diff options
| author | Bjoern Schiessle <schiessle@owncloud.com> | 2012-06-21 13:57:18 +0200 |
|---|---|---|
| committer | Bjoern Schiessle <schiessle@owncloud.com> | 2012-06-21 13:57:18 +0200 |
| commit | 34739b7ec5b5bb26f993704b169937d3f04ed7c7 (patch) | |
| tree | 93007cda15d450f33cc92635ee47966021a81bcb | |
| parent | 09d2f767276f6054148425966fda89e189d621f0 (diff) | |
| download | nextcloud-server-34739b7ec5b5bb26f993704b169937d3f04ed7c7.tar.gz nextcloud-server-34739b7ec5b5bb26f993704b169937d3f04ed7c7.zip | |
use new sanitizeHTML() function
| -rw-r--r-- | apps/bookmarks/templates/list.php | 2 | ||||
| -rw-r--r-- | core/templates/layout.user.php | 2 | ||||
| -rw-r--r-- | core/templates/login.php | 2 | ||||
| -rw-r--r-- | settings/ajax/togglegroups.php | 2 |
4 files changed, 4 insertions, 4 deletions
diff --git a/apps/bookmarks/templates/list.php b/apps/bookmarks/templates/list.php index fdd2b19f79a..1ed79264d0d 100644 --- a/apps/bookmarks/templates/list.php +++ b/apps/bookmarks/templates/list.php @@ -7,7 +7,7 @@ * See the COPYING-README file. */ ?> -<input type="hidden" id="bookmarkFilterTag" value="<?php if(isset($_GET['tag'])) echo htmlentities($_GET['tag'],ENT_COMPAT,'utf-8'); ?>" /> +<input type="hidden" id="bookmarkFilterTag" value="<?php if(isset($_GET['tag'])) echo OCP\Util::sanitizeHTML($_GET['tag']); ?>" /> <div id="controls"> <input type="hidden" id="bookmark_add_id" value="0" /> <input type="text" id="bookmark_add_url" placeholder="<?php echo $l->t('Address'); ?>" class="bookmarks_input" /> diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php index 500ac9beda3..660c9522c7e 100644 --- a/core/templates/layout.user.php +++ b/core/templates/layout.user.php @@ -47,7 +47,7 @@ <a href="<?php echo link_to('', 'index.php'); ?>" title="" id="owncloud"><img class="svg" src="<?php echo image_path('', 'logo-wide.svg'); ?>" alt="ownCloud" /></a> <a class="header-right header-action" id="logout" href="<?php echo link_to('', 'index.php'); ?>?logout=true"><img class="svg" alt="<?php echo $l->t('Log out');?>" title="<?php echo $l->t('Log out');?>" src="<?php echo image_path('', 'actions/logout.svg'); ?>" /></a> <form class="searchbox header-right" action="#" method="post"> - <input id="searchbox" class="svg" type="search" name="query" value="<?php if(isset($_POST['query'])){echo htmlentities($_POST['query']);};?>" autocomplete="off" /> + <input id="searchbox" class="svg" type="search" name="query" value="<?php if(isset($_POST['query'])){echo OC_Util::sanitizeHTML($_POST['query']);};?>" autocomplete="off" /> </form> </div></header> diff --git a/core/templates/login.php b/core/templates/login.php index a40bf5c330a..985cf90c2a2 100644 --- a/core/templates/login.php +++ b/core/templates/login.php @@ -7,7 +7,7 @@ <?php endif; ?> <p class="infield"> <label for="user" class="infield"><?php echo $l->t( 'Username' ); ?></label> - <input type="text" name="user" id="user" value="<?php echo !empty($_POST['user'])?htmlentities($_POST['user'],ENT_COMPAT,'utf-8').'"':'" autofocus'; ?> autocomplete="off" required /> + <input type="text" name="user" id="user" value="<?php echo !empty($_POST['user'])?OC_Util::sanitizeHTML($_POST['user'],ENT_COMPAT,'utf-8').'"':'" autofocus'; ?> autocomplete="off" required /> </p> <p class="infield"> <label for="password" class="infield"><?php echo $l->t( 'Password' ); ?></label> diff --git a/settings/ajax/togglegroups.php b/settings/ajax/togglegroups.php index f76e22f51d2..7773c1049c3 100644 --- a/settings/ajax/togglegroups.php +++ b/settings/ajax/togglegroups.php @@ -10,7 +10,7 @@ $error = "add user to"; $action = "add"; $username = $_POST["username"]; -$group = htmlentities($_POST["group"]); +$group = OC_Util::sanitizeHTML($_POST["group"]); if(!OC_Group::groupExists($group)){ OC_Group::createGroup($group); |