aboutsummaryrefslogtreecommitdiffstats
path: root/settings
diff options
context:
space:
mode:
authorMarkus Staab <markus.staab@redaxo.de>2017-10-19 12:16:04 +0200
committerMarkus Staab <markus.staab@redaxo.de>2017-10-19 12:16:04 +0200
commitdb34b59238846e5ec046a456b4f76649321571d1 (patch)
tree3efe5a2c81888f6440c43ba6450998f6434ba7ea /settings
parent8e25df9690a4d953721dcdc8e61038b332774a10 (diff)
downloadnextcloud-server-db34b59238846e5ec046a456b4f76649321571d1.tar.gz
nextcloud-server-db34b59238846e5ec046a456b4f76649321571d1.zip
Prevent XSS in links which open a new browser window
Diffstat (limited to 'settings')
-rw-r--r--settings/templates/apps.php18
-rw-r--r--settings/templates/help.php8
-rw-r--r--settings/templates/settings.development.notice.php6
-rw-r--r--settings/templates/settings/admin/additional-mail.php2
-rw-r--r--settings/templates/settings/admin/encryption.php2
-rw-r--r--settings/templates/settings/admin/server.php10
-rw-r--r--settings/templates/settings/admin/sharing.php2
-rw-r--r--settings/templates/settings/admin/tipstricks.php16
-rw-r--r--settings/templates/settings/personal/personal.info.php2
9 files changed, 33 insertions, 33 deletions
diff --git a/settings/templates/apps.php b/settings/templates/apps.php
index 91a73fcbe56..f609adb03b3 100644
--- a/settings/templates/apps.php
+++ b/settings/templates/apps.php
@@ -24,7 +24,7 @@ script(
<?php if($_['appstoreEnabled']): ?>
<li>
- <a class="app-external icon-info" target="_blank" rel="noreferrer" href="https://docs.nextcloud.org/server/12/developer_manual/"><?php p($l->t('Developer documentation'));?> ↗</a>
+ <a class="app-external icon-info" target="_blank" rel="noreferrer noopener" href="https://docs.nextcloud.org/server/12/developer_manual/"><?php p($l->t('Developer documentation'));?> ↗</a>
</li>
<?php endif; ?>
</script>
@@ -44,7 +44,7 @@ script(
<div class="app-image app-image-icon"></div>
<div class="app-name">
{{#if detailpage}}
- <a href="{{detailpage}}" target="_blank" rel="noreferrer">{{name}}</a>
+ <a href="{{detailpage}}" target="_blank" rel="noreferrer noopener">{{name}}</a>
{{else}}
{{name}}
{{/if}}
@@ -90,7 +90,7 @@ script(
{{/if}}
<h2 class="app-name">
{{#if detailpage}}
- <a href="{{detailpage}}" target="_blank" rel="noreferrer">{{name}}</a>
+ <a href="{{detailpage}}" target="_blank" rel="noreferrer noopener">{{name}}</a>
{{else}}
{{name}}
{{/if}}
@@ -105,7 +105,7 @@ script(
<div class="app-description-container hidden">
<div class="app-version">{{version}}</div>
- {{#if profilepage}}<a href="{{profilepage}}" target="_blank" rel="noreferrer">{{/if}}
+ {{#if profilepage}}<a href="{{profilepage}}" target="_blank" rel="noreferrer noopener">{{/if}}
<div class="app-author"><?php p($l->t('by %s', ['{{author}}']));?>
{{#if licence}}
(<?php p($l->t('%s-licensed', ['{{licence}}'])); ?>)
@@ -119,30 +119,30 @@ script(
<?php p($l->t("Documentation:"));?>
{{#if documentation.user}}
<span class="userDocumentation">
- <a id="userDocumentation" class="appslink" href="{{documentation.user}}" target="_blank" rel="noreferrer"><?php p($l->t('User documentation'));?> ↗</a>
+ <a id="userDocumentation" class="appslink" href="{{documentation.user}}" target="_blank" rel="noreferrer noopener"><?php p($l->t('User documentation'));?> ↗</a>
</span>
{{/if}}
{{#if documentation.admin}}
<span class="adminDocumentation">
- <a id="adminDocumentation" class="appslink" href="{{documentation.admin}}" target="_blank" rel="noreferrer"><?php p($l->t('Admin documentation'));?> ↗</a>
