mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #3868 from nextcloud/issue-3834-escape-theming-footer 

Correctly escape the footer description from theming
This commit is contained in:
Joas Schilling 2017-03-20 11:56:29 +01:00 committed by GitHub
parent a3739906f6 b3556456b6
commit 25f772d592
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/files_sharing/templates/public.php
View File

@ -120,7 +120,7 @@ $maxUploadFilesize = min($upload_max_filesize, $post_max_size);
<input type="hidden" name="dir" id="dir" value="" /> <input type="hidden" name="dir" id="dir" value="" />
<div class="hiddenuploadfield"> <div class="hiddenuploadfield">
<input type="file" id="file_upload_start" class="hiddenuploadfield" name="files[]" <input type="file" id="file_upload_start" class="hiddenuploadfield" name="files[]"
data-url="<?php print_unescaped(OCP\Util::linkTo('files', 'ajax/upload.php')); ?>" /> data-url="<?php p(OCP\Util::linkTo('files', 'ajax/upload.php')); ?>" />
</div> </div>
<?php endif; ?> <?php endif; ?>
<footer> <footer>

9
apps/theming/lib/ThemingDefaults.php
View File

@ -28,6 +28,7 @@ use OCP\IConfig;
use OCP\IL10N; use OCP\IL10N;
use OCP\IURLGenerator; use OCP\IURLGenerator;
use OCP\Files\IRootFolder; use OCP\Files\IRootFolder;
use OCP\Util;
class ThemingDefaults extends \OC_Defaults { class ThemingDefaults extends \OC_Defaults {
@ -81,7 +82,7 @@ class ThemingDefaults extends \OC_Defaults {
} }
public function getName() { public function getName() {
return $this->config->getAppValue('theming', 'name', $this->name); return strip_tags($this->config->getAppValue('theming', 'name', $this->name));
} }
public function getHTMLName() { public function getHTMLName() {
@ -89,11 +90,11 @@ class ThemingDefaults extends \OC_Defaults {
} }
public function getTitle() { public function getTitle() {
return $this->config->getAppValue('theming', 'name', $this->name); return $this->getName();
} }
public function getEntity() { public function getEntity() {
return $this->config->getAppValue('theming', 'name', $this->name); return $this->getName();
} }
public function getBaseUrl() { public function getBaseUrl() {
@ -101,7 +102,7 @@ class ThemingDefaults extends \OC_Defaults {
} }
public function getSlogan() { public function getSlogan() {
return $this->config->getAppValue('theming', 'slogan', $this->slogan); return Util::sanitizeHTML($this->config->getAppValue('theming', 'slogan', $this->slogan));
} }
public function getShortFooter() { public function getShortFooter() {