open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Revert

Browse Source
remotes/origin/stable45
Lukas Reschke 13 years ago
parent ec4c373eaa
commit c009bc4b87
16 changed files with 78 additions and 111 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      apps/calendar/index.php
  2. 4
      apps/contacts/ajax/addbook.php
  3. 2
      apps/contacts/ajax/createaddressbook.php
  4. 4
      apps/contacts/ajax/editaddressbook.php
  5. 12
      apps/contacts/ajax/loadcard.php
  6. 20
      apps/contacts/index.php
  7. 4
      apps/contacts/templates/part.chooseaddressbook.php
  8. 10
      apps/files/admin.php
  9. 26
      apps/files/index.php
  10. 51
      lib/template.php
  11. 18
      lib/util.php
  12. 4
      settings/admin.php
  13. 2
      settings/apps.php
  14. 6
      settings/help.php
  15. 12
      settings/personal.php
  16. 8
      settings/users.php

6
apps/calendar/index.php
Unescape View File

@ -54,9 +54,9 @@ OCP\Util::addscript('contacts','jquery.multi-autocomplete');
OCP\Util::addscript('','oc-vcategories');
OCP\App::setActiveNavigationEntry('calendar_index');
$tmpl = new OCP\Template('calendar', 'calendar', 'user');
$tmpl->assignHTML('eventSources', $eventSources);
$tmpl->assignHTML('categories', $categories);
$tmpl->assign('eventSources', $eventSources);
$tmpl->assign('categories', $categories);
if(array_key_exists('showevent', $_GET)){
$tmpl->assignHTML('showevent', $_GET['showevent']);
$tmpl->assign('showevent', $_GET['showevent']);
}
$tmpl->printPage();

4
apps/contacts/ajax/addbook.php
Unescape View File

@ -14,7 +14,7 @@ $book = array(
'displayname' => '',
);
$tmpl = new OCP\Template('contacts', 'part.editaddressbook');
$tmpl->assignHTML('new', true);
$tmpl->assignHTML('addressbook', $book);
$tmpl->assign('new', true);
$tmpl->assign('addressbook', $book);
$tmpl->printPage();
?>

2
apps/contacts/ajax/createaddressbook.php
Unescape View File

@ -33,7 +33,7 @@ if(!OC_Contacts_Addressbook::setActive($bookid, 1)) {
}
$addressbook = OC_Contacts_App::getAddressbook($bookid);
$tmpl = new OCP\Template('contacts', 'part.chooseaddressbook.rowfields');
$tmpl->assignHTML('addressbook', $addressbook);
$tmpl->assign('addressbook', $addressbook);
OCP\JSON::success(array(
'page' => $tmpl->fetchPage(),
'addressbook' => $addressbook,

4
apps/contacts/ajax/editaddressbook.php
Unescape View File

@ -11,7 +11,7 @@ OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('contacts');
$addressbook = OC_Contacts_App::getAddressbook($_GET['bookid']);
$tmpl = new OCP\Template("contacts", "part.editaddressbook");
$tmpl->assignHTML('new', false);
$tmpl->assignHTML('addressbook', $addressbook);
$tmpl->assign('new', false);
$tmpl->assign('addressbook', $addressbook);
$tmpl->printPage();
?>

12
apps/contacts/ajax/loadcard.php
Unescape View File

@ -36,12 +36,12 @@ $phone_types = OC_Contacts_App::getTypesOfProperty('TEL');
$email_types = OC_Contacts_App::getTypesOfProperty('EMAIL');
$tmpl = new OCP\Template('contacts','part.contact');
$tmpl->assignHTML('uploadMaxFilesize', $maxUploadFilesize);
$tmpl->assignHTML('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
$tmpl->assignHTML('adr_types',$adr_types);
$tmpl->assignHTML('phone_types',$phone_types);
$tmpl->assignHTML('email_types',$email_types);
$tmpl->assignHTML('id','');
$tmpl->assign('uploadMaxFilesize', $maxUploadFilesize);
$tmpl->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
$tmpl->assign('adr_types',$adr_types);
$tmpl->assign('phone_types',$phone_types);
$tmpl->assign('email_types',$email_types);
$tmpl->assign('id','');
$page = $tmpl->fetchPage();
OCP\JSON::success(array('data' => array( 'page' => $page )));

