DigitaleAgentur___ALT
/
registration
5
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

templates: avoid echo, fix potential XSS

This commit is contained in:
Pellaeon Lin 2019-06-22 09:02:24 +00:00
parent 8d05f77e9c
commit f9f768da5f
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
templates/form.php
View File

@ -8,9 +8,9 @@ if ( \OCP\Util::getVersion()[0] >= 12 )
<fieldset>
<?php if ( !empty($_['errormsgs']) ) {?>
<ul class="error">
<?php foreach ( $_['errormsgs'] as $errormsg ) {
echo "<li>$errormsg</li>";
} ?>
<?php foreach ( $_['errormsgs'] as $errormsg ) { ?>
<li><?php p($errormsg); ?></li>
<?php } ?>
</ul>
<?php } else { ?>
<ul class="msg">
@ -18,13 +18,13 @@ if ( \OCP\Util::getVersion()[0] >= 12 )
</ul>
<?php } ?>
<p class="grouptop">
<input type="email" name="email" id="email" value="<?php echo $_['email']; ?>" disabled />
<label for="email" class="infield"><?php echo $_['email']; ?></label>
<input type="email" name="email" id="email" value="<?php p($_['email']); ?>" disabled />
<label for="email" class="infield"><?php p($_['email']); ?></label>
<img id="email-icon" class="svg" src="<?php print_unescaped(image_path('', 'actions/mail.svg')); ?>" alt=""/>
</p>
<p class="groupmiddle">
<input type="text" name="username" id="username" value="<?php echo !empty($_['entered_data']['user']) ? $_['entered_data']['user'] : ''; ?>" placeholder="<?php p($l->t('Username')); ?>" />
<input type="text" name="username" id="username" value="<?php if (!empty($_['entered_data']['user'])) { p($_['entered_data']['user']); } ?>" placeholder="<?php p($l->t('Username')); ?>" />
<label for="username" class="infield"><?php p($l->t('Username')); ?></label>
<img id="username-icon" class="svg" src="<?php print_unescaped(image_path('', 'actions/user.svg')); ?>" alt=""/>
</p>