diff options
| author | Michael Gapczynski <GapczynskiM@gmail.com> | 2012-06-13 15:17:46 -0400 |
|---|---|---|
| committer | Michael Gapczynski <GapczynskiM@gmail.com> | 2012-06-13 15:17:46 -0400 |
| commit | b5889d6ffe2a91ccb223a84a220cb1580bc42929 (patch) | |
| tree | aca675ac30746341e8ed835a9cb233cf76a7e2cc | |
| parent | bd01e9346941fa85b4bb96a42cecdbc50e51c368 (diff) | |
| parent | f9bf34340c7618a90f8ac3452b7d89085882cab3 (diff) | |
| download | nextcloud-server-b5889d6ffe2a91ccb223a84a220cb1580bc42929.tar.gz nextcloud-server-b5889d6ffe2a91ccb223a84a220cb1580bc42929.zip | |
Merge commit 'refs/merge-requests/127' of git://gitorious.org/owncloud/owncloud into merge-requests/127
Conflicts:
apps/files_external/templates/settings.php
lib/template.php
| -rw-r--r-- | apps/calendar/index.php | 4 | ||||
| -rw-r--r-- | apps/calendar/lib/app.php | 4 | ||||
| -rw-r--r-- | apps/calendar/templates/part.choosecalendar.rowfields.php | 4 | ||||
| -rw-r--r-- | apps/calendar/templates/part.choosecalendar.rowfields.shared.php | 2 | ||||
| -rw-r--r-- | apps/calendar/templates/part.eventform.php | 8 | ||||
| -rw-r--r-- | apps/calendar/templates/part.import.php | 2 | ||||
| -rw-r--r-- | apps/calendar/templates/part.showevent.php | 6 | ||||
| -rw-r--r-- | apps/contacts/templates/part.contacts.php | 2 | ||||
| -rw-r--r-- | apps/files/ajax/list.php | 2 | ||||
| -rw-r--r-- | apps/files/index.php | 14 | ||||
| -rw-r--r-- | apps/files/templates/index.php | 2 | ||||
| -rw-r--r-- | apps/files_external/templates/settings.php | 2 | ||||
| -rw-r--r-- | apps/gallery/lib/tiles.php | 4 | ||||
| -rw-r--r-- | apps/tasks/templates/part.taskform.php | 2 | ||||
| -rw-r--r-- | apps/user_ldap/settings.php | 2 | ||||
| -rw-r--r-- | apps/user_openid/settings.php | 2 | ||||
| -rw-r--r-- | core/templates/404.php | 2 | ||||
| -rw-r--r-- | core/templates/login.php | 2 | ||||
| -rw-r--r-- | lib/template.php | 49 | ||||
| -rw-r--r-- | settings/admin.php | 2 | ||||
| -rw-r--r-- | settings/apps.php | 2 | ||||
| -rw-r--r-- | settings/templates/admin.php | 2 | ||||
| -rw-r--r-- | settings/templates/help.php | 6 |
23 files changed, 73 insertions, 54 deletions
diff --git a/apps/calendar/index.php b/apps/calendar/index.php index cf03a7a3cd3..05a808a5ae0 100644 --- a/apps/calendar/index.php +++ b/apps/calendar/index.php @@ -54,9 +54,9 @@ OCP\Util::addscript('contacts','jquery.multi-autocomplete'); OCP\Util::addscript('','oc-vcategories'); OCP\App::setActiveNavigationEntry('calendar_index'); $tmpl = new OCP\Template('calendar', 'calendar', 'user'); -$tmpl->assign('eventSources', $eventSources); +$tmpl->assign('eventSources', $eventSources,false); $tmpl->assign('categories', $categories); if(array_key_exists('showevent', $_GET)){ - $tmpl->assign('showevent', $_GET['showevent']); + $tmpl->assign('showevent', $_GET['showevent'], false); } $tmpl->printPage(); diff --git a/apps/calendar/lib/app.php b/apps/calendar/lib/app.php index 2cd28c0f782..ff7ad1cb937 100644 --- a/apps/calendar/lib/app.php +++ b/apps/calendar/lib/app.php @@ -377,8 +377,8 @@ class OC_Calendar_App{ $lastmodified = ($last_modified)?$last_modified->getDateTime()->format('U'):0; $output = array('id'=>(int)$event['id'], - 'title' => htmlspecialchars(($event['summary']!=NULL || $event['summary'] != '')?$event['summary']: self::$l10n->t('unnamed')), - 'description' => isset($vevent->DESCRIPTION)?htmlspecialchars($vevent->DESCRIPTION->value):'', + 'title' => ($event['summary']!