+ <a id="adminDocumentation" class="appslink" href="{{documentation.admin}}" target="_blank" rel="noreferrer noopener"><?php p($l->t('Admin documentation'));?> ↗</a>
</span>
{{/if}}
{{#if documentation.developer}}
<span class="developerDocumentation">
- <a id="developerDocumentation" class="appslink" href="{{documentation.developer}}" target="_blank" rel="noreferrer"><?php p($l->t('Developer documentation'));?> ↗</a>
+ <a id="developerDocumentation" class="appslink" href="{{documentation.developer}}" target="_blank" rel="noreferrer noopener"><?php p($l->t('Developer documentation'));?> ↗</a>
</span>
{{/if}}
</p>
{{/if}}
{{#if website}}
- <a id="userDocumentation" class="appslink" href="{{website}}" target="_blank" rel="noreferrer"><?php p($l->t('Visit website'));?> ↗</a>
+ <a id="userDocumentation" class="appslink" href="{{website}}" target="_blank" rel="noreferrer noopener"><?php p($l->t('Visit website'));?> ↗</a>
{{/if}}
{{#if bugs}}
- <a id="adminDocumentation" class="appslink" href="{{bugs}}" target="_blank" rel="noreferrer"><?php p($l->t('Report a bug'));?> ↗</a>
+ <a id="adminDocumentation" class="appslink" href="{{bugs}}" target="_blank" rel="noreferrer noopener"><?php p($l->t('Report a bug'));?> ↗</a>
{{/if}}
</div><!-- end app-description-container -->
<div class="app-description-toggle-show" role="link"><?php p($l->t("Show description …"));?></div>
diff --git a/settings/templates/help.php b/settings/templates/help.php
index f849ea0f427..3f042254f83 100644
--- a/settings/templates/help.php
+++ b/settings/templates/help.php
@@ -16,26 +16,26 @@
<?php } ?>
<li>
- <a href="https://docs.nextcloud.org" target="_blank" rel="noreferrer">
+ <a href="https://docs.nextcloud.org" target="_blank" rel="noreferrer noopener">
<?php p($l->t('Online documentation')); ?> ↗
</a>
</li>
<li>
- <a href="https://help.nextcloud.com" target="_blank" rel="noreferrer">
+ <a href="https://help.nextcloud.com" target="_blank" rel="noreferrer noopener">
<?php p($l->t('Forum')); ?> ↗
</a>
</li>
<?php if($_['admin']) { ?>
<li>
- <a href="https://nextcloud.com/support/" target="_blank" rel="noreferrer">
+ <a href="https://nextcloud.com/support/" target="_blank" rel="noreferrer noopener">
<?php p($l->t('Getting help')); ?> ↗
</a>
</li>
<?php } ?>
<li>
- <a href="https://nextcloud.com/enterprise/" target="_blank" rel="noreferrer">
+ <a href="https://nextcloud.com/enterprise/" target="_blank" rel="noreferrer noopener">
<?php p($l->t('Commercial support')); ?> ↗
</a>
</li>
diff --git a/settings/templates/settings.development.notice.php b/settings/templates/settings.development.notice.php
index 2b08d341f1e..855c4dc26c7 100644
--- a/settings/templates/settings.development.notice.php
+++ b/settings/templates/settings.development.notice.php
@@ -7,9 +7,9 @@
'{linkclose}',
],
[
- '<a href="https://nextcloud.com/contribute" target="_blank" rel="noreferrer">',
- '<a href="https://github.com/nextcloud" target="_blank" rel="noreferrer">',
- '<a href="https://www.gnu.org/licenses/agpl-3.0.html" target="_blank" rel="noreferrer">',
+ '<a href="https://nextcloud.com/contribute" target="_blank" rel="noreferrer noopener">',
+ '<a href="https://github.com/nextcloud" target="_blank" rel="noreferrer noopener">',
+ '<a href="https://www.gnu.org/licenses/agpl-3.0.html" target="_blank" rel="noreferrer noopener">',
'</a>',
],
$l->t('Developed by the {communityopen}Nextcloud community{linkclose}, the {githubopen}source code{linkclose} is licensed under the {licenseopen}AGPL{linkclose}.')
