From f702e689c13f0d7b3d23b773ab95cea13e3f3c18 Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <nukeawhale@gmail.com>
Date: Thu, 6 Sep 2012 03:48:10 +0200
Subject: removed xss vulnerabilities in template code

---
 css/news.css                  | 4 ++--
 lib/foldermapper.php          | 4 ++--
 templates/part.items.php      | 4 ++--
 templates/part.listfeed.php   | 4 ++--
 templates/part.listfolder.php | 6 +-----
 5 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/css/news.css b/css/news.css
index 9d5362af9..5bac8546b 100644
--- a/css/news.css
+++ b/css/news.css
@@ -560,7 +560,7 @@ box-shadow: inset 1px 1px 5px -1px #cccccc;
              */
             .feed_item div.body { 
                 overflow: hidden;
-                padding: .5em 3em 0 3em; 
+                padding: .75em 3em 0 3em; 
                 max-width: 55em;
                 font-size: 1.1em;
                 clear: both;
@@ -624,7 +624,7 @@ box-shadow: inset 1px 1px 5px -1px #cccccc;
                     padding: .5em .5em .5em 1em; 
                     background-color: #dadada; 
                     border: 1px solid #ccc; 
-                    margin: .5em 0;
+                    margin: .5em 0 1em 0;
                     background-image: linear-gradient(top, rgb(215,215,215) 0%, rgb(220,220,220) 100%);
                     background-image: -o-linear-gradient(top, rgb(215,215,215) 0%, rgb(220,220,220) 100%);
                     background-image: -moz-linear-gradient(top, rgb(215,215,215) 0%, rgb(220,220,220) 100%);
diff --git a/lib/foldermapper.php b/lib/foldermapper.php
index eb64fa871..4eb78b119 100644
--- a/lib/foldermapper.php
+++ b/lib/foldermapper.php
@@ -117,7 +117,7 @@ class FolderMapper {
 		$parentid = $folder->getParentId();
 
 		$params=array(
-		htmlspecialchars_decode($name),
+		$name,
 		$parentid,
 		$this->userid
 		);
@@ -137,7 +137,7 @@ class FolderMapper {
 		$query = \OCP\DB::prepare('UPDATE ' . self::tableName 
 			. ' SET name = ? ' . ' WHERE id = ?');
 
-		$params = array(htmlspecialchars_decode($folder->getName()), $folder->getId());
+		$params = array($folder->getName(), $folder->getId());
 		$query->execute($params);
 		return true;
 	}
diff --git a/templates/part.items.php b/templates/part.items.php
index 185fc099b..6d6369ab7 100644
--- a/templates/part.items.php
+++ b/templates/part.items.php
@@ -49,10 +49,10 @@ foreach($items as $item) {
 			echo '</ul>';
 		echo '</div>';
 
-		echo '<h1 class="item_title"><a target="_blank" href="' . $item->getUrl() . '">' . $item->getTitle() . '</a></h1>';	
+		echo '<h1 class="item_title"><a target="_blank" href="' . $item->getUrl() . '">' . htmlspecialchars($item->getTitle(), ENT_QUOTES, 'UTF-8') . '</a></h1>';	
 		
 		if(($item->getAuthor() !== null) && (trim($item->getAuthor()) != '')){
-			echo '<h2 class="item_author">'. $l->t('by') . ' ' . $item->getAuthor() . '</h2>';
+			echo '<h2 class="item_author">'. $l->t('by') . ' ' . htmlspecialchars($item->getAuthor(), ENT_QUOTES, 'UTF-8') . '</h2>';
 		}
 		
 		echo '<div class="body">' . $item->getBody() . '</div>';
diff --git a/templates/part.listfeed.php b/templates/part.listfeed.php
index 04d67a881..cfa49b82d 100644
--- a/templates/part.listfeed.php
+++ b/templates/part.listfeed.php
@@ -9,7 +9,7 @@ if(isset($_['mock'])){
     $favicon = OCP\Util::imagePath('core', 'actions/public.svg');
 } else {
     $feed = isset($_['feed']) ? $_['feed'] : null;
-    $feedTitle = htmlspecialchars_decode($feed->getTitle());
+    $feedTitle = $feed->getTitle();
     $feedId =  $feed->getId();
     $unreadItemsCount = isset($_['unreadItemsCount']) ? $_['unreadItemsCount'] : null;
     $favicon = $feed->getFavicon();
@@ -19,7 +19,7 @@ if(isset($_['mock'])){
 }
 
 echo '<li class="feed" data-id="' . $feedId . '">';
-    echo '<a style="background-image: url(' . $favicon . ');" href="#" class="title">' . $feedTitle .'</a>';
+    echo '<a style="background-image: url(' . $favicon . ');" href="#" class="title">' . htmlspecialchars($feedTitle, ENT_QUOTES, 'UTF-8') .'</a>';
 	echo '<span class="unread_items_counter">' . $unreadItemsCount . '</span>';
     echo '<span class="buttons">';
         echo '<button class="svg action feeds_delete" title="' . $l->t('Delete feed') . '"></button>';
diff --git a/templates/part.listfolder.php b/templates/part.listfolder.php
index 2a1cb6aed..6e8ea6350 100644
--- a/templates/part.listfolder.php
+++ b/templates/part.listfolder.php
@@ -13,14 +13,10 @@ if(isset($_['mock'])){
 
 echo '<li class="folder open all_read" data-id="' . $folderId . '">';
 	echo '<button class="collapsable_trigger" title="' . $l->t('Collapse') . '"></button>';
-	echo '<a href="#" class="title">' . $folderName .	'</a>';
+	echo '<a href="#" class="title">' . htmlspecialchars($folderName, ENT_QUOTES, 'UTF-8') .	'</a>';
 	echo '<span class="buttons">';
 		echo '<button class="svg action feeds_delete" title="' . $l->t('Delete folder') . '"></button>';
 		echo '<button class="svg action feeds_edit" title="' . $l->t('Rename folder') . '"></button>';
 		echo '<button class="svg action feeds_markread" title="' . $l->t('Mark all read') . '"></button>';
 	echo '</span>';
 	echo '<ul data-id="' . $folderId . '">';
-
-if(isset($_['mock'])){
-	echo '</ul>';
-}
\ No newline at end of file
-- 
cgit v1.2.3