Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Escape some more values
While they should not contain user-supplied input at all it's always good to sanitize more data in case somehow the API got misused by developers.

As discussed in owncloud/core@1edd6d7#commitcomment-9804349
  • Loading branch information
LukasReschke authored and evert committed Feb 23, 2015
1 parent 7ceac5a commit 6ba3ac1
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions lib/DAV/Browser/Plugin.php
Expand Up @@ -269,16 +269,16 @@ function generateDirectoryIndex($path) {
}

$html.= '<tr>';
$html.= '<td class="nameColumn"><a href="' . $this->escapeHTML($subProps['fullPath']) . '"><span class="oi" data-glyph="'.$type['icon'].'"></span> ' . $this->escapeHTML($subProps['displayPath']) . '</a></td>';
$html.= '<td class="typeColumn">' . $type['string'] . '</td>';
$html.= '<td class="nameColumn"><a href="' . $this->escapeHTML($subProps['fullPath']) . '"><span class="oi" data-glyph="'.$this->escapeHTML($type['icon']).'"></span> ' . $this->escapeHTML($subProps['displayPath']) . '</a></td>';
$html.= '<td class="typeColumn">' . $this->escapeHTML($type['string']) . '</td>';
$html.= '<td>';
if (isset($subProps['{DAV:}getcontentlength'])) {
$html.=$subProps['{DAV:}getcontentlength'] . ' bytes';
$html.=$this->escapeHTML($subProps['{DAV:}getcontentlength'] . ' bytes');
}
$html.= '</td><td>';
if (isset($subProps['{DAV:}getlastmodified'])) {
$lastMod = $subProps['{DAV:}getlastmodified']->getTime();
$html.=$lastMod->format('F j, Y, g:i a');
$html.=$this->escapeHTML($lastMod->format('F j, Y, g:i a'));
}
$html.= '</td></tr>';
}
Expand Down Expand Up @@ -655,7 +655,7 @@ private function drawPropertyRow($name, $value) {
echo $this->escapeHTML($value);
break;
case 'complex' :
echo '<em title="' . get_class($value) . '">complex</em>';
echo '<em title="' . $this->escapeHTML(get_class($value)) . '">complex</em>';
break;
default :
echo '<em>unknown</em>';
Expand Down

0 comments on commit 6ba3ac1

Please sign in to comment.