diff options
author | Georg Ehrke <dev@georgswebsite.de> | 2012-02-04 21:27:18 +0100 |
---|---|---|
committer | Georg Ehrke <dev@georgswebsite.de> | 2012-02-04 21:27:18 +0100 |
commit | 5e08d1bb401b863519d452c0c5cdb4f16c52add7 (patch) | |
tree | 0186c128fc3b8bd93785173f34816d57fcc17fda | |
parent | b810380d56b41ebad4fd67a30d6789744c69deb3 (diff) | |
parent | f81ac815506f385b2258a60f7cab9ca611ef29a1 (diff) | |
download | nextcloud-server-5e08d1bb401b863519d452c0c5cdb4f16c52add7.tar.gz nextcloud-server-5e08d1bb401b863519d452c0c5cdb4f16c52add7.zip |
Merge branch 'calendar' of gitorious.org:owncloud/owncloud into calendar
-rw-r--r-- | apps/calendar/ajax/createcalendar.php | 2 | ||||
-rw-r--r-- | apps/calendar/ajax/events.php | 4 | ||||
-rw-r--r-- | apps/calendar/ajax/updatecalendar.php | 2 | ||||
-rw-r--r-- | apps/calendar/js/calendar.js | 1 | ||||
-rw-r--r-- | apps/calendar/templates/part.eventform.php | 8 |
5 files changed, 9 insertions, 8 deletions
diff --git a/apps/calendar/ajax/createcalendar.php b/apps/calendar/ajax/createcalendar.php index b719b207c74..08bf7b4ee49 100644 --- a/apps/calendar/ajax/createcalendar.php +++ b/apps/calendar/ajax/createcalendar.php @@ -25,7 +25,7 @@ foreach($calendars as $cal){ } $userid = OC_User::getUser(); -$calendarid = OC_Calendar_Calendar::addCalendar($userid, $_POST['name'], 'VEVENT,VTODO,VJOURNAL', null, 0, $_POST['color']); +$calendarid = OC_Calendar_Calendar::addCalendar($userid, htmlspecialchars($_POST['name']), 'VEVENT,VTODO,VJOURNAL', null, 0, $_POST['color']); OC_Calendar_Calendar::setCalendarActive($calendarid, 1); $calendar = OC_Calendar_Calendar::find($calendarid); diff --git a/apps/calendar/ajax/events.php b/apps/calendar/ajax/events.php index 73bdfcc270b..dd593ddec99 100644 --- a/apps/calendar/ajax/events.php +++ b/apps/calendar/ajax/events.php @@ -11,8 +11,8 @@ require_once('../../../3rdparty/when/When.php'); function addoutput($event, $vevent, $return_event){ $return_event['id'] = (int)$event['id']; - $return_event['title'] = $event['summary']; - $return_event['description'] = isset($vevent->DESCRIPTION)?$vevent->DESCRIPTION->value:''; + $return_event['title'] = htmlspecialchars($event['summary']); + $return_event['description'] = isset($vevent->DESCRIPTION)?htmlspecialchars($vevent->DESCRIPTION->value):''; $last_modified = $vevent->__get('LAST-MODIFIED'); if ($last_modified){ $lastmodified = $last_modified->getDateTime()->format('U'); diff --git a/apps/calendar/ajax/updatecalendar.php b/apps/calendar/ajax/updatecalendar.php index 269b7b7ca06..90dafd35b68 100644 --- a/apps/calendar/ajax/updatecalendar.php +++ b/apps/calendar/ajax/updatecalendar.php @@ -26,7 +26,7 @@ foreach($calendars as $cal){ $calendarid = $_POST['id']; $calendar = OC_Calendar_App::getCalendar($calendarid);//access check -OC_Calendar_Calendar::editCalendar($calendarid, $_POST['name'], null, null, null, $_POST['color']); +OC_Calendar_Calendar::editCalendar($calendarid, htmlspecialchars($_POST['name']), null, null, null, $_POST['color']); OC_Calendar_Calendar::setCalendarActive($calendarid, $_POST['active']); $calendar = OC_Calendar_App::getCalendar($calendarid); diff --git a/apps/calendar/js/calendar.js b/apps/calendar/js/calendar.js index bbefa1bcf2c..404a0ed6089 100644 --- a/apps/calendar/js/calendar.js +++ b/apps/calendar/js/calendar.js @@ -799,6 +799,7 @@ $(document).ready(function(){ eventDrop: Calendar.UI.moveEvent, eventResize: Calendar.UI.resizeEvent, eventRender: function(event, element) { + element.find('span.fc-event-title').html(element.find('span.fc-event-title').text()); element.tipsy({ className: 'tipsy-event', opacity: 0.9, diff --git a/apps/calendar/templates/part.eventform.php b/apps/calendar/templates/part.eventform.php index 4a9a467549f..2abfe94ba03 100644 --- a/apps/calendar/templates/part.eventform.php +++ b/apps/calendar/templates/part.eventform.php @@ -10,7 +10,7 @@ <tr> <th width="75px"><?php echo $l->t("Title");?>:</th> <td> - <input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Title of the Event");?>" value="<?php echo isset($_['title']) ? $_['title'] : '' ?>" maxlength="100" name="title"/> + <input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Title of the Event");?>" value="<?php echo isset($_['title']) ? htmlspecialchars($_['title']) : '' ?>" maxlength="100" name="title"/> </td> </tr> </table> @@ -69,7 +69,7 @@ <tr> <th width="85px"><?php echo $l->t("Location");?>:</th> <td> - <input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Location of the Event");?>" value="<?php echo isset($_['location']) ? $_['location'] : '' ?>" maxlength="100" name="location" /> + <input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Location of the Event");?>" value="<?php echo isset($_['location']) ? htmlspecialchars($_['location']) : '' ?>" maxlength="100" name="location" /> </td> </tr> </table> @@ -77,7 +77,7 @@ <tr> <th width="85px" style="vertical-align: top;"><?php echo $l->t("Description");?>:</th> <td> - <textarea style="width:350px;height: 150px;" placeholder="<?php echo $l->t("Description of the Event");?>" name="description"><?php echo isset($_['description']) ? $_['description'] : '' ?></textarea> + <textarea style="width:350px;height: 150px;" placeholder="<?php echo $l->t("Description of the Event");?>" name="description"><?php echo isset($_['description']) ? htmlspecialchars($_['description']) : '' ?></textarea> </td> </tr> </table> @@ -233,4 +233,4 @@ </div> <div id="tabs-3">//Alarm</div> <div id="tabs-4">//Attendees</div> -<div id="tabs-5">//Share</div>
\ No newline at end of file +<div id="tabs-5">//Share</div> |