From b432ea29c9d99a386077c738d6e29d4bc093c15f Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Wed, 4 Feb 2015 16:25:37 +0100
Subject: [PATCH] Add `rel="noreferrer"` where possible and switch to HTTPS

Just to follow good practise and prevent some automated scanners to complain about "Cross-domain Referer leakage".
---
 core/templates/layout.base.php  | 2 +-
 core/templates/layout.guest.php | 2 +-
 core/templates/layout.user.php  | 2 +-
 settings/templates/admin.php    | 2 +-
 settings/templates/help.php     | 8 ++++----
 settings/templates/personal.php | 8 ++++----
 6 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/core/templates/layout.base.php b/core/templates/layout.base.php
index 96229fd370a..768a965599b 100644
--- a/core/templates/layout.base.php
+++ b/core/templates/layout.base.php
@@ -24,7 +24,7 @@
 		<?php print_unescaped($_['headers']); ?>
 	</head>
 	<body id="body-public">
-		<noscript><div id="nojavascript"><div><?php print_unescaped($l->t('This application requires JavaScript for correct operation. Please <a href="http://enable-javascript.com/" target="_blank">enable JavaScript</a> and reload the page.')); ?></div></div></noscript>
+		<noscript><div id="nojavascript"><div><?php print_unescaped($l->t('This application requires JavaScript for correct operation. Please <a href="http://enable-javascript.com/" target="_blank" rel="noreferrer">enable JavaScript</a> and reload the page.')); ?></div></div></noscript>
 		<?php print_unescaped($_['content']); ?>
 	</body>
 </html>
diff --git a/core/templates/layout.guest.php b/core/templates/layout.guest.php
index c799205b7cf..19b89e47e5e 100644
--- a/core/templates/layout.guest.php
+++ b/core/templates/layout.guest.php
@@ -25,7 +25,7 @@
 		<?php print_unescaped($_['headers']); ?>
 	</head>
 	<body id="<?php p($_['bodyid']);?>">
-		<noscript><div id="nojavascript"><div><?php print_unescaped($l->t('This application requires JavaScript for correct operation. Please <a href="http://enable-javascript.com/" target="_blank">enable JavaScript</a> and reload the page.')); ?></div></div></noscript>
+		<noscript><div id="nojavascript"><div><?php print_unescaped($l->t('This application requires JavaScript for correct operation. Please <a href="http://enable-javascript.com/" target="_blank" rel="noreferrer">enable JavaScript</a> and reload the page.')); ?></div></div></noscript>
 		<div class="wrapper"><!-- for sticky footer -->
 			<div class="v-align"><!-- vertically centred box -->
 				<?php if ($_['bodyid'] === 'body-login' ): ?>
diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php
index 4ffec917c9b..34fad7e6cd2 100644
--- a/core/templates/layout.user.php
+++ b/core/templates/layout.user.php
@@ -32,7 +32,7 @@
 		<?php print_unescaped($_['headers']); ?>
 	</head>
 	<body id="<?php p($_['bodyid']);?>">
-	<noscript><div id="nojavascript"><div><?php print_unescaped($l->t('This application requires JavaScript for correct operation. Please <a href="http://enable-javascript.com/" target="_blank">enable JavaScript</a> and reload the page.')); ?></div></div></noscript>
+	<noscript><div id="nojavascript"><div><?php print_unescaped($l->t('This application requires JavaScript for correct operation. Please <a href="http://enable-javascript.com/" target="_blank" rel="noreferrer">enable JavaScript</a> and reload the page.')); ?></div></div></noscript>
 	<div id="notification-container">
 		<div id="notification"></div>
 		<?php if ($_['updateAvailable']): ?>
diff --git a/settings/templates/admin.php b/settings/templates/admin.php
index 65c6359e509..55887b0df46 100644
--- a/settings/templates/admin.php
+++ b/settings/templates/admin.php
@@ -517,7 +517,7 @@ if ($_['suggestedOverwriteCliUrl']) {
 	<strong><?php p($theme->getTitle()); ?></strong> <?php p(OC_Util::getHumanVersion()) ?>
 <?php if (OC_Util::getEditionString() === ''): ?>
 	<p>
-		<?php print_unescaped($l->t('Developed by the <a href="http://ownCloud.org/contact" target="_blank">ownCloud community</a>, the <a href="https://github.com/owncloud" target="_blank">source code</a> is licensed under the <a href="http://www.gnu.org/licenses/agpl-3.0.html" target="_blank"><abbr title="Affero General Public License">AGPL</abbr></a>.')); ?>
+		<?php print_unescaped($l->t('Developed by the <a href="https://owncloud.org/contact" target="_blank" rel="noreferrer">ownCloud community</a>, the <a href="https://github.com/owncloud" target="_blank" rel="noreferrer">source code</a> is licensed under the <a href="https://www.gnu.org/licenses/agpl-3.0.html" target="_blank" rel="noreferrer"><abbr title="Affero General Public License">AGPL</abbr></a>.')); ?>
 	</p>
 <?php endif; ?>
 </div>
diff --git a/settings/templates/help.php b/settings/templates/help.php
index 403dde30dae..f559329c6bb 100644
--- a/settings/templates/help.php
+++ b/settings/templates/help.php
@@ -16,12 +16,12 @@
 	<?php } ?>
 
