Merge branch 'stable4' of git://gitorious.org/owncloud/owncloud into stable4

author: Arthur Schiwon <blizzz@owncloud.com> 2012-06-11 12:14:10 +0200
committer: Arthur Schiwon <blizzz@owncloud.com> 2012-06-11 12:14:10 +0200
commit: c110308c1e1d563e04cd8de04a993278596a5444 (patch)
tree: f9ef19b21514928cb92ab6b7caec0e6ca9019b69 /apps
parent: 7f5e8e39c4110d2354cbac42a498f09c236b2e04 (diff)
parent: 6da717b644bf6ce44b2bdbd4b296fd24e2b12244 (diff)
download: nextcloud-server-c110308c1e1d563e04cd8de04a993278596a5444.tar.gz
nextcloud-server-c110308c1e1d563e04cd8de04a993278596a5444.zip
13 files changed, 23 insertions, 16 deletions
diff --git a/apps/bookmarks/addBm.php b/apps/bookmarks/addBm.php
index 313489d22fb..866fa1e7b1e 100644
--- a/apps/bookmarks/addBm.php
+++ b/apps/bookmarks/addBm.php
@@ -28,6 +28,6 @@ OCP\User::checkLoggedIn();
 OCP\App::checkAppEnabled('bookmarks');
 
 require_once('bookmarksHelper.php');
-addBookmark($_GET['url'], '', 'Read-Later');
+addBookmark($_POST['url'], '', 'Read-Later');
 
 include 'templates/addBm.php';
diff --git a/apps/bookmarks/ajax/addBookmark.php b/apps/bookmarks/ajax/addBookmark.php
index 9241dc8ddf6..a2eb506f85e 100644
--- a/apps/bookmarks/ajax/addBookmark.php
+++ b/apps/bookmarks/ajax/addBookmark.php
@@ -31,5 +31,5 @@ OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('bookmarks');
 
 require_once(OC::$APPSROOT . '/apps/bookmarks/bookmarksHelper.php');
-$id = addBookmark($_GET['url'], $_GET['title'], $_GET['tags']);
+$id = addBookmark($_POST['url'], $_POST['title'], $_POST['tags']);
 OCP\JSON::success(array('data' => $id));
 \ No newline at end of file
diff --git a/apps/bookmarks/ajax/delBookmark.php b/apps/bookmarks/ajax/delBookmark.php
index 0b5689811ae..5a067701c9f 100644
--- a/apps/bookmarks/ajax/delBookmark.php
+++ b/apps/bookmarks/ajax/delBookmark.php
@@ -30,7 +30,7 @@ $RUNTIME_NOSETUPFS=true;
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('bookmarks');
 
-$id = $_GET['id'];
+$id = $_POST['id'];
 if (!OC_Bookmarks_Bookmarks::deleteUrl($id)){
 	OC_JSON::error();
 	exit();
diff --git a/apps/bookmarks/ajax/editBookmark.php b/apps/bookmarks/ajax/editBookmark.php
index db349af35c1..fcec2e1cedb 100644
--- a/apps/bookmarks/ajax/editBookmark.php
+++ b/apps/bookmarks/ajax/editBookmark.php
@@ -39,7 +39,7 @@ if( $CONFIG_DBTYPE == 'sqlite' or $CONFIG_DBTYPE == 'sqlite3' ){
 	$_ut = "UNIX_TIMESTAMP()";
 }
 
-$bookmark_id = (int)$_GET["id"];
+$bookmark_id = (int)$_POST["id"];
 
 $query = OCP\DB::prepare("
 	UPDATE *PREFIX*bookmarks
@@ -48,8 +48,8 @@ $query = OCP\DB::prepare("
 	");
 
 $params=array(
-	htmlspecialchars_decode($_GET["url"]),
-	htmlspecialchars_decode($_GET["title"]),
+	htmlspecialchars_decode($_POST["url"]),
+	htmlspecialchars_decode($_POST["title"]),
 	);
 $query->execute($params);
 
@@ -67,7 +67,7 @@ $query = OCP\DB::prepare("
 	VALUES (?, ?)
 	");
 	
-$tags = explode(' ', urldecode($_GET["tags"]));
+$tags = explode(' ', urldecode($_POST["tags"]));
 foreach ($tags as $tag) {
 	if(empty($tag)) {
 		//avoid saving blankspaces
diff --git a/apps/bookmarks/ajax/recordClick.php b/apps/bookmarks/ajax/recordClick.php
index 2bd91f232a4..1eee1718d13 100644
--- a/apps/bookmarks/ajax/recordClick.php
+++ b/apps/bookmarks/ajax/recordClick.php
@@ -37,7 +37,7 @@ $query = OCP\DB::prepare("
 		AND url LIKE ?
 	");
 	
-$params=array(OCP\USER::getUser(), htmlspecialchars_decode($_GET["url"]));
+$params=array(OCP\USER::getUser(), htmlspecialchars_decode($_POST["url"]));
 $bookmarks = $query->execute($params);
 
 header( "HTTP/1.1 204 No Content" );
diff --git a/apps/bookmarks/ajax/updateList.php b/apps/bookmarks/ajax/updateList.php
index c919a5fc439..4de2475d067 100644
--- a/apps/bookmarks/ajax/updateList.php
+++ b/apps/bookmarks/ajax/updateList.php
@@ -33,11 +33,11 @@ OCP\JSON::checkAppEnabled('bookmarks');
 
 
 //Filter for tag?
-$filterTag = isset($_GET['tag']) ? htmlspecialchars_decode($_GET['tag']) : false;
+$filterTag = isset($_POST['tag']) ? htmlspecialchars_decode($_POST['tag']) : false;
 
-$offset = isset($_GET['page']) ? intval($_GET['page']) * 10 : 0;
+$offset = isset($_POST['page']) ? intval($_POST['page']) * 10 : 0;
 
-$sort = isset($_GET['sort']) ? ($_GET['sort']) : 'bookmarks_sorting_recent';
+$sort = isset($_POST['sort']) ? ($_POST['sort']) : 'bookmarks_sorting_recent';
 if($sort == 'bookmarks_sorting_clicks') {
 	$sqlSortColumn = 'clickcount';
 } else {
diff --git a/apps/bookmarks/js/addBm.js b/apps/bookmarks/js/addBm.js
index d64e55e8920..625ac8420a8 100644
--- a/apps/bookmarks/js/addBm.js
+++ b/apps/bookmarks/js/addBm.js
@@ -6,6 +6,7 @@ function addBookmark(event) {
 	var url = $('#bookmark_add_url').val();
 	var tags = $('#bookmark_add_tags').val();
 	$.ajax({
+		type: 'POST',
 		url: 'ajax/addBookmark.php',
 		data: 'url=' + encodeURI(url) + '&tags=' + encodeURI(tags),
 		success: function(data){ 
diff --git a/apps/bookmarks/js/bookmarks.js b/apps/bookmarks/js/bookmarks.js
index a746cf437bf..7f3104e812f 100644
--- a/apps/bookmarks/js/bookmarks.js
+++ b/apps/bookmarks/js/bookmarks.js
@@ -20,6 +20,7 @@ function getBookmarks() {
 	}
 
 	$.ajax({
+		  type: 'POST',
 		url: OC.filePath('bookmarks', 'ajax', 'updateList.php'),
 		data: 'tag=' + encodeURIComponent($('#bookmarkFilterTag').val()) + '&page=' + bookmarks_page + '&sort=' + bookmarks_sorting,
 		success: function(bookmarks){
@@ -70,6 +71,7 @@ function addOrEditBookmark(event) {
 	}
 	if (id == 0) {
 		$.ajax({
+			type: 'POST',
 			url: OC.filePath('bookmarks', 'ajax', 'addBookmark.php'),
 			data: 'url=' + encodeURIComponent(url) + '&title=' + encodeURIComponent(title) + '&tags=' + encodeURIComponent(tags),
 			success: function(response){
@@ -82,6 +84,7 @@ function addOrEditBookmark(event) {
 	}
 	else {
 		$.ajax({
+			type: 'POST',
 			url: OC.filePath('bookmarks', 'ajax', 'editBookmark.php'),
 			data: 'id=' + id + '&url=' + encodeURIComponent(url) + '&title=' + encodeURIComponent(title) + '&tags=' + encodeURIComponent(tags),
 			success: function(){
@@ -99,6 +102,7 @@ function addOrEditBookmark(event) {
 function delBookmark(event) {
 	var record = $(this).parent().parent();
 	$.ajax({
+		type: 'POST',
 		url: OC.filePath('bookmarks', 'ajax', 'delBookmark.php'),
 		data: 'id=' + record.data('id'),
 		success: function(data){
@@ -177,6 +181,7 @@ function updateOnBottom() {
 
 function recordClick(event) {
 	$.ajax({
+		type: 'POST',
 		url: OC.filePath('bookmarks', 'ajax', 'recordClick.php'),
 		data: 'url=' + encodeURIComponent($(this).attr('href')),
 	});
diff --git a/apps/bookmarks/js/bookmarksearch.js b/apps/bookmarks/js/bookmarksearch.js
index e7a4fb18393..e8f5363c935 100644
--- a/apps/bookmarks/js/bookmarksearch.js
+++ b/apps/bookmarks/js/bookmarksearch.js
@@ -16,6 +16,7 @@ function recordClick(event) {
 	var jsFileLocation = $('script[src*=bookmarksearch]').attr('src');
 	jsFileLocation = jsFileLocation.replace('js/bookmarksearch.js', '');
 	$.ajax({
+		type: 'POST',
 		url: jsFileLocation + 'ajax/recordClick.php',
 		data: 'url=' + encodeURI($(this).attr('href')),
 	});	
diff --git a/apps/gallery/lib/tiles.php b/apps/gallery/lib/tiles.php
index e43c99bb76a..5837c752ef6 100644
--- a/apps/gallery/lib/tiles.php
+++ b/apps/gallery/lib/tiles.php
@@ -141,7 +141,7 @@ class TileStack extends TileBase {
 	}
 
 	public function get() {
-		$r = '<div class="title gallery_div">'.$this->stack_name.'</div>';
+		$r = '<div class="title gallery_div">'.htmlentities($this->stack_name).'</div>';
 		for ($i = 0; $i < count($this->tiles_array); $i++) {
 			$top = rand(-5, 5);
 			$left = rand(-5, 5);
@@ -168,7 +168,7 @@ class TileStack extends TileBase {
 	}
 	
 	public function getOnClickAction() {
-		return 'javascript:openNewGal(\''.$this->stack_name.'\');';
+		return 'javascript:openNewGal(\''.htmlentities($this->stack_name).'\');';
 	}
 
 	private $tiles_array;
diff --git a/apps/gallery/templates/index.php b/apps/gallery/templates/index.php
index fd83490d60c..f9926045498 100644
--- a/apps/gallery/templates/index.php
+++ b/apps/gallery/templates/index.php
@@ -14,7 +14,7 @@ div.visible { opacity: 0.8;}
 </style>
 <script type="text/javascript">
 
-var root = "<?php echo $root; ?>";
+var root = "<?php echo htmlentities($root); ?>";
 
 function explode(element) {
 	$('div', element).each(function(index, elem) {
diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php
index 9c0620578be..f1a474ff27d 100644
--- a/apps/user_ldap/settings.php
+++ b/apps/user_ldap/settings.php
@@ -47,7 +47,7 @@ if ($_POST) {
 // fill template
 $tmpl = new OCP\Template( 'user_ldap', 'settings');
 foreach($params as $param){
-		$value = OCP\Config::getAppValue('user_ldap', $param,'');
+		$value = htmlentities(OCP\Config::getAppValue('user_ldap', $param,''));
 		$tmpl->assign($param, $value);
 }
 
diff --git a/apps/user_openid/settings.php b/apps/user_openid/settings.php
index 921fa371dde..062322f6fe4 100644
--- a/apps/user_openid/settings.php
+++ b/apps/user_openid/settings.php
@@ -2,7 +2,7 @@
 
 $tmpl = new OCP\Template( 'user_openid', 'settings');
 $identity=OCP\Config::getUserValue(OCP\USER::getUser(),'user_openid','identity','');
-$tmpl->assign('identity',$identity);
+$tmpl->assign('identity',htmlentities($identity));
 
 OCP\Util::addscript('user_openid','settings');
author	Arthur Schiwon <blizzz@owncloud.com>	2012-06-11 12:14:10 +0200
committer	Arthur Schiwon <blizzz@owncloud.com>	2012-06-11 12:14:10 +0200
commit	c110308c1e1d563e04cd8de04a993278596a5444 (patch)
tree	f9ef19b21514928cb92ab6b7caec0e6ca9019b69 /apps
parent	7f5e8e39c4110d2354cbac42a498f09c236b2e04 (diff)
parent	6da717b644bf6ce44b2bdbd4b296fd24e2b12244 (diff)
download	nextcloud-server-c110308c1e1d563e04cd8de04a993278596a5444.tar.gz nextcloud-server-c110308c1e1d563e04cd8de04a993278596a5444.zip