diff --git a/settings/templates/settings/admin/additional-mail.php b/settings/templates/settings/admin/additional-mail.php
index bce7e5adeee..adcc5293ff1 100644
--- a/settings/templates/settings/admin/additional-mail.php
+++ b/settings/templates/settings/admin/additional-mail.php
@@ -53,7 +53,7 @@ if ($_['mail_smtpmode'] === 'qmail') {
<div class="section" id="mail_general_settings">
<form id="mail_general_settings_form" class="mail_settings">
<h2><?php p($l->t('Email server'));?></h2>
- <a target="_blank" rel="noreferrer" class="icon-info"
+ <a target="_blank" rel="noreferrer noopener" class="icon-info"
title="<?php p($l->t('Open documentation'));?>"
href="<?php p(link_to_docs('admin-email')); ?>"></a>
<p class="settings-hint"><?php p($l->t('It is important to set up this server to be able to send emails, like for password reset and notifications.')); ?></p>
diff --git a/settings/templates/settings/admin/encryption.php b/settings/templates/settings/admin/encryption.php
index 8fc4e9ae13b..d042f531da5 100644
--- a/settings/templates/settings/admin/encryption.php
+++ b/settings/templates/settings/admin/encryption.php
@@ -28,7 +28,7 @@
<div class="section" id='encryptionAPI'>
<h2><?php p($l->t('Server-side encryption')); ?></h2>
- <a target="_blank" rel="noreferrer" class="icon-info"
+ <a target="_blank" rel="noreferrer noopener" class="icon-info"
title="<?php p($l->t('Open documentation'));?>"
href="<?php p(link_to_docs('admin-encryption')); ?>"></a>
<p class="settings-hint"><?php p($l->t('Server-side encryption makes it possible to encrypt files which are uploaded to this server. This comes with limitations like a performance penalty, so enable this only if needed.')); ?></p>
diff --git a/settings/templates/settings/admin/server.php b/settings/templates/settings/admin/server.php
index ab30f8e7700..2805eb72ce1 100644
--- a/settings/templates/settings/admin/server.php
+++ b/settings/templates/settings/admin/server.php
@@ -36,7 +36,7 @@
?>
<li>
<?php p($l->t('PHP does not seem to be setup properly to query system environment variables. The test with getenv("PATH") only returns an empty response.')); ?><br>
- <?php print_unescaped($l->t('Please check the <a target="_blank" rel="noreferrer" href="%s">installation documentation ↗</a> for PHP configuration notes and the PHP configuration of your server, especially when using php-fpm.', link_to_docs('admin-php-fpm'))); ?>
+ <?php print_unescaped($l->t('Please check the <a target="_blank" rel="noreferrer noopener" href="%s">installation documentation ↗</a> for PHP configuration notes and the PHP configuration of your server, especially when using php-fpm.', link_to_docs('admin-php-fpm'))); ?>
</li>
<?php
}
@@ -91,7 +91,7 @@
if ($_['fileLockingType'] === 'none') {
?>
<li>
- <?php print_unescaped($l->t('Transactional file locking is disabled, this might lead to issues with race conditions. Enable \'filelocking.enabled\' in config.php to avoid these problems. See the <a target="_blank" rel="noreferrer" href="%s">documentation ↗</a> for more information.', link_to_docs('admin-transactional-locking'))); ?>
