diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2017-11-08 18:55:35 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-11-08 18:55:35 +0100 |
| commit | 8c915baa3438c26454b7614ea03d4dadabcda5d5 (patch) | |
| tree | 9b800f157cae8c4cd841fdf8e757c3779300224d /apps/federatedfilesharing | |
| parent | d948626736e65051dfe1affc562710bfedf2eb4a (diff) | |
| parent | db34b59238846e5ec046a456b4f76649321571d1 (diff) | |
| download | nextcloud-server-8c915baa3438c26454b7614ea03d4dadabcda5d5.tar.gz nextcloud-server-8c915baa3438c26454b7614ea03d4dadabcda5d5.zip | |
Merge pull request #6788 from staabm/master
Prevent XSS in links which open a new browser window
Diffstat (limited to 'apps/federatedfilesharing')
| -rw-r--r-- | apps/federatedfilesharing/templates/settings-admin.php | 2 | ||||
| -rw-r--r-- | apps/federatedfilesharing/templates/settings-personal.php | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/apps/federatedfilesharing/templates/settings-admin.php b/apps/federatedfilesharing/templates/settings-admin.php index 7fe1b5f62e6..8d04169ea89 100644 --- a/apps/federatedfilesharing/templates/settings-admin.php +++ b/apps/federatedfilesharing/templates/settings-admin.php @@ -8,7 +8,7 @@ script('federatedfilesharing', 'settings-admin'); <div id="fileSharingSettings" class="followupsection"> <h3><?php p($l->t('Federated Cloud Sharing'));?></h3> - <a target="_blank" rel="noreferrer" class="icon-info svg" + <a target="_blank" rel="noreferrer noopener" class="icon-info svg" title="<?php p($l->t('Open documentation'));?>" href="<?php p(link_to_docs('admin-sharing-federated')); ?>"></a> <p class="settings-hint"><?php p($l->t('Adjust how people can share between servers.')); ?></p> diff --git a/apps/federatedfilesharing/templates/settings-personal.php b/apps/federatedfilesharing/templates/settings-personal.php index 26365d2b70c..89f7b1eb1e7 100644 --- a/apps/federatedfilesharing/templates/settings-personal.php +++ b/apps/federatedfilesharing/templates/settings-personal.php @@ -43,7 +43,7 @@ style('federatedfilesharing', 'settings-personal'); <div class="hidden" id="oca-files-sharing-add-to-your-website-expanded"> <p style="margin: 10px 0"> - <a target="_blank" rel="noreferrer" href="<?php p($_['reference']); ?>" + <a target="_blank" rel="noreferrer noopener" href="<?php p($_['reference']); ?>" style="padding:10px;background-color:<?php p($_['color']); ?>;color:<?php p($_['textColor']); ?>;border-radius:3px;padding-left:4px;"> <span style="background-image:url(<?php p(\OC::$server->getURLGenerator()->getAbsoluteURL($_['logoPath'])); ?>);width:50px;height:30px;position:relative;top:8px;background-size:contain;display:inline-block;background-repeat:no-repeat; background-position: center center;"></span> <?php p($l->t('Share with me via Nextcloud')); ?> @@ -52,7 +52,7 @@ style('federatedfilesharing', 'settings-personal'); <p> <?php p($l->t('HTML Code:')); ?> - <xmp><a target="_blank" rel="noreferrer" href="<?php p($_['reference']); ?>" style="padding:10px;background-color:<?php p($_['color']); ?>;color:<?php p($_['textColor']); ?>;border-radius:3px;padding-left:4px;"> + <xmp><a target="_blank" rel="noreferrer noopener" href="<?php p($_['reference']); ?>" style="padding:10px;background-color:<?php p($_['color']); ?>;color:<?php p($_['textColor']); ?>;border-radius:3px;padding-left:4px;"> <span style="background-image:url(<?php p(\OC::$server->getURLGenerator()->getAbsoluteURL($_['logoPath'])); ?>);width:50px;height:30px;position:relative;top:8px;background-size:contain;display:inline-block;background-repeat:no-repeat; background-position: center center;"></span> <?php p($l->t('Share with me via Nextcloud')); ?></a></xmp> </p> |