=NULL || $event['summary'] != '')?$event['summary']: self::$l10n->t('unnamed'), + 'description' => isset($vevent->DESCRIPTION)?$vevent->DESCRIPTION->value:'', 'lastmodified'=>$lastmodified); $dtstart = $vevent->DTSTART; diff --git a/apps/calendar/templates/part.choosecalendar.rowfields.php b/apps/calendar/templates/part.choosecalendar.rowfields.php index 268c3356011..965523f847a 100644 --- a/apps/calendar/templates/part.choosecalendar.rowfields.php +++ b/apps/calendar/templates/part.choosecalendar.rowfields.php @@ -1,8 +1,8 @@ <?php echo '<td width="20px"><input id="active_' . $_['calendar']['id'] . '" type="checkbox" onClick="Calendar.UI.Calendar.activation(this,' . $_['calendar']['id'] . ')"' . ($_['calendar']['active'] ? ' checked="checked"' : '') . '></td>'; -echo '<td id="' . OCP\USER::getUser() . '_' . $_['calendar']['id'] . '"><label for="active_' . $_['calendar']['id'] . '">' . htmlspecialchars($_['calendar']['displayname']) . '</label></td>'; +echo '<td id="' . OCP\USER::getUser() . '_' . $_['calendar']['id'] . '"><label for="active_' . $_['calendar']['id'] . '">' . $_['calendar']['displayname'] . '</label></td>'; echo '<td width="20px"><a href="#" onclick="Calendar.UI.Share.dropdown(\'' . OCP\USER::getUser() . '\', \'' . $_['calendar']['id'] . '\');" title="' . $l->t("Share Calendar") . '" class="action"><img class="svg action" src="' . ((!$_['shared']) ? OCP\Util::imagePath('core', 'actions/share.svg') : OCP\Util::imagePath('core', 'actions/shared.svg')) . '"></a></td>'; -echo '<td width="20px"><a href="#" onclick="Calendar.UI.showCalDAVUrl(\'' . OCP\USER::getUser() . '\', \'' . htmlentities($_['calendar']['uri']) . '\');" title="' . $l->t("CalDav Link") . '" class="action"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/public.svg').'"></a></td>'; +echo '<td width="20px"><a href="#" onclick="Calendar.UI.showCalDAVUrl(\'' . OCP\USER::getUser() . '\', \'' . $_['calendar']['uri'] . '\');" title="' . $l->t("CalDav Link") . '" class="action"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/public.svg').'"></a></td>'; echo '<td width="20px"><a href="?app=calendar&getfile=export.php?calid=' . $_['calendar']['id'] . '" title="' . $l->t('Download') . '" class="action"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/download.svg').'"></a></td>'; echo '<td width="20px"><a href="#" title="' . $l->t('Edit') . '" class="action" onclick="Calendar.UI.Calendar.edit(this, ' . $_['calendar']['id'] . ');"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/rename.svg').'"></a></td>'; echo '<td width="20px"><a href="#" onclick="Calendar.UI.Calendar.deleteCalendar(\'' . $_['calendar']['id'] . '\');" title="' . $l->t('Delete') . '" class="action"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/delete.svg').'"></a></td>'; diff --git a/apps/calendar/templates/part.choosecalendar.rowfields.shared.php b/apps/calendar/templates/part.choosecalendar.rowfields.shared.php index 6a212858a21..a23266da0c3 100644 --- a/apps/calendar/templates/part.choosecalendar.rowfields.shared.php +++ b/apps/calendar/templates/part.choosecalendar.rowfields.shared.php @@ -1,4 +1,4 @@ <?php echo '<td width="20px"><input id="active_' . $_['share']['owner'] . '_' . $_['share']['calendar']['id'] . '" type="checkbox" onClick="Calendar.UI.Share.activation(this,\'' . $_['share']['owner'] . '\',' . $_['share']['calendar']['id'] . ')"' . ($_['share']['active'] ? ' checked="checked"' : '') . '></td>'; -echo '<td><label for="active_' . $_['share']['owner'] . '_' . $_['share']['calendar']['id'] . '">' . htmlspecialchars($_['share']['calendar']['displayname']) . '</label></td>'; +echo '<td><label for="active_' . $_['share']['owner'] . '_' . $_['share']['calendar']['id'] . '">' . $_['share']['calendar']['displayname'] . '</label></td>'; echo '<td style="font-style: italic;">' . $l->t('shared with you by') . ' ' . $_['share']['owner'] . '</td>';
