Add phpdoc, typehints and sanitize HTML

Signed-off-by: Julius Härtl <jus@bitgrid.net>

3 files changed, 96 insertions, 11 deletions

diff --git a/apps/files_sharing/lib/Template/ExternalShareMenuAction.php b/apps/files_sharing/lib/Template/ExternalShareMenuAction.php
index a81712cb591..f548a3bc6f1 100644
--- a/apps/files_sharing/lib/Template/ExternalShareMenuAction.php
+++ b/apps/files_sharing/lib/Template/ExternalShareMenuAction.php
@@ -28,11 +28,25 @@ use OCP\Util;
 
 class ExternalShareMenuAction extends SimpleMenuAction {
 
+	/** @var string */
 	private $owner;
+
+	/** @var string */
 	private $displayname;
+
+	/** @var string */
 	private $shareName;
 
-	public function __construct($label, $icon, $owner, $displayname, $shareName) {
+	/**
+	 * ExternalShareMenuAction constructor.
+	 *
+	 * @param string $label
+	 * @param string $icon
+	 * @param string $owner
+	 * @param string $displayname
+	 * @param string $shareName
+	 */
+	public function __construct(string $label, string $icon, string $owner, string $displayname, string $shareName) {
 		parent::__construct('save', $label, $icon);
 		$this->owner = $owner;
 		$this->displayname = $displayname;
diff --git a/apps/files_sharing/lib/Template/LinkMenuAction.php b/apps/files_sharing/lib/Template/LinkMenuAction.php
index af5fda94455..b75d8c2f790 100644
--- a/apps/files_sharing/lib/Template/LinkMenuAction.php
+++ b/apps/files_sharing/lib/Template/LinkMenuAction.php
@@ -24,23 +24,30 @@
 namespace OCA\Files_Sharing\Template;
 
 use OCP\AppFramework\Http\Template\SimpleMenuAction;
+use OCP\Util;
 
 class LinkMenuAction extends SimpleMenuAction {
 
-	public function __construct($label, $icon, $link) {
+	/**
+	 * LinkMenuAction constructor.
+	 *
+	 * @param string $label
+	 * @param string $icon
+	 * @param string $link
+	 */
+	public function __construct(string $label, string $icon, string $link) {
 		parent::__construct('directLink-container', $label, $icon, $link);
 	}
 
 	/**
-	 * @since 14.0.0
 	 * @return string
 	 */
 	public function render(): string {
 		return '<li>' .
 			'<a id="directLink-container">' .
-			'<span class="icon ' . $this->getIcon() . '"></span>' .
-			'<label for="directLink">' . $this->getLabel() . '</label>' .
-			'<input id="directLink" type="text" readonly="" value="' . $this->getLink() . '">' .
+			'<span class="icon ' . Util::sanitizeHTML($this->getIcon()) . '"></span>' .
+			'<label for="directLink">' . Util::sanitizeHTML($this->getLabel()) . '</label>' .
+			'<input id="directLink" type="text" readonly="" value="' . Util::sanitizeHTML($this->getLink()) . '">' .
 			'</a>' .
 			'</li>';
 	}
diff --git a/lib/public/AppFramework/Http/Template/SimpleMenuAction.php b/lib/public/AppFramework/Http/Template/SimpleMenuAction.php
index c5cbd9a032c..087887eed51 100644
--- a/lib/public/AppFramework/Http/Template/SimpleMenuAction.php
+++ b/lib/public/AppFramework/Http/Template/SimpleMenuAction.php
@@ -23,18 +23,43 @@
 
 namespace OCP\AppFramework\Http\Template;
 
-use OCP\AppFramework\Http\Template\IMenuAction;
-use Twig_Environment;
+use OCP\Util;
 
+/**
+ * Class SimpleMenuAction
+ *
+ * @package OCP\AppFramework\Http\Template
+ */
 class SimpleMenuAction implements IMenuAction {
 
+	/** @var string */
 	private $id;
+
+	/** @var string */
 	private $label;
+
+	/** @var string */
 	private $icon;
+
+	/** @var string */
 	private $link;
-	private $priority = 100;
+
+	/** @var int */
+	private $priority;
+
+	/** @var string */
 	private $detail;
 
+	/**
+	 * SimpleMenuAction constructor.
+	 *
+	 * @param string $id
+	 * @param string $label
+	 * @param string $icon
+	 * @param string $link
+	 * @param int $priority
+	 * @param string $detail
+	 */
 	public function __construct(string $id, string $label, string $icon, string $link = '', int $priority = 100, string $detail = '') {
 		$this->id = $id;
 		$this->label = $label;
@@ -44,53 +69,92 @@ class SimpleMenuAction implements IMenuAction {
 		$this->detail = $detail;
 	}
 
+	/**
+	 * @param string $id
+	 */
 	public function setId(string $id) {
 		$this->id = $id;
 	}
 
+	/**
+	 * @param string $label
+	 */
 	public function setLabel(string $label) {
 		$this->label = $label;
 	}
 
+	/**
+	 * @param string $detail
+	 */
 	public function setDetail(string $detail) {
 		$this->detail = $detail;
 	}
 
+	/**
+	 * @param string $icon
+	 */
 	public function setIcon(string $icon) {
 		$this->icon = $icon;
 	}
 
+	/**
+	 * @param string $link
+	 */
 	public function setLink(string $link) {
 		$this->link = $link;
 	}
 
+	/**
+	 * @param int $priority
+	 */
 	public function setPriority(int $priority) {
 		$this->priority = $priority;
 	}
 
+	/**
+	 * @return string
+	 */
 	public function getId(): string {
 		return $this->id;
 	}
 
+	/**
+	 * @return string
+	 */
 	public function getLabel(): string {
 		return $this->label;
 	}
 
+	/**
+	 * @return string
+	 */
 	public function getIcon(): string {
 		return $this->icon;
 	}
 
+	/**
+	 * @return string
+	 */
 	public function getLink(): string {
 		return $this->link;
 	}
 
+	/**
+	 * @return int
+	 */
 	public function getPriority(): int {
 		return $this->priority;
 	}
 
+	/**
+	 * @return string
+	 */
 	public function render(): string {
-		$detailContent = ($this->detail !== '') ? '&nbsp;<span class="download-size">(' . $this->detail . ')</span>' : '';
-		return sprintf('<li><a href="%s"><span class="icon %s"></span>%s %s</a></li>', $this->link, $this->icon, $this->label, $detailContent);
+		$detailContent = ($this->detail !== '') ? '&nbsp;<span class="download-size">(' . Util::sanitizeHTML($this->detail) . ')</span>' : '';
+		return sprintf(
+			'<li><a href="%s"><span class="icon %s"></span>%s %s</a></li>',
+			Util::sanitizeHTML($this->link), Util::sanitizeHTML($this->icon), Util::sanitizeHTML($this->label), Util::sanitizeHTML($detailContent)
+		);
 	}
 
 }
\ No newline at end of file