Fix XSS issues by using 'p' instead of 'print_unescaped'
This commit is contained in:
Leon Klingele
Pellaeon Lin
parent
38543170d7
commit
4aa6c05aa9
|
|
@ -13,7 +13,7 @@ if ( \OCP\Util::getVersion()[0] >= 12 )
|
||||||
</ul>
|
</ul>
|
||||||
<?php } else { ?>
|
<?php } else { ?>
|
||||||
<ul class="msg">
|
<ul class="msg">
|
||||||
<li><?php print_unescaped($l->t('Welcome, you can create your account below.')); ?></li>
|
<li><?php p($l->t('Welcome, you can create your account below.'));?></li>
|
||||||
</ul>
|
</ul>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
<p class="grouptop">
|
<p class="grouptop">
|
||||||
|
|
@ -23,18 +23,18 @@ if ( \OCP\Util::getVersion()[0] >= 12 )
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p class="groupmiddle">
|
<p class="groupmiddle">
|
||||||
<input type="text" name="username" id="username" value="<?php echo $_['entered_data']['user']; ?>" placeholder="<?php print_unescaped($l->t('Username')); ?>" />
|
<input type="text" name="username" id="username" value="<?php echo $_['entered_data']['user']; ?>" placeholder="<?php p($l->t('Username')); ?>" />
|
||||||
<label for="username" class="infield"><?php print_unescaped($l->t('Username')); ?></label>
|
<label for="username" class="infield"><?php p($l->t('Username')); ?></label>
|
||||||
<img id="username-icon" class="svg" src="<?php print_unescaped(image_path('', 'actions/user.svg')); ?>" alt=""/>
|
<img id="username-icon" class="svg" src="<?php print_unescaped(image_path('', 'actions/user.svg')); ?>" alt=""/>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p class="groupbottom">
|
<p class="groupbottom">
|
||||||
<input type="password" name="password" id="password" placeholder="<?php print_unescaped($l->t('Password')); ?>"/>
|
<input type="password" name="password" id="password" placeholder="<?php p($l->t('Password')); ?>"/>
|
||||||
<label for="password" class="infield"><?php print_unescaped($l->t( 'Password' )); ?></label>
|
<label for="password" class="infield"><?php p($l->t( 'Password' )); ?></label>
|
||||||
<img id="password-icon" class="svg" src="<?php print_unescaped(image_path('', 'actions/password.svg')); ?>" alt=""/>
|
<img id="password-icon" class="svg" src="<?php print_unescaped(image_path('', 'actions/password.svg')); ?>" alt=""/>
|
||||||
<input id="show" name="show" type="checkbox">
|
<input id="show" name="show" type="checkbox">
|
||||||
<label style="display: inline;" for="show"></label>
|
<label style="display: inline;" for="show"></label>
|
||||||
</p>
|
</p>
|
||||||
<input type="submit" id="submit" value="<?php print_unescaped($l->t('Create account')); ?>" />
|
<input type="submit" id="submit" value="<?php p($l->t('Create account')); ?>" />
|
||||||
</fieldset>
|
</fieldset>
|
||||||
</form>
|
</form>
|
||||||
|
|
|
||||||
|
|
@ -2,5 +2,5 @@
|
||||||
\OCP\Util::addStyle('registration', 'style');
|
\OCP\Util::addStyle('registration', 'style');
|
||||||
?>
|
?>
|
||||||
<ul class="msg error-wide">
|
<ul class="msg error-wide">
|
||||||
<li><?php print_unescaped($_['msg']) ?></li>
|
<li><?php p($_['msg'])?></li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
|
||||||
|
|
@ -6,22 +6,22 @@ if ($_['entered']): ?>
|
||||||
<?php if (empty($_['errormsg'])): ?>
|
<?php if (empty($_['errormsg'])): ?>
|
||||||
<ul class="success">
|
<ul class="success">
|
||||||
<li>
|
<li>
|
||||||
<?php print_unescaped($l->t('Thank you for registering, you should receive a verification link in a few minutes.')); ?>
|
<?php p($l->t('Thank you for registering, you should receive a verification link in a few minutes.')); ?>
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
<?php else: ?>
|
<?php else: ?>
|
||||||
