From 9309217ecb760a9070d9b69c051e167888aa5458 Mon Sep 17 00:00:00 2001
From: Morris Jobke <hey@morrisjobke.de>
Date: Mon, 8 May 2017 21:16:08 -0500
Subject: [PATCH] Fix escaped HTML on error pages

* fixes #4655

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
---
 lib/base.php                |  5 ++---
 lib/private/Config.php      |  3 +--
 lib/private/legacy/util.php | 20 ++++++++------------
 3 files changed, 11 insertions(+), 17 deletions(-)

diff --git a/lib/base.php b/lib/base.php
index 41e4ef9573c..69ea6e54c2d 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -246,9 +246,8 @@ class OC {
 			} else {
 				OC_Template::printErrorPage(
 					$l->t('Cannot write into "config" directory!'),
-					$l->t('This can usually be fixed by '
-					. '%sgiving the webserver write access to the config directory%s.',
-					 array('<a href="' . $urlGenerator->linkToDocs('admin-dir_permissions') . '" target="_blank" rel="noreferrer">', '</a>'))
+					$l->t('This can usually be fixed by giving the webserver write access to the config directory. See %s',
+					 [ $urlGenerator->linkToDocs('admin-dir_permissions') ])
 				);
 			}
 		}
diff --git a/lib/private/Config.php b/lib/private/Config.php
index f15854b6113..b4fe9e03d23 100644
--- a/lib/private/Config.php
+++ b/lib/private/Config.php
@@ -249,8 +249,7 @@ class Config {
 			$url = \OC::$server->getURLGenerator()->linkToDocs('admin-dir_permissions');
 			throw new HintException(
 				"Can't write into config directory!",
-				'This can usually be fixed by '
-				.'<a href="' . $url . '" target="_blank" rel="noreferrer">giving the webserver write access to the config directory</a>.');
+				'This can usually be fixed by giving the webserver write access to the config directory. See ' . $url);
 		}
 
 		// Try to acquire a file lock
diff --git a/lib/private/legacy/util.php b/lib/private/legacy/util.php
index d49599cb8a1..7750e84f065 100644
--- a/lib/private/legacy/util.php
+++ b/lib/private/legacy/util.php
@@ -669,9 +669,8 @@ class OC_Util {
 			if (!is_writable(OC::$configDir) or !is_readable(OC::$configDir)) {
 				$errors[] = array(
 					'error' => $l->t('Cannot write into "config" directory'),
-					'hint' => $l->t('This can usually be fixed by '
-						. '%sgiving the webserver write access to the config directory%s.',
-						array('<a href="' . $urlGenerator->linkToDocs('admin-dir_permissions') . '" target="_blank" rel="noreferrer">', '</a>'))
+					'hint' => $l->t('This can usually be fixed by giving the webserver write access to the config directory. See %s',
+						[$urlGenerator->linkToDocs('admin-dir_permissions')])
 				);
 			}
 		}
@@ -684,10 +683,9 @@ class OC_Util {
 			) {
 				$errors[] = array(
 					'error' => $l->t('Cannot write into "apps" directory'),
-					'hint' => $l->t('This can usually be fixed by '
-						. '%sgiving the webserver write access to the apps directory%s'
-						. ' or disabling the appstore in the config file.',
-						array('<a href="' . $urlGenerator->linkToDocs('admin-dir_permissions') . '" target="_blank" rel="noreferrer">', '</a>'))
+					'hint' => $l->t('This can usually be fixed by giving the webserver write access to the apps directory'
+						. ' or disabling the appstore in the config file. See %s',
+						[$urlGenerator->linkToDocs('admin-dir_permissions')])
 				);
 			}
 		}
@@ -700,16 +698,14 @@ class OC_Util {
 				} else {
 					$errors[] = [
 						'error' => $l->t('Cannot create "data" directory'),
-						'hint' => $l->t('This can usually be fixed by '
-							. '<a href="%s" target="_blank" rel="noreferrer">giving the webserver write access to the root directory</a>.',
+						'hint' => $l->t('This can usually be fixed by giving the webserver write access to the root directory. See %s',
 							[$urlGenerator->linkToDocs('admin-dir_permissions')])
 					];
 				}
 			} else if (!is_writable($CONFIG_DATADIRECTORY) or !is_readable($CONFIG_DATADIRECTORY)) {
 				//common hint for all file permissions error messages
-				$permissionsHint = $l->t('Permissions can usually be fixed by '
-					. '%sgiving the webserver write access to the root directory%s.',
-					['<a href="' . $urlGenerator->linkToDocs('admin-dir_permissions') . '" target="_blank" rel="noreferrer">', '</a>']);
+				$permissionsHint = $l->t('Permissions can usually be fixed by giving the webserver write access to the root directory. See %.',
+					[$urlGenerator->linkToDocs('admin-dir_permissions')]);
 				$errors[] = [
 					'error' => 'Your data directory is not writable',
 					'hint' => $permissionsHint
-- 
GitLab