From 86a7202cda9d0a2c06018f1ca08a9bced31e2887 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Mon, 4 Mar 2013 00:11:46 +0100 Subject: [PATCH] Sanitize uid, group and quota --- settings/js/users.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/settings/js/users.js b/settings/js/users.js index 2c27c6d766..9bc7455285 100644 --- a/settings/js/users.js +++ b/settings/js/users.js @@ -27,7 +27,7 @@ var UserList = { // Provide user with option to undo $('#notification').data('deleteuser', true); - OC.Notification.showHtml(t('users', 'deleted') + ' ' + uid + '' + t('users', 'undo') + ''); + OC.Notification.showHtml(t('users', 'deleted') + ' ' + escapeHTML(uid) + '' + t('users', 'undo') + ''); }, /** @@ -80,9 +80,9 @@ var UserList = { } var allGroups = String($('#content table').attr('data-groups')).split(', '); $.each(allGroups, function (i, group) { - groupsSelect.append($('')); + groupsSelect.append($('')); if (typeof subadminSelect !== 'undefined' && group != 'admin') { - subadminSelect.append($('')); + subadminSelect.append($('')); } }); tr.find('td.groups').append(groupsSelect); @@ -111,7 +111,7 @@ var UserList = { if (quotaSelect.find('option[value="' + quota + '"]').length > 0) { quotaSelect.find('option[value="' + quota + '"]').attr('selected', 'selected'); } else { - quotaSelect.append(''); + quotaSelect.append(''); } } var added = false; @@ -224,7 +224,7 @@ var UserList = { var addSubAdmin = function (group) { $('select[multiple]').each(function (index, element) { if ($(element).find('option[value="' + group + '"]').length == 0) { - $(element).append(''); + $(element).append(''); } }) };