From 34739b7ec5b5bb26f993704b169937d3f04ed7c7 Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Thu, 21 Jun 2012 13:57:18 +0200
Subject: [PATCH] use new sanitizeHTML() function

---
 apps/bookmarks/templates/list.php | 2 +-
 core/templates/layout.user.php    | 2 +-
 core/templates/login.php          | 2 +-
 settings/ajax/togglegroups.php    | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/apps/bookmarks/templates/list.php b/apps/bookmarks/templates/list.php
index fdd2b19f79..1ed79264d0 100644
--- a/apps/bookmarks/templates/list.php
+++ b/apps/bookmarks/templates/list.php
@@ -7,7 +7,7 @@
  * See the COPYING-README file.
  */
 ?>
-<input type="hidden" id="bookmarkFilterTag" value="<?php if(isset($_GET['tag'])) echo htmlentities($_GET['tag'],ENT_COMPAT,'utf-8'); ?>" />
+<input type="hidden" id="bookmarkFilterTag" value="<?php if(isset($_GET['tag'])) echo OCP\Util::sanitizeHTML($_GET['tag']); ?>" />
 <div id="controls">
 	<input type="hidden" id="bookmark_add_id" value="0" />
 	<input type="text" id="bookmark_add_url" placeholder="<?php echo $l->t('Address'); ?>" class="bookmarks_input" />
diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php
index 500ac9beda..660c9522c7 100644
--- a/core/templates/layout.user.php
+++ b/core/templates/layout.user.php
@@ -47,7 +47,7 @@
 			<a href="<?php echo link_to('', 'index.php'); ?>" title="" id="owncloud"><img class="svg" src="<?php echo image_path('', 'logo-wide.svg'); ?>" alt="ownCloud" /></a>
 			<a class="header-right header-action" id="logout" href="<?php echo link_to('', 'index.php'); ?>?logout=true"><img class="svg" alt="<?php echo $l->t('Log out');?>" title="<?php echo $l->t('Log out');?>" src="<?php echo image_path('', 'actions/logout.svg'); ?>" /></a>
 			<form class="searchbox header-right" action="#" method="post">
-				<input id="searchbox" class="svg" type="search" name="query" value="<?php if(isset($_POST['query'])){echo htmlentities($_POST['query']);};?>" autocomplete="off" />
+				<input id="searchbox" class="svg" type="search" name="query" value="<?php if(isset($_POST['query'])){echo OC_Util::sanitizeHTML($_POST['query']);};?>" autocomplete="off" />
 			</form>
 		</div></header>
 
diff --git a/core/templates/login.php b/core/templates/login.php
index a40bf5c330..985cf90c2a 100644
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -7,7 +7,7 @@
 		<?php endif; ?>
 		<p class="infield">
 			<label for="user" class="infield"><?php echo $l->t( 'Username' ); ?></label>
-			<input type="text" name="user" id="user" value="<?php echo !empty($_POST['user'])?htmlentities($_POST['user'],ENT_COMPAT,'utf-8').'"':'" autofocus'; ?> autocomplete="off" required />
+			<input type="text" name="user" id="user" value="<?php echo !empty($_POST['user'])?OC_Util::sanitizeHTML($_POST['user'],ENT_COMPAT,'utf-8').'"':'" autofocus'; ?> autocomplete="off" required />
 		</p>
 		<p class="infield">
 			<label for="password" class="infield"><?php echo $l->t( 'Password' ); ?></label>
diff --git a/settings/ajax/togglegroups.php b/settings/ajax/togglegroups.php
index f76e22f51d..7773c1049c 100644
--- a/settings/ajax/togglegroups.php
+++ b/settings/ajax/togglegroups.php
@@ -10,7 +10,7 @@ $error = "add user to";
 $action = "add";
 
 $username = $_POST["username"];
-$group = htmlentities($_POST["group"]);
+$group = OC_Util::sanitizeHTML($_POST["group"]);
 
 if(!OC_Group::groupExists($group)){
 	OC_Group::createGroup($group);
-- 
GitLab