diff --git a/core/templates/403.php b/core/templates/403.php
index fbf0e64fdb6e570692667b39965ed87ea347504b..6e910fd2e829262ed03db8b6e9db481a7e3e404a 100644
--- a/core/templates/403.php
+++ b/core/templates/403.php
@@ -9,7 +9,7 @@ if(!isset($_)) {//also provide standalone error page
?>
<ul>
<li class='error'>
- <?php echo $l->t( 'Access forbidden' ); ?><br/>
- <p class='hint'><?php if(isset($_['file'])) echo $_['file']?></p>
+ <?php p($l->t( 'Access forbidden' )); ?><br/>
+ <p class='hint'><?php if(isset($_['file'])) p($_['file'])?></p>
</li>
</ul>
diff --git a/core/templates/404.php b/core/templates/404.php
index c111fd70fa92eb17d1597e83c54b20a00b8c4de5..ee17f0de8e1957c5b66335010ee163005a52409a 100644
--- a/core/templates/404.php
+++ b/core/templates/404.php
@@ -9,7 +9,7 @@ if(!isset($_)) {//also provide standalone error page
?>
<ul>
<li class='error'>
- <?php echo $l->t( 'Cloud not found' ); ?><br/>
- <p class='hint'><?php if(isset($_['file'])) echo $_['file']?></p>
+ <?php p($l->t( 'Cloud not found' )); ?><br/>
+ <p class='hint'><?php if(isset($_['file'])) p($_['file'])?></p>
</li>
</ul>
diff --git a/core/templates/edit_categories_dialog.php b/core/templates/edit_categories_dialog.php
index d0b7b5ee62afe254329e5c6c962e36259f6dadd9..ea155bdf0ba3532456f5a83e54eafeb624d23e08 100644
--- a/core/templates/edit_categories_dialog.php
+++ b/core/templates/edit_categories_dialog.php
@@ -1,19 +1,19 @@
<?php
$categories = isset($_['categories'])?$_['categories']:array();
?>
-<div id="edit_categories_dialog" title="<?php echo $l->t('Edit categories'); ?>">
+<div id="edit_categories_dialog" title="<?php p($l->t('Edit categories')); ?>">
<!-- ?php print_r($types); ? -->
<form method="post" id="categoryform">
<div class="scrollarea">
<ul id="categorylist">
<?php foreach($categories as $category): ?>
- <li><input type="checkbox" name="categories[]" value="<?php echo $category; ?>" /><?php echo $category; ?></li>
+ <li><input type="checkbox" name="categories[]" value="<?php p($category); ?>" /><?php p($category); ?></li>
<?php endforeach; ?>
</ul>
</div>
<div class="bottombuttons">
<input type="text" id="category_addinput" name="category" />
- <button id="category_addbutton" disabled="disabled"><?php echo $l->t('Add'); ?></button>
+ <button id="category_addbutton" disabled="disabled"><?php p($l->t('Add')); ?></button>
</div>
</form>
</div>
diff --git a/core/templates/error.php b/core/templates/error.php
index 4f05e008f99b0857536adb37af798ab86945ffa6..3305f3fba9c54f73c032ca4e2808aa7791fc10f2 100644
--- a/core/templates/error.php
+++ b/core/templates/error.php
@@ -1,8 +1,8 @@
<ul>
<?php foreach($_["errors"] as $error):?>
<li class='error'>
- <?php echo $error['error'] ?><br/>
- <p class='hint'><?php if(isset($error['hint']))echo $error['hint'] ?></p>
+ <?php p($error['error']) ?><br/>
+ <p class='hint'><?php if(isset($error['hint']))p($error['hint']) ?></p>
</li>
<?php endforeach ?>
</ul>
diff --git a/core/templates/installation.php b/core/templates/installation.php
index aca9648d0bfd81db249ebea698574cb9fbced7d4..f8c91e37eb44703176bf79c8afe356b5aef05181 100644
--- a/core/templates/installation.php
+++ b/core/templates/installation.php
@@ -1,8 +1,8 @@
-<input type='hidden' id='hasMySQL' value='<?php echo $_['hasMySQL'] ?>'>
-<input type='hidden' id='hasSQLite' value='<?php echo $_['hasSQLite'] ?>'>
-<input type='hidden' id='hasPostgreSQL' value='<?php echo $_['hasPostgreSQL'] ?>'>
-<input type='hidden' id='hasOracle' value='<?php echo $_['hasOracle'] ?>'>
-<input type='hidden' id='hasMSSQL' value='<?php echo $_['hasMSSQL'] ?>'>
+<input type='hidden' id='hasMySQL' value='<?php p($_['hasMySQL']) ?>'>
+<input type='hidden' id='hasSQLite' value='<?php p($_['hasSQLite']) ?>'>
+<input type='hidden' id='hasPostgreSQL' value='<?php p($_['hasPostgreSQL']) ?>'>
+<input type='hidden' id='hasOracle' value='<?php p($_['hasOracle']) ?>'>
+<input type='hidden' id='hasMSSQL' value='<?php p($_['hasMSSQL']) ?>'>
<form action="index.php" method="post">
<input type="hidden" name="install" value="true" />
<?php if(count($_['errors']) > 0): ?>
@@ -10,10 +10,10 @@
<?php foreach($_['errors'] as $err): ?>
<li>
<?php if(is_array($err)):?>
- <?php print $err['error']; ?>
- <p class='hint'><?php print $err['hint']; ?></p>
+ <?php print_unescaped($err['error']); ?>
+ <p class='hint'><?php print_unescaped($err['hint']); ?></p>
<?php else: ?>
- <?php print $err; ?>
+ <?php print_unescaped($err); ?>
<?php endif; ?>
</li>
<?php endforeach; ?>
@@ -21,54 +21,54 @@
<?php endif; ?>
<?php if(!$_['secureRNG']): ?>
<fieldset class="warning">
- <legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
- <p><?php echo $l->t('No secure random number generator is available, please enable the PHP OpenSSL extension.');?><br/>
- <?php echo $l->t('Without a secure random number generator an attacker may be able to predict password reset tokens and take over your account.');?></p>
+ <legend><strong><?php p($l->t('Security Warning'));?></strong></legend>
+ <p><?php p($l->t('No secure random number generator is available, please enable the PHP OpenSSL extension.'));?><br/>
+ <?php p($l->t('Without a secure random number generator an attacker may be able to predict password reset tokens and take over your account.'));?></p>
</fieldset>
<?php endif; ?>
<?php if(!$_['htaccessWorking']): ?>
<fieldset class="warning">
- <legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
- <p><?php echo $l->t('Your data directory and files are probably accessible from the internet because the .htaccess file does not work.');?><br>
- <?php echo $l->t('For information how to properly configure your server, please see the <a href="http://doc.owncloud.org/server/5.0/admin_manual/installation.html" target="_blank">documentation</a>.');?></p>
+ <legend><strong><?php p($l->t('Security Warning'));?></strong></legend>
+ <p><?php p($l->t('Your data directory and files are probably accessible from the internet because the .htaccess file does not work.'));?><br>
+ <?php print_unescaped($l->t('For information how to properly configure your server, please see the <a href="http://doc.owncloud.org/server/5.0/admin_manual/installation.html" target="_blank">documentation</a>.'));?></p>
</fieldset>
<?php endif; ?>
<fieldset id="adminaccount">
- <legend><?php echo $l->t( 'Create an <strong>admin account</strong>' ); ?></legend>
+ <legend><?php print_unescaped($l->t( 'Create an <strong>admin account</strong>' )); ?></legend>
<p class="infield grouptop">
<input type="text" name="adminlogin" id="adminlogin"
- value="<?php print OC_Helper::init_var('adminlogin'); ?>" autocomplete="off" autofocus required />
- <label for="adminlogin" class="infield"><?php echo $l->t( 'Username' ); ?></label>
- <img class="svg" src="<?php echo image_path('', 'actions/user.svg'); ?>" alt="" />
+ value="<?php p(OC_Helper::init_var('adminlogin')); ?>" autocomplete="off" autofocus required />
+ <label for="adminlogin" class="infield"><?php p($l->t( 'Username' )); ?></label>
+ <img class="svg" src="<?php p(image_path('', 'actions/user.svg')); ?>" alt="" />
</p>
<p class="infield groupbottom">
<input type="password" name="adminpass" data-typetoggle="#show" id="adminpass"
- value="<?php print OC_Helper::init_var('adminpass'); ?>" />
- <label for="adminpass" class="infield"><?php echo $l->t( 'Password' ); ?></label>
- <img class="svg" id="adminpass-icon" src="<?php echo image_path('', 'actions/password.svg'); ?>" alt="" />
+ value="<?php p(OC_Helper::init_var('adminpass')); ?>" />
+ <label for="adminpass" class="infield"><?php p($l->t( 'Password' )); ?></label>
+ <img class="svg" id="adminpass-icon" src="<?php print_unescaped(image_path('', 'actions/password.svg')); ?>" alt="" />
<input type="checkbox" id="show" name="show" />
<label for="show"></label>
</p>
</fieldset>
<fieldset id="datadirField">
- <legend><a id="showAdvanced"><?php echo $l->t( 'Advanced' ); ?> <img class="svg" src="<?php echo image_path('', 'actions/caret-dark.svg'); ?>" /></a></legend>
+ <legend><a id="showAdvanced"><?php p($l->t( 'Advanced' )); ?> <img class="svg" src="<?php print_unescaped(image_path('', 'actions/caret-dark.svg')); ?>" /></a></legend>
<div id="datadirContent">
- <label for="directory"><?php echo $l->t( 'Data folder' ); ?></label>
+ <label for="directory"><?php p($l->t( 'Data folder' )); ?></label>
<input type="text" name="directory" id="directory"
- value="<?php print OC_Helper::init_var('directory', $_['directory']); ?>" />
+ value="<?php p(OC_Helper::init_var('directory', $_['directory'])); ?>" />
</div>
</fieldset>
<fieldset id='databaseField'>
<?php if($_['hasMySQL'] or $_['hasPostgreSQL'] or $_['hasOracle'] or $_['hasMSSQL'])
$hasOtherDB = true; else $hasOtherDB =false; //other than SQLite ?>
- <legend><?php echo $l->t( 'Configure the database' ); ?></legend>
