First try of implementing assignHTML

author Lukas Reschke <lukas@statuscode.ch>

Mon, 11 Jun 2012 10:45:07 +0000 (12:45 +0200)

committer Lukas Reschke <lukas@statuscode.ch>

Mon, 11 Jun 2012 10:45:07 +0000 (12:45 +0200)
author Lukas Reschke <lukas@statuscode.ch>
Mon, 11 Jun 2012 10:45:07 +0000 (12:45 +0200)
committer Lukas Reschke <lukas@statuscode.ch>
Mon, 11 Jun 2012 10:45:07 +0000 (12:45 +0200)
diff --git a/apps/calendar/index.php b/apps/calendar/index.php

index cf03a7a3cd33786bd7acf0569835aa44a406045a..803f973d6e994a47dff9a27a2c298e9cc51acea5 100644 (file)
--- a/apps/calendar/index.php
+++ b/apps/calendar/index.php
@@ -54,9 +54,9 @@ OCP\Util::addscript('contacts','jquery.multi-autocomplete');
  OCP\Util::addscript('','oc-vcategories');
  OCP\App::setActiveNavigationEntry('calendar_index');
  $tmpl = new OCP\Template('calendar', 'calendar', 'user');
-$tmpl->assign('eventSources', $eventSources);
-$tmpl->assign('categories', $categories);
+$tmpl->assignHTML('eventSources', $eventSources);
+$tmpl->assignHTML('categories', $categories);
  if(array_key_exists('showevent', $_GET)){
-       $tmpl->assign('showevent', $_GET['showevent']);
+       $tmpl->assignHTML('showevent', $_GET['showevent']);
  }
  $tmpl->printPage();
diff --git a/apps/contacts/ajax/addbook.php b/apps/contacts/ajax/addbook.php

index 70f47cc81231245c66c2924a0d546d46e232176d..0b075a0e472fb0e76691e0e2604858de7206765a 100644 (file)
--- a/apps/contacts/ajax/addbook.php
+++ b/apps/contacts/ajax/addbook.php
@@ -14,7 +14,7 @@ $book = array(
         'displayname' => '',
  );
  $tmpl = new OCP\Template('contacts', 'part.editaddressbook');
-$tmpl->assign('new', true);
-$tmpl->assign('addressbook', $book);
+$tmpl->assignHTML('new', true);
+$tmpl->assignHTML('addressbook', $book);
  $tmpl->printPage();
  ?>
diff --git a/apps/contacts/ajax/createaddressbook.php b/apps/contacts/ajax/createaddressbook.php

index af7c19eef519f2aed3300022fdf351c43c204fe6..4a256458ca0a31a08fcdf70fc13a1867afeec40c 100644 (file)
--- a/apps/contacts/ajax/createaddressbook.php
+++ b/apps/contacts/ajax/createaddressbook.php
@@ -33,7 +33,7 @@ if(!OC_Contacts_Addressbook::setActive($bookid, 1)) {
  }
  $addressbook = OC_Contacts_App::getAddressbook($bookid);
  $tmpl = new OCP\Template('contacts', 'part.chooseaddressbook.rowfields');
-$tmpl->assign('addressbook', $addressbook);
+$tmpl->assignHTML('addressbook', $addressbook);
  OCP\JSON::success(array(
         'page' => $tmpl->fetchPage(),
         'addressbook' => $addressbook,
diff --git a/apps/contacts/ajax/editaddressbook.php b/apps/contacts/ajax/editaddressbook.php

index 7a9b757ae0db4c51921e4f663cb255c7daf91b33..18ddfef6dd6579563de1083c715d794bcfd206df 100644 (file)
--- a/apps/contacts/ajax/editaddressbook.php
+++ b/apps/contacts/ajax/editaddressbook.php
@@ -11,7 +11,7 @@ OCP\JSON::checkLoggedIn();
  OCP\JSON::checkAppEnabled('contacts');
  $addressbook = OC_Contacts_App::getAddressbook($_GET['bookid']);
  $tmpl = new OCP\Template("contacts", "part.editaddressbook");
-$tmpl->assign('new', false);
-$tmpl->assign('addressbook', $addressbook);
+$tmpl->assignHTML('new', false);
+$tmpl->assignHTML('addressbook', $addressbook);
  $tmpl->printPage();
  ?>
diff --git a/apps/contacts/ajax/loadcard.php b/apps/contacts/ajax/loadcard.php

index fbb831f4a1260a739c1d4213dd67749ebc7ce3b3..a07120a33f2edfd69169a5a15d072ff14ab9fcca 100644 (file)
--- a/apps/contacts/ajax/loadcard.php
+++ b/apps/contacts/ajax/loadcard.php
@@ -36,12 +36,12 @@ $phone_types = OC_Contacts_App::getTypesOfProperty('TEL');
  $email_types = OC_Contacts_App::getTypesOfProperty('EMAIL');
  
