From 089ae980c40544de54a10d407fd366f61ef5ec48 Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Tue, 19 Jun 2012 17:24:55 +0200
Subject: [PATCH] use new sanitize HTML function
---
index.php | 2 +-
lib/template.php | 8 +-------
settings/admin.php | 2 +-
settings/ajax/getlog.php | 2 +-
settings/js/log.js | 2 +-
5 files changed, 5 insertions(+), 11 deletions(-)
diff --git a/index.php b/index.php
index 1171c0fe0cf..e3c94adf66f 100755
--- a/index.php
+++ b/index.php
@@ -122,7 +122,7 @@ elseif(OC_User::isLoggedIn()) {
if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){
$sectoken=rand(1000000,9999999);
$_SESSION['sectoken']=$sectoken;
- $redirect_url = (isset($_REQUEST['redirect_url'])) ? strip_tags($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI'];
+ $redirect_url = (isset($_REQUEST['redirect_url'])) ? OC_Util::sanitizeHTML($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI'];
OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url));
}
}
diff --git a/lib/template.php b/lib/template.php
index 77e9332d5b3..75b33d8aace 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -308,13 +308,7 @@ class OC_Template{
* If the key existed before, it will be overwritten
*/
public function assign( $key, $value, $sanitizeHTML=true ){
- if($sanitizeHTML == true) {
- if(is_array($value)) {
- array_walk_recursive($value,'OC_Template::sanitizeHTML');
- } else {
- $value = OC_Template::sanitizeHTML($value);
- }
- }
+ if($sanitizeHTML == true) $value=OC_Util::sanitizeHTML($value);
$this->vars[$key] = $value;
return true;
}
diff --git a/settings/admin.php b/settings/admin.php
index 4cbd67c3678..a997bad4e3c 100644
--- a/settings/admin.php
+++ b/settings/admin.php
@@ -23,7 +23,7 @@ function compareEntries($a,$b){
usort($entries, 'compareEntries');
$tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 ));
-$tmpl->assign('entries',$entries,false);
+$tmpl->assign('entries',$entries);
$tmpl->assign('forms',array());
foreach($forms as $form){
$tmpl->append('forms',$form);
diff --git a/settings/ajax/getlog.php b/settings/ajax/getlog.php
index ed48b2cae1a..d9e80de37ba 100644
--- a/settings/ajax/getlog.php
+++ b/settings/ajax/getlog.php
@@ -14,4 +14,4 @@ $count=(isset($_GET['count']))?$_GET['count']:50;
$offset=(isset($_GET['offset']))?$_GET['offset']:0;
$entries=OC_Log_Owncloud::getEntries($count,$offset);
-OC_JSON::success(array("data" => $entries));
+OC_JSON::success(array("data" => OC_Util::sanitizeHTML($entries)));
diff --git a/settings/js/log.js b/settings/js/log.js
index bde8b8b104c..6063c7d9a9f 100644
--- a/settings/js/log.js
+++ b/settings/js/log.js
@@ -39,7 +39,7 @@ OC.Log={
row.append(appTd);
var messageTd=$('<td/>');
- messageTd.text(entry.message.replace(/</, "<").replace(/>/, ">"));
+ messageTd.text(entry.message);
row.append(messageTd);
var timeTd=$('<td/>');
--
GitLab