/** * @param array $data * @return string */ function getContentHtml($data = array()) { $this->maxStringLen = $data['maxStringLen']; $this->startStringLen = $data['startStringLen']; // if problem exists if (isset($data['msg'])) { return '<div class="msg">' . $this->p($data['msg']) . '</div>'; } $html = ''; $html .= '<table>'; foreach ($data['activities'] as $activity) { $prioritystyle = 'class="activity-section group"'; if (isset($activity['priority'])) { $prioritystyle = 'class="activity-section group priority-' . $this->p($activity['priority']); } $priority = $this->p($activity['priority']); $link = $this->p($activity['link']); $subject = $this->p($activity['subject']); $sSub = $this->getNiceSmallText($this->p($activity['subject'])); $smallSubject = \OC_Util::sanitizeHTML($sSub); $time = $this->getRelativeTime($this->p($activity['date'])); $html .= '<tr><td><div ' . $prioritystyle . ' subject"><a class="preview preview-dir-icon" href="' . $link . '" title="' . $subject . '">' . $smallSubject . '</a><br /><span class="hoverInfo" data-opacitynormal="0.5">' . $time . '</span></div></td></tr>'; } $html .= '</table>'; return $html; }
function testSanitizeHTML() { $badString = "<script>alert('Hacked!');</script>"; $result = OC_Util::sanitizeHTML($badString); $this->assertEquals("<script>alert('Hacked!');</script>", $result); $goodString = "This is an harmless string."; $result = OC_Util::sanitizeHTML($goodString); $this->assertEquals("This is an harmless string.", $result); }
function testSanitizeHTML() { $badArray = array('While it is unusual to pass an array', 'this function actually <blink>supports</blink> it.', 'And therefore there needs to be a <script>alert("Unit"+\'test\')</script> for it!'); $goodArray = array('While it is unusual to pass an array', 'this function actually <blink>supports</blink> it.', 'And therefore there needs to be a <script>alert("Unit"+'test')</script> for it!'); $result = OC_Util::sanitizeHTML($badArray); $this->assertEquals($goodArray, $result); $badString = '<img onload="alert(1)" />'; $result = OC_Util::sanitizeHTML($badString); $this->assertEquals('<img onload="alert(1)" />', $result); $badString = "<script>alert('Hacked!');</script>"; $result = OC_Util::sanitizeHTML($badString); $this->assertEquals('<script>alert('Hacked!');</script>', $result); $goodString = 'This is a good string without HTML.'; $result = OC_Util::sanitizeHTML($goodString); $this->assertEquals('This is a good string without HTML.', $result); }
/** * reads input data from get/post and converts the date to a special data-type * * @param string $method HTTP method to read the key from * @param string $key Parameter to read * @param string $type Variable type to format data * @param string $default Default value to return if the key is not found * @return string Data or if the key is not found and no default is set it will exit with a 400 Bad request */ public static function readData($method, $key, $type = 'raw', $default = null) { $data = false; if ($method == 'get') { if (isset($_GET[$key])) { $data = $_GET[$key]; } else { if (isset($default)) { return $default; } else { $data = false; } } } else { if ($method == 'post') { if (isset($_POST[$key])) { $data = $_POST[$key]; } else { if (isset($default)) { return $default; } else { $data = false; } } } } if ($data === false) { echo self::generateXml('', 'fail', 400, 'Bad request. Please provide a valid ' . $key); exit; } else { // NOTE: Is the raw type necessary? It might be a little risky without sanitization if ($type == 'raw') { return $data; } elseif ($type == 'text') { return OC_Util::sanitizeHTML($data); } elseif ($type == 'int') { return (int) $data; } elseif ($type == 'float') { return (double) $data; } elseif ($type == 'array') { return OC_Util::sanitizeHTML($data); } else { return OC_Util::sanitizeHTML($data); } } }
