm_edit.php b/bureau/admin/adm_edit.php
index 3edd4069..0a46c430 100644
--- a/bureau/admin/adm_edit.php
+++ b/bureau/admin/adm_edit.php
@@ -55,6 +55,8 @@ if (!$r=$admin->get($uid)) {
 
 ?>
 <h3><?php __("Member Edition"); ?></h3>
+<hr id="topbar"/>
+<br />
 <?php
 	if ($error) {
 		echo "<p class=\"error\">$error</p>";
@@ -96,15 +98,15 @@ if (!$r=$admin->get($uid)) {
 </tr>
  <tr>
 	<th><label for="notes"><?php __("Notes"); ?></label></th>
-	<td><textarea name="notes" id="notes" class="int" cols="32" rows="5"><?php echo $r['notes']; ?></textarea></td>
+	<td><textarea name="notes" id="notes" class="int" cols="32" rows="5"><?php ehe($r['notes']); ?></textarea></td>
 </tr>
 <tr>
 	<th><label for="nom"><?php echo _("Surname")."</label> / <label for=\"prenom\">"._("First Name"); ?></label></th>
-	<td><input type="text" class="int" name="nom" id="nom" value="<?php echo $r["nom"]; ?>" size="20" maxlength="128" />&nbsp;/&nbsp;<input type="text" class="int" name="prenom" id="prenom" value="<?php echo $r["prenom"]; ?>" size="20" maxlength="128" /></td>
+	<td><input type="text" class="int" name="nom" id="nom" value="<?php ehe($r["nom"]); ?>" size="20" maxlength="128" />&nbsp;/&nbsp;<input type="text" class="int" name="prenom" id="prenom" value="<?php ehe($r["prenom"]); ?>" size="20" maxlength="128" /></td>
 </tr>
 <tr>
 	<th><label for="nmail"><?php __("Email address"); ?></label></th>
-	<td><input type="text" class="int" name="nmail" id="nmail" value="<?php echo $r["mail"]; ?>" size="30" maxlength="128" /></td>
+	<td><input type="text" class="int" name="nmail" id="nmail" value="<?php ehe($r["mail"]); ?>" size="30" maxlength="128" /></td>
 </tr>
 <tr>
 	<th><label for="type"><?php __("Account type"); ?></label></th>
@@ -169,8 +171,9 @@ if ($r["su"]) {
 
 <p><?php
 	}
-$c=$admin->get($r["creator"]);
-printf(_("Account created by %s"),$c["login"]);
+if ($c=$admin->get($r["creator"])) {
+  printf(_("Account created by %s"),$c["login"]);
+ }
 ?>
 </p>
 <script type="text/javascript">
diff --git a/bureau/admin/adm_list.php b/bureau/admin/adm_list.php
index 4568fd43..defddb61 100644
--- a/bureau/admin/adm_list.php
+++ b/bureau/admin/adm_list.php
@@ -64,6 +64,8 @@ $r=$admin->get_list($show == 'all' ? 1 : 0, $creator);
 
 ?>
 <h3><?php __("AlternC account list"); ?></h3>
+<hr id="topbar"/>
+<br />
 <?php
 	if ($error) {
 	  echo "<p class=\"error\">$error</p>";
diff --git a/bureau/admin/adm_mxaccount.php b/bureau/admin/adm_mxaccount.php
index ff6138a0..654d5a69 100644
--- a/bureau/admin/adm_mxaccount.php
+++ b/bureau/admin/adm_mxaccount.php
@@ -98,8 +98,8 @@ for($i=0;$i<count($c);$i++) {
 <table border="0" cellpadding="4" cellspacing="0">
 <tr><th><label for="newlogin"><?php __("Login"); ?></label></th><th><label for="newpass"><?php __("Password"); ?></label></th></tr>
 <tr>
-	<td><input type="text" class="int" value="<?php echo urlencode($newlogin); ?>" id="newlogin" name="newlogin" maxlength="64" size="32" /> / </td>
-	<td><input type="password" class="int" value="<?php echo urlencode($newpass); ?>" id="newpass" name="newpass" maxlength="64" size="32" /></td>
+	<td><input type="text" class="int" value="<?php ehe($newlogin); ?>" id="newlogin" name="newlogin" maxlength="64" size="32" /> / </td>
+	<td><input type="password" class="int" value="<?php ehe($newpass); ?>" id="newpass" name="newpass" maxlength="64" size="32" /></td>
 </tr>
 <tr><td colspan="2">
 	<input type="submit" value="<?php __("Add this account to the allowed list"); ?>" class="inb" />
diff --git a/bureau/admin/adm_panel.php b/bureau/admin/adm_panel.php
index 23db9ba6..7523758a 100644
--- a/bureau/admin/adm_panel.php
+++ b/bureau/admin/adm_panel.php
@@ -38,6 +38,8 @@ include_once("head.php");
 
