@@ -54,9 +54,9 @@ OCP\Util::addscript('contacts','jquery.multi-autocomplete'); | |||
OCP\Util::addscript('','oc-vcategories'); | |||
OCP\App::setActiveNavigationEntry('calendar_index'); | |||
$tmpl = new OCP\Template('calendar', 'calendar', 'user'); | |||
$tmpl->assign('eventSources', $eventSources); | |||
$tmpl->assign('eventSources', $eventSources,false); | |||
$tmpl->assign('categories', $categories); | |||
if(array_key_exists('showevent', $_GET)){ | |||
$tmpl->assign('showevent', $_GET['showevent']); | |||
$tmpl->assign('showevent', $_GET['showevent'], false); | |||
} | |||
$tmpl->printPage(); |
@@ -82,6 +82,7 @@ if(is_array($value)) { | |||
$value = strip_tags($value); | |||
} | |||
/* preprocessing value */ | |||
switch($name) { | |||
case 'BDAY': | |||
$date = New DateTime($value); | |||
@@ -94,6 +95,8 @@ switch($name) { | |||
case 'N': | |||
case 'ORG': | |||
case 'NOTE': | |||
$value = str_replace('\n', ' \\n', $value); | |||
break; | |||
case 'NICKNAME': | |||
// TODO: Escape commas and semicolons. | |||
break; | |||
@@ -105,8 +108,14 @@ switch($name) { | |||
break; | |||
} | |||
$property = $vcard->addProperty($name, $value); //, $parameters); | |||
switch($name) { | |||
case 'NOTE': | |||
$vcard->setString('NOTE', $value); | |||
break; | |||
default: | |||
$property = $vcard->addProperty($name, $value); //, $parameters); | |||
break; | |||
} | |||
$line = count($vcard->children) - 1; | |||
@@ -8,5 +8,5 @@ | |||
} | |||
} | |||
?> | |||
<li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo htmlspecialchars($display); ?></a></li> | |||
<li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo $display; ?></a></li> | |||
<?php endforeach; ?> |
@@ -38,7 +38,7 @@ foreach( OC_Files::getdirectorycontent( $dir ) as $i ){ | |||
} | |||
$list = new OCP\Template( "files", "part.list", "" ); | |||
$list->assign( "files", $files ); | |||
$list->assign( "files", $files, false ); | |||
$data = array('files' => $list->fetchPage()); | |||
OCP\JSON::success(array('data' => $data)); |
@@ -73,12 +73,12 @@ foreach( explode( '/', $dir ) as $i ){ | |||
// make breadcrumb und filelist markup | |||
$list = new OCP\Template( 'files', 'part.list', '' ); | |||
$list->assign( 'files', $files ); | |||
$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir='); | |||
$list->assign( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file='); | |||
$list->assign( 'files', $files, false ); | |||
$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=', false); | |||
$list->assign( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file=', false); | |||
$breadcrumbNav = new OCP\Template( 'files', 'part.breadcrumb', '' ); | |||
$breadcrumbNav->assign( 'breadcrumb', $breadcrumb ); | |||
$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir='); | |||
$breadcrumbNav->assign( 'breadcrumb', $breadcrumb, false ); | |||
$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=', false); | |||
$upload_max_filesize = OCP\Util::computerFileSize(ini_get('upload_max_filesize')); | |||
$post_max_size = OCP\Util::computerFileSize(ini_get('post_max_size')); | |||
@@ -89,8 +89,8 @@ $freeSpace=max($freeSpace,0); | |||
$maxUploadFilesize = min($maxUploadFilesize ,$freeSpace); | |||
$tmpl = new OCP\Template( 'files', 'index', 'user' ); | |||
$tmpl->assign( 'fileList', $list->fetchPage() ); | |||
$tmpl->assign( 'breadcrumb', $breadcrumbNav->fetchPage() ); | |||
$tmpl->assign( 'fileList', $list->fetchPage(), false ); | |||
