diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2013-03-04 00:11:46 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2013-03-04 00:11:46 +0100 |
| commit | 86a7202cda9d0a2c06018f1ca08a9bced31e2887 (patch) | |
| tree | 66bf4c34c16135df11fc223a901ded7a2e4adbbe /settings/js/users.js | |
| parent | ef01e0cdc5459373f253886c5adcd9e09fa003fa (diff) | |
| download | nextcloud-server-86a7202cda9d0a2c06018f1ca08a9bced31e2887.tar.gz nextcloud-server-86a7202cda9d0a2c06018f1ca08a9bced31e2887.zip | |
Sanitize uid, group and quota
Diffstat (limited to 'settings/js/users.js')
| -rw-r--r-- | settings/js/users.js | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/settings/js/users.js b/settings/js/users.js index 2c27c6d7666..9bc7455285a 100644 --- a/settings/js/users.js +++ b/settings/js/users.js @@ -27,7 +27,7 @@ var UserList = { // Provide user with option to undo $('#notification').data('deleteuser', true); - OC.Notification.showHtml(t('users', 'deleted') + ' ' + uid + '<span class="undo">' + t('users', 'undo') + '</span>'); + OC.Notification.showHtml(t('users', 'deleted') + ' ' + escapeHTML(uid) + '<span class="undo">' + t('users', 'undo') + '</span>'); }, /** @@ -80,9 +80,9 @@ var UserList = { } var allGroups = String($('#content table').attr('data-groups')).split(', '); $.each(allGroups, function (i, group) { - groupsSelect.append($('<option value="' + group + '">' + group + '</option>')); + groupsSelect.append($('<option value="' + escapeHTML(group) + '">' + escapeHTML(group) + '</option>')); if (typeof subadminSelect !== 'undefined' && group != 'admin') { - subadminSelect.append($('<option value="' + group + '">' + group + '</option>')); + subadminSelect.append($('<option value="' + escapeHTML(group) + '">' + escapeHTML(group) + '</option>')); } }); tr.find('td.groups').append(groupsSelect); @@ -111,7 +111,7 @@ var UserList = { if (quotaSelect.find('option[value="' + quota + '"]').length > 0) { quotaSelect.find('option[value="' + quota + '"]').attr('selected', 'selected'); } else { - quotaSelect.append('<option value="' + quota + '" selected="selected">' + quota + '</option>'); + quotaSelect.append('<option value="' + escapeHTML(quota) + '" selected="selected">' + escapeHTML(quota) + '</option>'); } } var added = false; @@ -224,7 +224,7 @@ var UserList = { var addSubAdmin = function (group) { $('select[multiple]').each(function (index, element) { if ($(element).find('option[value="' + group + '"]').length == 0) { - $(element).append('<option value="' + group + '">' + group + '</option>'); + $(element).append('<option value="' + escapeHTML(group) + '">' + escapeHTML(group) + '</option>'); } }) }; |