diff options
| -rw-r--r-- | apps/calendar/index.php | 6 | ||||
| -rw-r--r-- | apps/contacts/ajax/addbook.php | 4 | ||||
| -rw-r--r-- | apps/contacts/ajax/createaddressbook.php | 2 | ||||
| -rw-r--r-- | apps/contacts/ajax/editaddressbook.php | 4 | ||||
| -rw-r--r-- | apps/contacts/ajax/loadcard.php | 12 | ||||
| -rw-r--r-- | apps/contacts/index.php | 20 | ||||
| -rw-r--r-- | apps/contacts/templates/part.chooseaddressbook.php | 4 | ||||
| -rw-r--r-- | apps/files/admin.php | 10 | ||||
| -rw-r--r-- | apps/files/index.php | 26 | ||||
| -rw-r--r-- | lib/template.php | 51 | ||||
| -rw-r--r--[-rwxr-xr-x] | lib/util.php | 18 | ||||
| -rw-r--r-- | settings/admin.php | 4 | ||||
| -rw-r--r-- | settings/apps.php | 2 | ||||
| -rw-r--r-- | settings/help.php | 6 | ||||
| -rw-r--r-- | settings/personal.php | 12 | ||||
| -rw-r--r-- | settings/users.php | 8 |
16 files changed, 78 insertions, 111 deletions
diff --git a/apps/calendar/index.php b/apps/calendar/index.php index 803f973d6e9..cf03a7a3cd3 100644 --- a/apps/calendar/index.php +++ b/apps/calendar/index.php @@ -54,9 +54,9 @@ OCP\Util::addscript('contacts','jquery.multi-autocomplete'); OCP\Util::addscript('','oc-vcategories'); OCP\App::setActiveNavigationEntry('calendar_index'); $tmpl = new OCP\Template('calendar', 'calendar', 'user'); -$tmpl->assignHTML('eventSources', $eventSources); -$tmpl->assignHTML('categories', $categories); +$tmpl->assign('eventSources', $eventSources); +$tmpl->assign('categories', $categories); if(array_key_exists('showevent', $_GET)){ - $tmpl->assignHTML('showevent', $_GET['showevent']); + $tmpl->assign('showevent', $_GET['showevent']); } $tmpl->printPage(); diff --git a/apps/contacts/ajax/addbook.php b/apps/contacts/ajax/addbook.php index 0b075a0e472..70f47cc8123 100644 --- a/apps/contacts/ajax/addbook.php +++ b/apps/contacts/ajax/addbook.php @@ -14,7 +14,7 @@ $book = array( 'displayname' => '', ); $tmpl = new OCP\Template('contacts', 'part.editaddressbook'); -$tmpl->assignHTML('new', true); -$tmpl->assignHTML('addressbook', $book); +$tmpl->assign('new', true); +$tmpl->assign('addressbook', $book); $tmpl->printPage(); ?> diff --git a/apps/contacts/ajax/createaddressbook.php b/apps/contacts/ajax/createaddressbook.php index 4a256458ca0..af7c19eef51 100644 --- a/apps/contacts/ajax/createaddressbook.php +++ b/apps/contacts/ajax/createaddressbook.php @@ -33,7 +33,7 @@ if(!OC_Contacts_Addressbook::setActive($bookid, 1)) { } $addressbook = OC_Contacts_App::getAddressbook($bookid); $tmpl = new OCP\Template('contacts', 'part.chooseaddressbook.rowfields'); -$tmpl->assignHTML('addressbook', $addressbook); +$tmpl->assign('addressbook', $addressbook); OCP\JSON::success(array( 'page' => $tmpl->fetchPage(), 'addressbook' => $addressbook, diff --git a/apps/contacts/ajax/editaddressbook.php b/apps/contacts/ajax/editaddressbook.php index 18ddfef6dd6..7a9b757ae0d 100644 --- a/apps/contacts/ajax/editaddressbook.php +++ b/apps/contacts/ajax/editaddressbook.php @@ -11,7 +11,7 @@ OCP\JSON::checkLoggedIn(); OCP\JSON::checkAppEnabled('contacts'); $addressbook = OC_Contacts_App::getAddressbook($_GET['bookid']); $tmpl = new OCP\Template("contacts", "part.editaddressbook"); -$tmpl->assignHTML('new', false); -$tmpl->assignHTML('addressbook', $addressbook); +$tmpl->assign('new', false); +$tmpl->assign('addressbook', $addressbook); $tmpl->printPage(); ?