Make some apps compatible

diff --git a/apps/calendar/index.php b/apps/calendar/index.php
index cf03a7a3cd33786bd7acf0569835aa44a406045a..05a808a5ae0056d39424f757b6dafb1eff421ce5 100644 (file)
--- a/apps/calendar/index.php
+++ b/apps/calendar/index.php
@@ -54,9 +54,9 @@ OCP\Util::addscript('contacts','jquery.multi-autocomplete');
 OCP\Util::addscript('','oc-vcategories');
 OCP\App::setActiveNavigationEntry('calendar_index');
 $tmpl = new OCP\Template('calendar', 'calendar', 'user');
-$tmpl->assign('eventSources', $eventSources);
+$tmpl->assign('eventSources', $eventSources,false);
 $tmpl->assign('categories', $categories);
 if(array_key_exists('showevent', $_GET)){
-       $tmpl->assign('showevent', $_GET['showevent']);
+       $tmpl->assign('showevent', $_GET['showevent'], false);
 }
 $tmpl->printPage();

diff --git a/apps/contacts/ajax/addproperty.php b/apps/contacts/ajax/addproperty.php
index 42b0c782035428aa7f160380d1cc2f8664cf0434..94e09bac19098b9d35094d202eb5ef32311c6a5f 100644 (file)
--- a/apps/contacts/ajax/addproperty.php
+++ b/apps/contacts/ajax/addproperty.php
@@ -82,6 +82,7 @@ if(is_array($value)) {
        $value = strip_tags($value);
 }
 
+/* preprocessing value */
 switch($name) {
        case 'BDAY':
                $date = New DateTime($value);
@@ -94,6 +95,8 @@ switch($name) {
        case 'N':
        case 'ORG':
        case 'NOTE':
+               $value = str_replace('\n', ' \\n', $value);
+               break;
        case 'NICKNAME':
                // TODO: Escape commas and semicolons.
                break;
@@ -105,8 +108,14 @@ switch($name) {
                break;
 }
 
-
-$property = $vcard->addProperty($name, $value); //, $parameters);
+switch($name) {
+       case 'NOTE':
+               $vcard->setString('NOTE', $value);
+               break;
+       default:
+               $property = $vcard->addProperty($name, $value); //, $parameters);
+               break;
+}
 
 $line = count($vcard->children) - 1;
 

diff --git a/apps/contacts/templates/part.contacts.php b/apps/contacts/templates/part.contacts.php
index 57517505405fdd63c640d293feb312d41d58dd9d..00a61f72fdd9ce578db6146e9db3e8d58cc4b794 100644 (file)
--- a/apps/contacts/templates/part.contacts.php
+++ b/apps/contacts/templates/part.contacts.php
@@ -8,5 +8,5 @@
                }
        }
 ?>
-       <li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo htmlspecialchars($display); ?></a></li>
+       <li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo $display; ?></a></li>
 <?php endforeach; ?>

diff --git a/apps/files/ajax/list.php b/apps/files/ajax/list.php
index ceb8d158580a45255f5b5cb9d4db899a13cf7d31..f0600a179d00791f52acacc372446e7ee8451ac1 100644 (file)
--- a/apps/files/ajax/list.php
+++ b/apps/files/ajax/list.php
@@ -38,7 +38,7 @@ foreach( OC_Files::getdirectorycontent( $dir ) as $i ){
 }
 
 $list = new OCP\Template( "files", "part.list", "" );
-$list->assign( "files", $files );
+$list->assign( "files", $files, false );
 $data = array('files' => $list->fetchPage());
 
 OCP\JSON::success(array('data' => $data));

diff --git a/apps/files/index.php b/apps/files/index.php
index 60a3836cb591d3d66ef3a14ad9301f544373b76f..ed36c5edab04276ddf24d603d1ef8b9d739372ca 100644 (file)
--- a/apps/files/index.php
+++ b/apps/files/index.php
@@ -73,12 +73,12 @@ foreach( explode( '/', $dir ) as $i ){
 
 // make breadcrumb und filelist markup
 $list = new OCP\Template( 'files', 'part.list', '' );
-$list->assign( 'files', $files );
-$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
-$list->assign( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file=');
+$list->assign( 'files', $files, false );
+$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=', false);
+$list->assign( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file=', false);
 $breadcrumbNav = new OCP\Template( 'files', 'part.breadcrumb', '' );
-$breadcrumbNav->assign( 'breadcrumb', $breadcrumb );
-$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
+$breadcrumbNav->assign( 'breadcrumb', $breadcrumb, false );
+$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=', false);
 
 $upload_max_filesize = OCP\Util::computerFileSize(ini_get('upload_max_filesize'));
 $post_max_size = OCP\Util::computerFileSize(ini_get('post_max_size'));
@@ -89,8 +89,8 @@ $freeSpace=max($freeSpace,0);
 $maxUploadFilesize = min($maxUploadFilesize ,$freeSpace);
 
 $tmpl = new OCP\Template( 'files', 'index', 'user' );
-$tmpl->assign( 'fileList', $list->fetchPage() );
-$tmpl->assign( 'breadcrumb', $breadcrumbNav->fetchPage() );
+$tmpl->assign( 'fileList', $list->fetchPage(), false );
+$tmpl->assign( 'breadcrumb', $breadcrumbNav->fetchPage(), false );
 $tmpl->assign( 'dir', $dir);
 $tmpl->assign( 'readonly', !OC_Filesystem::is_writable($dir.'/'));
 $tmpl->assign( 'files', $files );

diff --git a/apps/gallery/lib/tiles.php b/apps/gallery/lib/tiles.php
index 5837c752ef66bd9de338d77ab6ea059d653083da..e43c99bb76a0cee7bd879d4c9e6d22f9deb19135 100644 (file)
--- a/apps/gallery/lib/tiles.php
+++ b/apps/gallery/lib/tiles.php
@@ -141,7 +141,7 @@ class TileStack extends TileBase {
        }
 
        public function get() {
-               $r = '<div class="title gallery_div">'.htmlentities($this->stack_name).'</div>';
+               $r = '<div class="title gallery_div">'.$this->stack_name.'</div>';
                for ($i = 0; $i < count($this->tiles_array); $i++) {
                        $top = rand(-5, 5);
                        $left = rand(-5, 5);
@@ -168,7 +168,7 @@ class TileStack extends TileBase {
        }
        
        public function getOnClickAction() {
-               return 'javascript:openNewGal(\''.htmlentities($this->stack_name).'\');';
+               return 'javascript:openNewGal(\''.$this->stack_name.'\');';
        }
 
        private $tiles_array;

diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index d2404a80aa5c2412fbc0d8d3251eb03d9299a448..78bc5b46566e9d7ce7ed1b31e4770207d0d1bc06 100644 (file)
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -186,7 +186,7 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
                if(!$this->configured) {
                        return array();
                }
-               if(is_null($this->_groups)) {
+               if(empty($this->_groups)) {
                        $ldap_groups = OC_LDAP::fetchListOfGroups($this->ldapGroupFilter, array(OC_LDAP::conf('ldapGroupDisplayName'), 'dn'));
                        $this->_groups = OC_LDAP::ownCloudGroupNames($ldap_groups);
                }

diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php
index f1a474ff27d9fa1c59f030a73f533fb2d1ed73d2..42084855e85db7d9242b109acdacd889fe9f3607 100644 (file)
--- a/apps/user_ldap/settings.php
+++ b/apps/user_ldap/settings.php
@@ -20,7 +20,7 @@
  * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_agent_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute');
+$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_agent_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_group_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute');
 
 OCP\Util::addscript('user_ldap', 'settings');
 
