Correctly escape the footer description from theming

Signed-off-by: Joas Schilling <coding@schilljs.com>

diff --git a/apps/files_sharing/templates/public.php b/apps/files_sharing/templates/public.php
index dd2ea855b0b23ac7453e0ab97b989be75881afce..123a5cb4f5381b421b594434f541073186fe588d 100644 (file)
--- a/apps/files_sharing/templates/public.php
+++ b/apps/files_sharing/templates/public.php
@@ -120,7 +120,7 @@ $maxUploadFilesize = min($upload_max_filesize, $post_max_size);
        <input type="hidden" name="dir" id="dir" value="" />
        <div class="hiddenuploadfield">
        <input type="file" id="file_upload_start" class="hiddenuploadfield" name="files[]"
-               data-url="<?php print_unescaped(OCP\Util::linkTo('files', 'ajax/upload.php')); ?>" />
+               data-url="<?php p(OCP\Util::linkTo('files', 'ajax/upload.php')); ?>" />
        </div>
        <?php endif; ?>
        <footer>

diff --git a/apps/theming/lib/ThemingDefaults.php b/apps/theming/lib/ThemingDefaults.php
index 36f19157637256fee9957e3773fc9a7b2b8c0d66..b84f7b253182558dbdd8b7c043e4e470658f9028 100644 (file)
--- a/apps/theming/lib/ThemingDefaults.php
+++ b/apps/theming/lib/ThemingDefaults.php
@@ -81,7 +81,7 @@ class ThemingDefaults extends \OC_Defaults {
        }
 
        public function getName() {
-               return $this->config->getAppValue('theming', 'name', $this->name);
+               return strip_tags($this->config->getAppValue('theming', 'name', $this->name));
        }
 
        public function getHTMLName() {
@@ -89,11 +89,11 @@ class ThemingDefaults extends \OC_Defaults {
        }
 
        public function getTitle() {
-               return $this->config->getAppValue('theming', 'name', $this->name);
+               return $this->getName();
        }
 
        public function getEntity() {
-               return $this->config->getAppValue('theming', 'name', $this->name);
+               return $this->getName();
        }
 
        public function getBaseUrl() {
@@ -101,7 +101,7 @@ class ThemingDefaults extends \OC_Defaults {
        }
 
        public function getSlogan() {
-               return $this->config->getAppValue('theming', 'slogan', $this->slogan);
+               return \OC_Util::sanitizeHTML($this->config->getAppValue('theming', 'slogan', $this->slogan));
        }
 
        public function getShortFooter() {