diff options
| author | Thomas Tanghus <thomas@tanghus.net> | 2012-02-02 16:46:38 +0100 |
|---|---|---|
| committer | Thomas Tanghus <thomas@tanghus.net> | 2012-02-02 17:54:30 +0100 |
| commit | 66b96e4440961483d026473fc6242599b3d51550 (patch) | |
| tree | 54393769e43f2241a9de0d149e11fc2e054d121a /apps/contacts/templates | |
| parent | 92b8f3238658782e6eb5a4285185a8fae6665f05 (diff) | |
| download | nextcloud-server-66b96e4440961483d026473fc6242599b3d51550.tar.gz nextcloud-server-66b96e4440961483d026473fc6242599b3d51550.zip | |
Sanitize in- and output.
Diffstat (limited to 'apps/contacts/templates')
| -rw-r--r-- | apps/contacts/templates/part.property.FN.php | 4 | ||||
| -rw-r--r-- | apps/contacts/templates/part.property.php | 20 | ||||
| -rw-r--r-- | apps/contacts/templates/part.setpropertyform.php | 36 |
3 files changed, 30 insertions, 30 deletions
diff --git a/apps/contacts/templates/part.property.FN.php b/apps/contacts/templates/part.property.FN.php index 83cef94e303..c9e21c20e60 100644 --- a/apps/contacts/templates/part.property.FN.php +++ b/apps/contacts/templates/part.property.FN.php @@ -1,9 +1,9 @@ <p id="contacts_details_name" class="contacts_property" data-checksum="<?php echo $_['property']['checksum']; ?>"> - <?php echo $_['property']['value']; ?> + <?php echo htmlspecialchars($_['property']['value']); ?> <span style="display:none;" data-use="edit"><img class="svg action" src="<?php echo image_path('', 'actions/rename.svg'); ?>" /></span> </p> <?php if (!isset($_['details'])): ?> <script> -$('#leftcontent li.active a').text('<?php echo $_['property']['value']; ?>'); +$('#leftcontent li.active a').text('<?php echo htmlspecialchars($_['property']['value']); ?>'); </script> <?php endif ?> diff --git a/apps/contacts/templates/part.property.php b/apps/contacts/templates/part.property.php index e4010397500..7b23fae45b5 100644 --- a/apps/contacts/templates/part.property.php +++ b/apps/contacts/templates/part.property.php @@ -8,21 +8,21 @@ <?php elseif($_['property']['name'] == 'ORG'): ?> <p class="contacts_property_name"><?php echo $l->t('Organization'); ?></p> <p class="contacts_property_data"> - <?php echo $_['property']['value']; ?> + <?php echo htmlspecialchars($_['property']['value']); ?> <span style="display:none;" data-use="edit"><img class="svg action" src="<?php echo image_path('', 'actions/rename.svg'); ?>" /></span> <span style="display:none;" data-use="delete"><img class="svg action" src="<?php echo image_path('', 'actions/delete.svg'); ?>" /></span> </p> <?php elseif($_['property']['name'] == 'EMAIL'): ?> <p class="contacts_property_name"><?php echo $l->t('Email'); ?></p> <p class="contacts_property_data"> - <?php echo $_['property']['value']; ?> + <?php echo htmlspecialchars($_['property']['value']); ?> <span style="display:none;" data-use="edit"><img class="svg action" src="<?php echo image_path('', 'actions/rename.svg'); ?>" /></span> <span style="display:none;" data-use="delete"><img class="svg action" src="<?php echo image_path('', 'actions/delete.svg'); ?>" /></span> </p> <?php elseif($_['property']['name'] == 'TEL'): ?> <p class="contacts_property_name"><?php echo (isset($_['property']['parameters']['PREF']) && $_['property']['parameters']['PREF']) ? $l->t('Preferred').' ' : '' ?><?php echo $l->t('Phone'); ?></p> <p class="contacts_property_data"> - <?php echo $_['property']['value']; ?> + <?php echo htmlspecialchars($_['property']['value']); ?> <?php if(isset($_['property']['parameters']['TYPE']) && !empty($_['property']['parameters']['TYPE'])): ?> <?php foreach($_['property']['parameters']['TYPE'] as $type) { @@ -59,25 +59,25 @@ </p> <p class="contacts_property_data"> <?php if(!empty($_['property']['value'][0])): ?> - <?php echo $_['property']['value'][0]; ?><br> + <?php echo htmlspecialchars($_['property']['value'][0]); ?><br> <?php endif; ?> <?php if(!empty($_['property']['value'][1])): ?> - <?php echo $_['property']['value'][1]; ?><br> + <?php echo htmlspecialchars($_['property']['value'][1]); ?><br> <?php endif; ?> <?php if(!empty($_['property']['value'][2])): ?