From: Lukas Reschke <lukas@statuscode.ch>
Date: Mon, 11 Jun 2012 10:45:07 +0000 (+0200)
Subject: First try of implementing assignHTML
X-Git-Tag: v4.5.0beta1~74^2~420^2~45^2~11
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=6817a6b10286b0ba7d7b8b9b56cdb23c47e93c81;p=nextcloud-server.git

First try of implementing assignHTML
---

diff --git a/apps/calendar/index.php b/apps/calendar/index.php
index cf03a7a3cd3..803f973d6e9 100644
--- a/apps/calendar/index.php
+++ b/apps/calendar/index.php
@@ -54,9 +54,9 @@ OCP\Util::addscript('contacts','jquery.multi-autocomplete');
 OCP\Util::addscript('','oc-vcategories');
 OCP\App::setActiveNavigationEntry('calendar_index');
 $tmpl = new OCP\Template('calendar', 'calendar', 'user');
-$tmpl->assign('eventSources', $eventSources);
-$tmpl->assign('categories', $categories);
+$tmpl->assignHTML('eventSources', $eventSources);
+$tmpl->assignHTML('categories', $categories);
 if(array_key_exists('showevent', $_GET)){
-	$tmpl->assign('showevent', $_GET['showevent']);
+	$tmpl->assignHTML('showevent', $_GET['showevent']);
 }
 $tmpl->printPage();
diff --git a/apps/contacts/ajax/addbook.php b/apps/contacts/ajax/addbook.php
index 70f47cc8123..0b075a0e472 100644
--- a/apps/contacts/ajax/addbook.php
+++ b/apps/contacts/ajax/addbook.php
@@ -14,7 +14,7 @@ $book = array(
 	'displayname' => '',
 );
 $tmpl = new OCP\Template('contacts', 'part.editaddressbook');
-$tmpl->assign('new', true);
-$tmpl->assign('addressbook', $book);
+$tmpl->assignHTML('new', true);
+$tmpl->assignHTML('addressbook', $book);
 $tmpl->printPage();
 ?>
diff --git a/apps/contacts/ajax/createaddressbook.php b/apps/contacts/ajax/createaddressbook.php
index af7c19eef51..4a256458ca0 100644
--- a/apps/contacts/ajax/createaddressbook.php
+++ b/apps/contacts/ajax/createaddressbook.php
@@ -33,7 +33,7 @@ if(!OC_Contacts_Addressbook::setActive($bookid, 1)) {
 }
 $addressbook = OC_Contacts_App::getAddressbook($bookid);
 $tmpl = new OCP\Template('contacts', 'part.chooseaddressbook.rowfields');
-$tmpl->assign('addressbook', $addressbook);
+$tmpl->assignHTML('addressbook', $addressbook);
 OCP\JSON::success(array(
 	'page' => $tmpl->fetchPage(),
 	'addressbook' => $addressbook,
diff --git a/apps/contacts/ajax/editaddressbook.php b/apps/contacts/ajax/editaddressbook.php
index 7a9b757ae0d..18ddfef6dd6 100644
--- a/apps/contacts/ajax/editaddressbook.php
+++ b/apps/contacts/ajax/editaddressbook.php
@@ -11,7 +11,7 @@ OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('contacts');
 $addressbook = OC_Contacts_App::getAddressbook($_GET['bookid']);
 $tmpl = new OCP\Template("contacts", "part.editaddressbook");
-$tmpl->assign('new', false);
-$tmpl->assign('addressbook', $addressbook);
+$tmpl->assignHTML('new', false);
+$tmpl->assignHTML('addressbook', $addressbook);
 $tmpl->printPage();
 ?>
diff --git a/apps/contacts/ajax/loadcard.php b/apps/contacts/ajax/loadcard.php
index fbb831f4a12..a07120a33f2 100644
--- a/apps/contacts/ajax/loadcard.php
+++ b/apps/contacts/ajax/loadcard.php
@@ -36,12 +36,12 @@ $phone_types = OC_Contacts_App::getTypesOfProperty('TEL');
 $email_types = OC_Contacts_App::getTypesOfProperty('EMAIL');
 
