diff --git a/apps/files/index.php b/apps/files/index.php
index 434e98c6ea847a8b2f2316c570685be84b1446d4..20fbf7f93be9a1232f271188c10c5f28da047976 100644
--- a/apps/files/index.php
+++ b/apps/files/index.php
@@ -90,13 +90,13 @@ foreach (explode('/', $dir) as $i) {
// make breadcrumb und filelist markup
$list = new OCP\Template('files', 'part.list', '');
-$list->assign('files', $files, false);
-$list->assign('baseURL', OCP\Util::linkTo('files', 'index.php') . '?dir=', false);
-$list->assign('downloadURL', OCP\Util::linkToRoute('download', array('file' => '/')), false);
+$list->assign('files', $files);
+$list->assign('baseURL', OCP\Util::linkTo('files', 'index.php') . '?dir=');
+$list->assign('downloadURL', OCP\Util::linkToRoute('download', array('file' => '/')));
$list->assign('disableSharing', false);
$breadcrumbNav = new OCP\Template('files', 'part.breadcrumb', '');
-$breadcrumbNav->assign('breadcrumb', $breadcrumb, false);
-$breadcrumbNav->assign('baseURL', OCP\Util::linkTo('files', 'index.php') . '?dir=', false);
+$breadcrumbNav->assign('breadcrumb', $breadcrumb);
+$breadcrumbNav->assign('baseURL', OCP\Util::linkTo('files', 'index.php') . '?dir=');
$permissions = OCP\PERMISSION_READ;
if (\OC\Files\Filesystem::isCreatable($dir . '/')) {
@@ -125,8 +125,8 @@ if ($needUpgrade) {
OCP\Util::addscript('files', 'files');
OCP\Util::addscript('files', 'keyboardshortcuts');
$tmpl = new OCP\Template('files', 'index', 'user');
- $tmpl->assign('fileList', $list->fetchPage(), false);
- $tmpl->assign('breadcrumb', $breadcrumbNav->fetchPage(), false);
+ $tmpl->assign('fileList', $list->fetchPage());
+ $tmpl->assign('breadcrumb', $breadcrumbNav->fetchPage());
$tmpl->assign('dir', \OC\Files\Filesystem::normalizePath($dir));
$tmpl->assign('isCreatable', \OC\Files\Filesystem::isCreatable($dir . '/'));
$tmpl->assign('permissions', $permissions);
diff --git a/apps/files/templates/admin.php b/apps/files/templates/admin.php
index ad69b5519d9a616a354256f4aea247ce3428d5b0..0ab931a467cbb5f51b9fb65524cb8e417ad8cac9 100644
--- a/apps/files/templates/admin.php
+++ b/apps/files/templates/admin.php
@@ -2,27 +2,27 @@
<form name="filesForm" action='#' method='post'>
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('File handling');?></strong></legend>
+ <legend><strong><?php p($l->t('File handling')); ?></strong></legend>
<?php if($_['uploadChangable']):?>
- <label for="maxUploadSize"><?php echo $l->t( 'Maximum upload size' ); ?> </label>
- <input name='maxUploadSize' id="maxUploadSize" value='<?php echo $_['uploadMaxFilesize'] ?>'/>
+ <label for="maxUploadSize"><?php p($l->t( 'Maximum upload size' )); ?> </label>
+ <input name='maxUploadSize' id="maxUploadSize" value='<?php p($_['uploadMaxFilesize']) ?>'/>
<?php if($_['displayMaxPossibleUploadSize']):?>
- (<?php echo $l->t('max. possible: '); echo $_['maxPossibleUploadSize'] ?>)
+ (<?php p($l->t('max. possible: ')); p($_['maxPossibleUploadSize']) ?>)
<?php endif;?>
<br/>
<?php endif;?>
<input type="checkbox" name="allowZipDownload" id="allowZipDownload" value="1"
- title="<?php echo $l->t( 'Needed for multi-file and folder downloads.' ); ?>"
+ title="<?php p($l->t( 'Needed for multi-file and folder downloads.' )); ?>"
<?php if ($_['allowZipDownload']): ?> checked="checked"<?php endif; ?> />
- <label for="allowZipDownload"><?php echo $l->t( 'Enable ZIP-download' ); ?></label><br/>
+ <label for="allowZipDownload"><?php p($l->t( 'Enable ZIP-download' )); ?></label><br/>
- <input name="maxZipInputSize" id="maxZipInputSize" style="width:180px;" value='<?php echo $_['maxZipInputSize'] ?>'
- title="<?php echo $l->t( '0 is unlimited' ); ?>"
+ <input name="maxZipInputSize" id="maxZipInputSize" style="width:180px;" value='<?php p($_['maxZipInputSize']) ?>'
+ title="<?php p($l->t( '0 is unlimited' )); ?>"
<?php if (!$_['allowZipDownload']): ?> disabled="disabled"<?php endif; ?> /><br />
- <em><?php echo $l->t( 'Maximum input size for ZIP files' ); ?> </em><br />
+ <em><?php p($l->t( 'Maximum input size for ZIP files' )); ?> </em><br />
- <input type="hidden" value="<?php echo $_['requesttoken']; ?>" name="requesttoken" />
+ <input type="hidden" value="<?php p($_['requesttoken']); ?>" name="requesttoken" />
<input type="submit" name="submitFilesAdminSettings" id="submitFilesAdminSettings"
- value="<?php echo $l->t( 'Save' ); ?>"/>
+ value="<?php p($l->t( 'Save' )); ?>"/>
</fieldset>
</form>
diff --git a/apps/files/templates/index.php b/apps/files/templates/index.php
index 5053dff95e5af2c95324213aaa71bf8c8b83640d..78c0901c110caafb9f298127f369d0131ed185dd 100644
--- a/apps/files/templates/index.php
+++ b/apps/files/templates/index.php
@@ -1,63 +1,63 @@
<!--[if IE 8]><style>input[type="checkbox"]{padding:0;}table td{position:static !important;}</style><![endif]-->
<div id="controls">
- <?php echo($_['breadcrumb']); ?>
+ <?php print_unescaped($_['breadcrumb']); ?>
<?php if ($_['isCreatable']):?>
<div class="actions <?php if (isset($_['files']) and count($_['files'])==0):?>emptyfolder<?php endif; ?>">
<div id="new" class="button">
- <a><?php echo $l->t('New');?></a>
+ <a><?php p($l->t('New'));?></a>
<ul>
- <li style="background-image:url('<?php echo OCP\mimetype_icon('text/plain') ?>')"
- data-type='file'><p><?php echo $l->t('Text file');?></p></li>
- <li style="background-image:url('<?php echo OCP\mimetype_icon('dir') ?>')"
- data-type='folder'><p><?php echo $l->t('Folder');?></p></li>
- <li style="background-image:url('<?php echo OCP\image_path('core', 'actions/public.png') ?>')"
- data-type='web'><p><?php echo $l->t('From link');?></p></li>
+ <li style="background-image:url('<?php p(OCP\mimetype_icon('text/plain')) ?>')"
+ data-type='file'><p><?php p($l->t('Text file'));?></p></li>
+ <li style="background-image:url('<?php p(OCP\mimetype_icon('dir')) ?>')"
+ data-type='folder'><p><?php p($l->t('Folder'));?></p></li>
+ <li style="background-image:url('<?php p(OCP\image_path('core', 'actions/public.png')) ?>')"
+ data-type='web'><p><?php p($l->t('From link'));?></p></li>
</ul>
</div>
<div id="upload" class="button"
- title="<?php echo $l->t('Upload') . ' max. '.$_['uploadMaxHumanFilesize'] ?>">
+ title="<?php p($l->t('Upload') . ' max. '.$_['uploadMaxHumanFilesize']) ?>">
<form data-upload-id='1'
id="data-upload-form"
class="file_upload_form"
- action="<?php echo OCP\Util::linkTo('files', 'ajax/upload.php'); ?>"
+ action="<?php print_unescaped(OCP\Util::linkTo('files', 'ajax/upload.php')); ?>"
method="post"
enctype="multipart/form-data"
target="file_upload_target_1">
<input type="hidden" name="MAX_FILE_SIZE" id="max_upload"
- value="<?php echo $_['uploadMaxFilesize'] ?>">
+ value="<?php p($_['uploadMaxFilesize']) ?>">
<!-- Send the requesttoken, this is needed for older IE versions
because they don't send the CSRF token via HTTP header in this case -->
- <input type="hidden" name="requesttoken" value="<?php echo $_['requesttoken'] ?>" id="requesttoken">
+ <input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" id="requesttoken">
<input type="hidden" class="max_human_file_size"
- value="(max <?php echo $_['uploadMaxHumanFilesize']; ?>)">
- <input type="hidden" name="dir" value="<?php echo $_['dir'] ?>" id="dir">
+ value="(max <?php p($_['uploadMaxHumanFilesize']); ?>)">
+ <input type="hidden" name="dir" value="<?php p($_['dir']) ?>" id="dir">
<input type="file" id="file_upload_start" name='files[]'/>
<a href="#" class="svg" onclick="return false;"></a>
</form>
</div>
<?php if ($_['trash'] ): ?>
<div id="trash" class="button">
- <a><?php echo $l->t('Deleted files');?></a>
+ <a><?php p($l->t('Deleted files'));?></a>
</div>
<?php endif; ?>
<div id="uploadprogresswrapper">
<div id="uploadprogressbar"></div>
<input type="button" class="stop" style="display:none"
- value="<?php echo $l->t('Cancel upload');?>"
+ value="<?php p($l->t('Cancel upload'));?>"
onclick="javascript:Files.cancelUploads();"
/>
</div>
</div>
<div id="file_action_panel"></div>
- <?php else: ?>
+ <?php else:?>
<div class="crumb last"><?php p($l->t('You don’t have write permissions here.'))?></div>
- <input type="hidden" name="dir" value="<?php echo $_['dir'] ?>" id="dir">
+ <input type="hidden" name="dir" value="<?php p($_['dir']) ?>" id="dir">
<?php endif;?>
- <input type="hidden" name="permissions" value="<?php echo $_['permissions']; ?>" id="permissions">
+ <input type="hidden" name="permissions" value="<?php p($_['permissions']); ?>" id="permissions">
</div>
<?php if (isset($_['files']) and $_['isCreatable'] and count($_['files'])==0):?>
- <div id="emptyfolder"><?php echo $l->t('Nothing in here. Upload something!')?></div>
+ <div id="emptyfolder"><?php p($l->t('Nothing in here. Upload something!'))?></div>
<?php endif; ?>
<table>
@@ -65,33 +65,33 @@
<tr>
<th id='headerName'>
<input type="checkbox" id="select_all" />
- <span class='name'><?php echo $l->t( 'Name' ); ?></span>
+ <span class='name'><?php p($l->t( 'Name' )); ?></span>
<span class='selectedActions'>
<?php if($_['allowZipDownload']) : ?>
<a href="" class="download">
<img class="svg" alt="Download"
- src="<?php echo OCP\image_path("core", "actions/download.svg"); ?>" />
- <?php echo $l->t('Download')?>
+ src="<?php print_unescaped(OCP\image_path("core", "actions/download.svg")); ?>" />
+ <?php p($l->t('Download'))?>
</a>
<?php endif; ?>
</span>
</th>
- <th id="headerSize"><?php echo $l->t( 'Size' ); ?></th>
+ <th id="headerSize"><?php p($l->t( 'Size' )); ?></th>
<th id="headerDate">
- <span id="modified"><?php echo $l->t( 'Modified' ); ?></span>
+ <span id="modified"><?php p($l->t( 'Modified' )); ?></span>
<?php if ($_['permissions'] & OCP\PERMISSION_DELETE): ?>
<!-- NOTE: Temporary fix to allow unsharing of files in root of Shared folder -->
<?php if ($_['dir'] == '/Shared'): ?>
<span class="selectedActions"><a href="" class="delete">
- <?php echo $l->t('Unshare')?>
- <img class="svg" alt="<?php echo $l->t('Unshare')?>"
- src="<?php echo OCP\image_path("core", "actions/delete.svg"); ?>" />
+ <?php p($l->t('Unshare'))?>
+ <img class="svg" alt="<?php p($l->t('Unshare'))?>"
+ src="<?php print_unescaped(OCP\image_path("core", "actions/delete.svg")); ?>" />
</a></span>
<?php else: ?>
<span class="selectedActions"><a href="" class="delete">
- <?php echo $l->t('Delete')?>
- <img class="svg" alt="<?php echo $l->t('Delete')?>"
- src="<?php echo OCP\image_path("core", "actions/delete.svg"); ?>" />
+ <?php p($l->t('Delete'))?>
+ <img class="svg" alt="<?php p($l->t('Delete'))?>"
+ src="<?php print_unescaped(OCP\image_path("core", "actions/delete.svg")); ?>" />
</a></span>
<?php endif; ?>
<?php endif; ?>
@@ -99,24 +99,24 @@
</tr>
</thead>
<tbody id="fileList">
- <?php echo($_['fileList']); ?>
+ <?php print_unescaped($_['fileList']); ?>
</tbody>
</table>
<div id="editor"></div>
-<div id="uploadsize-message" title="<?php echo $l->t('Upload too large')?>">
+<div id="uploadsize-message" title="<?php p($l->t('Upload too large'))?>">
<p>
- <?php echo $l->t('The files you are trying to upload exceed the maximum size for file uploads on this server.');?>
+ <?php p($l->t('The files you are trying to upload exceed the maximum size for file uploads on this server.'));?>
</p>
</div>
<div id="scanning-message">
<h3>
- <?php echo $l->t('Files are being scanned, please wait.');?> <span id='scan-count'></span>
+ <?php p($l->t('Files are being scanned, please wait.'));?> <span id='scan-count'></span>
</h3>
<p>
- <?php echo $l->t('Current scanning');?> <span id='scan-current'></span>
+ <?php p($l->t('Current scanning'));?> <span id='scan-current'></span>
</p>
</div>
<!-- config hints for javascript -->
-<input type="hidden" name="allowZipDownload" id="allowZipDownload" value="<?php echo $_['allowZipDownload']; ?>" />
-<input type="hidden" name="usedSpacePercent" id="usedSpacePercent" value="<?php echo $_['usedSpacePercent']; ?>" />
+<input type="hidden" name="allowZipDownload" id="allowZipDownload" value="<?php p($_['allowZipDownload']); ?>" />
+<input type="hidden" name="usedSpacePercent" id="usedSpacePercent" value="<?php p($_['usedSpacePercent']); ?>" />
diff --git a/apps/files/templates/part.breadcrumb.php b/apps/files/templates/part.breadcrumb.php
index f01cb8d212a8eb0a7dac203a491509da912e0183..7ea1755d1d7459c8ac8ce2d01c8013328e876671 100644
--- a/apps/files/templates/part.breadcrumb.php
+++ b/apps/files/templates/part.breadcrumb.php
@@ -1,7 +1,7 @@
<?php if(count($_["breadcrumb"])):?>
<div class="crumb">
- <a href="<?php echo $_['baseURL']; ?>">
- <img src="<?php echo OCP\image_path('core', 'places/home.svg');?>" class="svg" />
+ <a href="<?php print_unescaped($_['baseURL']); ?>">
+ <img src="<?php print_unescaped(OCP\image_path('core', 'places/home.svg'));?>" class="svg" />
</a>
</div>
<?php endif;?>
@@ -9,8 +9,8 @@
$crumb = $_["breadcrumb"][$i];
$dir = str_replace('+', '%20', urlencode($crumb["dir"]));
$dir = str_replace('%2F', '/', $dir); ?>
- <div class="crumb <?php if($i == count($_["breadcrumb"])-1) echo 'last';?> svg"
- data-dir='<?php echo $dir;?>'>
- <a href="<?php echo $_['baseURL'].$dir; ?>"><?php echo OCP\Util::sanitizeHTML($crumb["name"]); ?></a>
+ <div class="crumb <?php if($i == count($_["breadcrumb"])-1) p('last');?> svg"
+ data-dir='<?php p($dir);?>'>
+ <a href="<?php p($_['baseURL'].$dir); ?>"><?php p($crumb["name"]); ?></a>
</div>
<?php endfor;
diff --git a/apps/files/templates/part.list.php b/apps/files/templates/part.list.php
index eefebd6649b4974e7a73ec5145e7eb4d21d5d67d..50330cc4911973557066ccb1cd18753eec3c632b 100644
--- a/apps/files/templates/part.list.php
+++ b/apps/files/templates/part.list.php
@@ -1,4 +1,4 @@
-<input type="hidden" id="disableSharing" data-status="<?php echo $_['disableSharing']; ?>">
+<input type="hidden" id="disableSharing" data-status="<?php p($_['disableSharing']); ?>">
<?php foreach($_['files'] as $file):
$simple_file_size = OCP\simple_file_size($file['size']);
@@ -13,31 +13,30 @@
$name = str_replace('%2F', '/', $name);
$directory = str_replace('+', '%20', urlencode($file['directory']));
$directory = str_replace('%2F', '/', $directory); ?>
- <tr data-id="<?php echo $file['fileid']; ?>"
- data-file="<?php echo $name;?>"
- data-type="<?php echo ($file['type'] == 'dir')?'dir':'file'?>"
- data-mime="<?php echo $file['mimetype']?>"
- data-size='<?php echo $file['size'];?>'
- data-permissions='<?php echo $file['permissions']; ?>'>
+ <tr data-id="<?php p($file['fileid']); ?>"
+ data-file="<?php p($name);?>"
+ data-type="<?php p($file['type'] == 'dir')?'dir':'file'?>"
+ data-mime="<?php p($file['mimetype'])?>"
+ data-size='<?php p($file['size']);?>'
+ data-permissions='<?php p($file['permissions']); ?>'>
<td class="filename svg"
<?php if($file['type'] == 'dir'): ?>
- style="background-image:url(<?php echo OCP\mimetype_icon('dir'); ?>)"
+ style="background-image:url(<?php print_unescaped(OCP\mimetype_icon('dir')); ?>)"
<?php else: ?>
- style="background-image:url(<?php echo OCP\mimetype_icon($file['mimetype']); ?>)"
+ style="background-image:url(<?php print_unescaped(OCP\mimetype_icon($file['mimetype'])); ?>)"
<?php endif; ?>
>
<?php if(!isset($_['readonly']) || !$_['readonly']): ?><input type="checkbox" /><?php endif; ?>
<?php if($file['type'] == 'dir'): ?>
- <a class="name" href="<?php echo rtrim($_['baseURL'],'/').'/'.trim($directory,'/').'/'.$name; ?>" title="">
+ <a class="name" href="<?php p(rtrim($_['baseURL'],'/').'/'.trim($directory,'/').'/'.$name); ?>" title="">
<?php else: ?>
- <a class="name" href="<?php echo rtrim($_['downloadURL'],'/').'/'.trim($directory,'/').'/'.$name; ?>" title="">
+ <a class="name" href="<?php p(rtrim($_['downloadURL'],'/').'/'.trim($directory,'/').'/'.$name); ?>" title="">
<?php endif; ?>
<span class="nametext">
<?php if($file['type'] == 'dir'):?>
- <?php echo htmlspecialchars($file['name']);?>
+ <?php print_unescaped(htmlspecialchars($file['name']));?>
<?php else:?>
- <?php echo htmlspecialchars($file['basename']);?><span
- class='extension'><?php echo $file['extension'];?></span>
+ <?php print_unescaped(htmlspecialchars($file['basename']));?><span class='extension'><?php p($file['extension']);?></span>
<?php endif;?>
</span>
<?php if($file['type'] == 'dir'):?>
@@ -47,17 +46,17 @@
</a>
</td>
<td class="filesize"
- title="<?php echo OCP\human_file_size($file['size']); ?>"
- style="color:rgb(<?php echo $simple_size_color.','.$simple_size_color.','.$simple_size_color ?>)">
- <?php echo $simple_file_size; ?>
+ title="<?php p(OCP\human_file_size($file['size'])); ?>"
+ style="color:rgb(<?php p($simple_size_color.','.$simple_size_color.','.$simple_size_color) ?>)">
+ <?php print_unescaped($simple_file_size); ?>
</td>
<td class="date">
<span class="modified"
- title="<?php echo $file['date']; ?>"
- style="color:rgb(<?php echo $relative_date_color.','
+ title="<?php p($file['date']); ?>"
+ style="color:rgb(<?php p($relative_date_color.','
.$relative_date_color.','
- .$relative_date_color ?>)">
- <?php echo $relative_modified_date; ?>
+ .$relative_date_color) ?>)">
+ <?php p($relative_modified_date); ?>
</span>
</td>
</tr>
diff --git a/apps/files/templates/upgrade.php b/apps/files/templates/upgrade.php
index de6cc7130284ca37c0148a18c8059e1ebc625c11..e03f086e47d487518539afdc6d0b8c345c1de706 100644
--- a/apps/files/templates/upgrade.php
+++ b/apps/files/templates/upgrade.php
@@ -1,4 +1,4 @@
<div id="upgrade">
- <?php echo $l->t('Upgrading filesystem cache...');?>
+ <?php p($l->t('Upgrading filesystem cache...'));?>
<div id="progressbar" />
</div>
diff --git a/apps/files_encryption/templates/settings-personal.php b/apps/files_encryption/templates/settings-personal.php
index 8c3bf491d840fba150d5689082007d1cd2787d2f..5f0accaed5fd960c3c6a2a08b3493f483148b841 100644
--- a/apps/files_encryption/templates/settings-personal.php
+++ b/apps/files_encryption/templates/settings-personal.php
@@ -1,19 +1,19 @@
<form id="encryption">
<fieldset class="personalblock">
<legend>
- <?php echo $l->t( 'Encryption' ); ?>
+ <?php p($l->t( 'Encryption' )); ?>
</legend>
<p>
- <?php echo $l->t( 'File encryption is enabled.' ); ?>
+ <?php p($l->t( 'File encryption is enabled.' )); ?>
</p>