  $tmpl = new OCP\Template('contacts','part.contact');
-$tmpl->assign('uploadMaxFilesize', $maxUploadFilesize);
-$tmpl->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
-$tmpl->assign('adr_types',$adr_types);
-$tmpl->assign('phone_types',$phone_types);
-$tmpl->assign('email_types',$email_types);
-$tmpl->assign('id','');
+$tmpl->assignHTML('uploadMaxFilesize', $maxUploadFilesize);
+$tmpl->assignHTML('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
+$tmpl->assignHTML('adr_types',$adr_types);
+$tmpl->assignHTML('phone_types',$phone_types);
+$tmpl->assignHTML('email_types',$email_types);
+$tmpl->assignHTML('id','');
  $page = $tmpl->fetchPage();
  
  OCP\JSON::success(array('data' => array( 'page' => $page )));
diff --git a/apps/contacts/index.php b/apps/contacts/index.php

index 74b7c43c556c19f53256c433170ad8fbbc5a18af..865a0cc35f7ba1fb88a7b28dcaf6c0a410cc2029 100644 (file)
--- a/apps/contacts/index.php
+++ b/apps/contacts/index.php
@@ -59,16 +59,16 @@ OCP\Util::addStyle('contacts','jquery.Jcrop');
  OCP\Util::addStyle('contacts','contacts');
  
  $tmpl = new OCP\Template( "contacts", "index", "user" );
-$tmpl->assign('uploadMaxFilesize', $maxUploadFilesize);
-$tmpl->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
-$tmpl->assign('property_types', $property_types);
-$tmpl->assign('phone_types', $phone_types);
-$tmpl->assign('email_types', $email_types);
-$tmpl->assign('categories', $categories);
-$tmpl->assign('addressbooks', $addressbooks);
-$tmpl->assign('contacts', $contacts);
-$tmpl->assign('details', $details );
-$tmpl->assign('id',$id);
+$tmpl->assignHTML('uploadMaxFilesize', $maxUploadFilesize);
+$tmpl->assignHTML('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
+$tmpl->assignHTML('property_types', $property_types);
+$tmpl->assignHTML('phone_types', $phone_types);
+$tmpl->assignHTML('email_types', $email_types);
+$tmpl->assignHTML('categories', $categories);
+$tmpl->assignHTML('addressbooks', $addressbooks);
+$tmpl->assignHTML('contacts', $contacts);
+$tmpl->assignHTML('details', $details );
+$tmpl->assignHTML('id',$id);
  $tmpl->printPage();
  
  ?>
diff --git a/apps/contacts/templates/part.chooseaddressbook.php b/apps/contacts/templates/part.chooseaddressbook.php

index a0ec053ab9169a3046214cd407c5d7ae71ec32f5..74fab99010bcdb3ea5eaeb225db2a827491254ac 100644 (file)
--- a/apps/contacts/templates/part.chooseaddressbook.php
+++ b/apps/contacts/templates/part.chooseaddressbook.php
@@ -5,8 +5,8 @@ $option_addressbooks = OC_Contacts_Addressbook::all(OCP\USER::getUser());
  for($i = 0; $i < count($option_addressbooks); $i++){
         echo "<tr>";
         $tmpl = new OCP\Template('contacts', 'part.chooseaddressbook.rowfields');
-       $tmpl->assign('addressbook', $option_addressbooks[$i]);
-       $tmpl->assign('active', OC_Contacts_Addressbook::isActive($option_addressbooks[$i]['id']));
+       $tmpl->assignHTML('addressbook', $option_addressbooks[$i]);
+       $tmpl->assignHTML('active', OC_Contacts_Addressbook::isActive($option_addressbooks[$i]['id']));
         $tmpl->printpage();
         echo "</tr>";
  }
diff --git a/apps/files/admin.php b/apps/files/admin.php

index d05eb7267b7d5e8ee2431fc0619060296eeaff76..5534c5545ed9482de11319be8a6ff9685f855adf 100644 (file)
--- a/apps/files/admin.php
+++ b/apps/files/admin.php
@@ -54,9 +54,9 @@ OCP\App::setActiveNavigationEntry( "files_administration" );
  $htaccessWritable=is_writable(OC::$SERVERROOT.'/.htaccess');
  