@@ -47,13 +47,14 @@ if ($_POST) {
 // fill template
 $tmpl = new OCP\Template( 'user_ldap', 'settings');
 foreach($params as $param){
-               $value = htmlentities(OCP\Config::getAppValue('user_ldap', $param,''));
+               $value = OCP\Config::getAppValue('user_ldap', $param,'');
                $tmpl->assign($param, $value);
 }
 
 // settings with default values
 $tmpl->assign( 'ldap_port', OCP\Config::getAppValue('user_ldap', 'ldap_port', '389'));
 $tmpl->assign( 'ldap_display_name', OCP\Config::getAppValue('user_ldap', 'ldap_display_name', 'uid'));
+$tmpl->assign( 'ldap_group_display_name', OCP\Config::getAppValue('user_ldap', 'ldap_group_display_name', 'cn'));
 $tmpl->assign( 'ldap_group_member_assoc_attribute', OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember'));
 $tmpl->assign( 'ldap_agent_password', base64_decode(OCP\Config::getAppValue('user_ldap', 'ldap_agent_password')));
 

diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
index 3462f2473f4f55d59f0b3c331df23b1ba86a300d..31f453b5a5a873dc3d68f4737d07ba9239e4879c 100644 (file)
--- a/apps/user_ldap/templates/settings.php
+++ b/apps/user_ldap/templates/settings.php
@@ -22,6 +22,7 @@
                <p><input type="checkbox" id="ldap_nocase" name="ldap_nocase" value="1"<?php if (isset($_['ldap_nocase']) && ($_['ldap_nocase'])) echo ' checked'; ?>><label for="ldap_nocase"><?php echo $l->t('Case insensitve LDAP server (Windows)');?></label></p>
                <p><label for="ldap_display_name"><?php echo $l->t('Display Name Field');?></label><input type="text" id="ldap_display_name" name="ldap_display_name" value="<?php echo $_['ldap_display_name']; ?>" />
                <small><?php echo $l->t('Currently the display name field needs to be the same you matched %%uid against in the filter above, because ownCloud doesn\'t distinguish between user id and user name.');?></small></p>
+               <p><label for="ldap_group_display_name"><?php echo $l->t('Group Display Name Field');?></label><input type="text" id="ldap_group_display_name" name="ldap_group_display_name" value="<?php echo $_['ldap_group_display_name']; ?>" /></p>
                <p><label for="ldap_quota_attr">Quota Attribute</label><input type="text" id="ldap_quota_attr" name="ldap_quota_attr" value="<?php echo $_['ldap_quota_attr']; ?>" />
                <label for="ldap_quota_def">Quota Default</label><input type="text" id="ldap_quota_def" name="ldap_quota_def" value="<?php if (isset($_['ldap_quota_def'])) echo $_['ldap_quota_def']; ?>" />bytes</p>
                <p><label for="ldap_email_attr">Email Attribute</label><input type="text" id="ldap_email_attr" name="ldap_email_attr" value="<?php echo $_['ldap_email_attr']; ?>" /></p>

diff --git a/core/templates/login.php b/core/templates/login.php
index 41d6ba41ef8e0df52d9d04e7f67ca3e557664a98..a40bf5c330a8da2a3cc0655b87f29c21f74b5b03 100644 (file)
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -1,7 +1,7 @@
 <!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->
 <form action="index.php" method="post">
        <fieldset>
-               <?php if(!empty($_['redirect'])) { echo '<input type="hidden" name="redirect_url" value="'.htmlentities($_['redirect']).'" />'; } ?>
+               <?php if(!empty($_['redirect'])) { echo '<input type="hidden" name="redirect_url" value="'.$_['redirect'].'" />'; } ?>
                <?php if($_['error']): ?>
                        <a href="./core/lostpassword/"><?php echo $l->t('Lost your password?'); ?></a>
                <?php endif; ?>