$tmpl->assign( 'breadcrumb', $breadcrumbNav->fetchPage(), false ); | |||
$tmpl->assign( 'dir', $dir); | |||
$tmpl->assign( 'readonly', !OC_Filesystem::is_writable($dir.'/')); | |||
$tmpl->assign( 'files', $files ); |
@@ -141,7 +141,7 @@ class TileStack extends TileBase { | |||
} | |||
public function get() { | |||
$r = '<div class="title gallery_div">'.htmlentities($this->stack_name).'</div>'; | |||
$r = '<div class="title gallery_div">'.$this->stack_name.'</div>'; | |||
for ($i = 0; $i < count($this->tiles_array); $i++) { | |||
$top = rand(-5, 5); | |||
$left = rand(-5, 5); | |||
@@ -168,7 +168,7 @@ class TileStack extends TileBase { | |||
} | |||
public function getOnClickAction() { | |||
return 'javascript:openNewGal(\''.htmlentities($this->stack_name).'\');'; | |||
return 'javascript:openNewGal(\''.$this->stack_name.'\');'; | |||
} | |||
private $tiles_array; |
@@ -186,7 +186,7 @@ class OC_GROUP_LDAP extends OC_Group_Backend { | |||
if(!$this->configured) { | |||
return array(); | |||
} | |||
if(is_null($this->_groups)) { | |||
if(empty($this->_groups)) { | |||
$ldap_groups = OC_LDAP::fetchListOfGroups($this->ldapGroupFilter, array(OC_LDAP::conf('ldapGroupDisplayName'), 'dn')); | |||
$this->_groups = OC_LDAP::ownCloudGroupNames($ldap_groups); | |||
} |
@@ -20,7 +20,7 @@ | |||
* License along with this library. If not, see <http://www.gnu.org/licenses/>. | |||
* | |||
*/ | |||
$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_agent_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute'); | |||
$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_agent_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_group_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute'); | |||
OCP\Util::addscript('user_ldap', 'settings'); | |||
@@ -47,13 +47,14 @@ if ($_POST) { | |||
// fill template | |||
$tmpl = new OCP\Template( 'user_ldap', 'settings'); | |||
foreach($params as $param){ | |||
$value = htmlentities(OCP\Config::getAppValue('user_ldap', $param,'')); | |||
$value = OCP\Config::getAppValue('user_ldap', $param,''); | |||
$tmpl->assign($param, $value); | |||
} | |||
// settings with default values | |||
$tmpl->assign( 'ldap_port', OCP\Config::getAppValue('user_ldap', 'ldap_port', '389')); | |||
$tmpl->assign( 'ldap_display_name', OCP\Config::getAppValue('user_ldap', 'ldap_display_name', 'uid')); | |||
$tmpl->assign( 'ldap_group_display_name', OCP\Config::getAppValue('user_ldap', 'ldap_group_display_name', 'cn')); | |||
$tmpl->assign( 'ldap_group_member_assoc_attribute', OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember')); | |||
$tmpl->assign( 'ldap_agent_password', base64_decode(OCP\Config::getAppValue('user_ldap', 'ldap_agent_password'))); | |||
@@ -22,6 +22,7 @@ | |||
<p><input type="checkbox" id="ldap_nocase" name="ldap_nocase" value="1"<?php if (isset($_['ldap_nocase']) && ($_['ldap_nocase'])) echo ' checked'; ?>><label for="ldap_nocase"><?php echo $l->t('Case insensitve LDAP server (Windows)');?></label></p> | |||
<p><label for="ldap_display_name"><?php echo $l->t('Display Name Field');?></label><input type="text" id="ldap_display_name" name="ldap_display_name" value="<?php echo $_['ldap_display_name']; ?>" /> | |||
<small><?php echo $l->t('Currently the display name field needs to be the same you matched %%uid against in the filter above, because ownCloud doesn\'t distinguish between user id and user name.');?></small></p> | |||
<p><label for="ldap_group_display_name"><?php echo $l->t('Group Display Name Field');?></label><input type="text" id="ldap_group_display_name" name="ldap_group_display_name" value="<?php echo $_['ldap_group_display_name']; ?>" /></p> | |||
<p><label for="ldap_quota_attr">Quota Attribute</label><input type="text" id="ldap_quota_attr" name="ldap_quota_attr" value="<?php echo $_['ldap_quota_attr']; ?>" /> | |||
<label for="ldap_quota_def">Quota Default</label><input type="text" id="ldap_quota_def" name="ldap_quota_def" value="<?php if (isset($_['ldap_quota_def'])) echo $_['ldap_quota_def']; ?>" />bytes</p> | |||
<p><label for="ldap_email_attr">Email Attribute</label><input type="text" id="ldap_email_attr" name="ldap_email_attr" value="<?php echo $_['ldap_email_attr']; ?>" /></p> |
@@ -1,7 +1,7 @@ | |||
<!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]--> | |||
<form action="index.php" method="post"> | |||
<fieldset> | |||
<?php if(!empty($_['redirect'])) { echo '<input type="hidden" name="redirect_url" value="'.htmlentities($_['redirect']).'" />'; } ?> | |||
<?php if(!empty($_['redirect'])) { echo '<input type="hidden" name="redirect_url" value="'.$_['redirect'].'" />'; } ?> | |||
<?php if($_['error']): ?> | |||
<a href="./core/lostpassword/"><?php echo $l->t('Lost your password?'); ?></a> | |||
<?php endif; ?> |
@@ -112,6 +112,7 @@ elseif(OC_User::isLoggedIn()) { | |||
if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"])) { | |||
//OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG); | |||
OC_User::unsetMagicInCookie(); | |||
$_REQUEST['redirect_url'] = (isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:''); | |||
OC_Util::redirectToDefaultPage(); | |||
}else{ | |||
$error = true; |
@@ -286,10 +286,8 @@ class OC_Template{ | |||
* This function is internally used to sanitize HTML. | |||
*/ | |||
private static function sanitizeHTML( &$value ){ | |||
if(is_string($value)) { | |||
$value = htmlentities( $value, ENT_QUOTES ); | |||
return $value; | |||
} | |||
$value = htmlentities( $value ); | |||
return $value; | |||
} | |||
/** | |||
@@ -528,13 +526,13 @@ class OC_Template{ | |||
$_ = array_merge( $additionalparams, $this->vars ); | |||
} | |||
// Einbinden | |||
// Include | |||
ob_start(); | |||
include( $this->path.$file.'.php' ); | |||
$data = ob_get_contents(); | |||
@ob_end_clean(); | |||
// Daten zurückgeben | |||
// Return data | |||
return $data; | |||
} | |||
@@ -548,7 +546,7 @@ class OC_Template{ | |||
public static function printUserPage( $application, $name, $parameters = array() ){ | |||
$content = new OC_Template( $application, $name, "user" ); | |||
foreach( $parameters as $key => $value ){ | |||
$content->assign( $key, $value ); | |||
$content->assign( $key, $value, false ); | |||
} | |||
print $content->printPage(); | |||
} | |||
@@ -563,7 +561,7 @@ class OC_Template{ | |||
public static function printAdminPage( $application, $name, $parameters = array() ){ | |||
$content = new OC_Template( $application, $name, "admin" ); | |||
foreach( $parameters as $key => $value ){ | |||
$content->assign( $key, $value ); | |||
$content->assign( $key, $value, false ); | |||
} | |||
return $content->printPage(); | |||
} | |||
@@ -578,7 +576,7 @@ class OC_Template{ | |||
public static function printGuestPage( $application, $name, $parameters = array() ){ | |||
$content = new OC_Template( $application, $name, "guest" ); | |||
