[Pkg-owncloud-commits] [php-sabredav] 41/75: Escape some more values
David Prévot
taffit at moszumanska.debian.org
Thu Feb 26 18:51:52 UTC 2015
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository php-sabredav.
commit bfc01a4178d99678665e041cb65bf1e0edd2977d
Author: Lukas Reschke <lukas at owncloud.com>
Date: Mon Feb 23 12:56:42 2015 +0100
Escape some more values
While they should not contain user-supplied input at all it's always good to sanitize more data in case somehow the API got misused by developers.
As discussed in https://github.com/owncloud/core/commit/1edd6d7d0b15a3fd0ad7b20107ac0c603f63204c#commitcomment-9804349
---
lib/DAV/Browser/Plugin.php | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/lib/DAV/Browser/Plugin.php b/lib/DAV/Browser/Plugin.php
index 34af64c..b31a467 100644
--- a/lib/DAV/Browser/Plugin.php
+++ b/lib/DAV/Browser/Plugin.php
@@ -243,16 +243,16 @@ class Plugin extends DAV\ServerPlugin {
}
$html.= '<tr>';
- $html.= '<td class="nameColumn"><a href="' . $this->escapeHTML($subProps['fullPath']) . '"><span class="oi" data-glyph="'.$type['icon'].'"></span> ' . $this->escapeHTML($subProps['displayPath']) . '</a></td>';
- $html.= '<td class="typeColumn">' . $type['string'] . '</td>';
+ $html.= '<td class="nameColumn"><a href="' . $this->escapeHTML($subProps['fullPath']) . '"><span class="oi" data-glyph="'.$this->escapeHTML($type['icon']).'"></span> ' . $this->escapeHTML($subProps['displayPath']) . '</a></td>';
+ $html.= '<td class="typeColumn">' . $this->escapeHTML($type['string']) . '</td>';
$html.= '<td>';
if (isset($subProps['{DAV:}getcontentlength'])) {
- $html.=$subProps['{DAV:}getcontentlength'] . ' bytes';
+ $html.=$this->escapeHTML($subProps['{DAV:}getcontentlength'] . ' bytes');
}
$html.= '</td><td>';
if (isset($subProps['{DAV:}getlastmodified'])) {
$lastMod = $subProps['{DAV:}getlastmodified']->getTime();
- $html.=$lastMod->format('F j, Y, g:i a');
+ $html.=$this->escapeHTML($lastMod->format('F j, Y, g:i a'));
}
$html.= '</td></tr>';
}
@@ -719,7 +719,7 @@ HTML;
echo $this->escapeHTML($value);
break;
case 'complex' :
- echo '<em title="' . get_class($value) . '">complex</em>';
+ echo '<em title="' . $this->escapeHTML(get_class($value)) . '">complex</em>';
break;
default :
echo '<em>unknown</em>';
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/php-sabredav.git
More information about the Pkg-owncloud-commits
mailing list