 ?>
 <h3><?php __("Admin Control Panel"); ?></h3>
+<hr id="topbar"/>
+<br />
 <?php
 	if ($error) {
 		echo "<p class=\"error\">$error</p>";
diff --git a/bureau/admin/adm_quotaedit.php b/bureau/admin/adm_quotaedit.php
index 28469535..20121d73 100644
--- a/bureau/admin/adm_quotaedit.php
+++ b/bureau/admin/adm_quotaedit.php
@@ -53,6 +53,8 @@ $mem->unsu();
 
 ?>
 <h3><?php __("Editing the quotas of a member"); ?></h3>
+<hr id="topbar"/>
+<br />
 <?php
 	if ($error) {
 	  echo "<p class=\"error\">$error</p>";
diff --git a/bureau/admin/adm_slaveaccount.php b/bureau/admin/adm_slaveaccount.php
index e107ded9..9b219586 100644
--- a/bureau/admin/adm_slaveaccount.php
+++ b/bureau/admin/adm_slaveaccount.php
@@ -97,8 +97,8 @@ for($i=0;$i<count($c);$i++) {
 <table border="0" cellpadding="4" cellspacing="0">
 <tr><th><label for="newlogin"><?php __("Login"); ?></label></th><th><label for="newpass"><?php __("Password"); ?></label></th></tr>
 <tr>
-	<td><input type="text" class="int" value="<?php echo urlencode($newlogin); ?>" id="newlogin" name="newlogin" maxlength="64" size="32" /> / </td>
-	<td><input type="password" class="int" value="<?php echo urlencode($newpass); ?>" id="newpass" name="newpass" maxlength="64" size="32" /></td>
+	<td><input type="text" class="int" value="<?php ehe($newlogin); ?>" id="newlogin" name="newlogin" maxlength="64" size="32" /> / </td>
+	<td><input type="password" class="int" value="<?php ehe($newpass); ?>" id="newpass" name="newpass" maxlength="64" size="32" /></td>
 </tr>
 <tr><td colspan="2">
 	<input type="submit" value="<?php __("Add this account to the allowed list"); ?>" class="inb" />
diff --git a/bureau/admin/adm_slaveip.php b/bureau/admin/adm_slaveip.php
index fcd42f81..31b150f4 100644
--- a/bureau/admin/adm_slaveip.php
+++ b/bureau/admin/adm_slaveip.php
@@ -96,7 +96,7 @@ for($i=0;$i<count($c);$i++) {
 <table border="0" cellpadding="4" cellspacing="0">
 <tr><th><label for="newip"><?php __("IP Address"); ?></label></th><th><label for="newclass"><?php __("Prefix"); ?></label></th></tr>
 <tr>
-	<td style="text-align: right"><input type="text" class="int" value="<?php echo urlencode($newip); ?>" id="newip" name="newip" maxlength="15" size="20" style="text-align:right" /> / </td>
+	<td style="text-align: right"><input type="text" class="int" value="<?php ehe(newip); ?>" id="newip" name="newip" maxlength="15" size="20" style="text-align:right" /> / </td>
 	<td><input type="text" class="int" value="<?php echo urlencode($newclass); ?>" id="newclass" name="newclass" maxlength="2" size="3" /></td>
 </tr>
 <tr><td colspan="2">
diff --git a/bureau/admin/adm_tldadd.php b/bureau/admin/adm_tldadd.php
index 9c353ae1..e28e8943 100644
--- a/bureau/admin/adm_tldadd.php
+++ b/bureau/admin/adm_tldadd.php
@@ -54,7 +54,7 @@ include_once ("head.php");
 <form method="post" action="adm_tlddoadd.php">
 
 <table border="0" cellpadding="4" cellspacing="0">
-<tr><th><label for="tld"><?php __("TLD"); ?></label></th><td><input type="text" id="tld" name="tld" class="int" value="<?php echo $tld; ?>" size="20" maxlength="64" /></td></tr>
+<tr><th><label for="tld"><?php __("TLD"); ?></label></th><td><input type="text" id="tld" name="tld" class="int" value="<?php ehe($tld); ?>" size="20" maxlength="64" /></td></tr>
 <tr><th><label for="mode"><?php __("Allowed Mode"); ?></label></th><td><select name="mode" id="mode" class="inl">
 	<?php $admin->selecttldmode($mode); ?>
 </select></td></tr>
diff --git a/bureau/admin/adm_variables.php b/bureau/admin/adm_variables.php
index 0a90b9e2..2df15f54 100644
--- a/bureau/admin/adm_variables.php
+++ b/bureau/admin/adm_variables.php
@@ -64,7 +64,7 @@ while ($db->next_record()) {
 