+ <?php print_unescaped($l->t('Transactional file locking is disabled, this might lead to issues with race conditions. Enable \'filelocking.enabled\' in config.php to avoid these problems. See the <a target="_blank" rel="noreferrer noopener" href="%s">documentation ↗</a> for more information.', link_to_docs('admin-transactional-locking'))); ?>
</li>
<?php
}
@@ -146,7 +146,7 @@
<ul class="warnings hidden"></ul>
<ul class="info hidden"></ul>
<p class="hint hidden">
- <?php print_unescaped($l->t('Please double check the <a target="_blank" rel="noreferrer" href="%s">installation guides ↗</a>, and check for any errors or warnings in the <a href="%s">log</a>.', [link_to_docs('admin-install'), \OC::$server->getURLGenerator()->linkToRoute('settings.AdminSettings.index', ['section' => 'logging'])] )); ?>
+ <?php print_unescaped($l->t('Please double check the <a target="_blank" rel="noreferrer noopener" href="%s">installation guides ↗</a>, and check for any errors or warnings in the <a href="%s">log</a>.', [link_to_docs('admin-install'), \OC::$server->getURLGenerator()->linkToRoute('settings.AdminSettings.index', ['section' => 'logging'])] )); ?>
</p>
</div>
<div id="security-warning-state">
@@ -176,7 +176,7 @@
<?php p($l->t("Background job didn’t run yet!"));
endif; ?>
</p>
- <a target="_blank" rel="noreferrer" class="icon-info"
+ <a target="_blank" rel="noreferrer noopener" class="icon-info"
title="<?php p($l->t('Open documentation'));?>"
href="<?php p(link_to_docs('admin-background-jobs')); ?>"></a>
@@ -223,5 +223,5 @@
<div class="section">
<!-- should be the last part, so Updater can follow if enabled (it has no heading therefore). -->
<h2><?php p($l->t('Version'));?></h2>
- <p><strong><a href="<?php print_unescaped($theme->getBaseUrl()); ?>" rel="noreferrer" target="_blank"><?php p($theme->getTitle()); ?></a> <?php p(OC_Util::getHumanVersion()) ?></strong></p>
+ <p><strong><a href="<?php print_unescaped($theme->getBaseUrl()); ?>" rel="noreferrer noopener" target="_blank"><?php p($theme->getTitle()); ?></a> <?php p(OC_Util::getHumanVersion()) ?></strong></p>
</div>
diff --git a/settings/templates/settings/admin/sharing.php b/settings/templates/settings/admin/sharing.php
index 9c9e8c07809..156e8ddd81d 100644
--- a/settings/templates/settings/admin/sharing.php
+++ b/settings/templates/settings/admin/sharing.php
@@ -28,7 +28,7 @@
<div class="section" id="shareAPI">
<h2><?php p($l->t('Sharing'));?></h2>
- <a target="_blank" rel="noreferrer" class="icon-info"
+ <a target="_blank" rel="noreferrer noopener" class="icon-info"
title="<?php p($l->t('Open documentation'));?>"
href="<?php p(link_to_docs('admin-sharing')); ?>"></a>
<p class="settings-hint"><?php p($l->t('As admin you can fine-tune the sharing behavior. Please see the documentation for more information.'));?></p>
diff --git a/settings/templates/settings/admin/tipstricks.php b/settings/templates/settings/admin/tipstricks.php
index c18c7f25f39..cf5c6c71104 100644
--- a/settings/templates/settings/admin/tipstricks.php
+++ b/settings/templates/settings/admin/tipstricks.php
@@ -37,15 +37,15 @@
<li>
<?php p($l->t('SQLite is currently being used as the backend database. For larger installations we recommend that you switch to a different database backend.')); ?><br>
<?php p($l->t('This is particularly recommended when using the desktop client for file synchronisation.')); ?><br>