20
apps/contacts/index.php
Unescape View File

@ -59,16 +59,16 @@ OCP\Util::addStyle('contacts','jquery.Jcrop');
OCP\Util::addStyle('contacts','contacts');
$tmpl = new OCP\Template( "contacts", "index", "user" );
$tmpl->assignHTML('uploadMaxFilesize', $maxUploadFilesize);
$tmpl->assignHTML('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
$tmpl->assignHTML('property_types', $property_types);
$tmpl->assignHTML('phone_types', $phone_types);
$tmpl->assignHTML('email_types', $email_types);
$tmpl->assignHTML('categories', $categories);
$tmpl->assignHTML('addressbooks', $addressbooks);
$tmpl->assignHTML('contacts', $contacts);
$tmpl->assignHTML('details', $details );
$tmpl->assignHTML('id',$id);
$tmpl->assign('uploadMaxFilesize', $maxUploadFilesize);
$tmpl->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
$tmpl->assign('property_types', $property_types);
$tmpl->assign('phone_types', $phone_types);
$tmpl->assign('email_types', $email_types);
$tmpl->assign('categories', $categories);
$tmpl->assign('addressbooks', $addressbooks);
$tmpl->assign('contacts', $contacts);
$tmpl->assign('details', $details );
$tmpl->assign('id',$id);
$tmpl->printPage();
?>

4
apps/contacts/templates/part.chooseaddressbook.php
Unescape View File

@ -5,8 +5,8 @@ $option_addressbooks = OC_Contacts_Addressbook::all(OCP\USER::getUser());
for($i = 0; $i < count($option_addressbooks); $i++){
echo "<tr>";
$tmpl = new OCP\Template('contacts', 'part.chooseaddressbook.rowfields');
$tmpl->assignHTML('addressbook', $option_addressbooks[$i]);
$tmpl->assignHTML('active', OC_Contacts_Addressbook::isActive($option_addressbooks[$i]['id']));
$tmpl->assign('addressbook', $option_addressbooks[$i]);
$tmpl->assign('active', OC_Contacts_Addressbook::isActive($option_addressbooks[$i]['id']));
$tmpl->printpage();
echo "</tr>";
}

10
apps/files/admin.php
Unescape View File

@ -54,9 +54,9 @@ OCP\App::setActiveNavigationEntry( "files_administration" );
$htaccessWritable=is_writable(OC::$SERVERROOT.'/.htaccess');
$tmpl = new OCP\Template( 'files', 'admin' );
$tmpl->assignHTML( 'uploadChangable', $htaccessWorking and $htaccessWritable );
$tmpl->assignHTML( 'uploadMaxFilesize', $maxUploadFilesize);
$tmpl->assignHTML( 'maxPossibleUploadSize', OCP\Util::humanFileSize(PHP_INT_MAX));
$tmpl->assignHTML( 'allowZipDownload', $allowZipDownload);
$tmpl->assignHTML( 'maxZipInputSize', $maxZipInputSize);
$tmpl->assign( 'uploadChangable', $htaccessWorking and $htaccessWritable );
$tmpl->assign( 'uploadMaxFilesize', $maxUploadFilesize);
$tmpl->assign( 'maxPossibleUploadSize', OCP\Util::humanFileSize(PHP_INT_MAX));
$tmpl->assign( 'allowZipDownload', $allowZipDownload);
$tmpl->assign( 'maxZipInputSize', $maxZipInputSize);
return $tmpl->fetchPage();

