summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Reschke <lukas@statuscode.ch>2012-06-11 19:07:51 +0200
committerLukas Reschke <lukas@statuscode.ch>2012-06-11 19:07:51 +0200
commit2b22c538c8cafafedb057947ff90abb5d219c903 (patch)
tree1082ac159bceb05207b36be26e0e4b53bcdf8bcb
parent6d68b7620cd38fda23d2d5dec73a80818035c38d (diff)
downloadnextcloud-server-2b22c538c8cafafedb057947ff90abb5d219c903.tar.gz
nextcloud-server-2b22c538c8cafafedb057947ff90abb5d219c903.zip
Make some apps compatible
Diffstat
-rw-r--r--apps/calendar/index.php4
-rw-r--r--apps/contacts/ajax/addproperty.php13
-rw-r--r--apps/contacts/templates/part.contacts.php2
-rw-r--r--apps/files/ajax/list.php2
-rw-r--r--apps/files/index.php14
-rw-r--r--apps/gallery/lib/tiles.php4
-rw-r--r--apps/user_ldap/group_ldap.php2
-rw-r--r--apps/user_ldap/settings.php5
-rw-r--r--apps/user_ldap/templates/settings.php1
-rw-r--r--core/templates/login.php2
-rwxr-xr-xindex.php1
-rw-r--r--lib/template.php16
-rwxr-xr-x[-rw-r--r--]lib/util.php21
-rw-r--r--settings/admin.php2
-rw-r--r--settings/apps.php2
-rw-r--r--settings/templates/admin.php2
-rw-r--r--settings/templates/help.php6
17 files changed, 64 insertions, 35 deletions
diff --git a/apps/calendar/index.php b/apps/calendar/index.php
index cf03a7a3cd3..05a808a5ae0 100644
--- a/apps/calendar/index.php
+++ b/apps/calendar/index.php
@@ -54,9 +54,9 @@ OCP\Util::addscript('contacts','jquery.multi-autocomplete');
OCP\Util::addscript('','oc-vcategories');
OCP\App::setActiveNavigationEntry('calendar_index');
$tmpl = new OCP\Template('calendar', 'calendar', 'user');
-$tmpl->assign('eventSources', $eventSources);
+$tmpl->assign('eventSources', $eventSources,false);
$tmpl->assign('categories', $categories);
if(array_key_exists('showevent', $_GET)){
- $tmpl->assign('showevent', $_GET['showevent']);
+ $tmpl->assign('showevent', $_GET['showevent'], false);
}
$tmpl->printPage();
diff --git a/apps/contacts/ajax/addproperty.php b/apps/contacts/ajax/addproperty.php
index 42b0c782035..94e09bac190 100644
--- a/apps/contacts/ajax/addproperty.php
+++ b/apps/contacts/ajax/addproperty.php
@@ -82,6 +82,7 @@ if(is_array($value)) {
$value = strip_tags($value);
}
+/* preprocessing value */
switch($name) {
case 'BDAY':
$date = New DateTime($value);
@@ -94,6 +95,8 @@ switch($name) {
case 'N':
case 'ORG':
case 'NOTE':
+ $value = str_replace('\n', ' \\n', $value);
+ break;
case 'NICKNAME':
// TODO: Escape commas and semicolons.
break;
@@ -105,8 +108,14 @@ switch($name) {
break;
}
-
-$property = $vcard->addProperty($name, $value); //, $parameters);
+switch($name) {
+ case 'NOTE':
+ $vcard->setString('NOTE', $value);
+ break;
+ default:
+ $property = $vcard->addProperty($name, $value); //, $parameters);
+ break;
+}
$line = count($vcard->children) - 1;
diff --git a/apps/contacts/templates/part.contacts.php b/apps/contacts/templates/part.contacts.php
index 57517505405..00a61f72fdd 100644
--- a/apps/contacts/templates/part.contacts.php
+++ b/apps/contacts/templates/part.contacts.php
@@ -8,5 +8,5 @@
}
}
?>
- <li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo htmlspecialchars($display); ?></a></li>
+ <li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo $display; ?></a></li>
<?php endforeach; ?>
diff --git a/apps/files/ajax/list.php b/apps/files/ajax/list.php
index ceb8d158580..f0600a179d0 100644
--- a/apps/files/ajax/list.php
+++ b/apps/files/ajax/list.php
@@ -38,7 +38,7 @@ foreach( OC_Files::getdirectorycontent( $dir ) as $i ){
}
$list = new OCP\Template( "files", "part.list", "" );
-$list->assign( "files", $files );
+$list->assign( "files", $files, false );
$data = array('files' => $list->fetchPage());
OCP\JSON::success(array('data' => $data));
diff --git a/apps/files/index.php b/apps/files/index.php
index 60a3836cb59..ed36c5edab0 100644
--- a/apps/files/index.php
+++ b/apps/files/index.php
@@ -73,12 +73,12 @@ foreach( explode( '/', $dir ) as $i ){
// make breadcrumb und filelist markup
$list = new OCP\Template( 'files', 'part.list', '' );
-$list->assign( 'files', $files );
-$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
-$list->assign( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file=');
+$list->assign( 'files', $files, false );
+$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=', false);
+$list->assign( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file=', false);
$breadcrumbNav = new OCP\Template( 'files', 'part.breadcrumb', '' );
-$breadcrumbNav->assign( 'breadcrumb', $breadcrumb );
-$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
+$breadcrumbNav->assign( 'breadcrumb', $breadcrumb, false );
+$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=', false);
$upload_max_filesize = OCP\Util::computerFileSize(ini_get('upload_max_filesize'));
$post_max_size = OCP\Util::computerFileSize(ini_get('post_max_size'));
@@ -89,8 +89,8 @@ $freeSpace=max($freeSpace,0);
$maxUploadFilesize = min($maxUploadFilesize ,$freeSpace);
$tmpl = new OCP\Template( 'files', 'index', 'user' );
-$tmpl->assign( 'fileList', $list->fetchPage() );
-$tmpl->assign( 'breadcrumb', $breadcrumbNav->fetchPage() );
+$tmpl->assign( 'fileList', $list->fetchPage(), false );
+$tmpl->assign( 'breadcrumb', $breadcrumbNav->fetchPage(), false );
$tmpl->assign( 'dir', $dir);
$tmpl->assign( 'readonly', !OC_Filesystem::is_writable($dir.'/'));
$tmpl->assign( 'files', $files );
diff --git a/apps/gallery/lib/tiles.php b/apps/gallery/lib/tiles.php
index 5837c752ef6..e43c99bb76a 100644
--- a/apps/gallery/lib/tiles.php
+++ b/apps/gallery/lib/tiles.php
@@ -141,7 +141,7 @@ class TileStack extends TileBase {
}
public function get() {
- $r = '<div class="title gallery_div">'.htmlentities($this->stack_name).'</div>';
+ $r = '<div class="title gallery_div">'.$this->stack_name.'</div>';
for ($i = 0; $i < count($this->tiles_array); $i++) {
$top = rand(-5, 5);
$left = rand(-5, 5);
@@ -168,7 +168,7 @@ class TileStack extends TileBase {
}
public function getOnClickAction() {
- return 'javascript:openNewGal(\''.htmlentities($this->stack_name).'\');';
+ return 'javascript:openNewGal(\''.$this->stack_name.'\');';
}
private $tiles_array;
diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index d2404a80aa5..78bc5b46566 100644
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -186,7 +186,7 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
if(!$this->configured) {
return array();
}
- if(is_null($this->_groups)) {
+ if(empty($this->_groups)) {
$ldap_groups = OC_LDAP::fetchListOfGroups($this->ldapGroupFilter, array(OC_LDAP::conf('ldapGroupDisplayName'), 'dn'));
$this->_groups = OC_LDAP::ownCloudGroupNames($ldap_groups);
}
diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php
index f1a474ff27d..42084855e85 100644
--- a/apps/user_ldap/settings.php
+++ b/apps/user_ldap/settings.php
@@ -20,7 +20,7 @@
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
-$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_agent_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute');
+$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_agent_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_group_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute');
OCP\Util::addscript('user_ldap', 'settings');
@@ -47,13 +47,14 @@ if ($_POST) {
// fill template
$tmpl = new OCP\Template( 'user_ldap', 'settings');
foreach($params as $param){
- $value = htmlentities(OCP\Config::getAppValue('user_ldap', $param,''));
+ $value = OCP\Config::getAppValue('user_ldap', $param,'');
$tmpl->assign($param, $value);
}
// settings with default values
$tmpl->assign( 'ldap_port', OCP\Config::getAppValue('user_ldap', 'ldap_port', '389'));
$tmpl->assign( 'ldap_display_name', OCP\Config::getAppValue('user_ldap', 'ldap_display_name', 'uid'));
+$tmpl->assign( 'ldap_group_display_name', OCP\Config::getAppValue('user_ldap', 'ldap_group_display_name', 'cn'));
$tmpl->assign( 'ldap_group_member_assoc_attribute', OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember'));
$tmpl->assign( 'ldap_agent_password', base64_decode(OCP\Config::getAppValue('user_ldap', 'ldap_agent_password')));
diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
index 3462f2473f4..31f453b5a5a 100644
--- a/apps/user_ldap/templates/settings.php
+++ b/apps/user_ldap/templates/settings.php
@@ -22,6 +22,7 @@
<p><input type="checkbox" id="ldap_nocase" name="ldap_nocase" value="1"<?php if (isset($_['ldap_nocase']) && ($_['ldap_nocase'])) echo ' checked'; ?>><label for="ldap_nocase"><?php echo $l->t('Case insensitve LDAP server (Windows)');?></label></p>
<p><label for="ldap_display_name"><?php echo $l->t('Display Name Field');?></label><input type="text" id="ldap_display_name" name="ldap_display_name" value="<?php echo $_['ldap_display_name']; ?>" />
<small><?php echo $l->t('Currently the display name field needs to be the same you matched %%uid against in the filter above, because ownCloud doesn\'t distinguish between user id and user name.');?></small></p>
+ <p><label for="ldap_group_display_name"><?php echo $l->t('Group Display Name Field');?></label><input type="text" id="ldap_group_display_name" name="ldap_group_display_name" value="<?php echo $_['ldap_group_display_name']; ?>" /></p>
<p><label for="ldap_quota_attr">Quota Attribute</label><input type="text" id="ldap_quota_attr" name="ldap_quota_attr" value="<?php echo $_['ldap_quota_attr']; ?>" />
<label for="ldap_quota_def">Quota Default</label><input type="text" id="ldap_quota_def" name="ldap_quota_def" value="<?php if (isset($_['ldap_quota_def'])) echo $_['ldap_quota_def']; ?>" />bytes</p>
<p><label for="ldap_email_attr">Email Attribute</label><input type="text" id="ldap_email_attr" name="ldap_email_attr" value="<?php echo $_['ldap_email_attr']; ?>" /></p>
diff --git a/core/templates/login.php b/core/templates/login.php
index 41d6ba41ef8..a40bf5c330a 100644
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -1,7 +1,7 @@
<!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->
<form action="index.php" method="post">
<fieldset>
- <?php if(!empty($_['redirect'])) { echo '<input type="hidden" name="redirect_url" value="'.htmlentities($_['redirect']).'" />'; } ?>
+ <?php if(!empty($_['redirect'])) { echo '<input type="hidden" name="redirect_url" value="'.$_['redirect'].'" />'; } ?>
<?php if($_['error']): ?>
<a href="./core/lostpassword/"><?php echo $l->t('Lost your password?'); ?></a>
<?php endif; ?>
diff --git a/index.php b/index.php
index 07f8436720d..b90b1b310a9 100755
--- a/index.php
+++ b/index.php
@@ -112,6 +112,7 @@ elseif(OC_User::isLoggedIn()) {
if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"])) {
//OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG);
OC_User::unsetMagicInCookie();
+ $_REQUEST['redirect_url'] = (isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:'');
OC_Util::redirectToDefaultPage();
}else{
$error = true;
diff --git a/lib/template.php b/lib/template.php
index 688199a878c..ba82b21774a 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -286,10 +286,8 @@ class OC_Template{
* This function is internally used to sanitize HTML.
*/
private static function sanitizeHTML( &$value ){
- if(is_string($value)) {
- $value = htmlentities( $value, ENT_QUOTES );
- return $value;
- }
+ $value = htmlentities( $value );
+ return $value;
}
/**
@@ -528,13 +526,13 @@ class OC_Template{
$_ = array_merge( $additionalparams, $this->vars );
}
- // Einbinden
+ // Include
ob_start();
include( $this->path.$file.'.php' );
$data = ob_get_contents();
@ob_end_clean();
- // Daten zurückgeben
+ // Return data
return $data;
}
@@ -548,7 +546,7 @@ class OC_Template{
public static function printUserPage( $application, $name, $parameters = array() ){
$content = new OC_Template( $application, $name, "user" );
foreach( $parameters as $key => $value ){
- $content->assign( $key, $value );
+ $content->assign( $key, $value, false );
}
print $content->printPage();
}
@@ -563,7 +561,7 @@ class OC_Template{
public static function printAdminPage( $application, $name, $parameters = array() ){
$content = new OC_Template( $application, $name, "admin" );
foreach( $parameters as $key => $value ){
- $content->assign( $key, $value );
+ $content->assign( $key, $value, false );
}
return $content->printPage();
}
@@ -578,7 +576,7 @@ class OC_Template{
public static function printGuestPage( $application, $name, $parameters = array() ){
$content = new OC_Template( $application, $name, "guest" );
foreach( $parameters as $key => $value ){
- $content->assign( $key, $value );
+ $content->assign( $key, $value,false );
}
return $content->printPage();
}
diff --git a/lib/util.php b/lib/util.php
index 7c85db71f5f..d1d5983dcfb 100644..100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -332,7 +332,8 @@ class OC_Util {
* Redirect to the user default page
*/
public static function redirectToDefaultPage(){
- if(isset($_REQUEST['redirect_url']) && substr($_REQUEST['redirect_url'], 0, strlen(OC::$WEBROOT)) == OC::$WEBROOT) {
+ OC_Log::write('core','redirectToDefaultPage',OC_Log::DEBUG);
+ if(isset($_REQUEST['redirect_url']) && (substr($_REQUEST['redirect_url'], 0, strlen(OC::$WEBROOT)) == OC::$WEBROOT || $_REQUEST['redirect_url'][0] == '/')) {
header( 'Location: '.$_REQUEST['redirect_url']);
} else {
header( 'Location: '.OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files'));
@@ -358,12 +359,30 @@ class OC_Util {
* Todo: Write howto
*/
public static function callRegister(){
+ //mamimum time before token exires
+ $maxtime=(60*60); // 1 hour
+
// generate a random token.