  <tr class="lst<?php echo $col; ?>">
  <td><?php echo $vars['name']; ?></td>
- <td><input type="text" name="<?php echo $vars['name']?>" value="<?php echo $vars['value']?>" /></td>
+ <td><input type="text" name="<?php ehe($vars['name']); ?>" value="<?php ehe($vars['value']); ?>" /></td>
  <td><?php echo $vars['comment']; ?></td>
  </tr>
 <? } ?>
diff --git a/bureau/admin/bro_main.php b/bureau/admin/bro_main.php
index 4a9bad33..88118d1a 100644
--- a/bureau/admin/bro_main.php
+++ b/bureau/admin/bro_main.php
@@ -164,7 +164,7 @@ if ($c===false) $error=$err->errstr();
 <form action="bro_main.php" method="post" name="nn" id="nn">
 <input type="hidden" name="R" value="<?php echo $R; ?>" />
 <table><tr>
-<td><input type="text" class="int" name="nomfich" size="22" maxlength="255" /></td>
+<td><input type="text" class="int" name="nomfich" id="nomfich" size="22" maxlength="255" /></td>
 <td><input type="submit" class="ina" value="<?php __("Create"); ?>" /></td>
 </tr><tr><td>
 <input type="radio" class="inc" id="nfile" onclick="document.nn.nomfich.focus();" name="formu" value="6" <?php if (!$p["crff"]) echo "checked=\"checked\""; ?> /><label for="nfile">&nbsp;<?php __("File"); ?></label>
diff --git a/bureau/admin/browseforfolder.php b/bureau/admin/browseforfolder.php
index e3d93337..609670be 100644
--- a/bureau/admin/browseforfolder.php
+++ b/bureau/admin/browseforfolder.php
@@ -130,7 +130,7 @@ if ($errbrowsefold) {
 <input type="hidden" name="caller" value="<?php echo $caller; ?>" />
 <input type="hidden" name="lastcurdir" value="<?php echo $curdir; ?>" />
 
-<input type="text" class="int" name="file" size="20" value="<?php echo $file ?>" /><br />
+<input type="text" class="int" name="file" size="20" value="<?php ehe($file); ?>" /><br />
 