26
apps/files/index.php
Unescape View File

@ -73,12 +73,12 @@ foreach( explode( '/', $dir ) as $i ){
// make breadcrumb und filelist markup
$list = new OCP\Template( 'files', 'part.list', '' );
$list->assignHTML( 'files', $files );
$list->assignHTML( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
$list->assignHTML( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file=');
$list->assign( 'files', $files );
$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
$list->assign( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file=');
$breadcrumbNav = new OCP\Template( 'files', 'part.breadcrumb', '' );
$breadcrumbNav->assignHTML( 'breadcrumb', $breadcrumb );
$breadcrumbNav->assignHTML( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
$breadcrumbNav->assign( 'breadcrumb', $breadcrumb );
$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
$upload_max_filesize = OCP\Util::computerFileSize(ini_get('upload_max_filesize'));
$post_max_size = OCP\Util::computerFileSize(ini_get('post_max_size'));
@ -89,14 +89,14 @@ $freeSpace=max($freeSpace,0);
$maxUploadFilesize = min($maxUploadFilesize ,$freeSpace);
$tmpl = new OCP\Template( 'files', 'index', 'user' );
$tmpl->assignHTML( 'fileList', $list->fetchPage() );
$tmpl->assignHTML( 'breadcrumb', $breadcrumbNav->fetchPage() );
$tmpl->assignHTML( 'dir', $dir);
$tmpl->assignHTML( 'readonly', !OC_Filesystem::is_writable($dir.'/'));
$tmpl->assignHTML( 'files', $files );
$tmpl->assignHTML( 'uploadMaxFilesize', $maxUploadFilesize);
$tmpl->assignHTML( 'uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
$tmpl->assignHTML( 'allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true)));
$tmpl->assign( 'fileList', $list->fetchPage() );
$tmpl->assign( 'breadcrumb', $breadcrumbNav->fetchPage() );
$tmpl->assign( 'dir', $dir);
$tmpl->assign( 'readonly', !OC_Filesystem::is_writable($dir.'/'));
$tmpl->assign( 'files', $files );
$tmpl->assign( 'uploadMaxFilesize', $maxUploadFilesize);
$tmpl->assign( 'uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
$tmpl->assign( 'allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true)));
$tmpl->printPage();
?>

51
lib/template.php
Unescape View File

@ -156,11 +156,9 @@ class OC_Template{
$this->application = $app;
$this->vars = array();
$this->l10n = OC_L10N::get($app);
// Some security settings
header('X-Frame-Options: Sameorigin');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: Sameorigin');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
$this->findTemplate($name);
}
@ -257,27 +255,11 @@ class OC_Template{
return false;
}
/**
* @brief Assign variables and sanitizes the data
* @param $key key
* @param $value value
* @returns true
*
* This function assigns a variable. It can be accessed via $_[$key] in
* the template.
*
* If the key existed before, it will be overwritten
*/
public function assign( $key, $value ){
$this->vars[$key] = htmlentities($value);
return true;
}
/**
* @brief Assign variables
* @param $key key
* @param $value value
* @param $sanitizeHTML false, if data shouldn't get passed through htmlentities
* @returns true
*
* This function assigns a variable. It can be accessed via $_[$key] in
@ -285,7 +267,10 @@ class OC_Template{
*
* If the key existed before, it will be overwritten
*/
public function assignHTML( $key, $value ){
public function assign( $key, $value, $sanitizeHTML=true ){
if($sanitizeHTML) {
$this->vars[$key] = htmlentities($value);
}
$this->vars[$key] = $value;
return true;
}
@ -373,20 +358,20 @@ class OC_Template{
// Decide which page we show
if( $this->renderas == "user" ){
$page = new OC_Template( "core", "layout.user" );
$page->assignHTML('searchurl',OC_Helper::linkTo( 'search', 'index.php' ));
$page->assign('searchurl',OC_Helper::linkTo( 'search', 'index.php' ));
if(array_search(OC_APP::getCurrentApp(),array('settings','admin','help'))!==false){
$page->assignHTML('bodyid','body-settings');
$page->assign('bodyid','body-settings');
}else{
$page->assignHTML('bodyid','body-user');
$page->assign('bodyid','body-user');
}
// Add navigation entry
$navigation = OC_App::getNavigation();
$page->assignHTML( "navigation", $navigation);
$page->assignHTML( "settingsnavigation", OC_App::getSettingsNavigation());
$page->assign( "navigation", $navigation);
$page->assign( "settingsnavigation", OC_App::getSettingsNavigation());
foreach($navigation as $entry) {
if ($entry['active']) {
$page->assignHTML( 'application', $entry['name'] );
$page->assign( 'application', $entry['name'] );
break;
}
}
@ -400,7 +385,7 @@ class OC_Template{
// Read the detected formfactor and use the right file name.
$fext = self::getFormFactorExtension();
$page->assignHTML('jsfiles', array());
$page->assign('jsfiles', array());
// Add the core js files or the js files provided by the selected theme
foreach(OC_Util::$scripts as $script){
// Is it in 3rd party?
@ -437,7 +422,7 @@ class OC_Template{
}
}
// Add the css files
$page->assignHTML('cssfiles', array());
$page->assign('cssfiles', array());
foreach(OC_Util::$styles as $style){
// is it in 3rdparty?
if($page->appendIfExist('cssfiles', OC::$THIRDPARTYROOT, OC::$THIRDPARTYWEBROOT, $style.'.css')) {
@ -475,13 +460,13 @@ class OC_Template{
}
// Add custom headers
$page->assignHTML('headers',$this->headers);
$page->assign('headers',$this->headers);
foreach(OC_Util::$headers as $header){
$page->append('headers',$header);
}
// Add css files and js files
$page->assignHTML( "content", $data );
$page->assign( "content", $data );
return $page->fetchPage();
}
else{