$token=mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000);
// store the token together with a timestamp in the session.
$_SESSION['requesttoken-'.$token]=time();
+ // cleanup old tokens garbage collector
+ // only run every 20th time so we don´t waste cpu cycles
+ if(rand(0,20)==0) {
+ foreach($_SESSION as $key=>$value) {
+ // search all tokens in the session
+ if(substr($key,0,12)=='requesttoken') {
+ if($value+$maxtime<time()){
+ // remove outdated tokens
+ unset($_SESSION[$key]);
+ }
+ }
+ }
+ }
+
+
// return the token
return($token);
}
diff --git a/settings/admin.php b/settings/admin.php
index a997bad4e3c..fed0fe9ff87 100644
--- a/settings/admin.php
+++ b/settings/admin.php
@@ -22,7 +22,7 @@ function compareEntries($a,$b){
}
usort($entries, 'compareEntries');
-$tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 ));
+$tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 ), false);
$tmpl->assign('entries',$entries);
$tmpl->assign('forms',array());
foreach($forms as $form){
diff --git a/settings/apps.php b/settings/apps.php
index 7908e6cc18b..f85b28158f5 100644
--- a/settings/apps.php
+++ b/settings/apps.php
@@ -92,7 +92,7 @@ usort($apps, 'app_sort');
$tmpl = new OC_Template( "settings", "apps", "user" );
-$tmpl->assign('apps',$apps);
+$tmpl->assign('apps',$apps, false);
$tmpl->printPage();
diff --git a/settings/templates/admin.php b/settings/templates/admin.php
index d167f2780ef..38c6042c82a 100644
--- a/settings/templates/admin.php
+++ b/settings/templates/admin.php
@@ -29,7 +29,7 @@ $levels=array('Debug','Info','Warning','Error','Fatal');
<?php echo $entry->app;?>
</td>
<td>
- <?php echo htmlentities($entry->message);?>
+ <?php echo $entry->message;?>
</td>
<td>
<?php echo OC_Util::formatDate($entry->time);?>
diff --git a/settings/templates/help.php b/settings/templates/help.php
index cf61207e601..a53ec76d681 100644
--- a/settings/templates/help.php
+++ b/settings/templates/help.php
@@ -26,9 +26,9 @@
<?php foreach($_["kbe"] as $kb): ?>
<div class="helpblock">
<?php if($kb["preview1"] <> "") { echo('<img class="preview" src="'.$kb["preview1"].'" />'); } ?>
- <?php if($kb['detailpage']<>'') echo('<p><a target="_blank" href="'.$kb['detailpage'].'"><strong>'.htmlentities($kb["name"]).'</strong></a></p>');?>
- <p><?php echo htmlentities($kb['description']);?></p>
- <?php if($kb['answer']<>'') echo('<p><strong>'.$l->t('Answer').':</strong><p>'.htmlentities($kb['answer']).'</p>');?>
+ <?php if($kb['detailpage']<>'') echo('<p><a target="_blank" href="'.$kb['detailpage'].'"><strong>'.$kb["name"].'</strong></a></p>');?>
+ <p><?php echo $kb['description'];?></p>
+ <?php if($kb['answer']<>'') echo('<p><strong>'.$l->t('Answer').':</strong><p>'.$kb['answer'].'</p>');?>
</div>
<?php endforeach;
endif?>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-08 16:34:11 +0000