\ No newline at end of file diff --git a/apps/calendar/templates/part.eventform.php b/apps/calendar/templates/part.eventform.php index 2d86ce4d318..95eecf26223 100644 --- a/apps/calendar/templates/part.eventform.php +++ b/apps/calendar/templates/part.eventform.php @@ -18,7 +18,7 @@ echo 'Calendar.UI.Share.idtype = "event";' . "\n" . 'Calendar.UI.Share.currentid <tr> <th width="75px"><?php echo $l->t("Title");?>:</th> <td> - <input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Title of the Event");?>" value="<?php echo isset($_['title']) ? htmlspecialchars($_['title']) : '' ?>" maxlength="100" name="title"/> + <input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Title of the Event");?>" value="<?php echo isset($_['title']) ? $_['title'] : '' ?>" maxlength="100" name="title"/> </td> </tr> </table> @@ -26,7 +26,7 @@ echo 'Calendar.UI.Share.idtype = "event";' . "\n" . 'Calendar.UI.Share.currentid <tr> <th width="75px"><?php echo $l->t("Category");?>:</th> <td> - <input id="category" name="categories" type="text" placeholder="<?php echo $l->t('Separate categories with commas'); ?>" value="<?php echo isset($_['categories']) ? htmlspecialchars($_['categories']) : '' ?>"> + <input id="category" name="categories" type="text" placeholder="<?php echo $l->t('Separate categories with commas'); ?>" value="<?php echo isset($_['categories']) ? $_['categories'] : '' ?>"> <a class="action edit" onclick="$(this).tipsy('hide');OCCategories.edit();" title="<?php echo $l->t('Edit categories'); ?>"><img alt="<?php echo $l->t('Edit categories'); ?>" src="<?php echo OCP\image_path('core','actions/rename.svg')?>" class="svg action" style="width: 16px; height: 16px;"></a> </td> <?php if(count($_['calendar_options']) > 1) { ?> @@ -80,7 +80,7 @@ echo 'Calendar.UI.Share.idtype = "event";' . "\n" . 'Calendar.UI.Share.currentid <tr> <th width="85px"><?php echo $l->t("Location");?>:</th> <td> - <input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Location of the Event");?>" value="<?php echo isset($_['location']) ? htmlspecialchars($_['location']) : '' ?>" maxlength="100" name="location" /> + <input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Location of the Event");?>" value="<?php echo isset($_['location']) ? $_['location'] : '' ?>" maxlength="100" name="location" /> </td> </tr> </table> @@ -88,7 +88,7 @@ echo 'Calendar.UI.Share.idtype = "event";' . "\n" . 'Calendar.UI.Share.currentid <tr> <th width="85px" style="vertical-align: top;"><?php echo $l->t("Description");?>:</th> <td> - <textarea style="width:350px;height: 150px;" placeholder="<?php echo $l->t("Description of the Event");?>" name="description"><?php echo isset($_['description']) ? htmlspecialchars($_['description']) : '' ?></textarea> + <textarea style="width:350px;height: 150px;" placeholder="<?php echo $l->t("Description of the Event");?>" name="description"><?php echo isset($_['description']) ? $_['description'] : '' ?></textarea> </td> </tr> </table> diff --git a/apps/calendar/templates/part.import.php b/apps/calendar/templates/part.import.php index b966100cc11..70ff9612157 100644 --- a/apps/calendar/templates/part.import.php +++ b/apps/calendar/templates/part.import.php @@ -9,7 +9,7 @@ $calendar_options = OC_Calendar_Calendar::allCalendars(OCP\USER::getUser()); $calendar_options[] = array('id'=>'newcal', 'displayname'=>$l->t('create a new calendar')); for($i = 0;$i<count($calendar_options);$i++){ - $calendar_options[$i]['displayname'] = htmlspecialchars($calendar_options[$i]['displayname']); + $calendar_options[$i]['displayname'] = $calendar_options[$i]['displayname']; } echo OCP\html_select_options($calendar_options, $calendar_options[0]['id'], array('value'=>'id', 'label'=>'displayname')); ?> diff --git a/apps/calendar/templates/part.showevent.php b/apps/calendar/templates/part.showevent.php index 3646baf5bb7..a5bbfd5b8f5 100644 --- a/apps/calendar/templates/part.showevent.php +++ b/apps/calendar/templates/part.showevent.php @@ -10,7 +10,7 @@ <tr> <th width="75px"><?php echo $l->t("Title");?>:</th> <td> - <?php echo isset($_['title']) ? htmlspecialchars($_['title']) : '' ?> + <?php echo isset($_['title']) ? $_['title'] : '' ?> </td> </tr> </table> @@ -79,7 +79,7 @@ <tr> <th width="85px"><?php echo $l->t("Location");?>:</th> <td> - <?php echo isset($_['location']) ? htmlspecialchars($_['location']) : '' ?> + <?php echo isset($_['location']) ? $_['location'] : '' ?> </td> </tr> </table> @@ -87,7 +87,7 @@ <tr> <th width="85px" style="vertical-align: top;"><?php echo $l->t("Description");?>:</th> <td> - <?php echo isset($_['description']) ? htmlspecialchars($_['description']) : '' ?></textarea> + <?php echo isset($_['description']) ? $_['description'] : '' ?></textarea> </tr> </table> </div> diff --git a/apps/contacts/templates/part.contacts.php b/apps/contacts/templates/part.contacts.php index 57517505405..00a61f72fdd 100644 --- a/apps/contacts/templates/part.contacts.php +++ b/apps/contacts/templates/part.contacts.php @@ -8,5 +8,5 @@ } } ?> - <li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo htmlspecialchars($display); ?></a></li> + <li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo $display; ?></a></li> <?php endforeach; ?> diff --git a/apps/files/ajax/list.php b/apps/files/ajax/list.php index ceb8d158580..f0600a179d0 100644 --- a/apps/files/ajax/list.php +++ b/apps/files/ajax/list.php @@ -38,7 +38,7 @@ foreach( OC_Files::getdirectorycontent( $dir ) as $i ){ } $list = new OCP\Template( "files", "part.list", "" ); -$list->assign( "files", $files ); +$list->assign( "files", $files, false ); $data = array('files' => $list->fetchPage()); OCP\JSON::success(array('data' => $data)); diff --git a/apps/files/index.php b/apps/files/index.php index 60a3836cb59..ed36c5edab0 100644 --- a/apps/files/index.php +++ b/apps/files/index.php @@ -73,12 +73,12 @@ foreach( explode( '/', $dir ) as $i ){ // make breadcrumb und filelist markup $list = new OCP\Template( 'files', 'part.list', '' ); -$list->assign( 'files', $files ); -$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir='); -$list->assign( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file='); +$list->assign( 'files', $files, false ); +$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=', false); +$list->assign( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file=', false); $breadcrumbNav = new OCP\Template( 'files', 'part.breadcrumb', '' ); -$breadcrumbNav->assign( 'breadcrumb', $breadcrumb ); -$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir='); +$breadcrumbNav->assign( 'breadcrumb', $breadcrumb, false ); +$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=', false); $upload_max_filesize = OCP\Util::computerFileSize(ini_get('upload_max_filesize')); $post_max_size = OCP\Util::computerFileSize(ini_get('post_max_size')); @@ -89,8 +89,8 @@ $freeSpace=max($freeSpace,0); $maxUploadFilesize = min($maxUploadFilesize ,$freeSpace); $tmpl = new OCP\Template( 'files', 'index', 'user' ); -$tmpl->assign( 'fileList', $list->fetchPage() ); -$tmpl->assign( 'breadcrumb', $breadcrumbNav->fetchPage() ); +$tmpl->assign( 'fileList', $list->fetchPage(), false ); +$tmpl->assign( 'breadcrumb', $breadcrumbNav->fetchPage(), false ); $tmpl->assign( 'dir', $dir); $tmpl->assign( 'readonly', !OC_Filesystem::is_writable($dir.'/')); $tmpl->assign( 'files', $files ); diff --git a/apps/files/templates/index.php b/apps/files/templates/index.php index 3bd5a1ceef4..44000171a17 100644 --- a/apps/files/templates/index.php +++ b/apps/files/templates/index.php @@ -15,7 +15,7 @@ <form data-upload-id='1' class="file_upload_form" action="<?php echo OCP\Util::linkTo('files', 'ajax/upload.php'); ?>" method="post" enctype="multipart/form-data" target="file_upload_target_1"> <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $_['uploadMaxFilesize'] ?>" id="max_upload"> <input type="hidden" class="max_human_file_size" value="(max <?php echo $_['uploadMaxHumanFilesize']; ?>)"> - <input type="hidden" name="dir" value="<?php echo htmlentities($_['dir'],ENT_COMPAT,'utf-8') ?>" id="dir"> + <input type="hidden" name="dir" value="<?php echo $_['dir'] ?>" id="dir"> <button class="file_upload_filename"> <img class='svg action' alt="Upload" src="<?php echo OCP\image_path("core", "actions/upload-white.svg"); ?>" /></button> <input class="file_upload_start" type="file" name='files[]'/> <a href="#" class="file_upload_button_wrapper" onclick="return false;" title="<?php echo $l->t('Upload'); echo ' max. '.$_['uploadMaxHumanFilesize'] ?>"></a> diff --git a/apps/files_external/templates/settings.php b/apps/files_external/templates/settings.php index a995ee34194..6c37df8001e 100644 --- a/apps/files_external/templates/settings.php +++ b/apps/files_external/templates/settings.php @@ -16,7 +16,7 @@ <?php $_['mounts'] = array_merge($_['mounts'], array('' => array())); ?> <?php foreach ($_['mounts'] as $mountPoint => $mount): ?> <tr <?php if ($mountPoint == '') echo 'id="addMountPoint"'; ?>> - <td class="mountPoint"><input type="text" name="mountPoint" value="<?php echo htmlentities($mountPoint); ?>" placeholder="<?php echo $l->t('Mount point'); ?>" /></td> + <td class="mountPoint"><input type="text" name="mountPoint" value="<?php echo $mountPoint; ?>" placeholder="<?php echo $l->t('Mount point'); ?>" /></td> <?php if ($mountPoint == ''): ?> <td class="backend"> <select id="selectBackend" data-configurations='<?php echo json_encode($_['backends']); ?>'> diff --git a/apps/gallery/lib/tiles.php b/apps/gallery/lib/tiles.php index 5837c752ef6..e43c99bb76a 100644 --- a/apps/gallery/lib/tiles.php +++ b/apps/gallery/lib/tiles.php @@ -141,7 +141,7 @@ class TileStack extends TileBase { } public function get() { - $r = '<div class="title gallery_div">'.htmlentities($this->stack_name).'