/** * send a message to the client * @param string $type * @param mixed $data * * if only one parameter is given, a typeless message will be send with that parameter as data */ public function send($type, $data = null) { if (is_null($data)) { $data = $type; $type = null; } if ($this->fallback) { $fallBackId = OC_Util::sanitizeHTML($this->fallBackId); $response = '<script type="text/javascript">window.parent.OC.EventSource.fallBackCallBack(' . $fallBackId . ',"' . $type . '",' . json_encode($data) . ')</script>' . PHP_EOL; echo $response; } else { if ($type) { echo 'event: ' . $type . PHP_EOL; } echo 'data: ' . json_encode($data) . PHP_EOL; } echo PHP_EOL; flush(); }
<?php /** @var $l OC_L10N */ ?> <!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]--> <form method="post" name="login"> <fieldset> <?php if (!empty($_['redirect_url'])) { print_unescaped('<input type="hidden" name="redirect_url" value="' . OC_Util::sanitizeHTML($_['redirect_url']) . '" />'); } ?> <?php if (isset($_['apacheauthfailed']) && $_['apacheauthfailed']) { ?> <div class="warning"> <?php p($l->t('Server side authentication failed!')); ?> <br> <small><?php p($l->t('Please contact your administrator.')); ?> </small> </div> <?php } ?> <?php if (isset($_['internalexception']) && $_['internalexception']) {
/** * Used to sanitize HTML * * This function is used to sanitize HTML and should be applied on any * string or array of strings before displaying it on a web page. * * @param string|array $value * @return string|array an array of sanitized strings or a single sinitized string, depends on the input parameter. * @since 4.5.0 */ public static function sanitizeHTML($value) { return \OC_Util::sanitizeHTML($value); }
?> " class="svg action delete" title="<?php p($l->t('Unshare')); ?> "> </span> </li> <?php } ?> </ul> <?php if (!$eventsharees) { $nobody = $l->t('Nobody'); print_unescaped('<div id="sharedWithNobody">' . OC_Util::sanitizeHTML($nobody) . '</div>'); } ?> <br /> <strong><?php p($l->t('Shared via calendar')); ?> </strong> <ul class="sharedby calendarlist"> <?php foreach ($calsharees as $sharee) { ?> <li data-share-with="<?php p($sharee['share_with']); ?> "
/** * Process the template * @return boolean|string * * This function process the template. If $this->renderAs is set, it * will produce a full page. */ public function fetchPage() { $data = parent::fetchPage(); if ($this->renderAs) { $page = new OC_TemplateLayout($this->renderAs, $this->app); // Add custom headers $headers = ''; foreach (OC_Util::$headers as $header) { $headers .= '<' . OC_Util::sanitizeHTML($header['tag']); foreach ($header['attributes'] as $name => $value) { $headers .= ' ' . OC_Util::sanitizeHTML($name) . '="' . OC_Util::sanitizeHTML($value) . '"'; } if ($header['text'] !== null) { $headers .= '>' . OC_Util::sanitizeHTML($header['text']) . '</' . OC_Util::sanitizeHTML($header['tag']) . '>'; } else { $headers .= '/>'; } } $page->assign('headers', $headers); $page->assign('content', $data); return $page->fetchPage(); } return $data; }
/** * print error page using Exception details * @param Exception $exception */ public static function printExceptionErrorPage(Exception $exception) { $error_msg = $exception->getMessage(); if ($exception->getCode()) { $error_msg = '[' . $exception->getCode() . '] ' . $error_msg; } if (defined('DEBUG') and DEBUG) { $hint = $exception->getTraceAsString(); if (!empty($hint)) { $hint = '<pre>' . OC_Util::sanitizeHTML($hint) . '</pre>'; } while (method_exists($exception, 'previous') && ($exception = $exception->previous())) { $error_msg .= '<br/>Caused by:' . ' '; if ($exception->getCode()) { $code = $exception->getCode(); $error_msg .= '[' . OC_Util::sanitizeHTML($code) . '] '; } $message = $exception->getMessage(); $error_msg .= OC_Util::sanitizeHTML($message); } } else { $hint = ''; if ($exception instanceof \OC\HintException) { $hint = $exception->getHint(); $hint = OC_Util::sanitizeHTML($hint); } } self::printErrorPage($error_msg, $hint); }