<form action="<?php print_unescaped(\OC::$server->getURLGenerator()->linkToRoute('registration.register.validateEmail')) ?>" method="post">
|
<form action="<?php print_unescaped(\OC::$server->getURLGenerator()->linkToRoute('registration.register.validateEmail')) ?>" method="post">
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<ul class="error">
|
<ul class="error">
|
||||||
<li><?php print_unescaped($_['errormsg']); ?></li>
|
<li><?php p($_['errormsg']); ?></li>
|
||||||
</ul>
|
</ul>
|
||||||
<p class="groupofone">
|
<p class="groupofone">
|
||||||
<input type="email" name="email" id="email" placeholder="<?php print_unescaped($l->t('Email')); ?>" value="" required autofocus />
|
<input type="email" name="email" id="email" placeholder="<?php p($l->t('Email')); ?>" value="" required autofocus />
|
||||||
<label for="email" class="infield"><?php print_unescaped($l->t( 'Email' )); ?></label>
|
<label for="email" class="infield"><?php p($l->t( 'Email' )); ?></label>
|
||||||
<img id="email-icon" class="svg" src="<?php print_unescaped(image_path('', 'actions/mail.svg')); ?>" alt=""/>
|
<img id="email-icon" class="svg" src="<?php print_unescaped(image_path('', 'actions/mail.svg')); ?>" alt=""/>
|
||||||
</p>
|
</p>
|
||||||
<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']); ?>" />
|
<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']); ?>" />
|
||||||
<input type="submit" id="submit" value="<?php print_unescaped($l->t('Request verification link')); ?>" />
|
<input type="submit" id="submit" value="<?php p($l->t('Request verification link')); ?>" />
|
||||||
</fieldset>
|
</fieldset>
|
||||||
</form>
|
</form>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
|
|
@ -30,21 +30,21 @@ if ($_['entered']): ?>
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<?php if ($_['errormsg']): ?>
|
<?php if ($_['errormsg']): ?>
|
||||||
<ul class="error">
|
<ul class="error">
|
||||||
<li><?php print_unescaped($_['errormsg']); ?></li>
|
<li><?php p($_['errormsg']); ?></li>
|
||||||
<li><?php print_unescaped($l->t('Please re-enter a valid email address')); ?></li>
|
<li><?php p($l->t('Please re-enter a valid email address')); ?></li>
|
||||||
</ul>
|
</ul>
|
||||||
<?php else: ?>
|
<?php else: ?>
|
||||||
<ul class="msg">
|
<ul class="msg">
|
||||||
<li><?php print_unescaped($l->t('You will receive an email with a verification link')); ?></li>
|
<li><?php p($l->t('You will receive an email with a verification link')); ?></li>
|
||||||
</ul>
|
</ul>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
<p class="groupofone">
|
<p class="groupofone">
|
||||||
<input type="email" name="email" id="email" placeholder="<?php print_unescaped($l->t('Email')); ?>" value="" required autofocus />
|
<input type="email" name="email" id="email" placeholder="<?php p($l->t('Email')); ?>" value="" required autofocus />
|
||||||
<label for="email" class="infield"><?php print_unescaped($l->t('Email')); ?></label>
|
<label for="email" class="infield"><?php p($l->t('Email')); ?></label>
|
||||||
<img id="email-icon" class="svg" src="<?php print_unescaped(image_path('', 'actions/mail.svg')); ?>" alt=""/>
|
<img id="email-icon" class="svg" src="<?php print_unescaped(image_path('', 'actions/mail.svg')); ?>" alt=""/>
|
||||||
</p>
|
</p>
|
||||||
<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']); ?>" />
|
<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']); ?>" />
|
||||||
<input type="submit" id="submit" value="<?php print_unescaped($l->t('Request verification link')); ?>" />
|
<input type="submit" id="submit" value="<?php p($l->t('Request verification link')); ?>" />
|
||||||
</fieldset>
|
</fieldset>
|
||||||
</form>
|
</form>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue