diff options
Diffstat (limited to 'core')
| -rw-r--r-- | core/js/js.js | 2 | ||||
| -rw-r--r-- | core/js/share.js | 44 | ||||
| -rw-r--r-- | core/js/tests/specs/coreSpec.js | 11 | ||||
| -rw-r--r-- | core/templates/login.php | 3 |
4 files changed, 46 insertions, 14 deletions
diff --git a/core/js/js.js b/core/js/js.js index cbe466bf11c..a859034ed01 100644 --- a/core/js/js.js +++ b/core/js/js.js @@ -154,7 +154,7 @@ function n(app, text_singular, text_plural, count, vars) { * @return {string} Sanitized string */ function escapeHTML(s) { - return s.toString().split('&').join('&').split('<').join('<').split('"').join('"'); + return s.toString().split('&').join('&').split('<').join('<').split('>').join('>').split('"').join('"').split('\'').join('''); } /** diff --git a/core/js/share.js b/core/js/share.js index 90f6c7fdc7c..0c6d39e446c 100644 --- a/core/js/share.js +++ b/core/js/share.js @@ -48,23 +48,26 @@ OC.Share={ currentDir = fileList.getCurrentDirectory(); } for (item in OC.Share.statuses){ - var image; + var image = OC.imagePath('core', 'actions/shared'); var data = OC.Share.statuses[item]; - var hasLink = data.link; // Links override shared in terms of icon display if (hasLink) { image = OC.imagePath('core', 'actions/public'); - } else { - image = OC.imagePath('core', 'actions/shared'); } if (itemType !== 'file' && itemType !== 'folder') { $fileList.find('a.share[data-item="'+item+'"]').css('background', 'url('+image+') no-repeat center'); } else { var file = $fileList.find('tr[data-id="'+item+'"]'); + var shareFolder = OC.imagePath('core', 'filetypes/folder-shared'); + var img; if (file.length > 0) { + var type = file.data('type'); + if (type === 'dir') { + file.children('.filename').css('background-image', 'url('+shareFolder+')'); + } var action = $(file).find('.fileactions .action[data-action="Share"]'); - var img = action.find('img').attr('src', image); + img = action.find('img').attr('src', image); action.addClass('permanent'); action.html(' <span>'+t('core', 'Shared')+'</span>').prepend(img); } else { @@ -76,14 +79,21 @@ OC.Share={ while (path != last) { if (path === data.path && !data.link) { var actions = $fileList.find('.fileactions .action[data-action="Share"]'); - $.each(actions, function(index, action) { - var img = $(action).find('img'); + var files = $fileList.find('.filename'); + var i; + for (i = 0; i < actions.length; i++) { + img = $(actions[i]).find('img'); if (img.attr('src') !== OC.imagePath('core', 'actions/public')) { img.attr('src', image); - $(action).addClass('permanent'); - $(action).html(' <span>'+t('core', 'Shared')+'</span>').prepend(img); + $(actions[i]).addClass('permanent'); + $(actions[i]).html(' <span>'+t('core', 'Shared')+'</span>').prepend(img); + } + } + for(i = 0; i < files.length; i++) { + if ($(files[i]).closest('tr').data('type') === 'dir') { + $(files[i]).css('background-image', 'url('+shareFolder+')'); } - }); + } } last = path; path = OC.Share.dirname(path); @@ -117,6 +127,14 @@ OC.Share={ } else { var file = $('tr').filterAttr('data-id', String(itemSource)); if (file.length > 0) { + var type = file.data('type'); + var shareFolder = OC.imagePath('core', 'filetypes/folder'); + if (type === 'dir' && shares) { + shareFolder = OC.imagePath('core', 'filetypes/folder-shared'); + file.children('.filename').css('background-image', 'url('+shareFolder+')'); + } else if (type === 'dir') { + file.children('.filename').css('background-image', 'url('+shareFolder+')'); + } var action = $(file).find('.fileactions .action').filterAttr('data-action', 'Share'); // in case of multiple lists/rows, there might be more than one visible action.each(function() { @@ -517,10 +535,10 @@ OC.Share={ showLink:function(token, password, itemSource) { OC.Share.itemShares[OC.Share.SHARE_TYPE_LINK] = true; $('#linkCheckbox').attr('checked', true); - + //check itemType var linkSharetype=$('#dropdown').data('item-type'); - + if (! token) { //fallback to pre token link var filename = $('tr').filterAttr('data-id', String(itemSource)).data('file'); @@ -540,7 +558,7 @@ OC.Share={ }else{ service=linkSharetype; } - + var link = parent.location.protocol+'//'+location.host+OC.linkTo('', 'public.php')+'?service='+service+'&t='+token; } diff --git a/core/js/tests/specs/coreSpec.js b/core/js/tests/specs/coreSpec.js index 6b85d8be166..47e5ebfed55 100644 --- a/core/js/tests/specs/coreSpec.js +++ b/core/js/tests/specs/coreSpec.js @@ -124,6 +124,17 @@ describe('Core base tests', function() { expect(OC.dirname('/subdir/')).toEqual('/subdir'); }); }); + describe('escapeHTML', function() { + it('Returns nothing if no string was given', function() { + expect(escapeHTML('')).toEqual(''); + }); + it('Returns a sanitized string if a string containing HTML is given', function() { + expect(escapeHTML('There needs to be a <script>alert(\"Unit\" + \'test\')</script> for it!')).toEqual('There needs to be a <script>alert("Unit" + 'test')</script> for it!'); + }); + it('Returns the string without modification if no potentially dangerous character is passed.', function() { + expect(escapeHTML('This is a good string without HTML.')).toEqual('This is a good string without HTML.'); + }); + }); describe('Link functions', function() { var TESTAPP = 'testapp'; var TESTAPP_ROOT = OC.webroot + '/appsx/testapp'; diff --git a/core/templates/login.php b/core/templates/login.php index 669d20b32e4..0f25f853b02 100644 --- a/core/templates/login.php +++ b/core/templates/login.php @@ -1,3 +1,5 @@ +<?php /** @var $l OC_L10N */ ?> + <!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]--> <form method="post" name="login"> <fieldset> @@ -51,6 +53,7 @@ <label for="remember_login"><?php p($l->t('remember')); ?></label> <?php endif; ?> <input type="hidden" name="timezone-offset" id="timezone-offset"/> + <input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" /> <input type="submit" id="submit" class="login primary" value="<?php p($l->t('Log in')); ?>" disabled="disabled"/> </fieldset> </form> |