Merge pull request #21022 from owncloud/get-rid-of-by-reference
Get rid of by reference
This commit is contained in:
Thomas Müller
commit
fe8dc0bd5e
|
|
@ -12,7 +12,7 @@ script('core', [
|
|||
<form method="post" name="login">
|
||||
<fieldset>
|
||||
<?php if (!empty($_['redirect_url'])) {
|
||||
print_unescaped('<input type="hidden" name="redirect_url" value="' . OC_Util::sanitizeHTML($_['redirect_url']) . '">');
|
||||
print_unescaped('<input type="hidden" name="redirect_url" value="' . \OCP\Util::sanitizeHTML($_['redirect_url']) . '">');
|
||||
} ?>
|
||||
<?php if (isset($_['apacheauthfailed']) && ($_['apacheauthfailed'])): ?>
|
||||
<div class="warning">
|
||||
|
|
|
|||
|
|
@ -226,12 +226,12 @@ class OC_Template extends \OC\Template\Base {
|
|||
// Add custom headers
|
||||
$headers = '';
|
||||
foreach(OC_Util::$headers as $header) {
|
||||
$headers .= '<'.OC_Util::sanitizeHTML($header['tag']);
|
||||
$headers .= '<'.\OCP\Util::sanitizeHTML($header['tag']);
|
||||
foreach($header['attributes'] as $name=>$value) {
|
||||
$headers .= ' '.OC_Util::sanitizeHTML($name).'="'.OC_Util::sanitizeHTML($value).'"';
|
||||
$headers .= ' '.\OCP\Util::sanitizeHTML($name).'="'.\OCP\Util::sanitizeHTML($value).'"';
|
||||
}
|
||||
if ($header['text'] !== null) {
|
||||
$headers .= '>'.OC_Util::sanitizeHTML($header['text']).'</'.OC_Util::sanitizeHTML($header['tag']).'>';
|
||||
$headers .= '>'.\OCP\Util::sanitizeHTML($header['text']).'</'.\OCP\Util::sanitizeHTML($header['tag']).'>';
|
||||
} else {
|
||||
$headers .= '/>';
|
||||
}
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@
|
|||
* @param string $string the string which will be escaped and printed
|
||||
*/
|
||||
function p($string) {
|
||||
print(OC_Util::sanitizeHTML($string));
|
||||
print(\OCP\Util::sanitizeHTML($string));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -262,7 +262,7 @@ function html_select_options($options, $selected, $params=array()) {
|
|||
$label = $label[$label_name];
|
||||
}
|
||||
$select = in_array($value, $selected) ? ' selected="selected"' : '';
|
||||
$html .= '<option value="' . OC_Util::sanitizeHTML($value) . '"' . $select . '>' . OC_Util::sanitizeHTML($label) . '</option>'."\n";
|
||||
$html .= '<option value="' . \OCP\Util::sanitizeHTML($value) . '"' . $select . '>' . \OCP\Util::sanitizeHTML($label) . '</option>'."\n";
|
||||
}
|
||||
return $html;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1177,14 +1177,16 @@ class OC_Util {
|
|||
* This function is used to sanitize HTML and should be applied on any
|
||||
* string or array of strings before displaying it on a web page.
|
||||
*
|
||||
* @param string|array &$value
|
||||
* @param string|array $value
|
||||
* @return string|array an array of sanitized strings or a single sanitized string, depends on the input parameter.
|
||||
*/
|
||||
public static function sanitizeHTML(&$value) {
|
||||
public static function sanitizeHTML($value) {
|
||||
if (is_array($value)) {
|
||||
array_walk_recursive($value, 'OC_Util::sanitizeHTML');
|
||||
$value = array_map(function($value) {
|
||||
return self::sanitizeHTML($value);
|
||||
}, $value);
|
||||
} else {
|
||||
//Specify encoding for PHP<5.4
|
||||
// Specify encoding for PHP<5.4
|
||||
$value = htmlspecialchars((string)$value, ENT_QUOTES, 'UTF-8');
|
||||
}
|
||||
return $value;
|
||||
|
|
|
|||
|
|
@ -497,11 +497,11 @@ class Util {
|
|||
* string or array of strings before displaying it on a web page.
|
||||
*
|
||||
* @param string|array $value
|
||||
* @return string|array an array of sanitized strings or a single sinitized string, depends on the input parameter.
|
||||
* @return string|array an array of sanitized strings or a single sanitized string, depends on the input parameter.
|
||||
* @since 4.5.0
|
||||
*/
|
||||
public static function sanitizeHTML( $value ) {
|
||||
return(\OC_Util::sanitizeHTML($value));
|
||||
public static function sanitizeHTML($value) {
|
||||
return \OC_Util::sanitizeHTML($value);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ if ($_['mail_smtpmode'] == 'qmail') {
|
|||
if (isset($form['anchor'])) {
|
||||
$anchor = '#' . $form['anchor'];
|
||||
$sectionName = $form['section-name'];
|
||||
print_unescaped(sprintf("<li><a href='%s'>%s</a></li>", OC_Util::sanitizeHTML($anchor), OC_Util::sanitizeHTML($sectionName)));
|
||||
print_unescaped(sprintf("<li><a href='%s'>%s</a></li>", \OCP\Util::sanitizeHTML($anchor), \OCP\Util::sanitizeHTML($sectionName)));
|
||||
}
|
||||
}?>
|
||||
</ul>
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
if (isset($form['anchor'])) {
|
||||
$anchor = '#' . $form['anchor'];
|
||||
$sectionName = $form['section-name'];
|
||||
print_unescaped(sprintf("<li><a href='%s'>%s</a></li>", OC_Util::sanitizeHTML($anchor), OC_Util::sanitizeHTML($sectionName)));
|
||||
print_unescaped(sprintf("<li><a href='%s'>%s</a></li>", \OCP\Util::sanitizeHTML($anchor), \OCP\Util::sanitizeHTML($sectionName)));
|
||||
}
|
||||
}?>
|
||||
</ul>
|
||||
|
|
|
|||
|
|
@ -95,16 +95,22 @@ class Test_Util extends \Test\TestCase {
|
|||
}
|
||||
|
||||
function testSanitizeHTML() {
|
||||
$badArray = array(
|
||||
$badArray = [
|
||||
'While it is unusual to pass an array',
|
||||
'this function actually <blink>supports</blink> it.',
|
||||
'And therefore there needs to be a <script>alert("Unit"+\'test\')</script> for it!'
|
||||
);
|
||||
$goodArray = array(
|
||||
'And therefore there needs to be a <script>alert("Unit"+\'test\')</script> for it!',
|
||||
[
|
||||
'And It Even May <strong>Nest</strong>',
|
||||
],
|
||||
];
|
||||
$goodArray = [
|
||||
'While it is unusual to pass an array',
|
||||
'this function actually <blink>supports</blink> it.',
|
||||
'And therefore there needs to be a <script>alert("Unit"+'test')</script> for it!'
|
||||
);
|
||||
'And therefore there needs to be a <script>alert("Unit"+'test')</script> for it!',
|
||||
[
|
||||
'And It Even May <strong>Nest</strong>'
|
||||
],
|
||||
];
|
||||
$result = OC_Util::sanitizeHTML($badArray);
|
||||
$this->assertEquals($goodArray, $result);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue