summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrank Karlitschek <frank@owncloud.org>2013-03-04 00:00:47 -0800
committerFrank Karlitschek <frank@owncloud.org>2013-03-04 00:00:47 -0800
commitd70912e72b94d63d7d3f42288e2235cee115b8c7 (patch)
tree2a89d81dbd492680bed768d1498567e3e1fb9b16
parent17f7bd4c1453f566062ec051b2b24d1a0c0a9910 (diff)
parent86a7202cda9d0a2c06018f1ca08a9bced31e2887 (diff)
downloadnextcloud-server-d70912e72b94d63d7d3f42288e2235cee115b8c7.tar.gz
nextcloud-server-d70912e72b94d63d7d3f42288e2235cee115b8c7.zip
Merge pull request #2060 from owncloud/escapeGroupname
Sanitize uid, group and quota
-rw-r--r--settings/js/users.js10
1 files changed, 5 insertions, 5 deletions
diff --git a/settings/js/users.js b/settings/js/users.js
index 2c27c6d7666..9bc7455285a 100644
--- a/settings/js/users.js
+++ b/settings/js/users.js
@@ -27,7 +27,7 @@ var UserList = {
// Provide user with option to undo
$('#notification').data('deleteuser', true);
- OC.Notification.showHtml(t('users', 'deleted') + ' ' + uid + '<span class="undo">' + t('users', 'undo') + '</span>');
+ OC.Notification.showHtml(t('users', 'deleted') + ' ' + escapeHTML(uid) + '<span class="undo">' + t('users', 'undo') + '</span>');
},
/**
@@ -80,9 +80,9 @@ var UserList = {
}
var allGroups = String($('#content table').attr('data-groups')).split(', ');
$.each(allGroups, function (i, group) {
- groupsSelect.append($('<option value="' + group + '">' + group + '</option>'));
+ groupsSelect.append($('<option value="' + escapeHTML(group) + '">' + escapeHTML(group) + '</option>'));
if (typeof subadminSelect !== 'undefined' && group != 'admin') {
- subadminSelect.append($('<option value="' + group + '">' + group + '</option>'));
+ subadminSelect.append($('<option value="' + escapeHTML(group) + '">' + escapeHTML(group) + '</option>'));
}
});
tr.find('td.groups').append(groupsSelect);
@@ -111,7 +111,7 @@ var UserList = {
if (quotaSelect.find('option[value="' + quota + '"]').length > 0) {
quotaSelect.find('option[value="' + quota + '"]').attr('selected', 'selected');
} else {
- quotaSelect.append('<option value="' + quota + '" selected="selected">' + quota + '</option>');
+ quotaSelect.append('<option value="' + escapeHTML(quota) + '" selected="selected">' + escapeHTML(quota) + '</option>');
}
}
var added = false;
@@ -224,7 +224,7 @@ var UserList = {
var addSubAdmin = function (group) {
$('select[multiple]').each(function (index, element) {
if ($(element).find('option[value="' + group + '"]').length == 0) {
- $(element).append('<option value="' + group + '">' + group + '</option>');
+ $(element).append('<option value="' + escapeHTML(group) + '">' + escapeHTML(group) + '</option>');
}
})
};