+ <legend><?php p($l->t( 'Configure the database' ); ?></legend>
<div id="selectDbType">
<?php if($_['hasSQLite']): ?>
<input type='hidden' id='hasSQLite' value="true" />
<?php if(!$hasOtherDB): ?>
- <p>SQLite <?php echo $l->t( 'will be used' ); ?>.</p>
+ <p>SQLite <?php p($l->t( 'will be used' )); ?>.</p>
<input type="hidden" id="dbtype" name="dbtype" value="sqlite" />
<?php else: ?>
<input type="radio" name="dbtype" value="sqlite" id="sqlite"
@@ -80,7 +80,7 @@
<?php if($_['hasMySQL']): ?>
<input type='hidden' id='hasMySQL' value='true'/>
<?php if(!$_['hasSQLite'] and !$_['hasPostgreSQL'] and !$_['hasOracle'] and !$_['hasMSSQL']): ?>
- <p>MySQL <?php echo $l->t( 'will be used' ); ?>.</p>
+ <p>MySQL <?php p($l->t( 'will be used' )); ?>.</p>
<input type="hidden" id="dbtype" name="dbtype" value="mysql" />
<?php else: ?>
<input type="radio" name="dbtype" value="mysql" id="mysql"
@@ -91,7 +91,7 @@
<?php if($_['hasPostgreSQL']): ?>
<?php if(!$_['hasSQLite'] and !$_['hasMySQL'] and !$_['hasOracle'] and !$_['hasMSSQL']): ?>
- <p>PostgreSQL <?php echo $l->t( 'will be used' ); ?>.</p>
+ <p>PostgreSQL <?php p($l->t( 'will be used' )); ?>.</p>
<input type="hidden" id="dbtype" name="dbtype" value="pgsql" />
<?php else: ?>
<label class="pgsql" for="pgsql">PostgreSQL</label>
@@ -102,7 +102,7 @@
<?php if($_['hasOracle']): ?>
<?php if(!$_['hasSQLite'] and !$_['hasMySQL'] and !$_['hasPostgreSQL'] and !$_['hasMSSQL']): ?>
- <p>Oracle <?php echo $l->t( 'will be used' ); ?>.</p>
+ <p>Oracle <?php p($l->t( 'will be used' )); ?>.</p>
<input type="hidden" id="dbtype" name="dbtype" value="oci" />
<?php else: ?>
<label class="oci" for="oci">Oracle</label>
@@ -114,7 +114,7 @@
<?php if($_['hasMSSQL']): ?>
<input type='hidden' id='hasMSSQL' value='true'/>
<?php if(!$_['hasSQLite'] and !$_['hasMySQL'] and !$_['hasPostgreSQL'] and !$_['hasOracle']): ?>
- <p>MS SQL <?php echo $l->t( 'will be used' ); ?>.</p>
+ <p>MS SQL <?php p($l->t( 'will be used' )); ?>.</p>
<input type="hidden" id="dbtype" name="dbtype" value="mssql" />
<?php else: ?>
<label class="mssql" for="mssql">MS SQL</label>
@@ -126,19 +126,19 @@
<?php if($hasOtherDB): ?>
<div id="use_other_db">
<p class="infield grouptop">
- <label for="dbuser" class="infield"><?php echo $l->t( 'Database user' ); ?></label>
+ <label for="dbuser" class="infield"><?php p($l->t( 'Database user' )); ?></label>
<input type="text" name="dbuser" id="dbuser"
- value="<?php print OC_Helper::init_var('dbuser'); ?>" autocomplete="off" />
+ value="<?php p(OC_Helper::init_var('dbuser')); ?>" autocomplete="off" />
</p>
<p class="infield groupmiddle">
- <label for="dbpass" class="infield"><?php echo $l->t( 'Database password' ); ?></label>
+ <label for="dbpass" class="infield"><?php p($l->t( 'Database password' )); ?></label>
<input type="password" name="dbpass" id="dbpass"
- value="<?php print OC_Helper::init_var('dbpass'); ?>" />
+ value="<?php p(OC_Helper::init_var('dbpass')); ?>" />
</p>
<p class="infield groupmiddle">
- <label for="dbname" class="infield"><?php echo $l->t( 'Database name' ); ?></label>
+ <label for="dbname" class="infield"><?php p($l->t( 'Database name' )); ?></label>
<input type="text" name="dbname" id="dbname"
- value="<?php print OC_Helper::init_var('dbname'); ?>"
+ value="<?php p(OC_Helper::init_var('dbname')); ?>"
autocomplete="off" pattern="[0-9a-zA-Z$_-]+" />
</p>
</div>
@@ -146,18 +146,18 @@
<?php if($_['hasOracle']): ?>
<div id="use_oracle_db">
<p class="infield groupmiddle">
- <label for="dbtablespace" class="infield"><?php echo $l->t( 'Database tablespace' ); ?></label>
+ <label for="dbtablespace" class="infield"><?php p($l->t( 'Database tablespace' )); ?></label>
<input type="text" name="dbtablespace" id="dbtablespace"
- value="<?php print OC_Helper::init_var('dbtablespace'); ?>" autocomplete="off" />
+ value="<?php p(OC_Helper::init_var('dbtablespace')); ?>" autocomplete="off" />
</p>
</div>
<?php endif; ?>
<p class="infield groupbottom">
- <label for="dbhost" class="infield" id="dbhostlabel"><?php echo $l->t( 'Database host' ); ?></label>
+ <label for="dbhost" class="infield" id="dbhostlabel"><?php p($l->t( 'Database host' )); ?></label>
<input type="text" name="dbhost" id="dbhost"
- value="<?php print OC_Helper::init_var('dbhost', 'localhost'); ?>" />
+ value="<?php p(OC_Helper::init_var('dbhost', 'localhost')); ?>" />
</p>
</fieldset>
- <div class="buttons"><input type="submit" class="primary" value="<?php echo $l->t( 'Finish setup' ); ?>" /></div>
+ <div class="buttons"><input type="submit" class="primary" value="<?php p($l->t( 'Finish setup' )); ?>" /></div>
</form>
diff --git a/core/templates/layout.base.php b/core/templates/layout.base.php
index 47d552069a0ddf95d48418486bad7c78e47b8697..0ada957478e7d9c2cbf71d5c1b2409ea53900bff 100644
--- a/core/templates/layout.base.php
+++ b/core/templates/layout.base.php
@@ -3,26 +3,26 @@
<head>
<title>ownCloud</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <link rel="shortcut icon" href="<?php echo image_path('', 'favicon.png'); ?>" />
- <link rel="apple-touch-icon-precomposed" href="<?php echo image_path('', 'favicon-touch.png'); ?>" />
+ <link rel="shortcut icon" href="<?php print_unescaped(image_path('', 'favicon.png')); ?>" />
+ <link rel="apple-touch-icon-precomposed" href="<?php print_unescaped(image_path('', 'favicon-touch.png')); ?>" />
<?php foreach ($_['cssfiles'] as $cssfile): ?>
- <link rel="stylesheet" href="<?php echo $cssfile; ?>" type="text/css" media="screen" />
+ <link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" type="text/css" media="screen" />
<?php endforeach; ?>
<?php foreach ($_['jsfiles'] as $jsfile): ?>
- <script type="text/javascript" src="<?php echo $jsfile; ?>"></script>
+ <script type="text/javascript" src="<?php print_unescaped($jsfile); ?>"></script>
<?php endforeach; ?>
<?php foreach ($_['headers'] as $header): ?>
<?php
- echo '<'.$header['tag'].' ';
+ print_unescaped('<'.$header['tag'].' ');
foreach ($header['attributes'] as $name => $value) {
- echo "$name='$value' ";
+ print_unescaped("$name='$value' ");
};
- echo '/>';
+ print_unescaped('/>)';
?>
<?php endforeach; ?>
</head>
<body>
- <?php echo $_['content']; ?>
+ <?php print_unescaped($_['content']); ?>
</body>
</html>
diff --git a/core/templates/layout.guest.php b/core/templates/layout.guest.php
index a84e2b8cef7af65b7df8c2c692c5a077eb067d91..03d58c9eae136178d412a79e4fedf3a2f3ab6788 100644
--- a/core/templates/layout.guest.php
+++ b/core/templates/layout.guest.php
@@ -4,22 +4,22 @@
<title>ownCloud</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="apple-itunes-app" content="app-id=543672169">
- <link rel="shortcut icon" href="<?php echo image_path('', 'favicon.png'); ?>" />
- <link rel="apple-touch-icon-precomposed" href="<?php echo image_path('', 'favicon-touch.png'); ?>" />
+ <link rel="shortcut icon" href="<?php print_unescaped(image_path('', 'favicon.png')); ?>" />
+ <link rel="apple-touch-icon-precomposed" href="<?php print_unescaped(image_path('', 'favicon-touch.png')); ?>" />
<?php foreach($_['cssfiles'] as $cssfile): ?>
- <link rel="stylesheet" href="<?php echo $cssfile; ?>" type="text/css" media="screen" />
+ <link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" type="text/css" media="screen" />
<?php endforeach; ?>
<?php foreach($_['jsfiles'] as $jsfile): ?>
- <script type="text/javascript" src="<?php echo $jsfile; ?>"></script>
+ <script type="text/javascript" src="<?php print_unescaped($jsfile); ?>"></script>
<?php endforeach; ?>
<?php foreach($_['headers'] as $header): ?>
<?php
- echo '<'.$header['tag'].' ';
+ print_unescaped('<'.$header['tag'].' ');
foreach($header['attributes'] as $name=>$value) {
- echo "$name='$value' ";
+ print_unescaped("$name='$value' ");
};
- echo '/>';
+ print_unescaped('/>');
?>
<?php endforeach; ?>
</head>
@@ -27,11 +27,11 @@
<body id="body-login">
<div id="login">
<header><div id="header">
- <img src="<?php echo image_path('', 'logo.svg'); ?>" class="svg" alt="ownCloud" />
+ <img src="<?php print_unescaped(image_path('', 'logo.svg')); ?>" class="svg" alt="ownCloud" />
</div></header>
- <?php echo $_['content']; ?>
+ <?php print_unescaped($_['content']); ?>
</div>
<footer><p class="info"><a href="http://owncloud.org/">ownCloud</a> –
- <?php echo $l->t( 'web services under your control' ); ?></p></footer>
+ <?php p($l->t( 'web services under your control' )); ?></p></footer>
</body>
</html>
diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php
index 10540cfe36227850d4660a930413ffee0611b3e0..2b53cc0ae5d3ae37b064176a03810b7055f4edb3 100644
--- a/core/templates/layout.user.php
+++ b/core/templates/layout.user.php
@@ -1,56 +1,56 @@
<!DOCTYPE html>
<html class="ng-csp">
<head>
- <title><?php echo !empty($_['application'])?$_['application'].' | ':'' ?>ownCloud
