From 92b8f3238658782e6eb5a4285185a8fae6665f05 Mon Sep 17 00:00:00 2001
From: Georg Ehrke <ownclouddev@georgswebsite.de>
Date: Thu, 2 Feb 2012 15:01:05 +0100
Subject: [PATCH] Calendar: Bugfix: better input validation

---
 apps/calendar/ajax/createcalendar.php      | 2 +-
 apps/calendar/ajax/events.php              | 4 ++--
 apps/calendar/ajax/updatecalendar.php      | 2 +-
 apps/calendar/js/calendar.js               | 1 +
 apps/calendar/templates/part.eventform.php | 6 +++---
 5 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/apps/calendar/ajax/createcalendar.php b/apps/calendar/ajax/createcalendar.php
index b719b207c74..08bf7b4ee49 100644
--- a/apps/calendar/ajax/createcalendar.php
+++ b/apps/calendar/ajax/createcalendar.php
@@ -25,7 +25,7 @@ foreach($calendars as $cal){
 }
 
 $userid = OC_User::getUser();
-$calendarid = OC_Calendar_Calendar::addCalendar($userid, $_POST['name'], 'VEVENT,VTODO,VJOURNAL', null, 0, $_POST['color']);
+$calendarid = OC_Calendar_Calendar::addCalendar($userid, htmlspecialchars($_POST['name']), 'VEVENT,VTODO,VJOURNAL', null, 0, $_POST['color']);
 OC_Calendar_Calendar::setCalendarActive($calendarid, 1);
 
 $calendar = OC_Calendar_Calendar::find($calendarid);
diff --git a/apps/calendar/ajax/events.php b/apps/calendar/ajax/events.php
index 998991c2fb4..75fac6838d7 100644
--- a/apps/calendar/ajax/events.php
+++ b/apps/calendar/ajax/events.php
@@ -11,8 +11,8 @@ require_once('../../../3rdparty/when/When.php');
 
 function addoutput($event, $vevent, $return_event){
 	$return_event['id'] = (int)$event['id'];
-	$return_event['title'] = $event['summary'];
-	$return_event['description'] = isset($vevent->DESCRIPTION)?$vevent->DESCRIPTION->value:'';
+	$return_event['title'] = htmlspecialchars($event['summary']);
+	$return_event['description'] = isset($vevent->DESCRIPTION)?htmlspecialchars($vevent->DESCRIPTION->value):'';
 	$last_modified = $vevent->__get('LAST-MODIFIED');
 	if ($last_modified){
 		$lastmodified = $last_modified->getDateTime()->format('U');
diff --git a/apps/calendar/ajax/updatecalendar.php b/apps/calendar/ajax/updatecalendar.php
index 269b7b7ca06..90dafd35b68 100644
--- a/apps/calendar/ajax/updatecalendar.php
+++ b/apps/calendar/ajax/updatecalendar.php
@@ -26,7 +26,7 @@ foreach($calendars as $cal){
 
 $calendarid = $_POST['id'];
 $calendar = OC_Calendar_App::getCalendar($calendarid);//access check
-OC_Calendar_Calendar::editCalendar($calendarid, $_POST['name'], null, null, null, $_POST['color']);
+OC_Calendar_Calendar::editCalendar($calendarid, htmlspecialchars($_POST['name']), null, null, null, $_POST['color']);
 OC_Calendar_Calendar::setCalendarActive($calendarid, $_POST['active']);
 
 $calendar = OC_Calendar_App::getCalendar($calendarid);
diff --git a/apps/calendar/js/calendar.js b/apps/calendar/js/calendar.js
index afd1b692dd4..64c029404cb 100644
--- a/apps/calendar/js/calendar.js
+++ b/apps/calendar/js/calendar.js
@@ -698,6 +698,7 @@ $(document).ready(function(){
 		eventDrop: Calendar.UI.moveEvent,
 		eventResize: Calendar.UI.resizeEvent,
 		eventRender: function(event, element) {
+			element.find('span.fc-event-title').html(element.find('span.fc-event-title').text());
 			element.tipsy({
 				className: 'tipsy-event',
 				opacity: 0.9,
diff --git a/apps/calendar/templates/part.eventform.php b/apps/calendar/templates/part.eventform.php
index 1f2073f4bc7..49214aca77c 100644
--- a/apps/calendar/templates/part.eventform.php
+++ b/apps/calendar/templates/part.eventform.php
@@ -2,7 +2,7 @@
 		<tr>
 			<th width="75px"><?php echo $l->t("Title");?>:</th>
 			<td>
-				<input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Title of the Event");?>" value="<?php echo isset($_['title']) ? $_['title'] : '' ?>" maxlength="100" name="title"/>
+				<input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Title of the Event");?>" value="<?php echo isset($_['title']) ? htmlspecialchars($_['title']) : '' ?>" maxlength="100" name="title"/>
 			</td>
 		</tr>
 	</table>
@@ -207,7 +207,7 @@
 			<tr>
 				<th width="85px"><?php echo $l->t("Location");?>:</th>
 				<td>
-					<input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Location of the Event");?>" value="<?php echo isset($_['location']) ? $_['location'] : '' ?>" maxlength="100"  name="location" />
+					<input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Location of the Event");?>" value="<?php echo isset($_['location']) ? htmlspecialchars($_['location']) : '' ?>" maxlength="100"  name="location" />
 				</td>
 			</tr>
 		</table>
@@ -215,7 +215,7 @@
 			<tr>
 				<th width="85px" style="vertical-align: top;"><?php echo $l->t("Description");?>:</th>
 				<td>
-					<textarea style="width:350px;height: 150px;" placeholder="<?php echo $l->t("Description of the Event");?>" name="description"><?php echo isset($_['description']) ? $_['description'] : '' ?></textarea>
+					<textarea style="width:350px;height: 150px;" placeholder="<?php echo $l->t("Description of the Event");?>" name="description"><?php echo isset($_['description']) ? htmlspecialchars($_['description']) : '' ?></textarea>
 				</td>
 			</tr>
 		</table>
-- 
2.39.5