diff options
| author | Frank Karlitschek <frank@owncloud.org> | 2013-03-04 00:00:47 -0800 |
|---|---|---|
| committer | Frank Karlitschek <frank@owncloud.org> | 2013-03-04 00:00:47 -0800 |
| commit | d70912e72b94d63d7d3f42288e2235cee115b8c7 (patch) | |
| tree | 2a89d81dbd492680bed768d1498567e3e1fb9b16 /settings/js | |
| parent | 17f7bd4c1453f566062ec051b2b24d1a0c0a9910 (diff) | |
| parent | 86a7202cda9d0a2c06018f1ca08a9bced31e2887 (diff) | |
| download | nextcloud-server-d70912e72b94d63d7d3f42288e2235cee115b8c7.tar.gz nextcloud-server-d70912e72b94d63d7d3f42288e2235cee115b8c7.zip | |
Merge pull request #2060 from owncloud/escapeGroupname
Sanitize uid, group and quota
Diffstat (limited to 'settings/js')
| -rw-r--r-- | settings/js/users.js | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/settings/js/users.js b/settings/js/users.js index 2c27c6d7666..9bc7455285a 100644 --- a/settings/js/users.js +++ b/settings/js/users.js @@ -27,7 +27,7 @@ var UserList = { // Provide user with option to undo $('#notification').data('deleteuser', true); - OC.Notification.showHtml(t('users', 'deleted') + ' ' + uid + '<span class="undo">' + t('users', 'undo') + '</span>'); + OC.Notification.showHtml(t('users', 'deleted') + ' ' + escapeHTML(uid) + '<span class="undo">' + t('users', 'undo') + '</span>'); }, /** @@ -80,9 +80,9 @@ var UserList = { } var allGroups = String($('#content table').attr('data-groups')).split(', '); $.each(allGroups, function (i, group) { - groupsSelect.append($('<option value="' + group + '">' + group + '</option>')); + groupsSelect.append($('<option value="' + escapeHTML(group) + '">' + escapeHTML(group) + '</option>')); if (typeof subadminSelect !== 'undefined' && group != 'admin') { - subadminSelect.append($('<option value="' + group + '">' + group + '</option>')); + subadminSelect.append($('<option value="' + escapeHTML(group) + '">' + escapeHTML(group) + '</option>')); } }); tr.find('td.groups').append(groupsSelect); @@ -111,7 +111,7 @@ var UserList = { if (quotaSelect.find('option[value="' + quota + '"]').length > 0) { quotaSelect.find('option[value="' + quota + '"]').attr('selected', 'selected'); } else { - quotaSelect.append('<option value="' + quota + '" selected="selected">' + quota + '</option>'); + quotaSelect.append('<option value="' + escapeHTML(quota) + '" selected="selected">' + escapeHTML(quota) + '</option>'); } } var added = false; @@ -224,7 +224,7 @@ var UserList = { var addSubAdmin = function (group) { $('select[multiple]').each(function (index, element) { if ($(element).find('option[value="' + group + '"]').length == 0) { - $(element).append('<option value="' + group + '">' + group + '</option>'); + $(element).append('<option value="' + escapeHTML(group) + '">' + escapeHTML(group) + '</option>'); } }) }; |