Merge pull request #23463 from owncloud/lets-consistently-use-no-referer

Consistently use rel=noreferrer

3 files changed, 22 insertions, 22 deletions

diff --git a/settings/templates/admin.php b/settings/templates/admin.php
index 2f4461589da..521f49d708a 100644
--- a/settings/templates/admin.php
+++ b/settings/templates/admin.php
@@ -73,7 +73,7 @@ if ($_['getenvServerNotWorking']) {
 ?>
 	<li>
 		<?php p($l->t('php does not seem to be setup properly to query system environment variables. The test with getenv("PATH") only returns an empty response.')); ?><br>
-		<?php print_unescaped($l->t('Please check the <a target="_blank" href="%s">installation documentation ↗</a> for php configuration notes and the php configuration of your server, especially when using php-fpm.', link_to_docs('admin-php-fpm'))); ?>
+		<?php print_unescaped($l->t('Please check the <a target="_blank" rel="noreferrer" href="%s">installation documentation ↗</a> for php configuration notes and the php configuration of your server, especially when using php-fpm.', link_to_docs('admin-php-fpm'))); ?>
 	</li>
 <?php
 }
@@ -128,7 +128,7 @@ if (!$_['has_fileinfo']) {
 if ($_['fileLockingType'] === 'none') {
 	?>
 	<li>
-		<?php print_unescaped($l->t('Transactional file locking is disabled, this might lead to issues with race conditions. Enable \'filelocking.enabled\' in config.php to avoid these problems. See the <a target="_blank" href="%s">documentation ↗</a> for more information.', link_to_docs('admin-transactional-locking'))); ?>
+		<?php print_unescaped($l->t('Transactional file locking is disabled, this might lead to issues with race conditions. Enable \'filelocking.enabled\' in config.php to avoid these problems. See the <a target="_blank" rel="noreferrer" href="%s">documentation ↗</a> for more information.', link_to_docs('admin-transactional-locking'))); ?>
 	</li>
 	<?php
 }
@@ -183,7 +183,7 @@ if ($_['cronErrors']) {
 	<ul class="warnings hidden"></ul>
 	<ul class="info hidden"></ul>
 	<p class="hint hidden">
-		<?php print_unescaped($l->t('Please double check the <a target="_blank" href="%s">installation guides ↗</a>, and check for any errors or warnings in the <a href="#log-section">log</a>.', link_to_docs('admin-install'))); ?>
+		<?php print_unescaped($l->t('Please double check the <a target="_blank" rel="noreferrer" href="%s">installation guides ↗</a>, and check for any errors or warnings in the <a href="#log-section">log</a>.', link_to_docs('admin-install'))); ?>
 	</p>
 </div>
 <div id="security-warning-state">
@@ -193,7 +193,7 @@ if ($_['cronErrors']) {
 
 	<div class="section" id="shareAPI">
 		<h2><?php p($l->t('Sharing'));?></h2>
-		<a target="_blank" class="icon-info svg"
+		<a target="_blank"  el="noreferrer" class="icon-info svg"
 			title="<?php p($l->t('Open documentation'));?>"
 			href="<?php p(link_to_docs('admin-sharing')); ?>"></a>
 		<p id="enable">
@@ -305,7 +305,7 @@ if ($_['cronErrors']) {
 		endif; ?>
 	</p>
 	<?php endif; ?>
-	<a target="_blank" class="icon-info svg"
+	<a target="_blank" rel="noreferrer" class="icon-info svg"
 		title="<?php p($l->t('Open documentation'));?>"
 		href="<?php p(link_to_docs('admin-background-jobs')); ?>"></a>
 
@@ -337,7 +337,7 @@ if ($_['cronErrors']) {
 
 <div class="section" id='encryptionAPI'>
 	<h2><?php p($l->t('Server-side encryption')); ?></h2>
-	<a target="_blank" class="icon-info svg"
+	<a target="_blank" rel="noreferrer" class="icon-info svg"
 		title="<?php p($l->t('Open documentation'));?>"
 		href="<?php p(link_to_docs('admin-encryption')); ?>"></a>
 