/** * Copyright (c) 2011, Robin Appelman <*****@*****.**> * This file is licensed under the Affero General Public License version 3 or later. * See the COPYING-README file. */ require_once '../lib/base.php'; OC_Util::checkAdminUser(); OC_Util::addStyle("settings", "settings"); OC_Util::addScript("settings", "admin"); OC_Util::addScript("settings", "log"); OC_App::setActiveNavigationEntry("admin"); $tmpl = new OC_Template('settings', 'admin', 'user'); $forms = OC_App::getForms('admin'); $htaccessworking = OC_Util::ishtaccessworking(); $entries = OC_Log_Owncloud::getEntries(3); $entriesremain = count(OC_Log_Owncloud::getEntries(4)) > 3 ? true : false; function compareEntries($a, $b) { return $b->time - $a->time; } usort($entries, 'compareEntries'); $tmpl->assign('loglevel', OC_Config::getValue("loglevel", 2)); $tmpl->assign('entries', OC_Util::sanitizeHTML($entries)); $tmpl->assign('entriesremain', $entriesremain); $tmpl->assign('htaccessworking', $htaccessworking); $tmpl->assign('forms', array()); foreach ($forms as $form) { $tmpl->append('forms', $form); } $tmpl->printPage();
public static function displayLoginPage($errors = array()) { $parameters = array(); foreach ($errors as $key => $value) { $parameters[$value] = true; } if (!empty($_POST['user'])) { $parameters["username"] = OC_Util::sanitizeHTML($_POST['user']) . '"'; $parameters['user_autofocus'] = false; } else { $parameters["username"] = ''; $parameters['user_autofocus'] = true; } if (isset($_REQUEST['redirect_url'])) { $redirect_url = OC_Util::sanitizeHTML($_REQUEST['redirect_url']); } else { $redirect_url = $_SERVER['REQUEST_URI']; } $parameters['redirect_url'] = $redirect_url; OC_Template::printGuestPage("", "login", $parameters); }
<div id="calendar_import_newcalform"> <input id="calendar_import_newcalendar_color" class="color-picker" type="hidden" value="<?php p(substr($calendarcolor, 1)); ?> "> <input id="calendar_import_newcalendar" class="" type="text" placeholder="<?php p($l->t('Name of new calendar')); ?> " value="<?php p($guessedcalendarname); ?> "><br> <div id="calendar_import_defaultcolors"> <?php foreach ($defaultcolors as $color) { print_unescaped('<span class="calendar-colorpicker-color" rel="' . OC_Util::sanitizeHTML($color) . '" style="background-color: ' . OC_Util::sanitizeHTML($color) . ';"></span>'); } ?> </div> <!--<input id="calendar_import_generatename" type="button" class="button" value="<?php p($l->t('Take an available name!')); ?> "><br>--> <div id="calendar_import_mergewarning" class="hint"><?php p($l->t('A Calendar with this name already exists. If you continue anyhow, these calendars will be merged.')); ?> </div> </div> <input type="checkbox" id="calendar_import_overwrite" value="1"> <label for="calendar_import_overwrite"><?php p($l->t('Remove all events from the selected calendar'));
<?php /** * Copyright (c) 2012, Robin Appelman <*****@*****.**> * This file is licensed under the Affero General Public License version 3 or later. * See the COPYING-README file. */ OC_JSON::checkAdminUser(); $count = isset($_GET['count']) ? $_GET['count'] : 50; $offset = isset($_GET['offset']) ? $_GET['offset'] : 0; $entries = OC_Log_Owncloud::getEntries($count, $offset); OC_JSON::success(array("data" => OC_Util::sanitizeHTML($entries), "remain" => count(OC_Log_Owncloud::getEntries(1, $offset + $offset)) != 0 ? true : false));
/** @NoAdminRequired * * @return \OCP\AppFramework\Http\JSONResponse */ public function exportBookmark() { $file = <<<EOT <!DOCTYPE NETSCAPE-Bookmark-file-1> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"> <!-- This is an automatically generated file. It will be read and overwritten. Do Not Edit! --> <TITLE>Bookmarks</TITLE> <H1>Bookmarks</H1> <DL><p> EOT; $bookmarks = Bookmarks::findBookmarks($this->userId, $this->db, 0, 'id', array(), true, -1); foreach ($bookmarks as $bm) { $title = $bm['title']; if (trim($title) === '') { $url_parts = parse_url($bm['url']); $title = isset($url_parts['host']) ? OCA\Bookmarks\Controller\Lib\Helper::getDomainWithoutExt($url_parts['host']) : $bm['url']; } $file .= '<DT><A HREF="' . \OC_Util::sanitizeHTML($bm['url']) . '" TAGS="' . implode(',', \OC_Util::sanitizeHTML($bm['tags'])) . '">'; $file .= htmlspecialchars($title, ENT_QUOTES, 'UTF-8') . '</A>'; if ($bm['description']) { $file .= '<DD>' . htmlspecialchars($bm['description'], ENT_QUOTES, 'UTF-8'); } $file .= "\n"; } return new ExportResponse($file); }