 $tmpl = new OCP\Template('contacts','part.contact');
-$tmpl->assign('uploadMaxFilesize', $maxUploadFilesize);
-$tmpl->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
-$tmpl->assign('adr_types',$adr_types);
-$tmpl->assign('phone_types',$phone_types);
-$tmpl->assign('email_types',$email_types);
-$tmpl->assign('id','');
+$tmpl->assignHTML('uploadMaxFilesize', $maxUploadFilesize);
+$tmpl->assignHTML('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
+$tmpl->assignHTML('adr_types',$adr_types);
+$tmpl->assignHTML('phone_types',$phone_types);
+$tmpl->assignHTML('email_types',$email_types);
+$tmpl->assignHTML('id','');
 $page = $tmpl->fetchPage();
 
 OCP\JSON::success(array('data' => array( 'page' => $page )));
diff --git a/apps/contacts/index.php b/apps/contacts/index.php
index 74b7c43c556..865a0cc35f7 100644
--- a/apps/contacts/index.php
+++ b/apps/contacts/index.php
@@ -59,16 +59,16 @@ OCP\Util::addStyle('contacts','jquery.Jcrop');
 OCP\Util::addStyle('contacts','contacts');
 
 $tmpl = new OCP\Template( "contacts", "index", "user" );
-$tmpl->assign('uploadMaxFilesize', $maxUploadFilesize);
-$tmpl->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
-$tmpl->assign('property_types', $property_types);
-$tmpl->assign('phone_types', $phone_types);
-$tmpl->assign('email_types', $email_types);
-$tmpl->assign('categories', $categories);
-$tmpl->assign('addressbooks', $addressbooks);
-$tmpl->assign('contacts', $contacts);
-$tmpl->assign('details', $details );
-$tmpl->assign('id',$id);
+$tmpl->assignHTML('uploadMaxFilesize', $maxUploadFilesize);
+$tmpl->assignHTML('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
+$tmpl->assignHTML('property_types', $property_types);
+$tmpl->assignHTML('phone_types', $phone_types);
+$tmpl->assignHTML('email_types', $email_types);
+$tmpl->assignHTML('categories', $categories);
+$tmpl->assignHTML('addressbooks', $addressbooks);
+$tmpl->assignHTML('contacts', $contacts);
+$tmpl->assignHTML('details', $details );
+$tmpl->assignHTML('id',$id);
 $tmpl->printPage();
 
 ?>
diff --git a/apps/contacts/templates/part.chooseaddressbook.php b/apps/contacts/templates/part.chooseaddressbook.php
index a0ec053ab91..74fab99010b 100644
--- a/apps/contacts/templates/part.chooseaddressbook.php
+++ b/apps/contacts/templates/part.chooseaddressbook.php
@@ -5,8 +5,8 @@ $option_addressbooks = OC_Contacts_Addressbook::all(OCP\USER::getUser());
 for($i = 0; $i < count($option_addressbooks); $i++){
 	echo "<tr>";
 	$tmpl = new OCP\Template('contacts', 'part.chooseaddressbook.rowfields');
-	$tmpl->assign('addressbook', $option_addressbooks[$i]);
-	$tmpl->assign('active', OC_Contacts_Addressbook::isActive($option_addressbooks[$i]['id']));
+	$tmpl->assignHTML('addressbook', $option_addressbooks[$i]);
+	$tmpl->assignHTML('active', OC_Contacts_Addressbook::isActive($option_addressbooks[$i]['id']));
 	$tmpl->printpage();
 	echo "</tr>";
 }
diff --git a/apps/files/admin.php b/apps/files/admin.php
index d05eb7267b7..5534c5545ed 100644
--- a/apps/files/admin.php
+++ b/apps/files/admin.php
@@ -54,9 +54,9 @@ OCP\App::setActiveNavigationEntry( "files_administration" );
 $htaccessWritable=is_writable(OC::$SERVERROOT.'/.htaccess');
 
 $tmpl = new OCP\Template( 'files', 'admin' );
-$tmpl->assign( 'uploadChangable', $htaccessWorking and $htaccessWritable );
-$tmpl->assign( 'uploadMaxFilesize', $maxUploadFilesize);
-$tmpl->assign( 'maxPossibleUploadSize', OCP\Util::humanFileSize(PHP_INT_MAX));
-$tmpl->assign( 'allowZipDownload', $allowZipDownload);
-$tmpl->assign( 'maxZipInputSize', $maxZipInputSize);
+$tmpl->assignHTML( 'uploadChangable', $htaccessWorking and $htaccessWritable );
+$tmpl->assignHTML( 'uploadMaxFilesize', $maxUploadFilesize);
+$tmpl->assignHTML( 'maxPossibleUploadSize', OCP\Util::humanFileSize(PHP_INT_MAX));
+$tmpl->assignHTML( 'allowZipDownload', $allowZipDownload);
+$tmpl->assignHTML( 'maxZipInputSize', $maxZipInputSize);
 return $tmpl->fetchPage();
\ No newline at end of file
diff --git a/apps/files/index.php b/apps/files/index.php
index 60a3836cb59..8f98f34794a 100644
--- a/apps/files/index.php
+++ b/apps/files/index.php
@@ -73,12 +73,12 @@ foreach( explode( '/', $dir ) as $i ){
 
 // make breadcrumb und filelist markup
 $list = new OCP\Template( 'files', 'part.list', '' );
-$list->assign( 'files', $files );
-$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
-$list->assign( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file=');
+$list->assignHTML( 'files', $files );
+$list->assignHTML( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
+$list->assignHTML( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file=');
 $breadcrumbNav = new OCP\Template( 'files', 'part.breadcrumb', '' );
-$breadcrumbNav->assign( 'breadcrumb', $breadcrumb );
-$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
+$breadcrumbNav->assignHTML( 'breadcrumb', $breadcrumb );
+$breadcrumbNav->assignHTML( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
 
 $upload_max_filesize = OCP\Util::computerFileSize(ini_get('upload_max_filesize'));
 $post_max_size = OCP\Util::computerFileSize(ini_get('post_max_size'));
@@ -89,14 +89,14 @@ $freeSpace=max($freeSpace,0);
 $maxUploadFilesize = min($maxUploadFilesize ,$freeSpace);
 
 $tmpl = new OCP\Template( 'files', 'index', 'user' );
-$tmpl->assign( 'fileList', $list->fetchPage() );
-$tmpl->assign( 'breadcrumb', $breadcrumbNav->fetchPage() );
-$tmpl->assign( 'dir', $dir);
-$tmpl->assign( 'readonly', !OC_Filesystem::is_writable($dir.'/'));
-$tmpl->assign( 'files', $files );
-$tmpl->assign( 'uploadMaxFilesize', $maxUploadFilesize);
-$tmpl->assign( 'uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
-$tmpl->assign( 'allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true)));
+$tmpl->assignHTML( 'fileList', $list->fetchPage() );
+$tmpl->assignHTML( 'breadcrumb', $breadcrumbNav->fetchPage() );
+$tmpl->assignHTML( 'dir', $dir);
+$tmpl->assignHTML( 'readonly', !OC_Filesystem::is_writable($dir.'/'));
+$tmpl->assignHTML( 'files', $files );
+$tmpl->assignHTML( 'uploadMaxFilesize', $maxUploadFilesize);
+$tmpl->assignHTML( 'uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
+$tmpl->assignHTML( 'allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true)));
 $tmpl->printPage();
 
 ?>
diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index 78bc5b46566..d2404a80aa5 100644
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -186,7 +186,7 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
 		if(!$this->configured) {
 			return array();
 		}
-		if(empty($this->_groups)) {
+		if(is_null($this->_groups)) {
 			$ldap_groups = OC_LDAP::fetchListOfGroups($this->ldapGroupFilter, array(OC_LDAP::conf('ldapGroupDisplayName'), 'dn'));
 			$this->_groups = OC_LDAP::ownCloudGroupNames($ldap_groups);
 		}
diff --git a/lib/template.php b/lib/template.php
index 14833a1e5b5..5230ad031fb 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -156,9 +156,11 @@ class OC_Template{
 		$this->application = $app;
 		$this->vars = array();
 		$this->l10n = OC_L10N::get($app);
-                header('X-Frame-Options: Sameorigin');
-                header('X-XSS-Protection: 1; mode=block');
-                header('X-Content-Type-Options: nosniff');
+        
+        // Some security settings
+        header('X-Frame-Options: Sameorigin');
+        header('X-XSS-Protection: 1; mode=block');
+        header('X-Content-Type-Options: nosniff');
  