@@ -403,7 +403,7 @@ if ($_['cronErrors']) {
 <div class="section" id="mail_general_settings">
 	<form id="mail_general_settings_form" class="mail_settings">
 		<h2><?php p($l->t('Email server'));?></h2>
-		<a target="_blank" class="icon-info svg"
+		<a target="_blank" rel="noreferrer" class="icon-info svg"
 			title="<?php p($l->t('Open documentation'));?>"
 			href="<?php p(link_to_docs('admin-email')); ?>"></a>
 
@@ -549,15 +549,15 @@ if ($_['cronErrors']) {
 			<li>
 				<?php p($l->t('SQLite is used as database. For larger installations we recommend to switch to a different database backend.')); ?><br>
 				<?php p($l->t('Especially when using the desktop client for file syncing the use of SQLite is discouraged.')); ?><br>
-				<?php print_unescaped($l->t('To migrate to another database use the command line tool: \'occ db:convert-type\', or see the <a target="_blank" href="%s">documentation ↗</a>.', link_to_docs('admin-db-conversion') )); ?>
+				<?php print_unescaped($l->t('To migrate to another database use the command line tool: \'occ db:convert-type\', or see the <a target="_blank" rel="noreferrer" href="%s">documentation ↗</a>.', link_to_docs('admin-db-conversion') )); ?>
 			</li>
 		<?php } ?>
-		<li><a target="_blank" href="<?php p(link_to_docs('admin-backup')); ?>"><?php p($l->t('How to do backups'));?> ↗</a></li>
-		<li><a target="_blank" href="<?php p(link_to_docs('admin-monitoring')); ?>"><?php p($l->t('Advanced monitoring'));?> ↗</a></li>
-		<li><a target="_blank" href="<?php p(link_to_docs('admin-performance')); ?>"><?php p($l->t('Performance tuning'));?> ↗</a></li>
-		<li><a target="_blank" href="<?php p(link_to_docs('admin-config')); ?>"><?php p($l->t('Improving the config.php'));?> ↗</a></li>
-		<li><a target="_blank" href="<?php p(link_to_docs('developer-theming')); ?>"><?php p($l->t('Theming'));?> ↗</a></li>
-		<li><a target="_blank" href="<?php p(link_to_docs('admin-security')); ?>"><?php p($l->t('Hardening and security guidance'));?> ↗</a></li>
+		<li><a target="_blank" rel="noreferrer" href="<?php p(link_to_docs('admin-backup')); ?>"><?php p($l->t('How to do backups'));?> ↗</a></li>
+		<li><a target="_blank" rel="noreferrer" href="<?php p(link_to_docs('admin-monitoring')); ?>"><?php p($l->t('Advanced monitoring'));?> ↗</a></li>
+		<li><a target="_blank" rel="noreferrer" href="<?php p(link_to_docs('admin-performance')); ?>"><?php p($l->t('Performance tuning'));?> ↗</a></li>
+		<li><a target="_blank" rel="noreferrer" href="<?php p(link_to_docs('admin-config')); ?>"><?php p($l->t('Improving the config.php'));?> ↗</a></li>
+		<li><a target="_blank" rel="noreferrer" href="<?php p(link_to_docs('developer-theming')); ?>"><?php p($l->t('Theming'));?> ↗</a></li>
+		<li><a target="_blank" rel="noreferrer" href="<?php p(link_to_docs('admin-security')); ?>"><?php p($l->t('Hardening and security guidance'));?> ↗</a></li>
 	</ul>
 </div>
 
@@ -567,7 +567,7 @@ if ($_['cronErrors']) {
 
 <div class="section">
 	<h2><?php p($l->t('Version'));?></h2>
-	<p><a href="<?php print_unescaped($theme->getBaseUrl()); ?>" target="_blank"><?php p($theme->getTitle()); ?></a> <?php p(OC_Util::getHumanVersion()) ?></p>
+	<p><a href="<?php print_unescaped($theme->getBaseUrl()); ?>" rel="noreferrer" target="_blank"><?php p($theme->getTitle()); ?></a> <?php p(OC_Util::getHumanVersion()) ?></p>
 	<p><?php include('settings.development.notice.php'); ?></p>
 </div>
 
diff --git a/settings/templates/apps.php b/settings/templates/apps.php
index ef89a5393cd..4ae1022585d 100644
--- a/settings/templates/apps.php
+++ b/settings/templates/apps.php
@@ -31,7 +31,7 @@ script(
 
 <?php if($_['appstoreEnabled']): ?>
 	<li>
-		<a class="app-external" target="_blank" href="https://owncloud.org/dev"><?php p($l->t('Developer documentation'));?> ↗</a>
+		<a class="app-external" target="_blank" rel="noreferrer" href="https://owncloud.org/dev"><?php p($l->t('Developer documentation'));?> ↗</a>
 	</li>
 <?php endif; ?>
 </script>
@@ -53,7 +53,7 @@ script(
 	{{/if}}
 	<h2 class="app-name">
 		{{#if detailpage}}
-			<a href="{{detailpage}}" target="_blank">{{name}}</a>
+			<a href="{{detailpage}}" target="_blank" rel="noreferrer">{{name}}</a>
 		{{else}}
 			{{name}}
 		{{/if}}
@@ -82,13 +82,13 @@ script(
 			<?php p($l->t("Documentation:"));?>
 			{{#if documentation.user}}
 			<span class="userDocumentation">
-			<a id="userDocumentation" class="appslink" href="{{documentation.user}}" target="_blank"><?php p($l->t('User documentation'));?> ↗</a>
+			<a id="userDocumentation" class="appslink" href="{{documentation.user}}" target="_blank" rel="noreferrer"><?php p($l->t('User documentation'));?> ↗</a>
 			</span>
 			{{/if}}
 
 			{{#if documentation.admin}}
 			<span class="adminDocumentation">
-			<a id="adminDocumentation" class="appslink" href="{{documentation.admin}}" target="_blank"><?php p($l->t('Admin documentation'));?> ↗</a>
+			<a id="adminDocumentation" class="appslink" href="{{documentation.admin}}" target="_blank" rel="noreferrer"><?php p($l->t('Admin documentation'));?> ↗</a>
 			</span>
 			{{/if}}
 		</p>
diff --git a/settings/templates/personal.php b/settings/templates/personal.php
index 9693f1afe18..5e929bc33ff 100644
--- a/settings/templates/personal.php
+++ b/settings/templates/personal.php
@@ -169,15 +169,15 @@ if($_['passwordChangeSupported']) {
 
 <div id="clientsbox" class="section clientsbox">
 	<h2><?php p($l->t('Get the apps to sync your files'));?></h2>
-	<a href="<?php p($_['clients']['desktop']); ?>" target="_blank">
+	<a href="<?php p($_['clients']['desktop']); ?>" rel="noreferrer" target="_blank">
 		<img src="<?php print_unescaped(OCP\Util::imagePath('core', 'desktopapp.svg')); ?>"
 			alt="<?php p($l->t('Desktop client'));?>" />
 	</a>
-	<a href="<?php p($_['clients']['android']); ?>" target="_blank">
+	<a href="<?php p($_['clients']['android']); ?>" rel="noreferrer" target="_blank">
 		<img src="<?php print_unescaped(OCP\Util::imagePath('core', 'googleplay.png')); ?>"
 			alt="<?php p($l->t('Android app'));?>" />
 	</a>
-	<a href="<?php p($_['clients']['ios']); ?>" target="_blank">
+	<a href="<?php p($_['clients']['ios']); ?>" rel="noreferrer" target="_blank">
 		<img src="<?php print_unescaped(OCP\Util::imagePath('core', 'appstore.svg')); ?>"
 			alt="<?php p($l->t('iOS app'));?>" />
 	</a>