  $tmpl = new OCP\Template( 'files', 'admin' );
-$tmpl->assign( 'uploadChangable', $htaccessWorking and $htaccessWritable );
-$tmpl->assign( 'uploadMaxFilesize', $maxUploadFilesize);
-$tmpl->assign( 'maxPossibleUploadSize', OCP\Util::humanFileSize(PHP_INT_MAX));
-$tmpl->assign( 'allowZipDownload', $allowZipDownload);
-$tmpl->assign( 'maxZipInputSize', $maxZipInputSize);
+$tmpl->assignHTML( 'uploadChangable', $htaccessWorking and $htaccessWritable );
+$tmpl->assignHTML( 'uploadMaxFilesize', $maxUploadFilesize);
+$tmpl->assignHTML( 'maxPossibleUploadSize', OCP\Util::humanFileSize(PHP_INT_MAX));
+$tmpl->assignHTML( 'allowZipDownload', $allowZipDownload);
+$tmpl->assignHTML( 'maxZipInputSize', $maxZipInputSize);
  return $tmpl->fetchPage();
 \ No newline at end of file
diff --git a/apps/files/index.php b/apps/files/index.php

index 60a3836cb591d3d66ef3a14ad9301f544373b76f..8f98f34794a4d45838ca6d12c04c5f38a9c0db45 100644 (file)
--- a/apps/files/index.php
+++ b/apps/files/index.php
@@ -73,12 +73,12 @@ foreach( explode( '/', $dir ) as $i ){
  
  // make breadcrumb und filelist markup
  $list = new OCP\Template( 'files', 'part.list', '' );
-$list->assign( 'files', $files );
-$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
-$list->assign( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file=');
+$list->assignHTML( 'files', $files );
+$list->assignHTML( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
+$list->assignHTML( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file=');
  $breadcrumbNav = new OCP\Template( 'files', 'part.breadcrumb', '' );
-$breadcrumbNav->assign( 'breadcrumb', $breadcrumb );
-$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
+$breadcrumbNav->assignHTML( 'breadcrumb', $breadcrumb );
+$breadcrumbNav->assignHTML( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
  
  $upload_max_filesize = OCP\Util::computerFileSize(ini_get('upload_max_filesize'));
  $post_max_size = OCP\Util::computerFileSize(ini_get('post_max_size'));
@@ -89,14 +89,14 @@ $freeSpace=max($freeSpace,0);
  $maxUploadFilesize = min($maxUploadFilesize ,$freeSpace);
  
  $tmpl = new OCP\Template( 'files', 'index', 'user' );
-$tmpl->assign( 'fileList', $list->fetchPage() );
-$tmpl->assign( 'breadcrumb', $breadcrumbNav->fetchPage() );
-$tmpl->assign( 'dir', $dir);
-$tmpl->assign( 'readonly', !OC_Filesystem::is_writable($dir.'/'));
-$tmpl->assign( 'files', $files );
-$tmpl->assign( 'uploadMaxFilesize', $maxUploadFilesize);
-$tmpl->assign( 'uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
-$tmpl->assign( 'allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true)));
+$tmpl->assignHTML( 'fileList', $list->fetchPage() );
+$tmpl->assignHTML( 'breadcrumb', $breadcrumbNav->fetchPage() );
+$tmpl->assignHTML( 'dir', $dir);
+$tmpl->assignHTML( 'readonly', !OC_Filesystem::is_writable($dir.'/'));
+$tmpl->assignHTML( 'files', $files );
+$tmpl->assignHTML( 'uploadMaxFilesize', $maxUploadFilesize);
+$tmpl->assignHTML( 'uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
+$tmpl->assignHTML( 'allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true)));
  $tmpl->printPage();
  
  ?>
diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php

index 78bc5b46566e9d7ce7ed1b31e4770207d0d1bc06..d2404a80aa5c2412fbc0d8d3251eb03d9299a448 100644 (file)
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -186,7 +186,7 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
                 if(!$this->configured) {
                         return array();
                 }
-               if(empty($this->_groups)) {
+               if(is_null($this->_groups)) {
                         $ldap_groups = OC_LDAP::fetchListOfGroups($this->ldapGroupFilter, array(OC_LDAP::conf('ldapGroupDisplayName'), 'dn'));
                         $this->_groups = OC_LDAP::ownCloudGroupNames($ldap_groups);
                 }
diff --git a/lib/template.php b/lib/template.php

index 14833a1e5b5e24f684fd5aee1c681dec4e0b54ad..5230ad031fbad880026b46cc93e3a191a8a26078 100644 (file)
--- a/lib/template.php
+++ b/lib/template.php
@@ -156,9 +156,11 @@ class OC_Template{
                 $this->application = $app;
                 $this->vars = array();
                 $this->l10n = OC_L10N::get($app);
-                header('X-Frame-Options: Sameorigin');
-                header('X-XSS-Protection: 1; mode=block');
-                header('X-Content-Type-Options: nosniff');
+        
+        // Some security settings
+        header('X-Frame-Options: Sameorigin');
+        header('X-XSS-Protection: 1; mode=block');
+        header('X-Content-Type-Options: nosniff');
   
                 $this->findTemplate($name);
         }
@@ -256,7 +258,7 @@ class OC_Template{
         }
  
         /**
-        * @brief Assign variables
+        * @brief Assign variables and sanitizes the data
          * @param $key key
          * @param $value value
          * @returns true
@@ -267,6 +269,23 @@ class OC_Template{
          * If the key existed before, it will be overwritten
          */
         public function assign( $key, $value ){
+               $this->vars[$key] = htmlentities($value);
+               return true;
+       }
+
+
+       /**
+        * @brief Assign variables
+        * @param $key key
+        * @param $value value
+        * @returns true
+        *
+        * This function assigns a variable. It can be accessed via $_[$key] in
+        * the template.
+        *
+        * If the key existed before, it will be overwritten
+        */
+       public function assignHTML( $key, $value ){
                 $this->vars[$key] = $value;
                 return true;
         }
@@ -354,20 +373,20 @@ class OC_Template{
                         // Decide which page we show
                         if( $this->renderas == "user" ){
                                 $page = new OC_Template( "core", "layout.user" );
-                               $page->assign('searchurl',OC_Helper::linkTo( 'search', 'index.php' ));
+                               $page->assignHTML('searchurl',OC_Helper::linkTo( 'search', 'index.php' ));
                                 if(array_search(OC_APP::getCurrentApp(),array('settings','admin','help'))!==false){
-                                       $page->assign('bodyid','body-settings');
+                                       $page->assignHTML('bodyid','body-settings');
                                 }else{
-                                       $page->assign('bodyid','body-user');
+                                       $page->assignHTML('bodyid','body-user');
                                 }
  
                                 // Add navigation entry
                                 $navigation = OC_App::getNavigation();
-                               $page->assign( "navigation", $navigation);
-                               $page->assign( "settingsnavigation", OC_App::getSettingsNavigation());
+                               $page->assignHTML( "navigation", $navigation);
+                               $page->assignHTML( "settingsnavigation", OC_App::getSettingsNavigation());
                                 foreach($navigation as $entry) {
                                         if ($entry['active']) {
-                                               $page->assign( 'application', $entry['name'] );
+                                               $page->assignHTML( 'application', $entry['name'] );
                                                 break;
                                         }
                                 }
@@ -381,7 +400,7 @@ class OC_Template{
                         // Read the detected formfactor and use the right file name.
                         $fext = self::getFormFactorExtension();
  
-                       $page->assign('jsfiles', array());
+                       $page->assignHTML('jsfiles', array());
                         // Add the core js files or the js files provided by the selected theme
                         foreach(OC_Util::$scripts as $script){
                                 // Is it in 3rd party?
@@ -418,7 +437,7 @@ class OC_Template{
                                 }
                         }
                         // Add the css files
-                       $page->assign('cssfiles', array());
+                       $page->assignHTML('cssfiles', array());
                         foreach(OC_Util::$styles as $style){
                                 // is it in 3rdparty?
                                  if($page->appendIfExist('cssfiles', OC::$THIRDPARTYROOT, OC::$THIRDPARTYWEBROOT, $style.'.css')) {
@@ -456,13 +475,13 @@ class OC_Template{
                         }
  
                         // Add custom headers
-                       $page->assign('headers',$this->headers);
+                       $page->assignHTML('headers',$this->headers);
                         foreach(OC_Util::$headers as $header){
                                 $page->append('headers',$header);
                         }
  
                         // Add css files and js files
-                       $page->assign( "content", $data );
+                       $page->assignHTML( "content", $data );
                         return $page->fetchPage();
                 }
                 else{
author	Lukas Reschke <lukas@statuscode.ch>
	Mon, 11 Jun 2012 10:45:07 +0000 (12:45 +0200)
committer	Lukas Reschke <lukas@statuscode.ch>
	Mon, 11 Jun 2012 10:45:07 +0000 (12:45 +0200)
apps/calendar/index.php		patch \| blob \| history
apps/contacts/ajax/addbook.php		patch \| blob \| history
apps/contacts/ajax/createaddressbook.php		patch \| blob \| history
apps/contacts/ajax/editaddressbook.php		patch \| blob \| history
apps/contacts/ajax/loadcard.php		patch \| blob \| history
apps/contacts/index.php		patch \| blob \| history
apps/contacts/templates/part.chooseaddressbook.php		patch \| blob \| history
apps/files/admin.php		patch \| blob \| history
apps/files/index.php		patch \| blob \| history
apps/user_ldap/group_ldap.php		patch \| blob \| history
lib/template.php		patch \| blob \| history