<?php if ( ! empty( $_["blacklist"] ) ): ?>
<p>
- <?php echo $l->t( 'The following file types will not be encrypted:' ); ?>
+ <?php p($l->t( 'The following file types will not be encrypted:' )); ?>
</p>
<ul>
<?php foreach( $_["blacklist"] as $type ): ?>
<li>
- <?php echo $type; ?>
+ <?php p($type); ?>
</li>
<?php endforeach; ?>
</ul>
diff --git a/apps/files_encryption/templates/settings.php b/apps/files_encryption/templates/settings.php
index f7ef8a8efe65772bb44d0775766c214a0c3e2ffa..b873d7f5aafd8e081088de28b8ad009aabcc5a56 100644
--- a/apps/files_encryption/templates/settings.php
+++ b/apps/files_encryption/templates/settings.php
@@ -2,17 +2,17 @@
<fieldset class="personalblock">
<p>
- <strong><?php echo $l->t( 'Encryption' ); ?></strong>
+ <strong><?php p($l->t( 'Encryption' )); ?></strong>
- <?php echo $l->t( "Exclude the following file types from encryption:" ); ?>
+ <?php p($l->t( "Exclude the following file types from encryption:" )); ?>
<br />
<select
id='encryption_blacklist'
- title="<?php echo $l->t( 'None' )?>"
+ title="<?php p($l->t( 'None' ))?>"
multiple="multiple">
<?php foreach($_["blacklist"] as $type): ?>
- <option selected="selected" value="<?php echo $type; ?>"> <?php echo $type; ?> </option>
+ <option selected="selected" value="<?php p($type); ?>"> <?php p($type); ?> </option>
<?php endforeach;?>
</select>
</p>
diff --git a/apps/files_external/personal.php b/apps/files_external/personal.php
index 268d1880232674137598cc8f32e6208d0c356c2a..90f5e159535c65d675c0a41cd4eb78396a249c6e 100755
--- a/apps/files_external/personal.php
+++ b/apps/files_external/personal.php
@@ -26,9 +26,9 @@ $backends = OC_Mount_Config::getBackends();
// Remove local storage
unset($backends['\OC\Files\Storage\Local']);
$tmpl = new OCP\Template('files_external', 'settings');
-$tmpl->assign('isAdminPage', false, false);
+$tmpl->assign('isAdminPage', false);
$tmpl->assign('mounts', OC_Mount_Config::getPersonalMountPoints());
$tmpl->assign('certs', OC_Mount_Config::getCertificates());
-$tmpl->assign('dependencies', OC_Mount_Config::checkDependencies(), false);
+$tmpl->assign('dependencies', OC_Mount_Config::checkDependencies());
$tmpl->assign('backends', $backends);
return $tmpl->fetchPage();
diff --git a/apps/files_external/settings.php b/apps/files_external/settings.php
index cd0bfa99585a178ecad9856ecc4e0fe8f9f0ccd7..1a39affe2e6606e0d9cf439a8eaff63b139d578d 100644
--- a/apps/files_external/settings.php
+++ b/apps/files_external/settings.php
@@ -27,11 +27,11 @@ OCP\Util::addscript('3rdparty', 'chosen/chosen.jquery.min');
OCP\Util::addStyle('files_external', 'settings');
OCP\Util::addStyle('3rdparty', 'chosen/chosen');
$tmpl = new OCP\Template('files_external', 'settings');
-$tmpl->assign('isAdminPage', true, false);
+$tmpl->assign('isAdminPage', true);
$tmpl->assign('mounts', OC_Mount_Config::getSystemMountPoints());
$tmpl->assign('backends', OC_Mount_Config::getBackends());
$tmpl->assign('groups', OC_Group::getGroups());
$tmpl->assign('users', OCP\User::getUsers());
-$tmpl->assign('dependencies', OC_Mount_Config::checkDependencies(), false);
+$tmpl->assign('dependencies', OC_Mount_Config::checkDependencies());
$tmpl->assign('allowUserMounting', OCP\Config::getAppValue('files_external', 'allow_user_mounting', 'yes'));
return $tmpl->fetchPage();
diff --git a/apps/files_external/templates/settings.php b/apps/files_external/templates/settings.php
index 76d691eedb2165248796b1de780786a96bcd6dcf..76d3db1404fb773382f364dcaf3ee8bd0d61b4e2 100644
--- a/apps/files_external/templates/settings.php
+++ b/apps/files_external/templates/settings.php
@@ -1,44 +1,44 @@
<form id="files_external">
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('External Storage'); ?></strong></legend>
- <?php if (isset($_['dependencies']) and ($_['dependencies']<>'')) echo ''.$_['dependencies'].''; ?>
- <table id="externalStorage" data-admin='<?php echo json_encode($_['isAdminPage']); ?>'>
+ <legend><strong><?php p($l->t('External Storage')); ?></strong></legend>
+ <?php if (isset($_['dependencies']) and ($_['dependencies']<>'')) print_unescaped(''.$_['dependencies'].''); ?>
+ <table id="externalStorage" data-admin='<?php print_unescaped(json_encode($_['isAdminPage'])); ?>'>
<thead>
<tr>
<th></th>
- <th><?php echo $l->t('Folder name'); ?></th>
- <th><?php echo $l->t('External storage'); ?></th>
- <th><?php echo $l->t('Configuration'); ?></th>
- <!--<th><?php echo $l->t('Options'); ?></th> -->
- <?php if ($_['isAdminPage']) echo '<th>'.$l->t('Applicable').'</th>'; ?>
+ <th><?php p($l->t('Folder name')); ?></th>
+ <th><?php p($l->t('External storage')); ?></th>
+ <th><?php p($l->t('Configuration')); ?></th>
+ <!--<th><?php p($l->t('Options')); ?></th> -->
+ <?php if ($_['isAdminPage']) print_unescaped('<th>'.OC_Util::sanitizeHTML($l->t('Applicable')).'</th>'); ?>
<th> </th>
</tr>
</thead>
<tbody width="100%">
<?php $_['mounts'] = array_merge($_['mounts'], array('' => array())); ?>
<?php foreach ($_['mounts'] as $mountPoint => $mount): ?>
- <tr <?php echo ($mountPoint != '') ? 'class="'.$mount['class'].'"' : 'id="addMountPoint"'; ?>>
+ <tr <?php print_unescaped(($mountPoint != '') ? 'class="'.OC_Util::sanitizeHTML($mount['class']).'"' : 'id="addMountPoint"'); ?>>
<td class="status">
<?php if (isset($mount['status'])): ?>
- <span class="<?php echo ($mount['status']) ? 'success' : 'error'; ?>"></span>
+ <span class="<?php p(($mount['status']) ? 'success' : 'error'); ?>"></span>
<?php endif; ?>
</td>
<td class="mountPoint"><input type="text" name="mountPoint"
value="<?php p($mountPoint); ?>"
- placeholder="<?php echo $l->t('Folder name'); ?>" /></td>
+ placeholder="<?php p($l->t('Folder name')); ?>" /></td>
<?php if ($mountPoint == ''): ?>
<td class="backend">
- <select id="selectBackend" data-configurations='<?php echo json_encode($_['backends']); ?>'>
+ <select id="selectBackend" data-configurations='<?php print_unescaped(json_encode($_['backends'])); ?>'>
<option value="" disabled selected
- style="display:none;"><?php echo $l->t('Add storage'); ?></option>
+ style="display:none;"><?php p($l->t('Add storage')); ?></option>
<?php foreach ($_['backends'] as $class => $backend): ?>
- <option value="<?php echo $class; ?>"><?php echo $backend['backend']; ?></option>
+ <option value="<?php p($class); ?>"><?php p($backend['backend']); ?></option>
<?php endforeach; ?>
</select>
</td>
<?php else: ?>
<td class="backend"
- data-class="<?php echo $mount['class']; ?>"><?php echo $mount['backend']; ?></td>
+ data-class="<?php p($mount['class']); ?>"><?php p($mount['backend']); ?></td>
<?php endif; ?>
<td class ="configuration" width="100%">
<?php if (isset($mount['configuration'])): ?>
@@ -47,29 +47,29 @@
<?php $placeholder = $_['backends'][$mount['class']]['configuration'][$parameter]; ?>
<?php if (strpos($placeholder, '*') !== false): ?>
<input type="password"
- data-parameter="<?php echo $parameter; ?>"
- value="<?php echo $value; ?>"
- placeholder="<?php echo substr($placeholder, 1); ?>" />
+ data-parameter="<?php p($parameter); ?>"
+ value="<?php p($value); ?>"
+ placeholder="<?php p(substr($placeholder, 1)); ?>" />
<?php elseif (strpos($placeholder, '!') !== false): ?>
<label><input type="checkbox"
- data-parameter="<?php echo $parameter; ?>"
+ data-parameter="<?php p($parameter); ?>"
<?php if ($value == 'true'): ?> checked="checked"<?php endif; ?>
- /><?php echo substr($placeholder, 1); ?></label>
+ /><?php p(substr($placeholder, 1)); ?></label>
<?php elseif (strpos($placeholder, '&') !== false): ?>
<input type="text"
class="optional"
- data-parameter="<?php echo $parameter; ?>"
- value="<?php echo $value; ?>"
- placeholder="<?php echo substr($placeholder, 5); ?>" />
+ data-parameter="<?php p($parameter); ?>"
+ value="<?php p($value); ?>"
+ placeholder="<?php p(substr($placeholder, 5)); ?>" />
<?php elseif (strpos($placeholder, '#') !== false): ?>
<input type="hidden"
- data-parameter="<?php echo $parameter; ?>"
- value="<?php echo $value; ?>" />
+ data-parameter="<?php p($parameter); ?>"
+ value="<?php p($value); ?>" />
<?php else: ?>
<input type="text"
- data-parameter="<?php echo $parameter; ?>"
- value="<?php echo $value; ?>"
- placeholder="<?php echo $placeholder; ?>" />
+ data-parameter="<?php p($parameter); ?>"
+ value="<?php p($value); ?>"
+ placeholder="<?php p($placeholder); ?>" />
<?php endif; ?>
<?php endif; ?>
<?php endforeach; ?>
@@ -82,27 +82,27 @@
<td class="applicable"
align="right"
data-applicable-groups='<?php if (isset($mount['applicable']['groups']))
- echo json_encode($mount['applicable']['groups']); ?>'
+ print_unescaped(json_encode($mount['applicable']['groups'])); ?>'
data-applicable-users='<?php if (isset($mount['applicable']['users']))
- echo json_encode($mount['applicable']['users']); ?>'>
+ print_unescaped(json_encode($mount['applicable']['users'])); ?>'>
<select class="chzn-select"
multiple style="width:20em;"
- data-placeholder="<?php echo $l->t('None set'); ?>">
- <option value="all" <?php if (isset($mount['applicable']['users']) && in_array('all', $mount['applicable']['users'])) echo 'selected="selected"';?> ><?php echo $l->t('All Users'); ?></option>
- <optgroup label="<?php echo $l->t('Groups'); ?>">
+ data-placeholder="<?php p($l->t('None set')); ?>">
+ <option value="all" <?php if (isset($mount['applicable']['users']) && in_array('all', $mount['applicable']['users'])) print_unescaped('selected="selected"');?> ><?php p($l->t('All Users')); ?></option>
+ <optgroup label="<?php p($l->t('Groups')); ?>">
<?php foreach ($_['groups'] as $group): ?>
- <option value="<?php echo $group; ?>(group)"
+ <option value="<?php p($group); ?>(group)"
<?php if (isset($mount['applicable']['groups']) && in_array($group, $mount['applicable']['groups'])): ?>
selected="selected"
- <?php endif; ?>><?php echo $group; ?></option>
+ <?php endif; ?>><?php p($group); ?></option>
<?php endforeach; ?>
</optgroup>
- <optgroup label="<?php echo $l->t('Users'); ?>">
+ <optgroup label="<?php p($l->t('Users')); ?>">
<?php foreach ($_['users'] as $user): ?>
- <option value="<?php echo $user; ?>"
+ <option value="<?php p($user); ?>"
<?php if (isset($mount['applicable']['users']) && in_array($user, $mount['applicable']['users'])): ?>
selected="selected"
- <?php endif; ?>><?php echo $user; ?></option>
+ <?php endif; ?>><?php p($user); ?></option>
<?php endforeach; ?>
</optgroup>
</select>
@@ -110,10 +110,10 @@
<?php endif; ?>
<td <?php if ($mountPoint != ''): ?>class="remove"
<?php else: ?>style="visibility:hidden;"
- <?php endif ?>><img alt="<?php echo $l->t('Delete'); ?>"
- title="<?php echo $l->t('Delete'); ?>"
+ <?php endif ?>><img alt="<?php p($l->t('Delete')); ?>"
+ title="<?php p($l->t('Delete')); ?>"
class="svg action"
- src="<?php echo image_path('core', 'actions/delete.svg'); ?>" /></td>
+ src="<?php print_unescaped(image_path('core', 'actions/delete.svg')); ?>" /></td>
</tr>
<?php endforeach; ?>
</tbody>
@@ -125,9 +125,9 @@
<input type="checkbox"
name="allowUserMounting"
id="allowUserMounting"
- value="1" <?php if ($_['allowUserMounting'] == 'yes') echo ' checked="checked"'; ?> />
- <label for="allowUserMounting"><?php echo $l->t('Enable User External Storage'); ?></label><br/>
- <em><?php echo $l->t('Allow users to mount their own external storage'); ?></em>
+ value="1" <?php if ($_['allowUserMounting'] == 'yes') print_unescaped(' checked="checked"'); ?> />
+ <label for="allowUserMounting"><?php p($l->t('Enable User External Storage')); ?></label><br/>
+ <em><?php p($l->t('Allow users to mount their own external storage')); ?></em>
<?php endif; ?>
</fieldset>
</form>
@@ -136,27 +136,27 @@
<form id="files_external"
method="post"
enctype="multipart/form-data"
- action="<?php echo OCP\Util::linkTo('files_external', 'ajax/addRootCertificate.php'); ?>">
+ action="<?php p(OCP\Util::linkTo('files_external', 'ajax/addRootCertificate.php')); ?>">
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('SSL root certificates');?></strong></legend>
- <table id="sslCertificate" data-admin='<?php echo json_encode($_['isAdminPage']); ?>'>
+ <legend><strong><?php p($l->t('SSL root certificates'));?></strong></legend>
+ <table id="sslCertificate" data-admin='<?php print_unescaped(json_encode($_['isAdminPage'])); ?>'>
<tbody width="100%">
<?php foreach ($_['certs'] as $rootCert): ?>
- <tr id="<?php echo $rootCert ?>">
- <td class="rootCert"><?php echo $rootCert ?></td>
+ <tr id="<?php p($rootCert) ?>">
+ <td class="rootCert"><?php p($rootCert) ?></td>
<td <?php if ($rootCert != ''): ?>class="remove"
<?php else: ?>style="visibility:hidden;"
- <?php endif; ?>><img alt="<?php echo $l->t('Delete'); ?>"
- title="<?php echo $l->t('Delete'); ?>"
+ <?php endif; ?>><img alt="<?php p($l->t('Delete')); ?>"
+ title="<?php p($l->t('Delete')); ?>"
class="svg action"
- src="<?php echo image_path('core', 'actions/delete.svg'); ?>" /></td>
+ src="<?php print_unescaped(image_path('core', 'actions/delete.svg')); ?>" /></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
- <input type="hidden" name="requesttoken" value="<?php echo $_['requesttoken']; ?>">
+ <input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']); ?>">
<input type="file" id="rootcert_import" name="rootcert_import" style="width:230px;">
- <input type="submit" name="cert_import" value="<?php echo $l->t('Import Root Certificate'); ?>" />
+ <input type="submit" name="cert_import" value="<?php p($l->t('Import Root Certificate')); ?>" />
</fieldset>
</form>
<?php endif; ?>
diff --git a/apps/files_sharing/public.php b/apps/files_sharing/public.php
index 243ee668f1f01f37281c233923897459300f40e3..e345b91e293c0e2244c8e3a91708b60984e95280 100644
--- a/apps/files_sharing/public.php
+++ b/apps/files_sharing/public.php
@@ -168,18 +168,17 @@ if (isset($path)) {
}
}
$list = new OCP\Template('files', 'part.list', '');
- $list->assign('files', $files, false);
+ $list->assign('files', $files);
$list->assign('disableSharing', true);
- $list->assign('baseURL', OCP\Util::linkToPublic('files') . $urlLinkIdentifiers . '&path=', false);
+ $list->assign('baseURL', OCP\Util::linkToPublic('files') . $urlLinkIdentifiers . '&path=');
$list->assign('downloadURL',
- OCP\Util::linkToPublic('files') . $urlLinkIdentifiers . '&download&path=',
- false);
+ OCP\Util::linkToPublic('files') . $urlLinkIdentifiers . '&download&path=');
$breadcrumbNav = new OCP\Template('files', 'part.breadcrumb', '');
- $breadcrumbNav->assign('breadcrumb', $breadcrumb, false);
- $breadcrumbNav->assign('baseURL', OCP\Util::linkToPublic('files') . $urlLinkIdentifiers . '&path=', false);
+ $breadcrumbNav->assign('breadcrumb', $breadcrumb);
+ $breadcrumbNav->assign('baseURL', OCP\Util::linkToPublic('files') . $urlLinkIdentifiers . '&path=');
$folder = new OCP\Template('files', 'index', '');
- $folder->assign('fileList', $list->fetchPage(), false);
- $folder->assign('breadcrumb', $breadcrumbNav->fetchPage(), false);
+ $folder->assign('fileList', $list->fetchPage());
+ $folder->assign('breadcrumb', $breadcrumbNav->fetchPage());
$folder->assign('dir', $getPath);
$folder->assign('isCreatable', false);
$folder->assign('permissions', 0);
@@ -188,7 +187,7 @@ if (isset($path)) {
$folder->assign('uploadMaxHumanFilesize', 0);
$folder->assign('allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true)));
$folder->assign('usedSpacePercent', 0);
- $tmpl->assign('folder', $folder->fetchPage(), false);
+ $tmpl->assign('folder', $folder->fetchPage());
$tmpl->assign('allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true)));
$tmpl->assign('downloadURL',
OCP\Util::linkToPublic('files') . $urlLinkIdentifiers . '&download&path=' . urlencode($getPath));
diff --git a/apps/files_sharing/templates/authenticate.php b/apps/files_sharing/templates/authenticate.php
index 6bce6857ac8667ed80a197b674a0f0c55ebf4fce..b6ef82da6f09678a9fa972440a9eb608bf6861c3 100644
--- a/apps/files_sharing/templates/authenticate.php
+++ b/apps/files_sharing/templates/authenticate.php
@@ -1,9 +1,9 @@
-<form action="<?php echo $_['URL']; ?>" method="post">
+<form action="<?php p($_['URL']); ?>" method="post">
<fieldset>
<p class="infield">
- <label for="password" class="infield"><?php echo $l->t('Password'); ?></label>
+ <label for="password" class="infield"><?php p($l->t('Password')); ?></label>
<input type="password" name="password" id="password" value="" autofocus />
- <input type="submit" value="<?php echo $l->t('Submit'); ?>" />
+ <input type="submit" value="<?php p($l->t('Submit')); ?>" />
</p>
</fieldset>
</form>
\ No newline at end of file
diff --git a/apps/files_sharing/templates/public.php b/apps/files_sharing/templates/public.php
index f9ff12679bcc7772fc0299c7eec1621ea44fef79..88692445ec308d2f45f5c001a92b08bad738b050 100644
--- a/apps/files_sharing/templates/public.php
+++ b/apps/files_sharing/templates/public.php
@@ -1,43 +1,43 @@
-<input type="hidden" name="dir" value="<?php echo $_['dir'] ?>" id="dir">
-<input type="hidden" name="downloadURL" value="<?php echo $_['downloadURL'] ?>" id="downloadURL">
-<input type="hidden" name="filename" value="<?php echo $_['filename'] ?>" id="filename">
-<input type="hidden" name="mimetype" value="<?php echo $_['mimetype'] ?>" id="mimetype">
+<input type="hidden" name="dir" value="<?php p($_['dir']) ?>" id="dir">
+<input type="hidden" name="downloadURL" value="<?php p($_['downloadURL']) ?>" id="downloadURL">
+<input type="hidden" name="filename" value="<?php p($_['filename']) ?>" id="filename">
+<input type="hidden" name="mimetype" value="<?php p($_['mimetype']) ?>" id="mimetype">
<header><div id="header">
- <a href="<?php echo link_to('', 'index.php'); ?>" title="" id="owncloud"><img class="svg"
- src="<?php echo image_path('', 'logo-wide.svg'); ?>" alt="ownCloud" /></a>
+ <a href="<?php print_unescaped(link_to('', 'index.php')); ?>" title="" id="owncloud"><img class="svg"
+ src="<?php print_unescaped(image_path('', 'logo-wide.svg')); ?>" alt="ownCloud" /></a>
<div class="header-right">
<?php if (isset($_['folder'])): ?>
- <span id="details"><?php echo $l->t('%s shared the folder %s with you',
- array($_['displayName'], $_['fileTarget'])) ?></span>
+ <span id="details"><?php p($l->t('%s shared the folder %s with you',
+ array($_['displayName'], $_['fileTarget']))) ?></span>
<?php else: ?>
- <span id="details"><?php echo $l->t('%s shared the file %s with you',
- array($_['displayName'], $_['fileTarget'])) ?></span>
+ <span id="details"><?php p($l->t('%s shared the file %s with you',
+ array($_['displayName'], $_['fileTarget']))) ?></span>
<?php endif; ?>
<?php if (!isset($_['folder']) || $_['allowZipDownload']): ?>
- <a href="<?php echo $_['downloadURL']; ?>" class="button" id="download"><img
- class="svg" alt="Download" src="<?php echo OCP\image_path("core", "actions/download.svg"); ?>"
- /><?php echo $l->t('Download')?></a>
+ <a href="<?php p($_['downloadURL']); ?>" class="button" id="download"><img
+ class="svg" alt="Download" src="<?php print_unescaped(OCP\image_path("core", "actions/download.svg")); ?>"
+ /><?php p($l->t('Download'))?></a>
<?php endif; ?>
</div>
</div></header>
<div id="preview">
<?php if (isset($_['folder'])): ?>
- <?php echo $_['folder']; ?>
+ <?php print_unescaped($_['folder']); ?>
<?php else: ?>
<?php if (substr($_['mimetype'], 0, strpos($_['mimetype'], '/')) == 'image'): ?>
<div id="imgframe">
- <img src="<?php echo $_['downloadURL']; ?>" />
+ <img src="<?php p($_['downloadURL']); ?>" />
</div>
<?php endif; ?>
<ul id="noPreview">
<li class="error">
- <?php echo $l->t('No preview available for').' '.$_['fileTarget']; ?><br />
- <a href="<?php echo $_['downloadURL']; ?>" id="download"><img class="svg" alt="Download"
- src="<?php echo OCP\image_path("core", "actions/download.svg"); ?>"
- /><?php echo $l->t('Download')?></a>
+ <?php p($l->t('No preview available for').' '.$_['fileTarget']); ?><br />
+ <a href="<?php p($_['downloadURL']); ?>" id="download"><img class="svg" alt="Download"
+ src="<?php print_unescaped(OCP\image_path("core", "actions/download.svg")); ?>"
+ /><?php p($l->t('Download'))?></a>
</li>
</ul>
<?php endif; ?>
</div>
<footer><p class="info"><a href="http://owncloud.org/">ownCloud</a> –
-<?php echo $l->t('web services under your control'); ?></p></footer>
+<?php p($l->t('web services under your control')); ?></p></footer>
diff --git a/apps/files_trashbin/index.php b/apps/files_trashbin/index.php
index 31b46cc2dec1bfa90d4a1d229c3d9857aa27c879..8e726836f8a275731b37129ea3733247881e6253 100644
--- a/apps/files_trashbin/index.php
+++ b/apps/files_trashbin/index.php
@@ -96,19 +96,18 @@ foreach (explode('/', $dir) as $i) {
}
$breadcrumbNav = new OCP\Template('files', 'part.breadcrumb', '');
-$breadcrumbNav->assign('breadcrumb', $breadcrumb, false);
-$breadcrumbNav->assign('baseURL', OCP\Util::linkTo('files_trashbin', 'index.php') . '?dir=', false);
+$breadcrumbNav->assign('breadcrumb', $breadcrumb);
+$breadcrumbNav->assign('baseURL', OCP\Util::linkTo('files_trashbin', 'index.php') . '?dir=');
$list = new OCP\Template('files_trashbin', 'part.list', '');
-$list->assign('files', $files, false);
-$list->assign('baseURL', OCP\Util::linkTo('files_trashbin', 'index.php'). '?dir='.$dir, false);
-$list->assign('downloadURL', OCP\Util::linkTo('files_trashbin', 'download.php') . '?file='.$dir, false);
+$list->assign('files', $files);
+$list->assign('baseURL', OCP\Util::linkTo('files_trashbin', 'index.php'). '?dir='.$dir);
+$list->assign('downloadURL', OCP\Util::linkTo('files_trashbin', 'download.php') . '?file='.$dir);
$list->assign('disableSharing', true);
$list->assign('dirlisting', $dirlisting);
$list->assign('disableDownloadActions', true);
-$tmpl->assign('breadcrumb', $breadcrumbNav->fetchPage(), false);
-$tmpl->assign('dirlisting', $dirlisting);
-$tmpl->assign('fileList', $list->fetchPage(), false);
+$tmpl->assign('breadcrumb', $breadcrumbNav->fetchPage());
+$tmpl->assign('fileList', $list->fetchPage());
$tmpl->assign('files', $files);
$tmpl->assign('dir', \OC\Files\Filesystem::normalizePath($view->getAbsolutePath()));
diff --git a/apps/files_trashbin/templates/index.php b/apps/files_trashbin/templates/index.php
index aaeeb5c6f6e798f545b93b7d2e1b21f4b867e381..4c865d8981c30bf74bb125a168a55a7fd712b0eb 100644
--- a/apps/files_trashbin/templates/index.php
+++ b/apps/files_trashbin/templates/index.php
@@ -1,12 +1,12 @@
<!--[if IE 8]><style>input[type="checkbox"]{padding:0;}table td{position:static !important;}</style><![endif]-->
<div id="controls">
- <?php echo($_['breadcrumb']); ?>
+ <?php print_unescaped($_['breadcrumb']); ?>
<div id="file_action_panel"></div>
</div>
<div id='notification'></div>
<?php if (isset($_['files']) && count($_['files'])==0 && $_['dirlisting'] == false):?>
- <div id="emptyfolder"><?php echo $l->t('Nothing in here. Your trash bin is empty!')?></div>
+ <div id="emptyfolder"><?php p($l->t('Nothing in here. Your trash bin is empty!'))?></div>
<?php endif; ?>
<table>
@@ -14,28 +14,28 @@
<tr>
<th id='headerName'>
<input type="checkbox" id="select_all" />
- <span class='name'><?php echo $l->t( 'Name' ); ?></span>
+ <span class='name'><?php p($l->t( 'Name' )); ?></span>
<span class='selectedActions'>
<a href="" class="undelete">
- <img class="svg" alt="<?php echo $l->t( 'Restore' ); ?>"
- src="<?php echo OCP\image_path("core", "actions/undelete.png"); ?>" />
- <?php echo $l->t('Restore')?>
+ <img class="svg" alt="<?php p($l->t( 'Restore' )); ?>"
+ src="<?php print_unescaped(OCP\image_path("core", "actions/undelete.png")); ?>" />
+ <?php p($l->t('Restore'))?>
</a>
</span>
</th>
<th id="headerDate">
- <span id="modified"><?php echo $l->t( 'Deleted' ); ?></span>
+ <span id="modified"><?php p($l->t( 'Deleted' )); ?></span>
<span class="selectedActions">
<a href="" class="delete">
- <?php echo $l->t('Delete')?>
- <img class="svg" alt="<?php echo $l->t('Delete')?>"
- src="<?php echo OCP\image_path("core", "actions/delete.svg"); ?>" />
+ <?php p($l->t('Delete'))?>
+ <img class="svg" alt="<?php p($l->t('Delete'))?>"
+ src="<?php print_unescaped(OCP\image_path("core", "actions/delete.svg")); ?>" />
</a>
</span>
</th>
</tr>
</thead>
<tbody id="fileList">
- <?php echo($_['fileList']); ?>
+ <?php print_unescaped($_['fileList']); ?>
</tbody>
</table>
diff --git a/apps/files_trashbin/templates/part.list.php b/apps/files_trashbin/templates/part.list.php
index dea0a43cd4c67cd4ad4ee47c9ead7d642e945e68..176ed6f03b32b2e45ec3ebe1d0a023b55e0702ac 100644
--- a/apps/files_trashbin/templates/part.list.php
+++ b/apps/files_trashbin/templates/part.list.php
@@ -1,4 +1,4 @@
-<input type="hidden" id="disableSharing" data-status="<?php echo $_['disableSharing']; ?>">
+<input type="hidden" id="disableSharing" data-status="<?php p($_['disableSharing']); ?>">
<?php foreach($_['files'] as $file):
$relative_deleted_date = OCP\relative_modified_date($file['timestamp']);
// the older the file, the brighter the shade of grey; days*14
@@ -8,48 +8,48 @@
$name = str_replace('%2F', '/', $name);
$directory = str_replace('+', '%20', urlencode($file['directory']));
$directory = str_replace('%2F', '/', $directory); ?>
- <tr data-filename="<?php echo $file['name'];?>"
- data-type="<?php echo ($file['type'] == 'dir')?'dir':'file'?>"
- data-mime="<?php echo $file['mimetype']?>"
- data-permissions='<?php echo $file['permissions']; ?>'
+ <tr data-filename="<?php p($file['name']);?>"
+ data-type="<?php p(($file['type'] == 'dir')?'dir':'file')?>"
+ data-mime="<?php p($file['mimetype'])?>"
+ data-permissions='<?php p($file['permissions']); ?>'
<?php if ( $_['dirlisting'] ): ?>
- id="<?php echo $file['directory'].'/'.$file['name'];?>"
- data-file="<?php echo $file['directory'].'/'.$file['name'];?>"
+ id="<?php p($file['directory'].'/'.$file['name']);?>"
+ data-file="<?php p($file['directory'].'/'.$file['name']);?>"
data-timestamp=''
data-dirlisting=1
<?php else: ?>
- id="<?php echo $file['name'].'.d'.$file['timestamp'];?>"
- data-file="<?php echo $file['name'].'.d'.$file['timestamp'];?>"
- data-timestamp='<?php echo $file['timestamp'];?>'
+ id="<?php p($file['name'].'.d'.$file['timestamp']);?>"
+ data-file="<?php p($file['name'].'.d'.$file['timestamp']);?>"
+ data-timestamp='<?php p($file['timestamp']);?>'
data-dirlisting=0
<?php endif; ?>>
<td class="filename svg"
<?php if($file['type'] == 'dir'): ?>
- style="background-image:url(<?php echo OCP\mimetype_icon('dir'); ?>)"
+ style="background-image:url(<?php print_unescaped(OCP\mimetype_icon('dir')); ?>)"
<?php else: ?>
- style="background-image:url(<?php echo OCP\mimetype_icon($file['mimetype']); ?>)"
+ style="background-image:url(<?php print_unescaped(OCP\mimetype_icon($file['mimetype'])); ?>)"
<?php endif; ?>
>
<?php if(!isset($_['readonly']) || !$_['readonly']): ?><input type="checkbox" /><?php endif; ?>
<?php if($file['type'] == 'dir'): ?>
<?php if( $_['dirlisting'] ): ?>
- <a class="name" href="<?php echo $_['baseURL'].'/'.$name; ?>" title="">
+ <a class="name" href="<?php p($_['baseURL'].'/'.$name); ?>" title="">
<?php else: ?>
- <a class="name" href="<?php echo $_['baseURL'].'/'.$name.'.d'.$file['timestamp']; ?>" title="">
+ <a class="name" href="<?php p($_['baseURL'].'/'.$name.'.d'.$file['timestamp']); ?>" title="">
<?php endif; ?>
<?php else: ?>
<?php if( $_['dirlisting'] ): ?>
- <a class="name" href="<?php echo $_['downloadURL'].'/'.$name; ?>" title="">
+ <a class="name" href="<?php p($_['downloadURL'].'/'.$name); ?>" title="">
<?php else: ?>
- <a class="name" href="<?php echo $_['downloadURL'].'/'.$name.'.d'.$file['timestamp'];?>" title="">
+ <a class="name" href="<?php p($_['downloadURL'].'/'.$name.'.d'.$file['timestamp']);?>" title="">
<?php endif; ?>
<?php endif; ?>
<span class="nametext">
<?php if($file['type'] == 'dir'):?>
- <?php echo htmlspecialchars($file['name']);?>
+ <?php print_unescaped(htmlspecialchars($file['name']));?>
<?php else:?>
- <?php echo htmlspecialchars($file['basename']);?><span
- class='extension'><?php echo $file['extension'];?></span>
+ <?php print_unescaped(htmlspecialchars($file['basename']));?><span
+ class='extension'><?php p($file['extension']);?></span>
<?php endif;?>
</span>
<?php if($file['type'] == 'dir'):?>
@@ -60,11 +60,11 @@
</td>
<td class="date">
<span class="modified"
- title="<?php echo $file['date']; ?>"
- style="color:rgb(<?php echo $relative_date_color.','
+ title="<?php p($file['date']); ?>"
+ style="color:rgb(<?php p($relative_date_color.','
.$relative_date_color.','
- .$relative_date_color ?>)">
- <?php echo $relative_deleted_date; ?>
+ .$relative_date_color) ?>)">
+ <?php p($relative_deleted_date); ?>
</span>
</td>
</tr>
diff --git a/apps/files_versions/templates/history.php b/apps/files_versions/templates/history.php
index c450af66ad587b1d6aac095fd58617cc87783bd2..f7284439041e7762f50723fc87bbf5a7d77ae12b 100644
--- a/apps/files_versions/templates/history.php
+++ b/apps/files_versions/templates/history.php
@@ -5,29 +5,29 @@
if( isset( $_['message'] ) ) {
- if( isset($_['path'] ) ) echo('<strong>File: '.$_['path'] ).'</strong><br>';
- echo('<strong>'.$_['message'] ).'</strong><br>';
+ if( isset($_['path'] ) ) print_unescaped('<strong>File: '.OC_Util::sanitizeHTML($_['path'])).'</strong><br>';
+ print_unescaped('<strong>'.OC_Util::sanitizeHTML($_['message']) ).'</strong><br>';
}else{
if( isset( $_['outcome_stat'] ) ) {
- echo( '<div id="feedback-messages" class="'.$_['outcome_stat'].'"><h3>'.$_['outcome_msg'] ).'</h3></div><br>';
+ print_unescaped( '<div id="feedback-messages" class="'.OC_Util::sanitizeHTML($_['outcome_stat']).'"><h3>'.OC_Util::sanitizeHTML($_['outcome_msg']) ).'</h3></div><br>';
}
- echo( '<strong>Versions of '.$_['path'] ).'</strong><br>';
- echo('<p><em>'.$l->t('Revert a file to a previous version by clicking on its revert button').'</em></p><br />');
+ print_unescaped( '<strong>Versions of '.OC_Util::sanitizeHTML($_['path']) ).'</strong><br>';
+ print_unescaped('<p><em>'.OC_Util::sanitizeHTML($l->t('Revert a file to a previous version by clicking on its revert button')).'</em></p><br />');
foreach ( $_['versions'] as $v ) {
- echo ' ';
- echo OCP\Util::formatDate( doubleval($v['version']) );
- echo ' <a href="'.OCP\Util::linkTo('files_versions', 'history.php',
- array('path' => $_['path'], 'revert' => $v['version'])) .'" class="button">Revert</a><br /><br />';
+ p(' ');
+ p(OCP\Util::formatDate( doubleval($v['version'])));
+ print_unescaped(' <a href="'.OCP\Util::linkTo('files_versions', 'history.php',
+ array('path' => $_['path'], 'revert' => $v['version'])) .'" class="button">Revert</a><br /><br />');
if ( $v['cur'] ) {
- echo ' (<b>Current</b>)';
+ print_unescaped(' (<b>Current</b>)');
}
- echo '<br /><br />';
+ print_unescaped('<br /><br />');
}
}
diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php
index d5d2f648b38c100cd3d1acd5f25dd78e070e43d3..c55a718a82a9b515edccfe51354808f319eb28a4 100644
--- a/apps/user_ldap/settings.php
+++ b/apps/user_ldap/settings.php
@@ -52,7 +52,7 @@ foreach($prefixes as $prefix) {
if(count($prefixes) == 0) {
$scoHtml .= '<option value="" selected>1. Server</option>';
}
-$tmpl->assign('serverConfigurationOptions', $scoHtml, false);
+$tmpl->assign('serverConfigurationOptions', $scoHtml);
// assign default values
if(!isset($ldap)) {
diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
index a882e5b754866a1fb9b632829b0ac835335c0d6b..cd004cec4b3e8f00507429d6ef5857b24b7f2547 100644
--- a/apps/user_ldap/templates/settings.php
+++ b/apps/user_ldap/templates/settings.php
@@ -5,85 +5,85 @@
<li><a href="#ldapSettings-2">Advanced</a></li>
</ul>
<?php if(OCP\App::isEnabled('user_webdavauth')) {
- echo '<p class="ldapwarning">'.$l->t('<b>Warning:</b> Apps user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour. Please ask your system administrator to disable one of them.').'</p>';
+ print_unescaped('<p class="ldapwarning">'.$l->t('<b>Warning:</b> Apps user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour. Please ask your system administrator to disable one of them.').'</p>');
}
if(!function_exists('ldap_connect')) {
- echo '<p class="ldapwarning">'.$l->t('<b>Warning:</b> The PHP LDAP module is not installed, the backend will not work. Please ask your system administrator to install it.').'</p>';
+ print_unescaped('<p class="ldapwarning">'.$l->t('<b>Warning:</b> The PHP LDAP module is not installed, the backend will not work. Please ask your system administrator to install it.').'</p>');
}
?>
<fieldset id="ldapSettings-1">
- <p><label for="ldap_serverconfig_chooser"><?php echo $l->t('Server configuration');?></label>
+ <p><label for="ldap_serverconfig_chooser"><?php p($l->t('Server configuration'));?></label>
<select id="ldap_serverconfig_chooser" name="ldap_serverconfig_chooser">
- <?php echo $_['serverConfigurationOptions']; ?>
- <option value="NEW"><?php echo $l->t('Add Server Configuration');?></option>
+ <?php p($_['serverConfigurationOptions']); ?>
+ <option value="NEW"><?php p($l->t('Add Server Configuration'));?></option>
</select>
<button id="ldap_action_delete_configuration"
name="ldap_action_delete_configuration">Delete Configuration</button>
</p>
- <p><label for="ldap_host"><?php echo $l->t('Host');?></label>
- <input type="text" id="ldap_host" name="ldap_host" data-default="<?php echo $_['ldap_host_default']; ?>"
- title="<?php echo $l->t('You can omit the protocol, except you require SSL. Then start with ldaps://');?>"></p>
- <p><label for="ldap_base"><?php echo $l->t('Base DN');?></label>
- <textarea id="ldap_base" name="ldap_base" placeholder="<?php echo $l->t('One Base DN per line');?>"
- title="<?php echo $l->t('You can specify Base DN for users and groups in the Advanced tab');?>"
- data-default="<?php echo $_['ldap_base_default']; ?>" ></textarea></p>
- <p><label for="ldap_dn"><?php echo $l->t('User DN');?></label>
- <input type="text" id="ldap_dn" name="ldap_dn" data-default="<?php echo $_['ldap_dn_default']; ?>"
- title="<?php echo $l->t('The DN of the client user with which the bind shall be done, e.g. uid=agent,dc=example,dc=com. For anonymous access, leave DN and Password empty.');?>" /></p>
- <p><label for="ldap_agent_password"><?php echo $l->t('Password');?></label>
+ <p><label for="ldap_host"><?php p($l->t('Host'));?></label>
+ <input type="text" id="ldap_host" name="ldap_host" data-default="<?php p($_['ldap_host_default']); ?>"
+ title="<?php p($l->t('You can omit the protocol, except you require SSL. Then start with ldaps://'));?>"></p>
+ <p><label for="ldap_base"><?php p($l->t('Base DN'));?></label>
+ <textarea id="ldap_base" name="ldap_base" placeholder="<?php p($l->t('One Base DN per line'));?>"
+ title="<?php p($l->t('You can specify Base DN for users and groups in the Advanced tab'));?>"
+ data-default="<?php p($_['ldap_base_default']); ?>" ></textarea></p>
+ <p><label for="ldap_dn"><?php p($l->t('User DN'));?></label>
+ <input type="text" id="ldap_dn" name="ldap_dn" data-default="<?php p($_['ldap_dn_default']); ?>"
+ title="<?php p($l->t('The DN of the client user with which the bind shall be done, e.g. uid=agent,dc=example,dc=com. For anonymous access, leave DN and Password empty.'));?>" /></p>
+ <p><label for="ldap_agent_password"><?php p($l->t('Password'));?></label>
<input type="password" id="ldap_agent_password" name="ldap_agent_password"
- data-default="<?php echo $_['ldap_agent_password_default']; ?>"
- title="<?php echo $l->t('For anonymous access, leave DN and Password empty.');?>" /></p>
- <p><label for="ldap_login_filter"><?php echo $l->t('User Login Filter');?></label>
+ data-default="<?php p($_['ldap_agent_password_default']); ?>"
+ title="<?php p($l->t('For anonymous access, leave DN and Password empty.'));?>" /></p>
+ <p><label for="ldap_login_filter"><?php p($l->t('User Login Filter'));?></label>
<input type="text" id="ldap_login_filter" name="ldap_login_filter"
- data-default="<?php echo $_['ldap_login_filter_default']; ?>"
- title="<?php echo $l->t('Defines the filter to apply, when login is attempted. %%uid replaces the username in the login action.');?>" />
- <br /><small><?php echo $l->t('use %%uid placeholder, e.g. "uid=%%uid"');?></small></p>
- <p><label for="ldap_userlist_filter"><?php echo $l->t('User List Filter');?></label>
+ data-default="<?php p($_['ldap_login_filter_default']); ?>"
+ title="<?php p($l->t('Defines the filter to apply, when login is attempted. %%uid replaces the username in the login action.'));?>" />
+ <br /><small><?php p($l->t('use %%uid placeholder, e.g. "uid=%%uid"'));?></small></p>
+ <p><label for="ldap_userlist_filter"><?php p($l->t('User List Filter'));?></label>
<input type="text" id="ldap_userlist_filter" name="ldap_userlist_filter"
- data-default="<?php echo $_['ldap_userlist_filter_default']; ?>"
- title="<?php echo $l->t('Defines the filter to apply, when retrieving users.');?>" />
- <br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=person".');?></small></p>
- <p><label for="ldap_group_filter"><?php echo $l->t('Group Filter');?></label>
+ data-default="<?php p($_['ldap_userlist_filter_default']); ?>"
+ title="<?php p($l->t('Defines the filter to apply, when retrieving users.'));?>" />
+ <br /><small><?php p($l->t('without any placeholder, e.g. "objectClass=person".'));?></small></p>
+ <p><label for="ldap_group_filter"><?php p($l->t('Group Filter'));?></label>
<input type="text" id="ldap_group_filter" name="ldap_group_filter"
- data-default="<?php echo $_['ldap_group_filter_default']; ?>"
- title="<?php echo $l->t('Defines the filter to apply, when retrieving groups.');?>" />
- <br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=posixGroup".');?></small></p>
+ data-default="<?php p($_['ldap_group_filter_default']); ?>"
+ title="<?php p($l->t('Defines the filter to apply, when retrieving groups.'));?>" />
+ <br /><small><?php p($l->t('without any placeholder, e.g. "objectClass=posixGroup".'));?></small></p>
</fieldset>
<fieldset id="ldapSettings-2">
<div id="ldapAdvancedAccordion">
- <h3><?php echo $l->t('Connection Settings');?></h3>
+ <h3><?php p($l->t('Connection Settings'));?></h3>
<div>
- <p><label for="ldap_configuration_active"><?php echo $l->t('Configuration Active');?></label><input type="checkbox" id="ldap_configuration_active" name="ldap_configuration_active" value="1" data-default="<?php echo $_['ldap_configuration_active_default']; ?>" title="<?php echo $l->t('When unchecked, this configuration will be skipped.');?>" /></p>
- <p><label for="ldap_port"><?php echo $l->t('Port');?></label><input type="number" id="ldap_port" name="ldap_port" data-default="<?php echo $_['ldap_port_default']; ?>" /></p>
- <p><label for="ldap_backup_host"><?php echo $l->t('Backup (Replica) Host');?></label><input type="text" id="ldap_backup_host" name="ldap_backup_host" data-default="<?php echo $_['ldap_backup_host_default']; ?>" title="<?php echo $l->t('Give an optional backup host. It must be a replica of the main LDAP/AD server.');?>"></p>
- <p><label for="ldap_backup_port"><?php echo $l->t('Backup (Replica) Port');?></label><input type="number" id="ldap_backup_port" name="ldap_backup_port" data-default="<?php echo $_['ldap_backup_port_default']; ?>" /></p>
- <p><label for="ldap_override_main_server"><?php echo $l->t('Disable Main Server');?></label><input type="checkbox" id="ldap_override_main_server" name="ldap_override_main_server" value="1" data-default="<?php echo $_['ldap_override_main_server_default']; ?>" title="<?php echo $l->t('When switched on, ownCloud will only connect to the replica server.');?>" /></p>
- <p><label for="ldap_tls"><?php echo $l->t('Use TLS');?></label><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1" data-default="<?php echo $_['ldap_tls_default']; ?>" title="<?php echo $l->t('Do not use it additionally for LDAPS connections, it will fail.');?>" /></p>
- <p><label for="ldap_nocase"><?php echo $l->t('Case insensitve LDAP server (Windows)');?></label><input type="checkbox" id="ldap_nocase" name="ldap_nocase" data-default="<?php echo $_['ldap_nocase_default']; ?>" value="1"<?php if (isset($_['ldap_nocase']) && ($_['ldap_nocase'])) echo ' checked'; ?>></p>
- <p><label for="ldap_turn_off_cert_check"><?php echo $l->t('Turn off SSL certificate validation.');?></label><input type="checkbox" id="ldap_turn_off_cert_check" name="ldap_turn_off_cert_check" title="<?php echo $l->t('If connection only works with this option, import the LDAP server\'s SSL certificate in your ownCloud server.');?>" data-default="<?php echo $_['ldap_turn_off_cert_check_default']; ?>" value="1"><br/><small><?php echo $l->t('Not recommended, use for testing only.');?></small></p>
- <p><label for="ldap_cache_ttl">Cache Time-To-Live</label><input type="number" id="ldap_cache_ttl" name="ldap_cache_ttl" title="<?php echo $l->t('in seconds. A change empties the cache.');?>" data-default="<?php echo $_['ldap_cache_ttl_default']; ?>" /></p>
+ <p><label for="ldap_configuration_active"><?php p($l->t('Configuration Active'));?></label><input type="checkbox" id="ldap_configuration_active" name="ldap_configuration_active" value="1" data-default="<?php p($_['ldap_configuration_active_default']); ?>" title="<?php p($l->t('When unchecked, this configuration will be skipped.'));?>" /></p>
+ <p><label for="ldap_port"><?php p($l->t('Port'));?></label><input type="number" id="ldap_port" name="ldap_port" data-default="<?php p($_['ldap_port_default']); ?>" /></p>
+ <p><label for="ldap_backup_host"><?php p($l->t('Backup (Replica) Host'));?></label><input type="text" id="ldap_backup_host" name="ldap_backup_host" data-default="<?php p($_['ldap_backup_host_default']); ?>" title="<?php p($l->t('Give an optional backup host. It must be a replica of the main LDAP/AD server.'));?>"></p>
+ <p><label for="ldap_backup_port"><?php p($l->t('Backup (Replica) Port'));?></label><input type="number" id="ldap_backup_port" name="ldap_backup_port" data-default="<?php p($_['ldap_backup_port_default']); ?>" /></p>
+ <p><label for="ldap_override_main_server"><?php p($l->t('Disable Main Server'));?></label><input type="checkbox" id="ldap_override_main_server" name="ldap_override_main_server" value="1" data-default="<?php p($_['ldap_override_main_server_default']); ?>" title="<?php p($l->t('When switched on, ownCloud will only connect to the replica server.'));?>" /></p>
+ <p><label for="ldap_tls"><?php p($l->t('Use TLS'));?></label><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1" data-default="<?php p($_['ldap_tls_default']); ?>" title="<?php p($l->t('Do not use it additionally for LDAPS connections, it will fail.'));?>" /></p>
+ <p><label for="ldap_nocase"><?php p($l->t('Case insensitve LDAP server (Windows)'));?></label><input type="checkbox" id="ldap_nocase" name="ldap_nocase" data-default="<?php p($_['ldap_nocase_default']); ?>" value="1"<?php if (isset($_['ldap_nocase']) && ($_['ldap_nocase'])) p(' checked'); ?>></p>
+ <p><label for="ldap_turn_off_cert_check"><?php p($l->t('Turn off SSL certificate validation.'));?></label><input type="checkbox" id="ldap_turn_off_cert_check" name="ldap_turn_off_cert_check" title="<?php p($l->t('If connection only works with this option, import the LDAP server\'s SSL certificate in your ownCloud server.'));?>" data-default="<?php p($_['ldap_turn_off_cert_check_default']); ?>" value="1"><br/><small><?php p($l->t('Not recommended, use for testing only.'));?></small></p>
+ <p><label for="ldap_cache_ttl"><?php p($l->t('Cache Time-To-Live'));?></label><input type="number" id="ldap_cache_ttl" name="ldap_cache_ttl" title="<?php p($l->t('in seconds. A change empties the cache.'));?>" data-default="<?php p($_['ldap_cache_ttl_default']); ?>" /></p>
</div>
- <h3><?php echo $l->t('Directory Settings');?></h3>
+ <h3><?php p($l->t('Directory Settings'));?></h3>
<div>
- <p><label for="ldap_display_name"><?php echo $l->t('User Display Name Field');?></label><input type="text" id="ldap_display_name" name="ldap_display_name" data-default="<?php echo $_['ldap_display_name_default']; ?>" title="<?php echo $l->t('The LDAP attribute to use to generate the user`s ownCloud name.');?>" /></p>
- <p><label for="ldap_base_users"><?php echo $l->t('Base User Tree');?></label><textarea id="ldap_base_users" name="ldap_base_users" placeholder="<?php echo $l->t('One User Base DN per line');?>" data-default="<?php echo $_['ldap_base_users_default']; ?>" title="<?php echo $l->t('Base User Tree');?>"></textarea></p>
- <p><label for="ldap_attributes_for_user_search"><?php echo $l->t('User Search Attributes');?></label><textarea id="ldap_attributes_for_user_search" name="ldap_attributes_for_user_search" placeholder="<?php echo $l->t('Optional; one attribute per line');?>" data-default="<?php echo $_['ldap_attributes_for_user_search_default']; ?>" title="<?php echo $l->t('User Search Attributes');?>"></textarea></p>
- <p><label for="ldap_group_display_name"><?php echo $l->t('Group Display Name Field');?></label><input type="text" id="ldap_group_display_name" name="ldap_group_display_name" data-default="<?php echo $_['ldap_group_display_name_default']; ?>" title="<?php echo $l->t('The LDAP attribute to use to generate the groups`s ownCloud name.');?>" /></p>
- <p><label for="ldap_base_groups"><?php echo $l->t('Base Group Tree');?></label><textarea id="ldap_base_groups" name="ldap_base_groups" placeholder="<?php echo $l->t('One Group Base DN per line');?>" data-default="<?php echo $_['ldap_base_groups_default']; ?>" title="<?php echo $l->t('Base Group Tree');?>"></textarea></p>
- <p><label for="ldap_attributes_for_group_search"><?php echo $l->t('Group Search Attributes');?></label><textarea id="ldap_attributes_for_group_search" name="ldap_attributes_for_group_search" placeholder="<?php echo $l->t('Optional; one attribute per line');?>" data-default="<?php echo $_['ldap_attributes_for_group_search_default']; ?>" title="<?php echo $l->t('Group Search Attributes');?>"></textarea></p>
- <p><label for="ldap_group_member_assoc_attribute"><?php echo $l->t('Group-Member association');?></label><select id="ldap_group_member_assoc_attribute" name="ldap_group_member_assoc_attribute" data-default="<?php echo $_['ldap_group_member_assoc_attribute_default']; ?>" ><option value="uniqueMember"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'uniqueMember')) echo ' selected'; ?>>uniqueMember</option><option value="memberUid"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'memberUid')) echo ' selected'; ?>>memberUid</option><option value="member"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'member')) echo ' selected'; ?>>member (AD)</option></select></p>
+ <p><label for="ldap_display_name"><?php p($l->t('User Display Name Field'));?></label><input type="text" id="ldap_display_name" name="ldap_display_name" data-default="<?php p($_['ldap_display_name_default']); ?>" title="<?php p($l->t('The LDAP attribute to use to generate the user`s ownCloud name.'));?>" /></p>
+ <p><label for="ldap_base_users"><?php p($l->t('Base User Tree'));?></label><textarea id="ldap_base_users" name="ldap_base_users" placeholder="<?php p($l->t('One User Base DN per line'));?>" data-default="<?php p($_['ldap_base_users_default']); ?>" title="<?php p($l->t('Base User Tree'));?>"></textarea></p>
+ <p><label for="ldap_attributes_for_user_search"><?php p($l->t('User Search Attributes'));?></label><textarea id="ldap_attributes_for_user_search" name="ldap_attributes_for_user_search" placeholder="<?php p($l->t('Optional; one attribute per line'));?>" data-default="<?php p($_['ldap_attributes_for_user_search_default']); ?>" title="<?php p($l->t('User Search Attributes'));?>"></textarea></p>
+ <p><label for="ldap_group_display_name"><?php p($l->t('Group Display Name Field'));?></label><input type="text" id="ldap_group_display_name" name="ldap_group_display_name" data-default="<?php p($_['ldap_group_display_name_default']); ?>" title="<?php p($l->t('The LDAP attribute to use to generate the groups`s ownCloud name.'));?>" /></p>
+ <p><label for="ldap_base_groups"><?php p($l->t('Base Group Tree'));?></label><textarea id="ldap_base_groups" name="ldap_base_groups" placeholder="<?php p($l->t('One Group Base DN per line'));?>" data-default="<?php p($_['ldap_base_groups_default']); ?>" title="<?php p($l->t('Base Group Tree'));?>"></textarea></p>
+ <p><label for="ldap_attributes_for_group_search"><?php p($l->t('Group Search Attributes'));?></label><textarea id="ldap_attributes_for_group_search" name="ldap_attributes_for_group_search" placeholder="<?php p($l->t('Optional; one attribute per line'));?>" data-default="<?php p($_['ldap_attributes_for_group_search_default']); ?>" title="<?php p($l->t('Group Search Attributes'));?>"></textarea></p>
+ <p><label for="ldap_group_member_assoc_attribute"><?php p($l->t('Group-Member association'));?></label><select id="ldap_group_member_assoc_attribute" name="ldap_group_member_assoc_attribute" data-default="<?php p($_['ldap_group_member_assoc_attribute_default']); ?>" ><option value="uniqueMember"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'uniqueMember')) p(' selected'); ?>>uniqueMember</option><option value="memberUid"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'memberUid')) p(' selected'); ?>>memberUid</option><option value="member"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'member')) p(' selected'); ?>>member (AD)</option></select></p>
</div>
- <h3><?php echo $l->t('Special Attributes');?></h3>
+ <h3><?php p($l->t('Special Attributes'));?></h3>
<div>
- <p><label for="ldap_quota_attr">Quota Field</label><input type="text" id="ldap_quota_attr" name="ldap_quota_attr" data-default="<?php echo $_['ldap_quota_attr_default']; ?>"/></p>
- <p><label for="ldap_quota_def">Quota Default</label><input type="text" id="ldap_quota_def" name="ldap_quota_def" data-default="<?php echo $_['ldap_quota_def_default']; ?>" title="<?php echo $l->t('in bytes');?>" /></p>
- <p><label for="ldap_email_attr">Email Field</label><input type="text" id="ldap_email_attr" name="ldap_email_attr" data-default="<?php echo $_['ldap_email_attr_default']; ?>" /></p>
- <p><label for="home_folder_naming_rule">User Home Folder Naming Rule</label><input type="text" id="home_folder_naming_rule" name="home_folder_naming_rule" title="<?php echo $l->t('Leave empty for user name (default). Otherwise, specify an LDAP/AD attribute.');?>" data-default="<?php echo $_['home_folder_naming_rule_default']; ?>" /></p>
+ <p><label for="ldap_quota_attr"><?php p($l->t('Quota Field'));?></label><input type="text" id="ldap_quota_attr" name="ldap_quota_attr" data-default="<?php p($_['ldap_quota_attr_default']); ?>"/></p>
+ <p><label for="ldap_quota_def"><?php p($l->t('Quota Default'));?></label><input type="text" id="ldap_quota_def" name="ldap_quota_def" data-default="<?php p($_['ldap_quota_def_default']); ?>" title="<?php p($l->t('in bytes'));?>" /></p>
+ <p><label for="ldap_email_attr"><?php p($l->t('Email Field'));?></label><input type="text" id="ldap_email_attr" name="ldap_email_attr" data-default="<?php p($_['ldap_email_attr_default']); ?>" /></p>
+ <p><label for="home_folder_naming_rule"><?php p($l->t('User Home Folder Naming Rule'));?></label><input type="text" id="home_folder_naming_rule" name="home_folder_naming_rule" title="<?php p($l->t('Leave empty for user name (default). Otherwise, specify an LDAP/AD attribute.'));?>" data-default="<?php p($_['home_folder_naming_rule_default']); ?>" /></p>
</div>
</div>
</fieldset>
- <input id="ldap_submit" type="submit" value="Save" /> <button id="ldap_action_test_connection" name="ldap_action_test_connection">Test Configuration</button> <a href="http://doc.owncloud.org/server/5.0/admin_manual/auth_ldap.html" target="_blank"><img src="<?php echo OCP\Util::imagePath('', 'actions/info.png'); ?>" style="height:1.75ex" /> <?php echo $l->t('Help');?></a>
+ <input id="ldap_submit" type="submit" value="Save" /> <button id="ldap_action_test_connection" name="ldap_action_test_connection"><?php p($l->t('Test Configuration'));?></button> <a href="http://doc.owncloud.org/server/5.0/admin_manual/auth_ldap.html" target="_blank"><img src="<?php print_unescaped(OCP\Util::imagePath('', 'actions/info.png')); ?>" style="height:1.75ex" /> <?php p($l->t('Help'));?></a>
</div>
</form>
diff --git a/apps/user_webdavauth/templates/settings.php b/apps/user_webdavauth/templates/settings.php
index 45f4d81aecf844dbfb8ea11660db8d7437df14b0..ec6524ee4f79a9029b4441b465f1cee8270d6db5 100755
--- a/apps/user_webdavauth/templates/settings.php
+++ b/apps/user_webdavauth/templates/settings.php
@@ -1,9 +1,9 @@
<form id="webdavauth" action="#" method="post">
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('WebDAV Authentication');?></strong></legend>
- <p><label for="webdav_url"><?php echo $l->t('URL: http://');?><input type="text" id="webdav_url" name="webdav_url" value="<?php echo $_['webdav_url']; ?>"></label>
- <input type="hidden" name="requesttoken" value="<?php echo $_['requesttoken'] ?>" id="requesttoken">
+ <legend><strong><?php p($l->t('WebDAV Authentication'));?></strong></legend>
+ <p><label for="webdav_url"><?php p($l->t('URL: http://'));?><input type="text" id="webdav_url" name="webdav_url" value="<?php p($_['webdav_url']); ?>"></label>
+ <input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" id="requesttoken">
<input type="submit" value="Save" />
- <br /><?php echo $l->t('ownCloud will send the user credentials to this URL. This plugin checks the response and will interpret the HTTP statuscodes 401 and 403 as invalid credentials, and all other responses as valid credentials.'); ?>
+ <br /><?php p($l->t('ownCloud will send the user credentials to this URL. This plugin checks the response and will interpret the HTTP statuscodes 401 and 403 as invalid credentials, and all other responses as valid credentials.')); ?>
</fieldset>
</form>
diff --git a/core/templates/403.php b/core/templates/403.php
index fbf0e64fdb6e570692667b39965ed87ea347504b..6e910fd2e829262ed03db8b6e9db481a7e3e404a 100644
--- a/core/templates/403.php
+++ b/core/templates/403.php
@@ -9,7 +9,7 @@ if(!isset($_)) {//also provide standalone error page
?>
<ul>
<li class='error'>
- <?php echo $l->t( 'Access forbidden' ); ?><br/>
- <p class='hint'><?php if(isset($_['file'])) echo $_['file']?></p>
+ <?php p($l->t( 'Access forbidden' )); ?><br/>
+ <p class='hint'><?php if(isset($_['file'])) p($_['file'])?></p>
</li>
</ul>
diff --git a/core/templates/404.php b/core/templates/404.php
index c111fd70fa92eb17d1597e83c54b20a00b8c4de5..ee17f0de8e1957c5b66335010ee163005a52409a 100644
--- a/core/templates/404.php
+++ b/core/templates/404.php
@@ -9,7 +9,7 @@ if(!isset($_)) {//also provide standalone error page
?>
<ul>
<li class='error'>
- <?php echo $l->t( 'Cloud not found' ); ?><br/>
- <p class='hint'><?php if(isset($_['file'])) echo $_['file']?></p>
+ <?php p($l->t( 'Cloud not found' )); ?><br/>
+ <p class='hint'><?php if(isset($_['file'])) p($_['file'])?></p>
</li>
</ul>
diff --git a/core/templates/edit_categories_dialog.php b/core/templates/edit_categories_dialog.php
index d0b7b5ee62afe254329e5c6c962e36259f6dadd9..ea155bdf0ba3532456f5a83e54eafeb624d23e08 100644
--- a/core/templates/edit_categories_dialog.php
+++ b/core/templates/edit_categories_dialog.php
@@ -1,19 +1,19 @@
<?php
$categories = isset($_['categories'])?$_['categories']:array();
?>
-<div id="edit_categories_dialog" title="<?php echo $l->t('Edit categories'); ?>">
+<div id="edit_categories_dialog" title="<?php p($l->t('Edit categories')); ?>">
<!-- ?php print_r($types); ? -->
<form method="post" id="categoryform">
<div class="scrollarea">
<ul id="categorylist">
<?php foreach($categories as $category): ?>
- <li><input type="checkbox" name="categories[]" value="<?php echo $category; ?>" /><?php echo $category; ?></li>
+ <li><input type="checkbox" name="categories[]" value="<?php p($category); ?>" /><?php p($category); ?></li>
<?php endforeach; ?>
</ul>
</div>
<div class="bottombuttons">
<input type="text" id="category_addinput" name="category" />
- <button id="category_addbutton" disabled="disabled"><?php echo $l->t('Add'); ?></button>
+ <button id="category_addbutton" disabled="disabled"><?php p($l->t('Add')); ?></button>
</div>
</form>
</div>
diff --git a/core/templates/error.php b/core/templates/error.php
index 4f05e008f99b0857536adb37af798ab86945ffa6..3305f3fba9c54f73c032ca4e2808aa7791fc10f2 100644
--- a/core/templates/error.php
+++ b/core/templates/error.php
@@ -1,8 +1,8 @@
<ul>
<?php foreach($_["errors"] as $error):?>
<li class='error'>
- <?php echo $error['error'] ?><br/>
- <p class='hint'><?php if(isset($error['hint']))echo $error['hint'] ?></p>
+ <?php p($error['error']) ?><br/>
+ <p class='hint'><?php if(isset($error['hint']))p($error['hint']) ?></p>
</li>
<?php endforeach ?>
</ul>
diff --git a/core/templates/exception.php b/core/templates/exception.php
deleted file mode 100644
index ee40e3cb92c9ba42977e7b9bcf05cf98c7b117a5..0000000000000000000000000000000000000000
--- a/core/templates/exception.php
+++ /dev/null
@@ -1,32 +0,0 @@
-<ul>
- <li class='error'>
- <details>
- <summary class="error">We're sorry, but something went terribly wrong.<br></summary>
- <p class="exception">
- <?php
- if($_['showsysinfo'] == true) {
- echo 'If you would like to support ownCloud\'s developers and'
- .' report this error in our <a href="https://github.com/owncloud/core/blob/master/CONTRIBUTING.md">bug tracker</a>,'
- .' please copy the following information into the description. <br><br><textarea readonly>';
- echo 'Message: ' . $_['message'] . "\n";
- echo 'Error Code: ' . $_['code'] . "\n";
- echo 'File: ' . $_['file'] . "\n";
- echo 'Line: ' . $_['line'] . "\n\n";
- echo 'PHP: ' . $_['sysinfo']['phpversion'] . "\n";
- echo 'OS: ' . $_['sysinfo']['os'] . "\n";
- echo 'OS Release: ' . $_['sysinfo']['osrelease'] . "\n";
- echo 'OS Arch.: ' . $_['sysinfo']['osarchitecture'] . "\n";
- echo 'PHP-Server-Interface: ' . $_['sysinfo']['phpserverinterface'] . "\n";
- echo 'Protocol: ' . $_['sysinfo']['serverprotocol'] . "\n";
- echo 'HTTPS: ' . $_['sysinfo']['https'] . "\n";
- echo 'Request Method: ' . $_['sysinfo']['requestmethod'] . "\n";
- echo 'Database: ' . $_['sysinfo']['database'] . "\n";
- echo '</textarea>';
- } else {
- echo 'Your administrator has disabled systeminformations.';
- }
- ?>
- </p>
- </details>
- </li>
-</ul>
diff --git a/core/templates/installation.php b/core/templates/installation.php
index aca9648d0bfd81db249ebea698574cb9fbced7d4..33b01853fb83b83cb2afbde4839ca3b33d334726 100644
--- a/core/templates/installation.php
+++ b/core/templates/installation.php
@@ -1,8 +1,8 @@
-<input type='hidden' id='hasMySQL' value='<?php echo $_['hasMySQL'] ?>'>
-<input type='hidden' id='hasSQLite' value='<?php echo $_['hasSQLite'] ?>'>
-<input type='hidden' id='hasPostgreSQL' value='<?php echo $_['hasPostgreSQL'] ?>'>
-<input type='hidden' id='hasOracle' value='<?php echo $_['hasOracle'] ?>'>
-<input type='hidden' id='hasMSSQL' value='<?php echo $_['hasMSSQL'] ?>'>
+<input type='hidden' id='hasMySQL' value='<?php p($_['hasMySQL']) ?>'>
+<input type='hidden' id='hasSQLite' value='<?php p($_['hasSQLite']) ?>'>
+<input type='hidden' id='hasPostgreSQL' value='<?php p($_['hasPostgreSQL']) ?>'>
+<input type='hidden' id='hasOracle' value='<?php p($_['hasOracle']) ?>'>
+<input type='hidden' id='hasMSSQL' value='<?php p($_['hasMSSQL']) ?>'>
<form action="index.php" method="post">
<input type="hidden" name="install" value="true" />
<?php if(count($_['errors']) > 0): ?>
@@ -10,10 +10,10 @@
<?php foreach($_['errors'] as $err): ?>
<li>
<?php if(is_array($err)):?>
- <?php print $err['error']; ?>
- <p class='hint'><?php print $err['hint']; ?></p>
+ <?php print_unescaped($err['error']); ?>
+ <p class='hint'><?php print_unescaped($err['hint']); ?></p>
<?php else: ?>
- <?php print $err; ?>
+ <?php print_unescaped($err); ?>
<?php endif; ?>
</li>
<?php endforeach; ?>
@@ -21,54 +21,54 @@
<?php endif; ?>
<?php if(!$_['secureRNG']): ?>
<fieldset class="warning">
- <legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
- <p><?php echo $l->t('No secure random number generator is available, please enable the PHP OpenSSL extension.');?><br/>
- <?php echo $l->t('Without a secure random number generator an attacker may be able to predict password reset tokens and take over your account.');?></p>
+ <legend><strong><?php p($l->t('Security Warning'));?></strong></legend>
+ <p><?php p($l->t('No secure random number generator is available, please enable the PHP OpenSSL extension.'));?><br/>
+ <?php p($l->t('Without a secure random number generator an attacker may be able to predict password reset tokens and take over your account.'));?></p>
</fieldset>
<?php endif; ?>
<?php if(!$_['htaccessWorking']): ?>
<fieldset class="warning">
- <legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
- <p><?php echo $l->t('Your data directory and files are probably accessible from the internet because the .htaccess file does not work.');?><br>
- <?php echo $l->t('For information how to properly configure your server, please see the <a href="http://doc.owncloud.org/server/5.0/admin_manual/installation.html" target="_blank">documentation</a>.');?></p>
+ <legend><strong><?php p($l->t('Security Warning'));?></strong></legend>
+ <p><?php p($l->t('Your data directory and files are probably accessible from the internet because the .htaccess file does not work.'));?><br>
+ <?php print_unescaped($l->t('For information how to properly configure your server, please see the <a href="http://doc.owncloud.org/server/5.0/admin_manual/installation.html" target="_blank">documentation</a>.'));?></p>
</fieldset>
<?php endif; ?>
<fieldset id="adminaccount">
- <legend><?php echo $l->t( 'Create an <strong>admin account</strong>' ); ?></legend>
+ <legend><?php print_unescaped($l->t( 'Create an <strong>admin account</strong>' )); ?></legend>
<p class="infield grouptop">
<input type="text" name="adminlogin" id="adminlogin"
- value="<?php print OC_Helper::init_var('adminlogin'); ?>" autocomplete="off" autofocus required />
- <label for="adminlogin" class="infield"><?php echo $l->t( 'Username' ); ?></label>
- <img class="svg" src="<?php echo image_path('', 'actions/user.svg'); ?>" alt="" />
+ value="<?php p(OC_Helper::init_var('adminlogin')); ?>" autocomplete="off" autofocus required />
+ <label for="adminlogin" class="infield"><?php p($l->t( 'Username' )); ?></label>
+ <img class="svg" src="<?php p(image_path('', 'actions/user.svg')); ?>" alt="" />
</p>
<p class="infield groupbottom">
<input type="password" name="adminpass" data-typetoggle="#show" id="adminpass"
- value="<?php print OC_Helper::init_var('adminpass'); ?>" />
- <label for="adminpass" class="infield"><?php echo $l->t( 'Password' ); ?></label>
- <img class="svg" id="adminpass-icon" src="<?php echo image_path('', 'actions/password.svg'); ?>" alt="" />
+ value="<?php p(OC_Helper::init_var('adminpass')); ?>" />
+ <label for="adminpass" class="infield"><?php p($l->t( 'Password' )); ?></label>
+ <img class="svg" id="adminpass-icon" src="<?php print_unescaped(image_path('', 'actions/password.svg')); ?>" alt="" />
<input type="checkbox" id="show" name="show" />
<label for="show"></label>
</p>
</fieldset>
<fieldset id="datadirField">
- <legend><a id="showAdvanced"><?php echo $l->t( 'Advanced' ); ?> <img class="svg" src="<?php echo image_path('', 'actions/caret-dark.svg'); ?>" /></a></legend>
+ <legend><a id="showAdvanced"><?php p($l->t( 'Advanced' )); ?> <img class="svg" src="<?php print_unescaped(image_path('', 'actions/caret-dark.svg')); ?>" /></a></legend>
<div id="datadirContent">
- <label for="directory"><?php echo $l->t( 'Data folder' ); ?></label>
+ <label for="directory"><?php p($l->t( 'Data folder' )); ?></label>
<input type="text" name="directory" id="directory"
- value="<?php print OC_Helper::init_var('directory', $_['directory']); ?>" />
+ value="<?php p(OC_Helper::init_var('directory', $_['directory'])); ?>" />
</div>
</fieldset>
<fieldset id='databaseField'>
<?php if($_['hasMySQL'] or $_['hasPostgreSQL'] or $_['hasOracle'] or $_['hasMSSQL'])
$hasOtherDB = true; else $hasOtherDB =false; //other than SQLite ?>
- <legend><?php echo $l->t( 'Configure the database' ); ?></legend>
+ <legend><?php p($l->t( 'Configure the database' )); ?></legend>
<div id="selectDbType">
<?php if($_['hasSQLite']): ?>
<input type='hidden' id='hasSQLite' value="true" />
<?php if(!$hasOtherDB): ?>
- <p>SQLite <?php echo $l->t( 'will be used' ); ?>.</p>
+ <p>SQLite <?php p($l->t( 'will be used' )); ?>.</p>
<input type="hidden" id="dbtype" name="dbtype" value="sqlite" />
<?php else: ?>
<input type="radio" name="dbtype" value="sqlite" id="sqlite"
@@ -80,7 +80,7 @@
<?php if($_['hasMySQL']): ?>
<input type='hidden' id='hasMySQL' value='true'/>
<?php if(!$_['hasSQLite'] and !$_['hasPostgreSQL'] and !$_['hasOracle'] and !$_['hasMSSQL']): ?>
- <p>MySQL <?php echo $l->t( 'will be used' ); ?>.</p>
+ <p>MySQL <?php p($l->t( 'will be used' )); ?>.</p>
<input type="hidden" id="dbtype" name="dbtype" value="mysql" />
<?php else: ?>
<input type="radio" name="dbtype" value="mysql" id="mysql"
@@ -91,7 +91,7 @@
<?php if($_['hasPostgreSQL']): ?>
<?php if(!$_['hasSQLite'] and !$_['hasMySQL'] and !$_['hasOracle'] and !$_['hasMSSQL']): ?>
- <p>PostgreSQL <?php echo $l->t( 'will be used' ); ?>.</p>
+ <p>PostgreSQL <?php p($l->t( 'will be used' )); ?>.</p>
<input type="hidden" id="dbtype" name="dbtype" value="pgsql" />
<?php else: ?>
<label class="pgsql" for="pgsql">PostgreSQL</label>
@@ -102,7 +102,7 @@
<?php if($_['hasOracle']): ?>
<?php if(!$_['hasSQLite'] and !$_['hasMySQL'] and !$_['hasPostgreSQL'] and !$_['hasMSSQL']): ?>
- <p>Oracle <?php echo $l->t( 'will be used' ); ?>.</p>
+ <p>Oracle <?php p($l->t( 'will be used' )); ?>.</p>
<input type="hidden" id="dbtype" name="dbtype" value="oci" />
<?php else: ?>
<label class="oci" for="oci">Oracle</label>
@@ -114,7 +114,7 @@
<?php if($_['hasMSSQL']): ?>
<input type='hidden' id='hasMSSQL' value='true'/>
<?php if(!$_['hasSQLite'] and !$_['hasMySQL'] and !$_['hasPostgreSQL'] and !$_['hasOracle']): ?>
- <p>MS SQL <?php echo $l->t( 'will be used' ); ?>.</p>
+ <p>MS SQL <?php p($l->t( 'will be used' )); ?>.</p>
<input type="hidden" id="dbtype" name="dbtype" value="mssql" />
<?php else: ?>
<label class="mssql" for="mssql">MS SQL</label>
@@ -126,19 +126,19 @@
<?php if($hasOtherDB): ?>
<div id="use_other_db">
<p class="infield grouptop">
- <label for="dbuser" class="infield"><?php echo $l->t( 'Database user' ); ?></label>
+ <label for="dbuser" class="infield"><?php p($l->t( 'Database user' )); ?></label>
<input type="text" name="dbuser" id="dbuser"
- value="<?php print OC_Helper::init_var('dbuser'); ?>" autocomplete="off" />
+ value="<?php p(OC_Helper::init_var('dbuser')); ?>" autocomplete="off" />
</p>
<p class="infield groupmiddle">
- <label for="dbpass" class="infield"><?php echo $l->t( 'Database password' ); ?></label>
+ <label for="dbpass" class="infield"><?php p($l->t( 'Database password' )); ?></label>
<input type="password" name="dbpass" id="dbpass"
- value="<?php print OC_Helper::init_var('dbpass'); ?>" />
+ value="<?php p(OC_Helper::init_var('dbpass')); ?>" />
</p>
<p class="infield groupmiddle">
- <label for="dbname" class="infield"><?php echo $l->t( 'Database name' ); ?></label>
+ <label for="dbname" class="infield"><?php p($l->t( 'Database name' )); ?></label>
<input type="text" name="dbname" id="dbname"
- value="<?php print OC_Helper::init_var('dbname'); ?>"
+ value="<?php p(OC_Helper::init_var('dbname')); ?>"
autocomplete="off" pattern="[0-9a-zA-Z$_-]+" />
</p>
</div>
@@ -146,18 +146,18 @@
<?php if($_['hasOracle']): ?>
<div id="use_oracle_db">
<p class="infield groupmiddle">
- <label for="dbtablespace" class="infield"><?php echo $l->t( 'Database tablespace' ); ?></label>
+ <label for="dbtablespace" class="infield"><?php p($l->t( 'Database tablespace' )); ?></label>
<input type="text" name="dbtablespace" id="dbtablespace"
- value="<?php print OC_Helper::init_var('dbtablespace'); ?>" autocomplete="off" />
+ value="<?php p(OC_Helper::init_var('dbtablespace')); ?>" autocomplete="off" />
</p>
</div>
<?php endif; ?>
<p class="infield groupbottom">
- <label for="dbhost" class="infield" id="dbhostlabel"><?php echo $l->t( 'Database host' ); ?></label>
+ <label for="dbhost" class="infield" id="dbhostlabel"><?php p($l->t( 'Database host' )); ?></label>
<input type="text" name="dbhost" id="dbhost"
- value="<?php print OC_Helper::init_var('dbhost', 'localhost'); ?>" />
+ value="<?php p(OC_Helper::init_var('dbhost', 'localhost')); ?>" />
</p>
</fieldset>
- <div class="buttons"><input type="submit" class="primary" value="<?php echo $l->t( 'Finish setup' ); ?>" /></div>
+ <div class="buttons"><input type="submit" class="primary" value="<?php p($l->t( 'Finish setup' )); ?>" /></div>
</form>
diff --git a/core/templates/layout.base.php b/core/templates/layout.base.php
index 47d552069a0ddf95d48418486bad7c78e47b8697..c12dc346af35ab8094a9f5c6f1d8e1ec1b4f8603 100644
--- a/core/templates/layout.base.php
+++ b/core/templates/layout.base.php
@@ -3,26 +3,26 @@
<head>
<title>ownCloud</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <link rel="shortcut icon" href="<?php echo image_path('', 'favicon.png'); ?>" />
- <link rel="apple-touch-icon-precomposed" href="<?php echo image_path('', 'favicon-touch.png'); ?>" />
+ <link rel="shortcut icon" href="<?php print_unescaped(image_path('', 'favicon.png')); ?>" />
+ <link rel="apple-touch-icon-precomposed" href="<?php print_unescaped(image_path('', 'favicon-touch.png')); ?>" />
<?php foreach ($_['cssfiles'] as $cssfile): ?>
- <link rel="stylesheet" href="<?php echo $cssfile; ?>" type="text/css" media="screen" />
+ <link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" type="text/css" media="screen" />
<?php endforeach; ?>
<?php foreach ($_['jsfiles'] as $jsfile): ?>
- <script type="text/javascript" src="<?php echo $jsfile; ?>"></script>
+ <script type="text/javascript" src="<?php print_unescaped($jsfile); ?>"></script>
<?php endforeach; ?>
<?php foreach ($_['headers'] as $header): ?>
<?php
- echo '<'.$header['tag'].' ';
+ print_unescaped('<'.$header['tag'].' ');
foreach ($header['attributes'] as $name => $value) {
- echo "$name='$value' ";
+ print_unescaped("$name='$value' ");
};
- echo '/>';
+ print_unescaped('/>');
?>
<?php endforeach; ?>
</head>
<body>
- <?php echo $_['content']; ?>
+ <?php print_unescaped($_['content']); ?>
</body>
</html>
diff --git a/core/templates/layout.guest.php b/core/templates/layout.guest.php
index a84e2b8cef7af65b7df8c2c692c5a077eb067d91..03d58c9eae136178d412a79e4fedf3a2f3ab6788 100644
--- a/core/templates/layout.guest.php
+++ b/core/templates/layout.guest.php
@@ -4,22 +4,22 @@
<title>ownCloud</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="apple-itunes-app" content="app-id=543672169">
- <link rel="shortcut icon" href="<?php echo image_path('', 'favicon.png'); ?>" />
- <link rel="apple-touch-icon-precomposed" href="<?php echo image_path('', 'favicon-touch.png'); ?>" />
+ <link rel="shortcut icon" href="<?php print_unescaped(image_path('', 'favicon.png')); ?>" />
+ <link rel="apple-touch-icon-precomposed" href="<?php print_unescaped(image_path('', 'favicon-touch.png')); ?>" />
<?php foreach($_['cssfiles'] as $cssfile): ?>
- <link rel="stylesheet" href="<?php echo $cssfile; ?>" type="text/css" media="screen" />
+ <link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" type="text/css" media="screen" />
<?php endforeach; ?>
<?php foreach($_['jsfiles'] as $jsfile): ?>
- <script type="text/javascript" src="<?php echo $jsfile; ?>"></script>
+ <script type="text/javascript" src="<?php print_unescaped($jsfile); ?>"></script>
<?php endforeach; ?>
<?php foreach($_['headers'] as $header): ?>
<?php
- echo '<'.$header['tag'].' ';
+ print_unescaped('<'.$header['tag'].' ');
foreach($header['attributes'] as $name=>$value) {
- echo "$name='$value' ";
+ print_unescaped("$name='$value' ");
};
- echo '/>';
+ print_unescaped('/>');
?>
<?php endforeach; ?>
</head>
@@ -27,11 +27,11 @@
<body id="body-login">
<div id="login">
<header><div id="header">
- <img src="<?php echo image_path('', 'logo.svg'); ?>" class="svg" alt="ownCloud" />
+ <img src="<?php print_unescaped(image_path('', 'logo.svg')); ?>" class="svg" alt="ownCloud" />
</div></header>
- <?php echo $_['content']; ?>
+ <?php print_unescaped($_['content']); ?>
</div>
<footer><p class="info"><a href="http://owncloud.org/">ownCloud</a> –
- <?php echo $l->t( 'web services under your control' ); ?></p></footer>
+ <?php p($l->t( 'web services under your control' )); ?></p></footer>
</body>
</html>
diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php
index 10540cfe36227850d4660a930413ffee0611b3e0..2b53cc0ae5d3ae37b064176a03810b7055f4edb3 100644
--- a/core/templates/layout.user.php
+++ b/core/templates/layout.user.php
@@ -1,56 +1,56 @@
<!DOCTYPE html>
<html class="ng-csp">
<head>
- <title><?php echo !empty($_['application'])?$_['application'].' | ':'' ?>ownCloud
- <?php echo !empty($_['user_displayname'])?' ('.$_['user_displayname'].') ':'' ?></title>
+ <title><?php p(!empty($_['application'])?$_['application'].' | ':'') ?>ownCloud
+ <?php p(!empty($_['user_displayname'])?' ('.$_['user_displayname'].') ':'') ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="apple-itunes-app" content="app-id=543672169">
- <link rel="shortcut icon" href="<?php echo image_path('', 'favicon.png'); ?>" />
- <link rel="apple-touch-icon-precomposed" href="<?php echo image_path('', 'favicon-touch.png'); ?>" />
+ <link rel="shortcut icon" href="<?php print_unescaped(image_path('', 'favicon.png')); ?>" />
+ <link rel="apple-touch-icon-precomposed" href="<?php print_unescaped(image_path('', 'favicon-touch.png')); ?>" />
<?php foreach($_['cssfiles'] as $cssfile): ?>
- <link rel="stylesheet" href="<?php echo $cssfile; ?>" type="text/css" media="screen" />
+ <link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" type="text/css" media="screen" />
<?php endforeach; ?>
<?php foreach($_['jsfiles'] as $jsfile): ?>
- <script type="text/javascript" src="<?php echo $jsfile; ?>"></script>
+ <script type="text/javascript" src="<?php print_unescaped($jsfile); ?>"></script>
<?php endforeach; ?>
<?php foreach($_['headers'] as $header): ?>
<?php
- echo '<'.$header['tag'].' ';
+ print_unescaped('<'.$header['tag'].' ');
foreach($header['attributes'] as $name=>$value) {
- echo "$name='$value' ";
+ print_unescaped("$name='$value' ");
};
- echo '/>';
+ print_unescaped('/>');
?>
<?php endforeach; ?>
</head>
- <body id="<?php echo $_['bodyid'];?>">
+ <body id="<?php p($_['bodyid']);?>">
<div id="notification-container">
<div id="notification"></div>
</div>
<header><div id="header">
- <a href="<?php echo link_to('', 'index.php'); ?>" title="" id="owncloud"><img class="svg"
- src="<?php echo image_path('', 'logo-wide.svg'); ?>" alt="ownCloud" /></a>
+ <a href="<?php print_unescaped(link_to('', 'index.php')); ?>" title="" id="owncloud"><img class="svg"
+ src="<?php print_unescaped(image_path('', 'logo-wide.svg')); ?>" alt="ownCloud" /></a>
<ul id="settings" class="svg">
<span id="expand">
- <span id="expandDisplayName"><?php echo $_['user_displayname'] ?></span>
- <img class="svg" src="<?php echo image_path('', 'actions/caret.svg'); ?>" />
+ <span id="expandDisplayName"><?php p($_['user_displayname']) ?></span>
+ <img class="svg" src="<?php print_unescaped(image_path('', 'actions/caret.svg')); ?>" />
</span>
<div id="expanddiv">
<?php foreach($_['settingsnavigation'] as $entry):?>
<li>
- <a href="<?php echo $entry['href']; ?>" title=""
+ <a href="<?php print_unescaped($entry['href']); ?>" title=""
<?php if( $entry["active"] ): ?> class="active"<?php endif; ?>>
- <img class="svg" alt="" src="<?php echo $entry['icon']; ?>">
- <?php echo $entry['name'] ?>
+ <img class="svg" alt="" src="<?php print_unescaped($entry['icon']); ?>">
+ <?php p($entry['name']) ?>
</a>
</li>
<?php endforeach; ?>
<li>
- <a id="logout" href="<?php echo link_to('', 'index.php'); ?>?logout=true">
- <img class="svg" alt="" src="<?php echo image_path('', 'actions/logout.svg'); ?>" />
- <?php echo $l->t('Log out');?>
+ <a id="logout" href="<?php print_unescaped(link_to('', 'index.php')); ?>?logout=true">
+ <img class="svg" alt="" src="<?php print_unescaped(image_path('', 'actions/logout.svg')); ?>" />
+ <?php p($l->t('Log out'));?>
</a>
</li>
</div>
@@ -58,7 +58,7 @@
<form class="searchbox" action="#" method="post">
<input id="searchbox" class="svg" type="search" name="query"
- value="<?php if(isset($_POST['query'])) {echo OC_Util::sanitizeHTML($_POST['query']);};?>"
+ value="<?php if(isset($_POST['query'])) {p($_POST['query']);};?>"
autocomplete="off" x-webkit-speech />
</form>
</div></header>
@@ -66,11 +66,11 @@
<nav><div id="navigation">
<ul id="apps" class="svg">
<?php foreach($_['navigation'] as $entry): ?>
- <li data-id="<?php echo $entry['id']; ?>">
- <a href="<?php echo $entry['href']; ?>" title=""
+ <li data-id="<?php p($entry['id']); ?>">
+ <a href="<?php print_unescaped($entry['href']); ?>" title=""
<?php if( $entry['active'] ): ?> class="active"<?php endif; ?>>
- <img class="icon svg" src="<?php echo $entry['icon']; ?>"/>
- <?php echo $entry['name']; ?>
+ <img class="icon svg" src="<?php print_unescaped($entry['icon']); ?>"/>
+ <?php p($entry['name']); ?>
</a>
</li>
<?php endforeach; ?>
@@ -79,7 +79,7 @@
<div id="content-wrapper">
<div id="content">
- <?php echo $_['content']; ?>
+ <?php print_unescaped($_['content']); ?>
</div>
</div>
</body>
diff --git a/core/templates/login.php b/core/templates/login.php
index 3be2b039b032aa9b95b52c77f809c5f2ef11b9a9..463b951c80fa38e768ee2b466319233ed5f518d4 100644
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -2,54 +2,54 @@
<form method="post">
<fieldset>
<?php if (!empty($_['redirect_url'])) {
- echo '<input type="hidden" name="redirect_url" value="' . $_['redirect_url'] . '" />';
+ print_unescaped('<input type="hidden" name="redirect_url" value="' . OC_Util::sanitizeHTML($_['redirect_url']) . '" />');
} ?>
<ul>
<?php if (isset($_['invalidcookie']) && ($_['invalidcookie'])): ?>
<li class="errors">
- <?php echo $l->t('Automatic logon rejected!'); ?><br>
- <small><?php echo $l->t('If you did not change your password recently, your account may be compromised!'); ?></small>
+ <?php p($l->t('Automatic logon rejected!')); ?><br>
+ <small><?php p($l->t('If you did not change your password recently, your account may be compromised!')); ?></small>
<br>
- <small><?php echo $l->t('Please change your password to secure your account again.'); ?></small>
+ <small><?php p($l->t('Please change your password to secure your account again.')); ?></small>
</li>
<?php endif; ?>
<?php if (isset($_['invalidpassword']) && ($_['invalidpassword'])): ?>
- <a href="<?php echo OC_Helper::linkToRoute('core_lostpassword_index') ?>">
+ <a href="<?php print_unescaped(OC_Helper::linkToRoute('core_lostpassword_index')) ?>">
<li class="errors">
- <?php echo $l->t('Lost your password?'); ?>
+ <?php p($l->t('Lost your password?')); ?>
</li>
</a>
<?php endif; ?>
</ul>
<p class="infield grouptop">
<input type="text" name="user" id="user"
- value="<?php echo $_['username']; ?>"<?php echo $_['user_autofocus'] ? ' autofocus' : ''; ?>
+ value="<?php p($_['username']); ?>"<?php p($_['user_autofocus'] ? ' autofocus' : ''); ?>
autocomplete="on" required/>
- <label for="user" class="infield"><?php echo $l->t('Username'); ?></label>
- <img class="svg" src="<?php echo image_path('', 'actions/user.svg'); ?>" alt=""/>
+ <label for="user" class="infield"><?php p($l->t('Username')); ?></label>
+ <img class="svg" src="<?php print_unescaped(image_path('', 'actions/user.svg')); ?>" alt=""/>
</p>
<p class="infield groupbottom">
<input type="password" name="password" id="password" value="" data-typetoggle="#show"
- required<?php echo $_['user_autofocus'] ? '' : ' autofocus'; ?> />
- <label for="password" class="infield"><?php echo $l->t('Password'); ?></label>
- <img class="svg" id="password-icon" src="<?php echo image_path('', 'actions/password.svg'); ?>" alt=""/>
+ required<?php p($_['user_autofocus'] ? '' : ' autofocus'); ?> />
+ <label for="password" class="infield"><?php p($l->t('Password')); ?></label>
+ <img class="svg" id="password-icon" src="<?php print_unescaped(image_path('', 'actions/password.svg')); ?>" alt=""/>
<input type="checkbox" id="show" name="show" />
<label for="show"></label>
</p>
<input type="checkbox" name="remember_login" value="1" id="remember_login"/><label
- for="remember_login"><?php echo $l->t('remember'); ?></label>
+ for="remember_login"><?php p($l->t('remember')); ?></label>
<input type="hidden" name="timezone-offset" id="timezone-offset"/>
- <input type="submit" id="submit" class="login primary" value="<?php echo $l->t('Log in'); ?>"/>
+ <input type="submit" id="submit" class="login primary" value="<?php p($l->t('Log in')); ?>"/>
</fieldset>
</form>
<?php if (!empty($_['alt_login'])) { ?>
<form id="alternative-logins">
<fieldset>
- <legend><?php echo $l->t('Alternative Logins') ?></legend>
+ <legend><?php p($l->t('Alternative Logins')) ?></legend>
<ul>
<?php foreach($_['alt_login'] as $login): ?>
- <li><a class="button" href="<?php echo $login['href']; ?>" ><?php echo $login['name']; ?></a></li>
+ <li><a class="button" href="<?php print_unescaped($login['href']); ?>" ><?php p($login['name']); ?></a></li>
<?php endforeach; ?>
</ul>
</fieldset>
diff --git a/core/templates/part.pagenavi.php b/core/templates/part.pagenavi.php
index d43023a7822cc3e2e172e8ab8a5e4ceabfe9717e..2f5c218376568e52d8f3ee802f492f71587a284a 100644
--- a/core/templates/part.pagenavi.php
+++ b/core/templates/part.pagenavi.php
@@ -1,15 +1,15 @@
<ol class="pager">
<?php if($_['page']>0):?>
- <li class="pagerbutton1"><a href="<?php echo $_['url'].($_['page']-1);?>"><?php echo $l->t( 'prev' ); ?></a></li>
+ <li class="pagerbutton1"><a href="<?php print_unescaped($_['url'].($_['page']-1));?>"><?php p($l->t( 'prev' )); ?></a></li>
<?php endif; ?>
<?php if ($_['pagestart']>0):?>
…
<?php endif;?>
<?php for ($i=$_['pagestart']; $i < $_['pagestop'];$i++):?>
<?php if ($_['page']!=$i):?>
- <li><a href="<?php echo $_['url'].$i;?>"><?php echo $i+1;?></a></li>
+ <li><a href="<?php print_unescaped($_['url'].$i);?>"><?php p($i+1);?></a></li>
<?php else:?>
- <li><?php echo $i+1;?></li>
+ <li><?php p($i+1);?></li>
<?php endif?>
<?php endfor;?>
<?php if ($_['pagestop']<$_['pagecount']):?>
@@ -17,6 +17,6 @@
<?php endif;?>
<?php if(($_['page']+1)<$_['pagecount']):?>
- <li class="pagerbutton2"><a href="<?php echo $_['url'].($_['page']+1);?>"><?php echo $l->t( 'next' ); ?></a></li>
+ <li class="pagerbutton2"><a href="<?php print_unescaped($_['url'].($_['page']+1));?>"><?php p($l->t( 'next' )); ?></a></li>
<?php endif; ?>
</ol>
diff --git a/core/templates/update.php b/core/templates/update.php
index 685a5536d06aa7056b42b241fc2ba7207a2691b5..a652d5f195a4830651c291f20a8fbad036d5048d 100644
--- a/core/templates/update.php
+++ b/core/templates/update.php
@@ -1,6 +1,6 @@
<ul>
<li class='update'>
- <?php echo $l->t('Updating ownCloud to version %s, this may take a while.',
- array($_['version'])); ?><br /><br />
+ <?php p($l->t('Updating ownCloud to version %s, this may take a while.',
+ array($_['version']))); ?><br /><br />
</li>
</ul>
diff --git a/lib/setup.php b/lib/setup.php
index 8f772e663e2e8f4c9d509f605091b861501fcc64..8814447f52feb4c78edc2804047af44f62990e7a 100644
--- a/lib/setup.php
+++ b/lib/setup.php
@@ -851,7 +851,7 @@ class OC_Setup {
'http://doc.owncloud.org/server/5.0/admin_manual/installation.html');
$tmpl = new OC_Template('', 'error', 'guest');
- $tmpl->assign('errors', array(1 => array('error' => $error, 'hint' => $hint)), false);
+ $tmpl->assign('errors', array(1 => array('error' => $error, 'hint' => $hint)));
$tmpl->printPage();
exit();
}
diff --git a/lib/template.php b/lib/template.php
index 3c103c901c2b3f764205085dac6610888b9ea51b..b2d1f0c0292fcb456d7f3b5f72c7a30c94906754 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -341,7 +341,6 @@ class OC_Template{
* @brief Assign variables
* @param string $key key
* @param string $value value
- * @param bool $sanitizeHTML false, if data shouldn't get passed through htmlentities
* @return bool
*
* This function assigns a variable. It can be accessed via $_[$key] in
@@ -349,8 +348,7 @@ class OC_Template{
*
* If the key existed before, it will be overwritten
*/
- public function assign( $key, $value, $sanitizeHTML=true ) {
- if($sanitizeHTML == true) $value=OC_Util::sanitizeHTML($value);
+ public function assign( $key, $value) {
$this->vars[$key] = $value;
return true;
}
@@ -484,7 +482,7 @@ class OC_Template{
public static function printUserPage( $application, $name, $parameters = array() ) {
$content = new OC_Template( $application, $name, "user" );
foreach( $parameters as $key => $value ) {
- $content->assign( $key, $value, false );
+ $content->assign( $key, $value );
}
print $content->printPage();
}
@@ -499,7 +497,7 @@ class OC_Template{
public static function printAdminPage( $application, $name, $parameters = array() ) {
$content = new OC_Template( $application, $name, "admin" );
foreach( $parameters as $key => $value ) {
- $content->assign( $key, $value, false );
+ $content->assign( $key, $value );
}
return $content->printPage();
}
@@ -514,7 +512,7 @@ class OC_Template{
public static function printGuestPage( $application, $name, $parameters = array() ) {
$content = new OC_Template( $application, $name, "guest" );
foreach( $parameters as $key => $value ) {
- $content->assign( $key, $value, false );
+ $content->assign( $key, $value );
}
return $content->printPage();
}
diff --git a/lib/templatelayout.php b/lib/templatelayout.php
index afa875b0a6d90ec38ff915dd58f339ed531db016..3d824cdca8ff0cd2729fa456d9bd5006fb806cba 100644
--- a/lib/templatelayout.php
+++ b/lib/templatelayout.php
@@ -13,19 +13,19 @@ class OC_TemplateLayout extends OC_Template {
if( $renderas == 'user' ) {
parent::__construct( 'core', 'layout.user' );
if(in_array(OC_APP::getCurrentApp(), array('settings','admin', 'help'))!==false) {
- $this->assign('bodyid', 'body-settings', false);
+ $this->assign('bodyid', 'body-settings');
}else{
- $this->assign('bodyid', 'body-user', false);
+ $this->assign('bodyid', 'body-user');
}
// Add navigation entry
$this->assign( 'application', '', false );
$navigation = OC_App::getNavigation();
- $this->assign( 'navigation', $navigation, false);
- $this->assign( 'settingsnavigation', OC_App::getSettingsNavigation(), false);
+ $this->assign( 'navigation', $navigation);
+ $this->assign( 'settingsnavigation', OC_App::getSettingsNavigation());
foreach($navigation as $entry) {
if ($entry['active']) {
- $this->assign( 'application', $entry['name'], false );
+ $this->assign( 'application', $entry['name'] );
break;
}
}
diff --git a/settings/apps.php b/settings/apps.php
index b9ed2cac93a6a12f8562bf0de58bb458c25f9237..44cfff7e3f1e1f375db2295e720659d237355053 100644
--- a/settings/apps.php
+++ b/settings/apps.php
@@ -49,7 +49,7 @@ usort( $combinedApps, 'app_sort' );
$tmpl = new OC_Template( "settings", "apps", "user" );
-$tmpl->assign('apps', $combinedApps, false);
+$tmpl->assign('apps', $combinedApps);
$appid = (isset($_GET['appid'])?strip_tags($_GET['appid']):'');
diff --git a/settings/oauth.php b/settings/oauth.php
deleted file mode 100644
index 8b4759f999e3256223cbf1f7fca7d4ba98ab6792..0000000000000000000000000000000000000000
--- a/settings/oauth.php
+++ /dev/null
@@ -1,101 +0,0 @@
-<?php
-/**
- * Copyright (c) 2012, Tom Needham <tom@owncloud.com>
- * This file is licensed under the Affero General Public License version 3 or later.
- * See the COPYING-README file.
- */
-
-require_once '../lib/base.php';
-// Logic
-$operation = isset($_GET['operation']) ? $_GET['operation'] : '';
-$server = OC_OAuth_server::init();
-
-switch($operation){
-
- case 'register':
-
- // Here external apps can register with an ownCloud
- if(empty($_GET['name']) || empty($_GET['url'])) {
- // Invalid request
- echo 401;
- } else {
- $callbacksuccess = empty($_GET['callback_success']) ? null : $_GET['callback_success'];
- $callbackfail = empty($_GET['callback_fail']) ? null : $_GET['callback_fail'];
- $consumer = OC_OAuth_Server::register_consumer($_GET['name'], $_GET['url'], $callbacksuccess, $callbackfail);
-
- echo 'Registered consumer successfully! </br></br>Key: ' . $consumer->key
- . '</br>Secret: ' . $consumer->secret;
- }
- break;
-
- case 'request_token':
-
- try {
- $request = OAuthRequest::from_request();
- $token = $server->get_request_token($request);
- echo $token;
- } catch (OAuthException $exception) {
- OC_Log::write('OC_OAuth_Server', $exception->getMessage(), OC_LOG::ERROR);
- echo $exception->getMessage();
- }
-
- break;
- case 'authorise';
-
- OC_API::checkLoggedIn();
- // Example
- $consumer = array(
- 'name' => 'Firefox Bookmark Sync',
- 'scopes' => array('ookmarks'),
- );
-
- // Check that the scopes are real and installed
- $apps = OC_App::getEnabledApps();
- $notfound = array();
- foreach($consumer['scopes'] as $requiredapp){
- // App scopes are in this format: app_$appname
- $requiredapp = end(explode('_', $requiredapp));
- if(!in_array($requiredapp, $apps)) {
- $notfound[] = $requiredapp;
- }
- }
- if(!empty($notfound)) {
- // We need more apps :( Show error
- if(count($notfound)==1) {
- $message = 'requires that you have an extra app installed on your ownCloud.'
- .' Please contact your ownCloud administrator and ask them to install the app below.';
- } else {
- $message = 'requires that you have some extra apps installed on your ownCloud.'
- .' Please contract your ownCloud administrator and ask them to install the apps below.';
- }
- $t = new OC_Template('settings', 'oauth-required-apps', 'guest');
- OC_Util::addStyle('settings', 'oauth');
- $t->assign('requiredapps', $notfound);
- $t->assign('consumer', $consumer);
- $t->assign('message', $message);
- $t->printPage();
- } else {
- $t = new OC_Template('settings', 'oauth', 'guest');
- OC_Util::addStyle('settings', 'oauth');
- $t->assign('consumer', $consumer);
- $t->printPage();
- }
- break;
-
- case 'access_token';
- try {
- $request = OAuthRequest::from_request();
- $token = $server->fetch_access_token($request);
- echo $token;
- } catch (OAuthException $exception) {
- OC_Log::write('OC_OAuth_Server', $exception->getMessage(), OC_LOG::ERROR);
- echo $exception->getMessage();
- }
-
- break;
- default:
- // Something went wrong, we need an operation!
- OC_Response::setStatus(400);
- break;
-
-}
diff --git a/settings/templates/admin.php b/settings/templates/admin.php
index f3dc9154bbd34bdfb47a9e522ffeefc74127e3ad..dd5e89b8f8289338b4843c5990c479377afa11a4 100644
--- a/settings/templates/admin.php
+++ b/settings/templates/admin.php
@@ -12,10 +12,10 @@ $levels = array('Debug', 'Info', 'Warning', 'Error', 'Fatal');
if (!$_['htaccessworking']) {
?>
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
+ <legend><strong><?php p($l->t('Security Warning'));?></strong></legend>
<span class="securitywarning">
- <?php echo $l->t('Your data directory and your files are probably accessible from the internet. The .htaccess file that ownCloud provides is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.'); ?>
+ <?php p($l->t('Your data directory and your files are probably accessible from the internet. The .htaccess file that ownCloud provides is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.')); ?>
</span>
</fieldset>
@@ -26,11 +26,11 @@ if (!$_['htaccessworking']) {
if (!$_['isWebDavWorking']) {
?>
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Setup Warning');?></strong></legend>
+ <legend><strong><?php p($l->t('Setup Warning'));?></strong></legend>
<span class="securitywarning">
- <?php echo $l->t('Your web server is not yet properly setup to allow files synchronization because the WebDAV interface seems to be broken.'); ?>
- <?php echo $l->t('Please double check the <a href=\'%s\'>installation guides</a>.', 'http://doc.owncloud.org/server/5.0/admin_manual/installation.html'); ?>
+ <?php p($l->t('Your web server is not yet properly setup to allow files synchronization because the WebDAV interface seems to be broken.')); ?>
+ <?php print_unescaped($l->t('Please double check the <a href=\'%s\'>installation guides</a>.', 'http://doc.owncloud.org/server/5.0/admin_manual/installation.html')); ?>
</span>
</fieldset>
@@ -41,10 +41,10 @@ if (!$_['isWebDavWorking']) {
if (!$_['has_fileinfo']) {
?>
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Module \'fileinfo\' missing');?></strong></legend>
+ <legend><strong><?php p($l->t('Module \'fileinfo\' missing'));?></strong></legend>
<span class="connectionwarning">
- <?php echo $l->t('The PHP module \'fileinfo\' is missing. We strongly recommend to enable this module to get best results with mime-type detection.'); ?>
+ <?php p($l->t('The PHP module \'fileinfo\' is missing. We strongly recommend to enable this module to get best results with mime-type detection.')); ?>
</span>
</fieldset>
@@ -55,12 +55,12 @@ if (!$_['has_fileinfo']) {
if (!$_['islocaleworking']) {
?>
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Locale not working');?></strong></legend>
+ <legend><strong><?php p($l->t('Locale not working'));?></strong></legend>
<span class="connectionwarning">
<?php
$locales = 'en_US.UTF-8/en_US.UTF8';
- echo $l->t('This ownCloud server can\'t set system locale to %s. This means that there might be problems with certain characters in file names. We strongly suggest to install the required packages on your system to support %s.', array($locales, $locales));
+ p($l->t('This ownCloud server can\'t set system locale to %s. This means that there might be problems with certain characters in file names. We strongly suggest to install the required packages on your system to support %s.', array($locales, $locales)));
?>
</span>
@@ -72,10 +72,10 @@ if (!$_['islocaleworking']) {
if (!$_['internetconnectionworking']) {
?>
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Internet connection not working');?></strong></legend>
+ <legend><strong><?php p($l->t('Internet connection not working'));?></strong></legend>
<span class="connectionwarning">
- <?php echo $l->t('This ownCloud server has no working internet connection. This means that some of the features like mounting of external storage, notifications about updates or installation of 3rd party apps don´t work. Accessing files from remote and sending of notification emails might also not work. We suggest to enable internet connection for this server if you want to have all features of ownCloud.'); ?>
+ <?php p($l->t('This ownCloud server has no working internet connection. This means that some of the features like mounting of external storage, notifications about updates or installation of 3rd party apps don´t work. Accessing files from remote and sending of notification emails might also not work. We suggest to enable internet connection for this server if you want to have all features of ownCloud.')); ?>
</span>
</fieldset>
@@ -84,106 +84,106 @@ if (!$_['internetconnectionworking']) {
?>
<?php foreach ($_['forms'] as $form) {
- echo $form;
+ print_unescaped($form);
}
;?>
<fieldset class="personalblock" id="backgroundjobs">
- <legend><strong><?php echo $l->t('Cron');?></strong></legend>
+ <legend><strong><?php p($l->t('Cron'));?></strong></legend>
<table class="nostyle">
<tr>
<td>
<input type="radio" name="mode" value="ajax"
id="backgroundjobs_ajax" <?php if ($_['backgroundjobs_mode'] == "ajax") {
- echo 'checked="checked"';
+ print_unescaped('checked="checked"');
} ?>>
<label for="backgroundjobs_ajax">AJAX</label><br/>
- <em><?php echo $l->t("Execute one task with each page loaded"); ?></em>
+ <em><?php p($l->t("Execute one task with each page loaded")); ?></em>
</td>
</tr>
<tr>
<td>
<input type="radio" name="mode" value="webcron"
id="backgroundjobs_webcron" <?php if ($_['backgroundjobs_mode'] == "webcron") {
- echo 'checked="checked"';
+ print_unescaped('checked="checked"');
} ?>>
<label for="backgroundjobs_webcron">Webcron</label><br/>
- <em><?php echo $l->t("cron.php is registered at a webcron service. Call the cron.php page in the owncloud root once a minute over http."); ?></em>
+ <em><?php p($l->t("cron.php is registered at a webcron service. Call the cron.php page in the owncloud root once a minute over http.")); ?></em>
</td>
</tr>
<tr>
<td>
<input type="radio" name="mode" value="cron"
id="backgroundjobs_cron" <?php if ($_['backgroundjobs_mode'] == "cron") {
- echo 'checked="checked"';
+ print_unescaped('checked="checked"');
} ?>>
<label for="backgroundjobs_cron">Cron</label><br/>
- <em><?php echo $l->t("Use systems cron service. Call the cron.php file in the owncloud folder via a system cronjob once a minute."); ?></em>
+ <em><?php p($l->t("Use systems cron service. Call the cron.php file in the owncloud folder via a system cronjob once a minute.")); ?></em>
</td>
</tr>
</table>
</fieldset>
<fieldset class="personalblock" id="shareAPI">
- <legend><strong><?php echo $l->t('Sharing');?></strong></legend>
+ <legend><strong><?php p($l->t('Sharing'));?></strong></legend>
<table class="shareAPI nostyle">
<tr>
<td id="enable">
<input type="checkbox" name="shareapi_enabled" id="shareAPIEnabled"
- value="1" <?php if ($_['shareAPIEnabled'] == 'yes') echo 'checked="checked"'; ?> />
- <label for="shareAPIEnabled"><?php echo $l->t('Enable Share API');?></label><br/>
- <em><?php echo $l->t('Allow apps to use the Share API'); ?></em>
+ value="1" <?php if ($_['shareAPIEnabled'] == 'yes') print_unescaped('checked="checked"'); ?> />
+ <label for="shareAPIEnabled"><?php p($l->t('Enable Share API'));?></label><br/>
+ <em><?php p($l->t('Allow apps to use the Share API')); ?></em>
</td>
</tr>
<tr>
- <td <?php if ($_['shareAPIEnabled'] == 'no') echo 'style="display:none"';?>>
+ <td <?php if ($_['shareAPIEnabled'] == 'no') print_unescaped('style="display:none"');?>>
<input type="checkbox" name="shareapi_allow_links" id="allowLinks"
- value="1" <?php if ($_['allowLinks'] == 'yes') echo 'checked="checked"'; ?> />
- <label for="allowLinks"><?php echo $l->t('Allow links');?></label><br/>
- <em><?php echo $l->t('Allow users to share items to the public with links'); ?></em>
+ value="1" <?php if ($_['allowLinks'] == 'yes') print_unescaped('checked="checked"'); ?> />
+ <label for="allowLinks"><?php p($l->t('Allow links'));?></label><br/>
+ <em><?php p($l->t('Allow users to share items to the public with links')); ?></em>
</td>
</tr>
<tr>
- <td <?php if ($_['shareAPIEnabled'] == 'no') echo 'style="display:none"';?>>
+ <td <?php if ($_['shareAPIEnabled'] == 'no') print_unescaped('style="display:none"');?>>
<input type="checkbox" name="shareapi_allow_resharing" id="allowResharing"
- value="1" <?php if ($_['allowResharing'] == 'yes') echo 'checked="checked"'; ?> />
- <label for="allowResharing"><?php echo $l->t('Allow resharing');?></label><br/>
- <em><?php echo $l->t('Allow users to share items shared with them again'); ?></em>
+ value="1" <?php if ($_['allowResharing'] == 'yes') print_unescaped('checked="checked"'); ?> />
+ <label for="allowResharing"><?php p($l->t('Allow resharing'));?></label><br/>
+ <em><?php p($l->t('Allow users to share items shared with them again')); ?></em>
</td>
</tr>
<tr>
- <td <?php if ($_['shareAPIEnabled'] == 'no') echo 'style="display:none"';?>>
+ <td <?php if ($_['shareAPIEnabled'] == 'no') print_unescaped('style="display:none"');?>>
<input type="radio" name="shareapi_share_policy" id="sharePolicyGlobal"
- value="global" <?php if ($_['sharePolicy'] == 'global') echo 'checked="checked"'; ?> />
- <label for="sharePolicyGlobal"><?php echo $l->t('Allow users to share with anyone'); ?></label><br/>
+ value="global" <?php if ($_['sharePolicy'] == 'global') print_unescaped('checked="checked"'); ?> />
+ <label for="sharePolicyGlobal"><?php p($l->t('Allow users to share with anyone')); ?></label><br/>
<input type="radio" name="shareapi_share_policy" id="sharePolicyGroupsOnly"
- value="groups_only" <?php if ($_['sharePolicy'] == 'groups_only') echo 'checked="checked"'; ?> />
- <label for="sharePolicyGroupsOnly"><?php echo $l->t('Allow users to only share with users in their groups');?></label><br/>
+ value="groups_only" <?php if ($_['sharePolicy'] == 'groups_only') print_unescaped('checked="checked"'); ?> />
+ <label for="sharePolicyGroupsOnly"><?php p($l->t('Allow users to only share with users in their groups'));?></label><br/>
</td>
</tr>
</table>
</fieldset>
<fieldset class="personalblock" id="security">
- <legend><strong><?php echo $l->t('Security');?></strong></legend>
+ <legend><strong><?php p($l->t('Security'));?></strong></legend>
<table class="nostyle">
<tr>
<td id="enable">
<input type="checkbox" name="forcessl" id="enforceHTTPSEnabled"
<?php if ($_['enforceHTTPSEnabled']) {
- echo 'checked="checked" ';
- echo 'value="false"';
+ print_unescaped('checked="checked" ');
+ print_unescaped('value="false"');
} else {
- echo 'value="true"';
+ print_unescaped('value="true"');
}
?>
- <?php if (!$_['isConnectedViaHTTPS']) echo 'disabled'; ?> />
- <label for="forcessl"><?php echo $l->t('Enforce HTTPS');?></label><br/>
- <em><?php echo $l->t('Enforces the clients to connect to ownCloud via an encrypted connection.'); ?></em>
+ <?php if (!$_['isConnectedViaHTTPS']) p('disabled'); ?> />
+ <label for="forcessl"><?php p($l->t('Enforce HTTPS'));?></label><br/>
+ <em><?php p($l->t('Enforces the clients to connect to ownCloud via an encrypted connection.')); ?></em>
<?php if (!$_['isConnectedViaHTTPS']) {
- echo "<br/><em>";
- echo $l->t('Please connect to this ownCloud instance via HTTPS to enable or disable the SSL enforcement.');
- echo "</em>";
+ print_unescaped("<br/><em>");
+ p($l->t('Please connect to this ownCloud instance via HTTPS to enable or disable the SSL enforcement.'));
+ print_unescaped("</em>");
}
?>
</td>
@@ -192,12 +192,12 @@ if (!$_['internetconnectionworking']) {
</fieldset>
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Log');?></strong></legend>
- <?php echo $l->t('Log level');?> <select name='loglevel' id='loglevel'>
- <option value='<?php echo $_['loglevel']?>'><?php echo $levels[$_['loglevel']]?></option>
+ <legend><strong><?php p($l->t('Log'));?></strong></legend>
+ <?php p($l->t('Log level'));?> <select name='loglevel' id='loglevel'>
+ <option value='<?php p($_['loglevel'])?>'><?php p($levels[$_['loglevel']])?></option>
<?php for ($i = 0; $i < 5; $i++):
if ($i != $_['loglevel']):?>
- <option value='<?php echo $i?>'><?php echo $levels[$i]?></option>
+ <option value='<?php p($i)?>'><?php p($levels[$i])?></option>
<?php endif;
endfor;?>
</select>
@@ -205,31 +205,31 @@ endfor;?>
<?php foreach ($_['entries'] as $entry): ?>
<tr>
<td>
- <?php echo $levels[$entry->level];?>
+ <?php p($levels[$entry->level]);?>
</td>
<td>
- <?php echo $entry->app;?>
+ <?php p($entry->app);?>
</td>
<td>
- <?php echo $entry->message;?>
+ <?php p($entry->message);?>
</td>
<td>
- <?php echo OC_Util::formatDate($entry->time);?>
+ <?php p(OC_Util::formatDate($entry->time));?>
</td>
</tr>
<?php endforeach;?>
</table>
<?php if ($_['entriesremain']): ?>
- <input id='moreLog' type='button' value='<?php echo $l->t('More');?>...'>
+ <input id='moreLog' type='button' value='<?php p($l->t('More'));?>...'>
<?php endif; ?>
</fieldset>
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Version');?></strong></legend>
- <strong>ownCloud</strong> <?php echo(OC_Util::getVersionString()); ?> <?php echo(OC_Util::getEditionString()); ?>
- (<?php echo(OC_Updater::ShowUpdatingHint()); ?>)<br/>
- <?php echo $l->t('Developed by the <a href="http://ownCloud.org/contact" target="_blank">ownCloud community</a>, the <a href="https://github.com/owncloud" target="_blank">source code</a> is licensed under the <a href="http://www.gnu.org/licenses/agpl-3.0.html" target="_blank"><abbr title="Affero General Public License">AGPL</abbr></a>.'); ?>
+ <legend><strong><?php p($l->t('Version'));?></strong></legend>
+ <strong>ownCloud</strong> <?php p(OC_Util::getVersionString()); ?> <?php p(OC_Util::getEditionString()); ?>
+ (<?php p(OC_Updater::ShowUpdatingHint()); ?>)<br/>
+ <?php print_unescaped($l->t('Developed by the <a href="http://ownCloud.org/contact" target="_blank">ownCloud community</a>, the <a href="https://github.com/owncloud" target="_blank">source code</a> is licensed under the <a href="http://www.gnu.org/licenses/agpl-3.0.html" target="_blank"><abbr title="Affero General Public License">AGPL</abbr></a>.')); ?>
</fieldset>
diff --git a/settings/templates/apps.php b/settings/templates/apps.php
index b6e98c41bd94b53b4ee70ca94b726007dbfc0255..d3639cbab34915ad1690a3fd7c5ff5d84ef89f08 100644
--- a/settings/templates/apps.php
+++ b/settings/templates/apps.php
@@ -4,37 +4,37 @@
* See the COPYING-README file.
*/?>
<script type="text/javascript"
- src="<?php echo OC_Helper::linkToRoute('apps_custom');?>?appid=<?php echo $_['appid']; ?>"></script>
- <script type="text/javascript" src="<?php echo OC_Helper::linkTo('settings/js', 'apps.js');?>"></script>
+ src="<?php print_unescaped(OC_Helper::linkToRoute('apps_custom'));?>?appid=<?php p($_['appid']); ?>"></script>
+ <script type="text/javascript" src="<?php print_unescaped(OC_Helper::linkTo('settings/js', 'apps.js'));?>"></script>
<div id="controls">
- <a class="button" target="_blank" href="http://owncloud.org/dev"><?php echo $l->t('Add your App');?></a>
- <a class="button" target="_blank" href="http://apps.owncloud.com"><?php echo $l->t('More Apps');?></a>
+ <a class="button" target="_blank" href="http://owncloud.org/dev"><?php p($l->t('Add your App'));?></a>
+ <a class="button" target="_blank" href="http://apps.owncloud.com"><?php p($l->t('More Apps'));?></a>
</div>
<ul id="leftcontent" class="applist hascontrols">
<?php foreach($_['apps'] as $app):?>
- <li <?php if($app['active']) echo 'class="active"'?> data-id="<?php echo $app['id'] ?>"
- <?php if ( isset( $app['ocs_id'] ) ) { echo "data-id-ocs=\"{$app['ocs_id']}\""; } ?>
- data-type="<?php echo $app['internal'] ? 'internal' : 'external' ?>" data-installed="1">
- <a class="app<?php if(!$app['internal']) echo ' externalapp' ?>"
- href="?appid=<?php echo $app['id'] ?>"><?php echo htmlentities($app['name']) ?></a>
+ <li <?php if($app['active']) print_unescaped('class="active"')?> data-id="<?php p($app['id']) ?>"
+ <?php if ( isset( $app['ocs_id'] ) ) { print_unescaped("data-id-ocs=\"{".OC_Util::sanitizeHTML($app['ocs_id'])."}\""); } ?>
+ data-type="<?php p($app['internal'] ? 'internal' : 'external') ?>" data-installed="1">
+ <a class="app<?php if(!$app['internal']) p(' externalapp') ?>"
+ href="?appid=<?php p($app['id']) ?>"><?php p($app['name']) ?></a>
<?php if(!$app['internal'])
- echo '<small class="'.$app['internalclass'].' list">'.$app['internallabel'].'</small>' ?>
+ print_unescaped('<small class="'.OC_Util::sanitizeHTML($app['internalclass']).' list">'.OC_Util::sanitizeHTML($app['internallabel']).'</small>') ?>
</li>
<?php endforeach;?>
</ul>
<div id="rightcontent">
<div class="appinfo">
- <h3><strong><span class="name"><?php echo $l->t('Select an App');?></span></strong><span
+ <h3><strong><span class="name"><?php p($l->t('Select an App'));?></span></strong><span
class="version"></span><small class="externalapp" style="visibility:hidden;"></small></h3>
<span class="score"></span>
<p class="description"></p>
<img src="" class="preview" />
<p class="appslink hidden"><a href="#" target="_blank"><?php
- echo $l->t('See application page at apps.owncloud.com');?></a></p>
+ p($l->t('See application page at apps.owncloud.com'));?></a></p>
<p class="license hidden"><?php
- echo $l->t('<span class="licence"></span>-licensed by <span class="author"></span>');?></p>
+ print_unescaped($l->t('<span class="licence"></span>-licensed by <span class="author"></span>'));?></p>
<input class="enable hidden" type="submit" />
- <input class="update hidden" type="submit" value="<?php echo($l->t('Update')); ?>" />
+ <input class="update hidden" type="submit" value="<?php p($l->t('Update')); ?>" />
</div>
</div>
diff --git a/settings/templates/help.php b/settings/templates/help.php
index 3d56fcd4b40f54338404d16c62f5c1201e582821..3739d220e6e49746387c5d8227b8510d59c8e5e1 100644
--- a/settings/templates/help.php
+++ b/settings/templates/help.php
@@ -1,21 +1,21 @@
<div id="controls">
<?php if($_['admin']) { ?>
- <a class="button newquestion <?php echo($_['style1']); ?>"
- href="<?php echo($_['url1']); ?>"><?php echo $l->t( 'User Documentation' ); ?></a>
- <a class="button newquestion <?php echo($_['style2']); ?>"
- href="<?php echo($_['url2']); ?>"><?php echo $l->t( 'Administrator Documentation' ); ?></a>
+ <a class="button newquestion <?php p($_['style1']); ?>"
+ href="<?php print_unescaped($_['url1']); ?>"><?php p($l->t( 'User Documentation' )); ?></a>
+ <a class="button newquestion <?php p($_['style2']); ?>"
+ href="<?php print_unescaped($_['url2']); ?>"><?php p($l->t( 'Administrator Documentation' )); ?></a>
<?php } ?>
<a class="button newquestion" href="http://owncloud.org/support" target="_blank"><?php
- echo $l->t( 'Online Documentation' ); ?></a>
+ p($l->t( 'Online Documentation' )); ?></a>
<a class="button newquestion" href="http://forum.owncloud.org" target="_blank"><?php
- echo $l->t( 'Forum' ); ?></a>
+ p($l->t( 'Forum' )); ?></a>
<?php if($_['admin']) { ?>
<a class="button newquestion" href="https://github.com/owncloud/core/blob/master/CONTRIBUTING.md" target="_blank"><?php
- echo $l->t( 'Bugtracker' ); ?></a>
+ p($l->t( 'Bugtracker' )); ?></a>
<?php } ?>
<a class="button newquestion" href="http://owncloud.com" target="_blank"><?php
- echo $l->t( 'Commercial Support' ); ?></a>
+ p($l->t( 'Commercial Support' )); ?></a>
</div>
<div class="help-includes">
- <iframe src="<?php echo($_['url']); ?>" class="help-iframe">abc</iframe>
+ <iframe src="<?php print_unescaped($_['url']); ?>" class="help-iframe">abc</iframe>
</div>
diff --git a/settings/templates/oauth-required-apps.php b/settings/templates/oauth-required-apps.php
index d4fce54c59c1f96d2ee28fe2581c9b34930635a0..3660f423423c738af0adcfc3c40c20485d7ade6a 100644
--- a/settings/templates/oauth-required-apps.php
+++ b/settings/templates/oauth-required-apps.php
@@ -6,14 +6,14 @@
*/
?>
<div id="oauth-request" class="guest-container">
- <p><strong><?php echo $_['consumer']['name'].'</strong> '.$_['message']; ?></p>
+ <p><strong><?php print_unescaped(OC_Util::sanitizeHTML($_['consumer']['name']).'</strong> '.OC_Util::sanitizeHTML($_['message'])); ?></p>
<ul>
<?php
// Foreach requested scope
foreach($_['requiredapps'] as $requiredapp){
- echo '<li>'.$requiredapp.'</li>';
+ print_unescaped('<li>'.OC_Util::sanitizeHTML($requiredapp).'</li>');
}
?>
</ul>
- <a href="<?php echo OC::$WEBROOT; ?>" id="back-home" class="button">Back to ownCloud</a>
+ <a href="<?php print_unescaped(OC::$WEBROOT); ?>" id="back-home" class="button">Back to ownCloud</a>
</div>
diff --git a/settings/templates/oauth.php b/settings/templates/oauth.php
deleted file mode 100644
index 053a8aee6d3f1fa946b580cb05d7471b31420968..0000000000000000000000000000000000000000
--- a/settings/templates/oauth.php
+++ /dev/null
@@ -1,20 +0,0 @@
-<?php
-/**
- * Copyright (c) 2012, Tom Needham <tom@owncloud.com>
- * This file is licensed under the Affero General Public License version 3 or later.
