diff options
author | Pellaeon Lin <nfsmwlin@gmail.com> | 2019-06-22 12:02:24 +0300 |
---|---|---|
committer | Pellaeon Lin <nfsmwlin@gmail.com> | 2019-06-22 12:02:24 +0300 |
commit | f9f768da5f8b066561beb28e4371575591e9bec9 (patch) | |
tree | 6ff2d8eedd24709ec9b80b0231257c41fb10f217 /templates | |
parent | 8d05f77e9c150c3b0549ae6848a6049a35c53b8d (diff) |
templates: avoid echo, fix potential XSS
Diffstat (limited to 'templates')
-rw-r--r-- | templates/form.php | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/templates/form.php b/templates/form.php index 7b7bd77..e03f3f2 100644 --- a/templates/form.php +++ b/templates/form.php @@ -8,9 +8,9 @@ if ( \OCP\Util::getVersion()[0] >= 12 ) <fieldset> <?php if ( !empty($_['errormsgs']) ) {?> <ul class="error"> - <?php foreach ( $_['errormsgs'] as $errormsg ) { - echo "<li>$errormsg</li>"; - } ?> + <?php foreach ( $_['errormsgs'] as $errormsg ) { ?> + <li><?php p($errormsg); ?></li> + <?php } ?> </ul> <?php } else { ?> <ul class="msg"> @@ -18,13 +18,13 @@ if ( \OCP\Util::getVersion()[0] >= 12 ) </ul> <?php } ?> <p class="grouptop"> - <input type="email" name="email" id="email" value="<?php echo $_['email']; ?>" disabled /> - <label for="email" class="infield"><?php echo $_['email']; ?></label> + <input type="email" name="email" id="email" value="<?php p($_['email']); ?>" disabled /> + <label for="email" class="infield"><?php p($_['email']); ?></label> <img id="email-icon" class="svg" src="<?php print_unescaped(image_path('', 'actions/mail.svg')); ?>" alt=""/> </p> <p class="groupmiddle"> - <input type="text" name="username" id="username" value="<?php echo !empty($_['entered_data']['user']) ? $_['entered_data']['user'] : ''; ?>" placeholder="<?php p($l->t('Username')); ?>" /> + <input type="text" name="username" id="username" value="<?php if (!empty($_['entered_data']['user'])) { p($_['entered_data']['user']); } ?>" placeholder="<?php p($l->t('Username')); ?>" /> <label for="username" class="infield"><?php p($l->t('Username')); ?></label> <img id="username-icon" class="svg" src="<?php print_unescaped(image_path('', 'actions/user.svg')); ?>" alt=""/> </p> |