> diff --git a/apps/contacts/ajax/loadcard.php b/apps/contacts/ajax/loadcard.php index a07120a33f2..fbb831f4a12 100644 --- a/apps/contacts/ajax/loadcard.php +++ b/apps/contacts/ajax/loadcard.php @@ -36,12 +36,12 @@ $phone_types = OC_Contacts_App::getTypesOfProperty('TEL'); $email_types = OC_Contacts_App::getTypesOfProperty('EMAIL'); $tmpl = new OCP\Template('contacts','part.contact'); -$tmpl->assignHTML('uploadMaxFilesize', $maxUploadFilesize); -$tmpl->assignHTML('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize)); -$tmpl->assignHTML('adr_types',$adr_types); -$tmpl->assignHTML('phone_types',$phone_types); -$tmpl->assignHTML('email_types',$email_types); -$tmpl->assignHTML('id',''); +$tmpl->assign('uploadMaxFilesize', $maxUploadFilesize); +$tmpl->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize)); +$tmpl->assign('adr_types',$adr_types); +$tmpl->assign('phone_types',$phone_types); +$tmpl->assign('email_types',$email_types); +$tmpl->assign('id',''); $page = $tmpl->fetchPage(); OCP\JSON::success(array('data' => array( 'page' => $page ))); diff --git a/apps/contacts/index.php b/apps/contacts/index.php index 865a0cc35f7..74b7c43c556 100644 --- a/apps/contacts/index.php +++ b/apps/contacts/index.php @@ -59,16 +59,16 @@ OCP\Util::addStyle('contacts','jquery.Jcrop'); OCP\Util::addStyle('contacts','contacts'); $tmpl = new OCP\Template( "contacts", "index", "user" ); -$tmpl->assignHTML('uploadMaxFilesize', $maxUploadFilesize); -$tmpl->assignHTML('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize)); -$tmpl->assignHTML('property_types', $property_types); -$tmpl->assignHTML('phone_types', $phone_types); -$tmpl->assignHTML('email_types', $email_types); -$tmpl->assignHTML('categories', $categories); -$tmpl->assignHTML('addressbooks', $addressbooks); -$tmpl->assignHTML('contacts', $contacts); -$tmpl->assignHTML('details', $details ); -$tmpl->assignHTML('id',$id); +$tmpl->assign('uploadMaxFilesize', $maxUploadFilesize); +$tmpl->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize)); +$tmpl->assign('property_types', $property_types); +$tmpl->assign('phone_types', $phone_types); +$tmpl->assign('email_types', $email_types); +$tmpl->assign('categories', $categories); +$tmpl->assign('addressbooks', $addressbooks); +$tmpl->assign('contacts', $contacts); +$tmpl->assign('details', $details ); +$tmpl->assign('id',$id); $tmpl->printPage(); ?> diff --git a/apps/contacts/templates/part.chooseaddressbook.php b/apps/contacts/templates/part.chooseaddressbook.php index 74fab99010b..a0ec053ab91 100644 --- a/apps/contacts/templates/part.chooseaddressbook.php +++ b/apps/contacts/templates/part.chooseaddressbook.php @@ -5,8 +5,8 @@ $option_addressbooks = OC_Contacts_Addressbook::all(OCP\USER::getUser()); for($i = 0; $i < count($option_addressbooks); $i++){ echo "<tr>"; $tmpl = new OCP\Template('contacts', 'part.chooseaddressbook.rowfields'); - $tmpl->assignHTML('addressbook', $option_addressbooks[$i]); - $tmpl->assignHTML('active', OC_Contacts_Addressbook::isActive($option_addressbooks[$i]['id'])); + $tmpl->assign('addressbook', $option_addressbooks[$i]); + $tmpl->assign('active', OC_Contacts_Addressbook::isActive($option_addressbooks[$i]['id'])); $tmpl->printpage(); echo "</tr>"; } diff --git a/apps/files/admin.php b/apps/files/admin.php index 5534c5545ed..d05eb7267b7 100644 --- a/apps/files/admin.php +++ b/apps/files/admin.php @@ -54,9 +54,9 @@ OCP\App::setActiveNavigationEntry( "files_administration" ); $htaccessWritable=is_writable(OC::$SERVERROOT.'/.htaccess'); $tmpl = new OCP\Template( 'files', 'admin' ); -$tmpl->assignHTML( 'uploadChangable', $htaccessWorking and $htaccessWritable ); -$tmpl->assignHTML( 'uploadMaxFilesize', $maxUploadFilesize); -$tmpl->assignHTML( 'maxPossibleUploadSize', OCP\Util::humanFileSize(PHP_INT_MAX)); -$tmpl->assignHTML( 'allowZipDownload', $allowZipDownload); -$tmpl->assignHTML( 'maxZipInputSize', $maxZipInputSize); +$tmpl->assign( 'uploadChangable', $htaccessWorking and $htaccessWritable ); +$tmpl->assign( 'uploadMaxFilesize', $maxUploadFilesize); +$tmpl->assign( 'maxPossibleUploadSize', OCP\Util::humanFileSize(PHP_INT_MAX)); +$tmpl->assign( 'allowZipDownload', $allowZipDownload); +$tmpl->assign( 'maxZipInputSize', $maxZipInputSize); return $tmpl->fetchPage();
\ No newline at end of file diff --git a/apps/files/index.php b/apps/files/index.php index 8f98f34794a..60a3836cb59 100644 --- a/apps/files/index.php +++ b/apps/files/index.php @@ -73,12 +73,12 @@ foreach( explode( '/', $dir ) as $i ){ // make breadcrumb und filelist markup $list = new OCP\Template( 'files', 'part.list', '' ); -$list->assignHTML( 'files', $files ); -$list->assignHTML( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir='); -$list->assignHTML( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file='); +$list->assign( 'files', $files ); +$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir='); +$list->assign( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file='); $breadcrumbNav = new OCP\Template( 'files', 'part.breadcrumb', '' ); -$breadcrumbNav->assignHTML( 'breadcrumb', $breadcrumb ); -$breadcrumbNav->assignHTML( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir='); +$breadcrumbNav->assign( 'breadcrumb', $breadcrumb ); +$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir='); $upload_max_filesize = OCP\Util::computerFileSize(ini_get('upload_max_filesize')); $post_max_size = OCP\Util::computerFileSize(ini_get('post_max_size')); @@ -89,14 +89,14 @@ $freeSpace=max($freeSpace,0); $maxUploadFilesize = min($maxUploadFilesize ,$freeSpace); $tmpl = new OCP\Template( 'files', 'index', 'user' ); -$tmpl->assignHTML( 'fileList', $list->fetchPage() ); -$tmpl->assignHTML( 'breadcrumb', $breadcrumbNav->fetchPage() ); -$tmpl->assignHTML( 'dir', $dir); -$tmpl->assignHTML( 'readonly', !OC_Filesystem::is_writable($dir.'/')); -$tmpl->assignHTML( 'files', $files ); -$tmpl->assignHTML( 'uploadMaxFilesize', $maxUploadFilesize); -$tmpl->assignHTML( 'uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize)); -$tmpl->assignHTML( 'allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true))); +$tmpl->assign( 'fileList', $list->fetchPage() ); +$tmpl->assign( 'breadcrumb', $breadcrumbNav->fetchPage() ); +$tmpl->assign( 'dir', $dir); +$tmpl->assign( 'readonly', !OC_Filesystem::is_writable($dir.'/')); +$tmpl->assign( 'files', $files ); +$tmpl->assign( 'uploadMaxFilesize', $maxUploadFilesize); +$tmpl->assign( 'uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize)); +$tmpl->assign( 'allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true))); $tmpl->printPage(); ?> diff --git a/lib/template.php b/lib/template.php index 5230ad031fb..1e01b411591 100644 --- a/lib/template.php +++ b/lib/template.php @@ -156,11 +156,9 @@ class OC_Template{ $this->application = $app; $this->vars = array(); $this->l10n = OC_L10N::get($app); - - // Some security settings - header('X-Frame-Options: Sameorigin'); - header('X-XSS-Protection: 1; mode=block'); - header('X-Content-Type-Options: nosniff'); + header('X-Frame-Options: Sameorigin'); + header('X-XSS-Protection: 1; mode=block'); + header('X-Content-Type-Options: nosniff'); $this->findTemplate($name); } @@ -258,26 +256,10 @@ class OC_Template{ } /** - * @brief Assign variables and sanitizes the data - * @param $key key - * @param $value value - * @returns true - * - * This function assigns a variable. It can be accessed via $_[$key] in - * the template. - * - * If the key existed before, it will be overwritten - */ - public function assign( $key, $value ){ - $this->vars[$key] = htmlentities($value); - return true; - } - - - /** * @brief Assign variables * @param $key key * @param $value value + * @param $sanitizeHTML false, if data shouldn't get passed through htmlentities * @returns true * * This function assigns a variable. It can be accessed via $_[$key] in @@ -285,7 +267,10 @@ class OC_Template{ * * If the key existed before, it will be overwritten */ - public function assignHTML( $key, $value ){ + public function assign( $key, $value, $sanitizeHTML=true ){ + if($sanitizeHTML) { + $this->vars[$key] = htmlentities($value); + } $this->vars[$key] = $value; return true; } @@ -373,20 +358,20 @@ class OC_Template{ // Decide which page we show if( $this->renderas == "user" ){ $page = new OC_Template( "core", "layout.user" ); - $page->assignHTML('searchurl',OC_Helper::linkTo( 'search', 'index.php' )); + $page->assign('searchurl',OC_Helper::linkTo( 'search', 'index.php' )); if(array_search(OC_APP::getCurrentApp(),array('settings','admin','help'))!==false){ - $page->assignHTML('bodyid','body-settings'); + $page->assign('bodyid','body-settings'); }else{ - $page->assignHTML('bodyid','body-user'); + $page->assign('bodyid','body-user'); } // Add navigation entry $navigation = OC_App::getNavigation(); - $page->assignHTML( "navigation", $navigation); - $page->assignHTML( "settingsnavigation", OC_App::getSettingsNavigation()); + $page->assign( "navigation", $navigation); + $page->assign( "settingsnavigation", OC_App::getSettingsNavigation()); foreach($navigation as $entry) { if ($entry['active']) { - $page->assignHTML( 'application', $entry['name'] ); + $page->assign( 'application', $entry['name'] ); break; } } @@ -400,7 +385,7 @@ class OC_Template{ // Read the detected formfactor and use the right file name. $fext = self::getFormFactorExtension(); - $page->assignHTML('jsfiles', array()); + $page->assign('jsfiles', array()); // Add the core js files or the js files provided by the selected theme foreach(OC_Util::$scripts as $script){ // Is it in 3rd party? @@ -437,7 +422,7 @@ class OC_Template{ } } // Add the css files - $page->assignHTML('cssfiles', array()); + $page->assign('cssfiles', array()); foreach(OC_Util::$styles as $style){ // is it in 3rdparty? if($page->appendIfExist('cssfiles', OC::$THIRDPARTYROOT, OC::$THIRDPARTYWEBROOT, $style.'.css')) { @@ -475,13 +460,13 @@ class OC_Template{ } // Add custom headers - $page->assignHTML('headers',$this->headers); + $page->assign('headers',$this->headers); foreach(OC_Util::$headers as $header){ $page->append('headers',$header); } // Add css files and js files - $page->assignHTML( "content", $data ); + $page->assign( "content", $data ); return $page->fetchPage(); } else{ diff --git a/lib/util.php b/lib/util.php index b6f3cb5df44..7c85db71f5f 100755..100644 --- a/lib/util.php +++ b/lib/util.php @@ -358,30 +358,12 @@ class OC_Util { * Todo: Write howto */ public static function callRegister(){ - //mamimum time before token exires - $maxtime=(60*60); // 1 hour - // generate a random token. $token=mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000); // store the token together with a timestamp in the session. $_SESSION['requesttoken-'.