</div>'; + $r = '<div class="title gallery_div">'.$this->stack_name.'</div>'; for ($i = 0; $i < count($this->tiles_array); $i++) { $top = rand(-5, 5); $left = rand(-5, 5); @@ -168,7 +168,7 @@ class TileStack extends TileBase { } public function getOnClickAction() { - return 'javascript:openNewGal(\''.htmlentities($this->stack_name).'\');'; + return 'javascript:openNewGal(\''.$this->stack_name.'\');'; } private $tiles_array; diff --git a/apps/tasks/templates/part.taskform.php b/apps/tasks/templates/part.taskform.php index c00560903b0..0a25ed33c91 100644 --- a/apps/tasks/templates/part.taskform.php +++ b/apps/tasks/templates/part.taskform.php @@ -5,7 +5,7 @@ <input type="text" id="location" name="location" placeholder="<?php echo $l->t('Location of the task');?>" value="<?php echo isset($_['details']->LOCATION) ? $_['details']->LOCATION[0]->value : '' ?>"> <br> <label for="categories"><?php echo $l->t('Categories'); ?></label> - <input id="categories" name="categories" type="text" placeholder="<?php echo $l->t('Separate categories with commas'); ?>" value="<?php echo isset($_['categories']) ? htmlspecialchars($_['categories']) : '' ?>"> + <input id="categories" name="categories" type="text" placeholder="<?php echo $l->t('Separate categories with commas'); ?>" value="<?php echo isset($_['categories']) ? $_['categories'] : '' ?>"> <a class="action edit" onclick="$(this).tipsy('hide');OCCategories.edit();" title="<?php echo $l->t('Edit categories'); ?>"><img alt="<?php echo $l->t('Edit categories'); ?>" src="<?php echo OCP\image_path('core','actions/rename.svg')?>" class="svg action" style="width: 16px; height: 16px;"></a> <br> <label for="due"><?php echo $l->t('Due'); ?></label> diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php index 0c29e70b5ab..42084855e85 100644 --- a/apps/user_ldap/settings.php +++ b/apps/user_ldap/settings.php @@ -47,7 +47,7 @@ if ($_POST) { // fill template $tmpl = new OCP\Template( 'user_ldap', 'settings'); foreach($params as $param){ - $value = htmlentities(OCP\Config::getAppValue('user_ldap', $param,'')); + $value = OCP\Config::getAppValue('user_ldap', $param,''); $tmpl->assign($param, $value); } diff --git a/apps/user_openid/settings.php b/apps/user_openid/settings.php index 062322f6fe4..921fa371dde 100644 --- a/apps/user_openid/settings.php +++ b/apps/user_openid/settings.php @@ -2,7 +2,7 @@ $tmpl = new OCP\Template( 'user_openid', 'settings'); $identity=OCP\Config::getUserValue(OCP\USER::getUser(),'user_openid','identity',''); -$tmpl->assign('identity',htmlentities($identity)); +$tmpl->assign('identity',$identity); OCP\Util::addscript('user_openid','settings'); diff --git a/core/templates/404.php b/core/templates/404.php index cd4f2b40bb2..13a81010343 100644 --- a/core/templates/404.php +++ b/core/templates/404.php @@ -10,6 +10,6 @@ if(!isset($_)){//also provide standalone error page <ul> <li class='error'> <?php echo $l->t( 'Cloud not found' ); ?><br/> - <p class='hint'><?php if(isset($_['file'])) echo htmlentities($_['file'])?></p> + <p class='hint'><?php if(isset($_['file'])) echo $_['file']?></p> </li> </ul> diff --git a/core/templates/login.php b/core/templates/login.php index 41d6ba41ef8..a40bf5c330a 100644 --- a/core/templates/login.php +++ b/core/templates/login.php @@ -1,7 +1,7 @@ <!