if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){
$sectoken=rand(1000000,9999999);
$_SESSION['sectoken']=$sectoken;
- $redirect_url = (isset($_REQUEST['redirect_url'])) ? strip_tags($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI'];
+ $redirect_url = (isset($_REQUEST['redirect_url'])) ? OC_Util::sanitizeHTML($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI'];
OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url));
}
}
*
* If the key existed before, it will be overwritten
*/
+
public function assign( $key, $value ){
$this->vars[$key] = $value;
return true;
usort($entries, 'compareEntries');
$tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 ));
-$tmpl->assign('entries',$entries);
+$tmpl->assign('entries',OC_Util::sanitizeHTML($entries));
$tmpl->assign('forms',array());
foreach($forms as $form){
$tmpl->append('forms',$form);
$offset=(isset($_GET['offset']))?$_GET['offset']:0;
$entries=OC_Log_Owncloud::getEntries($count,$offset);
-OC_JSON::success(array("data" => $entries));
+OC_JSON::success(array("data" => OC_Util::sanitizeHTML($entries)));
row.append(appTd);
var messageTd=$('<td/>');
- messageTd.text(entry.message.replace(/</, "<").replace(/>/, ">"));
+ messageTd.text(entry.message);
row.append(messageTd);
var timeTd=$('<td/>');