$token]=time(); - // cleanup old tokens garbage collector - // only run every 20th time so we donīt waste cpu cycles - if(rand(0,20)==0) { - foreach($_SESSION as $key=>$value) { - // search all tokens in the session - if(substr($key,0,12)=='requesttoken') { - if($value+$maxtime<time()){ - // remove outdated tokens - unset($_SESSION[$key]); - } - } - } - } - - // return the token return($token); } diff --git a/settings/admin.php b/settings/admin.php index d160b3dcfd1..a997bad4e3c 100644 --- a/settings/admin.php +++ b/settings/admin.php @@ -23,8 +23,8 @@ function compareEntries($a,$b){ usort($entries, 'compareEntries'); $tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 )); -$tmpl->assignHTML('entries',$entries); -$tmpl->assignHTML('forms',array()); +$tmpl->assign('entries',$entries); +$tmpl->assign('forms',array()); foreach($forms as $form){ $tmpl->append('forms',$form); } diff --git a/settings/apps.php b/settings/apps.php index 4f51a286ea6..7908e6cc18b 100644 --- a/settings/apps.php +++ b/settings/apps.php @@ -92,7 +92,7 @@ usort($apps, 'app_sort'); $tmpl = new OC_Template( "settings", "apps", "user" ); -$tmpl->assignHTML('apps',$apps); +$tmpl->assign('apps',$apps); $tmpl->printPage(); diff --git a/settings/help.php b/settings/help.php index e75607cd692..f0abed8f558 100644 --- a/settings/help.php +++ b/settings/help.php @@ -21,9 +21,9 @@ unset($kbe['totalitems']); $pagecount=ceil($totalitems/$pagesize); $tmpl = new OC_Template( "settings", "help", "user" ); -$tmpl->assignHTML( "kbe", $kbe ); -$tmpl->assignHTML( "pagecount", $pagecount ); -$tmpl->assignHTML( "page", $page ); +$tmpl->assign( "kbe", $kbe ); +$tmpl->assign( "pagecount", $pagecount ); +$tmpl->assign( "page", $page ); $tmpl->printPage(); ?> diff --git a/settings/personal.php b/settings/personal.php index 927d9a407c0..64e08be89eb 100644 --- a/settings/personal.php +++ b/settings/personal.php @@ -48,14 +48,14 @@ foreach($languageCodes as $lang){ // Return template $tmpl = new OC_Template( 'settings', 'personal', 'user'); -$tmpl->assignHTML('usage',OC_Helper::humanFileSize($used)); -$tmpl->assignHTML('total_space',OC_Helper::humanFileSize($total)); -$tmpl->assignHTML('usage_relative',$relative); -$tmpl->assignHTML('email',$email); -$tmpl->assignHTML('languages',$languages); +$tmpl->assign('usage',OC_Helper::humanFileSize($used)); +$tmpl->assign('total_space',OC_Helper::humanFileSize($total)); +$tmpl->assign('usage_relative',$relative); +$tmpl->assign('email',$email); +$tmpl->assign('languages',$languages); $forms=OC_App::getForms('personal'); -$tmpl->assignHTML('forms',array()); +$tmpl->assign('forms',array()); foreach($forms as $form){ $tmpl->append('forms',$form); } diff --git a/settings/users.php b/settings/users.php index 1003ca8112a..96515a90ce4 100644 --- a/settings/users.php +++ b/settings/users.php @@ -34,10 +34,10 @@ foreach($quotaPreset as &$preset){ $defaultQuota=OC_Appconfig::getValue('files','default_quota','none'); $tmpl = new OC_Template( "settings", "users", "user" ); -$tmpl->assignHTML( "users", $users ); -$tmpl->assignHTML( "groups", $groups ); -$tmpl->assignHTML( 'quota_preset', $quotaPreset); -$tmpl->assignHTML( 'default_quota', $defaultQuota); +$tmpl->assign( "users", $users ); +$tmpl->assign( "groups", $groups ); +$tmpl->assign( 'quota_preset', $quotaPreset); +$tmpl->assign( 'default_quota', $defaultQuota); $tmpl->printPage(); ?> |