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]--> <form action="index.php" method="post"> <fieldset> - <?php if(!empty($_['redirect'])) { echo '<input type="hidden" name="redirect_url" value="'.htmlentities($_['redirect']).'" />'; } ?> + <?php if(!empty($_['redirect'])) { echo '<input type="hidden" name="redirect_url" value="'.$_['redirect'].'" />'; } ?> <?php if($_['error']): ?> <a href="./core/lostpassword/"><?php echo $l->t('Lost your password?'); ?></a> <?php endif; ?> diff --git a/lib/template.php b/lib/template.php index 9ce041a71c3..a3700e133e7 100644 --- a/lib/template.php +++ b/lib/template.php @@ -262,6 +262,7 @@ class OC_Template{ * @brief Assign variables * @param $key key * @param $value value + * @param $sanitizeHTML false, if data shouldn't get passed through htmlentities * @returns true * * This function assigns a variable. It can be accessed via $_[$key] in @@ -269,11 +270,29 @@ class OC_Template{ * * If the key existed before, it will be overwritten */ - public function assign( $key, $value ){ + public function assign( $key, $value, $sanitizeHTML=true ){ + if($sanitizeHTML == true) { + if(is_array($value)) { + array_walk_recursive($value,'OC_Template::sanitizeHTML'); + } else { + $value = OC_Template::sanitizeHTML($value); + } + } $this->vars[$key] = $value; return true; } + + /** + * @brief Internaly used to sanitze HTML + * + * This function is internally used to sanitize HTML. + */ + private static function sanitizeHTML( &$value ){ + $value = htmlentities( $value ); + return $value; + } + /** * @brief Appends a variable * @param $key key @@ -357,21 +376,21 @@ class OC_Template{ // Decide which page we show if( $this->renderas == "user" ){ $page = new OC_Template( "core", "layout.user" ); - $page->assign('searchurl',OC_Helper::linkTo( 'search', 'index.php' )); + $page->assign('searchurl',OC_Helper::linkTo( 'search', 'index.php' ), false); $page->assign('requesttoken', $this->vars['requesttoken']); if(array_search(OC_APP::getCurrentApp(),array('settings','admin','help'))!==false){ - $page->assign('bodyid','body-settings'); + $page->assign('bodyid','body-settings', false); }else{ - $page->assign('bodyid','body-user'); + $page->assign('bodyid','body-user', false); } // Add navigation entry $navigation = OC_App::getNavigation(); - $page->assign( "navigation", $navigation); - $page->assign( "settingsnavigation", OC_App::getSettingsNavigation()); + $page->assign( "navigation", $navigation, false); + $page->assign( "settingsnavigation", OC_App::getSettingsNavigation(), false); foreach($navigation as $entry) { if ($entry['active']) { - $page->assign( 'application', $entry['name'] ); + $page->assign( 'application', $entry['name'], false ); break; } } @@ -385,7 +404,7 @@ class OC_Template{ // Read the detected formfactor and use the right file name. $fext = self::getFormFactorExtension(); - $page->assign('jsfiles', array()); + $page->assign('jsfiles', array(), false); // Add the core js files or the js files provided by the selected theme foreach(OC_Util::$scripts as $script){ // Is it in 3rd party? @@ -460,13 +479,13 @@ class OC_Template{ } // Add custom headers - $page->assign('headers',$this->headers); + $page->assign('headers',$this->headers, false); foreach(OC_Util::$headers as $header){ $page->append('headers',$header); } // Add css files and js files - $page->assign( "content", $data ); + $page->assign( "content", $data, false ); return $page->fetchPage(); } else{ @@ -511,13 +530,13 @@ class OC_Template{ $_ = array_merge( $additionalparams, $this->vars ); } - // Einbinden + // Include ob_start(); include( $this->path.