- <?php echo !empty($_['user_displayname'])?' ('.$_['user_displayname'].') ':'' ?></title>
+ <title><?php p(!empty($_['application'])?$_['application'].' | ':'') ?>ownCloud
+ <?php p(!empty($_['user_displayname'])?' ('.$_['user_displayname'].') ':'') ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="apple-itunes-app" content="app-id=543672169">
- <link rel="shortcut icon" href="<?php echo image_path('', 'favicon.png'); ?>" />
- <link rel="apple-touch-icon-precomposed" href="<?php echo image_path('', 'favicon-touch.png'); ?>" />
+ <link rel="shortcut icon" href="<?php print_unescaped(image_path('', 'favicon.png')); ?>" />
+ <link rel="apple-touch-icon-precomposed" href="<?php print_unescaped(image_path('', 'favicon-touch.png')); ?>" />
<?php foreach($_['cssfiles'] as $cssfile): ?>
- <link rel="stylesheet" href="<?php echo $cssfile; ?>" type="text/css" media="screen" />
+ <link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" type="text/css" media="screen" />
<?php endforeach; ?>
<?php foreach($_['jsfiles'] as $jsfile): ?>
- <script type="text/javascript" src="<?php echo $jsfile; ?>"></script>
+ <script type="text/javascript" src="<?php print_unescaped($jsfile); ?>"></script>
<?php endforeach; ?>
<?php foreach($_['headers'] as $header): ?>
<?php
- echo '<'.$header['tag'].' ';
+ print_unescaped('<'.$header['tag'].' ');
foreach($header['attributes'] as $name=>$value) {
- echo "$name='$value' ";
+ print_unescaped("$name='$value' ");
};
- echo '/>';
+ print_unescaped('/>');
?>
<?php endforeach; ?>
</head>
- <body id="<?php echo $_['bodyid'];?>">
+ <body id="<?php p($_['bodyid']);?>">
<div id="notification-container">
<div id="notification"></div>
</div>
<header><div id="header">
- <a href="<?php echo link_to('', 'index.php'); ?>" title="" id="owncloud"><img class="svg"
- src="<?php echo image_path('', 'logo-wide.svg'); ?>" alt="ownCloud" /></a>
+ <a href="<?php print_unescaped(link_to('', 'index.php')); ?>" title="" id="owncloud"><img class="svg"
+ src="<?php print_unescaped(image_path('', 'logo-wide.svg')); ?>" alt="ownCloud" /></a>
<ul id="settings" class="svg">
<span id="expand">
- <span id="expandDisplayName"><?php echo $_['user_displayname'] ?></span>
- <img class="svg" src="<?php echo image_path('', 'actions/caret.svg'); ?>" />
+ <span id="expandDisplayName"><?php p($_['user_displayname']) ?></span>
+ <img class="svg" src="<?php print_unescaped(image_path('', 'actions/caret.svg')); ?>" />
</span>
<div id="expanddiv">
<?php foreach($_['settingsnavigation'] as $entry):?>
<li>
- <a href="<?php echo $entry['href']; ?>" title=""
+ <a href="<?php print_unescaped($entry['href']); ?>" title=""
<?php if( $entry["active"] ): ?> class="active"<?php endif; ?>>
- <img class="svg" alt="" src="<?php echo $entry['icon']; ?>">
- <?php echo $entry['name'] ?>
+ <img class="svg" alt="" src="<?php print_unescaped($entry['icon']); ?>">
+ <?php p($entry['name']) ?>
</a>
</li>
<?php endforeach; ?>
<li>
- <a id="logout" href="<?php echo link_to('', 'index.php'); ?>?logout=true">
- <img class="svg" alt="" src="<?php echo image_path('', 'actions/logout.svg'); ?>" />
- <?php echo $l->t('Log out');?>
+ <a id="logout" href="<?php print_unescaped(link_to('', 'index.php')); ?>?logout=true">
+ <img class="svg" alt="" src="<?php print_unescaped(image_path('', 'actions/logout.svg')); ?>" />
+ <?php p($l->t('Log out'));?>
</a>
</li>
</div>
@@ -58,7 +58,7 @@
<form class="searchbox" action="#" method="post">
<input id="searchbox" class="svg" type="search" name="query"
- value="<?php if(isset($_POST['query'])) {echo OC_Util::sanitizeHTML($_POST['query']);};?>"
+ value="<?php if(isset($_POST['query'])) {p($_POST['query']);};?>"
autocomplete="off" x-webkit-speech />
</form>
</div></header>
@@ -66,11 +66,11 @@
<nav><div id="navigation">
<ul id="apps" class="svg">
<?php foreach($_['navigation'] as $entry): ?>
- <li data-id="<?php echo $entry['id']; ?>">
- <a href="<?php echo $entry['href']; ?>" title=""
+ <li data-id="<?php p($entry['id']); ?>">
+ <a href="<?php print_unescaped($entry['href']); ?>" title=""
<?php if( $entry['active'] ): ?> class="active"<?php endif; ?>>
- <img class="icon svg" src="<?php echo $entry['icon']; ?>"/>
- <?php echo $entry['name']; ?>
+ <img class="icon svg" src="<?php print_unescaped($entry['icon']); ?>"/>
+ <?php p($entry['name']); ?>
</a>
</li>
<?php endforeach; ?>
@@ -79,7 +79,7 @@
<div id="content-wrapper">
<div id="content">
- <?php echo $_['content']; ?>
+ <?php print_unescaped($_['content']); ?>
</div>
</div>
</body>
diff --git a/core/templates/login.php b/core/templates/login.php
index 3be2b039b032aa9b95b52c77f809c5f2ef11b9a9..463b951c80fa38e768ee2b466319233ed5f518d4 100644
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -2,54 +2,54 @@
<form method="post">
<fieldset>
<?php if (!empty($_['redirect_url'])) {
- echo '<input type="hidden" name="redirect_url" value="' . $_['redirect_url'] . '" />';
+ print_unescaped('<input type="hidden" name="redirect_url" value="' . OC_Util::sanitizeHTML($_['redirect_url']) . '" />');
} ?>
<ul>
<?php if (isset($_['invalidcookie']) && ($_['invalidcookie'])): ?>
<li class="errors">
- <?php echo $l->t('Automatic logon rejected!'); ?><br>
- <small><?php echo $l->t('If you did not change your password recently, your account may be compromised!'); ?></small>
+ <?php p($l->t('Automatic logon rejected!')); ?><br>
+ <small><?php p($l->t('If you did not change your password recently, your account may be compromised!')); ?></small>
<br>
- <small><?php echo $l->t('Please change your password to secure your account again.'); ?></small>
+ <small><?php p($l->t('Please change your password to secure your account again.')); ?></small>
</li>
<?php endif; ?>
<?php if (isset($_['invalidpassword']) && ($_['invalidpassword'])): ?>
- <a href="<?php echo OC_Helper::linkToRoute('core_lostpassword_index') ?>">
+ <a href="<?php print_unescaped(OC_Helper::linkToRoute('core_lostpassword_index')) ?>">
<li class="errors">
- <?php echo $l->t('Lost your password?'); ?>
+ <?php p($l->t('Lost your password?')); ?>
</li>
</a>
<?php endif; ?>
</ul>
<p class="infield grouptop">
<input type="text" name="user" id="user"
- value="<?php echo $_['username']; ?>"<?php echo $_['user_autofocus'] ? ' autofocus' : ''; ?>
+ value="<?php p($_['username']); ?>"<?php p($_['user_autofocus'] ? ' autofocus' : ''); ?>
autocomplete="on" required/>
- <label for="user" class="infield"><?php echo $l->t('Username'); ?></label>
- <img class="svg" src="<?php echo image_path('', 'actions/user.svg'); ?>" alt=""/>
+ <label for="user" class="infield"><?php p($l->t('Username')); ?></label>
+ <img class="svg" src="<?php print_unescaped(image_path('', 'actions/user.svg')); ?>" alt=""/>
</p>
<p class="infield groupbottom">
<input type="password" name="password" id="password" value="" data-typetoggle="#show"
- required<?php echo $_['user_autofocus'] ? '' : ' autofocus'; ?> />
- <label for="password" class="infield"><?php echo $l->t('Password'); ?></label>
- <img class="svg" id="password-icon" src="<?php echo image_path('', 'actions/password.svg'); ?>" alt=""/>
+ required<?php p($_['user_autofocus'] ? '' : ' autofocus'); ?> />
+ <label for="password" class="infield"><?php p($l->t('Password')); ?></label>
+ <img class="svg" id="password-icon" src="<?php print_unescaped(image_path('', 'actions/password.svg')); ?>" alt=""/>
<input type="checkbox" id="show" name="show" />
<label for="show"></label>
</p>
<input type="checkbox" name="remember_login" value="1" id="remember_login"/><label
- for="remember_login"><?php echo $l->t('remember'); ?></label>
+ for="remember_login"><?php p($l->t('remember')); ?></label>
<input type="hidden" name="timezone-offset" id="timezone-offset"/>
- <input type="submit" id="submit" class="login primary" value="<?php echo $l->t('Log in'); ?>"/>
+ <input type="submit" id="submit" class="login primary" value="<?php p($l->t('Log in')); ?>"/>
</fieldset>
</form>
<?php if (!empty($_['alt_login'])) { ?>
<form id="alternative-logins">
<fieldset>
- <legend><?php echo $l->t('Alternative Logins') ?></legend>
+ <legend><?php p($l->t('Alternative Logins')) ?></legend>
<ul>
<?php foreach($_['alt_login'] as $login): ?>
- <li><a class="button" href="<?php echo $login['href']; ?>" ><?php echo $login['name']; ?></a></li>
+ <li><a class="button" href="<?php print_unescaped($login['href']); ?>" ><?php p($login['name']); ?></a></li>
<?php endforeach; ?>
</ul>
</fieldset>
diff --git a/core/templates/part.pagenavi.php b/core/templates/part.pagenavi.php
index d43023a7822cc3e2e172e8ab8a5e4ceabfe9717e..2f5c218376568e52d8f3ee802f492f71587a284a 100644
--- a/core/templates/part.pagenavi.php
+++ b/core/templates/part.pagenavi.php
@@ -1,15 +1,15 @@
<ol class="pager">
<?php if($_['page']>0):?>