diff --git a/index.php b/index.php
index 07f8436720da380baa088c8ad7a0b756d743d0da..b90b1b310a90864fc5e277bbd3f6a65b687492e5 100755 (executable)
--- a/index.php
+++ b/index.php
@@ -112,6 +112,7 @@ elseif(OC_User::isLoggedIn()) {
                if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"]))  {
                        //OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG);
                        OC_User::unsetMagicInCookie();
+                       $_REQUEST['redirect_url'] = (isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:'');
                        OC_Util::redirectToDefaultPage();
                }else{
                        $error = true;

diff --git a/lib/template.php b/lib/template.php
index 688199a878cbcd7f1374f9566a2e30f0f28104c2..ba82b21774a1a6dcd96e3a3f5352ff7dd36d497a 100644 (file)
--- a/lib/template.php
+++ b/lib/template.php
@@ -286,10 +286,8 @@ class OC_Template{
         * This function is internally used to sanitize HTML.
         */
        private static function sanitizeHTML( &$value ){
-               if(is_string($value)) {
-        $value = htmlentities( $value, ENT_QUOTES );
-        return $value;
-        }
+                       $value = htmlentities( $value );
+                       return $value;
     }
 
        /**
@@ -528,13 +526,13 @@ class OC_Template{
                        $_ = array_merge( $additionalparams, $this->vars );
                }
 
-               // Einbinden
+               // Include
                ob_start();
                include( $this->path.$file.'.php' );
                $data = ob_get_contents();
                @ob_end_clean();
 
-               // Daten zurückgeben
+               // Return data
                return $data;
        }
 
@@ -548,7 +546,7 @@ class OC_Template{
        public static function printUserPage( $application, $name, $parameters = array() ){
                $content = new OC_Template( $application, $name, "user" );
                foreach( $parameters as $key => $value ){
-                       $content->assign( $key, $value );
+                       $content->assign( $key, $value, false );
                }
                print $content->printPage();
        }
@@ -563,7 +561,7 @@ class OC_Template{
        public static function printAdminPage( $application, $name, $parameters = array() ){
                $content = new OC_Template( $application, $name, "admin" );
                foreach( $parameters as $key => $value ){
-                       $content->assign( $key, $value );
+                       $content->assign( $key, $value, false );
                }
                return $content->printPage();
        }
@@ -578,7 +576,7 @@ class OC_Template{
        public static function printGuestPage( $application, $name, $parameters = array() ){
                $content = new OC_Template( $application, $name, "guest" );
                foreach( $parameters as $key => $value ){
-                       $content->assign( $key, $value );
+                       $content->assign( $key, $value,false );
                }
                return $content->printPage();
        }

diff --git a/lib/util.php b/lib/util.php
old mode 100644 (file)
new mode 100755 (executable)
index 7c85db7..d1d5983
--- a/lib/util.php
+++ b/lib/util.php
@@ -332,7 +332,8 @@ class OC_Util {
        * Redirect to the user default page
        */
        public static function redirectToDefaultPage(){
-               if(isset($_REQUEST['redirect_url']) && substr($_REQUEST['redirect_url'], 0, strlen(OC::$WEBROOT)) == OC::$WEBROOT) {
+               OC_Log::write('core','redirectToDefaultPage',OC_Log::DEBUG);
+               if(isset($_REQUEST['redirect_url']) && (substr($_REQUEST['redirect_url'], 0, strlen(OC::$WEBROOT)) == OC::$WEBROOT || $_REQUEST['redirect_url'][0] == '/')) {
                        header( 'Location: '.$_REQUEST['redirect_url']);
                } else {
                        header( 'Location: '.OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files'));
@@ -358,12 +359,30 @@ class OC_Util {
         * Todo: Write howto
         */
        public static function callRegister(){
+               //mamimum time before token exires
+               $maxtime=(60*60);  // 1 hour
+
                // generate a random token.
                $token=mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000);
 
                // store the token together with a timestamp in the session.
                $_SESSION['requesttoken-'.$token]=time();
 
+               // cleanup old tokens garbage collector
+               // only run every 20th time so we don´t waste cpu cycles
+               if(rand(0,20)==0) {  
+                       foreach($_SESSION as $key=>$value) {
+                               // search all tokens in the session
+                               if(substr($key,0,12)=='requesttoken') {
+                                       if($value+$maxtime<time()){
+                                               // remove outdated tokens
+                                               unset($_SESSION[$key]);                                         
+                                       }
+                               }       
+                       }
+               }
+
+
                // return the token
                return($token);
        }

diff --git a/settings/admin.php b/settings/admin.php
index a997bad4e3c8553987a73f0ec87ea4194d057dc5..fed0fe9ff8712c1ef4c584245ec269844c4c4467 100644 (file)
--- a/settings/admin.php
+++ b/settings/admin.php
@@ -22,7 +22,7 @@ function compareEntries($a,$b){
 }
 usort($entries, 'compareEntries');
 
-$tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 ));
+$tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 ), false);
 $tmpl->assign('entries',$entries);
 $tmpl->assign('forms',array());
 foreach($forms as $form){

diff --git a/settings/apps.php b/settings/apps.php
index 7908e6cc18b50e36e150b3ef5fd2b5bc8f18aa38..f85b28158f584352c6edcf23f99b43186f185d10 100644 (file)
--- a/settings/apps.php
+++ b/settings/apps.php
@@ -92,7 +92,7 @@ usort($apps, 'app_sort');
 
 
 $tmpl = new OC_Template( "settings", "apps", "user" );
-$tmpl->assign('apps',$apps);
+$tmpl->assign('apps',$apps, false);
 
 $tmpl->printPage();
 

diff --git a/settings/templates/admin.php b/settings/templates/admin.php
index d167f2780ef310e335cf0c45b2e584f728249cc4..38c6042c82ae68fa5022b0c6d75d3a4a452a7241 100644 (file)
--- a/settings/templates/admin.php
+++ b/settings/templates/admin.php
@@ -29,7 +29,7 @@ $levels=array('Debug','Info','Warning','Error','Fatal');
                                <?php echo $entry->app;?>
                        </td>
                        <td>
-                               <?php echo htmlentities($entry->message);?>
+                               <?php echo $entry->message;?>
                        </td>
                        <td>
                                <?php echo OC_Util::formatDate($entry->time);?>

diff --git a/settings/templates/help.php b/settings/templates/help.php
index cf61207e6015bf3ac3978570627104b60b3841df..a53ec76d681a28fb805cb0987728873e4c9e404f 100644 (file)
--- a/settings/templates/help.php
+++ b/settings/templates/help.php
@@ -26,9 +26,9 @@
        <?php foreach($_["kbe"] as $kb): ?>
        <div class="helpblock">
                <?php if($kb["preview1"] <> "") { echo('<img class="preview" src="'.$kb["preview1"].'" />'); } ?>
-               <?php if($kb['detailpage']<>'') echo('<p><a target="_blank" href="'.$kb['detailpage'].'"><strong>'.htmlentities($kb["name"]).'</strong></a></p>');?>
-               <p><?php echo htmlentities($kb['description']);?></p>
-               <?php if($kb['answer']<>'') echo('<p><strong>'.$l->t('Answer').':</strong><p>'.htmlentities($kb['answer']).'</p>');?>
+               <?php if($kb['detailpage']<>'') echo('<p><a target="_blank" href="'.$kb['detailpage'].'"><strong>'.$kb["name"].'</strong></a></p>');?>
+               <p><?php echo $kb['description'];?></p>
+               <?php if($kb['answer']<>'') echo('<p><strong>'.$l->t('Answer').':</strong><p>'.$kb['answer'].'</p>');?>
        </div>
        <?php endforeach;
 endif?>