[Pkg-owncloud-commits] [owncloud] 371/394: Sanitize shareWith

David Prévot taffit at alioth.debian.org
Fri Nov 8 23:12:52 UTC 2013 

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to annotated tag v4.5.10
in repository owncloud.

commit 7b0a8f499d42c86de6e27e5accf53881c508072a
Author: Lukas Reschke <lukas at statuscode.ch>
Date:   Mon Mar 4 13:15:59 2013 +0100

    Sanitize shareWith
    
    Backport of #2062 to stable45
---
 core/js/share.js |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/core/js/share.js b/core/js/share.js
index 0d4f5d1..719baf7 100644
--- a/core/js/share.js
+++ b/core/js/share.js
@@ -127,9 +127,9 @@ OC.Share={
 		var html = '<div id="dropdown" class="drop" data-item-type="'+itemType+'" data-item-source="'+itemSource+'">';
 		if (data !== false && data.reshare !== false && data.reshare.uid_owner !== undefined) {
 			if (data.reshare.share_type == OC.Share.SHARE_TYPE_GROUP) {
-				html += '<span class="reshare">'+t('core', 'Shared with you and the group')+' '+data.reshare.share_with+' '+t('core', 'by')+' '+data.reshare.uid_owner+'</span>';
+				html += '<span class="reshare">'+t('core', 'Shared with you and the group')+' '+escapeHTML(data.reshare.share_with)+' '+t('core', 'by')+' '+escapeHTML(data.reshare.uid_owner)+'</span>';
 			} else {
-				html += '<span class="reshare">'+t('core', 'Shared with you by')+' '+data.reshare.uid_owner+'</span>';
+				html += '<span class="reshare">'+t('core', 'Shared with you by')+' '+escapeHTML(data.reshare.uid_owner)+'</span>';
 			}
 			html += '<br />';
 		}
@@ -271,7 +271,7 @@ OC.Share={
 			if (permissions & OC.PERMISSION_SHARE) {
 				shareChecked = 'checked="checked"';
 			}
-			var html = '<li style="clear: both;" data-share-type="'+shareType+'" data-share-with="'+shareWith+'" title="' + shareWith + '">';
+			var html = '<li style="clear: both;" data-share-type="'+escapeHTML(shareType)+'" data-share-with="'+escapeHTML(shareWith)+'" title="' + escapeHTML(shareWith) + '">';
 			html += '<a href="#" class="unshare" style="display:none;"><img class="svg" alt="'+t('core', 'Unshare')+'" src="'+OC.imagePath('core', 'actions/delete')+'"/></a>';
 			if(shareWith.length > 14){
 				html += shareWith.substr(0,11) + '...';

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git

More information about the Pkg-owncloud-commits mailing list