- <li class="pagerbutton1"><a href="<?php echo $_['url'].($_['page']-1);?>"><?php echo $l->t( 'prev' ); ?></a></li>
+ <li class="pagerbutton1"><a href="<?php print_unescaped($_['url'].($_['page']-1));?>"><?php p($l->t( 'prev' )); ?></a></li>
<?php endif; ?>
<?php if ($_['pagestart']>0):?>
…
<?php endif;?>
<?php for ($i=$_['pagestart']; $i < $_['pagestop'];$i++):?>
<?php if ($_['page']!=$i):?>
- <li><a href="<?php echo $_['url'].$i;?>"><?php echo $i+1;?></a></li>
+ <li><a href="<?php print_unescaped($_['url'].$i);?>"><?php p($i+1);?></a></li>
<?php else:?>
- <li><?php echo $i+1;?></li>
+ <li><?php p($i+1);?></li>
<?php endif?>
<?php endfor;?>
<?php if ($_['pagestop']<$_['pagecount']):?>
@@ -17,6 +17,6 @@
<?php endif;?>
<?php if(($_['page']+1)<$_['pagecount']):?>
- <li class="pagerbutton2"><a href="<?php echo $_['url'].($_['page']+1);?>"><?php echo $l->t( 'next' ); ?></a></li>
+ <li class="pagerbutton2"><a href="<?php print_unescaped($_['url'].($_['page']+1));?>"><?php p($l->t( 'next' )); ?></a></li>
<?php endif; ?>
</ol>
diff --git a/core/templates/update.php b/core/templates/update.php
index 685a5536d06aa7056b42b241fc2ba7207a2691b5..a652d5f195a4830651c291f20a8fbad036d5048d 100644
--- a/core/templates/update.php
+++ b/core/templates/update.php
@@ -1,6 +1,6 @@
<ul>
<li class='update'>
- <?php echo $l->t('Updating ownCloud to version %s, this may take a while.',
- array($_['version'])); ?><br /><br />
+ <?php p($l->t('Updating ownCloud to version %s, this may take a while.',
+ array($_['version']))); ?><br /><br />
</li>
</ul>
diff --git a/lib/setup.php b/lib/setup.php
index 8f772e663e2e8f4c9d509f605091b861501fcc64..8814447f52feb4c78edc2804047af44f62990e7a 100644
--- a/lib/setup.php
+++ b/lib/setup.php
@@ -851,7 +851,7 @@ class OC_Setup {
'http://doc.owncloud.org/server/5.0/admin_manual/installation.html');
$tmpl = new OC_Template('', 'error', 'guest');
- $tmpl->assign('errors', array(1 => array('error' => $error, 'hint' => $hint)), false);
+ $tmpl->assign('errors', array(1 => array('error' => $error, 'hint' => $hint)));
$tmpl->printPage();
exit();
}
diff --git a/lib/template.php b/lib/template.php
index fcf18fee415ed5f16e094a70de22f5734af72c7c..08ad5764ba11a7c3efd63cdf916187e3d7d023b3 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -482,7 +482,7 @@ class OC_Template{
public static function printUserPage( $application, $name, $parameters = array() ) {
$content = new OC_Template( $application, $name, "user" );
foreach( $parameters as $key => $value ) {
- $content->assign( $key, $value, false );
+ $content->assign( $key, $value );
}
print $content->printPage();
}
@@ -497,7 +497,7 @@ class OC_Template{
public static function printAdminPage( $application, $name, $parameters = array() ) {
$content = new OC_Template( $application, $name, "admin" );
foreach( $parameters as $key => $value ) {
- $content->assign( $key, $value, false );
+ $content->assign( $key, $value );
}
return $content->printPage();
}
@@ -512,7 +512,7 @@ class OC_Template{
public static function printGuestPage( $application, $name, $parameters = array() ) {
$content = new OC_Template( $application, $name, "guest" );
foreach( $parameters as $key => $value ) {
- $content->assign( $key, $value, false );
+ $content->assign( $key, $value );
}
return $content->printPage();
}
diff --git a/lib/templatelayout.php b/lib/templatelayout.php
index afa875b0a6d90ec38ff915dd58f339ed531db016..3d824cdca8ff0cd2729fa456d9bd5006fb806cba 100644
--- a/lib/templatelayout.php
+++ b/lib/templatelayout.php
@@ -13,19 +13,19 @@ class OC_TemplateLayout extends OC_Template {
if( $renderas == 'user' ) {
parent::__construct( 'core', 'layout.user' );
if(in_array(OC_APP::getCurrentApp(), array('settings','admin', 'help'))!==false) {
- $this->assign('bodyid', 'body-settings', false);
+ $this->assign('bodyid', 'body-settings');
}else{
- $this->assign('bodyid', 'body-user', false);
+ $this->assign('bodyid', 'body-user');
}
// Add navigation entry
$this->assign( 'application', '', false );
$navigation = OC_App::getNavigation();
- $this->assign( 'navigation', $navigation, false);
- $this->assign( 'settingsnavigation', OC_App::getSettingsNavigation(), false);
+ $this->assign( 'navigation', $navigation);
+ $this->assign( 'settingsnavigation', OC_App::getSettingsNavigation());
foreach($navigation as $entry) {
if ($entry['active']) {
- $this->assign( 'application', $entry['name'], false );
+ $this->assign( 'application', $entry['name'] );
break;
}
}
diff --git a/settings/apps.php b/settings/apps.php
index b9ed2cac93a6a12f8562bf0de58bb458c25f9237..44cfff7e3f1e1f375db2295e720659d237355053 100644
--- a/settings/apps.php
+++ b/settings/apps.php
@@ -49,7 +49,7 @@ usort( $combinedApps, 'app_sort' );
$tmpl = new OC_Template( "settings", "apps", "user" );
-$tmpl->assign('apps', $combinedApps, false);
+$tmpl->assign('apps', $combinedApps);
$appid = (isset($_GET['appid'])?strip_tags($_GET['appid']):'');
diff --git a/settings/templates/admin.php b/settings/templates/admin.php
index f3dc9154bbd34bdfb47a9e522ffeefc74127e3ad..dd5e89b8f8289338b4843c5990c479377afa11a4 100644
--- a/settings/templates/admin.php
+++ b/settings/templates/admin.php
@@ -12,10 +12,10 @@ $levels = array('Debug', 'Info', 'Warning', 'Error', 'Fatal');
if (!$_['htaccessworking']) {
?>
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
+ <legend><strong><?php p($l->t('Security Warning'));?></strong></legend>
<span class="securitywarning">
- <?php echo $l->t('Your data directory and your files are probably accessible from the internet. The .htaccess file that ownCloud provides is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.'); ?>
+ <?php p($l->t('Your data directory and your files are probably accessible from the internet. The .htaccess file that ownCloud provides is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.')); ?>
</span>
</fieldset>
@@ -26,11 +26,11 @@ if (!$_['htaccessworking']) {
if (!$_['isWebDavWorking']) {
?>
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Setup Warning');?></strong></legend>
+ <legend><strong><?php p($l->t('Setup Warning'));?></strong></legend>
<span class="securitywarning">
- <?php echo $l->t('Your web server is not yet properly setup to allow files synchronization because the WebDAV interface seems to be broken.'); ?>
- <?php echo $l->t('Please double check the <a href=\'%s\'>installation guides</a>.', 'http://doc.owncloud.org/server/5.0/admin_manual/installation.html'); ?>
+ <?php p($l->t('Your web server is not yet properly setup to allow files synchronization because the WebDAV interface seems to be broken.')); ?>
+ <?php print_unescaped($l->t('Please double check the <a href=\'%s\'>installation guides</a>.', 'http://doc.owncloud.org/server/5.0/admin_manual/installation.html')); ?>
</span>
</fieldset>
@@ -41,10 +41,10 @@ if (!$_['isWebDavWorking']) {
if (!$_['has_fileinfo']) {
?>
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Module \'fileinfo\' missing');?></strong></legend>
+ <legend><strong><?php p($l->t('Module \'fileinfo\' missing'));?></strong></legend>
<span class="connectionwarning">
- <?php echo $l->t('The PHP module \'fileinfo\' is missing. We strongly recommend to enable this module to get best results with mime-type detection.'); ?>
+ <?php p($l->t('The PHP module \'fileinfo\' is missing. We strongly recommend to enable this module to get best results with mime-type detection.')); ?>
</span>
</fieldset>
@@ -55,12 +55,12 @@ if (!$_['has_fileinfo']) {
if (!$_['islocaleworking']) {
?>
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Locale not working');?></strong></legend>
+ <legend><strong><?php p($l->t('Locale not working'));?></strong></legend>
<span class="connectionwarning">
<?php
$locales = 'en_US.UTF-8/en_US.UTF8';
- echo $l->t('This ownCloud server can\'t set system locale to %s. This means that there might be problems with certain characters in file names. We strongly suggest to install the required packages on your system to support %s.', array($locales, $locales));
+ p($l->t('This ownCloud server can\'t set system locale to %s. This means that there might be problems with certain characters in file names. We strongly suggest to install the required packages on your system to support %s.', array($locales, $locales)));
?>
</span>
@@ -72,10 +72,10 @@ if (!$_['islocaleworking']) {
if (!$_['internetconnectionworking']) {
?>
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Internet connection not working');?></strong></legend>
+ <legend><strong><?php p($l->t('Internet connection not working'));?></strong></legend>
<span class="connectionwarning">
- <?php echo $l->t('This ownCloud server has no working internet connection. This means that some of the features like mounting of external storage, notifications about updates or installation of 3rd party apps don´t work. Accessing files from remote and sending of notification emails might also not work. We suggest to enable internet connection for this server if you want to have all features of ownCloud.'); ?>
