From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Wed, 20 Jun 2012 10:23:26 +0000 (+0200)
Subject: use new sanitizeHTML() function
X-Git-Tag: v4.0.3~35
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=0e61b5457b0a54cfc3433f07c9d65a14bdb90498;p=nextcloud-server.git

use new sanitizeHTML() function
---

diff --git a/apps/media/js/collection.js b/apps/media/js/collection.js
index 03d577c7c98..161fc0c6810 100644
--- a/apps/media/js/collection.js
+++ b/apps/media/js/collection.js
@@ -97,13 +97,13 @@ Collection={
 					if(artist.name && artist.songs.length>0){
 						var tr=template.clone().removeClass('template');
 						if(artist.songs.length>1){
-							tr.find('td.title a').text(artist.songs.length+' '+t('media','songs'));
-							tr.find('td.album a').text(artist.albums.length+' '+t('media','albums'));
+							tr.find('td.title a').html(artist.songs.length+' '+t('media','songs'));
+							tr.find('td.album a').html(artist.albums.length+' '+t('media','albums'));
 						}else{
-							tr.find('td.title a').text(artist.songs[0].name);
-							tr.find('td.album a').text(artist.albums[0].name);
+							tr.find('td.title a').html(artist.songs[0].name);
+							tr.find('td.album a').html(artist.albums[0].name);
 						}
-						tr.find('td.artist a').text(artist.name);
+						tr.find('td.artist a').html(artist.name);
 						tr.data('artistData',artist);
 						tr.find('td.artist a').click(function(event){
 							event.preventDefault();
diff --git a/apps/media/lib_scanner.php b/apps/media/lib_scanner.php
index 82170e5ca82..a8218c3a4d0 100644
--- a/apps/media/lib_scanner.php
+++ b/apps/media/lib_scanner.php
@@ -79,19 +79,19 @@ class OC_MEDIA_SCANNER{
 			OCP\Util::writeLog('media',"error reading artist tag in '$file'",OCP\Util::WARN);
 			$artist='unknown';
 		}else{
-			$artist=strip_tags(stripslashes($data['comments']['artist'][0]));
+			$artist=OCP\Util::sanitizeHTML(stripslashes($data['comments']['artist'][0]));
 		}
 		if(!isset($data['comments']['album'])){
 			OCP\Util::writeLog('media',"error reading album tag in '$file'",OCP\Util::WARN);
 			$album='unknown';
 		}else{
-			$album=strip_tags(stripslashes($data['comments']['album'][0]));
+			$album=OCP\Util::sanitizeHTML(stripslashes($data['comments']['album'][0]));
 		}
 		if(!isset($data['comments']['title'])){
 			OCP\Util::writeLog('media',"error reading title tag in '$file'",OCP\Util::WARN);
 			$title='unknown';
 		}else{
-			$title=strip_tags(stripslashes($data['comments']['title'][0]));
+			$title=OCP\Util::sanitizeHTML(stripslashes($data['comments']['title'][0]));
 		}
 		$size=$data['filesize'];
 		if (isset($data['comments']['track']))