Correctly escape the footer description from theming

Signed-off-by: Joas Schilling <coding@schilljs.com>

2 files changed, 5 insertions, 5 deletions

diff --git a/apps/files_sharing/templates/public.php b/apps/files_sharing/templates/public.php
index dd2ea855b0b..123a5cb4f53 100644
--- a/apps/files_sharing/templates/public.php
+++ b/apps/files_sharing/templates/public.php
@@ -120,7 +120,7 @@ $maxUploadFilesize = min($upload_max_filesize, $post_max_size);
 	<input type="hidden" name="dir" id="dir" value="" />
 	<div class="hiddenuploadfield">
 	<input type="file" id="file_upload_start" class="hiddenuploadfield" name="files[]"
-		data-url="<?php print_unescaped(OCP\Util::linkTo('files', 'ajax/upload.php')); ?>" />
+		data-url="<?php p(OCP\Util::linkTo('files', 'ajax/upload.php')); ?>" />
 	</div>
 	<?php endif; ?>
 	<footer>
diff --git a/apps/theming/lib/ThemingDefaults.php b/apps/theming/lib/ThemingDefaults.php
index 36f19157637..b84f7b25318 100644
--- a/apps/theming/lib/ThemingDefaults.php
+++ b/apps/theming/lib/ThemingDefaults.php
@@ -81,7 +81,7 @@ class ThemingDefaults extends \OC_Defaults {
 	}
 
 	public function getName() {
-		return $this->config->getAppValue('theming', 'name', $this->name);
+		return strip_tags($this->config->getAppValue('theming', 'name', $this->name));
 	}
 
 	public function getHTMLName() {
@@ -89,11 +89,11 @@ class ThemingDefaults extends \OC_Defaults {
 	}
 
 	public function getTitle() {
-		return $this->config->getAppValue('theming', 'name', $this->name);
+		return $this->getName();
 	}
 
 	public function getEntity() {
-		return $this->config->getAppValue('theming', 'name', $this->name);
+		return $this->getName();
 	}
 
 	public function getBaseUrl() {
@@ -101,7 +101,7 @@ class ThemingDefaults extends \OC_Defaults {
 	}
 
 	public function getSlogan() {
-		return $this->config->getAppValue('theming', 'slogan', $this->slogan);
+		return \OC_Util::sanitizeHTML($this->config->getAppValue('theming', 'slogan', $this->slogan));
 	}
 
 	public function getShortFooter() {