diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2012-06-11 00:14:28 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2012-06-11 00:14:28 +0200 |
| commit | 27d1c1bb947a7fc6f26e8574a2c7602154d56525 (patch) | |
| tree | 738b89e2f36e75e2b4f36e784ac3d63401e4897c /apps/files_external/templates | |
| parent | 9f276729c2a44151c29754e816fb002502222b1d (diff) | |
| download | nextcloud-server-27d1c1bb947a7fc6f26e8574a2c7602154d56525.tar.gz nextcloud-server-27d1c1bb947a7fc6f26e8574a2c7602154d56525.zip | |
Sanitize user input
Diffstat (limited to 'apps/files_external/templates')
| -rw-r--r-- | apps/files_external/templates/settings.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/apps/files_external/templates/settings.php b/apps/files_external/templates/settings.php index 9f65cfca965..af185c28030 100644 --- a/apps/files_external/templates/settings.php +++ b/apps/files_external/templates/settings.php @@ -16,7 +16,7 @@ <?php $_['mounts'] = array_merge($_['mounts'], array('' => array())); ?> <?php foreach ($_['mounts'] as $mountPoint => $mount): ?> <tr <?php if ($mountPoint == '') echo 'id="addMountPoint"'; ?>> - <td class="mountPoint"><input type="text" name="mountPoint" value="<?php echo $mountPoint; ?>" placeholder="<?php echo $l->t('Mount point'); ?>" /></td> + <td class="mountPoint"><input type="text" name="mountPoint" value="<?php echo htmlentities($mountPoint); ?>" placeholder="<?php echo $l->t('Mount point'); ?>" /></td> <?php if ($mountPoint == ''): ?> <td class="backend"> <select id="selectBackend" data-configurations='<?php echo json_encode($_['backends']); ?>'> @@ -35,13 +35,13 @@ <?php if (isset($_['backends'][$mount['class']]['configuration'][$parameter])): ?> <?php $placeholder = $_['backends'][$mount['class']]['configuration'][$parameter]; ?> <?php if (strpos($placeholder, '*') !== false): ?> - <input type="password" data-parameter="<?php echo $parameter; ?>" value="<?php echo $value; ?>" placeholder="<?php echo substr($placeholder, 1); ?>" /> + <input type="password" data-parameter="<?php echo $parameter; ?>" value="<?php echo htmlentities($value); ?>" placeholder="<?php echo substr($placeholder, 1); ?>" /> <?php elseif(strpos($placeholder, '!') !== false): ?> <label><input type="checkbox" data-parameter="<?php echo $parameter; ?>" <?php if ($value == 'true') echo ' checked="checked"'; ?> /><?php echo substr($placeholder, 1); ?></label> <?php elseif (strpos($placeholder, '&') !== false): ?> - <input type="text" class="optional" data-parameter="<?php echo $parameter; ?>" value="<?php echo $value; ?>" placeholder="<?php echo substr($placeholder, 1); ?>" /> + <input type="text" class="optional" data-parameter="<?php echo $parameter; ?>" value="<?php echo htmlentities($value); ?>" placeholder="<?php echo substr($placeholder, 1); ?>" /> <?php else: ?> - <input type="text" data-parameter="<?php echo $parameter; ?>" value="<?php echo $value; ?>" placeholder="<?php echo $placeholder; ?>" /> + <input type="text" data-parameter="<?php echo $parameter; ?>" value="<?php echo htmlentities($value); ?>" placeholder="<?php echo $placeholder; ?>" /> <?php endif; ?> <?php endif; ?> <?php endforeach; ?> |