use new sanitize HTML function backported

Conflicts:

	lib/template.php

diff --git a/index.php b/index.php
index 4df62327c47a0a11f0f38d3022c45d0e0cefea4b..3c38ff760f8eb478c2480767a6810adfaa10cb87 100644 (file)
--- a/index.php
+++ b/index.php
@@ -118,7 +118,7 @@ elseif(OC_User::isLoggedIn()) {
        if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){
                $sectoken=rand(1000000,9999999);
                $_SESSION['sectoken']=$sectoken;
-               $redirect_url = (isset($_REQUEST['redirect_url'])) ? strip_tags($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI'];
+               $redirect_url = (isset($_REQUEST['redirect_url'])) ? OC_Util::sanitizeHTML($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI'];
                OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url));
        }
 }

diff --git a/lib/template.php b/lib/template.php
index fd2cb34a4a922d71862bef1d0d824e801ef6a70b..dd5dbad4a99620d6cf329302207cccde915f3cde 100644 (file)
--- a/lib/template.php
+++ b/lib/template.php
@@ -268,6 +268,7 @@ class OC_Template{
         *
         * If the key existed before, it will be overwritten
         */
+
        public function assign( $key, $value ){
                $this->vars[$key] = $value;
                return true;

diff --git a/settings/admin.php b/settings/admin.php
index a997bad4e3c8553987a73f0ec87ea4194d057dc5..88aae5bdb6015425133d8fd14793f391f7b2b317 100644 (file)
--- a/settings/admin.php
+++ b/settings/admin.php
@@ -23,7 +23,7 @@ function compareEntries($a,$b){
 usort($entries, 'compareEntries');
 
 $tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 ));
-$tmpl->assign('entries',$entries);
+$tmpl->assign('entries',OC_Util::sanitizeHTML($entries));
 $tmpl->assign('forms',array());
 foreach($forms as $form){
        $tmpl->append('forms',$form);

diff --git a/settings/ajax/getlog.php b/settings/ajax/getlog.php
index ed48b2cae1ad14af1f4cfdb8e6b02375ed590832..d9e80de37bac1a54836b5c6f918ec79ebcc67c98 100644 (file)
--- a/settings/ajax/getlog.php
+++ b/settings/ajax/getlog.php
@@ -14,4 +14,4 @@ $count=(isset($_GET['count']))?$_GET['count']:50;
 $offset=(isset($_GET['offset']))?$_GET['offset']:0;
 
 $entries=OC_Log_Owncloud::getEntries($count,$offset);
-OC_JSON::success(array("data" => $entries));
+OC_JSON::success(array("data" => OC_Util::sanitizeHTML($entries)));

diff --git a/settings/js/log.js b/settings/js/log.js
index bde8b8b104c9334704cd64f7281fb9e28a6d5f2d..6063c7d9a9fe8cb41834e832a1f8416b31c6f3ae 100644 (file)
--- a/settings/js/log.js
+++ b/settings/js/log.js
@@ -39,7 +39,7 @@ OC.Log={
                        row.append(appTd);
                        
                        var messageTd=$('<td/>');
-                       messageTd.text(entry.message.replace(/</, "&lt;").replace(/>/, "&gt;"));
+                       messageTd.text(entry.message);
                        row.append(messageTd);
                        
                        var timeTd=$('<td/>');