diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2012-08-21 19:56:20 +0400 |
---|---|---|
committer | Lukas Reschke <lukas@statuscode.ch> | 2012-08-21 19:56:20 +0400 |
commit | 5afdfec91dc90f7648adf532e2320b93277b2f5b (patch) | |
tree | e7d41e55ed74d4011203432590a449c01a9f26cd | |
parent | 2051a5db5dd4e0530437a33a448f5592342dff65 (diff) |
Sanitizing the user input to prevent a reflected XSS. Thanks to Nico Golde (ngolde.de)
-rw-r--r-- | apps/gallery/templates/index.php | 76 |
1 files changed, 38 insertions, 38 deletions
diff --git a/apps/gallery/templates/index.php b/apps/gallery/templates/index.php index e30052fafa3..a41bf3c47ba 100644 --- a/apps/gallery/templates/index.php +++ b/apps/gallery/templates/index.php @@ -14,7 +14,7 @@ div.visible { opacity: 0.8;} </style> <script type="text/javascript"> -var root = "<?php echo $root; ?>"; +var root = "<?php echo htmlentities($root); ?>"; function explode(element) { $('div', element).each(function(index, elem) { @@ -83,56 +83,56 @@ $tl = new \OC\Pictures\TilesLine(); $ts = new \OC\Pictures\TileStack(array(), ''); $previous_element = @$images[0]; -$root_images = array();
-$second_level_images = array();
-
+$root_images = array(); +$second_level_images = array(); + $fallback_images = array(); // if the folder only cotains subfolders with images -> these are taken for the stack preview for($i = 0; $i < count($images); $i++) { $prev_dir_arr = explode('/', $previous_element); $dir_arr = explode('/', $images[$i]); - if(count($dir_arr) == 1) { // getting the images in this directory
- $root_images[] = $root.$images[$i];
- } else {
- if(strcmp($prev_dir_arr[0], $dir_arr[0]) != 0) { // if we entered a new directory
- if(count($second_level_images) == 0) { // if we don't have images in this directory
- if(count($fallback_images) != 0) { // but have fallback_images
- $tl->addTile(new \OC\Pictures\TileStack($fallback_images, $prev_dir_arr[0]));
- $fallback_images = array();
- }
- } else { // if we collected images for this directory
- $tl->addTile(new \OC\Pictures\TileStack($second_level_images, $prev_dir_arr[0]));
- $fallback_images = array();
- $second_level_images = array();
- }
- }
- if (count($dir_arr) == 2) { // These are the pics in our current subdir
- $second_level_images[] = $root.$images[$i];
- $fallback_images = array();
- } else { // These are images from the deeper directories
- if(count($second_level_images) == 0) {
- $fallback_images[] = $root.$images[$i];
- }
- }
- // have us a little something to compare against
- $previous_element = $images[$i];
+ if(count($dir_arr) == 1) { // getting the images in this directory + $root_images[] = $root.$images[$i]; + } else { + if(strcmp($prev_dir_arr[0], $dir_arr[0]) != 0) { // if we entered a new directory + if(count($second_level_images) == 0) { // if we don't have images in this directory + if(count($fallback_images) != 0) { // but have fallback_images + $tl->addTile(new \OC\Pictures\TileStack($fallback_images, $prev_dir_arr[0])); + $fallback_images = array(); + } + } else { // if we collected images for this directory + $tl->addTile(new \OC\Pictures\TileStack($second_level_images, $prev_dir_arr[0])); + $fallback_images = array(); + $second_level_images = array(); + } + } + if (count($dir_arr) == 2) { // These are the pics in our current subdir + $second_level_images[] = $root.$images[$i]; + $fallback_images = array(); + } else { // These are images from the deeper directories + if(count($second_level_images) == 0) { + $fallback_images[] = $root.$images[$i]; + } + } + // have us a little something to compare against + $previous_element = $images[$i]; } } -// if last element in the directory was a directory we don't want to miss it :)
-if(count($second_level_images)>0) {
- $tl->addTile(new \OC\Pictures\TileStack($second_level_images, $prev_dir_arr[0]));
+// if last element in the directory was a directory we don't want to miss it :) +if(count($second_level_images)>0) { + $tl->addTile(new \OC\Pictures\TileStack($second_level_images, $prev_dir_arr[0])); } -// if last element in the directory was a directory with no second_level_images we also don't want to miss it ...
-if(count($fallback_images)>0) {
- $tl->addTile(new \OC\Pictures\TileStack($fallback_images, $prev_dir_arr[0]));
+// if last element in the directory was a directory with no second_level_images we also don't want to miss it ... +if(count($fallback_images)>0) { + $tl->addTile(new \OC\Pictures\TileStack($fallback_images, $prev_dir_arr[0])); } -// and finally our images actually stored in the root folder
-for($i = 0; $i<count($root_images); $i++) {
- $tl->addTile(new \OC\Pictures\TileSingle($root_images[$i]));
+// and finally our images actually stored in the root folder +for($i = 0; $i<count($root_images); $i++) { + $tl->addTile(new \OC\Pictures\TileSingle($root_images[$i])); } echo $tl->get(); |