- <?php print_unescaped($l->t('To migrate to another database use the command line tool: \'occ db:convert-type\', or see the <a target="_blank" rel="noreferrer" href="%s">documentation ↗</a>.', link_to_docs('admin-db-conversion') )); ?>
+ <?php print_unescaped($l->t('To migrate to another database use the command line tool: \'occ db:convert-type\', or see the <a target="_blank" rel="noreferrer noopener" href="%s">documentation ↗</a>.', link_to_docs('admin-db-conversion') )); ?>
</li>
<?php } ?>
- <li><a target="_blank" rel="noreferrer" href="<?php p(link_to_docs('admin-backup')); ?>"><?php p($l->t('How to do backups'));?> ↗</a></li>
- <li><a target="_blank" rel="noreferrer" href="<?php p(link_to_docs('admin-monitoring')); ?>"><?php p($l->t('Advanced monitoring'));?> ↗</a></li>
- <li><a target="_blank" rel="noreferrer" href="<?php p(link_to_docs('admin-performance')); ?>"><?php p($l->t('Performance tuning'));?> ↗</a></li>
- <li><a target="_blank" rel="noreferrer" href="<?php p(link_to_docs('admin-config')); ?>"><?php p($l->t('Improving the config.php'));?> ↗</a></li>
- <li><a target="_blank" rel="noreferrer" href="<?php p(link_to_docs('developer-theming')); ?>"><?php p($l->t('Theming'));?> ↗</a></li>
- <li><a target="_blank" rel="noreferrer" href="https://scan.nextcloud.com"><?php p($l->t('Check the security of your Nextcloud over our security scan'));?> ↗</a></li>
- <li><a target="_blank" rel="noreferrer" href="<?php p(link_to_docs('admin-security')); ?>"><?php p($l->t('Hardening and security guidance'));?> ↗</a></li>
+ <li><a target="_blank" rel="noreferrer noopener" href="<?php p(link_to_docs('admin-backup')); ?>"><?php p($l->t('How to do backups'));?> ↗</a></li>
+ <li><a target="_blank" rel="noreferrer noopener" href="<?php p(link_to_docs('admin-monitoring')); ?>"><?php p($l->t('Advanced monitoring'));?> ↗</a></li>
+ <li><a target="_blank" rel="noreferrer noopener" href="<?php p(link_to_docs('admin-performance')); ?>"><?php p($l->t('Performance tuning'));?> ↗</a></li>
+ <li><a target="_blank" rel="noreferrer noopener" href="<?php p(link_to_docs('admin-config')); ?>"><?php p($l->t('Improving the config.php'));?> ↗</a></li>
+ <li><a target="_blank" rel="noreferrer noopener" href="<?php p(link_to_docs('developer-theming')); ?>"><?php p($l->t('Theming'));?> ↗</a></li>
+ <li><a target="_blank" rel="noreferrer noopener" href="https://scan.nextcloud.com"><?php p($l->t('Check the security of your Nextcloud over our security scan'));?> ↗</a></li>
+ <li><a target="_blank" rel="noreferrer noopener" href="<?php p(link_to_docs('admin-security')); ?>"><?php p($l->t('Hardening and security guidance'));?> ↗</a></li>
</ul>
</div>
diff --git a/settings/templates/settings/personal/personal.info.php b/settings/templates/settings/personal/personal.info.php
index d6f6061ebf2..04315d8cea0 100644
--- a/settings/templates/settings/personal/personal.info.php
+++ b/settings/templates/settings/personal/personal.info.php
@@ -338,7 +338,7 @@ vendor_style('jcrop/css/jquery.Jcrop');
<?php endforeach;?>
</select>
<a href="https://www.transifex.com/nextcloud/nextcloud/"
- target="_blank" rel="noreferrer">
+ target="_blank" rel="noreferrer noopener">
<em><?php p($l->t('Help translate'));?></em>
</a>
</form>