diff options
| author | Georg Ehrke <dev@georgswebsite.de> | 2012-05-31 20:00:46 +0200 |
|---|---|---|
| committer | Georg Ehrke <dev@georgswebsite.de> | 2012-05-31 20:01:12 +0200 |
| commit | f0bd57186686689d0f65c356cd7f226c045dd6e3 (patch) | |
| tree | 30d24d1a5339a21d8e74485c995ad4cf1339781c /apps/calendar | |
| parent | 3db28d7616ffcc09aa23e4ab50bf6b5224c98a7c (diff) | |
| download | nextcloud-server-f0bd57186686689d0f65c356cd7f226c045dd6e3.tar.gz nextcloud-server-f0bd57186686689d0f65c356cd7f226c045dd6e3.zip | |
fix potential XSS
Diffstat (limited to 'apps/calendar')
| -rw-r--r-- | apps/calendar/templates/part.choosecalendar.rowfields.php | 2 | ||||
| -rw-r--r-- | apps/calendar/templates/part.choosecalendar.rowfields.shared.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/apps/calendar/templates/part.choosecalendar.rowfields.php b/apps/calendar/templates/part.choosecalendar.rowfields.php index 965523f847a..bad268897bf 100644 --- a/apps/calendar/templates/part.choosecalendar.rowfields.php +++ b/apps/calendar/templates/part.choosecalendar.rowfields.php @@ -1,6 +1,6 @@ <?php echo '<td width="20px"><input id="active_' . $_['calendar']['id'] . '" type="checkbox" onClick="Calendar.UI.Calendar.activation(this,' . $_['calendar']['id'] . ')"' . ($_['calendar']['active'] ? ' checked="checked"' : '') . '></td>'; -echo '<td id="' . OCP\USER::getUser() . '_' . $_['calendar']['id'] . '"><label for="active_' . $_['calendar']['id'] . '">' . $_['calendar']['displayname'] . '</label></td>'; +echo '<td id="' . OCP\USER::getUser() . '_' . $_['calendar']['id'] . '"><label for="active_' . $_['calendar']['id'] . '">' . htmlspecialchars($_['calendar']['displayname']) . '</label></td>'; echo '<td width="20px"><a href="#" onclick="Calendar.UI.Share.dropdown(\'' . OCP\USER::getUser() . '\', \'' . $_['calendar']['id'] . '\');" title="' . $l->t("Share Calendar") . '" class="action"><img class="svg action" src="' . ((!$_['shared']) ? OCP\Util::imagePath('core', 'actions/share.svg') : OCP\Util::imagePath('core', 'actions/shared.svg')) . '"></a></td>'; echo '<td width="20px"><a href="#" onclick="Calendar.UI.showCalDAVUrl(\'' . OCP\USER::getUser() . '\', \'' . $_['calendar']['uri'] . '\');" title="' . $l->t("CalDav Link") . '" class="action"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/public.svg').'"></a></td>'; echo '<td width="20px"><a href="?app=calendar&getfile=export.php?calid=' . $_['calendar']['id'] . '" title="' . $l->t('Download') . '" class="action"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/download.svg').'"></a></td>'; diff --git a/apps/calendar/templates/part.choosecalendar.rowfields.shared.php b/apps/calendar/templates/part.choosecalendar.rowfields.shared.php index a23266da0c3..6a212858a21 100644 --- a/apps/calendar/templates/part.choosecalendar.rowfields.shared.php +++ b/apps/calendar/templates/part.choosecalendar.rowfields.shared.php @@ -1,4 +1,4 @@ <?php echo '<td width="20px"><input id="active_' . $_['share']['owner'] . '_' . $_['share']['calendar']['id'] . '" type="checkbox" onClick="Calendar.UI.Share.activation(this,\'' . $_['share']['owner'] . '\',' . $_['share']['calendar']['id'] . ')"' . ($_['share']['active'] ? ' checked="checked"' : '') . '></td>'; -echo '<td><label for="active_' . $_['share']['owner'] . '_' . $_['share']['calendar']['id'] . '">' . $_['share']['calendar']['displayname'] . '</label></td>'; +echo '<td><label for="active_' . $_['share']['owner'] . '_' . $_['share']['calendar']['id'] . '">' . htmlspecialchars($_['share']['calendar']['displayname']) . '</label></td>'; echo '<td style="font-style: italic;">' . $l->t('shared with you by') . ' ' . $_['share']['owner'] . '</td>';
\ No newline at end of file |