diff options
| -rw-r--r-- | apps/bookmarks/ajax/editBookmark.php | 14 | ||||
| -rw-r--r-- | apps/files/templates/part.breadcrumb.php | 2 | ||||
| -rw-r--r-- | apps/files_texteditor/js/editor.js | 2 | ||||
| -rw-r--r-- | apps/media/js/player.js | 2 |
4 files changed, 14 insertions, 6 deletions
diff --git a/apps/bookmarks/ajax/editBookmark.php b/apps/bookmarks/ajax/editBookmark.php index fcec2e1cedb..439b680dc20 100644 --- a/apps/bookmarks/ajax/editBookmark.php +++ b/apps/bookmarks/ajax/editBookmark.php @@ -40,18 +40,26 @@ if( $CONFIG_DBTYPE == 'sqlite' or $CONFIG_DBTYPE == 'sqlite3' ){ } $bookmark_id = (int)$_POST["id"]; +$user_id = OCP\USER::getUser(); $query = OCP\DB::prepare(" UPDATE *PREFIX*bookmarks SET url = ?, title =?, lastmodified = $_ut - WHERE id = $bookmark_id + WHERE id = ? + AND user_id = ? "); $params=array( htmlspecialchars_decode($_POST["url"]), htmlspecialchars_decode($_POST["title"]), + $bookmark_id, + $user_id, ); -$query->execute($params); + +$result = $query->execute($params); + +# Abort the operation if bookmark couldn't be set (probably because the user is not allowed to edit this bookmark) +if ($result->numRows() == 0) exit(); # Remove old tags and insert new ones. $query = OCP\DB::prepare(" @@ -66,7 +74,7 @@ $query = OCP\DB::prepare(" (bookmark_id, tag) VALUES (?, ?) "); - + $tags = explode(' ', urldecode($_POST["tags"])); foreach ($tags as $tag) { if(empty($tag)) { diff --git a/apps/files/templates/part.breadcrumb.php b/apps/files/templates/part.breadcrumb.php index 43fe2d1fa95..22d9bb4490d 100644 --- a/apps/files/templates/part.breadcrumb.php +++ b/apps/files/templates/part.breadcrumb.php @@ -1,6 +1,6 @@ <?php for($i=0; $i<count($_["breadcrumb"]); $i++): $crumb = $_["breadcrumb"][$i]; ?> <div class="crumb <?php if($i == count($_["breadcrumb"])-1) echo 'last';?> svg" data-dir='<?php echo $crumb["dir"];?>' style='background-image:url("<?php echo OCP\image_path('core','breadcrumb.png');?>")'> - <a href="<?php echo $_['baseURL'].$crumb["dir"]; ?>"><?php echo htmlentities($crumb["name"],ENT_COMPAT,'utf-8'); ?></a> + <a href="<?php echo $_['baseURL'].$crumb["dir"]; ?>"><?php echo OCP\Util::sanitizeHTML($crumb["name"]); ?></a> </div> <?php endfor;?> diff --git a/apps/files_texteditor/js/editor.js b/apps/files_texteditor/js/editor.js index 70bb74a9101..9d168c1c4f6 100644 --- a/apps/files_texteditor/js/editor.js +++ b/apps/files_texteditor/js/editor.js @@ -67,7 +67,7 @@ function setSyntaxMode(ext){ function showControls(filename,writeperms){ // Loads the control bar at the top. // Load the new toolbar. - var editorbarhtml = '<div id="editorcontrols" style="display: none;"><div class="crumb svg last" id="breadcrumb_file" style="background-image:url("'+OC.imagePath('core','breadcrumb.png')+'")"><p>'+filename.replace(/</, "<").replace(/>/, ">")+'</p></div>'; + var editorbarhtml = '<div id="editorcontrols" style="display: none;"><div class="crumb svg last" id="breadcrumb_file" style="background-image:url("'+OC.imagePath('core','breadcrumb.png')+'")"><p>'+filename+'</p></div>'; if(writeperms=="true"){ editorbarhtml += '<button id="editor_save">'+t('files_texteditor','Save')+'</button><div class="separator"></div>'; } diff --git a/apps/media/js/player.js b/apps/media/js/player.js index ad406830833..867ea802363 100644 --- a/apps/media/js/player.js +++ b/apps/media/js/player.js @@ -40,7 +40,7 @@ var PlayList={ PlayList.init(items[index].type,null); // init calls load that calls play }else{ PlayList.player.jPlayer("setMedia", items[PlayList.current]); - $(".jp-current-song").text(items[PlayList.current].name); + $(".jp-current-song").html(items[PlayList.current].name); items[index].playcount++; PlayList.player.jPlayer("play",time); if(index>0){ |