+ <?php p($l->t('This ownCloud server has no working internet connection. This means that some of the features like mounting of external storage, notifications about updates or installation of 3rd party apps don´t work. Accessing files from remote and sending of notification emails might also not work. We suggest to enable internet connection for this server if you want to have all features of ownCloud.')); ?>
</span>
</fieldset>
@@ -84,106 +84,106 @@ if (!$_['internetconnectionworking']) {
?>
<?php foreach ($_['forms'] as $form) {
- echo $form;
+ print_unescaped($form);
}
;?>
<fieldset class="personalblock" id="backgroundjobs">
- <legend><strong><?php echo $l->t('Cron');?></strong></legend>
+ <legend><strong><?php p($l->t('Cron'));?></strong></legend>
<table class="nostyle">
<tr>
<td>
<input type="radio" name="mode" value="ajax"
id="backgroundjobs_ajax" <?php if ($_['backgroundjobs_mode'] == "ajax") {
- echo 'checked="checked"';
+ print_unescaped('checked="checked"');
} ?>>
<label for="backgroundjobs_ajax">AJAX</label><br/>
- <em><?php echo $l->t("Execute one task with each page loaded"); ?></em>
+ <em><?php p($l->t("Execute one task with each page loaded")); ?></em>
</td>
</tr>
<tr>
<td>
<input type="radio" name="mode" value="webcron"
id="backgroundjobs_webcron" <?php if ($_['backgroundjobs_mode'] == "webcron") {
- echo 'checked="checked"';
+ print_unescaped('checked="checked"');
} ?>>
<label for="backgroundjobs_webcron">Webcron</label><br/>
- <em><?php echo $l->t("cron.php is registered at a webcron service. Call the cron.php page in the owncloud root once a minute over http."); ?></em>
+ <em><?php p($l->t("cron.php is registered at a webcron service. Call the cron.php page in the owncloud root once a minute over http.")); ?></em>
</td>
</tr>
<tr>
<td>
<input type="radio" name="mode" value="cron"
id="backgroundjobs_cron" <?php if ($_['backgroundjobs_mode'] == "cron") {
- echo 'checked="checked"';
+ print_unescaped('checked="checked"');
} ?>>
<label for="backgroundjobs_cron">Cron</label><br/>
- <em><?php echo $l->t("Use systems cron service. Call the cron.php file in the owncloud folder via a system cronjob once a minute."); ?></em>
+ <em><?php p($l->t("Use systems cron service. Call the cron.php file in the owncloud folder via a system cronjob once a minute.")); ?></em>
</td>
</tr>
</table>
</fieldset>
<fieldset class="personalblock" id="shareAPI">
- <legend><strong><?php echo $l->t('Sharing');?></strong></legend>
+ <legend><strong><?php p($l->t('Sharing'));?></strong></legend>
<table class="shareAPI nostyle">
<tr>
<td id="enable">
<input type="checkbox" name="shareapi_enabled" id="shareAPIEnabled"
- value="1" <?php if ($_['shareAPIEnabled'] == 'yes') echo 'checked="checked"'; ?> />
- <label for="shareAPIEnabled"><?php echo $l->t('Enable Share API');?></label><br/>
- <em><?php echo $l->t('Allow apps to use the Share API'); ?></em>
+ value="1" <?php if ($_['shareAPIEnabled'] == 'yes') print_unescaped('checked="checked"'); ?> />
+ <label for="shareAPIEnabled"><?php p($l->t('Enable Share API'));?></label><br/>
+ <em><?php p($l->t('Allow apps to use the Share API')); ?></em>
</td>
</tr>
<tr>
- <td <?php if ($_['shareAPIEnabled'] == 'no') echo 'style="display:none"';?>>
+ <td <?php if ($_['shareAPIEnabled'] == 'no') print_unescaped('style="display:none"');?>>
<input type="checkbox" name="shareapi_allow_links" id="allowLinks"
- value="1" <?php if ($_['allowLinks'] == 'yes') echo 'checked="checked"'; ?> />
- <label for="allowLinks"><?php echo $l->t('Allow links');?></label><br/>
- <em><?php echo $l->t('Allow users to share items to the public with links'); ?></em>
+ value="1" <?php if ($_['allowLinks'] == 'yes') print_unescaped('checked="checked"'); ?> />
+ <label for="allowLinks"><?php p($l->t('Allow links'));?></label><br/>
+ <em><?php p($l->t('Allow users to share items to the public with links')); ?></em>
</td>
</tr>
<tr>
- <td <?php if ($_['shareAPIEnabled'] == 'no') echo 'style="display:none"';?>>
+ <td <?php if ($_['shareAPIEnabled'] == 'no') print_unescaped('style="display:none"');?>>
<input type="checkbox" name="shareapi_allow_resharing" id="allowResharing"
- value="1" <?php if ($_['allowResharing'] == 'yes') echo 'checked="checked"'; ?> />
- <label for="allowResharing"><?php echo $l->t('Allow resharing');?></label><br/>
- <em><?php echo $l->t('Allow users to share items shared with them again'); ?></em>
+ value="1" <?php if ($_['allowResharing'] == 'yes') print_unescaped('checked="checked"'); ?> />
+ <label for="allowResharing"><?php p($l->t('Allow resharing'));?></label><br/>
+ <em><?php p($l->t('Allow users to share items shared with them again')); ?></em>
</td>
</tr>
<tr>
- <td <?php if ($_['shareAPIEnabled'] == 'no') echo 'style="display:none"';?>>
+ <td <?php if ($_['shareAPIEnabled'] == 'no') print_unescaped('style="display:none"');?>>
<input type="radio" name="shareapi_share_policy" id="sharePolicyGlobal"
- value="global" <?php if ($_['sharePolicy'] == 'global') echo 'checked="checked"'; ?> />
- <label for="sharePolicyGlobal"><?php echo $l->t('Allow users to share with anyone'); ?></label><br/>
+ value="global" <?php if ($_['sharePolicy'] == 'global') print_unescaped('checked="checked"'); ?> />
+ <label for="sharePolicyGlobal"><?php p($l->t('Allow users to share with anyone')); ?></label><br/>
<input type="radio" name="shareapi_share_policy" id="sharePolicyGroupsOnly"
- value="groups_only" <?php if ($_['sharePolicy'] == 'groups_only') echo 'checked="checked"'; ?> />
- <label for="sharePolicyGroupsOnly"><?php echo $l->t('Allow users to only share with users in their groups');?></label><br/>
+ value="groups_only" <?php if ($_['sharePolicy'] == 'groups_only') print_unescaped('checked="checked"'); ?> />
+ <label for="sharePolicyGroupsOnly"><?php p($l->t('Allow users to only share with users in their groups'));?></label><br/>
</td>
</tr>
</table>
</fieldset>
<fieldset class="personalblock" id="security">
- <legend><strong><?php echo $l->t('Security');?></strong></legend>
+ <legend><strong><?php p($l->t('Security'));?></strong></legend>
<table class="nostyle">
<tr>
<td id="enable">
<input type="checkbox" name="forcessl" id="enforceHTTPSEnabled"
<?php if ($_['enforceHTTPSEnabled']) {
- echo 'checked="checked" ';
- echo 'value="false"';
+ print_unescaped('checked="checked" ');
+ print_unescaped('value="false"');
} else {
- echo 'value="true"';
+ print_unescaped('value="true"');
}
?>
- <?php if (!$_['isConnectedViaHTTPS']) echo 'disabled'; ?> />
- <label for="forcessl"><?php echo $l->t('Enforce HTTPS');?></label><br/>
- <em><?php echo $l->t('Enforces the clients to connect to ownCloud via an encrypted connection.'); ?></em>
+ <?php if (!$_['isConnectedViaHTTPS']) p('disabled'); ?> />
+ <label for="forcessl"><?php p($l->t('Enforce HTTPS'));?></label><br/>
+ <em><?php p($l->t('Enforces the clients to connect to ownCloud via an encrypted connection.')); ?></em>
<?php if (!$_['isConnectedViaHTTPS']) {
- echo "<br/><em>";
- echo $l->t('Please connect to this ownCloud instance via HTTPS to enable or disable the SSL enforcement.');
- echo "</em>";
+ print_unescaped("<br/><em>");
+ p($l->t('Please connect to this ownCloud instance via HTTPS to enable or disable the SSL enforcement.'));
+ print_unescaped("</em>");
}
?>
</td>
@@ -192,12 +192,12 @@ if (!$_['internetconnectionworking']) {
</fieldset>
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Log');?></strong></legend>
- <?php echo $l->t('Log level');?> <select name='loglevel' id='loglevel'>
- <option value='<?php echo $_['loglevel']?>'><?php echo $levels[$_['loglevel']]?></option>
+ <legend><strong><?php p($l->t('Log'));?></strong></legend>
+ <?php p($l->t('Log level'));?> <select name='loglevel' id='loglevel'>
+ <option value='<?php p($_['loglevel'])?>'><?php p($levels[$_['loglevel']])?></option>
<?php for ($i = 0; $i < 5; $i++):
if ($i != $_['loglevel']):?>
- <option value='<?php echo $i?>'><?php echo $levels[$i]?></option>
+ <option value='<?php p($i)?>'><?php p($levels[$i])?></option>
<?php endif;
endfor;?>
</select>
@@ -205,31 +205,31 @@ endfor;?>
<?php foreach ($_['entries'] as $entry): ?>
<tr>
<td>
- <?php echo $levels[$entry->level];?>
+ <?php p($levels[$entry->level]);?>
</td>
<td>
- <?php echo $entry->app;?>
+ <?php p($entry->app);?>
</td>
<td>
- <?php echo $entry->message;?>
+ <?php p($entry->message);?>
</td>
<td>
- <?php echo OC_Util::formatDate($entry->time);?>
+ <?php p(OC_Util::formatDate($entry->time));?>
</td>
</tr>
<?php endforeach;?>
</table>
<?php if ($_['entriesremain']): ?>
- <input id='moreLog' type='button' value='<?php echo $l->t('More');?>...'>
+ <input id='moreLog' type='button' value='<?php p($l->t('More'));?>...'>
<?php endif; ?>
</fieldset>
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Version');?></strong></legend>
- <strong>ownCloud</strong> <?php echo(OC_Util::getVersionString()); ?> <?php echo(OC_Util::getEditionString()); ?>
- (<?php echo(OC_Updater::ShowUpdatingHint()); ?>)<br/>
- <?php echo $l->t('Developed by the <a href="http://ownCloud.org/contact" target="_blank">ownCloud community</a>, the <a href="https://github.com/owncloud" target="_blank">source code</a> is licensed under the <a href="http://www.gnu.org/licenses/agpl-3.0.html" target="_blank"><abbr title="Affero General Public License">AGPL</abbr></a>.'); ?>
+ <legend><strong><?php p($l->t('Version'));?></strong></legend>
+ <strong>ownCloud</strong> <?php p(OC_Util::getVersionString()); ?> <?php p(OC_Util::getEditionString()); ?>
+ (<?php p(OC_Updater::ShowUpdatingHint()); ?>)<br/>
+ <?php print_unescaped($l->t('Developed by the <a href="http://ownCloud.org/contact" target="_blank">ownCloud community</a>, the <a href="https://github.com/owncloud" target="_blank">source code</a> is licensed under the <a href="http://www.gnu.org/licenses/agpl-3.0.html" target="_blank"><abbr title="Affero General Public License">AGPL</abbr></a>.')); ?>
</fieldset>
diff --git a/settings/templates/apps.php b/settings/templates/apps.php
index b6e98c41bd94b53b4ee70ca94b726007dbfc0255..d3639cbab34915ad1690a3fd7c5ff5d84ef89f08 100644
--- a/settings/templates/apps.php
+++ b/settings/templates/apps.php
@@ -4,37 +4,37 @@
* See the COPYING-README file.
*/?>
<script type="text/javascript"
- src="<?php echo OC_Helper::linkToRoute('apps_custom');?>?appid=<?php echo $_['appid']; ?>"></script>
- <script type="text/javascript" src="<?php echo OC_Helper::linkTo('settings/js', 'apps.js');?>"></script>
+ src="<?php print_unescaped(OC_Helper::linkToRoute('apps_custom'));?>?appid=<?php p($_['appid']); ?>"></script>
+ <script type="text/javascript" src="<?php print_unescaped(OC_Helper::linkTo('settings/js', 'apps.js'));?>"></script>
<div id="controls">
- <a class="button" target="_blank" href="http://owncloud.org/dev"><?php echo $l->t('Add your App');?></a>
- <a class="button" target="_blank" href="http://apps.owncloud.com"><?php echo $l->t('More Apps');?></a>
+ <a class="button" target="_blank" href="http://owncloud.org/dev"><?php p($l->t('Add your App'));?></a>
+ <a class="button" target="_blank" href="http://apps.owncloud.com"><?php p($l->t('More Apps'));?></a>
</div>
<ul id="leftcontent" class="applist hascontrols">
<?php foreach($_['apps'] as $app):?>
- <li <?php if($app['active']) echo 'class="active"'?> data-id="<?php echo $app['id'] ?>"
- <?php if ( isset( $app['ocs_id'] ) ) { echo "data-id-ocs=\"{$app['ocs_id']}\""; } ?>
- data-type="<?php echo $app['internal'] ? 'internal' : 'external' ?>" data-installed="1">
- <a class="app<?php if(!$app['internal']) echo ' externalapp' ?>"
- href="?appid=<?php echo $app['id'] ?>"><?php echo htmlentities($app['name']) ?></a>
+ <li <?php if($app['active']) print_unescaped('class="active"')?> data-id="<?php p($app['id']) ?>"
+ <?php if ( isset( $app['ocs_id'] ) ) { print_unescaped("data-id-ocs=\"{".OC_Util::sanitizeHTML($app['ocs_id'])."}\""); } ?>
+ data-type="<?php p($app['internal'] ? 'internal' : 'external') ?>" data-installed="1">
+ <a class="app<?php if(!$app['internal']) p(' externalapp') ?>"
+ href="?appid=<?php p($app['id']) ?>"><?php p($app['name']) ?></a>
<?php if(!$app['internal'])
- echo '<small class="'.$app['internalclass'].' list">'.$app['internallabel'].'</small>' ?>
+ print_unescaped('<small class="'.OC_Util::sanitizeHTML($app['internalclass']).' list">'.OC_Util::sanitizeHTML($app['internallabel']).'</small>') ?>
</li>
<?php endforeach;?>
</ul>
<div id="rightcontent">
<div class="appinfo">
- <h3><strong><span class="name"><?php echo $l->t('Select an App');?></span></strong><span
+ <h3><strong><span class="name"><?php p($l->t('Select an App'));?></span></strong><span
class="version"></span><small class="externalapp" style="visibility:hidden;"></small></h3>
<span class="score"></span>
<p class="description"></p>
<img src="" class="preview" />
<p class="appslink hidden"><a href="#" target="_blank"><?php
- echo $l->t('See application page at apps.owncloud.com');?></a></p>
+ p($l->t('See application page at apps.owncloud.com'));?></a></p>
<p class="license hidden"><?php
- echo $l->t('<span class="licence"></span>-licensed by <span class="author"></span>');?></p>
+ print_unescaped($l->t('<span class="licence"></span>-licensed by <span class="author"></span>'));?></p>
<input class="enable hidden" type="submit" />
- <input class="update hidden" type="submit" value="<?php echo($l->t('Update')); ?>" />
+ <input class="update hidden" type="submit" value="<?php p($l->t('Update')); ?>" />
</div>
</div>
diff --git a/settings/templates/help.php b/settings/templates/help.php
index 7b2a3321c293cafa5b537ec7520dc1791d1e5c93..3d227817e63d9f57226d712023852e988216e289 100644
--- a/settings/templates/help.php
+++ b/settings/templates/help.php
@@ -1,21 +1,21 @@
<div id="controls">
<?php if($_['admin']) { ?>
- <a class="button newquestion <?php echo($_['style1']); ?>"
- href="<?php echo($_['url1']); ?>"><?php echo $l->t( 'User Documentation' ); ?></a>
- <a class="button newquestion <?php echo($_['style2']); ?>"
- href="<?php echo($_['url2']); ?>"><?php echo $l->t( 'Administrator Documentation' ); ?></a>
+ <a class="button newquestion <?php p($_['style1']); ?>"
+ href="<?php print_unescaped($_['url1']); ?>"><?php p($l->t( 'User Documentation' )); ?></a>
+ <a class="button newquestion <?php p($_['style2']); ?>"
+ href="<?php print_unescaped($_['url2']); ?>"><?php p($l->t( 'Administrator Documentation' )); ?></a>
<?php } ?>
<a class="button newquestion" href="http://owncloud.org/support" target="_blank"><?php
- echo $l->t( 'Online Documentation' ); ?></a>
+ p($l->t( 'Online Documentation' )); ?></a>
<a class="button newquestion" href="http://forum.owncloud.org" target="_blank"><?php
- echo $l->t( 'Forum' ); ?></a>
+ p($l->t( 'Forum' )); ?></a>
<?php if($_['admin']) { ?>
<a class="button newquestion" href="https://github.com/owncloud/core/issues" target="_blank"><?php
- echo $l->t( 'Bugtracker' ); ?></a>
+ p($l->t( 'Bugtracker' )); ?></a>
<?php } ?>
<a class="button newquestion" href="http://owncloud.com" target="_blank"><?php
- echo $l->t( 'Commercial Support' ); ?></a>
+ p($l->t( 'Commercial Support' )); ?></a>
</div>
<div class="help-includes">
- <iframe src="<?php echo($_['url']); ?>" class="help-iframe">abc</iframe>
+ <iframe src="<?php print_unescaped($_['url']); ?>" class="help-iframe">abc</iframe>
</div>
diff --git a/settings/templates/oauth-required-apps.php b/settings/templates/oauth-required-apps.php
index d4fce54c59c1f96d2ee28fe2581c9b34930635a0..3660f423423c738af0adcfc3c40c20485d7ade6a 100644
--- a/settings/templates/oauth-required-apps.php
+++ b/settings/templates/oauth-required-apps.php
@@ -6,14 +6,14 @@
*/
?>
<div id="oauth-request" class="guest-container">
- <p><strong><?php echo $_['consumer']['name'].'</strong> '.$_['message']; ?></p>
+ <p><strong><?php print_unescaped(OC_Util::sanitizeHTML($_['consumer']['name']).'</strong> '.OC_Util::sanitizeHTML($_['message'])); ?></p>
<ul>
<?php
// Foreach requested scope
foreach($_['requiredapps'] as $requiredapp){
- echo '<li>'.$requiredapp.'</li>';
+ print_unescaped('<li>'.OC_Util::sanitizeHTML($requiredapp).'</li>');
}
?>
</ul>
- <a href="<?php echo OC::$WEBROOT; ?>" id="back-home" class="button">Back to ownCloud</a>
+ <a href="<?php print_unescaped(OC::$WEBROOT); ?>" id="back-home" class="button">Back to ownCloud</a>
</div>
diff --git a/settings/templates/oauth.php b/settings/templates/oauth.php
index 053a8aee6d3f1fa946b580cb05d7471b31420968..34831ba02848881b414437f8ad82dbf2a47f78f8 100644
--- a/settings/templates/oauth.php
+++ b/settings/templates/oauth.php
@@ -6,12 +6,12 @@
*/
?>
<div id="oauth-request" class="guest-container">
- <p><strong><?php echo $_['consumer']['name']; ?></strong> is requesting your permission to read, write, modify and delete data from the following apps:</p>
+ <p><strong><?php p($_['consumer']['name']); ?></strong> is requesting your permission to read, write, modify and delete data from the following apps:</p>
<ul>
<?php
// Foreach requested scope
foreach($_['consumer']['scopes'] as $app){
- echo '<li>'.$app.'</li>';
+ print_unescaped('<li>'.OC_Util:sanitzeHTML($app).'</li>)';
}
?>
</ul>
diff --git a/settings/templates/personal.php b/settings/templates/personal.php
index 3a4a6093e778f7e3477b378193fc0f99987dd4f4..f3fd3f1010daf84b857afa3a44772b3c2621a83e 100644
--- a/settings/templates/personal.php
+++ b/settings/templates/personal.php
@@ -4,26 +4,26 @@
* See the COPYING-README file.