 		$this->findTemplate($name);
 	}
@@ -256,7 +258,7 @@ class OC_Template{
 	}
 
 	/**
-	 * @brief Assign variables
+	 * @brief Assign variables and sanitizes the data
 	 * @param $key key
 	 * @param $value value
 	 * @returns true
@@ -267,6 +269,23 @@ class OC_Template{
 	 * If the key existed before, it will be overwritten
 	 */
 	public function assign( $key, $value ){
+		$this->vars[$key] = htmlentities($value);
+		return true;
+	}
+
+
+	/**
+	 * @brief Assign variables
+	 * @param $key key
+	 * @param $value value
+	 * @returns true
+	 *
+	 * This function assigns a variable. It can be accessed via $_[$key] in
+	 * the template.
+	 *
+	 * If the key existed before, it will be overwritten
+	 */
+	public function assignHTML( $key, $value ){
 		$this->vars[$key] = $value;
 		return true;
 	}
@@ -354,20 +373,20 @@ class OC_Template{
 			// Decide which page we show
 			if( $this->renderas == "user" ){
 				$page = new OC_Template( "core", "layout.user" );
-				$page->assign('searchurl',OC_Helper::linkTo( 'search', 'index.php' ));
+				$page->assignHTML('searchurl',OC_Helper::linkTo( 'search', 'index.php' ));
 				if(array_search(OC_APP::getCurrentApp(),array('settings','admin','help'))!==false){
-					$page->assign('bodyid','body-settings');
+					$page->assignHTML('bodyid','body-settings');
 				}else{
-					$page->assign('bodyid','body-user');
+					$page->assignHTML('bodyid','body-user');
 				}
 
 				// Add navigation entry
 				$navigation = OC_App::getNavigation();
-				$page->assign( "navigation", $navigation);
-				$page->assign( "settingsnavigation", OC_App::getSettingsNavigation());
+				$page->assignHTML( "navigation", $navigation);
+				$page->assignHTML( "settingsnavigation", OC_App::getSettingsNavigation());
 				foreach($navigation as $entry) {
 					if ($entry['active']) {
-						$page->assign( 'application', $entry['name'] );
+						$page->assignHTML( 'application', $entry['name'] );
 						break;
 					}
 				}
@@ -381,7 +400,7 @@ class OC_Template{
 			// Read the detected formfactor and use the right file name.
 			$fext = self::getFormFactorExtension();
 
-			$page->assign('jsfiles', array());
+			$page->assignHTML('jsfiles', array());
 			// Add the core js files or the js files provided by the selected theme
 			foreach(OC_Util::$scripts as $script){
 				// Is it in 3rd party?
@@ -418,7 +437,7 @@ class OC_Template{
 				}
 			}
 			// Add the css files
-			$page->assign('cssfiles', array());
+			$page->assignHTML('cssfiles', array());
 			foreach(OC_Util::$styles as $style){
 				// is it in 3rdparty?
                                 if($page->appendIfExist('cssfiles', OC::$THIRDPARTYROOT, OC::$THIRDPARTYWEBROOT, $style.'.css')) {
@@ -456,13 +475,13 @@ class OC_Template{
 			}
 
 			// Add custom headers
-			$page->assign('headers',$this->headers);
+			$page->assignHTML('headers',$this->headers);
 			foreach(OC_Util::$headers as $header){
 				$page->append('headers',$header);
 			}
 
 			// Add css files and js files
-			$page->assign( "content", $data );
+			$page->assignHTML( "content", $data );
 			return $page->fetchPage();
 		}
 		else{