 <input type="submit" name="select" value="<?php __("Select"); ?>" class="inb" />&nbsp;
 <input type="button" name="cancel" value="<?php __("Cancel"); ?>" class="inb" onclick="window.close();" />&nbsp;
diff --git a/bureau/admin/ftp_add.php b/bureau/admin/ftp_add.php
index 9c4da91f..328e83ec 100644
--- a/bureau/admin/ftp_add.php
+++ b/bureau/admin/ftp_add.php
@@ -52,17 +52,17 @@ if (!$quota->cancreate("ftp")) {
 <table>
 <tr><th><input type="hidden" name="id" value="<?php echo $id ?>" />
 <label for="login"><?php __("Username"); ?></label></th><td>
-	<select class="inl" name="prefixe"><?php $ftp->select_prefix_list($prefixe); ?></select>&nbsp;<b>_</b>&nbsp;<input type="text" class="int" name="login" id="login" value="<?php echo $login; ?>" size="20" maxlength="64" />
+	<select class="inl" name="prefixe"><?php $ftp->select_prefix_list($prefixe); ?></select>&nbsp;<b>_</b>&nbsp;<input type="text" class="int" name="login" id="login" value="<?php ehe($login); ?>" size="20" maxlength="64" />
 </td></tr>
-<tr><th><label for="dir"><?php __("Folder"); ?></label></th><td><input type="text" class="int" name="dir" id="dir" value="<?php echo $dir; ?>" size="20" maxlength="255" />
+<tr><th><label for="dir"><?php __("Folder"); ?></label></th><td><input type="text" class="int" name="dir" id="dir" value="<?php ehe($dir); ?>" size="20" maxlength="255" />
 <script type="text/javascript">
 <!--
   document.write("&nbsp;<input type=\"button\" name=\"bff\" onclick=\"browseforfolder('main.dir');\" value=\" <?php __("Choose a folder..."); ?> \" class=\"bff\">");
 //  -->
 </script>
 </td></tr>
-<tr><th><label for="pass"><?php __("Password"); ?></label></th><td><input type="password" class="int" name="pass" id="pass" value="<?php echo $pass; ?>" size="20" maxlength="64" /></td></tr>
-<tr><th><label for="passconf"><?php __("Confirm password"); ?></label></th><td><input type="password" class="int" name="passconf" id="passconf" value="<?php echo $passconf; ?>" size="20" maxlength="64" /></td></tr>
+<tr><th><label for="pass"><?php __("Password"); ?></label></th><td><input type="password" class="int" name="pass" id="pass" value="<?php ehe($pass); ?>" size="20" maxlength="64" /></td></tr>
+<tr><th><label for="passconf"><?php __("Confirm password"); ?></label></th><td><input type="password" class="int" name="passconf" id="passconf" value="<?php ehe($passconf); ?>" size="20" maxlength="64" /></td></tr>
 <tr class="trbtn"><td colspan="2">
   <input type="submit" class="inb" name="submit" value="<?php __("Create this new FTP account."); ?>" />
   <input type="button" class="inb" name="cancel" value="<?php __("Cancel"); ?>" onclick="document.location='ftp_list.php'"/>
diff --git a/bureau/admin/ftp_edit.php b/bureau/admin/ftp_edit.php
index 9f01d021..d25486c7 100644
--- a/bureau/admin/ftp_edit.php
+++ b/bureau/admin/ftp_edit.php
@@ -57,9 +57,9 @@ if (!$id) {
 <table border="1" cellspacing="0" cellpadding="4">
 <tr><th><input type="hidden" name="id" value="<?php echo $id ?>" />
 <label for="login"><?php __("Username"); ?></label></th><td>
-	<select class="inl" name="prefixe"><?php $ftp->select_prefix_list($r["prefixe"]); ?></select>&nbsp;<b>_</b>&nbsp;<input type="text" class="int" name="login" id="login" value="<?php echo $r["login"]; ?>" size="20" maxlength="64" />
+	<select class="inl" name="prefixe"><?php $ftp->select_prefix_list($r["prefixe"]); ?></select>&nbsp;<b>_</b>&nbsp;<input type="text" class="int" name="login" id="login" value="<?php ehe($r["login"]); ?>" size="20" maxlength="64" />
 </td></tr>
-<tr><th><label for="dir"><?php __("Folder"); ?></label></th><td><input type="text" class="int" name="dir" id="dir" value="<?php echo $r["dir"]; ?>" size="20" maxlength="64" />
+<tr><th><label for="dir"><?php __("Folder"); ?></label></th><td><input type="text" class="int" name="dir" id="dir" value="<?php ehe($r["dir"]); ?>" size="20" maxlength="64" />
 
 <script type="text/javascript">
 <!--
diff --git a/bureau/admin/hta_add.php b/bureau/admin/hta_add.php
index 05c36c8e..3bfc4563 100644
--- a/bureau/admin/hta_add.php
+++ b/bureau/admin/hta_add.php
@@ -48,7 +48,7 @@ include_once("head.php");
 <table border="1" cellspacing="0" cellpadding="4">
 <tr>
 	<td><label for="dir"><?php __("Folder"); ?></label></td>
-	<td><input type="text" class="int" name="dir" id="dir" value="<?php echo $value ?>" maxlength="255" />
+	<td><input type="text" class="int" name="dir" id="dir" value="<?php ehe($dir); ?>" maxlength="255" />
 <script type="text/javascript">
 <!--
   document.write("&nbsp;<input type=\"button\" name=\"bff\" onclick=\"browseforfolder('main.dir');\" value=\" <?php __("Choose a folder..."); ?> \" class=\"bff\">");
diff --git a/bureau/admin/hta_adduser.php b/bureau/admin/hta_adduser.php
index a4046eae..3ed1bfdd 100644
--- a/bureau/admin/hta_adduser.php
+++ b/bureau/admin/hta_adduser.php
@@ -46,12 +46,12 @@ getFields($fields);
 <form method="post" action="hta_doadduser.php" name="main" id="main">
 <table border="1" cellspacing="0" cellpadding="4">
 	<tr>
-		<td><input type="hidden" name="dir" value="<?php echo $dir ?>" /><?php __("Folder"); ?></td>
+		<td><input type="hidden" name="dir" value="<?php ehe($dir); ?>" /><?php __("Folder"); ?></td>
 		<td><code><?php echo $dir; ?></code></td>
 	</tr>
 	<tr>
 		<td><label for="user"><?php __("Username"); ?></label></td>
-		<td><input type="text" class="int" name="user" id="user" value="" size="20" maxlength="64" /></td>
+		<td><input type="text" class="int" name="user" id="user" value="<?php ehe($user); ?>" size="20" maxlength="64" /></td>
 	</tr>
 	<tr>
 		<td><label for="password"><?php __("Password"); ?></label></td>
diff --git a/bureau/admin/hta_doadd.php b/bureau/admin/hta_doadd.php
index 383486ac..e1c666bb 100644
--- a/bureau/admin/hta_doadd.php
+++ b/bureau/admin/hta_doadd.php
@@ -30,6 +30,11 @@
 require_once("../class/config.php");
 
 
+$fields = array (
+	"dir"     => array ("request", "string", ""),
+);
+getFields($fields);
+
 if(!$hta->CreateDir($dir)) {
 	$error=$err->errstr();
 	include("hta_add.php");
diff --git a/bureau/admin/mem_cm.php b/bureau/admin/mem_cm.php
index c62db51c..ccdffa65 100644
--- a/bureau/admin/mem_cm.php
+++ b/bureau/admin/mem_cm.php
@@ -45,7 +45,7 @@ include_once("head.php");
 		<tr><td colspan="2"><input type="hidden" name="usr" value="<?php echo $usr; ?>" /><input type="hidden" name="cookie" value="<?php echo $cookie; ?>" />
 <?php __("Change the email of the account"); ?><br />
 		<?php __("Enter the key you got when you requested the mailbox change, then click the OK button."); ?></td></tr>
-		<tr><th><label for="cle"><?php __("Key"); ?></label></th><td><input type="text" class="int" name="cle" id="cle" value="<?php echo $cle; ?>" size="8" maxlength="8" /></td></tr>
+		<tr><th><label for="cle"><?php __("Key"); ?></label></th><td><input type="text" class="int" name="cle" id="cle" value="<?php ehe($cle); ?>" size="8" maxlength="8" /></td></tr>
 		<tr><td align="center" colspan="3"><input type="submit" class="inb" name="submit" value="<?php __("OK"); ?>" /></td></tr>
 	</table>
 </form>
diff --git a/bureau/admin/mem_param.php b/bureau/admin/mem_param.php
index a2a651d4..c6b59da5 100644
--- a/bureau/admin/mem_param.php
+++ b/bureau/admin/mem_param.php
@@ -45,7 +45,7 @@ if ($help_setting) {
 		exit();
 	}
 ?>
-<hr />
+<hr id="topbar"/>
 <p>
 <?php __("Password change"); ?> : <br />
 <?php
@@ -63,36 +63,36 @@ if (!$mem->user["canpass"]) {
 <tr><th><?php __("Old password"); ?></th><td><input type="password" class="int" name="oldpass" value="<?php echo $oldpass; ?>" size="20" maxlength="128" /></td></tr>
 <tr><th><?php __("New password"); ?> (1)</th><td><input type="password" class="int" name="newpass" value="<?php echo $newpass; ?>" size="20" maxlength="60" /></td></tr>
 <tr><th><?php __("New password"); ?> (2)</th><td><input type="password" class="int" name="newpass2" value="<?php echo $newpass2; ?>" size="20" maxlength="61" /></td></tr>
-<tr><td align="center" colspan="3"><input type="submit" class="inb" name="submit" value="<?php __("Change my password"); ?>" /></td></tr>
+<tr class="trbtn"><td colspan="3"><input type="submit" class="inb" name="submit" value="<?php __("Change my password"); ?>" /></td></tr>
 </table>
 </form>
-<p>&nbsp;</p>
+<br />
 <?php } ?>
-<hr />
+<hr id="topbar"/>
 <form method="post" action="mem_chgmail.php">
 	<table border="1" cellspacing="0" cellpadding="4">
 		<tr><td colspan="2"><?php __("Change the email of the account"); ?><br />
 		<?php __("help_chg_mail"); ?></td></tr>
 		<tr><th><?php __("Current mailbox"); ?></th><td><big><code><?php echo $mem->user["mail"]; ?></code></big></td></tr>
 		<tr><th><?php __("New mailbox"); ?></th><td><input type="text" class="int" name="newmail" value="<?php echo $newmail; ?>" size="40" maxlength="128" /></td></tr>
-		<tr><td style="text-align: center" colspan="3"><input type="submit" class="inb" name="submit" value="<?php __("Change my mail"); ?>" /></td></tr>
+		<tr class="trbtn"><td colspan="3"><input type="submit" class="inb" name="submit" value="<?php __("Change my email address"); ?>" /></td></tr>
 	</table>
 </form>
-<p>&nbsp;</p>
-<hr />
+<br />
+<hr id="topbar"/>
 <form method="post" action="mem_param.php">
 	<table border="1" cellspacing="0" cellpadding="4">
 		<tr><td colspan="2"><?php __("Online help settings"); ?><br />
 		<?php __("help_help_settings"); ?></td></tr>
 		<tr><th><label for="showhelp"><?php __("Do you want to see the help texts and links on each page?"); ?></label></th><td><input type="checkbox" class="inc" id="showhelp" name="showhelp" value="1" <?php if ($mem->get_help_param()) echo "checked=\"checked\""; ?> /></td></tr>
-		<tr><td align="center" colspan="3"><input type="submit" class="inb" name="help_setting" value="<?php __("Change these settings"); ?>" /></td></tr>
+		<tr class="trbtn"><td colspan="3"><input type="submit" class="inb" name="help_setting" value="<?php __("Change these settings"); ?>" /></td></tr>
 	</table>
 </form>
-<p>&nbsp;</p>
+<br />
 <?php
 if ($mem->user["su"]) {
 ?>
-<hr />
+<hr id="topbar"/>
 <p>
 <?php __("Admin preferences"); ?> :
 </p>
@@ -102,14 +102,14 @@ if ($mem->user["su"]) {
 <option value="0"<?php if ($mem->user["admlist"]==0) echo " selected=\"selected\""; ?>><?php __("Large view"); ?></option>
 <option value="1"<?php if ($mem->user["admlist"]==1) echo " selected=\"selected\""; ?>><?php __("Short view"); ?></option>
 </select></td></tr>
-<tr><td align="center" colspan="2"><input type="submit" class="inb" name="submit" value="<?php __("Change my admin preferences"); ?>" /></td></tr>
+<tr class="trbtn"><td colspan="2"><input type="submit" class="inb" name="submit" value="<?php __("Change my admin preferences"); ?>" /></td></tr>
 </table>
 </form>
-<p>&nbsp;</p>
+<br />
 <?php } ?>
-<hr />
+<hr id="topbar"/>
 <script type="text/javascript">
 document.forms['main'].oldpass.focus();
 </script>
 
