From e8750f618b56c805015f2251f3ec707e2cf2f39b Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Thu, 16 Mar 2017 15:01:50 +0100
Subject: [PATCH] Correctly escape the footer description from theming

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 apps/files_sharing/templates/public.php | 2 +-
 apps/theming/lib/ThemingDefaults.php    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/files_sharing/templates/public.php b/apps/files_sharing/templates/public.php
index dd2ea855b0b..123a5cb4f53 100644
--- a/apps/files_sharing/templates/public.php
+++ b/apps/files_sharing/templates/public.php
@@ -120,7 +120,7 @@ $maxUploadFilesize = min($upload_max_filesize, $post_max_size);
 	<input type="hidden" name="dir" id="dir" value="" />
 	<div class="hiddenuploadfield">
 	<input type="file" id="file_upload_start" class="hiddenuploadfield" name="files[]"
-		data-url="<?php print_unescaped(OCP\Util::linkTo('files', 'ajax/upload.php')); ?>" />
+		data-url="<?php p(OCP\Util::linkTo('files', 'ajax/upload.php')); ?>" />
 	</div>
 	<?php endif; ?>
 	<footer>
diff --git a/apps/theming/lib/ThemingDefaults.php b/apps/theming/lib/ThemingDefaults.php
index 36f19157637..b84f7b25318 100644
--- a/apps/theming/lib/ThemingDefaults.php
+++ b/apps/theming/lib/ThemingDefaults.php
@@ -81,7 +81,7 @@ class ThemingDefaults extends \OC_Defaults {
 	}
 
 	public function getName() {
-		return $this->config->getAppValue('theming', 'name', $this->name);
+		return strip_tags($this->config->getAppValue('theming', 'name', $this->name));
 	}
 
 	public function getHTMLName() {
@@ -89,11 +89,11 @@ class ThemingDefaults extends \OC_Defaults {
 	}
 
 	public function getTitle() {
-		return $this->config->getAppValue('theming', 'name', $this->name);
+		return $this->getName();
 	}
 
 	public function getEntity() {
-		return $this->config->getAppValue('theming', 'name', $this->name);
+		return $this->getName();
 	}
 
 	public function getBaseUrl() {
@@ -101,7 +101,7 @@ class ThemingDefaults extends \OC_Defaults {
 	}
 
 	public function getSlogan() {
-		return $this->config->getAppValue('theming', 'slogan', $this->slogan);
+		return \OC_Util::sanitizeHTML($this->config->getAppValue('theming', 'slogan', $this->slogan));
 	}
 
 	public function getShortFooter() {
-- 
GitLab