*/?>
-<div id="quota" class="personalblock"><div style="width:<?php echo $_['usage_relative'];?>%;">
- <p id="quotatext"><?php echo $l->t('You have used <strong>%s</strong> of the available <strong>%s</strong>',
- array($_['usage'], $_['total_space']));?></p>
+<div id="quota" class="personalblock"><div style="width:<?php p($_['usage_relative']);?>%;">
+ <p id="quotatext"><?php print_unescaped($l->t('You have used <strong>%s</strong> of the available <strong>%s</strong>',
+ array($_['usage'], $_['total_space'])));?></p>
</div></div>
<div class="clientsbox">
- <h2><?php echo $l->t('Get the apps to sync your files');?></h2>
- <a href="<?php echo $_['clients']['desktop']; ?>" target="_blank">
- <img src="<?php echo OCP\Util::imagePath('core', 'desktopapp.png'); ?>" />
+ <h2><?php p($l->t('Get the apps to sync your files'));?></h2>
+ <a href="<?php p($_['clients']['desktop']); ?>" target="_blank">
+ <img src="<?php print_unescaped(OCP\Util::imagePath('core', 'desktopapp.png')); ?>" />
</a>
- <a href="<?php echo $_['clients']['android']; ?>" target="_blank">
- <img src="<?php echo OCP\Util::imagePath('core', 'googleplay.png'); ?>" />
+ <a href="<?php p($_['clients']['android']); ?>" target="_blank">
+ <img src="<?php print_unescaped(OCP\Util::imagePath('core', 'googleplay.png')); ?>" />
</a>
- <a href="<?php echo $_['clients']['ios']; ?>" target="_blank">
- <img src="<?php echo OCP\Util::imagePath('core', 'appstore.png'); ?>" />
+ <a href="<?php p($_['clients']['ios']); ?>" target="_blank">
+ <img src="<?php print_unescaped(OCP\Util::imagePath('core', 'appstore.png')); ?>" />
</a>
<?php if(OC_APP::isEnabled('firstrunwizard')) {?>
- <center><a class="button" href="#" id="showWizard"><?php echo $l->t('Show First Run Wizard again');?></a></center>
+ <center><a class="button" href="#" id="showWizard"><?php p($l->t('Show First Run Wizard again'));?></a></center>
<?php }?>
</div>
@@ -34,7 +34,7 @@ if($_['passwordChangeSupported']) {
?>
<form id="passwordform">
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Password');?></strong></legend>
+ <legend><strong><?php p($l->t('Password'));?></strong></legend>
<div id="passwordchanged"><?php echo $l->t('Your password was changed');?></div>
<div id="passworderror"><?php echo $l->t('Unable to change your password');?></div>
<input type="password" id="pass1" name="oldpassword" placeholder="<?php echo $l->t('Current password');?>" />
@@ -54,11 +54,11 @@ if($_['displayNameChangeSupported']) {
<form id="displaynameform">
<fieldset class="personalblock">
<legend><strong><?php echo $l->t('Display Name');?></strong></legend>
- <div id="displaynamechanged"><?php echo $l->t('Your display name was changed');?></div>
- <div id="displaynameerror"><?php echo $l->t('Unable to change your display name');?></div>
- <input type="text" id="displayName" name="displayName" value="<?php echo $_['displayName']?>" />
- <input type="hidden" id="oldDisplayName" name="oldDisplayName" value="<?php echo $_['displayName']?>" />
- <input id="displaynamebutton" type="submit" value="<?php echo $l->t('Change display name');?>" />
+ <div id="displaynamechanged"><?php p($l->t('Your display name was changed'));?></div>
+ <div id="displaynameerror"><?php p($l->t('Unable to change your display name'));?></div>
+ <input type="text" id="displayName" name="displayName" value="<?php p($_['displayName'])?>" />
+ <input type="hidden" id="oldDisplayName" name="oldDisplayName" value="<?php p($_['displayName'])?>" />
+ <input id="displaynamebutton" type="submit" value="<?php p($l->t('Change display name'));?>" />
</fieldset>
</form>
<?php
@@ -67,42 +67,42 @@ if($_['displayNameChangeSupported']) {
<form id="lostpassword">
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Email');?></strong></legend>
- <input type="text" name="email" id="email" value="<?php echo $_['email']; ?>"
- placeholder="<?php echo $l->t('Your email address');?>" /><span class="msg"></span><br />
- <em><?php echo $l->t('Fill in an email address to enable password recovery');?></em>
+ <legend><strong><?php p($l->t('Email'));?></strong></legend>
+ <input type="text" name="email" id="email" value="<?php p($_['email']); ?>"
+ placeholder="<?php p($l->t('Your email address'));?>" /><span class="msg"></span><br />
+ <em><?php p($l->t('Fill in an email address to enable password recovery'));?></em>
</fieldset>
</form>
<form>
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Language');?></strong></legend>
- <select id="languageinput" class="chzen-select" name="lang" data-placeholder="<?php echo $l->t('Language');?>">
+ <legend><strong><?php p($l->t('Language'));?></strong></legend>
+ <select id="languageinput" class="chzen-select" name="lang" data-placeholder="<?php p($l->t('Language'));?>">
<?php foreach($_['languages'] as $language):?>
- <option value="<?php echo $language['code'];?>"><?php echo $language['name'];?></option>
+ <option value="<?php p($language['code']);?>"><?php p($language['name']);?></option>
<?php endforeach;?>
</select>
- <a href="https://www.transifex.net/projects/p/owncloud/team/<?php echo $_['languages'][0]['code'];?>/"
- target="_blank"><em><?php echo $l->t('Help translate');?></em></a>
+ <a href="https://www.transifex.net/projects/p/owncloud/team/<?php p($_['languages'][0]['code']);?>/"
+ target="_blank"><em><?php p($l->t('Help translate'));?></em></a>
</fieldset>
</form>
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('WebDAV');?></strong></legend>
- <code><?php echo OC_Helper::linkToRemote('webdav'); ?></code><br />
- <em><?php echo $l->t('Use this address to connect to your ownCloud in your file manager');?></em>
+ <legend><strong><?php p($l->t('WebDAV'));?></strong></legend>
+ <code><?php print_unescaped(OC_Helper::linkToRemote('webdav')); ?></code><br />
+ <em><?php p($l->t('Use this address to connect to your ownCloud in your file manager'));?></em>
</fieldset>
<?php foreach($_['forms'] as $form) {
- echo $form;
+ print_unescaped($form);
};?>
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Version');?></strong></legend>
- <strong>ownCloud</strong> <?php echo(OC_Util::getVersionString()); ?>
- <?php echo(OC_Util::getEditionString()); ?> <br />
- <?php echo $l->t('Developed by the <a href="http://ownCloud.org/contact" target="_blank">ownCloud community</a>, the <a href="https://github.com/owncloud" target="_blank">source code</a> is licensed under the <a href="http://www.gnu.org/licenses/agpl-3.0.html" target="_blank"><abbr title="Affero General Public License">AGPL</abbr></a>.'); ?>
+ <legend><strong><?php p($l->t('Version'));?></strong></legend>
+ <strong>ownCloud</strong> <?php p(OC_Util::getVersionString()); ?>
+ <?php p(OC_Util::getEditionString()); ?> <br />
+ <?php print_unescaped($l->t('Developed by the <a href="http://ownCloud.org/contact" target="_blank">ownCloud community</a>, the <a href="https://github.com/owncloud" target="_blank">source code</a> is licensed under the <a href="http://www.gnu.org/licenses/agpl-3.0.html" target="_blank"><abbr title="Affero General Public License">AGPL</abbr></a>.')); ?>
</fieldset>
diff --git a/settings/templates/settings.php b/settings/templates/settings.php
index de8092eeaff5a86ae048ec36206632c9d7251b24..48b4e6b32340ff0ec1cf07ecabe7506bd9b0398b 100644
--- a/settings/templates/settings.php
+++ b/settings/templates/settings.php
@@ -5,5 +5,5 @@
*/?>
<?php foreach($_['forms'] as $form) {
- echo $form;
+ print_unescaped($form);
};
diff --git a/settings/templates/users.php b/settings/templates/users.php
index 53a66fb46869b3d840e43fc910fbde2cebc95732..deffe1683233036ad6759fa79e3447cad6bb69c5 100644
--- a/settings/templates/users.php
+++ b/settings/templates/users.php
@@ -14,49 +14,49 @@ unset($items['admin']);
$_['subadmingroups'] = array_flip($items);
?>
-<script type="text/javascript" src="<?php echo OC_Helper::linkToRoute('isadmin');?>"></script>
+<script type="text/javascript" src="<?php print_unescaped(OC_Helper::linkToRoute('isadmin'));?>"></script>