18
lib/util.php
Unescape View File

@ -358,30 +358,12 @@ class OC_Util {
* Todo: Write howto
*/
public static function callRegister(){
//mamimum time before token exires
$maxtime=(60*60); // 1 hour
// generate a random token.
$token=mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000);
// store the token together with a timestamp in the session.
$_SESSION['requesttoken-'.$token]=time();
// cleanup old tokens garbage collector
// only run every 20th time so we don´t waste cpu cycles
if(rand(0,20)==0) {
foreach($_SESSION as $key=>$value) {
// search all tokens in the session
if(substr($key,0,12)=='requesttoken') {
if($value+$maxtime<time()){
// remove outdated tokens
unset($_SESSION[$key]);
}
}
}
}
// return the token
return($token);
}

4
settings/admin.php
Unescape View File

@ -23,8 +23,8 @@ function compareEntries($a,$b){
usort($entries, 'compareEntries');
$tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 ));
$tmpl->assignHTML('entries',$entries);
$tmpl->assignHTML('forms',array());
$tmpl->assign('entries',$entries);
$tmpl->assign('forms',array());
foreach($forms as $form){
$tmpl->append('forms',$form);
}

2
settings/apps.php
Unescape View File

@ -92,7 +92,7 @@ usort($apps, 'app_sort');
$tmpl = new OC_Template( "settings", "apps", "user" );
$tmpl->assignHTML('apps',$apps);
$tmpl->assign('apps',$apps);
$tmpl->printPage();

6
settings/help.php
Unescape View File

@ -21,9 +21,9 @@ unset($kbe['totalitems']);
$pagecount=ceil($totalitems/$pagesize);
$tmpl = new OC_Template( "settings", "help", "user" );
$tmpl->assignHTML( "kbe", $kbe );
$tmpl->assignHTML( "pagecount", $pagecount );
$tmpl->assignHTML( "page", $page );
$tmpl->assign( "kbe", $kbe );
$tmpl->assign( "pagecount", $pagecount );
$tmpl->assign( "page", $page );
$tmpl->printPage();
?>

12
settings/personal.php
Unescape View File

@ -48,14 +48,14 @@ foreach($languageCodes as $lang){
// Return template
$tmpl = new OC_Template( 'settings', 'personal', 'user');
$tmpl->assignHTML('usage',OC_Helper::humanFileSize($used));
$tmpl->assignHTML('total_space',OC_Helper::humanFileSize($total));
$tmpl->assignHTML('usage_relative',$relative);
$tmpl->assignHTML('email',$email);
$tmpl->assignHTML('languages',$languages);
$tmpl->assign('usage',OC_Helper::humanFileSize($used));
$tmpl->assign('total_space',OC_Helper::humanFileSize($total));
$tmpl->assign('usage_relative',$relative);
$tmpl->assign('email',$email);
$tmpl->assign('languages',$languages);
$forms=OC_App::getForms('personal');
$tmpl->assignHTML('forms',array());
$tmpl->assign('forms',array());
foreach($forms as $form){
$tmpl->append('forms',$form);
}

8
settings/users.php
Unescape View File

@ -34,10 +34,10 @@ foreach($quotaPreset as &$preset){
$defaultQuota=OC_Appconfig::getValue('files','default_quota','none');
$tmpl = new OC_Template( "settings", "users", "user" );
$tmpl->assignHTML( "users", $users );
$tmpl->assignHTML( "groups", $groups );
$tmpl->assignHTML( 'quota_preset', $quotaPreset);
$tmpl->assignHTML( 'default_quota', $defaultQuota);
$tmpl->assign( "users", $users );
$tmpl->assign( "groups", $groups );
$tmpl->assign( 'quota_preset', $quotaPreset);
$tmpl->assign( 'default_quota', $defaultQuota);
$tmpl->printPage();
?>

Write Preview
Loading…
Cancel
Save