6 files changed, 26 insertions, 5 deletions

diff --git a/settings/admin.php b/settings/admin.php
index 4cbd67c3678..8369ee64e06 100644..100755
--- a/settings/admin.php
+++ b/settings/admin.php
@@ -15,6 +15,7 @@ OC_App::setActiveNavigationEntry( "admin" );
 
 $tmpl = new OC_Template( 'settings', 'admin', 'user');
 $forms=OC_App::getForms('admin');
+$htaccessworking=OC_Util::ishtaccessworking();
 
 $entries=OC_Log_Owncloud::getEntries(3);
 function compareEntries($a,$b){
@@ -23,7 +24,8 @@ function compareEntries($a,$b){
 usort($entries, 'compareEntries');
 
 $tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 ));
-$tmpl->assign('entries',$entries,false);
+$tmpl->assign('entries',$entries);
+$tmpl->assign('htaccessworking',$htaccessworking);
 $tmpl->assign('forms',array());
 foreach($forms as $form){
 	$tmpl->append('forms',$form);
diff --git a/settings/ajax/getlog.php b/settings/ajax/getlog.php
index ed48b2cae1a..d9e80de37ba 100644
--- a/settings/ajax/getlog.php
+++ b/settings/ajax/getlog.php
@@ -14,4 +14,4 @@ $count=(isset($_GET['count']))?$_GET['count']:50;
 $offset=(isset($_GET['offset']))?$_GET['offset']:0;
 
 $entries=OC_Log_Owncloud::getEntries($count,$offset);
-OC_JSON::success(array("data" => $entries));
+OC_JSON::success(array("data" => OC_Util::sanitizeHTML($entries)));
diff --git a/settings/ajax/togglegroups.php b/settings/ajax/togglegroups.php
index f76e22f51d2..7773c1049c3 100644
--- a/settings/ajax/togglegroups.php
+++ b/settings/ajax/togglegroups.php
@@ -10,7 +10,7 @@ $error = "add user to";
 $action = "add";
 
 $username = $_POST["username"];
-$group = htmlentities($_POST["group"]);
+$group = OC_Util::sanitizeHTML($_POST["group"]);
 
 if(!OC_Group::groupExists($group)){
 	OC_Group::createGroup($group);
diff --git a/settings/css/settings.css b/settings/css/settings.css
index df1e3cfd3c2..80e96df5e66 100644
--- a/settings/css/settings.css
+++ b/settings/css/settings.css
@@ -48,5 +48,8 @@ li.active { color:#000; }
 small.externalapp { color:#FFF; background-color:#BBB; font-weight:bold; font-size:6pt; padding:4px; border-radius: 4px;}
 span.version { margin-left:3em; color:#ddd; }
 
-/* LOF */
+/* LOG */
 #log { white-space:normal; }
+
+/* ADMIN */
+span.securitywarning {color:#C33; font-weight:bold; }
diff --git a/settings/personal.php b/settings/personal.php
index 64e08be89eb..26a9f601d9a 100644
--- a/settings/personal.php
+++ b/settings/personal.php
@@ -17,7 +17,8 @@ OC_App::setActiveNavigationEntry( 'personal' );
 
 // calculate the disc space
 $rootInfo=OC_FileCache::get('');
-$used=$rootInfo['size'];
+$sharedInfo=OC_FileCache::get('/Shared');

+$used=$rootInfo['size']-$sharedInfo['size'];
 $free=OC_Filesystem::free_space();
 $total=$free+$used;
 if($total==0) $total=1;  // prevent division by zero
diff --git a/settings/templates/admin.php b/settings/templates/admin.php
index 38c6042c82a..a9f727d6764 100644..100755
--- a/settings/templates/admin.php
+++ b/settings/templates/admin.php
@@ -6,6 +6,21 @@
 $levels=array('Debug','Info','Warning','Error','Fatal');
 ?>
 
+<?php
+
+if(!$_['htaccessworking']) {
+?>
+<fieldset class="personalblock">
+	<legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
+
+	<span class="securitywarning">Your data directory and your files are probably accessible from the internet. The .htaccess file that ownCloud provides is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.</span>
+	
+</fieldset>	
+<?php	
+}
+?>
+
+
 <?php foreach($_['forms'] as $form){
 	echo $form;
 };?>