<div id="controls">
<form id="newuser" autocomplete="off">
- <input id="newusername" type="text" placeholder="<?php echo $l->t('Login Name')?>" /> <input
+ <input id="newusername" type="text" placeholder="<?php p($l->t('Login Name'))?>" /> <input
type="password" id="newuserpassword"
- placeholder="<?php echo $l->t('Password')?>" /> <select
+ placeholder="<?php p($l->t('Password'))?>" /> <select
class="groupsselect"
id="newusergroups" data-placeholder="groups"
- title="<?php echo $l->t('Groups')?>" multiple="multiple">
+ title="<?php p($l->t('Groups'))?>" multiple="multiple">
<?php foreach($_["groups"] as $group): ?>
- <option value="<?php echo $group['name'];?>">
- <?php echo $group['name'];?>
+ <option value="<?php p($group['name']);?>">
+ <?php p($group['name']);?>
</option>
<?php endforeach;?>
- </select> <input type="submit" value="<?php echo $l->t('Create')?>" />
+ </select> <input type="submit" value="<?php p($l->t('Create'))?>" />
</form>
<div class="quota">
- <span><?php echo $l->t('Default Storage');?></span>
+ <span><?php p($l->t('Default Storage'));?></span>
<?php if((bool) $_['isadmin']): ?>
<select class='quota'>
<option
- <?php if($_['default_quota']=='none') echo 'selected="selected"';?>
+ <?php if($_['default_quota']=='none') print_unescaped('selected="selected"');?>
value='none'>
- <?php echo $l->t('Unlimited');?>
+ <?php p($l->t('Unlimited'));?>
</option>
<?php foreach($_['quota_preset'] as $preset):?>
<?php if($preset!='default'):?>
<option
- <?php if($_['default_quota']==$preset) echo 'selected="selected"';?>
- value='<?php echo $preset;?>'>
- <?php echo $preset;?>
+ <?php if($_['default_quota']==$preset) print_unescaped('selected="selected"');?>
+ value='<?php p($preset);?>'>
+ <?php p($preset);?>
</option>
<?php endif;?>
<?php endforeach;?>
<?php if($_['defaultQuotaIsUserDefined']):?>
<option selected="selected"
- value='<?php echo $_['default_quota'];?>'>
- <?php echo $_['default_quota'];?>
+ value='<?php p($_['default_quota']);?>'>
+ <?php p($_['default_quota']);?>
</option>
<?php endif;?>
<option value='other'>
- <?php echo $l->t('Other');?>
+ <?php p($l->t('Other'));?>
...
</option>
</select>
@@ -64,49 +64,49 @@ $_['subadmingroups'] = array_flip($items);
<?php if((bool) !$_['isadmin']): ?>
<select class='quota' disabled="disabled">
<option selected="selected">
- <?php echo $_['default_quota'];?>
+ <?php p($_['default_quota']);?>
</option>
</select>
<?php endif; ?>
</div>
</div>
-<table class="hascontrols" data-groups="<?php echo implode(', ', $allGroups);?>">
+<table class="hascontrols" data-groups="<?php p(implode(', ', $allGroups));?>">
<thead>
<tr>
- <th id='headerName'><?php echo $l->t('Login Name')?></th>
- <th id="headerDisplayName"><?php echo $l->t( 'Display Name' ); ?></th>
- <th id="headerPassword"><?php echo $l->t( 'Password' ); ?></th>
- <th id="headerGroups"><?php echo $l->t( 'Groups' ); ?></th>
+ <th id='headerName'><?php p($l->t('Login Name'))?></th>
+ <th id="headerDisplayName"><?php p($l->t( 'Display Name' )); ?></th>
+ <th id="headerPassword"><?php p($l->t( 'Password' )); ?></th>
+ <th id="headerGroups"><?php p($l->t( 'Groups' )); ?></th>
<?php if(is_array($_['subadmins']) || $_['subadmins']): ?>
- <th id="headerSubAdmins"><?php echo $l->t('Group Admin'); ?></th>
+ <th id="headerSubAdmins"><?php p($l->t('Group Admin')); ?></th>
<?php endif;?>
- <th id="headerQuota"><?php echo $l->t('Storage'); ?></th>
+ <th id="headerQuota"><?php p($l->t('Storage')); ?></th>
<th id="headerRemove"> </th>
</tr>
</thead>
<tbody>
<?php foreach($_["users"] as $user): ?>
- <tr data-uid="<?php echo $user["name"] ?>"
- data-displayName="<?php echo $user["displayName"] ?>">
- <td class="name"><?php echo $user["name"]; ?></td>
- <td class="displayName"><span><?php echo $user["displayName"]; ?></span> <img class="svg action"
- src="<?php echo image_path('core', 'actions/rename.svg')?>"
- alt="<?php echo $l->t("change display name")?>" title="<?php echo $l->t("change display name")?>"/>
+ <tr data-uid="<?php p($user["name"]) ?>"
+ data-displayName="<?php p($user["displayName"]) ?>">
+ <td class="name"><?php p($user["name"]); ?></td>
+ <td class="displayName"><span><?php p($user["displayName"]); ?></span> <img class="svg action"
+ src="<?php p(image_path('core', 'actions/rename.svg'))?>"
+ alt="<?php p($l->t("change display name"))?>" title="<?php p($l->t("change display name"))?>"/>
</td>
<td class="password"><span>â—â—â—â—â—â—â—</span> <img class="svg action"
- src="<?php echo image_path('core', 'actions/rename.svg')?>"
- alt="<?php echo $l->t("set new password")?>" title="<?php echo $l->t("set new password")?>"/>
+ src="<?php print_unescaped(image_path('core', 'actions/rename.svg'))?>"
+ alt="<?php p($l->t("set new password"))?>" title="<?php p($l->t("set new password"))?>"/>
</td>
<td class="groups"><select
class="groupsselect"
- data-username="<?php echo $user['name'] ;?>"
- data-user-groups="<?php echo $user['groups'] ;?>"
- data-placeholder="groups" title="<?php echo $l->t('Groups')?>"
+ data-username="<?php p($user['name']) ;?>"
+ data-user-groups="<?php p($user['groups']) ;?>"
+ data-placeholder="groups" title="<?php p($l->t('Groups'))?>"
multiple="multiple">
<?php foreach($_["groups"] as $group): ?>
- <option value="<?php echo $group['name'];?>">
- <?php echo $group['name'];?>
+ <option value="<?php p($group['name']);?>">
+ <?php p($group['name']);?>
</option>
<?php endforeach;?>
</select>
@@ -114,13 +114,13 @@ $_['subadmingroups'] = array_flip($items);
<?php if(is_array($_['subadmins']) || $_['subadmins']): ?>
<td class="subadmins"><select
class="subadminsselect"
- data-username="<?php echo $user['name'] ;?>"
- data-subadmin="<?php echo $user['subadmin'] ;?>"
- data-placeholder="subadmins" title="<?php echo $l->t('Group Admin')?>"
+ data-username="<?php p($user['name']) ;?>"
+ data-subadmin="<?php p($user['subadmin']);?>"
+ data-placeholder="subadmins" title="<?php p($l->t('Group Admin'))?>"
multiple="multiple">
<?php foreach($_["subadmingroups"] as $group): ?>
- <option value="<?php echo $group;?>">
- <?php echo $group;?>
+ <option value="<?php p($group);?>">
+ <?php p($group);?>
</option>
<?php endforeach;?>
</select>
@@ -129,37 +129,37 @@ $_['subadmingroups'] = array_flip($items);
<td class="quota">
<select class='quota-user'>
<option
- <?php if($user['quota']=='default') echo 'selected="selected"';?>
+ <?php if($user['quota']=='default') print_unescaped('selected="selected"');?>
value='default'>
- <?php echo $l->t('Default');?>
+ <?php p($l->t('Default'));?>
</option>
<option
- <?php if($user['quota']=='none') echo 'selected="selected"';?>
+ <?php if($user['quota']=='none') print_unescaped('selected="selected"');?>
value='none'>
- <?php echo $l->t('Unlimited');?>
+ <?php p($l->t('Unlimited'));?>
</option>
<?php foreach($_['quota_preset'] as $preset):?>
<option
- <?php if($user['quota']==$preset) echo 'selected="selected"';?>
- value='<?php echo $preset;?>'>
- <?php echo $preset;?>
+ <?php if($user['quota']==$preset) print_unescaped('selected="selected"');?>
+ value='<?php p($preset);?>'>
+ <?php p($preset);?>
</option>
<?php endforeach;?>
<?php if($user['isQuotaUserDefined']):?>
- <option selected="selected" value='<?php echo $user['quota'];?>'>
- <?php echo $user['quota'];?>
+ <option selected="selected" value='<?php p($user['quota']);?>'>
+ <?php p($user['quota']);?>
</option>
<?php endif;?>
<option value='other' data-new>
- <?php echo $l->t('Other');?>
+ <?php p($l->t('Other'));?>
...
</option>
</select>
</td>
<td class="remove">
<?php if($user['name']!=OC_User::getUser()):?>
- <a href="#" class="action delete" original-title="<?php echo $l->t('Delete')?>">
- <img src="<?php echo image_path('core', 'actions/delete.svg') ?>" class="svg" />
+ <a href="#" class="action delete" original-title="<?php p($l->t('Delete'))?>">
+ <img src="<?php print_unescaped(image_path('core', 'actions/delete.svg')) ?>" class="svg" />
</a>
<?php endif;?>
</td>