/** * @brief Assign variables * @param string $key key * @param string $value value * @param bool $sanitizeHTML false, if data shouldn't get passed through htmlentities * @return bool * * This function assigns a variable. It can be accessed via $_[$key] in * the template. * * If the key existed before, it will be overwritten */ public function assign($key, $value, $sanitizeHTML = true) { if ($sanitizeHTML == true) { $value = OC_Util::sanitizeHTML($value); } $this->vars[$key] = $value; return true; }
print_unescaped('<th>' . $l->t('Available for') . '</th>'); } ?> <th> </th> <th> </th> </tr> </thead> <tbody> <?php $_['mounts'] = array_merge($_['mounts'], array('' => array('id' => ''))); ?> <?php foreach ($_['mounts'] as $mount) { ?> <tr <?php print_unescaped(isset($mount['mountpoint']) ? 'class="' . OC_Util::sanitizeHTML($mount['class']) . '"' : 'id="addMountPoint"'); ?> data-id="<?php p($mount['id']); ?> "> <td class="status"> <span></span> </td> <td class="mountPoint"><input type="text" name="mountPoint" value="<?php p(isset($mount['mountpoint']) ? $mount['mountpoint'] : ''); ?> " data-mountpoint="<?php p(isset($mount['mountpoint']) ? $mount['mountpoint'] : '');
<form id="external"> <fieldset class="personalblock"> <legend><strong><?php p($l->t('External Sites')); ?> </strong></legend> <ul class="external_sites"> <?php $sites = OC_External::getSites(); for ($i = 0; $i < sizeof($sites); $i++) { print_unescaped('<li><input type="text" name="site_name[]" class="site_name" value="' . OC_Util::sanitizeHTML($sites[$i][0]) . '" placeholder="' . $l->t('Name') . '" /> <input type="text" class="site_url" name="site_url[]" value="' . OC_Util::sanitizeHTML($sites[$i][1]) . '" placeholder="' . $l->t('URL') . '" /> <img class="svg action delete_button" src="' . OCP\image_path("", "actions/delete.svg") . '" title="' . $l->t("Remove site") . '" /> </li>'); } ?> </ul> <input type="button" id="add_external_site" value="<?php p($l->t("Add")); ?> " /> <span class="msg"></span> </fieldset> </form>
<form id="calendar"> <p><b><?php p($l->t('Your calendars')); ?> :</b></p> <table width="100%" style="border: 0;"> <?php $option_calendars = OC_Calendar_Calendar::allCalendars(OCP\USER::getUser()); for ($i = 0; $i < count($option_calendars); $i++) { print_unescaped("<tr data-id='" . OC_Util::sanitizeHTML($option_calendars[$i]['id']) . "'>"); $tmpl = new OCP\Template('calendar', 'part.choosecalendar.rowfields'); $tmpl->assign('calendar', $option_calendars[$i]); if ($option_calendars[$i]['userid'] != OCP\User::getUser()) { $sharedCalendar = OCP\Share::getItemSharedWithBySource('calendar', $option_calendars[$i]['id']); $shared = true; } else { $shared = false; } $tmpl->assign('shared', $shared); $tmpl->printpage(); print_unescaped("</tr>"); } ?> <tr> <td colspan="6"> <input type="button" value="<?php p($l->t('New Calendar')); ?> " id="newCalendar"> </td> </tr>
<?php // Init owncloud require_once '../../lib/base.php'; OC_JSON::checkAdminUser(); OCP\JSON::callCheck(); $username = $_POST["username"]; $group = OC_Util::sanitizeHTML($_POST["group"]); // Toggle group if (OC_SubAdmin::isSubAdminofGroup($username, $group)) { OC_SubAdmin::deleteSubAdmin($username, $group); } else { OC_SubAdmin::createSubAdmin($username, $group); } OC_JSON::success();
function p($string) { print OC_Util::sanitizeHTML($string); }
/** * @brief Show a specific event in the activities * @param array $event An array with all the event data in it */ public static function show($event) { $l = \OC_L10N::get('lib'); $user = $event['user']; if (!isset($event['isGrouped'])) { $event['isGrouped'] = false; } $formattedDate = \OCP\Util::formatDate($event['timestamp']); $formattedTimestamp = \OCP\relative_modified_date($event['timestamp']); $displayName = \OCP\User::getDisplayName($user); // TODO: move into template? echo '<div class="box">'; echo '<div class="header">'; echo '<span class="avatar" data-user="******"></span>'; echo '<span>'; echo '<span class="user">' . \OC_Util::sanitizeHTML($displayName) . '</span>'; echo '<span class="activitytime tooltip" title="' . \OC_Util::sanitizeHTML($formattedDate) . '">' . \OC_Util::sanitizeHTML($formattedTimestamp) . '</span>'; echo '<span class="appname">' . \OC_Util::sanitizeHTML($event['app']) . '</span>'; echo '</span>'; echo '</div>'; echo '<div class="messagecontainer">'; if ($event['isGrouped']) { $count = 0; echo '<ul class="activitysubject grouped">'; foreach ($event['events'] as $subEvent) { echo '<li>'; if ($subEvent['link'] != '') { echo '<a href="' . $subEvent['link'] . '">'; } echo \OC_Util::sanitizeHTML($subEvent['subject']); if ($subEvent['link'] != '') { echo '</a>'; } echo '</li>'; $count++; if ($count > 5) { echo '<li class="more">' . $l->n('%n more...', '%n more...', count($event['events']) - $count) . '</li>'; break; } } echo '</ul>'; } else { if ($event['link'] != '') { echo '<a href="' . $event['link'] . '">'; } echo '<div class="activitysubject">' . \OC_Util::sanitizeHTML($event['subject']) . '</div>'; echo '<div class="activitymessage">' . \OC_Util::sanitizeHTML($event['message']) . '</div>'; } $rootView = new \OC\Files\View(''); if ($event['file'] !== null) { $exist = $rootView->file_exists('/' . $user . '/files' . $event['file']); unset($rootView); // show a preview image if the file still exists if ($exist) { echo '<img class="preview" src="' . \OCP\Util::linkToRoute('core_ajax_preview', array('file' => $event['file'], 'x' => 150, 'y' => 150)) . '" />'; } } if (!$event['isGrouped'] && $event['link'] != '') { echo '</a>'; } echo '</div>'; // end messagecontainer echo '</div>'; // end box }
if (defined("DEBUG") && DEBUG) { OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG); } $token = md5($_POST["user"] . time() . $_POST['password']); OC_Preferences::setValue($_POST['user'], 'login', 'token', $token); OC_User::setMagicInCookie($_POST["user"], $token); } else { OC_User::unsetMagicInCookie(); } OC_Util::redirectToDefaultPage(); } else { $error = true; } // The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP } elseif (isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])) { if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) { //OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG); OC_User::unsetMagicInCookie(); $_REQUEST['redirect_url'] = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : ''; OC_Util::redirectToDefaultPage(); } else { $error = true; } } if (!array_key_exists('sectoken', $_SESSION) || array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE) || substr(OC::$REQUESTEDFILE, -3) == 'php') { $sectoken = rand(1000000, 9999999); $_SESSION['sectoken'] = $sectoken; $redirect_url = isset($_REQUEST['redirect_url']) ? OC_Util::sanitizeHTML($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI']; OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url)); } }
<label> <input class="update" type="checkbox" <?php p($sharee['permissions'] & OCP\PERMISSION_UPDATE ? 'checked="checked"' : ''); ?> disabled="disabled"> <?php p($l->t('can edit')); ?> </label> <label> <input class="share" type="checkbox" <?php p($sharee['permissions'] & OCP\PERMISSION_SHARE ? 'checked="checked"' : ''); ?> disabled="disabled"> <?php p($l->t('can share')); ?> </label> </span> </li> <?php } ?> </ul> <?php if (!$calsharees) { $nobody = $l->t('Not shared with anyone via calendar'); print_unescaped('<div>' . OC_Util::sanitizeHTML($nobody) . '</div>'); }
if ($_['sendmail_is_available']) { $mail_smtpmode[] = 'sendmail'; } if ($_['mail_smtpmode'] == 'qmail') { $mail_smtpmode[] = 'qmail'; } ?> <div id="app-navigation"> <ul> <?php foreach ($_['forms'] as $form) { if (isset($form['anchor'])) { $anchor = '#' . $form['anchor']; $sectionName = $form['section-name']; print_unescaped(sprintf("<li><a href='%s'>%s</a></li>", OC_Util::sanitizeHTML($anchor), OC_Util::sanitizeHTML($sectionName))); } } ?> </ul> </div> <div id="app-content"> <div id="security-warning" class="section"> <h2><?php p($l->t('Security & setup warnings')); ?> </h2> <ul> <?php