foreach( $parameters as $key => $value ){ | |||
$content->assign( $key, $value ); | |||
$content->assign( $key, $value,false ); | |||
} | |||
return $content->printPage(); | |||
} |
@@ -332,7 +332,8 @@ class OC_Util { | |||
* Redirect to the user default page | |||
*/ | |||
public static function redirectToDefaultPage(){ | |||
if(isset($_REQUEST['redirect_url']) && substr($_REQUEST['redirect_url'], 0, strlen(OC::$WEBROOT)) == OC::$WEBROOT) { | |||
OC_Log::write('core','redirectToDefaultPage',OC_Log::DEBUG); | |||
if(isset($_REQUEST['redirect_url']) && (substr($_REQUEST['redirect_url'], 0, strlen(OC::$WEBROOT)) == OC::$WEBROOT || $_REQUEST['redirect_url'][0] == '/')) { | |||
header( 'Location: '.$_REQUEST['redirect_url']); | |||
} else { | |||
header( 'Location: '.OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files')); | |||
@@ -358,12 +359,30 @@ class OC_Util { | |||
* Todo: Write howto | |||
*/ | |||
public static function callRegister(){ | |||
//mamimum time before token exires | |||
$maxtime=(60*60); // 1 hour | |||
// generate a random token. | |||
$token=mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000); | |||
// store the token together with a timestamp in the session. | |||
$_SESSION['requesttoken-'.$token]=time(); | |||
// cleanup old tokens garbage collector | |||
// only run every 20th time so we don´t waste cpu cycles | |||
if(rand(0,20)==0) { | |||
foreach($_SESSION as $key=>$value) { | |||
// search all tokens in the session | |||
if(substr($key,0,12)=='requesttoken') { | |||
if($value+$maxtime<time()){ | |||
// remove outdated tokens | |||
unset($_SESSION[$key]); | |||
} | |||
} | |||
} | |||
} | |||
// return the token | |||
return($token); | |||
} |
@@ -22,7 +22,7 @@ function compareEntries($a,$b){ | |||
} | |||
usort($entries, 'compareEntries'); | |||
$tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 )); | |||
$tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 ), false); | |||
$tmpl->assign('entries',$entries); | |||
$tmpl->assign('forms',array()); | |||
foreach($forms as $form){ |
@@ -92,7 +92,7 @@ usort($apps, 'app_sort'); | |||
$tmpl = new OC_Template( "settings", "apps", "user" ); | |||
$tmpl->assign('apps',$apps); | |||
$tmpl->assign('apps',$apps, false); | |||
$tmpl->printPage(); | |||
@@ -29,7 +29,7 @@ $levels=array('Debug','Info','Warning','Error','Fatal'); | |||
<?php echo $entry->app;?> | |||
</td> | |||
<td> | |||
<?php echo htmlentities($entry->message);?> | |||
<?php echo $entry->message;?> | |||
</td> | |||
<td> | |||
<?php echo OC_Util::formatDate($entry->time);?> |
@@ -26,9 +26,9 @@ | |||
<?php foreach($_["kbe"] as $kb): ?> | |||
<div class="helpblock"> | |||
<?php if($kb["preview1"] <> "") { echo('<img class="preview" src="'.$kb["preview1"].'" />'); } ?> | |||
<?php if($kb['detailpage']<>'') echo('<p><a target="_blank" href="'.$kb['detailpage'].'"><strong>'.htmlentities($kb["name"]).'</strong></a></p>');?> | |||
<p><?php echo htmlentities($kb['description']);?></p> | |||
<?php if($kb['answer']<>'') echo('<p><strong>'.$l->t('Answer').':</strong><p>'.htmlentities($kb['answer']).'</p>');?> | |||
<?php if($kb['detailpage']<>'') echo('<p><a target="_blank" href="'.$kb['detailpage'].'"><strong>'.$kb["name"].'</strong></a></p>');?> | |||
<p><?php echo $kb['description'];?></p> | |||
<?php if($kb['answer']<>'') echo('<p><strong>'.$l->t('Answer').':</strong><p>'.$kb['answer'].'</p>');?> | |||
</div> | |||
<?php endforeach; | |||
endif?> |