> - <?php echo $_['property']['value'][2]; ?><br> + <?php echo htmlspecialchars($_['property']['value'][2]); ?><br> <?php endif; ?> <?php if(!empty($_['property']['value'][3])): ?> - <?php echo $_['property']['value'][3]; ?><br> + <?php echo htmlspecialchars($_['property']['value'][3]); ?><br> <?php endif; ?> <?php if(!empty($_['property']['value'][4])): ?> - <?php echo $_['property']['value'][4]; ?><br> + <?php echo htmlspecialchars($_['property']['value'][4]); ?><br> <?php endif; ?> <?php if(!empty($_['property']['value'][5])): ?> - <?php echo $_['property']['value'][5]; ?><br> + <?php echo htmlspecialchars($_['property']['value'][5]); ?><br> <?php endif; ?> <?php if(!empty($_['property']['value'][6])): ?> - <?php echo $_['property']['value'][6]; ?> + <?php echo htmlspecialchars($_['property']['value'][6]); ?> <?php endif; ?> <span style="display:none;" data-use="edit"><img class="svg action" src="<?php echo image_path('', 'actions/rename.svg'); ?>" /></span> <span style="display:none;" data-use="delete"><img class="svg action" src="<?php echo image_path('', 'actions/delete.svg'); ?>" /></span> diff --git a/apps/contacts/templates/part.setpropertyform.php b/apps/contacts/templates/part.setpropertyform.php index 49fa9662146..93ade8faaa7 100644 --- a/apps/contacts/templates/part.setpropertyform.php +++ b/apps/contacts/templates/part.setpropertyform.php @@ -5,18 +5,18 @@ <p class="contacts_property_name"> <dl class="contacts_property_data form"> <dt><label for="n1"><?php echo $l->t('Given name'); ?></label></dt> - <dd><input id="n1" type="text" name="value[1]" value="<?php echo $_['property']['value'][1]; ?>"></dd> + <dd><input id="n1" type="text" name="value[1]" value="<?php echo htmlspecialchars($_['property']['value'][1]); ?>"></dd> <dt><label for="n0"><?php echo $l->t('Family name'); ?></dt> - <dd><input id="n0" type="text" name="value[0]" value="<?php echo $_['property']['value'][0]; ?>"></dd> + <dd><input id="n0" type="text" name="value[0]" value="<?php echo htmlspecialchars($_['property']['value'][0]); ?>"></dd> <dt><label for="n2"><?php echo $l->t('Additional names'); ?></dt> - <dd><input id="n2" type="text" name="value[2]" value="<?php echo $_['property']['value'][2]; ?>"> - <input id="n3" type="hidden" name="value[3]" value="<?php echo $_['property']['value'][3]; ?>"> - <input id="n4" type="hidden" name="value[4]" value="<?php echo $_['property']['value'][4]; ?>"> + <dd><input id="n2" type="text" name="value[2]" value="<?php echo htmlspecialchars($_['property']['value'][2]); ?>"> + <input id="n3" type="hidden" name="value[3]" value="<?php echo htmlspecialchars($_['property']['value'][3]); ?>"> + <input id="n4" type="hidden" name="value[4]" value="<?php echo htmlspecialchars($_['property']['value'][4]); ?>"> </dd> </dl> </p> <?php elseif($_['property']['name']=='FN'): ?> - <p class="contacts_property_data"><input id="fn" type="text" name="value" value="<?php echo $_['property']['value']; ?>"></p> + <p class="contacts_property_data"><input id="fn" type="text" name="value" value="<?php echo htmlspecialchars($_['property']['value']); ?>"></p> <?php elseif($_['property']['name']=='ADR'): ?> <p class="contacts_property_name"><label for="adr_pobox"><?php echo $l->t('Address'); ?></label></p> <dl class="contacts_property_data form" id="contacts_addresspart"> @@ -32,60 +32,60 @@ <label for="adr_pobox"><?php echo $l->t('PO Box'); ?></label> </dt> <dd> - <input id="adr_pobox" type="text" name="value[0]" value="<?php echo $_['property']['value'][0] ?>"> + <input id="adr_pobox" type="text" name="value[0]" value="<?php echo htmlspecialchars($_['property']['value'][0]) ?>"> </dd> <!-- dt> <label for="adr_extended"><?php echo $l->t('Extended'); ?></label> </dt> <dd> - <input style="width: 7em;" id="adr_extended" type="text" name="value[1]" value="<?php echo $_['property']['value'][1] ?>"> + <input style="width: 7em;" id="adr_extended" type="text" name="value[1]" value="<?php echo htmlspecialchars($_['property']['value'][1]) ?>"> </dd --> <dt> <label for="adr_street"><?php echo $l->t('Street'); ?></label> </dt> <dd> - <input style="width: 12em;" id="adr_street" type="text" name="value[2]" value="<?php echo $_['property']['value'][2] ?>"> - <label for="adr_extended"><?php echo $l->t('Extended'); ?></label><input style="width: 7em;" id="adr_extended" type="text" name="value[1]" value="<?php echo $_['property']['value'][1] ?>"> + <input style="width: 12em;" id="adr_street" type="text" name="value[2]" value="<?php echo htmlspecialchars($_['property']['value'][2]) ?>"> + <label for="adr_extended"><?php echo $l->t('Extended'); ?></label><input style="width: 7em;" id="adr_extended" type="text" name="value[1]" value="<?php echo htmlspecialchars($_['property']['value'][1]) ?>"> </dd> <dt> <label for="adr_city"><?php echo $l->t('City'); ?></label> </dt> <dd> - <input style="width: 12em;" id="adr_city" type="text" name="value[3]" value="<?php echo $_['property']['value'][3] ?>"> + <input style="width: 12em;" id="adr_city" type="text" name="value[3]" value="<?php echo htmlspecialchars($_['property']['value'][3]) ?>"> <label for="adr_zipcode"><?php echo $l->t('Zipcode'); ?></label> - <input style="width: 5em;" id="adr_zipcode" type="text" name="value[5]" value="<?php echo $_['property']['value'][5] ?>"> + <input style="width: 5em;" id="adr_zipcode" type="text" name="value[5]" value="<?php echo htmlspecialchars($_['property']['value'][5]) ?>"> </dd> <dt> <label for="adr_region"><?php echo $l->t('Region'); ?></label> </dt> <dd> - <input id="adr_region" type="text" name="value[4]" value="<?php echo $_['property']['value'][4] ?>"> + <input id="adr_region" type="text" name="value[4]" value="<?php echo htmlspecialchars($_['property']['value'][4]) ?>"> </dd> <!-- dt> <label for="adr_zipcode"><?php echo $l->t('Zipcode'); ?></label> </dt> <dd> - <input style="width: 7em;" id="adr_zipcode" type="text" name="value[5]" value="<?php echo $_['property']['value'][5] ?>"> + <input style="width: 7em;" id="adr_zipcode" type="text" name="value[5]" value="<?php echo htmlspecialchars($_['property']['value'][5]) ?>"> </dd --> <dt> <label for="adr_country"><?php echo $l->t('Country'); ?></label> </dt> <dd> - <input style="width: 25em;" id="adr_country" type="text" name="value[6]" value="<?php echo $_['property']['value'][6] ?>"> + <input style="width: 25em;" id="adr_country" type="text" name="value[6]" value="<?php echo htmlspecialchars($_['property']['value'][6]) ?>"> </dd> </dl> <?php elseif($_['property']['name']=='TEL'): ?> <p class="contacts_property_name"><label for="tel"><?php echo $l->t('Phone'); ?></label></p> - <p class="contacts_property_data"><input id="tel" type="phone" name="value" value="<?php echo $_['property']['value'] ?>"> + <p class="contacts_property_data"><input id="tel" type="phone" name="value" value="<?php echo htmlspecialchars($_['property']['value']) ?>"> <select id="tel_type<?php echo $_['property']['checksum'] ?>" name="parameters[TYPE][]" multiple="multiple" data-placeholder="<?php echo $l->t('Type') ?>"> <?php echo html_select_options($_['phone_types'], isset($_['property']['parameters']['TYPE'])?$_['property']['parameters']['TYPE']:array()) ?> </select></p> <?php elseif($_['property']['name']=='EMAIL'): ?> <p class="contacts_property_name"><label for="email"><?php echo $l->t('Email'); ?></label></p> - <p class="contacts_property_data"><input id="email" type="text" name="value" value="<?php echo $_['property']['value']; ?>"></p> + <p class="contacts_property_data"><input id="email" type="text" name="value" value="<?php echo htmlspecialchars($_['property']['value']); ?>"></p> <?php elseif($_['property']['name']=='ORG'): ?> <p class="contacts_property_name"><label for="org"><?php echo $l->t('Organization'); ?></label></p> - <p class="contacts_property_data"><input id="org" type="text" name="value" value="<?php echo $_['property']['value']; ?>"></p> + <p class="contacts_property_data"><input id="org" type="text" name="value" value="<?php echo htmlspecialchars($_['property']['value']); ?>"></p> <?php endif; ?> <input id="contacts_setproperty_button" type="submit" value="<?php echo $l->t('Update'); ?>"> </form> |