<a class="app<?php if (!$app['internal']) { p(' externalapp'); } ?> " href="?appid=<?php p($app['id']); ?> "><?php p($app['name']); ?> </a> <?php if (!$app['internal']) { print_unescaped('<small class="' . OC_Util::sanitizeHTML($app['internalclass']) . ' list">' . OC_Util::sanitizeHTML($app['internallabel']) . '</small>'); } ?> </li> <?php } ?> </ul> <div id="rightcontent"> <div class="appinfo"> <h3><strong><span class="name"><?php p($l->t('Select an App')); ?> </span></strong><span class="version"></span><small class="externalapp" style="visibility:hidden;"></small></h3> <span class="score"></span>
function html_select_options($options, $selected, $params = array()) { if (!is_array($selected)) { $selected = array($selected); } if (isset($params['combine']) && $params['combine']) { $options = array_combine($options, $options); } $value_name = $label_name = false; if (isset($params['value'])) { $value_name = $params['value']; } if (isset($params['label'])) { $label_name = $params['label']; } $html = ''; foreach ($options as $value => $label) { if ($value_name && is_array($label)) { $value = $label[$value_name]; } if ($label_name && is_array($label)) { $label = $label[$label_name]; } $select = in_array($value, $selected) ? ' selected="selected"' : ''; $html .= '<option value="' . OC_Util::sanitizeHTML($value) . '"' . $select . '>' . OC_Util::sanitizeHTML($label) . '</option>' . "\n"; } return $html; }
<div class="ocDashboard calendar items"> <?php foreach ($additionalparams['activitys'] as $activity) { print_unescaped("<div class='priority" . $activity['priority'] . " activity-entry'>\n <a href='" . $activity["link"] . "' title='" . $activity['subject'] . "'>" . \OC_Util::sanitizeHTML(getNiceSmallText($activity['subject'])) . "</a><br /><span> " . \OCP\relative_modified_date(date("U", strtotime($activity['date']))) . "</span>\n </div>\n "); } ?> </div> <?php function getNiceSmallText($string) { $maxStringLen = 40; $startStringLen = 5; $return = ""; if (strlen($string) >= $maxStringLen) { $lastCharacter = -1 * ($maxStringLen - $startStringLen); $return = substr($string, 0, $startStringLen); $return .= "..."; $return .= substr($string, $lastCharacter); } else { $return = $string; } return $return; }
foreach ($_['timezones'] as $timezone) { $ex = explode('/', $timezone, 2); //obtain continent,city if (!isset($ex[1])) { $ex[1] = $ex[0]; $ex[0] = "Other"; } if ($continent != $ex[0]) { if ($continent != "") { print_unescaped('</optgroup>'); } print_unescaped('<optgroup label="' . OC_Util::sanitizeHTML($ex[0]) . '">'); } $city = strtr($ex[1], '_', ' '); $continent = $ex[0]; print_unescaped('<option value="' . OC_Util::sanitizeHTML($timezone) . '"' . ($_['timezone'] == $timezone ? ' selected="selected"' : '') . '>' . OC_Util::sanitizeHTML($city) . '</option>'); } ?> </select> </li> <li> <input type="checkbox" name="timezonedetection" id="timezonedetection"> <label for="timezonedetection"><?php p($l->t('Update timezone automatically')); ?> </label> </li> <li> <label for="timeformat" class="bold"><?php p($l->t('Time format'));
?> ?logout=true"><img class="svg" alt="<?php echo $l->t('Log out'); ?> " title="<?php echo $l->t('Log out'); echo OC_User::getUser() ? ' (' . OC_User::getUser() . ') ' : ''; ?> " src="<?php echo image_path('', 'actions/logout.svg'); ?> " /></a> <form class="searchbox header-right" action="#" method="post"> <input id="searchbox" class="svg" type="search" name="query" value="<?php if (isset($_POST['query'])) { echo OC_Util::sanitizeHTML($_POST['query']); } ?> " autocomplete="off" x-webkit-speech /> </form> </div></header> <nav><div id="navigation"> <ul id="apps" class="svg"> <?php foreach ($_['navigation'] as $entry) { ?> <li data-id="<?php echo $entry['id']; ?> "><a style="background-image:url(<?php