-<?php include_once("foot.php"); ?>
\ No newline at end of file
+<?php include_once("foot.php"); ?>
diff --git a/bureau/admin/quota_show.php b/bureau/admin/quota_show.php
index 7dc1b617..e2447468 100644
--- a/bureau/admin/quota_show.php
+++ b/bureau/admin/quota_show.php
@@ -32,6 +32,8 @@ include_once("head.php");
 
 ?>
 <h3><?php __("Account's quotas"); ?> : </h3>
+<hr id="topbar"/>
+<br />
 <?php
 $q=$quota->getquota();
 if (!is_array($q)) {
@@ -63,4 +65,4 @@ if (!is_array($q)) {
 	echo "</table>";
 }
 ?>
-<?php include_once("foot.php"); ?>
\ No newline at end of file
+<?php include_once("foot.php"); ?>
diff --git a/bureau/admin/quotas_users.php b/bureau/admin/quotas_users.php
index 751359d3..7ca16a07 100644
--- a/bureau/admin/quotas_users.php
+++ b/bureau/admin/quotas_users.php
@@ -15,6 +15,8 @@ include_once ("head.php");
 
 ?>
 <h3>Tableau de bord</h3>
+<hr id="topbar"/>
+<br />
 <?php
 if ($error) {
   echo "<p class=\"error\">$error</p>";
@@ -25,27 +27,27 @@ Cette page r
 Les tailles sont exprimées en <?php if ($mode==0 || $mode==4) echo "Mo."; else echo "% du total"; ?>
 </p>
 <p>
-<a href="quotas_users.php?mode=4">Global</a><br /><br />
+<span class="ina"><a href="quotas_users.php?mode=4">Global</a></span><br /><br />
 Détail:
 <?php if ($mode==0) { ?>
-<a href="quotas_users.php?mode=1&amp;sd=<?php echo $sd; ?>&amp;usr=<?php echo $usr; ?>">En pourcentage</a>
-<a href="quotas_users.php?mode=2&amp;sd=<?php echo $sd; ?>&amp;usr=<?php echo $usr; ?>">En graphique</a>
+<span class="ina"><a href="quotas_users.php?mode=1&amp;sd=<?php echo $sd; ?>&amp;usr=<?php echo $usr; ?>">En pourcentage</a></span>
+<span class="ina"><a href="quotas_users.php?mode=2&amp;sd=<?php echo $sd; ?>&amp;usr=<?php echo $usr; ?>">En graphique</a></span>
    <?php } elseif ($mode==1) { ?>
-<a href="quotas_users.php?mode=0&amp;sd=<?php echo $sd; ?>&amp;usr=<?php echo $usr; ?>">En Mo</a>
-<a href="quotas_users.php?mode=2&amp;sd=<?php echo $sd; ?>&amp;usr=<?php echo $usr; ?>">En graphique</a>
+<span class="ina"><a href="quotas_users.php?mode=0&amp;sd=<?php echo $sd; ?>&amp;usr=<?php echo $usr; ?>">En Mo</a></span>
+<span class="ina"><a href="quotas_users.php?mode=2&amp;sd=<?php echo $sd; ?>&amp;usr=<?php echo $usr; ?>">En graphique</a></span>
    <?php } else { ?>
-<a href="quotas_users.php?mode=0&amp;sd=<?php echo $sd; ?>&amp;usr=<?php echo $usr; ?>">En Mo</a>
-<a href="quotas_users.php?mode=1&amp;sd=<?php echo $sd; ?>&amp;usr=<?php echo $usr; ?>">En pourcentage</a>
+<span class="ina"><a href="quotas_users.php?mode=0&amp;sd=<?php echo $sd; ?>&amp;usr=<?php echo $usr; ?>">En Mo</a></span>
+<span class="ina"><a href="quotas_users.php?mode=1&amp;sd=<?php echo $sd; ?>&amp;usr=<?php echo $usr; ?>">En pourcentage</a></span>
  <?php } ?>
 
 <?php if ($mode != 4) { ?>
 <?php if ($usr==0) { if ($sd==0) { ?>
-<a href="quotas_users.php?mode=<?php echo $mode; ?>&amp;sd=1&amp;usr=<?php echo $usr; ?>">Afficher les domaines</a>
+<span class="ina"><a href="quotas_users.php?mode=<?php echo $mode; ?>&amp;sd=1&amp;usr=<?php echo $usr; ?>">Afficher les domaines</a></span>
    <?php } else { ?>
-<a href="quotas_users.php?mode=<?php echo $mode; ?>&amp;sd=0&amp;usr=<?php echo $usr; ?>">Cacher les domaines</a>
+<span class="ina"><a href="quotas_users.php?mode=<?php echo $mode; ?>&amp;sd=0&amp;usr=<?php echo $usr; ?>">Cacher les domaines</a></span>
  <?php } } ?>
 <?php if ($usr) { ?>
-<a href="quotas_users.php?mode=<?php echo $mode; ?>&amp;sd=<? echo $sd; ?>">Tous les comptes</a>
+<span class="ina"><a href="quotas_users.php?mode=<?php echo $mode; ?>&amp;sd=<? echo $sd; ?>">Tous les comptes</a></span>
 <?php } ?>
 <?php } ?>
 </p>
diff --git a/bureau/admin/sql_add.php b/bureau/admin/sql_add.php
index 37babf0d..761d8b33 100644
--- a/bureau/admin/sql_add.php
+++ b/bureau/admin/sql_add.php
@@ -49,7 +49,7 @@ if (!$quota->cancreate("mysql")) {
 <form method="post" action="sql_doadd.php" id="main" name="main">
 <table class="tedit">
 <tr><th><label for="dbn"><?php __("MySQL Database"); ?></label></th><td>
-	<span class="int" id="dbnpfx"><?php echo $mem->user["login"]; ?>_</span><input type="text" class="int" name="dbn" id="dbn" value="<?php echo $dbn; ?>" size="20" maxlength="30" />
+	<span class="int" id="dbnpfx"><?php echo $mem->user["login"]; ?>_</span><input type="text" class="int" name="dbn" id="dbn" value="<?php ehe($dbn); ?>" size="20" maxlength="30" />
 </td></tr>
 </table>
 <br />
diff --git a/bureau/admin/sql_bck.php b/bureau/admin/sql_bck.php
index 62952f29..a5acb4bd 100644
--- a/bureau/admin/sql_bck.php
+++ b/bureau/admin/sql_bck.php
@@ -91,7 +91,7 @@ if (is_array($r)) {
 </tr>
 <tr>
 	<th><label for="bck_dir"><?php __("In which folder do you want to store the backups?"); ?></label></th>
-	<td><input type="text" class="int" name="bck_dir" id="bck_dir" size="30" maxlength="255" value="<?php echo $r["dir"]; ?>" />
+	<td><input type="text" class="int" name="bck_dir" id="bck_dir" size="30" maxlength="255" value="<?php ehe($r["dir"]); ?>" />
 <script type="text/javascript">
 <!--
   document.write("&nbsp;<input type=\"button\" name=\"bff\" class=\"bff\" onclick=\"browseforfolder('main.bck_dir');\" value=\" <?php __("Choose a folder..."); ?> \" />");
diff --git a/bureau/admin/sta2_add_raw.php b/bureau/admin/sta2_add_raw.php
index 2499acdd..bb720e86 100644
--- a/bureau/admin/sta2_add_raw.php
+++ b/bureau/admin/sta2_add_raw.php
@@ -51,7 +51,7 @@ include_once("head.php");
   <label for="hostname"><?php __("Domain name:"); ?></label></th><td>
 	<select class="inl" name="hostname" id="hostname"><?php $sta2->select_host_list($hostname); ?></select>
 </td></tr>
-<tr><th><label for="dir"><?php __("Folder where we will put the log file:"); ?></label></th><td><input type="text" class="int" name="dir" id="dir" value="<?php echo $dir; ?>" size="20" maxlength="255" />
+<tr><th><label for="dir"><?php __("Folder where we will put the log file:"); ?></label></th><td><input type="text" class="int" name="dir" id="dir" value="<?php ehe($dir); ?>" size="20" maxlength="255" />
 <script type="text/javascript">
 <!--
   document.write("&nbsp;<input type=\"button\" name=\"bff\" class=\"bff\" onclick=\"browseforfolder('main.dir');\" value=\" <?php __("Choose a folder..."); ?> \" />");
diff --git a/bureau/admin/sta2_edit_raw.php b/bureau/admin/sta2_edit_raw.php
index 54c6f5ce..a8774742 100644
--- a/bureau/admin/sta2_edit_raw.php
+++ b/bureau/admin/sta2_edit_raw.php
@@ -57,7 +57,7 @@ if (!$id) {
         <?php __("Domain name:"); ?></th><td>
 	<?php echo $r["hostname"]; ?>
 </td></tr>
-<tr><th><label for="dir"><?php __("Folder where we will put the log file:"); ?></label></th><td><input type="text" class="int" name="dir" id="dir" value="<?php echo $r["folder"]; ?>" size="20" maxlength="255" />
+<tr><th><label for="dir"><?php __("Folder where we will put the log file:"); ?></label></th><td><input type="text" class="int" name="dir" id="dir" value="<?php ehe($r["folder"]); ?>" size="20" maxlength="255" />
 <script type="text/javascript">
 <!--
   document.write("&nbsp;<input type=\"button\" name=\"bff\" class=\"bff\" onclick=\"browseforfolder('main.dir');\" value=\" <?php __("Choose a folder..."); ?> \" />");
diff --git a/bureau/locales/fr_FR/LC_MESSAGES/messages.po b/bureau/locales/fr_FR/LC_MESSAGES/messages.po
index d6fd6050..404c3ded 100644
--- a/bureau/locales/fr_FR/LC_MESSAGES/messages.po
+++ b/bureau/locales/fr_FR/LC_MESSAGES/messages.po
@@ -1641,8 +1641,8 @@ msgstr "Nouvelle adresse email"
 
 #: ../admin/mem_param.php:79 ../admin/mem_param.php:76
 #: ../admin/mem_param.php:78
-msgid "Change my mail"
-msgstr "Changer mon mail"
+msgid "Change my email address"
+msgstr "Changer mon adresse email"
 
 #: ../admin/mem_param.php:86 ../admin/mem_param.php:81
 #: ../admin/mem_param.php:85
@@ -2397,6 +2397,10 @@ msgstr "D
 msgid "%s accounts"
 msgstr "%s comptes"
 
+#
+msgid "You cannot disable your own account."
+msgstr "Vous ne pouvez pas désactiver votre propre compte !" 
+
 #: ../admin/adm_panel.php:57 ../admin/adm_panel.php:56
 msgid "Account creation statistics"
 msgstr "Statistiques de création des comptes"
@@ -2880,3 +2884,11 @@ msgstr "Vous devez cocher les bases de donn
 msgid "Main database"
 msgstr "Base de données principale"
 
+msgid "This account is now a normal account"
+msgstr "Ce compte est maintenant un compte normal"
+
+msgid "This account is now an administrator account"
+msgstr "Ce compte est maintenant un compte administrateur"
+
+
+