diff options
| author | Joas Schilling <coding@schilljs.com> | 2017-03-20 11:56:29 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-03-20 11:56:29 +0100 |
| commit | 25f772d592172c40ecbb97db71e9590678eab2a4 (patch) | |
| tree | 59315d8e234bd1c5fc34d27f7928971cfee55170 /apps | |
| parent | a3739906f62fa9905156ea1922d9a154d9cc0b4a (diff) | |
| parent | b3556456b6c462874ce0c5f4adf22227a8a331fb (diff) | |
| download | nextcloud-server-25f772d592172c40ecbb97db71e9590678eab2a4.tar.gz nextcloud-server-25f772d592172c40ecbb97db71e9590678eab2a4.zip | |
Merge pull request #3868 from nextcloud/issue-3834-escape-theming-footer
Correctly escape the footer description from theming
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/files_sharing/templates/public.php | 2 | ||||
| -rw-r--r-- | apps/theming/lib/ThemingDefaults.php | 9 |
2 files changed, 6 insertions, 5 deletions
diff --git a/apps/files_sharing/templates/public.php b/apps/files_sharing/templates/public.php index dd2ea855b0b..123a5cb4f53 100644 --- a/apps/files_sharing/templates/public.php +++ b/apps/files_sharing/templates/public.php @@ -120,7 +120,7 @@ $maxUploadFilesize = min($upload_max_filesize, $post_max_size); <input type="hidden" name="dir" id="dir" value="" /> <div class="hiddenuploadfield"> <input type="file" id="file_upload_start" class="hiddenuploadfield" name="files[]" - data-url="<?php print_unescaped(OCP\Util::linkTo('files', 'ajax/upload.php')); ?>" /> + data-url="<?php p(OCP\Util::linkTo('files', 'ajax/upload.php')); ?>" /> </div> <?php endif; ?> <footer> diff --git a/apps/theming/lib/ThemingDefaults.php b/apps/theming/lib/ThemingDefaults.php index 36f19157637..20625116213 100644 --- a/apps/theming/lib/ThemingDefaults.php +++ b/apps/theming/lib/ThemingDefaults.php @@ -28,6 +28,7 @@ use OCP\IConfig; use OCP\IL10N; use OCP\IURLGenerator; use OCP\Files\IRootFolder; +use OCP\Util; class ThemingDefaults extends \OC_Defaults { @@ -81,7 +82,7 @@ class ThemingDefaults extends \OC_Defaults { } public function getName() { - return $this->config->getAppValue('theming', 'name', $this->name); + return strip_tags($this->config->getAppValue('theming', 'name', $this->name)); } public function getHTMLName() { @@ -89,11 +90,11 @@ class ThemingDefaults extends \OC_Defaults { } public function getTitle() { - return $this->config->getAppValue('theming', 'name', $this->name); + return $this->getName(); } public function getEntity() { - return $this->config->getAppValue('theming', 'name', $this->name); + return $this->getName(); } public function getBaseUrl() { @@ -101,7 +102,7 @@ class ThemingDefaults extends \OC_Defaults { } public function getSlogan() { - return $this->config->getAppValue('theming', 'slogan', $this->slogan); + return Util::sanitizeHTML($this->config->getAppValue('theming', 'slogan', $this->slogan)); } public function getShortFooter() { |