$file.'.php' ); $data = ob_get_contents(); @ob_end_clean(); - // Daten zurückgeben + // Return data return $data; } @@ -531,7 +550,7 @@ class OC_Template{ public static function printUserPage( $application, $name, $parameters = array() ){ $content = new OC_Template( $application, $name, "user" ); foreach( $parameters as $key => $value ){ - $content->assign( $key, $value ); + $content->assign( $key, $value, false ); } print $content->printPage(); } @@ -546,7 +565,7 @@ class OC_Template{ public static function printAdminPage( $application, $name, $parameters = array() ){ $content = new OC_Template( $application, $name, "admin" ); foreach( $parameters as $key => $value ){ - $content->assign( $key, $value ); + $content->assign( $key, $value, false ); } return $content->printPage(); } @@ -561,7 +580,7 @@ class OC_Template{ public static function printGuestPage( $application, $name, $parameters = array() ){ $content = new OC_Template( $application, $name, "guest" ); foreach( $parameters as $key => $value ){ - $content->assign( $key, $value ); + $content->assign( $key, $value,false ); } return $content->printPage(); } diff --git a/settings/admin.php b/settings/admin.php index a997bad4e3c..4cbd67c3678 100644 --- a/settings/admin.php +++ b/settings/admin.php @@ -23,7 +23,7 @@ function compareEntries($a,$b){ usort($entries, 'compareEntries'); $tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 )); -$tmpl->assign('entries',$entries); +$tmpl->assign('entries',$entries,false); $tmpl->assign('forms',array()); foreach($forms as $form){ $tmpl->append('forms',$form); diff --git a/settings/apps.php b/settings/apps.php index 7908e6cc18b..f85b28158f5 100644 --- a/settings/apps.php +++ b/settings/apps.php @@ -92,7 +92,7 @@ usort($apps, 'app_sort'); $tmpl = new OC_Template( "settings", "apps", "user" ); -$tmpl->assign('apps',$apps); +$tmpl->assign('apps',$apps, false); $tmpl->printPage(); diff --git a/settings/templates/admin.php b/settings/templates/admin.php index d167f2780ef..38c6042c82a 100644 --- a/settings/templates/admin.php +++ b/settings/templates/admin.php @@ -29,7 +29,7 @@ $levels=array('Debug','Info','Warning','Error','Fatal'); <?php echo $entry->app;?> </td> <td> - <?php echo htmlentities($entry->message);?> + <?php echo $entry->message;?> </td> <td> <?php echo OC_Util::formatDate($entry->time);?> diff --git a/settings/templates/help.php b/settings/templates/help.php index cf61207e601..a53ec76d681 100644 --- a/settings/templates/help.php +++ b/settings/templates/help.php @@ -26,9 +26,9 @@ <?php foreach($_["kbe"] as $kb): ?> <div class="helpblock"> <?php if($kb["preview1"] <> "") { echo('<img class="preview" src="'.$kb["preview1"].'" />'); } ?> - <?php if($kb['detailpage']<>'') echo('<p><a target="_blank" href="'.$kb['detailpage'].'"><strong>'.htmlentities($kb["name"]).'</strong></a></p>');?> - <p><?php echo htmlentities($kb['description']);?></p> - <?php if($kb['answer']<>'') echo('<p><strong>'.$l->t('Answer').':</strong><p>'.htmlentities($kb['answer']).'</p>');?> + <?php if($kb['detailpage']<>'') echo('<p><a target="_blank" href="'.$kb['detailpage'].'"><strong>'.$kb["name"].'</strong></a></p>');?> + <p><?php echo $kb['description'];?></p> + <?php if($kb['answer']<>'') echo('<p><strong>'.$l->t('Answer').':</strong><p>'.$kb['answer'].'</p>');?> </div> <?php endforeach; endif?> |