 		<li>
-			<a href="http://owncloud.org/support" target="_blank">
+			<a href="https://owncloud.org/support" target="_blank" rel="noreferrer">
 				<?php p($l->t( 'Online Documentation' )); ?> â†—
 			</a>
 		</li>
 		<li>
-			<a href="https://forum.owncloud.org" target="_blank">
+			<a href="https://forum.owncloud.org" target="_blank" rel="noreferrer">
 				<?php p($l->t( 'Forum' )); ?> â†—
 			</a>
 		</li>
@@ -29,14 +29,14 @@
 	<?php if($_['admin']) { ?>
 		<li>
 			<a href="https://github.com/owncloud/core/blob/master/CONTRIBUTING.md"
-				target="_blank">
+				target="_blank" rel="noreferrer">
 				<?php p($l->t( 'Bugtracker' )); ?> â†—
 			</a>
 		</li>
 	<?php } ?>
 
 	<li>
-		<a href="https://owncloud.com" target="_blank">
+		<a href="https://owncloud.com" target="_blank" rel="noreferrer">
 			<?php p($l->t( 'Commercial Support' )); ?> â†—
 		</a>
 	</li>
diff --git a/settings/templates/personal.php b/settings/templates/personal.php
index 3bd5971f44e..d6bc1d2bb5c 100644
--- a/settings/templates/personal.php
+++ b/settings/templates/personal.php
@@ -40,10 +40,10 @@
 	<p class="center">
 		<?php print_unescaped($l->t('If you want to support the project
 		<a href="https://owncloud.org/contribute"
-			target="_blank">join development</a>
+			target="_blank" rel="noreferrer">join development</a>
 		or
 		<a href="https://owncloud.org/promote"
-			target="_blank">spread the word</a>!'));?>
+			target="_blank" rel="noreferrer">spread the word</a>!'));?>
 	</p>
 	<?php endif; ?>
 
@@ -181,7 +181,7 @@ if($_['passwordChangeSupported']) {
 	</select>
 	<?php if (OC_Util::getEditionString() === ''): ?>
 	<a href="https://www.transifex.com/projects/p/owncloud/team/<?php p($_['activelanguage']['code']);?>/"
-		target="_blank">
+		target="_blank" rel="noreferrer">
 		<em><?php p($l->t('Help translate'));?></em>
 	</a>
 	<?php endif; ?>
@@ -287,7 +287,7 @@ if($_['passwordChangeSupported']) {
 	<h2><?php p($l->t('Version'));?></h2>
 	<strong><?php p($theme->getTitle()); ?></strong> <?php p(OC_Util::getHumanVersion()) ?><br />
 <?php if (OC_Util::getEditionString() === ''): ?>
-	<?php print_unescaped($l->t('Developed by the <a href="http://ownCloud.org/contact" target="_blank">ownCloud community</a>, the <a href="https://github.com/owncloud" target="_blank">source code</a> is licensed under the <a href="http://www.gnu.org/licenses/agpl-3.0.html" target="_blank"><abbr title="Affero General Public License">AGPL</abbr></a>.')); ?>
+	<?php print_unescaped($l->t('Developed by the <a href="https://owncloud.org/contact" target="_blank" rel="noreferrer">ownCloud community</a>, the <a href="https://github.com/owncloud" target="_blank" rel="noreferrer">source code</a> is licensed under the <a href="https://www.gnu.org/licenses/agpl-3.0.html" target="_blank" rel="noreferrer"><abbr title="Affero General Public License">AGPL</abbr></a>.')); ?>
 <?php endif; ?>
 </div>
 
-- 
GitLab