/**
* @param array $data
* @return string
*/
function getContentHtml($data = array())
{
$this->maxStringLen = $data['maxStringLen'];
$this->startStringLen = $data['startStringLen'];
// if problem exists
if (isset($data['msg'])) {
return '<div class="msg">' . $this->p($data['msg']) . '</div>';
}
$html = '';
$html .= '<table>';
foreach ($data['activities'] as $activity) {
$prioritystyle = 'class="activity-section group"';
if (isset($activity['priority'])) {
$prioritystyle = 'class="activity-section group priority-' . $this->p($activity['priority']);
}
$priority = $this->p($activity['priority']);
$link = $this->p($activity['link']);
$subject = $this->p($activity['subject']);
$sSub = $this->getNiceSmallText($this->p($activity['subject']));
$smallSubject = \OC_Util::sanitizeHTML($sSub);
$time = $this->getRelativeTime($this->p($activity['date']));
$html .= '<tr><td><div ' . $prioritystyle . ' subject"><a class="preview preview-dir-icon" href="' . $link . '" title="' . $subject . '">' . $smallSubject . '</a><br /><span class="hoverInfo" data-opacitynormal="0.5">' . $time . '</span></div></td></tr>';
}
$html .= '</table>';
return $html;
}
function testSanitizeHTML()
{
$badString = "<script>alert('Hacked!');</script>";
$result = OC_Util::sanitizeHTML($badString);
$this->assertEquals("<script>alert('Hacked!');</script>", $result);
$goodString = "This is an harmless string.";
$result = OC_Util::sanitizeHTML($goodString);
$this->assertEquals("This is an harmless string.", $result);
}
function testSanitizeHTML()
{
$badArray = array('While it is unusual to pass an array', 'this function actually <blink>supports</blink> it.', 'And therefore there needs to be a <script>alert("Unit"+\'test\')</script> for it!');
$goodArray = array('While it is unusual to pass an array', 'this function actually <blink>supports</blink> it.', 'And therefore there needs to be a <script>alert("Unit"+'test')</script> for it!');
$result = OC_Util::sanitizeHTML($badArray);
$this->assertEquals($goodArray, $result);
$badString = '<img onload="alert(1)" />';
$result = OC_Util::sanitizeHTML($badString);
$this->assertEquals('<img onload="alert(1)" />', $result);
$badString = "<script>alert('Hacked!');</script>";
$result = OC_Util::sanitizeHTML($badString);
$this->assertEquals('<script>alert('Hacked!');</script>', $result);
$goodString = 'This is a good string without HTML.';
$result = OC_Util::sanitizeHTML($goodString);
$this->assertEquals('This is a good string without HTML.', $result);
}
/**
* reads input data from get/post and converts the date to a special data-type
*
* @param string $method HTTP method to read the key from
* @param string $key Parameter to read
* @param string $type Variable type to format data
* @param string $default Default value to return if the key is not found
* @return string Data or if the key is not found and no default is set it will exit with a 400 Bad request
*/
public static function readData($method, $key, $type = 'raw', $default = null)
{
$data = false;
if ($method == 'get') {
if (isset($_GET[$key])) {
$data = $_GET[$key];
} else {
if (isset($default)) {
return $default;
} else {
$data = false;
}
}
} else {
if ($method == 'post') {
if (isset($_POST[$key])) {
$data = $_POST[$key];
} else {
if (isset($default)) {
return $default;
} else {
$data = false;
}
}
}
}
if ($data === false) {
echo self::generateXml('', 'fail', 400, 'Bad request. Please provide a valid ' . $key);
exit;
} else {
// NOTE: Is the raw type necessary? It might be a little risky without sanitization
if ($type == 'raw') {
return $data;
} elseif ($type == 'text') {
return OC_Util::sanitizeHTML($data);
} elseif ($type == 'int') {
return (int) $data;
} elseif ($type == 'float') {
return (double) $data;
} elseif ($type == 'array') {
return OC_Util::sanitizeHTML($data);
} else {
return OC_Util::sanitizeHTML($data);
}
}
}
/**
* send a message to the client
* @param string $type
* @param mixed $data
*
* if only one parameter is given, a typeless message will be send with that parameter as data
*/
public function send($type, $data = null)
{
if (is_null($data)) {
$data = $type;
$type = null;
}
if ($this->fallback) {
$fallBackId = OC_Util::sanitizeHTML($this->fallBackId);
$response = '<script type="text/javascript">window.parent.OC.EventSource.fallBackCallBack(' . $fallBackId . ',"' . $type . '",' . json_encode($data) . ')</script>' . PHP_EOL;
echo $response;
} else {
if ($type) {
echo 'event: ' . $type . PHP_EOL;
}
echo 'data: ' . json_encode($data) . PHP_EOL;
}
echo PHP_EOL;
flush();
}
<?php
/** @var $l OC_L10N */
?>
<!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->
<form method="post" name="login">
<fieldset>
<?php
if (!empty($_['redirect_url'])) {
print_unescaped('<input type="hidden" name="redirect_url" value="' . OC_Util::sanitizeHTML($_['redirect_url']) . '" />');
}
?>
<?php
if (isset($_['apacheauthfailed']) && $_['apacheauthfailed']) {
?>
<div class="warning">
<?php
p($l->t('Server side authentication failed!'));
?>
<br>
<small><?php
p($l->t('Please contact your administrator.'));
?>
</small>
</div>
<?php
}
?>
<?php
if (isset($_['internalexception']) && $_['internalexception']) {
/**
* Used to sanitize HTML
*
* This function is used to sanitize HTML and should be applied on any
* string or array of strings before displaying it on a web page.
*
* @param string|array $value
* @return string|array an array of sanitized strings or a single sinitized string, depends on the input parameter.
* @since 4.5.0
*/
public static function sanitizeHTML($value)
{
return \OC_Util::sanitizeHTML($value);
}
?>
" class="svg action delete"
title="<?php
p($l->t('Unshare'));
?>
">
</span>
</li>
<?php
}
?>
</ul>
<?php
if (!$eventsharees) {
$nobody = $l->t('Nobody');
print_unescaped('<div id="sharedWithNobody">' . OC_Util::sanitizeHTML($nobody) . '</div>');
}
?>
<br />
<strong><?php
p($l->t('Shared via calendar'));
?>
</strong>
<ul class="sharedby calendarlist">
<?php
foreach ($calsharees as $sharee) {
?>
<li data-share-with="<?php
p($sharee['share_with']);
?>
"
/**
* Process the template
* @return boolean|string
*
* This function process the template. If $this->renderAs is set, it
* will produce a full page.
*/
public function fetchPage()
{
$data = parent::fetchPage();
if ($this->renderAs) {
$page = new OC_TemplateLayout($this->renderAs, $this->app);
// Add custom headers
$headers = '';
foreach (OC_Util::$headers as $header) {
$headers .= '<' . OC_Util::sanitizeHTML($header['tag']);
foreach ($header['attributes'] as $name => $value) {
$headers .= ' ' . OC_Util::sanitizeHTML($name) . '="' . OC_Util::sanitizeHTML($value) . '"';
}
if ($header['text'] !== null) {
$headers .= '>' . OC_Util::sanitizeHTML($header['text']) . '</' . OC_Util::sanitizeHTML($header['tag']) . '>';
} else {
$headers .= '/>';
}
}
$page->assign('headers', $headers);
$page->assign('content', $data);
return $page->fetchPage();
}
return $data;
}
/**
* print error page using Exception details
* @param Exception $exception
*/
public static function printExceptionErrorPage(Exception $exception)
{
$error_msg = $exception->getMessage();
if ($exception->getCode()) {
$error_msg = '[' . $exception->getCode() . '] ' . $error_msg;
}
if (defined('DEBUG') and DEBUG) {
$hint = $exception->getTraceAsString();
if (!empty($hint)) {
$hint = '<pre>' . OC_Util::sanitizeHTML($hint) . '</pre>';
}
while (method_exists($exception, 'previous') && ($exception = $exception->previous())) {
$error_msg .= '<br/>Caused by:' . ' ';
if ($exception->getCode()) {
$code = $exception->getCode();
$error_msg .= '[' . OC_Util::sanitizeHTML($code) . '] ';
}
$message = $exception->getMessage();
$error_msg .= OC_Util::sanitizeHTML($message);
}
} else {
$hint = '';
if ($exception instanceof \OC\HintException) {
$hint = $exception->getHint();
$hint = OC_Util::sanitizeHTML($hint);
}
}
self::printErrorPage($error_msg, $hint);
}
/**
* Copyright (c) 2011, Robin Appelman <*****@*****.**>
* This file is licensed under the Affero General Public License version 3 or later.
* See the COPYING-README file.
*/
require_once '../lib/base.php';
OC_Util::checkAdminUser();
OC_Util::addStyle("settings", "settings");
OC_Util::addScript("settings", "admin");
OC_Util::addScript("settings", "log");
OC_App::setActiveNavigationEntry("admin");
$tmpl = new OC_Template('settings', 'admin', 'user');
$forms = OC_App::getForms('admin');
$htaccessworking = OC_Util::ishtaccessworking();
$entries = OC_Log_Owncloud::getEntries(3);
$entriesremain = count(OC_Log_Owncloud::getEntries(4)) > 3 ? true : false;
function compareEntries($a, $b)
{
return $b->time - $a->time;
}
usort($entries, 'compareEntries');
$tmpl->assign('loglevel', OC_Config::getValue("loglevel", 2));
$tmpl->assign('entries', OC_Util::sanitizeHTML($entries));
$tmpl->assign('entriesremain', $entriesremain);
$tmpl->assign('htaccessworking', $htaccessworking);
$tmpl->assign('forms', array());
foreach ($forms as $form) {
$tmpl->append('forms', $form);
}
$tmpl->printPage();
public static function displayLoginPage($errors = array())
{
$parameters = array();
foreach ($errors as $key => $value) {
$parameters[$value] = true;
}
if (!empty($_POST['user'])) {
$parameters["username"] = OC_Util::sanitizeHTML($_POST['user']) . '"';
$parameters['user_autofocus'] = false;
} else {
$parameters["username"] = '';
$parameters['user_autofocus'] = true;
}
if (isset($_REQUEST['redirect_url'])) {
$redirect_url = OC_Util::sanitizeHTML($_REQUEST['redirect_url']);
} else {
$redirect_url = $_SERVER['REQUEST_URI'];
}
$parameters['redirect_url'] = $redirect_url;
OC_Template::printGuestPage("", "login", $parameters);
}
<div id="calendar_import_newcalform">
<input id="calendar_import_newcalendar_color" class="color-picker" type="hidden" value="<?php
p(substr($calendarcolor, 1));
?>
">
<input id="calendar_import_newcalendar" class="" type="text" placeholder="<?php
p($l->t('Name of new calendar'));
?>
" value="<?php
p($guessedcalendarname);
?>
"><br>
<div id="calendar_import_defaultcolors">
<?php
foreach ($defaultcolors as $color) {
print_unescaped('<span class="calendar-colorpicker-color" rel="' . OC_Util::sanitizeHTML($color) . '" style="background-color: ' . OC_Util::sanitizeHTML($color) . ';"></span>');
}
?>
</div>
<!--<input id="calendar_import_generatename" type="button" class="button" value="<?php
p($l->t('Take an available name!'));
?>
"><br>-->
<div id="calendar_import_mergewarning" class="hint"><?php
p($l->t('A Calendar with this name already exists. If you continue anyhow, these calendars will be merged.'));
?>
</div>
</div>
<input type="checkbox" id="calendar_import_overwrite" value="1">
<label for="calendar_import_overwrite"><?php
p($l->t('Remove all events from the selected calendar'));
<?php
/**
* Copyright (c) 2012, Robin Appelman <*****@*****.**>
* This file is licensed under the Affero General Public License version 3 or later.
* See the COPYING-README file.
*/
OC_JSON::checkAdminUser();
$count = isset($_GET['count']) ? $_GET['count'] : 50;
$offset = isset($_GET['offset']) ? $_GET['offset'] : 0;
$entries = OC_Log_Owncloud::getEntries($count, $offset);
OC_JSON::success(array("data" => OC_Util::sanitizeHTML($entries), "remain" => count(OC_Log_Owncloud::getEntries(1, $offset + $offset)) != 0 ? true : false));
/**
@NoAdminRequired
*
* @return \OCP\AppFramework\Http\JSONResponse
*/
public function exportBookmark()
{
$file = <<<EOT
<!DOCTYPE NETSCAPE-Bookmark-file-1>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
<!-- This is an automatically generated file.
It will be read and overwritten.
Do Not Edit! -->
<TITLE>Bookmarks</TITLE>
<H1>Bookmarks</H1>
<DL><p>
EOT;
$bookmarks = Bookmarks::findBookmarks($this->userId, $this->db, 0, 'id', array(), true, -1);
foreach ($bookmarks as $bm) {
$title = $bm['title'];
if (trim($title) === '') {
$url_parts = parse_url($bm['url']);
$title = isset($url_parts['host']) ? OCA\Bookmarks\Controller\Lib\Helper::getDomainWithoutExt($url_parts['host']) : $bm['url'];
}
$file .= '<DT><A HREF="' . \OC_Util::sanitizeHTML($bm['url']) . '" TAGS="' . implode(',', \OC_Util::sanitizeHTML($bm['tags'])) . '">';
$file .= htmlspecialchars($title, ENT_QUOTES, 'UTF-8') . '</A>';
if ($bm['description']) {
$file .= '<DD>' . htmlspecialchars($bm['description'], ENT_QUOTES, 'UTF-8');
}
$file .= "\n";
}
return new ExportResponse($file);
}
/**
* @brief Assign variables
* @param string $key key
* @param string $value value
* @param bool $sanitizeHTML false, if data shouldn't get passed through htmlentities
* @return bool
*
* This function assigns a variable. It can be accessed via $_[$key] in
* the template.
*
* If the key existed before, it will be overwritten
*/
public function assign($key, $value, $sanitizeHTML = true)
{
if ($sanitizeHTML == true) {
$value = OC_Util::sanitizeHTML($value);
}
$this->vars[$key] = $value;
return true;
}
print_unescaped('<th>' . $l->t('Available for') . '</th>');
}
?>
<th> </th>
<th> </th>
</tr>
</thead>
<tbody>
<?php
$_['mounts'] = array_merge($_['mounts'], array('' => array('id' => '')));
?>
<?php
foreach ($_['mounts'] as $mount) {
?>
<tr <?php
print_unescaped(isset($mount['mountpoint']) ? 'class="' . OC_Util::sanitizeHTML($mount['class']) . '"' : 'id="addMountPoint"');
?>
data-id="<?php
p($mount['id']);
?>
">
<td class="status">
<span></span>
</td>
<td class="mountPoint"><input type="text" name="mountPoint"
value="<?php
p(isset($mount['mountpoint']) ? $mount['mountpoint'] : '');
?>
"
data-mountpoint="<?php
p(isset($mount['mountpoint']) ? $mount['mountpoint'] : '');
<form id="external">
<fieldset class="personalblock">
<legend><strong><?php
p($l->t('External Sites'));
?>
</strong></legend>
<ul class="external_sites">
<?php
$sites = OC_External::getSites();
for ($i = 0; $i < sizeof($sites); $i++) {
print_unescaped('<li><input type="text" name="site_name[]" class="site_name" value="' . OC_Util::sanitizeHTML($sites[$i][0]) . '" placeholder="' . $l->t('Name') . '" />
<input type="text" class="site_url" name="site_url[]" value="' . OC_Util::sanitizeHTML($sites[$i][1]) . '" placeholder="' . $l->t('URL') . '" />
<img class="svg action delete_button" src="' . OCP\image_path("", "actions/delete.svg") . '" title="' . $l->t("Remove site") . '" />
</li>');
}
?>
</ul>
<input type="button" id="add_external_site" value="<?php
p($l->t("Add"));
?>
" />
<span class="msg"></span>
</fieldset>
</form>
<form id="calendar">
<p><b><?php
p($l->t('Your calendars'));
?>
:</b></p>
<table width="100%" style="border: 0;">
<?php
$option_calendars = OC_Calendar_Calendar::allCalendars(OCP\USER::getUser());
for ($i = 0; $i < count($option_calendars); $i++) {
print_unescaped("<tr data-id='" . OC_Util::sanitizeHTML($option_calendars[$i]['id']) . "'>");
$tmpl = new OCP\Template('calendar', 'part.choosecalendar.rowfields');
$tmpl->assign('calendar', $option_calendars[$i]);
if ($option_calendars[$i]['userid'] != OCP\User::getUser()) {
$sharedCalendar = OCP\Share::getItemSharedWithBySource('calendar', $option_calendars[$i]['id']);
$shared = true;
} else {
$shared = false;
}
$tmpl->assign('shared', $shared);
$tmpl->printpage();
print_unescaped("</tr>");
}
?>
<tr>
<td colspan="6">
<input type="button" value="<?php
p($l->t('New Calendar'));
?>
" id="newCalendar">
</td>
</tr>
<?php
// Init owncloud
require_once '../../lib/base.php';
OC_JSON::checkAdminUser();
OCP\JSON::callCheck();
$username = $_POST["username"];
$group = OC_Util::sanitizeHTML($_POST["group"]);
// Toggle group
if (OC_SubAdmin::isSubAdminofGroup($username, $group)) {
OC_SubAdmin::deleteSubAdmin($username, $group);
} else {
OC_SubAdmin::createSubAdmin($username, $group);
}
OC_JSON::success();
function p($string)
{
print OC_Util::sanitizeHTML($string);
}
/**
* @brief Show a specific event in the activities
* @param array $event An array with all the event data in it
*/
public static function show($event)
{
$l = \OC_L10N::get('lib');
$user = $event['user'];
if (!isset($event['isGrouped'])) {
$event['isGrouped'] = false;
}
$formattedDate = \OCP\Util::formatDate($event['timestamp']);
$formattedTimestamp = \OCP\relative_modified_date($event['timestamp']);
$displayName = \OCP\User::getDisplayName($user);
// TODO: move into template?
echo '<div class="box">';
echo '<div class="header">';
echo '<span class="avatar" data-user="******"></span>';
echo '<span>';
echo '<span class="user">' . \OC_Util::sanitizeHTML($displayName) . '</span>';
echo '<span class="activitytime tooltip" title="' . \OC_Util::sanitizeHTML($formattedDate) . '">' . \OC_Util::sanitizeHTML($formattedTimestamp) . '</span>';
echo '<span class="appname">' . \OC_Util::sanitizeHTML($event['app']) . '</span>';
echo '</span>';
echo '</div>';
echo '<div class="messagecontainer">';
if ($event['isGrouped']) {
$count = 0;
echo '<ul class="activitysubject grouped">';
foreach ($event['events'] as $subEvent) {
echo '<li>';
if ($subEvent['link'] != '') {
echo '<a href="' . $subEvent['link'] . '">';
}
echo \OC_Util::sanitizeHTML($subEvent['subject']);
if ($subEvent['link'] != '') {
echo '</a>';
}
echo '</li>';
$count++;
if ($count > 5) {
echo '<li class="more">' . $l->n('%n more...', '%n more...', count($event['events']) - $count) . '</li>';
break;
}
}
echo '</ul>';
} else {
if ($event['link'] != '') {
echo '<a href="' . $event['link'] . '">';
}
echo '<div class="activitysubject">' . \OC_Util::sanitizeHTML($event['subject']) . '</div>';
echo '<div class="activitymessage">' . \OC_Util::sanitizeHTML($event['message']) . '</div>';
}
$rootView = new \OC\Files\View('');
if ($event['file'] !== null) {
$exist = $rootView->file_exists('/' . $user . '/files' . $event['file']);
unset($rootView);
// show a preview image if the file still exists
if ($exist) {
echo '<img class="preview" src="' . \OCP\Util::linkToRoute('core_ajax_preview', array('file' => $event['file'], 'x' => 150, 'y' => 150)) . '" />';
}
}
if (!$event['isGrouped'] && $event['link'] != '') {
echo '</a>';
}
echo '</div>';
// end messagecontainer
echo '</div>';
// end box
}
if (defined("DEBUG") && DEBUG) {
OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
}
$token = md5($_POST["user"] . time() . $_POST['password']);
OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);
OC_User::setMagicInCookie($_POST["user"], $token);
} else {
OC_User::unsetMagicInCookie();
}
OC_Util::redirectToDefaultPage();
} else {
$error = true;
}
// The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
} elseif (isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])) {
if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) {
//OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG);
OC_User::unsetMagicInCookie();
$_REQUEST['redirect_url'] = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '';
OC_Util::redirectToDefaultPage();
} else {
$error = true;
}
}
if (!array_key_exists('sectoken', $_SESSION) || array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE) || substr(OC::$REQUESTEDFILE, -3) == 'php') {
$sectoken = rand(1000000, 9999999);
$_SESSION['sectoken'] = $sectoken;
$redirect_url = isset($_REQUEST['redirect_url']) ? OC_Util::sanitizeHTML($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI'];
OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url));
}
}
<label>
<input class="update" type="checkbox"
<?php
p($sharee['permissions'] & OCP\PERMISSION_UPDATE ? 'checked="checked"' : '');
?>
disabled="disabled">
<?php
p($l->t('can edit'));
?>
</label>
<label>
<input class="share" type="checkbox"
<?php
p($sharee['permissions'] & OCP\PERMISSION_SHARE ? 'checked="checked"' : '');
?>
disabled="disabled">
<?php
p($l->t('can share'));
?>
</label>
</span>
</li>
<?php
}
?>
</ul>
<?php
if (!$calsharees) {
$nobody = $l->t('Not shared with anyone via calendar');
print_unescaped('<div>' . OC_Util::sanitizeHTML($nobody) . '</div>');
}
if ($_['sendmail_is_available']) {
$mail_smtpmode[] = 'sendmail';
}
if ($_['mail_smtpmode'] == 'qmail') {
$mail_smtpmode[] = 'qmail';
}
?>
<div id="app-navigation">
<ul>
<?php
foreach ($_['forms'] as $form) {
if (isset($form['anchor'])) {
$anchor = '#' . $form['anchor'];
$sectionName = $form['section-name'];
print_unescaped(sprintf("<li><a href='%s'>%s</a></li>", OC_Util::sanitizeHTML($anchor), OC_Util::sanitizeHTML($sectionName)));
}
}
?>
</ul>
</div>
<div id="app-content">
<div id="security-warning" class="section">
<h2><?php
p($l->t('Security & setup warnings'));
?>
</h2>
<ul>
<?php
<a class="app<?php
if (!$app['internal']) {
p(' externalapp');
}
?>
"
href="?appid=<?php
p($app['id']);
?>
"><?php
p($app['name']);
?>
</a>
<?php
if (!$app['internal']) {
print_unescaped('<small class="' . OC_Util::sanitizeHTML($app['internalclass']) . ' list">' . OC_Util::sanitizeHTML($app['internallabel']) . '</small>');
}
?>
</li>
<?php
}
?>
</ul>
<div id="rightcontent">
<div class="appinfo">
<h3><strong><span class="name"><?php
p($l->t('Select an App'));
?>
</span></strong><span
class="version"></span><small class="externalapp" style="visibility:hidden;"></small></h3>
<span class="score"></span>
function html_select_options($options, $selected, $params = array())
{
if (!is_array($selected)) {
$selected = array($selected);
}
if (isset($params['combine']) && $params['combine']) {
$options = array_combine($options, $options);
}
$value_name = $label_name = false;
if (isset($params['value'])) {
$value_name = $params['value'];
}
if (isset($params['label'])) {
$label_name = $params['label'];
}
$html = '';
foreach ($options as $value => $label) {
if ($value_name && is_array($label)) {
$value = $label[$value_name];
}
if ($label_name && is_array($label)) {
$label = $label[$label_name];
}
$select = in_array($value, $selected) ? ' selected="selected"' : '';
$html .= '<option value="' . OC_Util::sanitizeHTML($value) . '"' . $select . '>' . OC_Util::sanitizeHTML($label) . '</option>' . "\n";
}
return $html;
}
<div class="ocDashboard calendar items">
<?php
foreach ($additionalparams['activitys'] as $activity) {
print_unescaped("<div class='priority" . $activity['priority'] . " activity-entry'>\n <a href='" . $activity["link"] . "' title='" . $activity['subject'] . "'>" . \OC_Util::sanitizeHTML(getNiceSmallText($activity['subject'])) . "</a><br /><span> " . \OCP\relative_modified_date(date("U", strtotime($activity['date']))) . "</span>\n </div>\n ");
}
?>
</div>
<?php
function getNiceSmallText($string)
{
$maxStringLen = 40;
$startStringLen = 5;
$return = "";
if (strlen($string) >= $maxStringLen) {
$lastCharacter = -1 * ($maxStringLen - $startStringLen);
$return = substr($string, 0, $startStringLen);
$return .= "...";
$return .= substr($string, $lastCharacter);
} else {
$return = $string;
}
return $return;
}
foreach ($_['timezones'] as $timezone) {
$ex = explode('/', $timezone, 2);
//obtain continent,city
if (!isset($ex[1])) {
$ex[1] = $ex[0];
$ex[0] = "Other";
}
if ($continent != $ex[0]) {
if ($continent != "") {
print_unescaped('</optgroup>');
}
print_unescaped('<optgroup label="' . OC_Util::sanitizeHTML($ex[0]) . '">');
}
$city = strtr($ex[1], '_', ' ');
$continent = $ex[0];
print_unescaped('<option value="' . OC_Util::sanitizeHTML($timezone) . '"' . ($_['timezone'] == $timezone ? ' selected="selected"' : '') . '>' . OC_Util::sanitizeHTML($city) . '</option>');
}
?>
</select>
</li>
<li>
<input type="checkbox" name="timezonedetection" id="timezonedetection">
<label for="timezonedetection"><?php
p($l->t('Update timezone automatically'));
?>
</label>
</li>
<li>
<label for="timeformat" class="bold"><?php
p($l->t('Time format'));
?>
?logout=true"><img class="svg" alt="<?php
echo $l->t('Log out');
?>
" title="<?php
echo $l->t('Log out');
echo OC_User::getUser() ? ' (' . OC_User::getUser() . ') ' : '';
?>
" src="<?php
echo image_path('', 'actions/logout.svg');
?>
" /></a>
<form class="searchbox header-right" action="#" method="post">
<input id="searchbox" class="svg" type="search" name="query" value="<?php
if (isset($_POST['query'])) {
echo OC_Util::sanitizeHTML($_POST['query']);
}
?>
" autocomplete="off" x-webkit-speech />
</form>
</div></header>
<nav><div id="navigation">
<ul id="apps" class="svg">
<?php
foreach ($_['navigation'] as $entry) {
?>
<li data-id="<?php
echo $entry['id'];
?>
"><a style="background-image:url(<?php
