зеркало из https://github.com/nextcloud/server.git
fix 2 potential xss problems
This commit is contained in:
Robin Appelman
Родитель
3c182bdb35
Коммит
cfd0140e2f
|
|
@ -10,6 +10,6 @@ if(!isset($_)){//also provide standalone error page
|
|||
<ul>
|
||||
<li class='error'>
|
||||
<?php echo $l->t( 'Cloud not found' ); ?><br/>
|
||||
<p class='hint'><?php if(isset($_['file'])) echo $_['file']?></p>
|
||||
<p class='hint'><?php if(isset($_['file'])) echo htmlentities($_['file'])?></p>
|
||||
</li>
|
||||
</ul>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
<form data-upload-id='1' class="file_upload_form" action="ajax/upload.php" method="post" enctype="multipart/form-data" target="file_upload_target_1">
|
||||
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $_['uploadMaxFilesize'] ?>" id="max_upload">
|
||||
<input type="hidden" class="max_human_file_size" value="(max <?php echo $_['uploadMaxHumanFilesize']; ?>)">
|
||||
<input type="hidden" name="dir" value="<?php echo $_['dir'] ?>" id="dir">
|
||||
<input type="hidden" name="dir" value="<?php echo htmlentities($_['dir']) ?>" id="dir">
|
||||
<button class="file_upload_filename"> <img class='svg action' alt="Upload" src="<?php echo image_path("core", "actions/upload.svg"); ?>" /></button>
|
||||
<input class="file_upload_start" type="file" name='files[]'/>
|
||||
<a href="#" class="file_upload_button_wrapper" onclick="return false;" title="<?php echo $l->t('Upload'); echo ' max. '.$_['uploadMaxHumanFilesize'] ?>"></a>
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
<?php for($i=0; $i<count($_["breadcrumb"]); $i++):
|
||||
$crumb = $_["breadcrumb"][$i]; ?>
|
||||
<div class="crumb <?php if($i == count($_["breadcrumb"])-1) echo 'last';?> svg" data-dir='<?php echo $crumb["dir"];?>' style='background-image:url("<?php echo image_path('core','breadcrumb.png');?>")'>
|
||||
<a href="<?php echo $_['baseURL'].$crumb["dir"]; ?>"><?php echo htmlspecialchars($crumb["name"]); ?></a>
|
||||
<a href="<?php echo $_['baseURL'].$crumb["dir"]; ?>"><?php echo htmlentities($crumb["name"]); ?></a>
|
||||
</div>
|
||||
<?php endfor;?>
|
||||
Загрузка…
Ссылка в новой задаче