- * See the COPYING-README file.
- */
-?>
-<div id="oauth-request" class="guest-container">
- <p><strong><?php echo $_['consumer']['name']; ?></strong> is requesting your permission to read, write, modify and delete data from the following apps:</p>
- <ul>
- <?php
- // Foreach requested scope
- foreach($_['consumer']['scopes'] as $app){
- echo '<li>'.$app.'</li>';
- }
- ?>
- </ul>
- <a href="#" class="button">Allow</a>
- <a href="#" class="button">Disallow</a>
-</div>
diff --git a/settings/templates/personal.php b/settings/templates/personal.php
index 3a4a6093e778f7e3477b378193fc0f99987dd4f4..f3fd3f1010daf84b857afa3a44772b3c2621a83e 100644
--- a/settings/templates/personal.php
+++ b/settings/templates/personal.php
@@ -4,26 +4,26 @@
* See the COPYING-README file.
*/?>
-<div id="quota" class="personalblock"><div style="width:<?php echo $_['usage_relative'];?>%;">
- <p id="quotatext"><?php echo $l->t('You have used <strong>%s</strong> of the available <strong>%s</strong>',
- array($_['usage'], $_['total_space']));?></p>
+<div id="quota" class="personalblock"><div style="width:<?php p($_['usage_relative']);?>%;">
+ <p id="quotatext"><?php print_unescaped($l->t('You have used <strong>%s</strong> of the available <strong>%s</strong>',
+ array($_['usage'], $_['total_space'])));?></p>
</div></div>
<div class="clientsbox">
- <h2><?php echo $l->t('Get the apps to sync your files');?></h2>
- <a href="<?php echo $_['clients']['desktop']; ?>" target="_blank">
- <img src="<?php echo OCP\Util::imagePath('core', 'desktopapp.png'); ?>" />
+ <h2><?php p($l->t('Get the apps to sync your files'));?></h2>
+ <a href="<?php p($_['clients']['desktop']); ?>" target="_blank">
+ <img src="<?php print_unescaped(OCP\Util::imagePath('core', 'desktopapp.png')); ?>" />
</a>
- <a href="<?php echo $_['clients']['android']; ?>" target="_blank">
- <img src="<?php echo OCP\Util::imagePath('core', 'googleplay.png'); ?>" />
+ <a href="<?php p($_['clients']['android']); ?>" target="_blank">
+ <img src="<?php print_unescaped(OCP\Util::imagePath('core', 'googleplay.png')); ?>" />
</a>
- <a href="<?php echo $_['clients']['ios']; ?>" target="_blank">
- <img src="<?php echo OCP\Util::imagePath('core', 'appstore.png'); ?>" />
+ <a href="<?php p($_['clients']['ios']); ?>" target="_blank">
+ <img src="<?php print_unescaped(OCP\Util::imagePath('core', 'appstore.png')); ?>" />
</a>
<?php if(OC_APP::isEnabled('firstrunwizard')) {?>
- <center><a class="button" href="#" id="showWizard"><?php echo $l->t('Show First Run Wizard again');?></a></center>
+ <center><a class="button" href="#" id="showWizard"><?php p($l->t('Show First Run Wizard again'));?></a></center>
<?php }?>
</div>
@@ -34,7 +34,7 @@ if($_['passwordChangeSupported']) {
?>
<form id="passwordform">
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Password');?></strong></legend>
+ <legend><strong><?php p($l->t('Password'));?></strong></legend>
<div id="passwordchanged"><?php echo $l->t('Your password was changed');?></div>
<div id="passworderror"><?php echo $l->t('Unable to change your password');?></div>
<input type="password" id="pass1" name="oldpassword" placeholder="<?php echo $l->t('Current password');?>" />
@@ -54,11 +54,11 @@ if($_['displayNameChangeSupported']) {
<form id="displaynameform">
<fieldset class="personalblock">
<legend><strong><?php echo $l->t('Display Name');?></strong></legend>
- <div id="displaynamechanged"><?php echo $l->t('Your display name was changed');?></div>
- <div id="displaynameerror"><?php echo $l->t('Unable to change your display name');?></div>
- <input type="text" id="displayName" name="displayName" value="<?php echo $_['displayName']?>" />
- <input type="hidden" id="oldDisplayName" name="oldDisplayName" value="<?php echo $_['displayName']?>" />
- <input id="displaynamebutton" type="submit" value="<?php echo $l->t('Change display name');?>" />
+ <div id="displaynamechanged"><?php p($l->t('Your display name was changed'));?></div>
+ <div id="displaynameerror"><?php p($l->t('Unable to change your display name'));?></div>
+ <input type="text" id="displayName" name="displayName" value="<?php p($_['displayName'])?>" />
+ <input type="hidden" id="oldDisplayName" name="oldDisplayName" value="<?php p($_['displayName'])?>" />
+ <input id="displaynamebutton" type="submit" value="<?php p($l->t('Change display name'));?>" />
</fieldset>
</form>
<?php
@@ -67,42 +67,42 @@ if($_['displayNameChangeSupported']) {
<form id="lostpassword">
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Email');?></strong></legend>
- <input type="text" name="email" id="email" value="<?php echo $_['email']; ?>"
- placeholder="<?php echo $l->t('Your email address');?>" /><span class="msg"></span><br />
- <em><?php echo $l->t('Fill in an email address to enable password recovery');?></em>
+ <legend><strong><?php p($l->t('Email'));?></strong></legend>
+ <input type="text" name="email" id="email" value="<?php p($_['email']); ?>"
+ placeholder="<?php p($l->t('Your email address'));?>" /><span class="msg"></span><br />
+ <em><?php p($l->t('Fill in an email address to enable password recovery'));?></em>
</fieldset>
</form>
<form>
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Language');?></strong></legend>
- <select id="languageinput" class="chzen-select" name="lang" data-placeholder="<?php echo $l->t('Language');?>">
+ <legend><strong><?php p($l->t('Language'));?></strong></legend>
+ <select id="languageinput" class="chzen-select" name="lang" data-placeholder="<?php p($l->t('Language'));?>">
<?php foreach($_['languages'] as $language):?>
- <option value="<?php echo $language['code'];?>"><?php echo $language['name'];?></option>
+ <option value="<?php p($language['code']);?>"><?php p($language['name']);?></option>
<?php endforeach;?>
</select>
- <a href="https://www.transifex.net/projects/p/owncloud/team/<?php echo $_['languages'][0]['code'];?>/"
- target="_blank"><em><?php echo $l->t('Help translate');?></em></a>
+ <a href="https://www.transifex.net/projects/p/owncloud/team/<?php p($_['languages'][0]['code']);?>/"
+ target="_blank"><em><?php p($l->t('Help translate'));?></em></a>
</fieldset>
</form>
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('WebDAV');?></strong></legend>
- <code><?php echo OC_Helper::linkToRemote('webdav'); ?></code><br />
- <em><?php echo $l->t('Use this address to connect to your ownCloud in your file manager');?></em>
+ <legend><strong><?php p($l->t('WebDAV'));?></strong></legend>
+ <code><?php print_unescaped(OC_Helper::linkToRemote('webdav')); ?></code><br />
+ <em><?php p($l->t('Use this address to connect to your ownCloud in your file manager'));?></em>
</fieldset>
<?php foreach($_['forms'] as $form) {
- echo $form;
+ print_unescaped($form);
};?>
<fieldset class="personalblock">
- <legend><strong><?php echo $l->t('Version');?></strong></legend>
- <strong>ownCloud</strong> <?php echo(OC_Util::getVersionString()); ?>
- <?php echo(OC_Util::getEditionString()); ?> <br />
- <?php echo $l->t('Developed by the <a href="http://ownCloud.org/contact" target="_blank">ownCloud community</a>, the <a href="https://github.com/owncloud" target="_blank">source code</a> is licensed under the <a href="http://www.gnu.org/licenses/agpl-3.0.html" target="_blank"><abbr title="Affero General Public License">AGPL</abbr></a>.'); ?>
+ <legend><strong><?php p($l->t('Version'));?></strong></legend>
+ <strong>ownCloud</strong> <?php p(OC_Util::getVersionString()); ?>
+ <?php p(OC_Util::getEditionString()); ?> <br />
+ <?php print_unescaped($l->t('Developed by the <a href="http://ownCloud.org/contact" target="_blank">ownCloud community</a>, the <a href="https://github.com/owncloud" target="_blank">source code</a> is licensed under the <a href="http://www.gnu.org/licenses/agpl-3.0.html" target="_blank"><abbr title="Affero General Public License">AGPL</abbr></a>.')); ?>
</fieldset>
diff --git a/settings/templates/settings.php b/settings/templates/settings.php
index de8092eeaff5a86ae048ec36206632c9d7251b24..48b4e6b32340ff0ec1cf07ecabe7506bd9b0398b 100644
--- a/settings/templates/settings.php
+++ b/settings/templates/settings.php
@@ -5,5 +5,5 @@
*/?>
<?php foreach($_['forms'] as $form) {
- echo $form;
+ print_unescaped($form);
};
diff --git a/settings/templates/users.php b/settings/templates/users.php
index 53a66fb46869b3d840e43fc910fbde2cebc95732..deffe1683233036ad6759fa79e3447cad6bb69c5 100644
--- a/settings/templates/users.php
+++ b/settings/templates/users.php
@@ -14,49 +14,49 @@ unset($items['admin']);
$_['subadmingroups'] = array_flip($items);
?>
-<script type="text/javascript" src="<?php echo OC_Helper::linkToRoute('isadmin');?>"></script>
+<script type="text/javascript" src="<?php print_unescaped(OC_Helper::linkToRoute('isadmin'));?>"></script>
<div id="controls">
<form id="newuser" autocomplete="off">
- <input id="newusername" type="text" placeholder="<?php echo $l->t('Login Name')?>" /> <input
+ <input id="newusername" type="text" placeholder="<?php p($l->t('Login Name'))?>" /> <input
type="password" id="newuserpassword"
- placeholder="<?php echo $l->t('Password')?>" /> <select
+ placeholder="<?php p($l->t('Password'))?>" /> <select
class="groupsselect"
id="newusergroups" data-placeholder="groups"
- title="<?php echo $l->t('Groups')?>" multiple="multiple">
+ title="<?php p($l->t('Groups'))?>" multiple="multiple">
<?php foreach($_["groups"] as $group): ?>
- <option value="<?php echo $group['name'];?>">
- <?php echo $group['name'];?>
+ <option value="<?php p($group['name']);?>">
+ <?php p($group['name']);?>
</option>
<?php endforeach;?>
- </select> <input type="submit" value="<?php echo $l->t('Create')?>" />
+ </select> <input type="submit" value="<?php p($l->t('Create'))?>" />
</form>
<div class="quota">
- <span><?php echo $l->t('Default Storage');?></span>
+ <span><?php p($l->t('Default Storage'));?></span>
<?php if((bool) $_['isadmin']): ?>
<select class='quota'>
<option
- <?php if($_['default_quota']=='none') echo 'selected="selected"';?>
+ <?php if($_['default_quota']=='none') print_unescaped('selected="selected"');?>
value='none'>
- <?php echo $l->t('Unlimited');?>
+ <?php p($l->t('Unlimited'));?>
</option>
<?php foreach($_['quota_preset'] as $preset):?>
<?php if($preset!='default'):?>
<option
- <?php if($_['default_quota']==$preset) echo 'selected="selected"';?>
- value='<?php echo $preset;?>'>
- <?php echo $preset;?>
+ <?php if($_['default_quota']==$preset) print_unescaped('selected="selected"');?>
+ value='<?php p($preset);?>'>
+ <?php p($preset);?>
</option>
<?php endif;?>
<?php endforeach;?>
<?php if($_['defaultQuotaIsUserDefined']):?>
<option selected="selected"
- value='<?php echo $_['default_quota'];?>'>
- <?php echo $_['default_quota'];?>
+ value='<?php p($_['default_quota']);?>'>
+ <?php p($_['default_quota']);?>
</option>
<?php endif;?>
<option value='other'>
- <?php echo $l->t('Other');?>
+ <?php p($l->t('Other'));?>
...
</option>
</select>
@@ -64,49 +64,49 @@ $_['subadmingroups'] = array_flip($items);
<?php if((bool) !$_['isadmin']): ?>
<select class='quota' disabled="disabled">
<option selected="selected">
- <?php echo $_['default_quota'];?>
+ <?php p($_['default_quota']);?>
</option>
</select>
<?php endif; ?>
</div>
</div>
-<table class="hascontrols" data-groups="<?php echo implode(', ', $allGroups);?>">
+<table class="hascontrols" data-groups="<?php p(implode(', ', $allGroups));?>">
<thead>
<tr>
- <th id='headerName'><?php echo $l->t('Login Name')?></th>
- <th id="headerDisplayName"><?php echo $l->t( 'Display Name' ); ?></th>
- <th id="headerPassword"><?php echo $l->t( 'Password' ); ?></th>
- <th id="headerGroups"><?php echo $l->t( 'Groups' ); ?></th>
+ <th id='headerName'><?php p($l->t('Login Name'))?></th>
+ <th id="headerDisplayName"><?php p($l->t( 'Display Name' )); ?></th>
+ <th id="headerPassword"><?php p($l->t( 'Password' )); ?></th>
+ <th id="headerGroups"><?php p($l->t( 'Groups' )); ?></th>
<?php if(is_array($_['subadmins']) || $_['subadmins']): ?>
- <th id="headerSubAdmins"><?php echo $l->t('Group Admin'); ?></th>
+ <th id="headerSubAdmins"><?php p($l->t('Group Admin')); ?></th>
<?php endif;?>
- <th id="headerQuota"><?php echo $l->t('Storage'); ?></th>
+ <th id="headerQuota"><?php p($l->t('Storage')); ?></th>
<th id="headerRemove"> </th>
</tr>
</thead>
<tbody>
<?php foreach($_["users"] as $user): ?>
- <tr data-uid="<?php echo $user["name"] ?>"
- data-displayName="<?php echo $user["displayName"] ?>">
- <td class="name"><?php echo $user["name"]; ?></td>
- <td class="displayName"><span><?php echo $user["displayName"]; ?></span> <img class="svg action"
- src="<?php echo image_path('core', 'actions/rename.svg')?>"
- alt="<?php echo $l->t("change display name")?>" title="<?php echo $l->t("change display name")?>"/>
+ <tr data-uid="<?php p($user["name"]) ?>"
+ data-displayName="<?php p($user["displayName"]) ?>">
+ <td class="name"><?php p($user["name"]); ?></td>
+ <td class="displayName"><span><?php p($user["displayName"]); ?></span> <img class="svg action"
+ src="<?php p(image_path('core', 'actions/rename.svg'))?>"
+ alt="<?php p($l->t("change display name"))?>" title="<?php p($l->t("change display name"))?>"/>
</td>
<td class="password"><span>●●●●●●●</span> <img class="svg action"
- src="<?php echo image_path('core', 'actions/rename.svg')?>"
- alt="<?php echo $l->t("set new password")?>" title="<?php echo $l->t("set new password")?>"/>
+ src="<?php print_unescaped(image_path('core', 'actions/rename.svg'))?>"
+ alt="<?php p($l->t("set new password"))?>" title="<?php p($l->t("set new password"))?>"/>
</td>
<td class="groups"><select
class="groupsselect"
- data-username="<?php echo $user['name'] ;?>"
- data-user-groups="<?php echo $user['groups'] ;?>"
- data-placeholder="groups" title="<?php echo $l->t('Groups')?>"
+ data-username="<?php p($user['name']) ;?>"
+ data-user-groups="<?php p($user['groups']) ;?>"
+ data-placeholder="groups" title="<?php p($l->t('Groups'))?>"
multiple="multiple">
<?php foreach($_["groups"] as $group): ?>
- <option value="<?php echo $group['name'];?>">
- <?php echo $group['name'];?>
+ <option value="<?php p($group['name']);?>">
+ <?php p($group['name']);?>
</option>
<?php endforeach;?>
</select>
@@ -114,13 +114,13 @@ $_['subadmingroups'] = array_flip($items);
<?php if(is_array($_['subadmins']) || $_['subadmins']): ?>
<td class="subadmins"><select
class="subadminsselect"
- data-username="<?php echo $user['name'] ;?>"
- data-subadmin="<?php echo $user['subadmin'] ;?>"
- data-placeholder="subadmins" title="<?php echo $l->t('Group Admin')?>"
+ data-username="<?php p($user['name']) ;?>"
+ data-subadmin="<?php p($user['subadmin']);?>"
+ data-placeholder="subadmins" title="<?php p($l->t('Group Admin'))?>"
multiple="multiple">
<?php foreach($_["subadmingroups"] as $group): ?>
- <option value="<?php echo $group;?>">
- <?php echo $group;?>
+ <option value="<?php p($group);?>">
+ <?php p($group);?>
</option>
<?php endforeach;?>
</select>
@@ -129,37 +129,37 @@ $_['subadmingroups'] = array_flip($items);
<td class="quota">
<select class='quota-user'>
<option
- <?php if($user['quota']=='default') echo 'selected="selected"';?>
+ <?php if($user['quota']=='default') print_unescaped('selected="selected"');?>
value='default'>
- <?php echo $l->t('Default');?>
+ <?php p($l->t('Default'));?>
</option>
<option
- <?php if($user['quota']=='none') echo 'selected="selected"';?>
+ <?php if($user['quota']=='none') print_unescaped('selected="selected"');?>
value='none'>
- <?php echo $l->t('Unlimited');?>
+ <?php p($l->t('Unlimited'));?>
</option>
<?php foreach($_['quota_preset'] as $preset):?>
<option
- <?php if($user['quota']==$preset) echo 'selected="selected"';?>
- value='<?php echo $preset;?>'>
- <?php echo $preset;?>
+ <?php if($user['quota']==$preset) print_unescaped('selected="selected"');?>
+ value='<?php p($preset);?>'>
+ <?php p($preset);?>
</option>
<?php endforeach;?>
<?php if($user['isQuotaUserDefined']):?>
- <option selected="selected" value='<?php echo $user['quota'];?>'>
- <?php echo $user['quota'];?>
+ <option selected="selected" value='<?php p($user['quota']);?>'>
+ <?php p($user['quota']);?>
</option>
<?php endif;?>
<option value='other' data-new>
- <?php echo $l->t('Other');?>
+ <?php p($l->t('Other'));?>
...
</option>
</select>
</td>
<td class="remove">
<?php if($user['name']!=OC_User::getUser()):?>
- <a href="#" class="action delete" original-title="<?php echo $l->t('Delete')?>">
- <img src="<?php echo image_path('core', 'actions/delete.svg') ?>" class="svg" />
+ <a href="#" class="action delete" original-title="<?php p($l->t('Delete'))?>">
+ <img src="<?php print_unescaped(image_path('core', 'actions/delete.svg')) ?>" class="svg" />
</a>
<?php endif;?>
</td>