Correctly escape the footer description from theming

Signed-off-by: Joas Schilling <coding@schilljs.com>

Correctly escape the footer description from theming
e8750f61 · Joas Schilling · 57c1be86 · e8750f61 · e8750f61
Unverified Commit e8750f61 authored 8 years ago by Joas Schilling
--- a/apps/files_sharing/templates/public.php
+++ b/apps/files_sharing/templates/public.php
@@ -120,7 +120,7 @@ $maxUploadFilesize = min($upload_max_filesize, $post_max_size);
 	<input type="hidden" name="dir" id="dir" value="" />
 	<div class="hiddenuploadfield">
 	<input type="file" id="file_upload_start" class="hiddenuploadfield" name="files[]"
-		data-url="<?php print_unescaped(OCP\Util::linkTo('files', 'ajax/upload.php')); ?>" />
+		data-url="<?php p(OCP\Util::linkTo('files', 'ajax/upload.php')); ?>" />
 	</div>
 	<?php endif; ?>
 	<footer>

--- a/apps/theming/lib/ThemingDefaults.php
+++ b/apps/theming/lib/ThemingDefaults.php
@@ -81,7 +81,7 @@ class ThemingDefaults extends \OC_Defaults {
 	}

 	public function getName() {
-		return $this->config->getAppValue('theming', 'name', $this->name);
+		return strip_tags($this->config->getAppValue('theming', 'name', $this->name));
 	}

 	public function getHTMLName() {
@@ -89,11 +89,11 @@ class ThemingDefaults extends \OC_Defaults {
 	}

 	public function getTitle() {
-		return $this->config->getAppValue('theming', 'name', $this->name);
+		return $this->getName();
 	}

 	public function getEntity() {
-		return $this->config->getAppValue('theming', 'name', $this->name);
+		return $this->getName();
 	}

 	public function getBaseUrl() {
@@ -101,7 +101,7 @@ class ThemingDefaults extends \OC_Defaults {
 	}

 	public function getSlogan() {
-		return $this->config->getAppValue('theming', 'slogan', $this->slogan);
+		return \OC_Util::sanitizeHTML($this->config->getAppValue('theming', 'slogan', $this->slogan));
 	}

 	public function getShortFooter() {