diff options
| -rw-r--r-- | apps/sharebymail/lib/ShareByMailProvider.php | 4 | ||||
| -rw-r--r-- | core/Controller/LostController.php | 4 | ||||
| -rw-r--r-- | lib/private/Share20/Manager.php | 2 |
3 files changed, 5 insertions, 5 deletions
diff --git a/apps/sharebymail/lib/ShareByMailProvider.php b/apps/sharebymail/lib/ShareByMailProvider.php index 31df8a18951..61c9c01e9ab 100644 --- a/apps/sharebymail/lib/ShareByMailProvider.php +++ b/apps/sharebymail/lib/ShareByMailProvider.php @@ -404,7 +404,7 @@ class ShareByMailProvider implements IShareProvider { $text = $this->l->t('%s shared »%s« with you.', [$initiatorDisplayName, $filename]); $emailTemplate->addBodyText( - $text . ' ' . $this->l->t('Click the button below to open it.'), + htmlspecialchars($text . ' ' . $this->l->t('Click the button below to open it.')), $text ); $emailTemplate->addBodyButton( @@ -476,7 +476,7 @@ class ShareByMailProvider implements IShareProvider { $emailTemplate->setSubject($this->l->t('Password to access »%s« shared to you by %s', [$filename, $initiatorDisplayName])); $emailTemplate->addHeader(); $emailTemplate->addHeading($this->l->t('Password to access »%s«', [$filename]), false); - $emailTemplate->addBodyText($htmlBodyPart, $plainBodyPart); + $emailTemplate->addBodyText(htmlspecialchars($htmlBodyPart), $plainBodyPart); $emailTemplate->addBodyText($this->l->t('It is protected with the following password: %s', [$password])); // The "From" contains the sharers name diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php index e7462180388..90a1176ae83 100644 --- a/core/Controller/LostController.php +++ b/core/Controller/LostController.php @@ -321,12 +321,12 @@ class LostController extends Controller { $emailTemplate->addHeading($this->l10n->t('Password reset')); $emailTemplate->addBodyText( - $this->l10n->t('Click the following button to reset your password. If you have not requested the password reset, then ignore this email.'), + htmlspecialchars($this->l10n->t('Click the following button to reset your password. If you have not requested the password reset, then ignore this email.')), $this->l10n->t('Click the following link to reset your password. If you have not requested the password reset, then ignore this email.') ); $emailTemplate->addBodyButton( - $this->l10n->t('Reset your password'), + htmlspecialchars($this->l10n->t('Reset your password')), $link, false ); diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php index 0ae96f29ded..cddd8c8d92b 100644 --- a/lib/private/Share20/Manager.php +++ b/lib/private/Share20/Manager.php @@ -735,7 +735,7 @@ class Manager implements IManager { $text = $l->t('%s shared »%s« with you.', [$initiatorDisplayName, $filename]); $emailTemplate->addBodyText( - $text . ' ' . $l->t('Click the button below to open it.'), + htmlspecialchars($text . ' ' . $l->t('Click the button below to open it.')), $text ); $emailTemplate->addBodyButton( |